Security Measures
Security Measures
Security Measures
Security Measures
Last updated 31 January 2025
1
Legora is an AI platform with enterprise security
1
Legora is an AI platform with enterprise security
1
Legora is an AI platform with enterprise security
This document describes the technical and organizational security measures and controls implemented by Legora to protect Personal Data and ensure the ongoing confidentiality, integrity and availability of Legora’s products and services. More details on the measures we implement are available upon request. Legora reserves the right to revise these technical and organizational measures at any time, without notice, so long as any such revisions will not materially reduce or weaken the protection provided for Personal Data that Legora processes in providing its products and services.
This document describes the technical and organizational security measures and controls implemented by Legora to protect Personal Data and ensure the ongoing confidentiality, integrity and availability of Legora’s products and services. More details on the measures we implement are available upon request. Legora reserves the right to revise these technical and organizational measures at any time, without notice, so long as any such revisions will not materially reduce or weaken the protection provided for Personal Data that Legora processes in providing its products and services.
This document describes the technical and organizational security measures and controls implemented by Legora to protect Personal Data and ensure the ongoing confidentiality, integrity and availability of Legora’s products and services. More details on the measures we implement are available upon request. Legora reserves the right to revise these technical and organizational measures at any time, without notice, so long as any such revisions will not materially reduce or weaken the protection provided for Personal Data that Legora processes in providing its products and services.
2
How Legora works
2
How Legora works
2
How Legora works
The Legora AI Platform is legal AI workspace which comprise a cloud service accessible via a web interface through a browser and/or desktop app (or, if specifically agreed in the Order Form, APIs offered by Legora), plug-ins, add-ins to other software and any ancillary documentation and modules provided by Legora and its Affiliates. The Legora AI Platform is used for streamlining legal work on top of public legal information and the Subscriber’s own documents. The platform is an all-in-one solution for teams to work with legal inquiries and simplify legal workflows seamlessly.
The Legora AI Platform is legal AI workspace which comprise a cloud service accessible via a web interface through a browser and/or desktop app (or, if specifically agreed in the Order Form, APIs offered by Legora), plug-ins, add-ins to other software and any ancillary documentation and modules provided by Legora and its Affiliates. The Legora AI Platform is used for streamlining legal work on top of public legal information and the Subscriber’s own documents. The platform is an all-in-one solution for teams to work with legal inquiries and simplify legal workflows seamlessly.
The Legora AI Platform is legal AI workspace which comprise a cloud service accessible via a web interface through a browser and/or desktop app (or, if specifically agreed in the Order Form, APIs offered by Legora), plug-ins, add-ins to other software and any ancillary documentation and modules provided by Legora and its Affiliates. The Legora AI Platform is used for streamlining legal work on top of public legal information and the Subscriber’s own documents. The platform is an all-in-one solution for teams to work with legal inquiries and simplify legal workflows seamlessly.
3
Sub-processors
3
Sub-processors
3
Sub-processors
Legora engages carefully vetted sub-processors for specific purposes. For a list of sub-processors, please see Appendix B Pre-approved Sub-processors.
Legora engages carefully vetted sub-processors for specific purposes. For a list of sub-processors, please see Appendix B Pre-approved Sub-processors.
Legora engages carefully vetted sub-processors for specific purposes. For a list of sub-processors, please see Appendix B Pre-approved Sub-processors.
4
Business continuity management
4
Business continuity management
4
Business continuity management
Data backup is one of the pillars of Legora’s IT continuity plan. Trained personnel manage and follow up on backup execution to ensure the integrity, confidentiality, and accuracy of the backup data. Backups are performed every 4 hours.
Another pillar is the IT and management processes and routines that would be carried out if a serious incident occurs. Legora continually works on keeping processes and routines updated. The continuity plan is tested at intervals based on regular risk assessments.
Legora has a high degree of digitization, and all the services and tools are digitally accessible using Google Accounts’ SAML-based Federated SSO. As a result, most employees can continue to work from other locations even if Legora’s offices are closed or not accessible due to an extreme event.
Data backup is one of the pillars of Legora’s IT continuity plan. Trained personnel manage and follow up on backup execution to ensure the integrity, confidentiality, and accuracy of the backup data. Backups are performed every 4 hours.
Another pillar is the IT and management processes and routines that would be carried out if a serious incident occurs. Legora continually works on keeping processes and routines updated. The continuity plan is tested at intervals based on regular risk assessments.
