PRIVACY POLICY

Develop Legal Mindset (“DLM”) collects and uses information which may identify individuals (“personal data“), including visitors to this website: www.developlegalmindset.com (“you", “your”).

DLM is aware of its responsibilities to handle your personal data with care, to keep it secure and comply with applicable privacy and data protection laws.

The purpose of this Privacy Policy (“Policy“) is to provide a clear explanation of when, why and how DLM collects and uses personal data as data controller, which is explained further below.

Please read this Policy carefully as it explains how DLM uses personal data. DLM may change this Policy and, when it does, any changes will be posted on this page, so please check back frequently.

CONTENTS OF THIS POLICY

ABOUT DLM
PERSONAL DATA: COLLECTION, PURPOSES AND LAWFUL BASIS
DISCLOSURE OF YOUR PERSONAL DATA
INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA
RETENTION OF YOUR PERSONAL DATA
YOUR RIGHTS AND HOW TO EXERCISE THEM
MARKETING
PRIVACY NOTICE FOR CALIFORNIA RESIDENTS
POLICY AMENDMENTS
CHILDREN’S INFORMATION
ANY QUESTIONS?

1. About DLM

DLM is the data controller for the personal data set out above in this Policy.

You can contact DLM by email at info@developlegalmindset.com.

2. Personal Data: collection, purposes and lawful basis

This Policy applies to the collection of and processing of your personal data by DLM.

DLM collects personal data from you directly:

through the “Contact Me” webpage;
if you register to view content prepared by DLM (e.g. guides, quizzes, white papers, webinars, courses, informational or educational documents etc.); or
if you purchase one of DLM’s products or services.

DLM collects personal data during your use of this website via the cookies DLM use. For further details about DLM’s use of cookies, please refer to DLM’s Cookie Policy.

The type of personal data DLM process differs depending on how you engage with DLM. The table below provides this information including how DLM will use personal data and the context for which DLM uses your personal data:

Individuals that purchase DLM products and services

Types of Personal Data:

First name, surname, email address, address, phone number / mobile phone number, title, information about your professional expertise

Purpose:

For the provision of DLM’s products and services, which includes processing orders, sending receipts, collecting payments and any other general contract administration.
To resolve any queries or complaints
To send marketing material, updates, newsletters, informational materials about DLM’s products and services including online webinars and courses, and other related information, including, sending solicited information, and surveys and promotions.

Legal Basis:

The processing is necessary for performance of a contract.
DLM’s legitimate interest to respond to any correspondence or queries you send DLM, and to send service information about DLM’s products and/or services. In addition, responding to queries is necessary for fulfilling DLM’s contractual obligations.
Where required by privacy laws, your consent or where information is solicited.
Otherwise, DLM’s legitimate interest to send you communications related to the same or similar products or services to which you have previously purchased or expressed interest in, where permitted by privacy laws.
Please see section 7 (Marketing) of this Policy for more information.

Types of Personal Data:

First name, surname, email address, address, phone number / mobile phone number, title, information about your professional expertise
Information about your visits to DLM’s website, your IP address, browser type, your operating system and device type, the number of times you visit DLM’s website, your interactions with DLM’s website, the pages you’ve visited on DLM’s website, your display settings, session start / stop time, referral URL, time zone, and network connection type, your geo-location address, content information and preferences

Purpose:

To conduct data and usage analytics, sales and business performance analytics, improvement and optimization of products, service and business processes and operations, and for other internal business purposes.

Legal Basis:

DLM’s legitimate interest to measure the use of DLM’s products and/or services and interaction to inform and improve service/product direction and development, and business processes and operations.

Website Visitors

Types of Personal Data:

Name, email address, title, company name and website analytics (described below)

Purpose:

Provision of content and services, marketing and promotional purposes, participation in events, newsletter subscriptions, and responding to enquiries (including social media features) in response to you contacting DLM through DLM’s Contract DLM page

Legal Basis:

Your consent (in relation to non-essential cookies – see below).
DLM’s legitimate interest in providing you with information about DLM’s products and services (where you indicate an interest) and developing DLM’s relationship with you.
Please refer to DLM’s Cookie Policy for further details about DLM’s use of cookies

Types of Personal Data:

Information about your visits to DLM’s website, your IP address, browser type, your operating system and device type, the number of times you visit DLM’s website, your interactions with DLM’s website, the pages you’ve visited on DLM’s website, your display settings, session start / stop time, referral URL, time zone, and network connection type, your geo-location address, content information and preferences,

Purpose:

To keep DLM’s website available and secure.
To improve your experience when you visit DLM’s website. This includes: (a) for statistical analysis to improve, test and monitor the effectiveness of DLM’s website; (b) to monitor metrics such as total number of visitors and traffic data (including demographic patterns); (c) to ensure content on DLM’s website is presented in the most effective manner for you and to enhance your use of DLM’s website; and (d) to optimize marketing campaigns.

