city
👋 Hello! It looks like you're visiting from the US. Do you want to visit our American site?
👋 Hello! It looks like you're visiting from the UK. Do you want to visit our UK site?
👋 Hello! It looks like you're visiting from Australia. Do you want to visit our Australian site?
×

Privacy Policy

Last updated: August 2, 2024

Table of Contents

  1. Definitions and Interpretation
  2. Your Privacy
  3. What Data Does Smokeball Collect?
  4. How We Collect Your Personal Data
  5. How Do We Use and Disclose Your Personal Information?
  6. Who Do We Share Your Personal Data With?
  7. How Do We Keep Your Personal Data Secure?
  8. International Data Transfers
  9. Data Retention
  10. Data Subject Rights
  11. How to Access and Correct Your Personal Data
  12. How to Make a Complaint
  13. Updates to This Privacy Policy
  14. How to Contact Us

1. Definitions and Interpretation 

Personal Data means any information about an identified or identifiable person. In general, we collect and process the following types of personal data (although the specific types of data that we collect and process about you will depend on how you interact with us and our Services, as explained below):

  1. Client is a client of one of our customers (for example, a client receiving legal services from a law firm that is using our Services).
  2. Client Data is information a Client may upload to or generate from our services. This may include documents and e-mails exchanged between Smokeball customers and their clients, documents uploaded, imported, or generated by our customers in relation to a legal matter, invoices generated by our customers in relation to a legal matter and work they have performed for their clients, and the client’s contact information.
  3. Communications Data is information you provide to us when you communicate with us by e-mail, telephone, at in-person events, conferences, and seminars, by mail, through our social media channels, when you respond to surveys, when you provide us with feedback or ideas for our Services, and when you leave reviews or testimonials about us or our Services.
  4. Contact Data is your first name, last name, email address, phone number(s), billing address, and business address.
  5. Employment Data is your job title, employment status, employer, and professional qualifications held.
  6. Financing Data is the identity and details of your financier or bank, and details of any financing or credit arrangements you have entered into in relation to the payment of our fees.
  7. Marketing Data is your preferences for receiving marketing from us and the Smokeball Group, marketing lists you are part of, topics you are interested in receiving marketing communications about, and your communication preferences.
  8. Public and Third-party Data is information you make publicly available from third-party websites (e.g., your firm's, Avvo, or chamber's websites), or which is provided to us by third-party (e.g., referrers).
  9. Technical Data is information about the device type you used to access our Service (e.g., mobile or desktop), your device’s operating system (e.g. iOS, Windows, or Android), application software, browser type and settings (e.g. language, time zone, location), Internet Protocol (IP) address, MAC address, and access times.
  10. Transaction History Data is information about any payments you have made to us, refunds we have paid to you, credits, adjustments, or discounts that you are entitled to or that we have applied, details of any Services you have purchased from us, and your Service renewals and cancellations.
  11. Support Data is information you provide to us when you make a request for support in relation to our Services, and information we can see from your screen or account if we need to provide remote support using a “share-screen” feature, or if we need to access your account remotely. We will only use this information for providing support in relation to our Services.
  12. User or Customer is an individual end user of our Services (for example, a sole practitioner, or an employee or partner of a law firm that uses our Services).
  13. User Data or Customer Data is information provided, uploaded, input, or generated from a User of our Services.

2. Your Privacy

Your privacy is important to Smokeball, and we are committed to protecting your personal data. This Privacy Policy provides you with information about how we collect, use, disclose, and otherwise process personal data collected in connection with your use of our websites, mobile applications, software solutions and other Smokeball services (collectively, the “Services”).

In this Privacy Policy, unless otherwise specified:

  • Smokeball”, “we”, “our”, “us”, and any similar terms refers to:
    • if you are accessing or using Smokeball Services in the United States; and
    • if you are accessing or using Smokeball’s Services, or accessing Smokeball’s U.S. websites,
  • the “Smokeball Group” refers to Smokeball UK Limited, Smokeball Australia Pty Ltd, and Smokeball Inc, as well as any of their parent or subsidiary companies (or companies controlled by the same parent) from time to time.

3. What data does Smokeball collect?

3.1 User Data

We may collect, store, and otherwise process information about you that you provide, upload, input, or generate from your use of our Services. Depending on the Services you use, this may include information about your work emails, calendar, meetings and appointments, time recordings, invoices, memos, work-related documents, interactions with other colleagues and counterparties through our Services, and account passwords. We may also collect or infer certain information from your use of our Services, such as the particular Services you access, features you use, time of access, login attempts, duration of each usage session, where you access our Services from, and your Service settings, preferences, and usage habits.

