Lega Inc. Privacy Policy

Last updated: June 11, 2023

1. Our approach to privacy

Lega Inc. (also known as “Lega”, “we”, “our”, or “us”) values your privacy and has created this privacy policy to address how we collect, store, process, manage, and use your data (including personally identifiable information).

This privacy policy (“Privacy Policy”) applies to your use of our websites (including those at lega.ai, subdomains of lega.ai, and third party platforms like Betty Blocks) (collectively, the “Lega Websites”) and all other products and services we make available (together with the Lega Websites, the “Lega Service”).

By using the Lega Service, you agree to practices described in this Privacy Policy as well as the collection, usage, and management of your data as described below and in our terms of service, which can be found at lega.ai/terms (the “Lega Terms”).
Please ensure that you have reviewed and understood our collection, storage, use and disclosure of your personal information.

2. Collection, Use, and Retention of Personal Information

2.1 Personal Information Provided to Us

We collect personal information about you when you voluntarily submit information to us through communications with us or submissions on the Lega Websites. This could include information you provide to use when you register for the Lega WebsitesLega Service, engage with us on social media, attend an event hosted by Lega, Lega Serviceor use any feature or aspect of the Lega Service. We rely on the information you give us to provide you the Lega Service and to respond to your requests. You are responsible for complying with the applicable laws and other obligations for any personal information that you provide under the situations described in this paragraph. If you do not provide personal information when requested, you may not be able to use the Lega Service if that information is necessary to provide you with the service or if we are legally required to collect it.

2.2 Personal Information Received from Other Sources

Lega may receive additional personal information about you from individuals or entities that are subscribers to the Lega Service and in cases in which you are designated a user of the Lega Service either as a contact, collaborator, or in other such capacity and as such terms are used within the Lega Service. In addition, Lega utilizes a number of other services, including payment and delivery services, advertising networks, analytics providers, search information providers, and other services needed to effectively deliver the Lega Service, and may receive information about you from them under the agreements and restrictions you have with them. We may link or combine the personal information we collect and/or receive about you and the information we collect automatically to provide you with a personalized experience. Your privacy settings on the third-party service normally control what they share with us. Make sure you are comfortable with what they share by reviewing their privacy policies and, if necessary, modifying your privacy settings directly on the third-party service.

2.3 How We Use Your Personal Information

Generally, Lega may use your personal information for the following purposes (collectively, the “Business Purposes”):

(a) to provide you with content and the Lega Service and perform related obligations and those specifically identified under the Lega Terms;
(b) to communicate with you and provide updates about the Lega Service;
(c) to support your use of the Lega Service and communicate with you regarding your use or queries;
(d) to administer the Lega Service for internal uses such as data analytics and product testing as well as to improve the Lega Service€(e) to market, measure, and understand the effectiveness of advertising methods that we use;
(f) to develop new services;
(g) to detect, prevent, and investigate security incidents, potential abuse or misuse, and investigate any security alerts;
(h) to comply with applicable legal requirements, such as tax and other government regulations and industry standards, contracts, and law enforcement requests; and
(i) for other legitimate business purposes relating to the Lega Service or our legitimate interests.

Lega will only process personal information for the Business Purposes. Lega may use outside services to help us with accomplishing the Business Purpose; a list of software and the types of personal information used in each is available in Exhibit B. Exhibit B also sets out the categories of personal information you provide to us and that we receive from other sources and how we use that information and related details. Lega further will only process your personal information within the legal bounds of the applicable law in your jurisdiction (See Jurisdiction Addendums).

Further information regarding the collection of your information, the types of data, and the primary purposes for collection and use of such data collected, can be seen at Exhibit A.

2.4 Third Party Plugins

We may share personal information with website plugins or similar third-party services to improve your experience, at your direction, or when you intentionally interact with the plug-in. For example, when you use a third-party service to create or log in to your account, we may share your personal information with that third party service.

