Last updated: 12 August 2024
Your privacy is important to Smokeball, and we are committed to protecting your personal data. This Privacy Notice provides you with information about how we collect, use, disclose, and otherwise process personal data collected in connection with your use of our websites, mobile applications, software solutions and other Smokeball (including FamilyProperty) services (collectively, the “Services”).
In this Privacy Notice, unless otherwise specified:
'Personal data' means any information about an identified or identifiable person. In general, we collect and process the following types of personal data (although the specific types of data that we collect and process about you will depend on how you interact with us and our Services, as explained in section 3 below):
If you are an individual end user of our Services (for example, a sole practitioner, a barrister, or an employee or partner of a law firm that uses our Services), then we collect, store, and otherwise process information about you that you provide, upload to, input, or generate from your use of our Services. Depending on the Services you use, this may include information about your work emails, calendar, meetings and appointments, time recordings, invoices, memos, work-related documents, interactions with other colleagues and counterparties through our Services, and account passwords. We may also collect or infer certain information from your use of our Services, such as the particular Services you access, features you use, time of access, login attempts, duration of each usage session, where you access our Services from, and your Service settings, preferences, and usage habits.
If you are a client of one of our customers (for example, a client receiving legal services from a law firm that is using our Services), then we may collect, store, and otherwise process information about you and your legal matter, which our customers upload or import to, or generate from, our Services. This may include documents and e-mails exchanged between you and our customer, documents uploaded, imported, or generated by our customers in relation to your legal matter, invoices generated by our customer in relation to your legal matter and work they have performed for you, and your contact information. This data may include 'special category data' as described in section 2.4 below.
Our Services may also give customers the ability to grant limited access to certain parts of the Services (including data stored on those Services, such as Client Data) to third parties. This will allow those third parties to access certain Client Data that our customers choose to share through the Services. Some examples of how our customers may use this feature to share Client Data with third parties include:
We collect, share, and otherwise process Client Data as a data processor on behalf of our customers (i.e. law firms, barristers, and other legal professionals that use our Services). This means that in the vast majority of cases, the customer is the controller of this data and will determine how your Client Data is processed and who it is shared with. If you have any questions about our processing of Client Data, you should first speak with the law firm or legal professional that you are a client of, and that has provided us the Client Data for processing.
We only collect and process Client Data as required to provide our Services to our customers, or where required to comply with applicable law. We do not access or share Client Data stored on our servers except in the following circumstances:
'Special category data' means:
We do not proactively seek to collect or process special category data. However, we may store, share, and otherwise process sensitive category data to the extent that this data is Client Data, as described in section 2.2 above. We describe the purposes for which we process Client Data (including where this contains special category data) in sections 2.2 above and 4 below.
We also collect and process high-level statistical and/or demographical data about how our customers interact with our Services (for example, how customers of a certain size or type like to use our Services). This data relates only to our customers, and cannot be used to directly or indirectly identify a specific individual user of our Services. As such, this data is not considered personal data and may not be subject to the same safeguards as described in this Privacy Notice.
We use this aggregated data to better understand our customers, what features they use the most, to identify opportunities to improve our Services, and to determine what marketing content, guides, and publications will be of most value to our customers.
The ways in which we collect personal data, and the types of personal data that we collect each way, is set out in the table below.
We collect personal data you provide when you use our Services from one or more devices associated with you, or that you provide in any other way, including over the phone, by email, or on paper. The table below sets out some of the ways you may provide personal data to us, and the types of personal data we collect in these ways.
How you interact with us |
Types of personal data we collect |
Purchase or renew a subscription to our Services. |
Contact Data Transaction History Data Financing Data (where applicable) |
Register an account on our Services, use our Services, or upload or generate documents about clients and their legal matters using our Services. |
User Data Client Data
|
Contact our support centre representatives. |
Contact Data Support Data |
Communicate with us directly by e-mail, telephone, or social media, complete surveys, or provide reviews and testimonials about us and our Services.
|
Contact Data Employment Data Communications Data |
Sign-up to our blog or marketing communications, sign up for a Smokeball-sponsored event or webinar, or participate in our referral program. |
Contact Data Marketing Data |
We may collect personal data about you from third party sources, such as information that is publicly available on your social media profiles or third-party websites (such as your firm website), or where we receive personal data about you from a third party referrer participating in our referral program. The table below summarises some of the different third party sources we may use to collect your personal data, and the types of personal data we collect from these sources.