3.2 Client Data

If you are a client of one of our customers (for example, a client receiving legal services from a law firm that is using our Services), then we may collect, store, and otherwise process information about you and your legal matter, which our customers upload or import to, or generate from, our Services. This data may include sensitive category data as described in section 3.3 below.Our Services may also give customers the ability to grant limited access to certain parts of the Services (including data stored on those Services, such as Client Data) to third parties. This will allow those third parties to access certain Client Data that our customers choose to share through the Services. Some examples of how our customers may use this feature to share Client Data with third parties include:

  1. a customer may set up a virtual data room through our Service as part of a corporate acquisition, to share certain Client Data with the purchasing party and their professional advisors for the purposes of conducting due diligence;
  2. a customer may create a shared space to share Client Data relating to legal proceedings with an external attorney; or
  3. a customer may create a shared space to enable sharing of Client Data with relevant third parties in the context of a conveyancing transaction.
  4. We collect, share, and otherwise process Client Data as a data processor on behalf of our customers (i.e. law firms, attorneys, and other legal professionals that use our Services). This means that in the vast majority of cases, the customer is the controller of this data and will determine how your Client Data is processed and who it is shared with. If you have any questions about our processing of Client Data, you should first speak with the law firm or legal professional that you are a client of, and that has provided us the Client Data for processing.

We only collect and process Client Data as required to provide our Services to our customers, or where required to comply with applicable law. We do not access or share Client Data stored on our servers except in the following circumstances:

  1. where Client Data may be made temporarily visible to us when providing technical support or training to our customers, or when we are responding to a customer's questions;
  2. where we are required or compelled by law (including by court order or subpoena) or at the direction of a government or law enforcement authority to share Client Data with another party (and in such cases, we may act as the controller of the data); or
  3. where our customer has authorized the Client Data to be shared with a third-party.

3.3 Sensitive Category Data

Sensitive category data means:

  1. data about your racial or ethnic origin, political opinions, sexual practices or orientation, religious or philosophical beliefs, trade union membership, criminal history, or physical or mental health;
  2. your genetic or biometric data; and
  3. any other specific categories of data that are subject to more onerous requirements under applicable data protection laws from time to time.
  4. We do not proactively seek to collect or process sensitive category data. However, we may store, share, and otherwise process sensitive category data to the extent that this data is Client Data, as described in section 3.2 above. We describe the purposes for which we process Client Data (including where this contains sensitive category data) in sections 3.2 above.

3.4 Aggregated Data

We also collect and process high-level statistical and/or demographical data about how our customers interact with our Services (for example, how customers of a certain size or type like to use our Services). This data relates only to our customers, and cannot be used to directly or indirectly identify a specific individual user of our Services. As such, this data is not considered personal data and may not be subject to the same safeguards as described in this Privacy Policy.We use this aggregated data to better understand our customers, what features they use the most, to identify opportunities to improve our Services, and to determine what marketing content, guides, and publications will be of most value to our customers.

4. How We Collect Your Personal Data

The ways in which we collect personal data, and the types of personal data that we collect each way, is set out in the table below.

4.1 Information You Provide to Us

We collect personal data you provide when you use our Services from one or more devices associated with you, or that you provide in any other way, including over the phone, by email, or on paper. The table below sets out some of the ways you may provide personal data to us, and the types of personal data we collect in these ways.

How you interact with us

Types of personal data we collect

Purchase or renew a subscription to our Services.

Contact Data

Transaction History Data

Financing Data (where applicable)

Register an account on our Services, use our Services, or upload or generate documents about clients and their legal matters using our Services.

User Data

Client Data

Contact our support center representatives.

Contact Data

Support Data

Communicate with us directly by e-mail, telephone, or social media, complete surveys, or provide reviews and testimonials about us and our Services.

Contact Data

Employment Data

Communications Data

Sign-up to our blog or marketing communications, sign up for a Smokeball-sponsored event or webinar, or participate in our referral program.

Contact Data

Marketing Data

4.2 Information We Receive from Other Sources

We may collect personal data about you from third-party sources, such as information that is publicly available on your social media profiles or third-party websites (such as your firm website), or where we receive personal data about you from a third-party referrer participating in our referral program. The table below summarizes some of the different third-party sources we may use to collect your personal data, and the types of personal data we collect from these sources.