2.5 Marketing and Advertising

We may periodically contact you electronically with relevant information about the Lega Service and other products and services offered by Lega. We may use personal information we have received under section 2.1 and 2.2 of this policy to determine the most relevant information to share with you. If you don’t want to hear from us, you can do so by letting us know when you first provide your contact information, by emailing us at support@lega.ai, or by following the subscription-management link in our emails.

2.6 Social Media

The Lega Websites may have social media features such as LinkedIn sharing buttons. These features may collect your IP address, which page you are visiting on our website and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the company providing it.

2.7 Address and Browser Information

When you access the Lega Websites, we receive information about the IP address making the request, the date and time of such request, the browser and operating request of the device making the request, the requested URL, the referring website from which you made the request, and other data that allows us to serve you the Lega Websites and optimize the Lega Service. Lega may also collect information relating to usage, such as the number and frequency of visitors to the Lega Websites.

2.8 Limitations on Use of Personal Information

Lega does not sell personal information shared by you. Lega has not sold personal information shared by you in the 12 months preceding the modification date for this Privacy Policy. All use of personal information is done for the Business Purposes.

2.9 Anonymization and Aggregation of Data

We may anonymize and aggregate any of the personal information we collect (so that it does not identify you). We may use anonymized information for purposes that include testing our IT systems, internal research and data analysis, improving the Lega Service, and developing new products and features.

2.10 Retention of your Information

We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the Business Purposes, satisfying any legal or reporting requirements, and any other required retention policies. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and the applicable legal and contractual requirements. When the purpose of the data processing has been fulfilled, your personal information will be deleted in accordance with our data retention policy and the Lega Terms, unless we are legally required to retain it. In some circumstances we may anonymize your personal data (so that it can no longer be associated with a user) for purposes that include testing our IT systems, internal research and data analysis, improving the Lega Services, and developing new products and features. Please note that in the course of providing the Lega Service, aggregated, anonymized, or de-personalized information may be retained indefinitely.

2.11 Sharing of Personal Information

We will not share your personal information with any third parties except as described in this Privacy Policy or in connection with the Lega Service, and in all cases, nothing in this Privacy Policy will affect the confidentiality obligations and disclosure restrictions in the Lega Terms. Lega may share certain personal information with vendors, suppliers, subcontractors, and partners who perform services on our behalf (these companies are authorized to use your personal information only as necessary to provide these services to us and subject to similar confidentiality restrictions), analytics and search engine providers that assist us in the improvement and optimization of the Lega Websites, and payment processors (via encrypted connection) and invoicing services that fulfill payment transactions for us. We may share personal information with website plugins, social media platforms or similar third-party services to improve your experience, at your direction, or when you intentionally interact with the plug-in. For example, when you use a third-party service to create or log in to your account, we may share your personal information with that third party service.

2.12 Disclosure

In accordance with the Lega Terms, we may be required to disclose personal information in response to lawful requests by government authorities and legal orders. Please consult the Lega Terms for how we handle such requests. Lega may also disclose such information at your own request, when it’s necessary to enforce the Lega Terms, to detect, prevent, or address fraud, technical, or security issues, and to protect our property or legal rights, or those of other parties.

2.13 Testimonials

In accordance with the Lega Terms, we may display personal testimonials of satisfied customers on our site, along with other endorsements. If you wish to update or delete your testimonial, you can contact us at support@lega.ai.

2.14 Business Transactions

We may disclose personal information to third parties in connection with a business transaction. Personal information may be disclosed to third parties in connection with a transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on the Lega Websites of any change in ownership that impacts the use of your personal information, as well as any choices you may have regarding your personal information.

3. Storing and Transferring your Personal Information

3.1 Security

We use industry standard techniques to protect against unauthorized access of your personally identifiable information. We use Transport Layer Security technology (TLS) in sending your private information. We also ensure that our employees only use the information they need to help you and take measures to protect against unauthorized access to their computers.

