Acuity ELM Privacy Policy

Who we are / the services we provide: Acuity Management Solutions | Acuity ELM provides enterprise legal management software and services through secure, private web-based networks (“our services” or “our networks”) to subscriber businesses and the outside law firms | legal vendors who support them (“our customers” or “customers”). In addition, through our public website (www.acuityelm.com ), we provide information about Acuity and describe the general services we can offer to prospective customers and those who otherwise visit our public website (“prospective customers”).

What our privacy policy covers: This privacy policy covers our customers’ use of our services through our private secure networks, our prospective customers’ interactions with our public website (www.acuityelm.com ), and other interactions you have with us. Our privacy policy identifies the types of information we collect, both from customers through our private networks and from prospective customers through our public website. Our policy describes how we use this data, how we secure and protect it, and the limited instances in which we disclose it. Our policy identifies your rights to your data and the persons to contact if you have questions about our policy and /or your data.

Our public website, services, and networks may, from time to time, contain links to other websites. Acuity is not responsible for the privacy practices or the content of other websites. Acuity makes no representations or warranties regarding the accuracy, suitability or any other aspect of such websites. You should check the policy statement of these other websites to understand their policies.

Acuity’s services, networks, and public website are not intended for persons under 18 years of age. Acuity does not knowingly collect or retain personally identifiable information about such persons.

This privacy policy does not generally cover individuals whose personal information forms part of the content uploaded or submitted by our customers. See Customer Provided CBI info below.

The types of information we collect from customers of our private networks: The information we collect from customers who use our services includes:

  1. Customer-Provided Confidential Business Information: In using our services and networks to analyze and manage legal spend and legal matters, our customers upload or submit legal matter data, vendor invoices, billing statements, and other information. Legal bills often contain confidential and private information related to our customers’ legal matters, personal and business information about our customers’ legal vendors and employees including, without limitation, vendor / law firm names, addresses, phone numbers, individual attorney and legal professional names, titles, billing rates, dates of service, hours worked, and descriptions of work. See below for our policy specific to disclosure of “Customer-supplied Confidential Business Information.
  2. User-Provided Information: In order to set up an account, customers typically provide some personal information, including a first name, last name, phone number, and email address, which may be considered “personally identifiable information” (information that would directly identify a person). You may also provide other personally identifiable information to Acuity when you send an email to us or at other times when you use or access our services.
  3. Automatically Collected Information: When you use or access our services or networks, Acuity may automatically record certain information related to your use of the services, such as an IP address, information about your computer and software, links, images, or other materials you request, information that may enable Acuity to approximate your location, the pages or screens you access when using our services, the dates and times you access our services, and other information about how you use our services. This information is collected through the use of different types of technologies, such as standard log files, cookies, and web beacons (sometimes called “clear GIFs”).
  • Cookies: One form of “automatically collected” information we may record is information stored by “cookies” – small text files containing characters. When you access our system, Acuity may send one or more cookies to your computer. By sending you cookies with values that are unique, Acuity may be able to uniquely identify your web browser or device when you access our services. You may review the “Help” file for your computer or web browser to learn the proper way to modify your cookie settings.
  • Web Beacons: Web beacons, which are sometimes referred to as “clear gifs,” are a way of referring to web links that your browser, device, or email program requests when loading a web page, HTML email, or similar web-connected content. When this request is made, the entity which controls the requested link (which would be Acuity for links back to our networks) can determine if you opened an email containing a web beacon or otherwise viewed particular content.

The types of information we collect from potential customers on our public website: The information we collect from potential customers when you visit our public website may include:

User-Provided Information: Acuity may ask potential customers to provide information, including a first name, last name, phone number, and/ or email address, which may be considered personally identifiable information. You may also provide other personally identifiable information to Acuity when you send an email to us or at other times when you use or access our public website. Acuity collects personally identifiable and corporate information only when provided by a potential customer.

Automatically Collected Information such as IP addresses, cookies or web beacons: (see description above).

How we use the data we collect: Acuity may use the data we collect to:

  • Give our customers full access to our services and provide confirmations, technical notices, updates, security alerts, support, and administrative messages
  • Further develop, operate, support and enhance our services and networks
  • Contact customers for feedback about our services and networks
  • Provide anonymous reporting for external and internal purposes
  • Detect, investigate and prevent fraud and other illegal activities and protect the rights of our customers and Acuity
  • Contact customers and potential customers for marketing and promotional purposes.

