Privacy policy
Effective: 9th May 2024
This Privacy Policy applies if you reside in the European Economic Area (EEA), Switzerland, or UK.
At Solicitech Ltd respect your privacy and are strongly committed to keeping secure any information we obtain from you or about you. This Privacy Policy describes our practices with respect to Personal Data we collect from or about you when you use our website, applications, and services (collectively, “Services”).
This Privacy Policy does not apply to content that we process on behalf of customers of our business offerings, such as our API. Our use of that data is governed by our customer agreements covering access to and use of those offerings.
1. Data controller
Solicitech Limited, with its registered office at 7 Granard Business Centre, Bunns Lane, Mill Hill, London NW7 2DQ, is the controller and is responsible for the processing of your Personal Data as described in this Privacy Policy.
2. Personal Data we collect
We gather your personal data ("Personal Data") as outlined below:
Personal information you provide: We collect the following Personal Data:
- Account Information: When you register for an account, we gather information linked to your account such as your name, contact details, account credentials, payment information, and transaction history.
- User Content: We collect Personal Data included in the inputs, file uploads, or feedback you provide when using our Services.
- Communication Information: If you communicate with us, we gather your name, contact details, and the content of any messages you send.
- Social Media Information: On social media platforms like Instagram, Facebook, Medium, X, YouTube, and LinkedIn, we collect Personal Data that you choose to share with us, such as your contact details. The hosts of these social media pages also supply us with aggregate data and analytics about our interactions on these platforms.
- Other Information You Provide: We collect additional information you may provide during events, surveys, or when you supply details to verify your age or identity.
Personal information we receive automatically from your use of the Services: When you visit, use, or interact with the Services, we receive the following information (“Technical Information”):
- Log Data: This includes details automatically sent by your browser or device when you access our Services, such as your Internet Protocol address, browser type and settings, the date and time of your request, and your interactions with our Services.
- Usage Data: We automatically gather information about how you use our Services, such as the types of content you view or interact with, the features and actions you use, along with details like your time zone, country, access times, user agent and version, device type, and connection.
- Device Information: This covers the name of your device, operating system, device identifiers, and the browser used. The specific data collected may vary depending on your device and its settings.
- Cookies and Similar Technologies: We employ cookies and similar technologies to manage and enhance our Services, aiming to improve your experience. For more details on how we use these technologies, please refer to our Cookie Notice.
Personal Data from Other Sources: We also collect information from other sources, such as publicly available data on the internet which helps us develop our service models. Additionally, we receive data from trusted partners, including security partners who help us guard against fraud and other threats, and marketing vendors who provide information about potential business customers.
3. How we use Personal Data
We may use Personal Data for the following purposes:
- To provide, administer, maintain and/or analyze the Services;
- To improve our Services and conduct research;
- To communicate with you; including to send you information about our Services and events;
- To develop new programs and services;
- To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our IT systems, architecture, and networks;
- To carry out business transfers; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Aggregated or de-identified information: We process Personal Data into aggregated or de-identified forms to prevent it from identifying you, using this information to analyse our service effectiveness, enhance and add features, and conduct research. Occasionally, we may share or publish aggregated data, like user statistics, with third parties. This data is collected via our services, cookies, and other methods outlined in this Privacy Policy. We maintain and utilize this information in anonymous or de-identified form and will not attempt to re-identify it unless legally required.
4. Disclosure of Personal Data
We may share your Personal Data under certain conditions:
- Vendors and service providers: We may share Personal Data with third-party vendors and service providers that help us with our business operations, such as hosting, customer support, cloud services, content delivery, data storage, security monitoring, email communications, web analytics, and payment processing. These providers will access, process, or store Personal Data based on our directions and solely to perform their duties.
- Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or transition of services to another provider, your Personal Data may be disclosed during due diligence and transferred to a successor or affiliate as part of the transaction.
- Government authorities and other third parties: We might disclose your Personal Data to government authorities, industry peers, or other third parties if legally required or necessary to:
- Comply with legal obligations,
- Protect and defend our rights or property,
- Address violations of our terms or policies,
- Prevent fraud or other illegal activities,
- Ensure the safety and integrity of our products, staff, or users,
- Protect against legal liability.
- Affiliates: Your Personal Data may be shared with our affiliates—entities that control, are controlled by, or are under common control with us. Our affiliates will use the Personal Data in accordance with this Privacy Policy.
- Business account administrators: If you are part of a business account like Lex HR Enterprise, your account administrator may access and manage your account. Additionally, if your account is registered with an email address from your employer or organisation, we may disclose the existence of your account and certain details, such as your email address, to them to facilitate integration into their business account.
- Other users and third parties you share information with: Some features of our services allow you to share information with other users or third parties. For instance, you might share conversations from Lex HR with others through shared links or send information to third-party apps through custom actions for GPTs.