Source |
Types of personal data we collect |
Third party referrers. |
Contact Data Employment Data Public and Third Party Data |
Financiers where you are purchasing our Services under a financing arrangement.
|
Contact Data Transaction History Data Financing Data |
Social media profiles (e.g. LinkedIn) that are set to public, and public website profiles (including those created by your employer). |
Contact Data Employment Data Public and Third Party Data |
Analytics providers (e.g. Google Analytics). |
Technical Data Marketing Data Public and Third Party Data |
Advertising networks. |
Technical Data Marketing Data Public and Third Party Data |
Your employer (where you are an employee using the Services under your employer's subscription). |
Employment Data User Data |
Our customers (where you are a client of one of our customers). |
Client Data |
When you visit our websites or blogs, open or click on any links in our marketing communications, or use our Services, we may automatically collect information about your visit, including pages you access, links you click and actions you take through the use of essential and non-essential cookies, web beacons, pixel tags and other tracking technologies (collectively, “cookies”). We may also collect Technical Data from your device and web browser. If you are in the UK and would like more information about our use of cookies, please see our UK cookie policy at https://www.smokeball.co.uk/cookies.
We use and disclose the personal data that we collect only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time of collection. Depending on our purpose for collecting your personal data, we rely on one or more of the following legal bases:
The table below provides more detail on the purposes for which we may process your personal data, the types of personal data we process for that purpose, and the legal basis (or bases) upon which we rely to so process your personal data.
Purpose for processing personal data |
Types of personal data processed |
Legal Basis |
Implementing our services. If you have expressed interest in our Services, we may process your personal data to help you to subscribe to our Services, including setting up your subscription to the Services, implementing the Service in your workplace, configuring the Service to your use case, setting up individual user accounts, on-boarding users, providing user training, and uploading client data. |
· Contact Data · Employment Data · User Data · Client Data |
· Performance of a contract with you; and · Our legitimate interests in providing our Services to customers. |
Receiving payments and recording transactions with you. We process your personal data so that we can receive payment for our Services, manage auto-renewals or cancellations of your Service subscriptions, apply service credits or grant refunds, communicate with your financier (if applicable), keep a record of your transaction history, and send you transaction information such as transaction confirmation notices and invoices. We rely on third party payment processors to collect your payment information and to process payments for our Services. We may send your personal data to these third party payment processors as required for them to process your payments to us. We do not collect, store, or otherwise process any payment data, such as your credit card number or bank account details, ourselves. |
· Transaction History Data · Financing Data |
· Performance of a contract with you; · Compliance with our legal obligations (e.g. for the provision of tax invoices); and · Our legitimate interests in providing our Services to our customers and receiving payment for those Services. |
Recommend financing arrangements If you contact us about financing arrangements for our Services, then with your consent we may process your personal data to recommend you a suitable financier, and may provide your personal data to the financier as required for you to enter into a financing arrangement. We do not store any personal data about your financing arrangements ourselves, as this data is sent directly from us to the financier. |
· Contact Data · Employer Data · Financing Data
|
· Consent. |
Operating and administering our Services. We process your personal data as required to provide and administer the Services you subscribe to. This may include setting up and verifying user accounts, granting you access to our Services, storing data that you upload to or generate from our Services, delivering software updates and performing maintenance, monitoring that your service usage complies with the Terms of Service, applicable laws, and any other usage limits, and analysing how you use our Services. |
· Contact Data · Employment Data · Technical Data · User Data · Client Data |
· Performance of a contract with you; and · Our legitimate interests in providing our Services to customers and ensuring our Services are used in accordance with our Terms of Service. |
Providing third party services. Smokeball Services may interface with or be integrated with products or services supplied by third parties. If you use any of these third party services through the Smokeball service, then we may share your personal data with the third party service provider to the extent required to deliver those third party services to you. |
· Technical Data · User Data · Client Data |
· Performance of a contract with you; and · Our legitimate interests in providing our Services (including integrated third party services) to our customers. |
Sending service updates and administrative messages. We process your personal data to send you Service updates, notifications, and other non-marketing related administrative messages. These may include: service downtime alerts, usage limit alerts, suspension notices, termination notices, subscription renewal notifications, security alerts, availability of software updates, notification of scheduled and unscheduled maintenance, and other similar messages. |
· Contact Data · Technical Data · User Data |
· Our legitimate interests in communicating with our customers in relation to our Services. |
Providing support and training. If you contact our support centre, we may process your personal data to provide technical support and training in relation to our Services. In some cases, we may require remote access to your computer or device to diagnose a problem or provide a fix or workaround, in which case we may incidentally see certain personal data about you, your users, or your clients, which is visible on your screen. |
· Contact Data · Employment Data · Technical Data · Support Data · User Data · Client Data |
· Consent; · Performance of a contract; and · Our legitimate interests in supporting our customers in their use of our Services. |
Quality assurance and training We may review our communications with you, including in relation to support and training, for quality assurance and training purposes, and for related recordkeeping. |