3.2 Appropriate Safeguards

Lega will implement, and ensure that its agents, sub-contractors and employees implement, appropriate technical and organizational security measures to ensure a level of security commensurate with the risks associated with the processing, such measures to be appropriate in particular to protect against accidental or unlawful destruction, loss, alteration or unauthorized disclosure of or access to your personal information. Notwithstanding the foregoing measures, because the internet is not a completely secure environment, we cannot guarantee the security of any personal information transmitted to the Lega Service or guarantee that information on the Lega Service may not be accessed, disclosed, altered, and/or destroyed by breach of any of our physical, technical and/or managerial safeguards.

You are responsible for maintaining the secrecy of its unique password and account information, and for controlling access to emails between a user and us, at all times. You should limit access to its computer and/or mobile device and/or browser and sign off after you have finished accessing your account. We are not responsible for the functionality, privacy and/or security measures of any other organization and are not responsible for the practices employed by any websites and/or services linked to and/or from the Lega Service, including the information and/or content contained therein.

3.3 Storage of Information

Any data that we collect from you will be stored within the United States or European Union at a secure location. In order to keep your data secure, we will take all reasonably necessary steps in accordance with this Privacy Policy and the Lega Terms. All information you provide to us is stored on secure servers in a controlled environment with limited access. If you provide us with any payment information, that information will be encrypted using TLS or SSL technology. If you have created a password to access secure sections of our site or software, you are responsible for keeping this password confidential and not sharing the password with anyone.

3.4 International Data Transfers

The personal data which we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”), including the United States of America. You acknowledge the transfer to, and storing, or processing outside of the EEA, of your personal data as set out in this Privacy Policy.

If you are located in the EEA, the UK or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your data to the US. Where applicable law requires a data transfer legal mechanism, we use one or more of the following: EU Standard Contractual Clauses with a data recipient outside the EEA or the UK, verification that the recipient has implemented Binding Corporate Rules, or other legal method available to us under applicable law.

Your personal data may also be processed by staff operating outside the EEA and Switzerland who work for us, or one of our third-party service providers. Such staff may be engaged in, among other things, the fulfillment of your transaction, the processing of your payment details, improving our websites and the Lega Service, technical support, fraud review, and the provision of other support services. We will take all reasonably necessary steps to ensure that where your personal data is transferred, it is treated securely and in accordance with this Privacy Policy.

4. Use of Cookies and Similar Technologies

4.1 Types and Purpose of Cookies

The Lega Service uses cookies and similar technologies (collectively referred to as cookies) to distinguish you from other users of the Lega Service and provide you with the best possible service and experience. The information we may collect is described in detail in Exhibit B.

• Strictly necessary cookies. These cookies are required for the essential operation of our Service such as to authenticate you and prevent fraudulent use.
• Analytical/performance cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our Service when they are using it. This helps us to improve the way our Service works, for example, by ensuring that you can find information easily.
• Functionality cookies. These cookies are used to recognize you when you return to our Service. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our Service, the pages you have visited and the links you have followed. We will use this information to make our Service and the advertising displayed on it more relevant to your interests. We may also share this information with third parties (listed in Exhibit B) for this purpose.

4.2 Opting Out and Blocking Cookies

If you do not wish to have information about you from your use of the Lega Websites and other websites used for such purposes, you can opt-out of certain advertising platforms using the following consumer choice mechanisms:

• Digital Advertising Alliance (DAA)’s self-regulatory opt-out page
• European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page
• Network Advertising Initiative (NAI)’s self-regulatory opt-out page

This does not opt you out of generic and other such served ads. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including those that are necessary cookies for the use of the Lega Service) you may not be able to access all or parts of the Lega Service.

You may also be entitled to make additional choices regarding your personal information. These can include accessing your personal information, making changes to your personal information, requesting the deletion of your personal information, or objection to certain processing of your personal information, or changing how you receive promotional emails from us. You will not be discriminated against for exercising these rights provided that in certain situations, we may no longer be able to provide the Lega Services without sufficient personal information. In either case, you can contact us as set forth in section 5.4 Contact Us of our Privacy Policy if you wish to make additional choices regarding your personal information.

