Privacy Policy

At LEXACT SOLUTIONS LIMITED which operates the website with the name “Cityoflaw.com”, we care about the privacy and security of your personal information and we take measures to ensure that your personal information is properly handled while in our possession and while in the possession of others to whom we may disclose it, under the terms and for the purposes explained in this Privacy Policy, in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “General Data Protection Regulation” or the “Regulation”).

This Policy mainly explains when and why we collect personal information or personal data about visitors to our website, namely, https:www.cityoflaw.com and/or natural persons in general to whom we are selling law books or offering our services to, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time. When we do so in relation to an important matter, we will notify you about the change, for example, by displaying a relevant notice on our homepage. Importantly, by using our website, you agree to this Policy as amended from time to time to the extent relating to information we collect about you in your capacity as a user of our website. As far as information about you we collect in the context of conducting our business in general, whether you have used our website or not, you are welcome to contact us in case you are not happy with any change to our Privacy Policy. Our full details are stated below in this Privacy Policy.

Who are we?

LEXACT SOLUTIONS LIMITED
(with Company Registration Number ΗΕ 214808; VAT registration no: 10214808G)

Registered Office Address:
13 Konstantinou Oikonomaki, Engomi, 2402, Nicosia, Cyprus

Physical office address:
6, Onasagoras Str., 3rd Floor, Office 301, 2018 Strovolos, Nicosia, Cyprus

Tel: +(357) 22003161
Email: [email protected] ; [email protected]
Website: https://www.cityoflaw.com

Nature of business: We sell online or printed law books and provide translation services in all languages, certified, sworn or plain, or other services connected to legal material, such as yearly subscriptions, legal documents and agreements, free access to laws as well as help others to sell their books with us.

How do we collect information from you?

We obtain information about you when you use our website, for example, when you contact us about our products and services, if you register to receive information or services or products from us or register to have access to material offered on or through our website or register to sell your book with us or  register to join our translation team, as well as if you submit a complaint, query or request to us by email or phone or any other means of distance communication.

We may also record information about you while you use our websites even if you do not do any of the above and simply browse through our website by clicking on links displayed therein. Such information is automatically recorded in the server logs of your websites and/or by cookies as explained in our Cookie Policy.

We also collect information about you through email or through our hard-copy forms sent by email or handed over in person, when you visit our offices or contact us requesting information about our products or services, when you request a quotation, when you submit an order or request the provision of a service when you request or receive delivery of products or services purchased, when you pay us for your purchases or when you contact us submitting requests, queries or complaints to us by any means.

We also collect information about you when you create an account to us and become our member in order to buy a book from us or receive services.

What type of information is collected from you?

The personal information we collect is only information that we need in order to provide you with our services or products, to respond to your queries and to comply with our legal or regulator duties in relation to those services and products. Accordingly, the provision of such information is mandatory, in the sense that we will be unable to provide you with our services or products, if we do not have the said information. If we seek additional information, we will inform you of the purpose and if necessary, seek your consent.

The personal information we collect may include:

  • When you buy a book from us or place an order in the shopping cart for billing:

Your first and last name, company name (optional), company ID/EUID number (optional), VAT/TAX number (optional), name of Bank (optional), Bank IBAN (optional), country region, street address, town/city, state/country, postcode/ZIP, phone, email address, if deliver to a different address and any other notes about your order you voluntarily provide to us (e.g. special notes for delivery), as well as your details about your order, such as the product’s name, how many items of the product, its price (subtotal and total in euros) and its shipping costs (flat rate in euros) with the way of paying by cash on delivery or by PayPal or by a credit card and your credit card or PayPal details. We may also collect information about your purchases and your payment coupons.

  • When you register in our website to create or access an account:

Your username or email address and your password;

  • When you register to join our translation team:

Your full name, contact telephone, education degree, languages, country, email address, years of experience, rate per word;

  • When you register to sell your book with us:

Your first and last name, email address, phone number, password, shop name, shop URL, company name, company ID/EUID number, VAT/TAX number, name of Bank, Bank IBAN;

We collect information about you in your capacity as a visitor of our website, specifically, your IP address as well as information regarding what pages on our website you have accessed and when; these are automatically recorded in our server logs as part of how the internet works and through cookies as explained in our cookie policy.

