1. Our approach to privacy
1.2 Clio operates a cloud-based legal practice management solution available via our websites (our “Websites”) including at clio.com and mobile application as well as other products and services that we make available (the “Clio Service”).
2. Personal information we collect about you and how we use it
2.1 Information you give to us. We collect personal information about you when you voluntarily submit information directly to us by filling in forms on our Website or by corresponding with us by phone, email or other means. This includes information you provide when you register to use our Website, subscribe to the Clio Service, participate in any discussion boards, forums or other social media functions on our site or enter a competition, promotion or survey and when you report a problem with our Website, or use some other feature of the Clio Service as available from time to time.
2.2 If you choose not to provide personal information, we may not be able to provide the Clio Service to you or respond to your other requests.
2.3 Information we receive from other sources. We may receive personal information about you from individuals or corporate entities which are subscribers to the Clio Service (“Subscribers“) where you are to be designated a user of the Clio Service. We may receive personal information about you if you use any of the other websites we operate or the other services we provide from time to time. We also work closely with third parties (including, for example, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them, subject to your agreements with them.
2.4 The table at Annex 1 sets out the categories of personal information you provide to us and that we receive from other sources and how we use that information. The table also lists the legal basis which we rely on to process the personal information and information as to how we determine applicable retention periods.
2.5 We also automatically collect personal information about you indirectly about how you access and use the Clio Service and information about the device you use to access the Clio Service.
2.6 The table at Annex 2 sets out the categories of personal information we collect about you automatically and how we use that information. The table also lists the legal basis which we rely on to process the personal information and information as to how we determine applicable retention periods.
2.7 We may link or combine the personal information we collect and/or receive about you and the information we collect automatically. This allows us to provide you with a personalized experience regardless of how you interact with us.
2.8 We may anonymize and aggregate any of the personal information we collect (so that it does not identify you). We may use anonymized information for purposes that include testing our IT systems, research, data analysis, improving the Clio Service and developing new products and features. We may also share such anonymized information with others.
3. Disclosure of your personal information
- Business partners, vendors, suppliers, and subcontractors who perform services on our behalf (these companies are authorized to use your personal information only as necessary to provide these services to us);
- Analytics and search engine providers that assist us in the improvement and optimization of our Website;
- Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you;
- Payment processors for the purpose of fulfilling relevant payment transactions;
3.2 In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet law enforcement requirements.
We may disclose personal information in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of service and other agreements; or to protect the rights, property, or safety of Clio, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
3.3 Publicly accessible blogs. Our Website includes publicly accessible blogs or community forums. Any information you provide in these areas may be read, collected and used by others who access them. This includes information posted on our public social media accounts. To request removal of your personal information from our blog or community forum, contact us at [email protected]. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.
3.4 Testimonials. With consent, we may display personal testimonials of satisfied customers on our site, along with other endorsements. If you wish to update or delete your testimonial, you can contact us at [email protected].
3.5 We may disclose personal information to third parties in connection with a business transaction. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Website of any change in ownership that impacts the use of your personal information, as well as any choices you may have regarding your personal information.
4. Marketing and advertising
4.1 From time to time we may contact you with relevant information about the Clio Service and our other products and services. Most messages will be sent electronically. For some messages, we may use personal information we collect about you to help us determine the most relevant information to share with you.
4.2 If you do not want to receive such messages from us, you will be able to tell us by selecting certain boxes on forms we use when we first collect your contact details. You can also change your marketing preferences at any time by accessing the subscription center at clio.com/subscription-center/ or by following the unsubscribe link at the bottom of our emails.
5. Storing and transferring your personal information
5.1 Security. Clio has implemented administrative, technical, and physical safeguards to protect its and its customers’ information. For further information on Clio’s security controls and practices, please refer to our Security & Reliability page (https://www.clio.com/security/). Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Service, you are responsible for keeping this password confidential. Subscribers should not share their password with anyone.
