Data protection and privacy policy for access to our service

This policy

This is our data protection and privacy policy that explains who we are, why and how we process personal data and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.

In order to provide the services, our clients require their external legal adviser(s) (each an "Adviser") to provide us with certain information and data generated by the Adviser's time recording system ("Adviser Data"). Adviser Data may include personal data relating to the Adviser's employees, agents and/or consultants.

This data protection and privacy policy does not change any terms of a business agreement with our client or any third party, it simply provides additional information to you regarding our services. If you believe that any personal data relating to you may be classified as Adviser Data and you would like further information on how such data is collected and/or disclosed, please direct your questions to the Adviser.

Who are we?

We are Apperio Limited. Our contact and other details are set out at the end of this policy.

  • We are the processor in relation to Adviser Data hosted within our SaaS solution.
  • We are a controller where we process personal data (other than Adviser Data) to administer, provide, and promote our service and our client relationships.

Apperio provides a SaaS solution which allows in-house legal teams to see transparently how its legal fees are being incurred by its external legal counsel(s) each an "Adviser". Apperio enters into a commercial contract with its clients for the supply of services and users of the clients are then granted access to the services through the online portal to allow them to monitor and review, real time, how their external law firms are spending time on their matters. Apperio may also enter into a co-operation agreement with the Adviser which sets out the terms upon which the Adviser may share data and information, including personal data, with Apperio to provide the services to the Adviser's clients.

Users who are granted access to the portal so that they may use the services will be employees or authorised individuals of Apperio's clients.

Whose personal data do we process?

We may process personal data relating to you if:

  • You are a customer or a supplier of ours.
  • You use our services.
  • You are an employee, agent or consultant of a customer or a supplier of ours, or are someone who uses our products or services.
  • You are an employee, agent or consultant of an Adviser who is given access to our SaaS solution for the purposes of viewing any Adviser Data assigned to a matter that you are responsible for.
  • You are an employee, agent or consultant of an Adviser who has recorded legal spend and/or time against a matter.
  • You are someone (or you work for someone) to whom we want to advertise or market our goods or services.

What sort of personal data about you do we process?

We may process personal data relating to you that we have either obtained from you, or obtained from a third party such as an Adviser. Personal data relating to you that we process may include:

  • Your name.
  • Who you work for, and your job function or department.
  • Your address, phone number, email address or other contact details (these details may relate to your work or to you personally, depending on the nature of our relationship with you or the person that you work for).
  • Information about you that you give us by communicating with us by phone, by e-mail, via our website, via social media or otherwise. It includes information you give us or that we obtain when you use our website, obtain or subscribe to our goods or services, supply us with goods or services, enquire about a product, place an order, enter a competition, promotion or survey, or contact us to report a problem, or do any of these things on behalf of the person that you work for.
  • Information relating to transactions with us involving you or the person that you work for (for example, details of goods or services that we have supplied to, or obtained from, you or the person you work for).
  • Other information relating to you which it is necessary for us to process in order to enter into or perform a contract with you or the person that you work for (for example, right to work information and information obtained from credit references agencies where this is necessary to enable us to carry out appropriate checks in relation to contracts with you or someone else that you work for or are otherwise related to).
  • Information about events to which you or those related to you are invited, and your personal information and preferences to the extent that this information is relevant to organising and managing those events (for example, your dietary requirements).
  • Information that we obtain from you when you use our website, including:
    • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
    • Information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
  • Adviser Data, which is personal data, such as name, title, position, email address, employer, office location, fee earner ID, time spent on a particular matter, chargeout rate, personal data contained in matter narratives (which, depending on the nature of the matter, could include: (i) sensitive data, (ii) medical data, (iii) data related to corporate governance or transactions, or (iv) evidence or statements in contentious matters or investigations.


When you interact with our website and / or services ("Our Site"), we try to make that experience simple and meaningful. When you visit Our Site, a web server sends a cookie or other similar technology to your computer or mobile device (as the case may be). Cookies are small pieces of information which are issued to your computer or mobile device (as the case may be) when you visit a website and which store and sometimes track information. A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to Our Site and will last for longer.

The cookies and/or other similar technologies we use collect information, such as the type of internet browser or mobile device you use, any website from which you have come to Our Site, your IP address and/or the operating system of your computer or mobile device.