5. Miscellaneous

5.1 Third Party Links

We sometimes offer you access to third party websites, services, and applications through our Website. This Privacy Policy does not cover how these third parties that we do not own or control would use your data. These third parties may have their own privacy policies. We encourage you to carefully review them. We have disclosed the information we collect through these providers and how this information is utilized below.

5.2 Changes to this Policy

Periodically we may make changes to this Privacy Policy. If we make any changes in the way we collect or use your information, we will let you know by posting an announcement on our Website and emailing you. If you are subject to the GDPR, you will be prompted to consent to the changes of our Privacy Policy. If you use our Websites or the Lega Service after any changes have been made, you agree to the revised Privacy Policy.

5.3 Notices

If we need to provide you with information about something, whether for legal, marketing or other business-related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on our Website. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.

5.4 Contact us

Regardless of your location, any questions, comments, and requests regarding this Privacy Policy are welcome and communication should be addressed to our Data Protection Officer, Christian Lang, at support@lega.ai.  Communication can also be addressed to: Attn Privacy Team, Lega Inc., 8 The Green, STE B, Dover, Delaware, 19901, United States.

5.5 Other Items

• Children Should Not Use the Lega Service. The Lega Services is a service directed and marketed to working professionals and is not directed at persons under 16 years of age. We do not intend to collect personal information from children under 16 years of age. If you become aware that a child under 16 years of age has provided us with personal information without appropriate consent, then please contact us using the details below so that we can take the appropriate steps in accordance with our legal obligations and this Privacy Policy.
• Third Party Applications/Websites. We have no control over the privacy practices of websites or applications that we do not own.
• Conflict Between This Privacy Policy and the Lega Terms or Other Terms. Where there is a conflict between this Privacy Policy and an explicit provision of the Lega Terms, this Privacy Policy will prevail over those other Terms.
• Accessibility. If you are visually impaired, you may access this notice through your browser’s audio reader.
• Other. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact us according to the methods above.

Addendums

Addendum 1: International Jurisdictions

Personal information that you submit through the Services may be transferred to countries other than where you live. We also store personal information locally on the devices you use to access the Services. Your personal information may be transferred to countries that do not have the same data protection laws as the country in which you initially provided the information. The following provisions may apply to you depending on where you are located.

Australia

If you are an Australian resident, and you are dissatisfied with our handling of any complaint you raise under this Privacy Policy, you may wish to contact the Office of the Australian Information Commissioner.

Canada

Personal information maintained and processed by our affiliates and third-party service providers in the U.S. and other foreign jurisdictions may be subject to disclosure pursuant to a lawful access request by U.S. or foreign courts or government authorities. We will not provide your information to third parties for marketing purposes without your prior consent.

For more information about our privacy practices; to access, update or correct inaccuracies in your personal information; or if you have a question or complaint about the manner in which we or our service providers treat your personal information, please contact us as set forth in section 5.4 Contact Us of our Privacy Policy.

European Economic Area (EEA) and the United Kingdom (UK)

If you are located in the European Economic Area (“EEA”), the following provisions apply to you, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “EEA Applicable Law”). As set forth in section 3.4 International Data Transfers of this Privacy Policy, to the extent personal information is collected and subsequently transferred out of the EEA, the transfer will take place consistent with the Standard Contractual Clauses. We transfer, in accordance with Article 46 of the GDPR, personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area. We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding, enforceable commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.

If you are a resident of the EEA, and believe we process your information in scope of the General Data Protection Regulation (GDPR), you may direct your questions or complaints to the Office of the Data Protection Commissioner. If you are a resident of the UK, you may direct your questions or concerns to the UK Information Commissioner’s Office. To exercise your privacy rights set forth in this Privacy Policy, you may contact us as set forth in section 5.4 Contact Us of our Privacy Policy.

