Privacy policy

The purpose of this Data Protection Policy is to inform Users about the processing of their personal data by
LexHelp, s.l. (Tax code B72624000) company address Barcelona, Paseo de Gracia n. 12-14, 4º 1ª -08007- (tel
+34.93.412.46.96 & email [email protected] , herein after LexHelp,as well as the measures adopted in
order to guarantee the protection and security of said data. Likewise, this Policy details the rights of Users
regarding their personal data and how to exercise them.
All data processing carried out by LexHelp complies with applicable personal data protection legislation. At
European level, the basic regulation in this regard is constituted by EU Regulation 2016/679 on the
protection of natural persons with regard to the processing of personal data and on the free movement of
such data, also known as the General Data Protection Regulation or GDPR.
LexHelp ensures that the processing of data is always lawful, fair and transparent.


I. BASIC INFORMATION

II. CONTROLLER
LexHelp , s.l. (Tax code B72624000) company address Barcelona, Paseo de Gracia n. 12-14, 4º 1ª -08007-
(tel +34.93.412.46.96 & email [email protected] is the Controller of the processing of personal data.
LexHelp is a time tracking software that allows lawyers to record the time they spend on each work event.
The data subject may contact the Controller by e-mail at the address [email protected].

III. PURPOSES OF THE DATA PROCESSING
The personal data of data subjects will be processed for the following purposes:
• To ensure the correct provision of the services provided through the App;
• To carry out studies and statistics to improve the quality of the service;
• To send commercial communications by email, to the email address provided by the User;
• To comply with the legal obligations to which the data controller may be subject.
In accordance with the principle of purpose limitation, the personal data of data subjects will only be
processed for the purposes described in this section. If, at a later time, LexHelp decides to process data for
a purpose other than the above, it will be its duty to inform the data subject in advance.


IV. LEGITIMACY FOR THE DATA PROCESSING
In order to fulfil the purposes described above, the processing of personal data is justified on the following
bases:
• The consent of the data subject;
• The execution of a contract;
• The legitimate interest for the implementation of studies and statistics;
• The fulfilment of a legal obligation.
In the event that the personal data are used for commercial purposes (by sending commercial
communications by e-mail), LexHelp will request, in advance, the explicit consent of the User who wishes to
receive such communications.

V. CATEGORIES OF PERSONAL DATA
The categories of personal data processed include identifying data provided directly by the User, as well as
data generated by the use of the App.
The personal data collected at the time of subscription to the service are as follows:
- First name
- Surname
- E-mail address

VI. RECIPIENTS OF THE PERSONAL DATA
Personal data are processed exclusively by the Controller and its contractually bound partners. No data will
be transferred to third party companies.
Furthermore, Users' personal data are not subject to decision-making based exclusively on automated
processing, including profiling.

VII. RIGHTS OF THE DATA SUBJECTS
The data subject is entitled to the following rights regarding his or her personal data:
• Right of access: the data subject shall have the right to obtain from the Controller a copy of his or
her personal data and to receive the information about the processing of such personal data as
detailed in Article 15 GDPR.
• Right to rectification: the data subject shall have the right to obtain from the Controller the
rectification of inaccurate personal data concerning him or her. Taking into account the purposes of
the processing, the data subject shall have the right to have incomplete personal data completed.
• Right to erasure (“right to be forgotten”): the data subject shall have the right to obtain from the
Controller the erasure of personal data concerning him or her. Unless there is a legal obligation to
which the Controller is subject, the Controller shall have the obligation to erase personal data
without undue delay, when the personal data are no longer necessary in relation to the purposes of
for which they were collected, when the data subject withdraws his or her consent; or when the
personal data have been unlawfully processed.
• Right to restriction of processing: the data subject shall have the right to obtain from the Controller
restriction of processing, when the accuracy of the data is contested; when the processing is
unlawful and the data subject opposes the erasure of the personal data; when the Controller no
longer needs the personal data for the purposes of processing but they are required by the data
subject for the establishment, exercise or defense of legal claims; or when the data subject has
objected to the processing, pending the verification whether the legitimate grounds of the
Controller override those of the data subject.
• Right to object: the data subject shall have the right to object at any time to processing of personal
data concerning him or her which is necessary for the performance of a task carried out in the
public interest or for the purposes of the legitimate interests pursued by the Controller over a third
party. The Controller shall no longer process the personal data unless the Controller demonstrates
compelling legitimate grounds for the processing which override the interests, rights and freedoms
of the data subject or for the establishment, exercise or defense of legal claims. Moreover, where
personal data are processed for direct marketing purposes, the data subject shall have the right to
object at any time to processing of his or her personal data for such marketing.
• Right to data portability: the data subject shall have the right to receive the personal data
concerning him or her, which he or she has provided to a Controller, in a structured, commonly
used and machine-readable format and have the right to transmit those data to another Controller.
To exercise these rights, the data subject may contact the Controller by sending an email to the address
provided for this purpose [email protected]. In accordance with the provisions of the GDPR, the
Controller will respond to the request to exercise the rights within a maximum period of one month from
the date of receipt of the request.
Moreover, if the User consider that the processing of his or her personal data is in breach of the applicable
law, he or she may file a complaint with the national supervisory authority of data protection.

VIII. PERIOD OF STORAGE OF PERSONAL DATA
Personal data will be stored during the period of use of the App, in order to fulfil the purposes of the
processing described above. After deletion of the account by the User or after a period of inactivity of one
year, the personal data will be stored in accordance with the applicable legal periods of prescription and for
the periods required for the fulfilment of a legal obligation on the part of the Controller.

IX. PERSONAL DATA SECURITY
LexHelp is committed to ensuring that the data processing described in this Policy is carried out in a safe
and secure environment. For this reason, the necessary technical and organizational measures have been
adopted to safeguard the data and prevent possible security breaches.
No transfers of personal data outside the European Union are envisaged with respect to Users located in
the European Union. Regardless of the place from where the User uses the App, any communication will
always be carried out in compliance with the highest standards of computer security and using the SSL
(Secure Sockets Layer) protocol. Moreover, the collected data are stored on certified servers.
LexHelp does not record conversations or phone calls.