Privacy policy

Privacy Policy LAST UPDATED: 3 August 2023 This Privacy Policy (the “Policy”) was adopted by SEAMLESS LEGAL LIMITED, a private company limited by shares, incorporated and registered in the United Arab Emirates under the registration number 000009352 (the “Company” or “we”). This Policy is designed to provide a detailed description of our approaches to the collection and processing of personal data when you use our website seamless.legal (the “Website”) or any other website containing a reference to this Policy.
Our Website contains information about the Company’s activities, our team, practice areas, services as well as newsletters, guides, alerts and other materials in the world of law. When the Website is being used, we may collect and process certain personal data, and the Policy describes whose data we process, what data we process, for which purpose processing occurs, and other details of personal data processing and protection.
The Company acts in the capacity of personal data controller (as defined below) according to ADGM Data Protection Regulations 2021 and Federal Law No. 152-FZ dated 27 July 2006 “On Personal Data” (the “Law”) and other laws and regulations of the Russian Federation relating to personal data.
This Policy is governed and interpreted in accordance with Russian law. 1. Terms and definitions

Term	Definition
Automated personal data processing	Personal data processing with the use of computer equipment
Biometric personal data	Biometric personal data Information on physiological and biological features of an individual allowing to identify this individual and used by the personal data controller for the purpose of identification
Blocking of personal data	Any temporary termination of personal data processing (except for cases where processing is required to clarify personal data)
Cross-border transfer of personal data	The transfer of personal data to the territory of a foreign state, to the state authorities of such foreign state, to a foreign individual or foreign legal entity
Depersonalisation of personal data	Actions resulting in the impossibility to identify a particular individual to whom personal data relates without the use of additional information
Destruction of personal data	Actions resulting in the impossibility to recover personal data in information systems and/or actions resulting in the destruction of tangible media containing personal data
Information system of personal data	Personal data contained in the databases of personal data along with information technologies and technical means used to process personal data
Non-automated personal data processing	Non-automated personal data processing Any action with personal data, provided that the use, specifications, dissemination and destruction of personal data is carried out with the direct participation of an individual
Personal data	Any information relating to a directly or indirectly identified or identifiable individual (the personal data subject)
Personal data authorised by the data subject for dissemination	Personal data which the personal data subject makes accessible to the public by granting consent to the processing of personal data authorised by the data subject for dissemination
Personal data controller	A legal entity, separately or jointly with other entities, arranging and/or carrying out personal data processing, as well as determining the purposes of personal data processing, the scope of personal data to be processed, actions or operations performed on personal data
Personal data processing	Personal data processing Any action or operation, or set of actions or operations performed with personal data with the use of automated means or without such means, including collection, recording, systematisation, accumulation, storage, clarification (update, modification), retrieval, use, transfer (dissemination, provision, access to), depersonalisation, blocking, deletion or destruction of personal data
Special categories of personal data	Data relating to race, nationality, political views, religious or philosophic beliefs, health data and intimate life

2. Principles of personal data processing through the Website Personal data is processed on the basis of the principles of legitimacy, fairness and transparency.
Legitimacy of personal data processing means the processing of personal data in strict compliance with the applicable legislation, including the Law.
Fairness of personal data processing means the processing of personal data with due account of rights and legitimate interests of data subjects, as well as keeping a balance between the rights and legitimate interests of the Company and individuals.
Transparency of personal data processing means the availability to individuals of information on principles, on the purposes and means of personal data processing, on adopted measures of personal data protection and on the availability of such information for data subjects upon request.
We keep your personal data confidential and do not disclose it to any third party, unless we have your consent or another legal ground for that.
The Company ensures the confidentiality of personal data, inter alia, by implementing legal, organisational and technical measures of personal data protection from unauthorised or unlawful access, destruction, alteration, restriction, copying, transfer, dissemination and other unlawful actions in respect of personal data.
Personal data processing is carried out for specific and predetermined purposes. Personal data will not be kept after the processing purposes have been achieved, except for cases prescribed by the legislation.
Personal data processing provides for the accuracy, completeness and up-to-dateness of personal data as well as their consistency with the processing purposes.
When making any decisions affecting the interests of individuals, we do not base these decisions on automated personal data processing, unless we receive consent for this.