Addendum 2: GDPR Rights

If you are located in the European Economic Area (“EEA”), the following provisions apply to you, in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “EEA Applicable Law”)

1. Role of Lega

Where Lega is provided personal information in its capacity of providing the Lega Service to its customers or prospective customers, Lega will act as the Processor. The provider will be the Controller of the personal information. Where Lega collects personal information for any of the Business Purposes, which constitute the legitimate interests of Lega, it will be the Controller for purposes of the EEA Applicable Law. Lega will never collect or process any of the special categories of personal information outlined in the EEA Applicable Law.

2. Duties of the Processor

Lega, when acting as a Processor (as defined in the EEA Applicable Law) agrees to process personal information only on instruction of the Controller (defined in the EEA Applicable Law). Engagement with the Lega Service will constitute approval of processing. Lega agrees that it will delete all personal information upon the termination of services or return the data to the controller upon request.

3. Sub-Processors of Personal Information

Lega, when acting as a Processor, may use sub-processors to manage and store your personal information. The Controller affirmatively consents to any sub-processing necessary for normal business operations by their continued use of the Lega Service. The Processor will remain fully liable to the Controller for any failure by a sub-processor to fulfill its obligations in relation to the processing of any personal information.

4. Confidentiality of Personal Information

In cases in which Lega acts as a Processor as defined in the EEA Applicable Law, and generally, Lega will ensure that its employees, agents, and sub-contractors take reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the personal information, ensuring in each case that access is strictly limited to those individuals who need to access the relevant personal information, as strictly necessary to the Lega Service in the context of that individual’s duties to Lega.

5. International Transfers of your Personal Information

The personal information we collect may be transferred to and stored in countries outside of the jurisdiction you are in where we and our third-party service providers have operations. If you are located in the EEA, your personal information may be processed outside of the EEA including in the United States; these international transfers of your personal information are made pursuant to appropriate safeguards, and, we will take suitable steps to ensure that your personal information is treated just as safely and securely as it would be within the EEA and under the Applicable Law. Such measures will include having Data Processing Agreements with applicable sub-processors and ensuring that such sub-processors have adequate security and data protection procedures in place aligned with the applicable law. If you have questions about these safeguards, please contact us using the details set out in section 6.4.

6. Rights of the Data Subject

As a data subject, you have the following rights in respect of your personal information that we hold, including in our partner services:

• Right of Access and Portability. To obtain access to your personal information along with certain information, and to receive that personal information in a commonly used format and to have it ported to another data controller.
• Right to Rectification. To obtain rectification of your personal information without undue delay where that personal information is inaccurate or incomplete.
• Right to Erasure. To obtain the erasure of your personal information without undue delay in certain circumstances, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed.
• Right to Restriction. To obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you or the sale of your personal information for a period enabling us to verify the accuracy of that personal information.
• Right to Object. To object, on grounds relating to your particular situation, to the processing of your personal information, and to object to the processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing.
• Right to Non-Discrimination. To non-discrimination for exercising your rights as outlined in this policy. This includes denying you goods or services, charging you different prices for similar services, or providing a different level or quality of service.

7. Exercise of Rights

If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy. Upon request, we will provide you with information about whether we hold any of your personal information. You may access, correct or request deletion of your personal information by logging into your account, or by contacting us at support@lega.ai. We will respond to your request within 30 days.

Addendum 3: United States

California.

If you are a California resident, the following provisions apply to you, in accordance with the provisions of the California Consumer Privacy Act (“CCPA”) and other applicable provisions of the California Civil Code (namely, section 1798) (together, the “California Applicable Law”), California residents are entitled to certain additional rights as identified in this section.

We collect personal information as outlined in Exhibits A and B. We process, retain, use, and disclose only as necessary to provide the services under the Lega Terms and for the Business Purposes. We do not sell your personal information; and will not sell your personal information without providing you the ability to opt out. Please note that we do use third-party cookies for our advertising purposes as further described above.

