Privacy Policy

This is the Privacy Policy of Donna Technologies AB ("Donna"), a Swedish company situated in Göran Olsgatan 1, 211 22, Malmö, Sweden. Donna reserves the right to modify this privacy policy. The latest version of the privacy policy is always accessible at www.donna.legal/legal/privacy. For Donna, the protection and confidentiality of your data is of the utmost importance. If you have any concerns about privacy and personal data you may contact our Data Protection Officer, Valthor, at dpo@donna.legal.

Donna collects and uses your personal data strictly within the legal limits of the data protection law of Sweden and, as of 25 May 2018, the EU General Data Protection Regulation no. 2016/679 (“GDPR”) as incorporated in Swedish law. Terms that we use in this document like "personal data", "processing", "data controller" and "data processor" shall have the meaning as defined therein.

This privacy policy informs you of the kinds, extents and purposes of any collection and use of personal data, and is divided into the following sections:

Which personal data we collect and use with our platform is detailed in Section 1

General aspects regarding processing of personal data and your rights in Section 2

Details of third party service providers and other personal data we collect and use when you visit our website www.donna.legal in Appendix 1.

Please address any requests regarding privacy to privacy@donna.legal or write to us at the postal address stated above.

1. Overview of personal data we collect and use

1.1 Account information and data you provide as a customer of donna.legal

In order to use all services offered by Donna, you are required to register. You may register using third party identity providers, such as Microsoft Azure. If you choose to do so, the identity providers will provide Donna with your name, email address and profile picture (if available). Donna will not, however, have access to your password. If direct signup with Donna is provided, we will require you to enter your email, and you may also provide us with other information upon login, such as your name, phone number, and profile picture. For both options, this data is required to create and administer a user account for you and to enable you to use the service. For enterprise customers, Donna allows signup and login via third party enterprise authentication services, if previously agreed upon and formalized in terms with said enterprise.


If you decide to use services offered by Donna that are subject to a charge, you are required to provide the name, address, email address, and phone number of your organization (or yours if not applicable) for payment reasons. This information is also processed by our payment processor. Credit card information is never available to Donna, but is only transmitted to and stored with our payment processor.


To provide you with a better service, user and organization data may also be stored in third-party CRM systems or similar tools (such as e.g. pipedrive.com), and contact details may be enriched by third party services (e.g. Clearbit) for sales and marketing purposes.

You may choose to sign up for our newsletter and service status updates provided via email. We will store your name and email address, and share this information with third party processors to deliver these services. You may choose to unsubscribe from these email updates at any time. We will also very occasionally send important service updates to all registered users via email, using the same third-party processors.

Donna is the data controller for the personal data of our service users according to relevant data protection law.

1.2 Information within contracts processed by Donna

Users can analyze the content of legal documents via the Donna Services, defined as "User Content" in our Terms of Service. This data may occasionally, but not usually, contain data that may be qualified as personal data. In this context, Donna is only a processor of data on behalf of the user and not the data controller.


Except for complying with its obligations under mandatory law and contractual terms, Donna is not legally responsible for data content uploaded by the user and is neither interested in this data nor will analyze this data in any way. Donna will only process this data, within the framework of the provision of the service, and in the scope described in the Terms of Service and our Agreement with you or the entity with which you are connected to. Where possible Donna will limit our own access to User Content by deleting the content once a response has been sent or by using encryption and hashing standards that are non reversible.


1.3 Information gathered through automatic data collection

When you access the Donna Services via a browser, the Word plugin, or other means, certain data is automatically transmitted for technical reasons. The following data is logged and stored separately from any other data you may transmit to us for a limited time: IP address, date and time of access, browser type and version, operating system, URL of the website visited prior to ours, amount of data transmitted, and performance numbers such as latencies and caching. This data is collected for purposes of security, troubleshooting, and aggregate statistics.


Logged-in users will also transmit authentication information through cookies or headers to allow our systems to authenticate and authorize the request and make decisions based on the logged-in user. This information is never stored together with the access logs mentioned above, but other information that is explicitly provided by the user to perform operations may, however, be logged and associated with the user in order to provide audit logs and similar.