We also collect any other information you provide to us by filling in and submitting web forms on our website, sending us emails, calling us or more generally, contacting us by any means of communication, as well as when you are providing to us information through our hard-copy forms sent by email or handed over in person. If you have registered or place an order in our shopping cart or place a product in our wish list or request a service, we also collect information about your products or services requested regardless of whether you finally pay for the product or services or not.

When you pay by credit card or by PayPal, your payment details are not retained by us. They are collected by a third party payment service provider with whom we co-operate for this purpose. We believe that this provider is a data controller bound by all the requirements of the General Data Protection Regulation. For more on this third party provider, please see below in this Privacy Policy.

How is your information used?

We use your information lawfully in accordance with Article 6(1)(a), i.e., for purposes you have consented to, Article 6(1)(b), i.e., as necessary to conclude or perform a contract with you, Article 6(1)(c), i.e., to comply with obligations imposed by law (such as tax legislation) and Article 6(1)(f), i.e., as necessary for legitimate interests we pursue as a business.

We explain these immediately below to help you understand how exactly we use your information:

We use your information in order to respond to orders, proposals, requests or queries submitted by yourself or by another person acting on your behalf or in order to communicate with you.

More specifically, we may use your information in order to:

Article 6(1)(a)

  • provide you with information about promotional offers and our products and services, where you have consented to such communications;
  • process your personal information for any other specific purpose, you have consented to;

Article 6(1)(b)

  • set up, operating and managing your account;
  • respond to your orders for products or services, requests or queries or participation requests to our translation team or selling books with us scheme;
  • process or examine product orders or requests for information or services or participation in our translation team or selling books with us scheme, submitted by you;
  • carry out our obligations arising from the contract entered into between you and us, such as to deliver purchased products or provide purchased services or purchased material offered on or through our website;
  • receive or request payment from you for the purchased products or services or material;
  • send you communications which you have requested such as a reply to a query, a tender or quotation you have requested or invoices and receipts;

Article 6(1)(c)

  • comply with our obligations derived from tax legislation with regard to issuing and retain payment-related documentation for bookkeeping and auditing purposes;

Article 6 1 (f)

  • notify you of key changes to our services (such as opening hours), products (such as the cessation of the marketing of product) when relevant or our privacy policy.

We will not normally contact you for marketing purposes by post, email, phone or text message unless you have given your prior consent. You can change your marketing preferences and withdraw previously-given consent at any time by contacting us at the details stated at the beginning of this Privacy Policy.

In case, we contact you for marketing purposes without previously expressly securing explicit consent, it is because you are an existing customer of our company and we believe we have a legitimate interest in promoting our products or services to our existing customers in order to increase sales to the extent permitted by the law.

We will do so without intruding disproportionately on your privacy and we will provide you with a clear opportunity to object, in which case we will stop sending you marketing messages. For more on this right of to object to the processing of personal data for direct marketing and in general, see below in this Privacy Policy.

Where and how long do we retain your information for?

We,  only retain your information for as long as it is necessary for us to perform a contract we have with you or have your consent or while you hold an account with us or to comply with legal obligations to which we are subject, in particular, tax legislation (six years from the end of the financial year to which they refer according to the Assessment and Collection of Taxes Law of 1978 (L.4/1978), Section 30) as well as to be able to defend or institute any legal actions against or in the name of our company (the limitation period for contractual disputes is six years according to the statute of limitations).

When there are no specified maximum retention periods, we retain your data for seven (7) years, starting from the date of the termination or completion of the contract or the relationship with you or from the end or settlement of any dispute arising between us, if applicable. This period covers the period specified by the statute of limitations, after the lapse of which no legal claims can successfully be raised against us and the period specified by tax legislation and/or our accountants and auditors’ advice.

We retain your information for a period of six months, in case we have collected your information in any of the ways described earlier in this Privacy Policy but we have never had a contract with you. The same applies to information we have collected as a result of yourself addressing a query or a comment to us through email or otherwise, when we have never had a contract with you.

We retain information we collect about you in your capacity as a mere visitor to our website for 6 months, as this is the time that said data approximately remains in the server logs of our website.

In the event of a data breach or a relevant allegation, the personal data relating to its handling will be retained up to twelve (12) months after the completion of any procedure relating to the breach.

After the lapse of the aforementioned periods of retention, we remove it from our systems by deleting it or we fully anonymize it so that you can no longer be identified from it. In this latter case, we do not delete all of the information but only those pieces of information such as your name, address, email address and any other information revealing that the said information belongs to you.

Who has access to your information?

