A public service provided by the Maine State Bar Association

Privacy Policy

Updated: February 28, 2020


This privacy policy explains how Community.lawyer handles data collected by us as a data controller during the normal course of business, as well as how Community.lawyer as a data processor handles all information input into the Community.lawyer software or generated on behalf of Users in connection with the services. Community.lawyer provides a web-based platform that Users use to:

  1. develop app and client portals and make them available for use by Endusers; and
  2. operate lawyer referral or directory services.

The first set of services and websites are made available for use worldwide; the second set are only available within the United States of America.The regional availability of these products and services may affect the relevant privacy and data control laws that apply.

I. SCOPE

II. INFORMATION WE COLLECT

III. USAGE OF COLLECTED INFORMATION

We process personal data about you either with your consent or in order to fulfill our contractual responsibility to deliver Services and perform the Websites and to pursue our legitimate interests of improving the Services and Websites. We have practices to help ensure that we limit these uses so that your privacy is respected and only the information related to achieving these legitimate aims is used.

A. Users

B. Endusers

Users own, and are data controllers of, Enduser data. Depending on how the User chooses to use the software, Enduser Data may include personal data or personal information. To the extent that Community.lawyer processes User Data, we do so as a data processor on behalf of Users.

C. Website Visitors

D. Prohibition on Selling Data (California Privacy Notice)

Community.lawyer does not sell (nor have we ever sold) the data we process.

IV. INFORMATION YOU SHARE

Some of our Services let you share information with others. Depending on how you elect to share your information (e.g. via public Communities), it may be indexed by search engines.

V. INFORMATION WE SHARE

We do not share your information or data with third parties outside Community.lawyer except in limited circumstances.

To provide certain aspects of our services, we rely on integrations or technology services offered by third parties. We enter into agreements with these third parties to ensure they meet standards for confidentiality, privacy, and security. For example, we rely on third-party services to: send transactional emails; send marketing emails (e.g. our newsletter); send transactional text messages; store data; track engagement on our website; facilitate real-time customer support chat; and process payments.

We also share your information or data if you choose to use an integration in conjunction with Community.lawyer services, to the extent necessary to facilitate that use. We also may have to share information or data in order to: meet any applicable law, regulation, legal process or enforceable governmental request; enforce applicable policies, including investigation of potential violations; detect, prevent, or otherwise address fraud, security or technical issues; protect against harm to the rights, property or safety of our users, the public or to Community.lawyer and/or as required or permitted by law; and facilitate a sale, merger or change in control of all or any part of our company or business or in preparation for any of these events.

VI. SUBPROCESSORS

Where we use any third parties to assist us in delivering our services and they process your data as part of that service, they are considered subprocessors. We enter into GDPR-compliant data processing agreements with each subprocessor, extending GDPR safeguards everywhere personal data is processed. Currently we utilize the following subprocessors:

If you are an existing Community.lawyer User and need to be notified when additional Subprocessors are used to provide the Services, you can subscribe to updates by submitting this form.

VII. COOKIES

We use first- and third-party cookies and similar technologies on our websites. For more information about cookies, how we use them, and how you can manage them see our Cookies Policy.

VIII. SECURITY PRACTICES

For more about our security practices, please see our Security Practices page.

IX. DATE RETENTION

If you hold an account with Community.lawyer, we do not delete the data in your account that you choose to store. You must make the decision to delete your data and have full control over that. If you are a Website Visitor who submitted data to a User or an Enduser of an app or client portal, you will need to ask the User how long your responses will be stored in Community.lawyer services.

X. SAFETY OF MINORS

The websites and services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 or under a higher age if permitted by the laws of their residence. Community.lawyer does not knowingly collect personal data from minors or let them create accounts and reserve the right to delete data we reasonably believe is the personal data of minors without notice. If you believe our Services have been used to collect the personal data of a minor, please contact us at hello+privacy@community.lawyer.

XI. DATA TRANSFERS

For users subject to the GDPR and acting as a Data Controller by using our Services, Community.lawyer offers a Data Processing Addendum (DPA), which includes the EU approved Standard Contractual Clauses/Model Clauses:

You can generate a DPA using this app

XII. PRIVACY POLICY UPDATES

We may make changes to this Privacy Policy from time to time. In circumstances where a change will materially change the way in which we collect or use your personal information or data, we will send a notice of this change to all of our account holders.

XIII. MARKETING

You can opt-out from direct marketing in all direct marketing emails.

XIV. YOUR RIGHTS

You may wish to exercise a right to obtain information about yourself or to correct, update or delete that information. These rights may be subject to some exceptions or limitations in local law or based on your location or the services being used (e.g. the Lawyer Referral/Directory Portals, which are available only to United States visitors and users). We will take reasonable steps to verify your identity and we will respond to your request to exercise these rights within a reasonable time subject to the below for specific categories of person.

A. Rights Under Privacy Laws

In accordance with applicable privacy law, User and Enduser of the App Platform, Apps, and/or Client Portal Services have the following rights in respect to your personal information that we hold:

B. Exercising Your Rights and Fulfilling Your Responsibilities

i. Users

Users can view, edit, delete, and download some of your data directly in your account, or you can contact us to exercise your rights. Specifically:

Regardless of whether a User is inside or outside of the European Union, you may be required to respond to requests from people who ask to exercise their rights as wel (e.g. delete, update, or obtain a copy of data)l. In addition, Users are responsible for ensuring the apps and the client portals they give Endusers access to comply with privacy laws.

For example, you can build your apps to not collect personal information or you can turn off “Store Responses” and not have access to certain data inputted into apps. You can also use such features or design patterns in combination with integrations with outside databases (e.g. Clio, Google Sheets, Zapier) and only collect the exact subset of data you need. You can include consent statements in the Services you make available to Endusers. When in doubt, we encourage Users to seek legal advice to comply with privacy and data collection laws and regulations.

ii. Endusers

If you are an Enduser with a request related to exercising your rights under privacy laws, we recommend you contact the User who gave you access to the app and/or client portal. The User owns and controls your data, and is responsible for editing, deleting, or giving you a copy of it. If you're unable to get in touch with the User, contact us with the following: link to app and/or client portal to which the User gave you access, date and time you accessed the app and/or client portal, your name and email address. We will attempt to use this information to put you in contact with the User who controls the data.

iii. Website Visitors

A website visitor can be anyone who visits a Community.lawyer webpage. Such visitors can manage data stored about them as described in more detail in our Cookies Policy (if applicable).

C. Contacting Us About Your Rights

If you've communicated with Community.lawyer via email or other channels not listed, and you want to exercise your rights, contact us at hello+privacy@community.lawyer. We may ask you to verify your identity and for info about the communications you received so we can complete your request.

If you wish to exercise one of these rights and want more information on how to do so, please contact us at hello+privacy@community.lawyer. Upon request and if applicable, we will provide you with information about whether we hold any of your personal information. We will respond to your request within 30 days.