When visiting our website at donna.legal we collect aggregate statistics about your actions on our website and store these with a third-party processor for analytics and statistics to improve our website and service. The collected data does not include any personal information, and it is not possible for us to trace this back to any individual.

If the user should encounter any errors while using our services, we will temporarily log information relevant to the error, including the information listed above, with a third party processor in order to notify us of the error and aid with debugging.

1.4 Cookies

Donna stores so-called “cookies” to provide you with a wide range of functionalities. “Cookies” are tiny files stored on your computer through your browser. If you do not wish to receive “cookies”, you may deactivate storing “cookies” on your computer by changing your browser settings accordingly. Please note that the functioning of the website may be impaired and the range of functionalities may be limited if you deactivate “cookies”. The cookies we use are described in more detail in Appendix 1. You may deactivate cookies in your web browser. For more information, please visit http://www.youronlinechoices.com/

1.5 Further information

If you decide to use services offered by Donna that are subject to a charge, Donna may offer you the possibility to enter further information and/or flag issues using the customer support chat. The information requested by Donna will then depend on your request. In addition, free-text fields allow you to enter more information. Donna will use the information you enter to process your request.

Donna also offers a free newsletter service. In its newsletter, Donna informs subscribers about changes to the Donna Services. You may opt out of the newsletter at any time. Each newsletter contains a link to opt out of receiving any future newsletters.

2. General Aspects of Data Processing and Privacy

2.1 Legal basis and purpose of our processing

We process your data because it is necessary for the fulfillment of a contract with you and/or because it is necessary to perform our legitimate objective of providing the Donna Services to our Customers. This includes, but is not limited to:

  • To provide services and information to our Customers
  • To handle inquiries and requests from our Customers
  • To create and administer records about an account that you register with us
  • To give our Customers information and updates about their orders.
  • To provide access to resources and information that you have requested from us
  • To provide you with technical support based on your individual needs
  • To improve our website, like the navigation and content of our sites
  • For website and system administration and security
  • To process transactions from our Customers
  • To fulfil our legal obligations regarding financial transactions
  • For general business purposes, including improving customer service
  • To help us improve the content and functionality of the Donna Services
  • To better understand our users and protect against wrongdoing
  • To enforce our Terms of Service, and to generally manage our business
  • For recruitment purposes, if you apply for a job at Donna

2.2. Third party access to your data

Donna employs third-party processors under contract as part of providing our services to you, who may process your personal data in cases where we are the data controller. In these cases, we only share the necessary information to enable them to carry out their tasks. Such external service providers are carefully selected in order to ensure your privacy and to fulfil our obligations under the GDPR. Service providers may only use the data for the purposes under the agreement entered into between Donna and the service provider. More information about our specific third-party processors is included in Appendix 1.

We also employ a limited number of third-party subprocessors for processing User Content data, listed in Appendix 1. Donna will notify customers before changing subprocessors that have access to customer-controlled data, and allow the customer to cancel their contract before the switch if they object.

If it serves investigations of illegal use of our services or is required to pursue legal claims, personal data may be shared with law enforcement agencies, public bodies and third-party victims’ claims based upon court orders or other binding orders from public bodies. Such transfer of data will be made in accordance with applicable laws and regulations

2.3 Deletion of your data

Your data will be deleted from our systems and third-party processors once it is no longer required for the aforementioned purposes. If you delete your user account, your personal data will be removed from our systems without unreasonable delay, and at the latest within 90 days, unless applicable legislation or legal process prevents us from doing so. To the extent that Donna is legally obliged to archive data, such data will be blocked and will not be available for productive use.

Data may in certain cases remain in the systems of our subprocessor Google Cloud Platform for as long as 180 days, as outlined in their terms of service, although it will generally be removed much sooner. This data is not available to us.

2.4 Location of your data

Donna is based in Sweden and will primarily access your data from our regular place of business in Sweden. Your personal data will be stored on servers within the EU/EEA hosted by our subprocessor Google Cloud Platform - primarily in data centers in St. Ghislain, Belgium, but also at other Google data centers throughout the EU. For customers in Asia and Australia your data may instead be stored and processed in Sydney or other data centers throughout Australia. For customers in the US your data may instead be stored and processed in North Virginia or other data centers throughout the United States. Your data may be stored transiently or cached in any country in which Google or its agents maintain facilities.

