Privacy Policy

1. How We Collect and Use Your Data

1.1. Terms

In this Privacy and Personal Data Protection Policy (hereinafter referred to as the Policy), any references to “Legarithm”, “we”, “us”, and “our” refer to Legarithm OÜ, a limited liability company registered under the laws of Estonia with registration number 16490037, and located at Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-215, 10152.

In the context of this Policy, personal data refers to information relating to an identified or identifiable natural person.

An identifiable person is a natural person who can be identified, directly or indirectly, by reference to one or more factors such as name, identification number, location information, or other unique characteristics related to physical, physiological, psychological, genetic, economic, cultural, or social identity.

1.2. Data Processing Principles

Legarithm is a leading law firm that values its reputation, so we pay special attention to protecting the personal data of our clients and ensuring full compliance with relevant laws, regulations, and ethical standards, including the EU Regulation 2016/679 (GDPR), providing maximum protection of its integrity and confidentiality. Our main principles of personal data processing include: transparency, confidentiality, legality, fairness, data minimization, accuracy, purpose limitation, confidentiality, and security of your data.

This means that we clearly express how, why, and for what purposes we collect and use your data, ensuring that all processing is carried out in lawful grounds; that we only gather information that is necessary, accurate, and up-to-date for our legitimate purposes; that your information is stored in a secure and protected manner and not retained any longer than necessary; and that we stored only so long as is necessary for the achievement of the defined purposes, after which it will be securely deleted or anonymized. We also take all necessary measures to protect your data from unauthorized access, use, or disclosure, ensuring the confidentiality and integrity of your personal information.

Personal data processing is carried out based on your consent, except where required by applicable law or international standards and norms.

Your consent may be withdrawn at any time.

The use of your personal information without consent is possible only in exceptional cases such as:

• Actions according to the contract of which you are a party;
• Fulfilling our legal obligations;
• Protection of your or another person’s vital interests, or only if such interests do not contradict your interests or fundamental rights and freedoms that require the protection of personal data;
• Protection of public interests or when exercising public authority;
• Ensuring compliance with legal requirements, including verifying your identity.

1.3. Company Status

In connection with the described actions related to personal data processing, Legarithm acts as the data controller, meaning that we determine the purposes and means of processing your personal data in accordance with personal data protection laws, including the EU Regulation 2016/679 (GDPR), which regulates the protection of natural persons regarding the processing of their personal data and the free movement of such data.

1.4. Purpose of the Policy

The purpose of this Policy is to provide you with clear, transparent, and complete information about the processing of your personal data and the methods applied by Legarithm on the datio controller.

We do not collect information that is not necessary for achieving the purposes outlined in this policy. Your personal data may be processed for a number of reasons, which include but are not limited to: when you access or interact with our website; when you use your data to perform internal tasks such as testing, data analysis, research, and surveys to improve the website’s functionality and ensure the best user experience. This also includes effective content rendering on our Service. We may also use your personal information to verify your identity and send you or the information, marketing, or anything you requested or that we developed on our website. If you have given your consent, we may use these measures, including sending to events, conferences, or legal-news analysis.

1.5. Scope of the Policy

This Policy applies to all personal data processing activities carried out within the activities of Legarithm. It covers, among other things, the management and maintenance of our website, the processing of requests sent through the feedback form, quote requests, or online chat on the website, as well as newsletters, one information materials, distribution, legal advice. Additionally, it covers support for Legarithm staff, interactions with clients, service providers, and business partners, as well as the management of enquiry courses organized by Legarithm.

1.6. Changes to this Policy

This Policy may be amended over time due to updates in legislation or changes in our business activities. We recommend you periodically check this page to familiarize yourself with the current version of the Policy. In case of any changes, we will notify you regarding the date of the Policy update.

1.7. Links to External Sites

Our site may contain links to platforms and other websites that Legarithm does not control. Legarithm is not responsible for your data being stored or used on such third-party websites. We recommend that you review the privacy policy of each third-party site that you visit through our website for full information on how your personal data may be used and how it is handled.

2. General Provisions Applicable to All Personal Data Processing Operations Performed by Legarithm

2.1. Data Minimization

The forms on the website limit the collection of personal data to only those that are explicitly necessary and specify the purposes for which the data is collected. In all cases, the data required is quantum. Please note that the information marked is symbols, such as an asterisk (*), is mandatory for the proper processing and response to your questions or services requests. We will respond to your requests and provide you with the necessary services. Other information is optional and allows us to better process your request and improve the quality of services provided.

2.2. Transfer of Your Data to Third Parties

We do not transfer your personal data to third parties for direct marketing purposes.

Your data may be transferred to technical service providers chosen based on their experience and reliability, who act on our behalf and according to our instructions. These may include IT subcontractors, hosting providers, server suppliers, etc. We allow these providers to use your personal data only to the extent necessary for providing services on our behalf or for fulfilling legal requirements. We also enter into data protection agreements (DPAs) with our providers to ensure the security of your data.

We use external platforms such as Google Analytics, Google Tag Manager (Google LLC, USA), Meta Platforms (formerly known as Facebook Inc., Entreprise Sergey Brin/Larry, operating under the trademark “Hotjar” (Ukraine), Facebook Inc. (USA). For our clients from the EU, and, Note entered into agreements with those providers to ensure the proper level of personal data protection.

Legarithm may disclose your information to third parties only if required by law, government decree, or court decision, or if such disclosure is necessary for the protection of our rights.

2.3. Data Security

Legarithm is committed to protecting your personal data from potential destruction, distortion, unauthorized access, or disclosure. To achieve this, Legarithm takes appropriate technical and organizational measures, taking into account the nature of the data and the risks associated with their processing, to ensure the security and confidentiality of your personal data, including preventing its unauthorized access and illegal use. These include implementing protection measures at both the organizational and technical level, whose rules require processing such data, as well as contractual guarantees that we enter into with service providers in case of data transfer. Furthermore, we regularly conduct reviews and impact assessments regarding data confidentiality. We also continuously review our privacy policies and practices to ensure their compliance with the best data security standards.