Legora has a high degree of digitization, and all the services and tools are digitally accessible using Google Accounts’ SAML-based Federated SSO. As a result, most employees can continue to work from other locations even if Legora’s offices are closed or not accessible due to an extreme event.
Data backup is one of the pillars of Legora’s IT continuity plan. Trained personnel manage and follow up on backup execution to ensure the integrity, confidentiality, and accuracy of the backup data. Backups are performed every 4 hours.
Another pillar is the IT and management processes and routines that would be carried out if a serious incident occurs. Legora continually works on keeping processes and routines updated. The continuity plan is tested at intervals based on regular risk assessments.
Legora has a high degree of digitization, and all the services and tools are digitally accessible using Google Accounts’ SAML-based Federated SSO. As a result, most employees can continue to work from other locations even if Legora’s offices are closed or not accessible due to an extreme event.
5
Supplier relationship management
5
Supplier relationship management
5
Supplier relationship management
Legora ensures that identified security requirements are met by external suppliers during the procurement process. A contract with a chosen supplier addresses the demands on the supplier's IT environment and information security measures. The supplier shall present and account for their technology, routines, and processes as well as IT and information security policies. Legora conducts regular control of suppliers' access rights and other aspects of the agreement with the supplier. Suppliers agree to carry out assignments in compliance with the provisions specified in applicable laws and regulations in the countries where the assignments are performed.
Legora ensures that identified security requirements are met by external suppliers during the procurement process. A contract with a chosen supplier addresses the demands on the supplier's IT environment and information security measures. The supplier shall present and account for their technology, routines, and processes as well as IT and information security policies. Legora conducts regular control of suppliers' access rights and other aspects of the agreement with the supplier. Suppliers agree to carry out assignments in compliance with the provisions specified in applicable laws and regulations in the countries where the assignments are performed.
Legora ensures that identified security requirements are met by external suppliers during the procurement process. A contract with a chosen supplier addresses the demands on the supplier's IT environment and information security measures. The supplier shall present and account for their technology, routines, and processes as well as IT and information security policies. Legora conducts regular control of suppliers' access rights and other aspects of the agreement with the supplier. Suppliers agree to carry out assignments in compliance with the provisions specified in applicable laws and regulations in the countries where the assignments are performed.
6
Information security management
6
Information security management
6
Information security management
Legora uses an Information Security Management System (ISMS) certified under ISO/IEC 27001:2022 as the basis for all security measures, Legora is audited against the standard on a yearly basis. The ISO/IEC 27001 standard provides guidelines and general principles for planning, implementing, maintaining, and improving information security in an organization.
Legora uses an Information Security Management System (ISMS) certified under ISO/IEC 27001:2022 as the basis for all security measures, Legora is audited against the standard on a yearly basis. The ISO/IEC 27001 standard provides guidelines and general principles for planning, implementing, maintaining, and improving information security in an organization.
Legora uses an Information Security Management System (ISMS) certified under ISO/IEC 27001:2022 as the basis for all security measures, Legora is audited against the standard on a yearly basis. The ISO/IEC 27001 standard provides guidelines and general principles for planning, implementing, maintaining, and improving information security in an organization.
7
System access control
7
System access control
7
System access control
Measures that prevent unauthorized persons from using IT systems and processes:
a) When provisioning access, Legora adheres to the principle of least privilege and role-based permissions — meaning our employees are only authorized to access data that they reasonably must handle in order to fulfil their job responsibilities.
b) Legora utilizes multi-factor authentication for access to systems with highly confidential data, including our production environment which houses Personal Data.
Measures that prevent unauthorized persons from using IT systems and processes:
a) When provisioning access, Legora adheres to the principle of least privilege and role-based permissions — meaning our employees are only authorized to access data that they reasonably must handle in order to fulfil their job responsibilities.
b) Legora utilizes multi-factor authentication for access to systems with highly confidential data, including our production environment which houses Personal Data.
Measures that prevent unauthorized persons from using IT systems and processes:
a) When provisioning access, Legora adheres to the principle of least privilege and role-based permissions — meaning our employees are only authorized to access data that they reasonably must handle in order to fulfil their job responsibilities.
b) Legora utilizes multi-factor authentication for access to systems with highly confidential data, including our production environment which houses Personal Data.