A California resident (as defined in the California Applicable Law) has the right to request a list of the categories of personal information collected, a copy of the specific personal information compiled about them, and the deletion of said information. Such a request may be made twice in a given 12-month period. To make such a request, please contact Lega at support@lega.ai or by mail at Lega Inc., 8 The Green, STE B, Dover, Delaware, 19901. Additional information may be required for identity verification purposes. Lega will not discriminate against California residents who make such a request.

Other California Privacy Rights. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, see Contact Information above.

During the past 12 months we have collected the categories of information listed in Exhibit A about California residents from the listed sources, used it for the listed business purposes and shared it with the listed categories of third parties. This includes information about Website visitors, registered users, employees, vendors, suppliers and any other person interacting with us either online or offline. Not all information is collected about individuals. For instance, we may collect different information from applicants for employment than from customers.

Nevada.

This notice is provided to you pursuant to state law. Nevada state privacy laws permit us to make marketing calls to existing customers, but if you prefer not to receive marketing calls, you may be placed on our internal opt-out list by emailing us at support@lega.ai or you may also contact the Nevada Bureau of Consumer Protection, Office of the Nevada Attorney General, 555 E. Washington St., Ste 3900, Las Vegas, NV 89101; telephone 702-486-3132; email: AGCinfo@ag.nv.gov.

Texas.

If you have a complaint, first contact us by emailing us at support@lega.ai. If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294; 1-877-276-5554 (toll free); www.dob.texas.gov.

Vermont.

In accordance with Vermont law, we will not share information we collect about you with companies outside of Lega except as required or permitted by law. For example, we may share information to service your accounts, complete requested transactions, or to provide rewards or benefits to which you are entitled.

Exhibit A

Information Collected and its Primary Purpose for Collection and Use

Primary Purpose for Collection and Use of Data

We collect information you provide to us to create an account, specifically email address, first & last name, and company information. We also use this information to operate, maintain, and offer the Lega Services.
We have a legitimate interest in providing account related functionalities to our Customers, monitoring account logins, and detecting potential fraudulent logins or account misuse. Additionally, we use this information to fulfill our contract to provide you with Lega Services and for our legitimate interests, including marketing purposes and communications with you relating to your inquiries.
Information in this category may be disclosed to third parties in accordance with the Lega Terms and this Privacy Policy.

We collect information from you provide to us in order to facilitate your payment for our Lega Service. Payment information will be securely transmitted via our payment processor.
We have a legitimate interest in providing account related financial functionalities to our Customers. Additionally, we use this information to fulfill our contract to provide you with Lega Service.
Information in this category may be disclosed to third parties that are necessary to the processing of your payment information and our account-related financial functionalities in accordance with the Lega Terms and this Privacy Policy.

We use technology to monitor how you interact with our Lega Service. This may include: IP addresses, preferences, web pages you visited prior to using our Lega Service, information about your browser, network or device (such as browser type and version, operating system, internet service provider, preference settings, unique device IDs and language and other regional settings), information about how you interact with the Lega Service (such as timestamps, clicks, scrolling, browsing times, searches, transactions, referral pages, load times, and problems you may encounter, such as loading errors).
We have a legitimate interest in understanding how you interact with our Websites and Lega Service to better improve it, and to understand your preferences and interests to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud.
Information in this category may be disclosed to third parties in accordance with the Lega Terms and this Privacy Policy.

We participate in behavior-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our Websites and Lega Service so that they can provide advertising about products and services tailored to your interests on our Websites, Lega Service or on other websites.
We have a legitimate interest in engaging in behavior-based advertising and capturing website analytics.
Information in this category may be disclosed to third parties in accordance with the Lega Terms and this Privacy Policy.