We also employ certain third-party processors outside of the EU (primarily in the US) to deliver our services, which may process personal data for which we are a controller. Under such circumstances, adequate safeguards for such transfer to third countries are in place, including data processing agreements compatible with EU standard clauses accepted by the European Commission. For a complete list of processors, please see Appendix 1.

User Content data, unless explicitly stated otherwise, is not stored in any data center and instead destroyed after an analysis has been completed.

2.5 Your rights

You are entitled, upon request, to disclosure regarding your personal data that we are storing or are otherwise processing. You are also entitled to have any incorrect personal data corrected and rights to blocking or deletion of your personal data. Under certain conditions, you have the right to object to processing of your personal data, and as far as the EU Regulation 2016/679 (GDPR) has entered into force you may ask to receive your personal data in a structured and commonly used format so that it can easily be transferred to you or another data controller you appoint (this is known as “data portability”).

If you have any complaints regarding our processing of your personal data, we encourage you to contact us. Please address any requests in such matters to privacy@donna.legal or write to us at the address stated above. We also inform you that you are entitled by law to file a complaint with the Swedish Authority for Privacy Protection (www.imy.se).

3. Final remarks

This privacy policy is governed by the laws of Sweden.

Appendix 1: Third-Party Processors

Donna uses a number of third-party processors to deliver our services to you, as described in section 2.2. These processors, and the purposes of the processing, is listed below for your information. This appendix is updated independently of our privacy policy.

User Content data

The following subprocessors are employed under contract to process User Content data in order to deliver our services, as described in section 2.2. We will notify customers before changing these processors.

Google Cloud

Donna uses services provided by Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google acts as a subcontractor and data processor, inter alia for hosting our services and all related data through their Google Cloud Platform offering. For further information regarding Google Cloud Platform Service specific terms, please visit: https://cloud.google.com/terms/service-terms. For information regarding Google Cloud Platform Data Processing and Security Terms, please visit: https://cloud.google.com/terms/data-processing-terms.

Donna-controlled data

The following third-party processors are employed under contract to process Donna-controlled data in order to deliver our services, as described in section 2.2. We reserve the right to change these processors at our own discretion, without notifying customers beyond updating this list, provided the data, terms, and purposes of the processing are compatible with our current terms of service and privacy policy.

Advertising

This type of service allows User Data to be utilized for advertising communication purposes. These communications are displayed in the form of banners and other advertisements on www.donna.legal, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
Some of the services listed below may use Trackers to identify Users or they may use the behavioral retargeting technique, i.e. displaying ads tailored to the User’s interests and behavior, including those detected outside www.donna.legal. For more information, please check the privacy policies of the relevant services.
In addition to any opt-out feature offered by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.

Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

Facebook Audience Network (Facebook Ireland Ltd)

Facebook Audience Network is an advertising service provided by Facebook Ireland Ltd In order to understand Facebook's use of Data, consult Facebook's data policy.

Www.donna.legal may use identifiers for mobile devices (including Android Advertising ID or Advertising Identifier for iOS, respectively) and technologies similar to cookies to run the Facebook Audience Network service. One of the ways Audience Network shows ads is by using the User's ad preferences. The User can control this in the Facebook ad settings.

Users may opt-out of certain Audience Network targeting through applicable device settings, such as the device advertising settings for mobile phones or by following the instructions in other Audience Network related sections of this privacy policy, if available.

Personal Data processed: Cookies; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out.

Facebook Lookalike Audience (Facebook Ireland Ltd)

Facebook Lookalike Audience is an advertising and behavioral targeting service provided by Facebook Ireland Ltd that uses Data collected through Facebook Custom Audience in order to display ads to Users with similar behavior to Users who are already in a Custom Audience list on the base of their past use of www.donna.legal or engagement with relevant content across the Facebook apps and services.
On the base of these Data, personalized ads will be shown to Users suggested by Facebook Lookalike Audience.

Users can opt out of Facebook's use of cookies for ads personalization by visiting this opt-out page.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out.

LinkedIn Ads (LinkedIn Ireland Unlimited Company)

LinkedIn Ads is an advertising service provided by LinkedIn Ireland Unlimited Company.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt out.

