Lexitize Logo
Lexitize
Back to Home

GDPR Compliance

Our commitment to data protection under GDPR

GDPR Compliance

GDPR Compliance

Lexitize's commitment to data protection under the General Data Protection Regulation (GDPR)

Last updated: January 31, 2025

1. Our Commitment to GDPR

Lexitize is committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines our GDPR compliance measures and your rights as a data subject.

We have implemented comprehensive data protection measures to ensure that your personal data is processed lawfully, fairly, and transparently.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Consent (Article 6(1)(a))

When you explicitly consent to the processing of your personal data for specific purposes, such as marketing communications or analytics cookies.

Contract Performance (Article 6(1)(b))

When processing is necessary for the performance of a contract to which you are a party, such as providing our AI contract analysis services.

Legitimate Interests (Article 6(1)(f))

When we have a legitimate interest in processing your data, such as improving our services, preventing fraud, or ensuring security.

Legal Obligation (Article 6(1)(c))

When processing is necessary for compliance with a legal obligation, such as tax reporting or regulatory requirements.

3. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that data.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed.

Right to Erasure (Article 17)

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose.

Right to Restrict Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

We will respond to your request within one month of receipt. In complex cases, we may extend this period by up to two additional months and will inform you of the extension and reasons.

5. Data Protection Measures

5.1 Technical Safeguards

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access controls
  • Network Security: Firewalls, intrusion detection, and regular security audits
  • Data Minimization: We only collect and process data that is necessary
  • Pseudonymization: Personal data is pseudonymized where possible

5.2 Organizational Safeguards

  • Data Protection Officer: We have appointed a qualified DPO
  • Staff Training: Regular GDPR and data protection training for all employees
  • Privacy by Design: Data protection considerations are integrated into all processes
  • Data Processing Agreements: All third-party processors are bound by strict DPAs
  • Regular Audits: Internal and external audits of our data protection practices

6. Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved contractual clauses for data transfers
  • Binding Corporate Rules: Internal rules for international data transfers
  • Certification Schemes: Participation in approved certification mechanisms

7. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Document all breaches and our response measures
  • Take immediate steps to contain and mitigate the breach

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Retained while your account is active and for 3 years after closure
  • Contract Analysis: Analysis results are retained for 1 year unless you choose to save them longer
  • Marketing Data: Retained until you withdraw consent or for 3 years of inactivity
  • Legal Obligations: Some data may be retained longer to comply with legal requirements

9. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR. The relevant supervisory authority depends on your location:

  • UK: Information Commissioner's Office (ICO)
  • Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI)
  • France: Commission Nationale de l'Informatique et des Libertés (CNIL)
  • Spain: Agencia Española de Protección de Datos (AEPD)
  • Other EU Countries: Your local data protection authority

Questions About GDPR Compliance?

For any GDPR-related inquiries or to exercise your rights, please contact us. We're here to help.

Contact UsView Privacy Policy
    Free AI Contract Review & Risk Analysis | Instant Insights