When you use the Lega Services we collect your location from the GPS, Wi-Fi, and/or cellular technology in your device to determine your location to provide the Lega Service.
We have a legitimate interest in understanding our Customers and providing tailored services. In some contexts, our use is also based upon your consent to provide us with geo location information.
Information in this category may be disclosed to third parties such as data analytics providers, ISPs, and other service providers in accordance with the Lega Terms and this Privacy Policy.

If you apply for a job posting, or become an employee, we collect information necessary to process your application or to retain you as an employee. This may include, among other things, your Social Security Number. Providing this information is required for employment. We use information about current employees to perform our contract of employment, or the anticipation of a contract of employment with you. In some contexts, we are also required by law to collect information about our employees.
We also have a legitimate interest in using your information to have efficient staffing and workforce operations.
Information in this category may be disclosed to government entities and other service providers.

If you apply for a job posting, become an employee, take part in a survey, or provide education information to join a webinar or similar activity, your education information may be required.
We have a legitimate interest in using your information to verify your qualifications to approve your participation in the relevant business need.
Information in this category may be disclosed to bar associations, government entities and other service providers.

Exhibit B

AZURE

Lega uses Microsoft Azure as our cloud-based data storage and hosting provider. Azure’s current data processing and data protection is viewable here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

BETTY BLOCKS

Lega uses the Betty Blocks platform to deploy and host the Lega Service.  CCPA categories of information include: Identifiers, Internet/electronic activity, Geolocation.  The responsible entity is Betty Blocks B.V., Address: Pettermerstraat 7, 1823 CW, Alkmaar, The Netherlands, Contact: www.bettyblocks.com/office-contacts.  Because the Betty Blocks platform hosts the Lega Service, Betty Blocks is sub-processor of all data that Lega processes through Lega Service itself.  For more information on Betty Blocks’s privacy practices, please visit: https://www.bettyblocks.com/privacy-policy.

CALENDLY LLC

Lega uses Calendly to allow customers to schedule calls with our team. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Calendly, LLC. BB&T Tower. 271 17th St NW, Atlanta, GA, 30363, USA. Personally identifiable information, including name, email address, phone number and other requested data is submitted to Calendly’s servers and saved there when a user chooses to schedule a call with Lega using a form hosted by Calendly. Other information, including IP address, browser & OS version, and timestamps, is submitted to Calendly when a user loads the form or a confirmation email sent by Calendly. The analyses of your action to schedule a call through Calendly is transferred to us in the form of reports. Calendly may give any of your information to further parties where legally required to do so, or these parties are contracted to by Calendly. You can find further information about Calendly’s data processing and data protection at: https://calendly.com/pages/security

CLICKUP

Lega uses ClickUP as our internal productivity software. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: 363 Fifth Ave. Suite 300, San Diego, CA 92101, USA. In order to facilitate providing the Lega Service to you, we may use your name, email, phone, and account ID in ClickUP and this information will be stored on their servers. You may find further information about ClickUp’s data processing and data protection here: https://clickup.com/dpa

GOOGLE ANALYTICS

Lega’s website uses Google Analytics, a Google product, for website analysis, to help improve our website. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA. The analysis of your use of our website is made possible through the use of cookies, and this information is stored on Google servers in the USA.The data is shared with us in the form of reports. Google may give this information to further parties where legally required to do so, or these parties are contracted to by Google. You may opt-out of targeted advertising through Google AdSense by visiting: tools.google.com/dlpage/gaoptout .You can find further information about Google’s data processing and data protection at: https://policies.google.com/

DROPBOX SIGN

Lega uses Dropbox Sign (formerly known as HelloSign) to electronically request and add legally binding signatures to documents. Personally identifiable information such as name and email will be used by HelloSign should we need to send you a contract to sign. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: JN PROJECTS Inc.1800 Owens Street, San Francisco, CA 94158, USA. You can find further information about HelloSign’s data processing and data protection at: https://www.hellosign.com/privacy