Google Ad Manager (Google Ireland Limited)

Google Ad Manager is an advertising service provided by Google Ireland Limited that allows the Owner to run advertising campaigns in conjunction with external advertising networks that the Owner, unless otherwise specified in this document, has no direct relationship with. In order to opt out from being tracked by various advertising networks, Users may make use of Youronlinechoices. In order to understand Google's use of data, consult Google's partner policy.
This service uses the “DoubleClick” Cookie, which tracks use of www.donna.legal and User behavior concerning ads, products and services offered.

Users may decide to disable all the DoubleClick Cookies by going to: Google Ad Settings.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy.

Google Ads Similar audiences (Google Ireland Limited)

Similar audiences is an advertising and behavioral targeting service provided by Google Ireland Limited that uses Data from Google Ads Remarketing in order to display ads to Users with similar behavior to Users who are already on the remarketing list due to their past use of www.donna.legal.
On the basis of this Data, personalized ads will be shown to Users suggested by Google Ads Similar audiences.

Users who don't want to be included in Similar audiences can opt out and disable the use of advertising cookies by going to: Google Ad Settings.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out.

Analytics

The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.

Google Analytics (Google Ireland Limited)

Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Data collected to track and examine the use of www.donna.legal, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out.

FullStory (FullStory, Inc.)

FullStory is an analytics and heat mapping service provided by FullStory, Inc.
FullStory maps how frequently Users interact with the different areas of www.donna.legal, allowing the Owner to draw conclusions about their interests and preferences. FullStory further allows for the recording of mapping sessions making them available for later visual playback.

Personal Data processed: Cookies; Usage Data.

Place of processing: United States – Privacy PolicyOpt out.

Twitter Ads conversion tracking (Twitter, Inc.)

Twitter Ads conversion tracking is an analytics service provided by Twitter, Inc. that connects data from the Twitter advertising network with actions performed on www.donna.legal.

Personal Data processed: Cookies; Usage Data.

Place of processing: United States – Privacy Policy.

Facebook Ads conversion tracking (Facebook pixel) (Facebook Ireland Ltd)

Facebook Ads conversion tracking (Facebook pixel) is an analytics service provided by Facebook Ireland Ltd that connects data from the Facebook advertising network with actions performed on www.donna.legal. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Audience Network.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy.

LinkedIn conversion tracking (LinkedIn Insight Tag) (LinkedIn Corporation)

LinkedIn conversion tracking (LinkedIn Insight Tag) is an analytics and behavioral targeting service provided by LinkedIn Corporation that connects data from the LinkedIn advertising network with actions performed on www.donna.legal. The LinkedIn Insight Tag tracks conversions that can be attributed to LinkedIn ads and enables to target groups of Users on the base of their past use of www.donna.legal.

Users may opt out of behavioral targeting features through their device settings, their LinkedIn account settings or by visiting the AdChoices opt-out page.

Personal Data processed: Cookies; device information; Usage Data.

Place of processing: United States – Privacy Policy.

Google Ads conversion tracking (Google Ireland Limited)

Google Ads conversion tracking is an analytics service provided by Google Ireland Limited that connects data from the Google Ads advertising network with actions performed on www.donna.legal.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy Policy.

Displaying content from external platforms

This type of service allows you to view content hosted on external platforms directly from the pages of www.donna.legal and interact with them.
This type of service might still collect web traffic data for the pages where the service is installed, even when Users do not use it.

Wistia widget (Wistia, Inc.)

Wistia is a video content visualization service provided by Wistia, Inc. that allows www.donna.legal to incorporate content of this kind on its pages.

Personal Data processed: Tracker; Usage Data.

Place of processing: United States – Privacy Policy.

Iframely (Itteco Software Corp)

Iframely is a an Embed Code service provided by Itteco Software Corp. that allows www.donna.legal to incorporate content from third party services on its pages.

Personal Data processed: Tracker; Usage Data.

Place of processing: Canada – Privacy Policy.

Handling Payments

Unless otherwise specified, www.donna.legal processes any payments by credit card, bank transfer or other means via external payment service providers. In general and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. Www.donna.legal isn't involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.

Stripe (Stripe Inc)

Stripe is a payment service provided by Stripe Inc.