Legal Basis:

DLM’s legitimate interest to provide and maintain DLM’s website through utilising cookies that are strictly necessary.

Your consent for cookies that are not strictly necessary, such as cookies relating to performance, functionality and target/advertising. Please refer to DLM’s Cookie Policy for further details about DLM’s use of cookies.

Marketing

Types of Personal Data:

Name, email address, telephone number, company and position information, location

Purpose:

Lead generation for marketing and promotion purposes through first and third party physical and web based events, conferences, roundtables, webinars and other interactive mediums.
Lead generation for use in marketing and promotion purposes through sourcing personal data via third party lead generation including affiliates and social media platforms.

Legal Basis:

Where required by privacy laws, your consent or where information is solicited.
Otherwise, DLM’s legitimate interest to promote DLM’s products or services.

All Data Subjects

Types of Personal Data:

All data above mentioned.

Purpose:

In connection with any merger, sale, transfer of DLM’s assets, investment, acquisition, bankruptcy, or similar event or corporate transaction.

Legal Basis:

Necessary for DLM’s legitimate interests to ensure DLM can protect and grow DLM’s business.

Purpose:

To help DLM improve and optimise DLM’s products and services.

Legal Basis:

Necessary for DLM’s legitimate interests to maintain DLM’s reputation as a leading provider of application security testing solutions to customers across the globe

Purpose:

To perform financial accounting functions including tax reporting to comply with applicable laws

Legal Basis:

Necessary to comply with relevant legal obligations (for example, relating to tax reporting).

Purpose:

To protect the rights of DLM and Data Subjects

Legal Basis:

Necessary to comply with relevant legal obligations (for example, applicable data protection/privacy laws).

Necessary for DLM’s legitimate interests to act in, and protect, the interests of DLM’s business.

Purpose:

To perform risk analysis, fraud/crime prevention and due diligence.

Legal Basis:

Necessary to comply with relevant legal obligations (for example, applicable anti-money laundering and anti-terrorist laws).
Necessary for DLM’s legitimate interests to act in, and protect, the interests of DLM’s business.

In limited circumstances DLM may process any of the personal data DLM holds to the extent necessary to defend, establish and exercise legal claims or to comply with legal or regulatory obligations, including, responding to requests and communications from competent authorities, courts or tribunals. Such processing is based on DLM’s legitimate interests, which in this case are protecting DLM’s services and data, exercising DLM’s legal rights, and complying with DLM’s legal obligations.

Where DLM needs to collect personal data due to a legal or regulatory obligation, or for performance of a contract, and you do not provide that data when requested, DLM may not be able to perform the contract DLM has or is trying to enter into with you (for example, to provide you with DLM’s products/services). DLM will notify you of this at the time.

3. Disclosure of your Personal Data

Depending on your dealings with DLM, DLM may disclose some or all of the personal data DLM collects from and obtains about you to the following:

Internal Recipients: Personnel: Personal data is shared internally on a need-to-know basis to DLM’s staff and personnel.

External Recipients:

Service Providers and Data Processors: DLM engages third party vendors, from time to time, including:

IT service providers to help manage DLM’s IT and back office systems
web services including web hosting, storage and web analytics
digital communication providers including online and instant messaging, chat and email providers
data, website, product and platform security providers
ordering, invoicing and payment platforms
analytics and search engine providers to help DLM improve and optimize DLM’s products and services
providers of various services for improvement and optimization of DLM’s products, service and business processes and operations, and for other internal business purposes including data and usage analytics, sales and business performance analytics and market research for statistical and survey purposes
professional advisors such as tax or legal advisors (for example, as necessary for the establishment, exercise or defence of legal claims or to protect the rights or safety of DLM)
agents, suppliers or sub-contractors and other associated organisations where they are engaged by DLM to help deliver a service or product that DLM have instructed them on or assist with customer management
event organizers, logistic and production companies in connection with events that you may attend.

Some of these service providers use ‘cloud based’ IT applications or systems, which means that your personal data will be hosted on their servers, but under DLM’s control and direction.

Third parties in case of a legal requirement: DLM discloses your personal data if disclosure is required by law or in the context of an investigation, regulatory requirement, judicial proceeding, court order or legal process (including to law enforcement or competent authorities like the police and tax authorities).