8
Physical access control
8
Physical access control
8
Physical access control
Measures to prevent physical access of unauthorized persons to IT systems that handle Personal Data:
a) Legora partners with industry-leading data center and cloud infrastructure providers. Access to all data centers is strictly controlled. All data centers are equipped with 24x7x365 surveillance and biometric access control systems.
b) Data centers are equipped with at least N+1 redundancy for power, networking, and cooling infrastructure.
c) Legora replicates data across separate, physically independent, and highly secure Microsoft Azure locations, ensuring high availability, and protection from local failures such as power outages and fires.
d) Measures to prevent physical access of unauthorized persons to physical office locations:
e) Legora ensures that only authorized persons can access physical office locations through comprehensive access management consisting of redundant key-card access points. This is done by third-party office providers.
f) Legora ensures effective and immediate onboarding and offboarding of employees, contractors, and third parties, including the security training of said personnel and immediate return and / or destruction of sensitive documents and access cards upon termination
Measures to prevent physical access of unauthorized persons to IT systems that handle Personal Data:
a) Legora partners with industry-leading data center and cloud infrastructure providers. Access to all data centers is strictly controlled. All data centers are equipped with 24x7x365 surveillance and biometric access control systems.
b) Data centers are equipped with at least N+1 redundancy for power, networking, and cooling infrastructure.
c) Legora replicates data across separate, physically independent, and highly secure Microsoft Azure locations, ensuring high availability, and protection from local failures such as power outages and fires.
d) Measures to prevent physical access of unauthorized persons to physical office locations:
e) Legora ensures that only authorized persons can access physical office locations through comprehensive access management consisting of redundant key-card access points. This is done by third-party office providers.
f) Legora ensures effective and immediate onboarding and offboarding of employees, contractors, and third parties, including the security training of said personnel and immediate return and / or destruction of sensitive documents and access cards upon termination
Measures to prevent physical access of unauthorized persons to IT systems that handle Personal Data:
a) Legora partners with industry-leading data center and cloud infrastructure providers. Access to all data centers is strictly controlled. All data centers are equipped with 24x7x365 surveillance and biometric access control systems.
b) Data centers are equipped with at least N+1 redundancy for power, networking, and cooling infrastructure.
c) Legora replicates data across separate, physically independent, and highly secure Microsoft Azure locations, ensuring high availability, and protection from local failures such as power outages and fires.
d) Measures to prevent physical access of unauthorized persons to physical office locations:
e) Legora ensures that only authorized persons can access physical office locations through comprehensive access management consisting of redundant key-card access points. This is done by third-party office providers.
f) Legora ensures effective and immediate onboarding and offboarding of employees, contractors, and third parties, including the security training of said personnel and immediate return and / or destruction of sensitive documents and access cards upon termination
9
Data access control
9
Data access control
9
Data access control
Measures to ensure that persons authorized to use Legora have access only to the Personal Data pursuant to their access rights:
a) Legora enforces password complexity to match OWASP password recommendations to ensure strong passwords are used.
b) Recovery of lost passwords is done by requesting a signed link to the user’s email account — no passwords are sent in plain text over email, chat, phone, or any other communication method.
c) Legora ensures passwords are hashed (and salted) securely using bcrypt according to best practices, and upon the Subscriber’s request, requires single sign-on (SSO) powered by SAML 2.0, for secure user authentication.
d) Legora uses best-practice tools for vulnerability scanning, malicious activity detection, and blocks suspicious behavior automatically.
e) Legora utilizes firewalls to segregate unwanted traffic from entering the network and keeps internal systems in separate subnetworks with no outside access.
Measures to ensure that persons authorized to use Legora have access only to the Personal Data pursuant to their access rights:
a) Legora enforces password complexity to match OWASP password recommendations to ensure strong passwords are used.
b) Recovery of lost passwords is done by requesting a signed link to the user’s email account — no passwords are sent in plain text over email, chat, phone, or any other communication method.
c) Legora ensures passwords are hashed (and salted) securely using bcrypt according to best practices, and upon the Subscriber’s request, requires single sign-on (SSO) powered by SAML 2.0, for secure user authentication.
d) Legora uses best-practice tools for vulnerability scanning, malicious activity detection, and blocks suspicious behavior automatically.
e) Legora utilizes firewalls to segregate unwanted traffic from entering the network and keeps internal systems in separate subnetworks with no outside access.