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Infrastructure Monitoring

This type of service allows www.donna.legal to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Which Personal Data are processed depends on the characteristics and mode of implementation of these services, whose function is to filter the activities of www.donna.legal.

Sentry (Functional Software, Inc. )

Sentry is a monitoring service provided by Functional Software, Inc. .

Personal Data processed: various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.

Managing Contacts and Sending Messages

This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.

Customer.io (Peaberry Software Inc.)

Customer.io is an email address management and message sending service provided by Peaberry Software Inc.

Personal Data processed: Cookies; email address; Usage Data.

Place of processing: United States – Privacy Policy.

Remarketing and Behavioral Targeting

This type of service allows www.donna.legal and its partners to inform, optimize and serve advertising based on past use of www.donna.legal by the User.
This activity is facilitated by tracking Usage Data and by using Trackers to collect information which is then transferred to the partners that manage the remarketing and behavioral targeting activity.
Some services offer a remarketing option based on email address lists.
In addition to any opt-out feature provided by any of the services below, Users may opt out by visiting the Network Advertising Initiative opt-out page.

Users may also opt-out of certain advertising features through applicable device settings, such as the device advertising settings for mobile phones or ads settings in general.

Twitter Remarketing (Twitter, Inc.)

Twitter Remarketing is a remarketing and behavioral targeting service provided by Twitter, Inc. that connects the activity of www.donna.legal with the Twitter advertising network.

Personal Data processed: Cookies; Usage Data.

Place of processing: United States – Privacy PolicyOpt Out.

Twitter Tailored Audiences (Twitter, Inc.)

Twitter Tailored Audiences is a remarketing and behavioral targeting service provided by Twitter, Inc. that connects the activity of www.donna.legal with the Twitter advertising network.

Users can opt out from interest-based ads by going to: Personalization and Data.

Personal Data processed: Cookies; email address.

Place of processing: United States – Privacy PolicyOpt Out.

Facebook Remarketing (Facebook Ireland Ltd)

Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook Ireland Ltd that connects the activity of www.donna.legal with the Facebook advertising network.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out.

Facebook Custom Audience (Facebook Ireland Ltd)

Facebook Custom Audience is a remarketing and behavioral targeting service provided by Facebook Ireland Ltd that connects the activity of www.donna.legal with the Facebook advertising network.

Users can opt out of Facebook's use of cookies for ads personalization by visiting this opt-out page.

Personal Data processed: Cookies; email address.

Place of processing: Ireland – Privacy PolicyOpt Out.

LinkedIn Website Retargeting (LinkedIn Corporation)

LinkedIn Website Retargeting is a remarketing and behavioral targeting service provided by LinkedIn Corporation that connects the activity of www.donna.legal with the LinkedIn advertising network.

Personal Data processed: Cookies; Usage Data.

Place of processing: United States – Privacy PolicyOpt Out.

Google Ads Remarketing (Google Ireland Limited)

Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google Ireland Limited that connects the activity of www.donna.legal with the Google Ads advertising network and the DoubleClick Cookie.

Users can opt out of Google's use of cookies for ads personalization by visiting Google's Ads Settings.

Personal Data processed: Cookies; Usage Data.

Place of processing: Ireland – Privacy PolicyOpt Out.

Tag Management

This type of service helps the Owner to manage the tags or scripts needed on www.donna.legal in a centralized fashion.
This results in the Users' Data flowing through these services, potentially resulting in the retention of this Data.

Segment (Segment Inc.)

Segment is a tag management service provided by Segment.io, Inc.

Personal Data processed: Cookies; Usage Data.

Place of processing: United States – Privacy Policy.

User Database Management and Chat

This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to www.donna.legal, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks' profiles) and used to build private profiles that the Owner can display and use for improving www.donna.legal.
Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on www.donna.legal.

Intercom (Intercom Inc.)

Intercom is a User database management service provided by Intercom Inc.
Intercom can also be used as a medium for communications, either through email, or through messages within www.donna.legal. Intercom Messenger may use Trackers to recognize and track Users behaviour.

Personal Data processed: Cookies; Data communicated while using the service; email address; Universally unique identifier (UUID); Usage Data; various types of Data as specified in the privacy policy of the service.

Place of processing: United States – Privacy Policy.