5.2 While no transmission of information via the internet is completely secure, we take reasonable measures to protect your personal information. We cannot guarantee the security of your personal information transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
5.3 International Transfers of your Personal Information. The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the European Union (“EU“) or the United Kingdom (“UK”), or Australia, your personal information may be processed outside of the EU, or Australia, including in the United States; these international transfers of your personal information are made pursuant to appropriate safeguards, and, we will take suitable steps to ensure that your personal data is treated just as safely and securely as it would be within the EU and under the General Data Protection Regulation (“GDPR”) or the UK General Data Protection Regulation (“UK GDPR”) or the Privacy Act 1988 (Cth) (“Australian Privacy Act”). Such measures shall include, but are not limited to, having Data Processing Agreements / Standard Contract Clauses with applicable subprocessors / third-parties and ensuring that such subprocessors / third-parties have adequate security and data protection procedures in place aligned with the GDPR or the Australian Privacy Act or any other applicable data protection law. For a list of relevant subprocessors / third-parties, please see Themis Authorized Subprocessors (https://www.clio.com/tos/subprocessors).
If you wish to inquire further about these safeguards used, please contact us using the details set out at the end of this policy.
6. Retaining your information
6.1 We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of our legitimate business interests and satisfying any legal or reporting requirements.
6.2 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal requirements.
7. Referral program
7.1 We operate a referral program for our Service; you may choose to provide us with names and email addresses of individuals who you feel would be interested in learning more about our products and services in exchange for rewards. We will store the contact details in order to track the success of our referral service. The referred individual may request that their contact details be removed from our database and they may also contact us at any time at [email protected] to make the request.
8. Your rights in respect of your personal information
8.1 In accordance with applicable privacy law, you have the following rights in respect of your personal information that we hold:
- Right of access and portability. The right to obtain access to your personal information along with certain information, and to receive that personal information in a commonly used format and to have it ported to another data controller.
- Right to rectification. The right to obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete.
- Right to erasure. The right to obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
- Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you or the sale of your personal information for a period enabling us to verify the accuracy of that personal information.
- Right to object. The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to the processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.
- Right to non-discrimination. The right to non-discrimination for exercising your rights as outlined in this policy. This includes, but is not limited to, denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.
8.2 If you wish to exercise any of these rights, you may do so by clicking the following link. Upon request, we will provide you with information about whether we hold any of your personal information. We may request that you verify your identity prior to transferring personal information. You may also access, correct or request deletion of your personal information by logging into your Clio Service account. We will respond to your request within 30 days.
8.3 Clio does not sell personal information shared by you. Clio has not sold personal information shared by you in the 12 months preceding the modification date for this policy. All use of personal information is done for the delivery, use, and improvement of the Service, as listed in 3.1.
8.4 If you reside in the EU or UK, Clio is the controller of your personal information for purposes of EU or UK data protection legislation. You also have the right to lodge a complaint to your local data protection authority. Information about how to contact your local data protection authority is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents may lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/data-protection-complaints/.
If you reside in Australia, Clio is responsible for protecting your personal information pursuant to the Australian Privacy Act. If you are concerned about the way in which we are managing your personal information and think we may have breached the Australian Privacy Principles, please contact us using the contact details set out below at clause 14.2. Complaints must be lodged in writing. If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved satisfactorily, you can contact us to discuss your concerns. You are also entitled to make a complaint to the Office of the Australian Information Commissioner (“OAIC”). Contact details for the OAIC can be found at the OAIC’s website: www.oaic.gov.au.
9. Cookies and similar technologies
9.2 We use the following types of cookies:
- Strictly necessary cookies. These cookies are required for the essential operation of our Service such as to authenticate you and prevent fraudulent use.
- Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our Service when they are using it. This helps us to improve the way our Service works, for example, by ensuring that you can find information easily.
- Functionality cookies. These cookies are used to recognize you when you return to our Service. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our Service, the pages you have visited and the links you have followed. We will use this information to make our Service and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
9.4 We partner with third parties to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on this Website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used to serve you interest-based ads, you may opt-out by visiting the following consumer choice mechanisms:
- Network Advertising Initiative (NAI) self-regulatory opt-out page
- Digital Advertising Alliance (DAA) self-regulatory opt-out page and mobile application-based “AppChoices” download page
- European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page
Please note this does not opt you out of being served ads. You will continue to receive generic ads.
9.5 You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including strictly necessary cookies) you may not be able to access all or parts of our site.
10. Links to third party sites
10.1 The Clio Service may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those websites.
10.2 Some of the pages on our Website may utilize framing techniques to serve content to/from our partners while preserving the look and feel of our Website. Please be aware that you are providing your personal information to these third parties and not to Clio.