Measures to ensure that persons authorized to use Legora have access only to the Personal Data pursuant to their access rights:
a) Legora enforces password complexity to match OWASP password recommendations to ensure strong passwords are used.
b) Recovery of lost passwords is done by requesting a signed link to the user’s email account — no passwords are sent in plain text over email, chat, phone, or any other communication method.
c) Legora ensures passwords are hashed (and salted) securely using bcrypt according to best practices, and upon the Subscriber’s request, requires single sign-on (SSO) powered by SAML 2.0, for secure user authentication.
d) Legora uses best-practice tools for vulnerability scanning, malicious activity detection, and blocks suspicious behavior automatically.
e) Legora utilizes firewalls to segregate unwanted traffic from entering the network and keeps internal systems in separate subnetworks with no outside access.
10
Transmission access control
10
Transmission access control
10
Transmission access control
Measures to ensure that Personal Data cannot be read, copied, altered, or deleted by unauthorized persons during electronic transmission or during transport or storage on data media and that those areas can be controlled and identified where transmission of Personal Data is to be done via data transmission systems:
a) The Subscriber data at rest is encrypted with AES-256 or other algorithms with the same encryption strengths, and data in transit is encrypted with at least TLS 1.2.
b) Legora is alerted to encryption issues through periodic risk assessments and
c) third-party penetration tests. Legora performs third-party penetration tests on an annual basis, or as needed due to changes in the business.
d) We also sign the data to ensure its integrity; An IT security and data flow diagram can be found in Appendix C.1: IT Security and data flow diagram.
Measures to ensure that Personal Data cannot be read, copied, altered, or deleted by unauthorized persons during electronic transmission or during transport or storage on data media and that those areas can be controlled and identified where transmission of Personal Data is to be done via data transmission systems:
a) The Subscriber data at rest is encrypted with AES-256 or other algorithms with the same encryption strengths, and data in transit is encrypted with at least TLS 1.2.
b) Legora is alerted to encryption issues through periodic risk assessments and
c) third-party penetration tests. Legora performs third-party penetration tests on an annual basis, or as needed due to changes in the business.
d) We also sign the data to ensure its integrity; An IT security and data flow diagram can be found in Appendix C.1: IT Security and data flow diagram.
Measures to ensure that Personal Data cannot be read, copied, altered, or deleted by unauthorized persons during electronic transmission or during transport or storage on data media and that those areas can be controlled and identified where transmission of Personal Data is to be done via data transmission systems:
a) The Subscriber data at rest is encrypted with AES-256 or other algorithms with the same encryption strengths, and data in transit is encrypted with at least TLS 1.2.
b) Legora is alerted to encryption issues through periodic risk assessments and
c) third-party penetration tests. Legora performs third-party penetration tests on an annual basis, or as needed due to changes in the business.
d) We also sign the data to ensure its integrity; An IT security and data flow diagram can be found in Appendix C.1: IT Security and data flow diagram.
11
Entry control
11
Entry control
11
Entry control
Measures to ensure that it can be subsequently reviewed and determined if and from whom Personal Data was entered, altered, or deleted in the IT system:
a) Systems are monitored for security events to ensure quick resolution.
b) Logs are centrally stored and indexed. Critical logs, such as security logs, are retained for at least 12 months. Logs can be traced back to individual unique usernames with timestamps to investigate nonconformities or security events.
Measures to ensure that it can be subsequently reviewed and determined if and from whom Personal Data was entered, altered, or deleted in the IT system:
a) Systems are monitored for security events to ensure quick resolution.
b) Logs are centrally stored and indexed. Critical logs, such as security logs, are retained for at least 12 months. Logs can be traced back to individual unique usernames with timestamps to investigate nonconformities or security events.
Measures to ensure that it can be subsequently reviewed and determined if and from whom Personal Data was entered, altered, or deleted in the IT system:
a) Systems are monitored for security events to ensure quick resolution.
b) Logs are centrally stored and indexed. Critical logs, such as security logs, are retained for at least 12 months. Logs can be traced back to individual unique usernames with timestamps to investigate nonconformities or security events.
12
Availability control
12
Availability control
12
Availability control
Measures to ensure that Personal Data are protected against accidental destruction or loss:
a) Legora saves a full backup copy of production data every 4 hours to ensure rapid recovery in the event of a large-scale disaster. Incremental/point-in-time recovery is available for all primary databases. Backups are encrypted-in-transit and at rest using strong encryption.
b) Legora’s patch management process ensures that systems are patched in time according to threat level. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure is patched consistently.
c) When necessary, Legora patches infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities to ensure system uptime is preserved.
d) The Subscriber environments are logically separated at all times. The Subscriber is not able to access accounts other than those given authorization credentials.