DLM may also disclose personal data in case DLM believes, in good faith, that such disclosure is necessary in order to enforce DLM’s policies, take precautions against liabilities, investigate and defend ourselves against any third-party claims or allegations, protect the security or integrity of the service and protect DLM’s rights and property.

Third parties in case of a corporate transaction: Information about DLM’s customers, including personal data, may be disclosed as part of any merger, sale, transfer of DLM’s assets, investment, acquisition, bankruptcy, or similar event, including while engaging with DLM’s actual or potential investors.

4. International transfers of your Personal Data

Where the GDPR or the UK GDPR are applicable, and whenever DLM make transfers of your Personal Data, DLM implement appropriate safeguards and will only transfer or share your Personal Data to recipients:

pursuant to the EU Standard Contractual Clauses and additional measures to supplement such clauses as may be required in line with transfer impact assessments DLM carry out, to prevent interference by public authorities of third countries;
pursuant to the UK Addendum; and/or
in countries that have an adequacy decision by the European Commission and/or the UK Information Commissioner’s Office; or
located in the EEA or in the UK.

Any requests for information DLM receives from law enforcement or regulators will be carefully checked before personal data is disclosed. If you would like to find out more about any such transfers or obtain a copy of safeguards, please contact DLM using the details set out in section 1

5. Retention of your Personal Data

DLM will not retain your personal data longer than it is necessary to carry out the purposes listed in section 2 of this Policy or than is required by law.

In some circumstances DLM may retain your personal data for longer periods of time, for instance where DLM is required to do so in accordance with legal, regulatory, tax or accounting requirements. In specific circumstances DLM may also retain your personal data for longer periods of time so that DLM has an accurate record of your dealings with DLM in the event of any complaints or challenges, or if DLM reasonably believe there is a prospect of litigation relating to your personal data or dealings.

Where your personal data is no longer required DLM will ensure it is either securely deleted or stored in a way which means it will no longer be used by the business.

6. Your rights and how to exercise them

Depending on your relationship with DLM, your jurisdiction and the applicable data protection laws that apply to you, you have several rights in relation to your personal data set out in this section. In certain circumstances these rights might not be absolute, as they depend on DLM’s reason for processing your personal data. You are not required to pay any charge for exercising your rights, although DLM may charge a reasonable fee if your request is unfounded, repetitive or excessive.

EU Residents Rights: Right to know or access Personal Data collected by DLM

California Residents Rights: The right to know what personal data the business has collected.

Details: The right to know what personal data DLM collected, including the categories of personal data, the sources from which the personal data is collected, the business or commercial purpose for collecting, selling, or sharing personal data, the categories of third parties to whom DLM discloses personal data, and the specific pieces of personal data DLM collected about you.

EU Residents Rights: Deletion Rights

California Residents Rights: Deletion Rights

Details: The right to delete personal data that DLM collected from you, subject to certain exceptions.

EU Residents Rights: Correct Inaccurate Data

California Residents Rights: Correct Inaccurate Data

Details: The right to correct inaccurate personal data that DLM maintains about you

EU Residents Rights: N/A

California Residents Rights: Opt-Out of Sharing for Cross-Contextual Behavioural Advertising

Details: You have the right to opt-out of the “sharing” of your personal data for “cross-contextual behavioural advertising” (all as defined under the CCPA), often referred to as “interest-based advertising” or “targeted advertising”.

EU Residents Rights: N/A

California Residents Rights: Opt-out from selling

EU Residents Rights: N/A

California Residents Rights: Opt-out from selling

Details: The right to opt-out of the “sale” or “sharing” (as defined under the CCPA) of personal data.

EU Residents Rights: N/A

California Residents Rights: Limit the Use or Disclosure of Sensitive personal data (SPI)

Details: You have the right to request to limit the collection of your SPI to that use which is necessary to maintain DLM’s service,

EU Residents Rights: Opt-Out of the Use of Automated Decision Making

California Residents Rights: N/A

Details: In certain circumstances, you have the right to opt-out of the use of automated decision making in relation to your personal data.

EU Residents Rights: N/A

California Residents Rights: Non-Discrimination

Details: The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. DLM may, however, charge different prices or rates, or provide a different level or quality of goods or services, if that difference is reasonably related to the value provided to DLM by your personal data.

EU Residents Rights: Data Portability

California Residents Rights: Data Portability

Details: You may request to receive a copy of your personal data, including specific pieces of personal data, including, where applicable, to obtain a copy of the personal data you provided to DLM in a portable format.

EU Residents Rights: Restriction or Objection to Processing

California Residents Rights: N/A

Details:You have the right to object the processing of your personal data, unless certain exceptions apply.