While our customers and potential customers can opt out of receiving certain marketing and promotional materials, Acuity reserves the right to continue to send customers certain essential communications related to our services and networks, such as service announcements and administrative communications.

Do we share the information we collect with third parties? Acuity does not sell, distribute, or disclose personally identifiable information, confidential business information, or any other private information we collect from customers or potential customers to outside third parties, except as identified below:

  • Acuity may disclose such information only if we believe that doing so is required by law to protect our interests or to protect the interests of our customers, such as to comply with a subpoena or applicable court order, or otherwise to protect the safety and security of our services.
  • Acuity may disclose or share derived or analytical data which cannot be reverse engineered to identify any particular customer or person.
  • To the extent Acuity uses third party vendors to assist us in the performance of our internal business functions, such as performing audits, maintenance, security, data analysis, or data hosting, Acuity will only share such limited information about our customers and potential customers on a need to know basis for the sole purpose of providing necessary support services. And Acuity shares such information only after vetting and approving such vendors and after securing strict nonuse and nondisclosure agreements.
  • With your consent or at your direction.

Acuity may provide your information to third parties for their use in helping us perform our internal business functions–things like performing maintenance, security, data analysis, email transmissions, or data hosting on our behalf–and in helping us better understand how you and other users use our Service. For example, Acuity may use a service called Google Analytics by permitting Google to use technologies such as web beacons and cookies to collect certain non-personally identifiable information that helps us understand your usage of our services.

Business Transfers: Acuity may disclose and otherwise transfer your personal information to an acquirer, or to a successor or assignee, as part of any merger, acquisition, debt financing, sale of all or a portion of our assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership, in which your personal information is transferred to one or more third parties as one of our business assets.

Disclosure of Submitted Business Information

At no point do we share or disclose Customer-supplied Confidential Business Information with any third party except for the following trusted third parties who assist us in operating our service:

  • Information and files emailed to us may be received via Cloud Office at Rackspace hosted email service;
  • Raw Data and Analytic results are processed via Birst Analytics;
  • Usage Data including URLs of pages visited and page response times are processed via DataDog monitoring service;
  • Confidential Business Information should not be submitted through our customer service chat, but in the event that it is, that service is provided by Zendesk

Other than the above exceptions, at no point is Customer-supplied Confidential Business Information disclosed to any third party not employed directly by Acuity or contracted directly by Acuity, all of whom are subject to strict non-use and non-disclosure obligations.

Customer-Provided Confidential Business Information – The contents of our private networks reflect confidential business information contributed by and for our customers. Acuity may have no direct relationship with the customer’s employees or other individuals identified in information posted by customers to our services or networks.  If you are such an employee or individual and are seeking access to, or would like to correct, amend or delete such information, you should direct your query to the applicable customer. We will respond within a reasonable timeframe to a customer’s request to remove this information.

We will only use Customer-Provided Confidential Business Information for legitimate business interests: for the purpose of providing and supporting the services for the applicable customer. Customer-Provided CBI will be retained for as long as needed for that purpose and as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

Your Rights

Where permitted in accordance with our legitimate interests or with your prior consent where required by law, we may use your personal information for marketing and provide you with promotional communications by email about our services.

You can object to further marketing at any time by selecting the “unsubscribe” link at the end of all our marketing and promotional electronic communications to you, or by contacting us at 804-512-1763.

Acuity ELM is based in the United States. If you use our services, our networks or access our public website from other regions of the world, you understand that any information you provide will be subject to processing, transfer, and storage in the U.S. for the uses identified above in accordance with this privacy policy. EU individuals have rights to their personal data which is processed by Acuity. If you are an EU data subject, you may, by emailing us at support@acuityelm.com:

  • Request access to the personal data concerned.
  • Request that any incorrect personal data about you that we are processing be rectified.
  • Request that we erase the personal data concerned.
  • Withdraw your consent at any time where we are processing personal data relating to you based on your prior consent to that processing, after which we shall stop the processing concerned.