Source

Types of personal data we collect

Third-party referrers.

Contact Data

Employment Data

Public and Third-party Data

Financiers where you are purchasing our Services under a financing arrangement.

Contact Data

Transaction History Data

Financing Data

Social media profiles (e.g., LinkedIn) that are set to public, and public website profiles (including those created by your employer).

Contact Data

Employment Data

Public and Third-party Data

Analytics providers (e.g., Google Analytics).

Technical Data

Marketing Data

Public and Third-party Data

Advertising networks.

Technical Data

Marketing Data

Public and Third-party Data

Your employer (where you are an employee using the Services under your employer's subscription).

Employment Data

User Data

Our customers (where you are a client of one of our customers).

Client Data

4.3 Information That We Automatically Collect

When you visit our websites or blogs, open or click on any links in our marketing communications, or use our Services, we may automatically collect information about your visit, including pages you access, links you click and actions you take through the use of essential and non-essential cookies, web beacons, pixel tags and other tracking technologies (collectively, “cookies”). We may also collect Technical Data from your device and web browser. If you are in the UK and would like more information about our use of cookies, please see our UK cookie policy at https://www.smokeball.co.uk/cookies.

5. How Do We Use and Disclose Your Personal Data?

We use and disclose the personal data that we collect only for the purposes described in this Privacy Policy or for purposes that we explain to you at the time of collection. Depending on our purpose for collecting your personal data, we rely on one or more of the following legal bases:

  • Performance of a contract: we require certain personal data in order to provide the Services you purchase or request from us, and which we have agreed to provide, under a contract.
  • Consent: in certain circumstances, we may ask for your consent (separately from any contract between us) before we collect, use, or disclose your personal data, in which case you can voluntarily choose to give or deny your consent without any negative consequences to you. 
  • Compliance with our legal obligations: there may be instances where we must collect, store, process, or disclose your personal data to comply with our legal obligations.
  • Legitimate interests: we may use or disclose your personal data for our legitimate business interests. Where we need to process your data to pursue our legitimate interests, it will be in a way which is reasonable for you to expect as part of the running of our business and which does not materially affect your rights and freedoms.

The table below provides more detail on the purposes for which we may process your personal data, the types of personal data we process for that purpose, and the legal basis (or bases) upon which we rely to so process your personal data.

