Privacy Policy

We at iThinklegal (“we”, “us”, or “our”) are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard personal information in accordance with Lebanese Law No. 81 of 2018 on Electronic Transactions and Personal Data, as well as any other applicable data protection laws (the “Policy”).

We encourage you to read this Policy in full and review it regularly.

For the avoidance of doubt, this Policy is not a contract and does not itself create any legal rights or obligations.

1. Who we are

iThinklegal is a regional law firm with its headquarters located in Lebanon. This Policy applies to all our operations and services, wherever provided.

2. How we collect personal data

We may collect personal data:

• - Directly from you when you engage with us.
• - Indirectly from third-party sources including your organization, your representatives, publicly available sources, our service providers.
• - Regulatory bodies.
• - Other companies providing services to us.

When we collect personal data directly from you, it is your decision whether to provide data. If you do not provide data, it may hinder your use of, or make it not possible to use, our services or products, not allow you to remain in contact with us, to enter into contracts/agreements with us, or to exercise your rights. If you provide information to us about another person, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and allow us, where necessary, to share that information with our service providers.

3. Updates to this Policy

This Policy may be updated from time to time.

4. What is personal data?

Under Lebanese Law No. 81 of 2018, “personal data” means any information that helps to directly or indirectly identify a natural person, by comparing the data or overlapping data collected from multiple sources.

5. Why we collect your personal data

We may collect and process your personal data if:

• - You are a client or represent a client.
• - You are a counterparty or professional involved in a legal matter we handle.
• - You attend our events, contact us, or visit our offices.
• - You apply for a job.
• - You are a service provider or business contact.
• - Your data is shared with us by clients or third parties.

6. What we collect

• - Identity and contact details (e.g. name, phone, email, address, job title, CV, sources of funds)
• - Government-issued identification data (e.g. ID number, passport, residency etc.)
• - Case-related or legal information
• - Financial details for invoicing and payment
• - Website usage data (e.g. IP address, browser type)
• - Criminal records or special categories of data (e.g. health, ethnicity) where required and permitted by law
• - Cookies and online interaction data

7. Sources of data

• - You directly
• - Our clients or your employer
• - Public records or directories
• - Legal counterparties or professionals
• - Technical tools (e.g. cookies, analytics)

8. How we use your personal data

We use your personal data for the following purposes:

• - KYC: onboarding you or your company or organization as a client to our firm
• - Service provision: providing legal advice and services
• - Business relationship: managing and administering our relationship with you, your company or organization including keeping records about business contacts, services and payments so we can customize our offering for you, develop our relationship and target our marketing and promotional campaigns
• - Communication: sending emails, newsletters and other messages to keep you informed of legal developments, market insights and of our services
• - Events: running legal briefings, roundtables and other events
• - Client surveys and feedback: including events feedback and client listening exercises as well as answering issues and concerns which may arise
• - Client legal compliance: client due diligence (under anti-money laundering, sanctions screening and other crime prevention and detection laws and regulatory requirements) which may involve automated screening checks to ensure that clients and contacts are genuine and to prevent fraud or crime and we may not be able take instructions if you do not provide the information we need to do these checks
• - Site security: provide security to our offices and other premises (normally collecting your name and contact details on entry to our buildings)
• - Online security: protecting our information assets and technology platforms from unauthorized access or usage and to monitor for malware and other security threats
• - Regulatory: compliance with our legal and regulatory obligations as a law firm including auditing and reporting requirements
• - Managing suppliers: who deliver services to us
• - Legitimate interest: to pursue the legitimate business interests listed in the “Legitimate Interests” section of this Policy below

9. Legitimate interests

We have legitimate business interests in:

• - providing legal services
• - managing our business and relationship with you or your company or organization
• - understanding and responding to inquiries and client feedback
• - understanding how our clients use our services and websites
• - identifying what our clients want and developing our relationship with you, your company or organization
• - improving our services and offerings
• - enforcing our terms of engagement and other terms and conditions
• - ensuring our systems and premises are secure
• - developing relationships with business partners
• - sharing data in connection with acquisitions and transfers of our business

10. Consent

Where we rely on your explicit consent to process personal data (especially for sensitive data), you have the right to withdraw it at any time.

11. Sharing your data

• - Our employees and legal professionals
• - Clients or counterparties involved in a matter
• - Service providers (e.g. IT, notaries, investigators, corporate service providers)
• - Public authorities or courts, if required by law
• - Regulatory or supervisory bodies
• - Banks to process the payment of our fees

12. Data security

We adopt reasonable standard technical and organizational measures to secure your data against unauthorized access, alteration, loss, or destruction.

13. Data retention

We retain your personal data only as long as necessary for the purpose for which it was collected, or as required by law.

14. Local law compliance

Our practices are designed to comply with Lebanese Law 81/2018 and any relevant circulars or guidance issued by the Lebanese Ministry of Economy or other competent authorities.

15. Your Rights

You have the right to:

• - Request access to your data
• - Correct inaccurate information
• - Request deletion or restriction
• - Withdraw consent
• - Object to processing in certain cases
• - Be informed about data transfers and processing purposes

To exercise your rights, please contact: [email protected]

16. Complaints

If you believe we have violated your data rights, you may:

• - Contact us directly on [email protected]
• OR
• - File a complaint with the Ministry of Economy and Trade, the competent authority for data protection in Lebanon