Measures to ensure that Personal Data are protected against accidental destruction or loss:
a) Legora saves a full backup copy of production data every 4 hours to ensure rapid recovery in the event of a large-scale disaster. Incremental/point-in-time recovery is available for all primary databases. Backups are encrypted-in-transit and at rest using strong encryption.
b) Legora’s patch management process ensures that systems are patched in time according to threat level. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure is patched consistently.
c) When necessary, Legora patches infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities to ensure system uptime is preserved.
d) The Subscriber environments are logically separated at all times. The Subscriber is not able to access accounts other than those given authorization credentials.
Measures to ensure that Personal Data are protected against accidental destruction or loss:
a) Legora saves a full backup copy of production data every 4 hours to ensure rapid recovery in the event of a large-scale disaster. Incremental/point-in-time recovery is available for all primary databases. Backups are encrypted-in-transit and at rest using strong encryption.
b) Legora’s patch management process ensures that systems are patched in time according to threat level. Monitoring, alerting, and routine vulnerability scanning occurs to ensure that all product infrastructure is patched consistently.
c) When necessary, Legora patches infrastructure in an expedited manner in response to the disclosure of critical vulnerabilities to ensure system uptime is preserved.
d) The Subscriber environments are logically separated at all times. The Subscriber is not able to access accounts other than those given authorization credentials.
13
Separation control
13
Separation control
13
Separation control
Measures to ensure that Personal Data collected for different purposes can be processed separately:
a) Legora employs different data processing systems for different purposes. These systems are architecturally (logical and physically) separated. All systems require valid authorization to be accessed.
b) To ensure against the unintentional amalgamation of data, Legora separates development, testing, staging, and production environments.
Measures to ensure that Personal Data collected for different purposes can be processed separately:
a) Legora employs different data processing systems for different purposes. These systems are architecturally (logical and physically) separated. All systems require valid authorization to be accessed.
b) To ensure against the unintentional amalgamation of data, Legora separates development, testing, staging, and production environments.
Measures to ensure that Personal Data collected for different purposes can be processed separately:
a) Legora employs different data processing systems for different purposes. These systems are architecturally (logical and physically) separated. All systems require valid authorization to be accessed.
b) To ensure against the unintentional amalgamation of data, Legora separates development, testing, staging, and production environments.
14
Risk management
14
Risk management
14
Risk management
Measures to ensure appropriate risk management include but are not limited to:
a) Legora conducts periodic reviews and assessments of risks, monitoring and maintaining compliance with Legora’s policies and procedures.
b) Legora ensures periodic, effective reporting of information security conditions and compliance to senior internal management.
c) Legora hosts periodic security risk management training, including but not limited to data protection for all employees, including an initial onboarding training for new employees to review and ensure compliance with up-to-date security risk management procedures and policies.
d) Legora maintains a central IT policy covering guidelines for Internet usage.
Measures to ensure appropriate risk management include but are not limited to:
a) Legora conducts periodic reviews and assessments of risks, monitoring and maintaining compliance with Legora’s policies and procedures.
b) Legora ensures periodic, effective reporting of information security conditions and compliance to senior internal management.
c) Legora hosts periodic security risk management training, including but not limited to data protection for all employees, including an initial onboarding training for new employees to review and ensure compliance with up-to-date security risk management procedures and policies.
d) Legora maintains a central IT policy covering guidelines for Internet usage.
Measures to ensure appropriate risk management include but are not limited to:
a) Legora conducts periodic reviews and assessments of risks, monitoring and maintaining compliance with Legora’s policies and procedures.
b) Legora ensures periodic, effective reporting of information security conditions and compliance to senior internal management.
c) Legora hosts periodic security risk management training, including but not limited to data protection for all employees, including an initial onboarding training for new employees to review and ensure compliance with up-to-date security risk management procedures and policies.
d) Legora maintains a central IT policy covering guidelines for Internet usage.
15
Operations security
15
Operations security
15
Operations security
Measures to ensure that the appropriate operations security safeguarding against malicious code in place include but are not limited to:
a) Legora has different systems and methods to protect the IT infrastructure against malicious code, including various antivirus scanners, spam filters, security updates, and training.
b) Legora uses active monitoring to ensure that antivirus scanners and spam filters are active and updated.
c) Legora actively installs the latest security updates on systems and applications to minimize the risk for exploitation of vulnerabilities.