We use cookies to:

  • remember that you have visited us before. This means we can identify the number of unique visitors we receive and for security reasons ensure that use of your account is by yourself and not another third party; This allows us to make sure we have enough capacity for the number of users that we get;
  • confirm that you have accepted the cookies banner notification;
  • customise elements of the layout and/or content of the pages of Our Site; and
  • collect anonymous statistical information about how you use Our Site (including how long you spend on Our Site) and where you have come to Our Site from, so that we can improve Our Site and learn which parts of Our Site are most popular with users.

Some of the cookies used by Our Site are set by us, and some are set by third parties who are delivering services on our behalf.

Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device. Please note, however, that by blocking or deleting cookies used on Our Site, you may not be able to take full advantage of Our Site.

What do we do with your personal data?

We process your personal data for the following purposes:

  • To enter into, and to perform, contracts with you or the person that you work for.
  • To:
    • provide services to users of our services (which may include providing Advisers' employees, partners, agents and/or consultants with access to our SaaS solution so that they may review all Adviser Data assigned to a matter that they are responsible for) ;
    • manage and administer our relationships with users of our services;
    where you or the person that you work for may be the relevant user of services for these purposes.
  • To advertise and market, and provide information about, our services.
  • To administer our website under our terms and for internal operations, including troubleshooting, and data analysis, testing, research, statistical and survey purposes.
  • To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
  • To keep our website, services and other systems safe and secure.
  • To make suggestions and recommendations about services that may interest you or the person that you work for and subject to your stated preferences where relevant.

Who do we disclose your personal data to?

We may share your personal data with:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
  • Appropriate third parties including:
    • our business partners, customers, suppliers and sub-contractors for the performance of any contract we enter into or other dealings we have in the normal course of business with you or the person that you work for; and
    • our auditors, legal advisors and other professional advisors or service providers;
  • In relation to information obtained via our website:
    • analytics and search engine providers that assist us in the improvement and optimisation of our site and subject to the cookie section of this policy.

Other disclosures we may make

We may disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets subject to the terms of this privacy policy.
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use with you and/or commercial agreement with your employer; or to protect the rights, property, or safety of Apperio Limited, our clients, users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

What are the legal grounds for our processing of your personal data?

The basis on which we process your personal data is as follows:

  • Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (see below for how to withdraw your consent at any time).
  • Otherwise, we will process your personal data only where the processing is necessary:
    • for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into such a contract;
    • for compliance with a legal obligation to which we are a subject; or
    • for the purposes of the legitimate interests pursued by us or another person, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data (most circumstances in which we process your personal data in relation to a relationship that we have with the person that you work for will fall into this category).

How long do we process personal data for?

We process personal data only for so long as is necessary for the purpose(s) for which it was originally collected, after which it will be deleted or archived except to the extent that it is necessary for us to continue to process it for the purpose of compliance with legal obligations to which we are subject or for another legitimate and lawful purpose.

Where do we process personal data?

The data that we process in relation to you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA") that may not be subject to equivalent data protection law. It may also be processed by staff situated outside the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of orders, the processing of payment details and the provision of support services.

Where personal data is transferred in relation to providing our services we will take all steps reasonably necessary to ensure that it is subject to appropriate safeguards, such as relying on a recognised legal adequacy mechanism which may include by entering into EC approved standard contractual clauses relevant to transfers of personal information (see and that it is treated securely and in accordance with this privacy policy.

All personal data processed by is stored on secure servers. Any payment transactions will be encrypted using appropriate technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or systems, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

What are your rights?

You have the following rights in relation to personal data relating to you that we process:

  • You may request access to the personal data concerned (please see the section on obtaining access to your personal data, below).
  • You may request that any incorrect personal data about you that we are processing be rectified.
  • In certain circumstances (normally where the personal data has been provided by you and it is no longer necessary for us to continue to process it), you may be entitled to request that we erase the personal data concerned.
  • Where we are processing personal data relating to you on the basis of your prior consent to that processing, you may withdraw your consent at any time, after which we shall stop the processing concerned.

You can withdraw your consent to any relevant processing of personal data:

Our details – contacting us

Our full details are:

Address: Apperio Limited, 6th Floor, 9 Appold Street, London, EC2A 2AP

The Information Commissioner

The Information Commissioner is the supervisory authority in the UK and can provide further information about your rights and our obligations in relation to your personal data, as well as deal with any complaints that you have about our processing of your personal data.

Changes to this policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Date of this policy

This policy was last updated on Oct. 2nd 2019, version v1.1.1.