EU-US Data Privacy Framework and the UK Extension to the DPF - Privacy Statement
LAST UPDATED: October 12, 2023
Rocket Lawyer Incorporated ("Rocket Lawyer" or "us" or "we") participates in the EU-US Data Privacy Framework (DPF) and the UK Extension to the DPF as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the United Kingdom or the European Union member countries. This DPF Privacy Statement explains how we receive and handle Personal Information from UK or EU data subjects ("you") in reliance on the DPF.
We have certified that we adhere to the DPF Privacy Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability with regard to all Personal Information received from the UK or the EU in reliance on the DPF and the UK Extension to the DPF. If there is any conflict between the terms in this policy and the DPF Privacy Principles, the DPF Privacy Principles will govern. To learn more about the DPF and the UK Extension to the DPF and to view our certification, visit here.
1. Types of Personal Information Collected
Rocket Lawyer collects information that, alone or in combination with other data, could be used to identify you (Personal Information), such as your email address, name, physical address, telephone number, or employment information. If you make a purchase from Rocket Lawyer, we will collect and store your billing and credit card information. Rocket Lawyer may also collect anonymous demographic information which is not unique to you, such as your postal code, age, gender, preferences, interests and favourites (Non-Personal Information). Non-Personal Information is not linked to your Personal Information (for example, your IP address).
Rocket Lawyer will collect your Personal Information in a number of ways, including when you contact us through the Website, by telephone, post, e-mail or through the other means set out below.
Information you provide when you register for an account
When you register for a Rocket Lawyer account, you voluntarily give us certain Personal Information, including your:
- name and email address.
- billing information, if you make a purchase or pay subscription fees. This is required to complete a commercial transaction on the Website.
Other information we collect
We also collect this Personal Information as you use the Website:
- User Content. This consists of all text, documents, content or information uploaded, entered, or otherwise transmitted by you in connection with your use of the Website.
Please keep in mind that if you directly disclose Personal Information through the Website's public message boards, this information will be available for anyone on the internet to review and see.
Automatically collected information
When you visit our Website, we automatically collect information about your computer hardware and software such as your IP address, browser type, domain names, access times, operating system, cookie information, referring website addresses, pages visited, links clicked, text entered, mouse movements, and Internet Service Provider. We analyse and use this information to better understand how our users use the service, to maintain and improve our service, and in some cases, to publicly disclose aggregated statistics regarding our services.
Social media single sign-on
You may be able to log in to our Website using sign-in services such as Facebook Connect. These services will authenticate your identity and provide you the option to share certain Personal Information with us, such as your name and e-mail address, together with other information from your public profile.
2. Use of your Personal Information (Purposes of Collection)
Rocket Lawyer collects and uses your Personal Information as necessary to perform our contract with you and for our legitimate business interests, including to:
- operate the Website and deliver the services.
- communicate with you about the services you use, as well as respond to requests for assistance, including account verification support if you're having difficulty accessing your account. Rocket Lawyer will send a welcome email following registration to all registered users. We also periodically send service updates to registered users.
- display user content associated with your account and make sure it is available to you when you use our services.
- understand and improve how our users use and interact with our services.
- publicly disclose aggregated statistics regarding our users' use of our services.
When you register with us and set up an account to receive our services, the legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. When we process any payment made by you, we process your Personal Information to prevent or detect fraud, including fraudulent payments and fraudulent use of the Website. The legal basis for this processing is compliance with our legal obligations. With your consent, we will send you direct marketing emails from our third party partners.
3. Disclosure of your Personal Information
We will only disclose Personal Information to third parties:
- when we use vendors, lawyers and service providers to assist us in meeting business or operating needs, such as providing legal services, hosting our Website, communicating with users, delivering and improving our services, e-mail communication, invoicing and payments, customer support services and analytics. These service providers may only access, process or store Personal Information pursuant to our instructions and to perform their duties to us, and in accordance with applicable laws and regulations; or
- when we have your explicit consent to share your Personal Information; or
- when we determine that disclosure is required to protect the rights, property, or personal safety of Rocket Lawyer and users of the Website, or to respond to lawful subpoenas, warrants, or requests by public or regulatory authorities, or by law enforcement authorities, including to meet national security or law enforcement requirements; or
- if we sell some or all of our business or assets, we may disclose your Personal Information to the prospective seller or buyer of such business or assets, and if the transaction closes, then your Personal Information may be transferred to the buyer.
If we transfer personal information received under the DPF to a third party, the third party's access, use, and disclosure of the personal information must also be in compliance with our DPF obligations, and we will remain liable under the DPF for any failure to do so by the third party unless we prove we are not responsible for the event giving rise to the damage.
4. Your Rights
Under the GDPR, you have various rights in relation to your Personal Information, such as the rights of access, rectification, restriction, objection, portability, and erasure. Please note that these rights are subject to certain limitations set forth in applicable law.
To exercise these rights, please contact our DPO. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of applicable laws. Please note that we may keep a record of your communications to help us resolve any issues you raise.
5. Complaint Resolution
If you have any inquiries or complaints about our handling of your Personal Information under the DPF, or about our privacy practices generally, please contact us at: privacy@rocketlawyer.com and we will respond to your inquiry promptly.
We have further committed to refer unresolved DPF complaints to the Judicial Arbitration and Mediation Services (JAMS), an alternative, independent third-party dispute resolution service in the United States. If we are unable to satisfactorily resolve any complaint relating to the DPF, or if we fail to acknowledge your complaint in a timely fashion, you can submit your complaint to JAMS. To learn more about JAMS' dispute resolution services or to refer a complaint to JAMS, visit here.
In addition, in certain circumstances and as a last resort, you may be able to invoke binding arbitration through the Data Privacy Framework Panel. To learn more about the Data Privacy Framework Panel, visit here.
Lastly, we are also subject to the investigatory and enforcement powers of the Federal Trade Commission.