· Contact Data · Technical Data · Support Data · Communications Data · We may also incidentally capture User Data and Client Data (e.g. in call recordings) |
· Our legitimate interests in operating and improving our services, and providing training to our personnel. |
Developing and improving our Services. We process personal data about how individual end users use our Services, including Technical Data and Support Data, to obtain feedback from customers, identify opportunities to improve our Services, identify trends in how our Services are used by certain customers, and to develop new features or Services. We may also use this data to determine how to better target any marketing content, guides, or other publications to our customer's needs. We may also use Communications Data (such as responses to surveys, reviews, feedback, ideas, and testimonials you provide) for this purpose. |
· Technical Data · Support Data · Communications Data |
· Consent (in the case of feedback, ideas, reviews, or testimonials you provide on our Services); and · Our legitimate interests in developing and improving our Services. |
Send marketing communications We may process your personal data to send you marketing communications about our Services, and to notify you of upcoming events, webinars, and promotions, that we think may be of interest to you. We also process your Transaction History Data, Communications Data, and Technical Data to assess if you are likely to be interested in particular products and services, and to determine who we send particular marketing communications to about particular Services or events. |
· Contact Data · Marketing Data · Public and Third Party Data · Transaction History Data · Communications Data · Technical Data |
· Consent (where strictly required by law to send marketing communications); and · Otherwise, our legitimate interests in marketing and promoting our Services. |
Responding to your communications. If you communicate with us by e-mail, telephone, by mail, at in-person events, conferences, and seminars, or through our social media channels, then we may process your personal data as required for us to respond to you. |
· Contact Data · Communications Data |
· Our legitimate interests in communicating with our customers and potential customers. |
Collecting and publishing testimonials We may from time to time ask our customers to provide reviews, testimonials, or feedback in relation to our Services. If you provide this information, then with your consent we may publish any feedback, reviews, or testimonials you provide, along with your Contact Data, on our website on in our marketing materials. |
· Contact Data · Communications Data |
· Consent; and · Our legitimate interests in promoting and marketing our business. |
Operating our referral program We process personal data so that we can operate our referral program, through which existing customers and third party referrers can refer prospective customers to us in exchange for payment or benefits. We may also process your Transaction History Data to verify when a referral has resulted in a new customer subscribing to our Services. |
· Contact Data · Public and Third Party Data · Transaction History Data |
· Consent (where strictly required by law to conduct marketing activities); and · Otherwise, our legitimate interests in promoting and marketing our business. |
Conduct market research. We process personal data that you provide to us (such as survey responses, feedback, reviews, ideas, suggestions, and testimonials) as well as information we collect about your use of our Services to identify market needs, trends, customer opportunities, and to help customise and tailor our Service offerings to particular customers. |
· Communications Data · Marketing Data · Technical Data · User Data |
· Consent (where strictly required by law to conduct marketing activities); and · Otherwise, our legitimate interests in better understanding our customers so that we can provide a more tailored experience. |
Personalise content and advertising. We may process your personal data to provide a more personalised experience on our website and services, for example, by only displaying local or otherwise targeted content and information (e.g. if you are a small law firm, we may tailor the content you receive to that which is more suitable for smaller firms). We may also process your personal data to determine what types of advertising you see on our website and services. |
· Contact Data · Employer Data · Technical Data · Marketing Data |
· Consent (where strictly required by law to conduct targeted advertising); and · Otherwise, our legitimate interests in providing a more tailored and localised experience for our customers. |
Measure the effectiveness of our advertising campaigns. We may also process personal data to measure the effectiveness of our marketing and advertising campaigns (for example, by analysing social media engagement metrics or tracking when our marketing communications are opened and any links are clicked through the use of cookies and other similar tracking technologies). |
· Technical Data · Marketing Data |
· Consent (where strictly required to deploy and use cookies); and · Otherwise, our legitimate interests in marketing and promoting our business. |
Manage our use of tracking technologies such as cookies. We process personal data to enable you to manage your cookie preferences, analyse collected data to improve our website and services, and to develop new Services. |
· Technical Data · Marketing Data |
· Consent (where strictly required by law to deploy and use cookies); and · Otherwise, for strictly necessary cookies, our legitimate interests to operate, provide and improve our Services. |
Compliance with legal and regulatory obligations. We process your personal data as required for us to comply with any legal and regulatory obligations to which we are subject (including tax related obligations and responding to requests under data protection law). This may include providing your information in response to a subpoena, or where we are compelled to do so by law enforcement. |
· Contact Data · Communications Data · User Data · Client Data · Transaction History Data |
· Compliance with our legal obligations. |
Protect and enforce our legal rights We may need to process your personal data to protect or enforce our legal rights, for example, to take legal action against you if you are in breach of our Terms of Use, or to defend or settle a claim made against you or in relation to your use of the services. |
· Contact Data · Communication Data · User Data |
· Our legitimate interests in protecting and enforcing our legal rights. |
We may share your personal data with the following categories of recipients:
Our information security risk management framework is aligned with ISO27001 employing multiple layers of reasonable security controls to protect our platforms.