11. Our policy towards children
12. Changes to this policy
13. Notice to you
14. Contacting us
14.1 If you are based in the EU, our EU representative is Themis Solutions (Ireland) Limited, a limited company registered in Ireland with company number 533767 and with its registered office at Arthur Cox Building, Earlsfort Terrace, Dublin 2.
Themis Solutions (Australia) Pty Ltd DBA Clio
300-4611 Canada Way
Burnaby, BC, Canada
14.3 If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at feedback-form.truste.com/watchdog/request.
Annex 1 – Personal information we collect
|Category of personal information||How we use it||Legal basis for the processing||CCPA Categorization||Previous 12-month disclosures|
|Contact information and basic personal details. Such as your name, phone number, address, location, IP address, e-mail address and where applicable, professional details such as your bar membership number.||We use this information to communicate with you, including sending statements, news, alerts and marketing communications.||The processing is necessary for our legitimate interests, namely for marketing purposes, and for communicating with you effectively and responding to your queries.||Identifiers||Yes|
|We use this information to deal with inquiries and other requests made by or about you, including customer service issues, relating to the Clio Service.
Such communications may include direct mailing.
|We use this information to operate, maintain and provide to you the features and functionality of the Clio Service.||The processing is necessary for the performance of a contract and to take steps prior to entering into a contract (namely our Terms of Service).
The processing is necessary for the fulfillment of legal requirements, including the verification of identity of customers.
|Email account username and password.||Where you have chosen to import contacts from your Outlook or other email account address book to invite them to become members of our Website, we collect the username and password for the email account you wish to import your contacts from.||The processing is necessary for the performance of a contract and to take steps prior to entering into a contract (namely our Terms of Service).||Identifiers||Yes for email account username|
|Correspondence and comments. When you contact us directly, e.g. by email, phone, mail, or when you interact with customer service, we will record your comments and opinions.||To address your questions, issues, and concerns and resolve your customer service issues.||The processing is necessary for our legitimate interests, namely communicating with you effectively for the purposes of resolving your issues.||Audio, electronic, visual, thermal, olfactory, or similar information||Yes|
Details such as your credit card or other financial information including credit scores obtained from credit reference agencies.
|We use this information to facilitate payment through or for use of the Clio Service, to assess your credit score and to detect and prevent fraud.||The processing for assessing your credit score and facilitating payment is necessary for the performance of our contract (namely our Terms of Service).
The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.
|Personal Information (as defined by California Customer Records Statute)||Yes|
|Recruiting details. Contact information and basic personal details (as set out above); professional details and employment information such as resume, references, LinkedIn profile.||We use this information to facilitate recruiting.||The processing is necessary for our legitimate interests, namely assessing your suitability for a role with Clio.||Employment / Education Information||Yes|
|All personal information set out above.||We will use all the personal information we collect to operate, maintain and provide to you the features and functionality of the Clio Service, to monitor and improve the Clio Service, our Website and business, for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to keep the Website safe and secure and to help us develop new products and services.||The processing is necessary for our legitimate interest, namely to administer and improve the Clio Service, our business and develop new services.||Commercial information||Yes|
Annex 2 – Personal information collected automatically
|Category of personal information||How we use it||Legal basis for the processing||CCPA Categorization||Previous 12-month disclosures|
|Information about how you access and use the Clio Service. For example, the website from which you came and the website to which you are going when you leave our Website, your social media profiles, how frequently you access the Clio Service, the time you access the Clio Service and how long you use it for, whether you open emails or click the links contained in emails, whether you access the Clio Service from multiple devices, and other actions you take on the Clio Service. We also gather information, which may include Internet protocol (IP) addresses,\ browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.||We use this information to:
||The processing is necessary for our legitimate interests, namely: to conduct relevant analysis to improve the Clio Service generally and for marketing purposes.||Geolocation information, Inferences about personal preferences and attributes drawn from profiling, Internet activity||Yes|
|Information about your device. We also collect information about the computer, tablet, smartphone or other electronic devices you use to connect to the Clio Service. This information can include details about the type of device, unique device identifying numbers, operating systems, browsers, and applications connected to the Clio Service through the device, your Internet service provider or mobile network, your IP address.||We use this information to:
We use this information to monitor and improve the Clio Service and business and to help us develop new products and services.
|The processing is necessary for the performance of a contract and (namely our Terms of Service).
The processing is necessary for our legitimate interests, namely: to tailor the Clio Service to the user and to improve the Clio Service generally.
|Internet or other electronic network activity information||Yes|