We do not process your biometric personal data and special categories of personal data. 3. Categories of personal data subjects Through the Website, we collect and process personal data of the following data subjects: • Visitors of the Website, i.e. individuals who access our Website; • Applicants, i.e. individuals who have submitted a request addressed to us via the request form or email. This could include requests for a fee proposal when you would like to receive our legal services; • Subscribers, i.e. individuals who have agreed to receive our newsletters, alerts, invitations to events and other materials; and • Participants of events, i.e. individuals who have registered for events we organise (e.g. webinars, conferences). 4. Processing purposes, personal data we process and legal grounds for processing 4.1. Visitors of the Website Purpose: managing and improving the Website. We process the following personal data of visitors of the Website: • IP-address; • Information about your device, OS and browser; • Pages of the Website you visited; • Day and time of your visit of the Website; • Information collected through cookie files. Please note that we do not use the above data to determine your identity, such as name. We rely on our legitimate interest to process this personal data. We believe that the Company, as the operator of the Website, has a legitimate interest to control the use of the Website and that your rights are not violated by this personal data processing. Personal data is processed with the use of automated means. We process and store personal data for the length of time set for particular cookie files in our Cookie Policy. Upon expiry of the processing term, personal data is automatically deleted from our systems. 4.2. Applicants Purpose: responding to requests that applicants have sent through the Website. Our response will depend on the content of your request. For instance, if you would like to receive our services, we will contact you to provide our quotes and further course of action. In case of registration to our events, we will include you in the list of participants. We process the following personal data of applicants: • Full name; • Contact details; • Any other information indicated in the request (this could be your employer’s details, your job position, the content of the request, etc.). We process applicants’ personal data on the basis of consent, which you give us when submitting your request. Personal data is processed with or without the use of automated means. We process and store personal data up until the expiry of 30 days from the date when the processing purpose is achieved (i.e. we respond to your request) or when you withdraw your consent, unless your data continues to be processed in another capacity (e.g. you become our client, subscriber, etc.). Please note that, in certain cases, we may continue to process your data after you withdraw your consent, where such processing is necessary for us to perform our obligations under applicable law or where such processing is required to exercise the rights and legitimate interests of the Company. Upon expiry of the processing term, personal data is deleted from our systems. 4.3. Subscribers Purpose: sending you newsletters, alerts and other materials. We process the following personal data of subscribers: • Full name; • E-mail address; • Job position; • Employer’s details; • Preferences (i.e. specific areas of law or industry sectors you would like to receive materials about). We process this personal data on the basis of your consent. You may withdraw your consent at any time, and we will provide an opt-out option in any material we send you. Personal data is processed with or without the use of automated means. We process and store personal data up until the expiry of 30 days from the date when you withdraw your consent. Please note that, in certain cases, we may continue to process your data after you withdraw your consent, where such processing is necessary for us to perform our obligations under applicable law or where such processing is required to exercise the rights and legitimate interests of the Company. Upon expiry of the processing term, personal data is deleted from our systems. 4.4. Participants of events Purpose: ensuring your participation in an event, collecting details of your participation in this event and sending you event materials. We process the following personal data of participants of events: • Full name; • E-mail address; • Job position; • Employer’s details; • Source of registration; • Time spent attending the event; • Answers to polls, follow-ups and other questions associated with the event. Purpose: CRM system management. We process the following personal data of participants of events: • Full name; • E-mail address; • Job position; • Employer’s details. We process this personal data for above purposes on the basis of your consent. You may withdraw your consent at any time. Personal data is processed with or without the use of automated means. We use a third-party service provider to help us organise our events, and it may also process your personal data. Details of this service provider are disclosed in the consent you give to us. We process and store personal data upon achieving the purpose of data processing or, if you withdraw your consent earlier, up until the expiry of 30 days from the date when you withdraw your consent, unless your data continues to be processed in another capacity (e.g. you become our client, subscriber, etc.). Please note that, in certain cases, we may continue to process your data after you withdraw your consent, where such processing is necessary for us to perform our obligations under applicable law or where such processing is required to exercise the rights and legitimate interests of the Company. Upon expiry of the processing term, personal data is deleted from our systems. 