Data Privacy Framework Notice

Everlaw, Inc. (“Everlaw”) complies with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK Extension to the EU-U.S. Data Privacy Framework (collectively, the “Data Privacy Framework” or “DPF”), as set forth by the U.S. Department of Commerce, regarding the collection, use, and retention of Personal Information transferred from the European Union, the United Kingdom, and Switzerland to the United States. Everlaw has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of Personal Information received from the EU and UK, and to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of Personal Information received from Switzerland (collectively, the "DPF Principles"). If there is any conflict between the terms in this DPF Notice and the DPF Principles, the DPF Principles shall govern.

To learn more about the Data Privacy Framework, and to view our certification, please visit the Data Privacy Framework website.

Personal Information Collected. The types of Personal Information we receive in the U.S., as well as the purposes for which we collect and use it, are set out in the Everlaw Privacy Notice.

Third Parties. Information about the types of third parties to which we disclose Personal Information, and the purposes for which we do so, is described in our Privacy Notice. In the context of an onward transfer, Everlaw is responsible for the processing of Personal Information that it receives under the Data Privacy Framework and subsequently transfers to a third-party agent acting on our behalf. If such third-party agents process Personal Information in a manner inconsistent with the DPF Principles, we remain liable unless we prove we are not responsible for the event giving rise to the damage.

Your Rights. If you are located in the EU, UK, or Switzerland, you have the right to request access to the Personal Information that we hold about you and request that we correct, amend, or delete your Personal Information if it is inaccurate or processed in violation of the DPF Principles. We will give you an opportunity to opt out where Personal Information we control about you is to be disclosed to a third party or used for a purpose that is materially different from those set out in our Privacy Notice. If you wish to exercise your rights, or otherwise wish to limit the use or disclosure of your Personal Information, please contact us via the details provided below. You may also opt out of receiving marketing communications from us. You can use the unsubscribe option within Everlaw’s marketing emails or unsubscribe via this email address: privacy@everlaw.com

Contact Us. If you wish to exercise your DPF rights, or have any questions or complaints related to Everlaw’s participation in the Data Privacy Framework, we encourage you to contact us via privacy@everlaw.com. We will investigate and attempt to resolve any DPF-related complaints within 45 days of receipt. For any complaints related to the Data Privacy Framework that Everlaw cannot resolve directly, we commit to referring unresolved complaints concerning our handling of personal information received in reliance on the DPF to JAMS, an alternative dispute resolution provider which has locations in the United States, EU, the UK, and Switzerland. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

If neither Everlaw nor other dispute resolution mechanisms are able to resolve your complaint, you may pursue binding arbitration through the Data Privacy Framework. For further information, please visit How to Submit a Complaint.

Enforcement. Everlaw’s compliance with the DPF Principles is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). Please note that under certain circumstances, we may be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Updating This Notice: We may update this DPF Notice from time to time consistent with the DPF Principles. If we make updates that materially alter your privacy rights, we will provide additional notice, such as notifying you by email or posting a notice in the Service prior to the change becoming effective. Your continued access or use of our Services will signify acceptance of the terms of the updated DPF Notice.