HUBSPOT

Lega uses Hubspot for our marketing and sales activities to communicate with our prospects and customers. Personally identifiable information, including name, email address, phone number and location & country is submitted to Hubspot’s servers and saved there when a user engages with the Lega Service. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Hubspot, 1 Harbour Pl, Suite 175. Portsmouth, NH 03801, USA. You can find further information about Intercom’s data processing and data protection at: https://legal.hubspot.com/dpa

INTERCOM

Lega uses Intercom to communicate with our prospects and customers and to manage information about our customers and leads. Personally identifiable information, including name, email address, phone number and location & country is submitted to Intercom’s servers and saved there when a user engages with the Lega Service. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Intercom R&D Unlimited Company, 2nd Floor, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Republic of Ireland. You can find further information about Intercom’s data processing and data protection at: https://www.intercom.com/terms-and-policies#privacy.

INVOICE NINJA

Lega uses Invoice Ninja to process payments for our existing customers and others that have engaged Lega. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Invoice Ninja, 14799 Soaring Eagle Ct, Fort Myers, FL 33912, USA. If you sign up to a paid Lega subscription, the following data will be sent to Invoice Ninja, and saved by them: your name and email address, details of your payment method (credit card number, expiry date, CVC), your IP address, and the time and date of your transaction. You may find further information about Invoice Ninja’s data processing and data protection here: https://www.invoiceninja.com/privacy-policy/

LINKEDIN

Lega uses LinkedIn to share content on social media. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation, and potentially, Inferences about personal preferences and attributes drawn from profiling, Internet activity. The responsible entity for LinkedIn is: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. If the user is logged into a LinkedIn account (even if it is not their own account) at the same time that they access the Lega website, LinkedIn will additionally receive a notification that they have visited Lega’s website. LinkedIn collects this information, so it is possible that it could associate it with the LinkedIn account. To prevent this, log out of LinkedIn accounts prior to visiting the Lega website. You may find further information about LinkedIn’s data processing and data protection here: https://www.linkedin.com/legal/privacy-policy

MAILCHIMP

Lega uses Mailchimp as a group email provider to provide a platform for users who subscribe to the service. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation. The responsible entity is: Intuit Inc. You can find further information about Mailchimp’s data processing and data protection here: https://www.intuit.com/privacy/statement/.

MICROSOFT

Lega uses Microsoft’s 365 for Business suite as its solution for email, calendars, certain storage, etc.  You can find further information about Microsoft’s data processing and data protection here: https://privacy.microsoft.com/en-us/privacystatement. 

SLACK

Lega uses Slack, a communications platform, for internal and external communications with employees and contractors. The responsible entity is: Slack Technologies, Inc., USA. You can find further information about Slack’s data processing and data protection here: https://slack.com/intl/en-gb/terms-of-service/data-processing

STRIPE

Lega uses Stripe to process payments for some of our existing customers and provide billing information to these customers. The responsible entity is: Stripe, Inc, 185 Berry Street, Suite 550, San Francisco, CA 94107, USA. If you sign up for an Lega subscription, the following data will be sent to Stripe, and saved by them: your name and email address, details of your payment method (credit card number, expiry date, CVC), your IP address, and the time and date of your transaction. You may find further information about Stripe’s data processing and data protection here: https://stripe.com/us/privacy

TWITTER

Lega uses Twitter to share content on social media. CCPA categories of information collected include: Identifiers, Internet/electronic activity, Geolocation, and potentially, Inferences about personal preferences and attributes drawn from profiling, Internet activity. The responsible entity is: Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. When a user clicks the Twitter button, Twitter will be contacted, and user data will be transferred from Lega to Twitter. Twitter will receive through this the information that the user has visited Lega’s website. If the user is logged into a Twitter account (even if it is not their own account) at the same time that they access the Lega website, Twitter will receive a notification that they have visited Lega’s website. Twitter collects this information, so it’s possible that it could associate it with the Twitter account. To prevent this, log out of Twitter accounts prior to visiting the Lega website. For further information relating to data protection and Twitter, please see: https://twitter.com/en/privacy