EU Residents Rights: Withdrawal of Consent

California Residents Rights: N/A

Details: If personal data is processes on the basis of your consent, you have the right to withdraw it at any time.

Your rights may be exercised by contacting DLM at: info@developlegalmindset.com. In case of rejection, the response DLM provide will explain the reasons for which DLM cannot comply with your request.

Responding times and format:

For EU residents: DLM has one month to respond to you (unless you have made a number of requests or your request is complex, in which case DLM may take up to an extra two months to respond).

Please note that, where DLM asks you for proof of identification, the one-month time limit does not begin until DLM has received this. If DLM requires any clarification and/or further information on the scope of the request, the one-month deadline is paused until DLM receives that information.

For California residents:

DLM’s goal is to respond to a verifiable consumer request within 45 days of its receipt. If DLM requires more time, DLM will inform you of the reason and extension period in writing within the first 45 days period. DLM will deliver DLM’s written response, by mail or electronically, at your option. Any disclosures DLM provides will cover only the 12-month period preceding the request. If reasonably possible, DLM will provide your personal data in a format that is readily useable and should allow you to transmit the information without hindrance. You may only request a copy of your data twice within a 12-month period.
The request must:
- Provide sufficient information to allow DLM to reasonably verify you are the person about whom DLM collected personal data or an authorized representative.
- Describe your request with sufficient details to allow DLM to properly understand, evaluate, and respond to it.

DLM cannot respond to your request or provide you with personal data if DLM cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require you to create an account with DLM. DLM will only use personal data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

7. Marketing

You may change your marketing preferences (for example whether you want to receive email, SMS and/or telephone marketing) at any time by contacting DLM.

In most cases DLM’s processing of your personal data for marketing purposes is based on your consent (including where required by law), although in some cases it may be based on DLM’s legitimate interest. Further information about DLM’s legal basis for processing personal data for marketing purposes is set out in section 2 In particular, you can always opt-out of email marketing communications by clicking the “unsubscribe” link at the bottom of marketing emails, or by contacting the contact details provided in section 1.

When you choose to unsubscribe, your data is automatically moved to a suppression list to prevent your email address being accidentally added to DLM’s database again. If you wish your data to be fully deleted from DLM’s systems, DLM will do so at your request but, if your email address is at any point added back into DLM’s database, by you or on your behalf, there will be no automated process in place to prevent marketing being emailed to you again. Please note that where DLM have another lawful basis for processing, DLM will continue to process personal data for other purposes – for example, DLM may process information based on contract necessity. You may also receive indirect marketing from DLM by way of general marketing communications (e.g. post or non-targeted adverts in the media etc).

8. Privacy Notice for U.S Residents

This part of the Policy addresses the specific disclosure requirements under the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq., and the regulations enacted thereunder (collectively: “CCPA“).

Collection, Disclosure and Sharing of Personal Information

In the preceding twelve (12) months, DLM has collected the following Personal Information:

Category of Personal Information Collected: Identifiers
Personal Information Collected: Full name, email address, social media identifier, IP address.
Category of Personal Information Collected: Personal information described in subdivision (e) California Code, Civil Code – CIV § 1798.80
Personal Information Collected: Full name, email address, social media identifier, IP address, phone/mobile phone number.
Category of Personal Information Collected: Commercial Information
Personal Information Collected: Records of products or services purchased
Category of Personal Information Collected: Professional or employment-related information
Personal Information Collected: Title and professional expertise of users, subscribers and DLM events’ attendees’
Category of Personal Information Collected: Geolocation data
Personal Information Collected: IP address and device location data
Category of Personal Information Collected: Electronic network activity
Personal Information Collected: Information about users’ visits to DLM’s website, IP address, browser type, operating system and device type, number of visits on DLM’s website, interactions with DLM’s website, the pages visited on DLM’s website, display settings, session start / stop time, referral URL, time zone, and network connection type, content information and preferences.

Sources of Personal Information:

Directly and indirectly from activity on DLM’s website: For example, directly from forms you complete on website; or indirectly, DLM collects your usage data automatically from measurement tools.
Indirectly from you: DLM track your activities across the internet, for example, when you view or interact with certain content, web page or ad.
From third-parties: For example, from vendors who assist DLM in performing services for consumers, internet service providers, data analytics providers and social networks.

Business Purposes for Collection:

To provide you with and improve DLM’s service.
To fulfil DLM’s contractual obligations with you
To detect and prevent fraud or illegal activities.
To respond to your requests and inquiries and communicate with you.
Direct marketing purposes – DLM may use the contact details you provided DLM to send you promotional offers and other content.
To perform research, technical diagnostics, analytics or statistical purposes.
To charge you for services provided by DLM.
For marketing and promotion purposes.
To perform financial accounting functions.