5. Retention
We will keep your Personal Data only as long as necessary to provide you with our Service, or for other legitimate business needs such as resolving disputes, ensuring safety and security, or meeting legal requirements. The duration for which we retain Personal Data depends on several factors including:
- Purpose of processing: We assess whether the data is needed to continue providing our services.
- Data characteristics: The amount, nature, and sensitivity of the data are considered.
- Risk of harm: We evaluate the potential risk of harm from unauthorized use or disclosure of your data.
- Legal obligations: Any legal obligations we face may dictate the retention period.
6. Your rights
You have certain legal rights regarding your Personal Data, including the ability to:
- Access your Personal Data and information on how we process it.
- Delete your Personal Data from our records.
- Rectify or update your Personal Data.
- Transfer your Personal Data to another party (right to data portability).
- Restrict the processing of your Personal Data.
- Withdraw your consent at any time if we are processing your data based on your consent.
- Lodge a complaint with your local data protection authority.
Additionally, you have rights to object to our data processing:
- Object to direct marketing at any time.
- Object to processing based on our legitimate interests.
You can exercise some of these rights by submitting your request to support@lexhr.ai. Please be aware that these rights might be limited, for instance, if fulfilling your request would disclose Personal Data about another person, or if you ask us to delete data that we are legally required to keep or have compelling reasons to retain.
We are committed to addressing any concerns or questions you might have. If there are any unresolved complaints after contacting us or our Data Protection Officer, you may contact the UK Information Commissioner.
Note on accuracy: Lex HR generates responses based on predicting likely word sequences from user requests, which may not always be factually accurate. Do not rely solely on the factual accuracy of outputs from our models. If you find inaccuracies in the Lex HR output about you and wish for a correction, you can request it at support@lexhr.ai. However, due to the technical nature of our models, we might not always be able to correct every inaccuracy. In such cases, you may ask for your Personal Data to be removed from HRAdvisor.ai.
For information on exercising your rights regarding data we've collected from the internet to train our models, please refer to this notice.
7. Children
Our Services are not directed to, or intended for, children under 18. We do not knowingly collect Personal Data from children under 18. If you have reason to believe that a child under 18 has provided Personal Data to Solicitech Ltd through the Services, please email us at support@lexhr.ai. We will investigate any notification and, if appropriate, delete the Personal Data from our systems. By using the Services, you represent that you are at least 18 years old.
8. Legal bases for processing
When we process your Personal Data for the purposes described above, we rely on the following legal bases:
| Purpose of processing | Type of Personal Data processed, depending on the processing activity: | Legal basis, depending on the process activity: |
|---|---|---|
| To provide and maintain our Services |
| Where necessary to perform a contract with you, such as processing a user’s prompts to provide a response. |
| To improve and develop our Services and new features and conduct research |
| Where necessary for our legitimate interests and those of third parties and broader society, including in developing, improving, or promoting our Services, such as when we train and improve our models. See here(opens in a new window) for more information. |
| To communicate with you, including to send you information or marketing about our Services and events |
| Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your Personal Data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications. |
| To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our systems and Services |
| Where necessary to comply with a legal obligation. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties, including in protecting our Services from abuse, fraud, or security risks, such as processing data from security partners to protect against fraud, abuse and security threats in our Services. |
| To comply with legal obligations and to protect the rights, privacy, safety, or property of our users, us, our affiliates, or any third party |
| Where necessary to comply with a legal obligation, such as retaining transaction information to comply with record-keeping obligations. Where we are not under a specific legal obligation, where necessary for our legitimate interests and those of third parties and broader society, including in protecting our or our affiliates’, users’, or third parties’ rights, safety, and property, such as analysing log data to identify fraud and abuse in our Services. |
9. Data transfers
We will transfer your Personal Data to recipients in countries outside of the EEA, Switzerland, and the UK as outlined in this Privacy Policy. If you are located in the EEA, Switzerland, or the UK, be aware that these third countries may not provide the same level of data protection as your home country. Nonetheless, we ensure that all data transfers comply with applicable data protection laws. For transfers outside the EEA, Switzerland, or the UK, we depend on the European Commission’s adequacy decisions for certain countries. For countries without such decisions, we use Standard Contractual Clauses approved by the European Commission, along with any relevant country-specific addenda.
By using our services, you understand and agree that your Personal Data will be processed and stored in our facilities and on our servers in the UK, and may also be shared with our service providers and affiliates in other jurisdictions.
10. Changes to the privacy policy
We may update this Privacy Policy from time to time. When we do, we will post an updated version on this page, unless another type of notice is required by applicable law.
11. How to contact us
For any further assistance please contract us at support@lexhr.ai