A risk-based approach is utilised and industry-accepted controls from ISO and NIST are referred to ensure appropriate defence measures are implemented including:
Where you have an account with us that uses a unique password to enable you to access our Services, it is your responsibility to keep this password secure and confidential.
Where we transfer your personal data to other Smokeball Group members, or to other third parties as outlined in section 5 above, your data may be processed in countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).
Our servers and the Smokeball Group companies are located in the United Kingdom, the United States, and Australia. Our third party service providers and business partners operate in the United Kingdom, the United States, Australia, and Japan. This means that when we collect your personal data, it may be processed in any of these countries.
If we transfer your personal data from the UK to countries and territories outside of the UK, which have been formally recognised as providing an adequate level of protection for personal data, we rely on the relevant “adequacy decisions” from the European Commission (and equivalent decisions of the Secretary of State in the UK).
Where the country or territory is not subject to an adequacy decision or regulations (such as Australia), we have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Notice and applicable laws. For transfers of personal data from the UK to non-adequate countries, we will ensure the overseas recipient is bound by the International Data Transfer Agreement ("IDTA") issued by the UK Secretary of State under Section 119A of the Data Protection Act 2018, as approved and effective from 21 March 2022.
We may offer or use artificial intelligence (AI), including generative AI solutions, as part of our Services. Your personal data may be processed by AI as part of the Services from time to time, including where you elect to use a generative AI solution that we offer (such as an interactive assistant). Any use of AI as part of our Services will remain consistent with this policy, including the way we collect your personal data, how and where we use and disclose it, and the way we secure your personal data.
We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
In certain circumstances, we will need to keep your personal data for legal reasons after your subscription to our Services has ended. The specific retention periods depend on the nature of the personal data and why it is collected and processed and the nature of the legal requirement.
When we have no ongoing legitimate business need or legal reason to process your personal data, we will either delete or anonymise it. If this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
You have the following data protection rights. To exercise any of these rights, you should contact us using the contact details provided in section 14 below.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
You may ask to access any personal data that we hold about you at any time by contacting us using the details set out in section 14.
If you believe that any personal data that we hold about you is incorrect, incomplete or inaccurate, then you may ask that we correct that data. We will consider your request for correction, and if we do decide not to make the correction, then you can ask that we add a note to the personal data that we hold stating that you disagree with it.
We will try to provide you with suitable means of accessing the personal data (for example, by posting or emailing it to you), and may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the data to you. We will not charge you for simply making the request and will not charge for us making any corrections to your personal data.
There may be instances where we cannot grant you access to the personal data we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality or legal professional privilege. If that happens, we will provide you with written reasons for our decision.
If you believe that your privacy has been breached, please contact us using the details set out in section 14 and provide us with details of your concerns so that we can investigate the matter further. We will treat your complaint confidentially, and will try to investigate and resolve your complaint within a reasonable period of time.
You may also lodge a complaint with your local supervisory authority (in the UK, the Information Commissioner's Office; in Australia with the Office of Australian Information Commissioner, by calling 1300 363 992 or sending an email to enquiries@oaic.gov.au).
More information about your rights and our obligations in relation to privacy, and information on making a privacy complaint are your local supervisory authority (in the UK, the Information Commissioner's Office; in Australia the Office of the Australian Information Commissioner, which can be contacted at www.oaic.gov.au, or by post to GPO Box 5218 Sydney NSW 2001, or by email to enquiries@oaic.gov.au).
We may update this Privacy Notice from time to time in response to changing legal, regulatory, technical, or business developments. When we update our Privacy Notice, we will act appropriately to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if, and where, required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice.
If you have any questions or concerns about how we use of your personal data, how long we retain your personal data, or the steps we take to protect your personal data, please send us an email at infosec@smokeball.com.
If your environment does not meet the minimum system requirements, it is likely to impact your Smokeball experience.
Please consult your IT professional.
Any further questions, please call us on 1300 33 55 53.
© 2023 Smokeball Australia Pty Ltd (ABN 46 664 254 200). All Rights Reserved.
Terms of Service | Website Terms of Use | Privacy Policy | Sitemap | Contact us