In the preceding twelve (12) months DLM disclosed your Personal Information, as described below:

Categories of Recipients

Service Providers

Business and Commercial Purposes for Disclosure

The disclosure of such Personal Information will be as reasonably necessary and proportionate to achieve, inter alia, the following purposes:

To provide, operate, maintain, improve, and promote the website and services.
To enable you to access and use the website and services.
To process and complete transactions, and send you related information, including purchase confirmations and receipts.
To send transactional messages, including responses to your comments, questions, and requests.
To send marketing communications, in accordance with your communication preferences, such as providing you with information about products and services, features, surveys, newsletters, offers, promotions, contests, quizzes and events.
To improve and optimize DLM’s products, service and business processes and operations, and for other internal business purposes including data and usage analytics, and sales and business performance.
To obtain professional advice from external counsel (such as, lawyers, accountants and tax advisors).
To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity.
To organize DLM’s events, where you attend a DLM event
To promote, market and sell DLM products and services.
To comply with legal obligations or requirements, and exercise DLM’s rights.

DLM does not “Sell” or “Share” personal information, as these terms are defined under the CCPA.

Authorized Agents

“Authorized agents” may submit opt out requests on a consumer’s behalf. If you have elected to use an authorized agent, or if you are an authorized agent who would like to submit requests on behalf of a consumer, the following procedures will be required prior to acceptance of any requests by an authorized agent on behalf of a California consumer.

Usually, DLM will accept requests from qualified third parties on behalf of other consumers, regardless of either the consumer or the authorized agent’s state of residence, provided that the third party successfully completes the following qualification procedures:

When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require that the consumer do the following:
- Provide the authorized agent signed permission to do so or power of attorney.
- Verify their own identity directly with the business.
- Directly confirm with the business that they provided the authorized agent permission to submit the request.

DLM may deny a request from an authorized agent that does not submit proof that they have been authorized by the consumer to act on their behalf.

Direct Marketing Requests

California Civil Code Section 1798.83 permits you, if you are a California resident, to request certain information regarding disclosure of Personal Information to third parties for their direct marketing purposes. To make such a request, please contact DLM at info@developlegalmindset.com.

“Do Not Track” Settings: “Do Not Track” is a privacy preference you can set in your web browser to indicate that you do not want certain information about your web page visits tracked and collected across websites. Cal. Bus. And Prof. Code Section 22575 also requires DLM to notify you how DLM deal with the “Do Not Track” settings in your browser. As of the effective date listed above, there is no commonly accepted response for Do Not Track signals initiated by browsers. Therefore, DLM do not respond to the Do Not Track settings. For more details, including how to turn on Do Not Track, visit: www.donottrack.DLM.

Record Keeping

DLM will maintain records of consumer requests made pursuant to the CCPA and DLM’s responses to said requests for minimum period of 24 months. Such information will be used for no other purpose other than records keeping requirements under the CCPA or other legal requirements such as law, court order, subpoena, warrant or other legal judicial process.

9. Policy Amendments

DLM reserves the right to change this Policy at any time, so please re-visit this page frequently. All changes to this Policy are effective as stated “Last Updated” date, and your continued use of the services after the Last Update date will constitute acceptance of, and agreement to be bound by, those changes. As required by the CCPA, DLM will review this Privacy Policy every twelve (12) months and amend it as necessary.

10. Children’s Information

DLM’s Services are not intended for, and DLM will not knowingly collect personal data from, minors below the age of sixteen (16) years, or otherwise below the legal age for providing consent that is not subject to authorization by the holder of parental responsibility, in accordance with the laws in the jurisdiction you reside (“Age of Majority”). If DLM becomes aware that personal data of a user under the Age of Majority, DLM will remove such information from DLM’s files immediately. DLM reserves the right to request proof of age at any stage so that DLM can verify that children are not using the Services.

11. Any Questions?

DLM hopes this Policy has been helpful in setting out the way DLM handles your personal data and your rights to control it. If you have any questions that have not been covered, please contact DLM’s Data Privacy Team who will be pleased to help you via email at info@developlegalmindset.com.If you have a complaint or concern about how DLM use your personal data, please contact DLM in the first instance and DLM will attempt to resolve the issue as soon as possible. You also have a right to lodge a complaint with your national data protection supervisory authority at any time.

This Policy was last updated on August 1, 2024.

DEVELOP LEGAL MINDSET

PRIVACY POLICY

DEVELOP LEGAL MINDSET