Welcome to LexCase’s data protection general policy.

The data controller is the Professional Corporation of lawyers LexCase with a share capital of 722registered in France at the Paris Companies and Trade Registry under the number 512 642 950, whose head office is located at 17, rue de la Paix, 75002 Paris.

The protection of your personal data is essential to us. You will find in this privacy policy information on how we collect and process such data.

  1. APPLICATION SCOPE OF THE PERSONAL DATA PROTECTION POLICY

This personal data protection policy applies to all processing of data collected via our website accessible at the address https://lexcase.com/.

Personal data means: any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”), hereinafter referred to as “data”.

  1. The DATA COLLECTED

In general, you can visit our website without it being necessary for you to provide any data to us.

However, when you wish to contact LexCase (https://lexcase.com/contact/), we may ask you to provide certain data. Similarly, you can provide us with data when writing directly to our staff.

With your prior consent, we may therefore collect and process some or all of the following data when you use the contact form on our website:

  • Data relating to your identity (surname, first name, email address);
  • Data relating to your personal and professional life that you choose to communicate to us, particularly in the context of job applications;
  • In all cases, we limit ourselves to collecting and processing data that is relevant, adequate, not excessive and strictly necessary to achieve the purposes that have been previously determined.

The data collection through direct contact with members of our teams through their respective email addresses is based on legitimate interest.

We may also use cookies, which are small files of letters and numbers downloaded to your terminal when you access our website (see the paragraph on cookies).

  1. PURPOSES OF THE PROCESSING CARRIED OUT BY LEXCASE AND LEGAL BASIS OF THE PROCESSING

The data collected by LexCase is used:

  • To process and follow up the job applications sent via our website;
  • To respond to your requests sent via the contact form;
  • In general, to communicate with you, in particular when you contact us by any means whatsoever.

We only collect all or part of the data listed above after having obtained your express consent for the purposes for which it is processed.

  1. THE DURATION OF DATA RETENTION

The duration for which we retain your data depends on the purposes for which it is used.

4.1 Applications processing and follow-up

We undertake to delete your data within a maximum of 2 years after our last contact with you.

4.2 Communication, management of your contact requests

We undertake to delete your data within a maximum of 3 years after our last contact with you.

  1. CATEGORIES OF RECIPIENTS OF THE DATA COLLECTED

The data collected is for internal use within LexCase and is strictly limited to the most appropriate teams to process the request.

However, we may share the data collected with our technical service providers for the purposes described above.

We strictly require our partners to always act in compliance with applicable data protection laws and to pay particular attention to the confidentiality of such data.

By application of the applicable regulations, any subcontractor who could process personal data on behalf of LexCase undertakes in particular to:

  • Process the data only for the sole purpose(s) for which the data is sub-processed,
  • Process the data in accordance with the instructions of LexCase,
  • Ensure the confidentiality and security of the data.

LexCase may also disclose/transfer your personal data to third parties in the following specific circumstances:

  • By reason of law, in connection with a legal proceeding, a litigation procedure and/or a request from public authorities in your country of residence or otherwise;
  • If disclosure is necessary for national security, law enforcement or other public interest purposes;
  • In the event of a reorganization, transfer, merger or sale, to the relevant third party.
  1. DATA TRANSFERS

In the event that your data is transferred outside the European Union, we ensure that:

  • The personal data is transferred to countries recognized as offering an equivalent level of protection.
  • The personal data is transferred to entities certified under the Privacy Shield.
  • For personal data transferred outside of countries recognized by the French National Commission for Data Protection (“Commission Nationale de l’Informatique et des Libertés” or hereafter “CNIL”) as having an adequate level of protection, one of the mechanisms ensuring appropriate safeguards as provided for by the applicable regulations is used, and in particular the adoption of standard contractual clauses.
  1. YOUR RIGHTS REGARDING THE DATA WE COLLECT

7.1 Your rights

You have the following rights with respect to the data we collect:

  • Right to access your data: You have the right to obtain confirmation that your personal data is or is not being processed and, where it is, the right to obtain access to such data. This right also includes the right to obtain a copy of the data being processed.
  • Right to request the rectification of your data if it is incorrect: You have the right to request that your data be rectified, updated or completed if it is inaccurate, erroneous, incomplete or obsolete.
  • Right to request the deletion of your data: You have the right to request the deletion of your data only for the reasons provided for by the applicable regulations and in particular when:
  • The data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You withdraw the consent on which the processing is based, and there is no other legal basis for the processing;
  • You object to the processing and there is no compelling legitimate reason for the processing;
  • You consider that your data has been unlawfully processed;
  • Your data must be erased to comply with a legal obligation.
  • Right to limit the processing of your data: You have the right to obtain from the data controller the limitation of the use of your data only for the reasons provided by the applicable regulations and in particular when:
  • You contest the accuracy of the data which concerns you;
  • You consider that the processing is unlawful and you object to the erasure of your data;
  • The data is still necessary for you to establish, exercise or defend your rights before a court of law although LexCase no longer needs it.
  • Right to object to the processing by withdrawing your consent (it being recalled that this withdrawal will not affect the lawfulness of the processing based on the consent made before the withdrawal of the consent)
  • Right to benefit from the portability of your data: You have the right to retrieve the data you have provided to LexCase, in a structured, commonly used and machine-readable format, and the right to transfer such data to another data controller, for example in order to be able to change service providers.
  • Right to lodge a complaint with the CNIL: If you consider that LexCase does not comply with its obligations with respect to your personal data, you may at any time lodge a complaint or a request with the competent authority. In France, the competent authority is the CNIL, to which you can send a request electronically by clicking on the following link: https://www.cnil.fr/fr/plaintes/internet.

7.2 Methods of exercising your rights

You can exercise the above-mentioned rights by sending a written and detailed request to the following address: privacy@lexcase.com or LexCase, 17 rue de la Paix, 75002 Paris.

Due to the obligation of security and confidentiality in the processing of data that is incumbent on LexCase, you are informed that your request will be processed subject to you providing proof of your identity, in particular by producing a scan of your valid identification document or a signed photocopy of your valid identification document.

LexCase will determine within one month of receipt of the request whether or not the request is admissible. If the request is admissible, LexCase will provide the requested information or enforce the claimed rights within the aforementioned period.

If, due to the complexity of the request or the number of requests received, the aforementioned deadline cannot be met, LexCase will inform you before the deadline expires that it will postpone its decision for a maximum of two months.

LexCase informs you that we will have the right, if necessary, to oppose the manifestly abusive requests (by their number, their repetitive or systematic character).

In the event that LexCase does not grant your request, we will inform you within the above-mentioned time limits of the reasons for our decision, reminding you of your right to file a complaint with the CNIL.

  1. SECURITY OF PERSONAL DATA

We implement all the necessary security measures to prevent to the greatest possible extent any alteration or loss of your data or any unauthorized access to it.

In the event that we become aware of an unlawful access to your personal data and in connection with processing for which we are responsible, we undertake to notify you of the incident as soon as possible if this is required by law.

  1. UPDATING OF THIS POLICY

This policy may be updated at any time, particularly in application of legal and/or regulatory provisions and/or any recommendations made by the CNIL. We therefore invite you to check this page regularly.