Privacy Policy

Date: 04/06/2025

1.1. Terms

In this Privacy and Personal Data Protection Policy (hereinafter referred to as the Policy), any references to “Legarithm”, “we”, “us”, and “our” refer to: Legarithm OÜ, a limited liability company registered under the laws of Estonia with registration number 16009397, and located at Harju maakond, Tallinn, Kesklinna linnaosa, Tuukri tn 19-315, 10152.

In the context of this Policy, personal data refers to information relating to an identified or identifiable natural person.

An identifiable person is a natural person who can be identified, directly or indirectly, by reference to one or more factors such as name, identification number, location information, or other unique characteristics related to physical, physiological, psychological, genetic, economic, cultural, or social identity.

1.2. Data Processing Principles

Legarithm is a leading law firm that values its reputation, so we pay special attention to protecting the personal data of our clients and users. We strictly adhere to current legislation and principles of security and confidentiality of personal data, providing maximum protection of its integrity and confidentiality. Our main principles of personal data processing include: transparency, legality, fairness, data minimization, accuracy, retention limitation, confidentiality, and security of your data.
This means that we clearly explain how, why, and for what purposes we collect and use your data, ensuring that all processing is carried out on lawful grounds in accordance with the requirements of current legislation and international standards. We collect only the data necessary for achieving the defined purpose and make every effort to ensure its accuracy and relevance. Your data is stored only as long as necessary for the achievement of the defined purposes, after which it will be securely deleted or anonymized. We also take all necessary measures to protect your data from unauthorized access, use, or disclosure, ensuring its confidentiality and security at every stage of processing.

Personal data processing is carried out based on your consent, except where required by applicable law or international standards and norms.

Your consent may be withdrawn at any time.

The use of your personal information without consent is possible only in exceptional cases such as:

• Actions according to the contract of which you are a party;
• Fulfilling our legal obligations;
• Protection of our legitimate interests or the interests of another party, only if such interests do not contradict your interests or fundamental rights and freedoms that require the protection of personal data;
• Protection of public interests or when exercising our official authority;
• Ensuring compliance with legal requirements, including verifying your identity.

1.3. Company Status

In connection with the described actions related to personal data processing, Legarithm acts as the data controller, meaning that we determine the purposes and means of processing your personal data in accordance with the applicable personal data protection laws, including the EU Regulation 2016/679 (GDPR), which regulates the protection of natural persons regarding the processing of their personal data and the transfer of such data.

1.4. Purpose of the Policy

The purpose of this Policy is to provide you with clear, transparent, and complete information about the processing of your personal data and the methods applied by Legarithm as the data controller.

We do not collect information that is not necessary for achieving the purposes outlined in this policy. Your personal data may be collected and used solely for maintaining and managing our website, as well as providing you with access to its features. We may use your data to perform internal tasks such as testing, data analysis, research, and surveys to improve the website’s functionality and ensure the best user experience. This also includes effective content rendering on your device. We may also use your information to provide legal consultations and send you information, including advertising materials, via email or messages on our website. If you have given your consent, we may personalize these messages, including invitations to events, articles, publications, or legal news analysis.

1.5. Scope of the Policy

This Policy applies to all personal data processing activities carried out within the activities of Legarithm. It covers, among other things, the management and maintenance of our website, the processing of requests sent through the feedback form, data obtained via online chat on the website, as well as newsletters and informational materials distribution. Additionally, the Policy covers support for Legarithm staff, interactions with clients, service providers, and business partners, as well as the management of training courses organized by Legarithm.

1.6. Changes to this Policy

The Policy may be amended over time due to updates in legislation or changes in our business activities. We recommend you periodically check this page to familiarize yourself with the current version of the Policy. In case of any changes, we will notify you, indicating the date of the Policy update.

1.7. Links to External Sites

The site may contain links to platforms and other websites that Legarithm does not control. Legarithm is not responsible for your data being stored or used on such third-party websites. We recommend that you review the privacy policy of each third-party site that you visit through our website for full information on how your personal data may be used and how it is handled.

2. General Provisions Applicable to All Personal Data Processing Operations Performed by Legarithm

2.1. Data Minimization

The forms on the website limit the collection of personal data to only those that are explicitly necessary and specify the purposes for which the data is collected; in all cases, the data recipient is Legarithm. Please note that the information required to process your request is marked with an asterisk in each form. If you do not fill out these mandatory fields, Legarithm will not be able to respond to your requests and provide you with the necessary services. Other information is optional and allows us to better process your request and improve the quality of services provided to you.

2.2. Transfer of Your Data to Third Parties

We do not transfer your personal data to third parties for direct marketing purposes.

Your data may be transferred to technical service providers chosen based on their experience and reliability, who act on our behalf and according to our instructions. These may include IT subcontractors, hosting providers, server suppliers, etc. We allow these providers to use your personal data only to the extent necessary for providing services on our behalf or for fulfilling legal requirements. We also enter into data protection agreements (DPAs) with our providers to ensure the security of your data.

In particular, we may transfer data to the following companies for marketing and analytical purposes: Google Inc. (USA), Individual Entrepreneur Sergey Skurukhin, operating under the trademark “Hostiq” (Ukraine), Facebook, Inc. (USA). For our clients from the EU, we have entered into agreements with these providers to ensure the proper level of personal data protection.

Legarithm may disclose your information to third parties only if required by law, government decree, or court decision, or if such disclosure is necessary for the protection of our rights.

2.3. Data Security

Legarithm is committed to protecting your personal data from potential destruction, alteration, unauthorized access, or disclosure. To achieve this, Legarithm takes appropriate technical and organizational measures, taking into account the nature of the data and the risks associated with their processing, to ensure the security and confidentiality of your personal data, including preventing its disclosure, damage, or access by unauthorized third parties. This includes restricting access to data only for Legarithm employees whose roles require processing such data, as well as contractual guarantees that we enter into with service providers in case of data transfer. Furthermore, we regularly conduct reviews and impact assessments regarding data confidentiality. We also continuously review our privacy policies and practices to ensure their compliance with the best data security standards.