Measures to ensure that the appropriate operations security safeguarding email in place include but are not limited to:
a) Legora utilizes Google’s world-class email security to protect all inbound and outbound emails from malware.
b) Legora leverages Google’s email spam filtering services to guard against spam, virus, and phishing attacks.
c) Employees of Legora immediately notify staff of email identified as infected or harmful and ensure that the email sender is blocked and quarantined. The verification and assessment of whether an email is malicious or not is automated and based on the rules but rather based on the competency of each Legora employee — educated on a periodic basis to identify harmful emails.
Measures to ensure that the appropriate operations security safeguarding against malicious code in place include but are not limited to:
a) Legora has different systems and methods to protect the IT infrastructure against malicious code, including various antivirus scanners, spam filters, security updates, and training.
b) Legora uses active monitoring to ensure that antivirus scanners and spam filters are active and updated.
c) Legora actively installs the latest security updates on systems and applications to minimize the risk for exploitation of vulnerabilities.
Measures to ensure that the appropriate operations security safeguarding email in place include but are not limited to:
a) Legora utilizes Google’s world-class email security to protect all inbound and outbound emails from malware.
b) Legora leverages Google’s email spam filtering services to guard against spam, virus, and phishing attacks.
c) Employees of Legora immediately notify staff of email identified as infected or harmful and ensure that the email sender is blocked and quarantined. The verification and assessment of whether an email is malicious or not is automated and based on the rules but rather based on the competency of each Legora employee — educated on a periodic basis to identify harmful emails.
Measures to ensure that the appropriate operations security safeguarding against malicious code in place include but are not limited to:
a) Legora has different systems and methods to protect the IT infrastructure against malicious code, including various antivirus scanners, spam filters, security updates, and training.
b) Legora uses active monitoring to ensure that antivirus scanners and spam filters are active and updated.
c) Legora actively installs the latest security updates on systems and applications to minimize the risk for exploitation of vulnerabilities.
Measures to ensure that the appropriate operations security safeguarding email in place include but are not limited to:
a) Legora utilizes Google’s world-class email security to protect all inbound and outbound emails from malware.
b) Legora leverages Google’s email spam filtering services to guard against spam, virus, and phishing attacks.
c) Employees of Legora immediately notify staff of email identified as infected or harmful and ensure that the email sender is blocked and quarantined. The verification and assessment of whether an email is malicious or not is automated and based on the rules but rather based on the competency of each Legora employee — educated on a periodic basis to identify harmful emails.
16
Security regarding personnel
16
Security regarding personnel
16
Security regarding personnel
Measure to ensure that Legora’s personnel comply with applicable laws and regulations, and ensuring that personnel abides by the relevant terms and conditions of supplier and customer agreements:
a) Legora’s personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Legora conducts reasonably appropriate background checks in relation to the employee’s role to the extent legally permissible.
b) Personnel is required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Legora’s confidentiality and privacy policies. Personnel is provided with security training. Legora’s personnel will not process customer data without authorization.
Measure to ensure that Legora’s personnel comply with applicable laws and regulations, and ensuring that personnel abides by the relevant terms and conditions of supplier and customer agreements:
a) Legora’s personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Legora conducts reasonably appropriate background checks in relation to the employee’s role to the extent legally permissible.
b) Personnel is required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Legora’s confidentiality and privacy policies. Personnel is provided with security training. Legora’s personnel will not process customer data without authorization.
Measure to ensure that Legora’s personnel comply with applicable laws and regulations, and ensuring that personnel abides by the relevant terms and conditions of supplier and customer agreements:
a) Legora’s personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Legora conducts reasonably appropriate background checks in relation to the employee’s role to the extent legally permissible.
b) Personnel is required to execute a confidentiality agreement and must acknowledge receipt of, and compliance with, Legora’s confidentiality and privacy policies. Personnel is provided with security training. Legora’s personnel will not process customer data without authorization.
17
Retention of personal data
17
Retention of personal data
17
Retention of personal data
During the term of the DPA, the Personal Data processed by Legora will be subject to the retention requirements instructed from time to time by the Subscriber. After the termination or expiration of the DPA, Clause 11 of the DPA shall apply.
During the term of the DPA, the Personal Data processed by Legora will be subject to the retention requirements instructed from time to time by the Subscriber. After the termination or expiration of the DPA, Clause 11 of the DPA shall apply.
During the term of the DPA, the Personal Data processed by Legora will be subject to the retention requirements instructed from time to time by the Subscriber. After the termination or expiration of the DPA, Clause 11 of the DPA shall apply.