Purpose for processing personal data Types of personal data processed Legal Basis
Implementing our services: If you have expressed interest in our Services, we may process your personal data to help you to subscribe to our Services, including setting up your subscription to the Services, implementing the Service in your workplace, configuring the Service to your use case, setting up individual user accounts, on-boarding users, providing user training, and uploading client data.
  • Contact Data
  • Employment Data
  • User Data
  • Client Data
  • Performance of a contract with you; and
  • Our legitimate interests in providing our Services to customers.
Receiving payments and recording transactions with you: We process your personal data so that we can receive payment for our Services, manage auto-renewals or cancellations of your Service subscriptions, apply service credits or grant refunds, communicate with your financier (if applicable), keep a record of your transaction history, and send you transaction information such as transaction confirmation notices and invoices. We rely on third-party payment processors to collect your payment information and to process payments for our Services. We may send your personal data to these third-party payment processors as required for them to process your payments to us. We do not collect, store, or otherwise process any payment data, such as your credit card number or bank account details, ourselves.
  • Transaction History Data
  • Financing Data
  • Performance of a contract with you;
  • Compliance with our legal obligations (e.g., for the provision of tax invoices); and
  • Our legitimate interests in providing our Services to our customers and receiving payment for those Services.
Recommend financing arrangements: If you contact us about financing arrangements for our Services, then with your consent we may process your personal data to recommend you a suitable financier or bank, and may provide your personal data to the financier as required for you to enter into a financing arrangement. We do not store any personal data about your financing arrangements ourselves, as this data is sent directly from us to the financier.
  • Contact Data
  • Employer Data
  • Financing Data
  • Consent.
Operating and administering our Services: We process your personal data as required to provide and administer the Services you subscribe to. This may include setting up and verifying user accounts, granting you access to our Services, storing data that you upload to or generate from our Services, delivering software updates and performing maintenance, monitoring that your service usage complies with the Terms of Service, applicable laws, and any other usage limits, and analysing how you use our Services.
  • Contact Data
  • Employment Data
  • Technical Data
  • User Data
  • Client Data
  • Performance of a contract with you; and
  • Our legitimate interests in providing our Services to customers and ensuring our Services are used in accordance with our Terms of Service.
Providing third-party services: Smokeball Services may interface with or be integrated with products or services supplied by third parties. If you use any of these third-party services through the Smokeball service, then we may share your personal data with the third-party service provider to the extent required to deliver those third-party services to you.
  • Technical Data
  • User Data
  • Client Data
  • Performance of a contract with you; and
  • Our legitimate interests in providing our Services (including integrated third-party services) to our customers.
Sending service updates and administrative messages: We process your personal data to send you Service updates, notifications, and other non-marketing related administrative messages. These may include: service downtime alerts, usage limit alerts, suspension notices, termination notices, subscription renewal notifications, security alerts, availability of software updates, notification of scheduled and unscheduled maintenance, and other similar messages.
  • Contact Data
  • Technical Data
  • User Data
  • Our legitimate interests in communicating with our customers in relation to our Services.
Providing support and training: If you contact our support centre, we may process your personal data to provide technical support and training in relation to our Services. In some cases, we may require remote access to your computer or device to diagnose a problem or provide a fix or workaround, in which case we may incidentally see certain personal data about you, your users, or your clients, which is visible on your screen.
  • Contact Data
  • Employment Data
  • Technical Data
  • Support Data
  • User Data
  • Client Data
  • Consent;
  • Performance of a contract; and
  • Our legitimate interests in supporting our customers in their use of our Services.
Quality assurance and training: We may review our communications with you, including in relation to support and training, for quality assurance and training purposes, and for related recordkeeping.
  • Contact Data
  • Technical Data
  • Support Data
  • Communications Data
  • We may also incidentally capture User Data and Client Data (e.g., in call recordings)
  • Our legitimate interests in operating and improving our services, and providing training to our personnel.
Developing and improving our Services: We process personal data about how individual end users use our Services, including Technical Data and Support Data, to obtain feedback from customers, identify opportunities to improve our Services, identify trends in how our Services are used by certain customers, and to develop new features or Services. We may also use this data to determine how to better target any marketing content, guides, or other publications to our customer's needs. We may also use Communications Data (such as responses to surveys, reviews, feedback, ideas, and testimonials you provide) for this purpose.
  • Technical Data
  • Support Data
  • Communications Data
  • Consent (in the case of feedback, ideas, reviews, or testimonials you provide on our Services); and
  • Our legitimate interests in developing and improving our Services.
Send marketing communications: We may process your personal data to send you marketing communications about our Services, and to notify you of upcoming events, webinars, and promotions, that we think may be of interest to you. We also process your Transaction History Data, Communications Data, and Technical Data to assess if you are likely to be interested in particular products and services, and to determine who we send particular marketing communications to about particular Services or events.
  • Contact Data
  • Marketing Data
  • Public and Third-party Data
  • Transaction History Data
  • Communications Data
  • Technical Data
  • Consent (where strictly required by law to send marketing communications); and
  • Otherwise, our legitimate interests in marketing and promoting our Services.
Responding to your communications: If you communicate with us by e-mail, telephone, by mail, at in-person events, conferences, and seminars, or through our social media channels, then we may process your personal data as required for us to respond to you.
  • Contact Data
  • Communications Data
  • Our legitimate interests in communicating with our customers and potential customers.
Collecting and publishing testimonials: We may from time to time ask our customers to provide reviews, testimonials, or feedback in relation to our Services. If you provide this information, then with your consent we may publish any feedback, reviews, or testimonials you provide, along with your Contact Data, on our website on in our marketing materials.
  • Contact Data
  • Communications Data
  • Consent; and
  • Our legitimate interests in promoting and marketing our business.
Operating our referral program: We process personal data so that we can operate our referral program, through which existing customers and third-party referrers can refer prospective customers to us in exchange for payment or benefits. We may also process your Transaction History Data to verify when a referral has resulted in a new customer subscribing to our Services.
  • Contact Data
  • Public and Third-party Data
  • Transaction History Data
  • Consent (where strictly required by law to conduct marketing activities); and
  • Otherwise, our legitimate interests in promoting and marketing our business.
Conduct market research: We process personal data that you provide to us (such as survey responses, feedback, reviews, ideas, suggestions, and testimonials) as well as information we collect about your use of our Services to identify market needs, trends, customer opportunities, and to help customise and tailor our Service offerings to particular customers.
  • Communications Data
  • Marketing Data
  • Technical Data
  • User Data
  • Consent (where strictly required by law to conduct marketing activities); and
  • Otherwise, our legitimate interests in better understanding our customers so that we can provide a more tailored experience.
Personalise content and advertising: We may process your personal data to provide a more personalised experience on our website and services, for example, by only displaying local or otherwise targeted content and information (e.g., if you are a small law firm, we may tailor the content you receive to that which is more suitable for smaller firms). We may also process your personal data to determine what types of advertising you see on our website and services.
  • Contact Data
  • Employer Data
  • Technical Data
  • Marketing Data
  • Consent (where strictly required by law to conduct targeted advertising); and
  • Otherwise, our legitimate interests in providing a more tailored and localised experience for our customers.
Measure the effectiveness of our advertising campaigns: We may also process personal data to measure the effectiveness of our marketing and advertising campaigns (for example, by analysing social media engagement metrics or tracking when our marketing communications are opened and any links are clicked through the use of cookies and other similar tracking technologies).
  • Technical Data
  • Marketing Data
  • Consent (where strictly required by law to deploy and use cookies); and
  • Otherwise, our legitimate interests in marketing and promoting our business.
Manage our use of tracking technologies such as cookies: We process personal data to enable you to manage your cookie preferences, analyse collected data to improve our website and services, and to develop new Services.
  • Technical Data
  • Marketing Data
  • Consent (where strictly required by law to deploy and use cookies); and
  • Otherwise, for strictly necessary cookies, our legitimate interests to operate, provide and improve our Services.
Compliance with legal and regulatory obligations: We process your personal data as required for us to comply with any legal and regulatory obligations to which we are subject (including tax related obligations and responding to requests under data protection law). This may include providing your information in response to a subpoena, or where we are compelled to do so by law enforcement.
  • Contact Data
  • Communications Data
  • User Data
  • Client Data
  • Transaction History Data
  • Compliance with our legal obligations.
Protect and enforce our legal rights: We may need to process your personal data to protect or enforce our legal rights, for example, to take legal action against you if you are in breach of our Terms of Use, or to defend or settle a claim made against you or in relation to your use of the services.
  • Contact Data
  • Communication Data
  • User Data
  • Our legitimate interests in protecting and enforcing our legal rights.