5. How we process your personal data We carry out automated and non-automated personal data processing (mixed processing). When processing your personal data, we perform the following actions or operations on such personal data: collection, recording, systematisation, accumulation, storage, clarification (update, modification), retrieval, use, transfer (provision, access), depersonalisation, blocking, deletion or destruction of personal data. As a general rule, we will not disseminate the personal data discussed in this Policy. If we need to carry out dissemination, we will ask for your specific consent for this. Upon collection of your personal data, we comply with the localisation rules prescribed by the Law, which means that we ensure that the recording, systematisation, accumulation, storage, clarification (update, modification) and retrieval of your personal data are performed with the use of databases located in Russia. 6. Use of cookie files To improve the functioning of the Website, we may use cookies files. We understand that, to a certain extent, cookies could be treated as personal data. Thus, to provide full information regarding our use of cookie files, we have adopted a separate policy, which can be found here . 7. Third parties (processors) involved by the Company Any company needs to involve some third parties for technical and other issues in order to support its business as well as to use its IT infrastructures. Such process may involve instructing such third parties to process your personal data on behalf of the Company. When we engage such third parties, we ensure that these third parties keep your personal data confidential and implement the necessary and appropriate organisational, legal and technical measures to protect your personal data. Third parties that we involve process your personal data solely for the purposes indicated in this Policy. If you would like to receive more information about third parties involved in processing of your personal data, please send the relevant request to us. 8. Transfer of personal data We may transfer your personal data in the following cases: • To comply with applicable laws, court rulings and requests from any state and municipal authorities. • In connection with any ongoing investigation by law-enforcement authorities. • For the purposes of investigating or assisting in preventing any violations of applicable laws and this Policy. • To protect rights and property, and to maintain the safety of the Company and its employees, Website users or other persons, as well as in other cases covered by applicable laws. As a general rule, we do not perform cross-border transfer of personal data, unless it is necessary for the purpose of processing your personal data. For instance, if you would like us to instruct colleagues in other countries to provide you with services. If you would like to receive more information about transferring your personal data, please send the relevant request to us. 9. Measures of data protection We treat confidentiality and security of your personal data as our key principles of personal data processing. We have implemented adequate technical, legal and organisational measures in respect of your personal data, in particular: • We have appointed a person responsible for arranging personal data processing. • Regulations and policies in respect of personal data processing have been adopted. • We enter into agreements with entities involved in personal data processing on behalf of the Company, where they are required to ensure the confidentiality and security of personal data. • We evaluate harm that may be caused to individuals in case of data breach, assess such harm and take measures aimed at ensuring personal data is secure. • We keep our employees trained regarding personal data regulations and best practices in handling personal data. • We control access to personal data by our employees on a need-to-know basis. • We prevent uncontrolled access to the premises where the information system that processes your personal data is located. • We protect information with the help of special data protection means. • We have installed anti-virus programmes for personal data protection. • We have implemented procedures of duplicating and restoring personal data as well as of regular backups of personal data. • We prevent attempted unauthorised access to the information system of personal data. • We store tangible media containing personal data in fireproof metal cabinets or safes pursuant to the current Russian laws. We undertake to take any other necessary legal, organisational and technical measures to protect personal data from unlawful or accidental access, destruction, modification, blocking, copying, transfer, dissemination, as well as any other unlawful actions in respect of personal data, in particular, measures covered by the Law. 10. Your rights You have the following rights in respect of personal data processing performed by us: • To withdraw your consent to the processing of your personal data. • To require the clarification, blocking and/or destruction of incomplete, inaccurate, outdated, unlawfully obtained or unnecessary personal data. • To access to your personal data. • To object against our personal data being processed, including by filing a complaint with the data protection authority or a claim with the competent court. 11. Amendments to this Policy We reserve the right to make amendments to this Policy. We will publish the amended Policy on the Website, so you can always get acquainted with the up-to-date version. 12. Contact us If you would like to exercise your rights (e.g. withdraw your consent), receive certain information from us or have any other questions related to this Policy or our personal data processing, you may send us a request: • By email: [email protected]; and/or • By regular post: SEAMLESS LEGAL LIMITED, Unit No. 12, 6th Floor, Al Khatem Tower, ADGM Square, Al Maryah Island, Abu Dhabi, United Arab Emirates