6. Who Do We Share Your Personal Data With? 

We may share your personal data with the following categories of recipients: 

  • Other members of the Smokeball Group, who provide data processing services necessary to provide you with our Services (for example, to support the delivery of, provide functionality on, or help to enhance the security of our website and online services), or who otherwise process personal data for purposes described in this Privacy Policy. 
  • Third-party payment processors, who we use to process payments when you purchase a subscription to our Services. The third-party processor will need to collect and process your payment data (such as your payment card or bank account details) to process your payments. We do not collect or process this data ourselves.
  • Other third-party service providers and partners who provide data processing services to us as necessary to provide you with our Services (for example, to support the delivery of, provide functionality on, or help to enhance the security of our website and online Services), or who otherwise process personal data for purposes described in this Privacy Policy. We may also share personal data with providers of third-party services that interface with or are integrated with our Services, if you request to use those third-party services.
  • Third-party services and business partners when you use third-party and partner services linked through our website or online Services (for example, third-party payment services) your personal data will be collected by the provider of such services. Please note that when you use third-party services, their own terms and Privacy Policies will govern your use of their services.
  • Third-party financiers or banks when you contact us about financing arrangements for our Services. We may share some of your personal data with third-party financiers or banks to enable them to enter into a financing arrangement with you. We do not collect, store, or share any financial data about you ourselves. 
  • Third parties who our customers share Client Data with through the Services. As described in section 3.2 above, our Services allow Customers to create shared spaces where they can share certain Client Data with third parties. These third parties may include, for example, attorneys, counterparties in a corporate transaction, or real estate agencies in a conveyancing transaction. We share Client Data with these third parties as processor on behalf of our customers, who as controller determine what Client Data is shared and who it is shared with. If you are a client of one of our customers and would like to know more about who your Client Data is shared with, you should speak with the customer in the first instance.
  • Any competent law enforcement body, regulatory, government agency, court or other third-party (such as our professional advisers) where we believe disclosure is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.
  • A buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger, or acquisition of any part of our business, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Policy.
  • Any other person with your consent to the disclosure (obtained separately from any contract between us).

7. How Do We Keep Your Personal Data Secure?

Our information security risk management framework is aligned with ISO27001 employing multiple layers of reasonable security controls to protect our platforms. A risk-based approach is utilized and industry-accepted controls from ISO and NIST are referred to ensure appropriate defense measures are implemented including:

  • Access management, 
  • Continuous malware monitoring, 
  • Encryption utilizing a minimum of TLS1.2 for data in transit and at rest,
  • Patch and vulnerability management and 
  • System resiliency/recovery. 

Where you have an account with us that uses a unique password to enable you to access our Services, it is your responsibility to keep this password secure and confidential.

8. International Data Transfers

Where we transfer your personal data to other Smokeball Group members, or to other third parties as outlined in section 6 above, your data may be processed in countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective).

Our servers and the Smokeball Group companies are located in the United Kingdom, the United States, and Australia. Our third-party service providers and business partners operate in the United Kingdom, the United States, Australia, and Japan. This means that when we collect your personal data, it may be processed in any of these countries. If we transfer your personal data out of your jurisdiction, we will implement suitable safeguards and rely on legally-provided mechanisms as required by applicable law to lawfully transfer data across borders to ensure that your personal data is protected.

We retain the personal data we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements). 

In certain circumstances, we will need to keep your personal data for legal reasons after your subscription to our Services has ended. The specific retention periods depend on the nature of the personal data and why it is collected and processed and the nature of the legal requirement.

When we have no ongoing legitimate business need or legal reason to process your personal data, we will either delete or anonymize it. If this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

9. Data Subject Rights 

You have the following data protection rights. To exercise any of these rights, you should contact us using the contact details provided in section 13 below.

  • You may have the right to access, correct, update or request deletion of your personal data as set out in section 10 below. 
  • You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided in section 13 below. If you choose to opt out of marketing communications, we may still send you non-promotional administrative emails, such as emails about your current subscription and Service alerts.
  • If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time by using the contact details provided in section 13 below. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent. 
  • You may have the right to complain to a supervisory or state authority about our collection and use of your personal data (see section 11 below). 

California Residents

  • Under the CCPA, a California resident has the following rights: (1) to request additional information about our data collection, use, disclosure, and sales practices in connection with your personal data; (2) to request the specific personal data collected about you during the previous 12 months; (3) to request the deletion of the personal data we have about you; (4) to request a restriction on certain processing of personal data; and (5) to request correction of inaccurate information. You may not be discriminated against for exercising your California privacy rights.
  • California residents are also entitled to contact us to request information about whether we have disclosed personal data to third parties for the third parties’ direct marketing purposes. Under the California “Shine the Light” law, California residents may opt-out of the disclosure of personal data to third parties for their direct marketing purposes. You may choose to opt-out of the sharing of your personal Information with third parties for marketing purposes.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Please contact us at infosec@smokeball.com.

10. How to Access and Correct your Personal Data?

You may ask to access any personal data that we hold about you at any time by contacting us using the details set out in section 4.

If you believe that any personal data that we hold about you is incorrect, incomplete, or inaccurate, then, you may ask that we correct that data. We will consider your request for correction, and if we do decide not to make the correction, then you can ask that we add a note to the personal data that we hold stating that you disagree with it.

We will try to provide you with suitable means of accessing the personal data (for example, by posting or emailing it to you), and may charge you a reasonable fee to cover our administrative and other reasonable costs in providing the data to you. We will not charge you for simply making the request and will not charge for us making any corrections to your personal data.

There may be instances where we cannot grant you access to the personal data we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality or legal professional privilege. If that happens, we will provide you with written reasons for our decision.

11. Other Important Privacy Information

Artificial Intelligence: Smokeball integrates advanced artificial intelligence technology across our product suite, enhancing core functionalities with generative AI capabilities such as the Archie assistant. This AI-powered approach streamlines workflows, boosts efficiency, and enables law firms to accomplish more in less time. Smokeball AI and Archie data processing activities and functionality align with our products’ primary uses. The use, collection and processing of any data is consistent with our core principles and requirements described in our Privacy Policy.

12. How to Make a Complaint 

If you believe that your privacy has been breached, please contact us using the details set out in section 13 and provide us with details of your concerns so that we can investigate the matter further. We will treat your complaint confidentially and will try to investigate and resolve your complaint within a reasonable period of time. Please email complaints to infosec@smokeball.com

13. Updates to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, regulatory, technical, or business developments. When we update our Privacy Policy, we will act appropriately to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Policy changes if, and where, required by applicable data protection laws. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

14. How to Contact Us

If you have any questions or concerns about how we use of your personal data, how long we retain your personal data, or the steps we take to protect your personal data, please send us an email at infosec@smokeball.com.