We will never sell your information to third parties and we will not share it with third parties for marketing purposes.

We may pass your information to third party service providers. Such third parties may be technical service providers providing us with the software systems (or their maintenance) necessary to contact administrative tasks inherent in the provision of our services to you or in the conducting of our business or messengers and/or delivery companies we use to deliver ordered products to you as per your request. We only disclose to them the personal information that is absolutely necessary to deliver the service or perform the said task and we have a contract in place that requires them to keep your information secure and in accordance with the principles and rules of the General Data Protection Regulation and not to use it for their own direct marketing purposes or for any purposes other than to provide the service or complete the task as explained above.

We may also pass your information to our lawyers and accountants/auditors to the extent necessary to defend or institute legal claims and to comply with legal obligations with regards to financial accounts and tax reasons respectively.

If you would like more information about these third parties, you can contact us at the details given at the beginning of this Privacy Policy and we will provide you with the identity of any parties to whom your information has been disclosed, if you do not already have the said information.

When you pay by credit card through the payment gate integrated in our website you are getting into a direct processing procedure with PAYNT UAB our payment service provider integrated in our website. Your payment is processed by PAYNT UAB payment service provider, who specializes in the secure online processing of payment transactions. As this processing is not performed by us and we do not retain the relevant data, your rights, explained in the next section of this Policy, to the extent referring to payment card details or transactions should be exercised directly with the said payment service provider. In case, you address a relevant request to us, we will take reasonable measures to meet the request to the extent possible. The said provider is a data controller in its own rights and bound by all of the obligations of the GDPR and VISA, MASTER CARD PCI-DSS compliance. You can view its own privacy policy on its own website www.paynt.com

We may also transfer personal information to our banks in banks when you pay us through a check or a bank transfer. Banks within the EU are controllers of personal data themselves and are bound by all of the obligations of the General Data Protection Regulation and must have their own privacy policies which you should consult.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganization in which case we will take measures to ensure that all data protection principles and related rights as derived by the General Data Protection Regulation are fully complied with, prior, during and after the relevant transfer.

We may disclose your information to public authorities, if disclosure is required by law or an order issued by a court of law.

Other than the above, the recipients of personal data will be the authorized members of our staff which are contractually bound by confidentiality and security obligations and have been informed and trained to handle your personal data in accordance with the rules and principles of the General Data Protection Regulation.

What are your rights?

You may at any time send us any of the following requests and we will meet them the earliest possible and in any case, within a month from the date of receipt of your request and inform you about the action we have taken. If your request is for any reason complex to examine or meet, we will ask you for an extension before the aforementioned one-month period expires.

If we have legitimate reasons to refuse to satisfy your request, we will inform you accordingly and in this case, you have the right to submit a relevant complaint to the Cyprus data protection authority, namely, the Data Protection Commissioner, http://www.dataprotection.gov.cy/ if you believe that our decision is unjustified or you may believe that your personal data is not handled by our company legitimately.

These are the requests you can submit to us:

A request that we permanently delete all or some of your information from our records (right to be forgotten or to erasure), for example when we no longer have reasons to retain it.

A request for you to access your information that we keep in our records (right of access).

A request that we provide you with a copy of your information that exists in our records, in digital or hard copy form. If you require more than one copy, we may charge you a maximum of EUR10,00 per copy as administrative costs. (right to a copy).

A request that we update or correct your information that we keep in our records (right to rectification), for example, in case it is outdated or contains errors or inaccuracies.

A request that we provide you with information of yours we keep in our records in a structured, commonly used and machine-readable format or forward it in such form to another provider of your choice, if such forwarding or transfer is technically possible (right to portability). Please note that this right applies only in relation to data that you yourself has provided to us with and which we process by electronic means in the context of a contract between you and our company or because you have consented to us doing so.

A request that we stop doing anything with your information without however deleting it from our records (right to restriction of processing). In this case, we will restrict access to your data.

A request that we stop processing your information for direct marketing purposes or on the basis of legitimate interests pursued by our company in accordance with Article 6(1)(f), GDPR as explained under the fourth question of this Privacy Policy or in the name of the public interest (right to object). In the case of direct marketing, we will stop processing your information. In the rest of the cases, we will do so the same unless we have compelling reasons to refuse to do so.

In case of purposes, you have consented to, you can withdraw your consent at any time (right to withdraw consent), without affecting the lawfulness of processing based on consent before its withdrawal.

If you wish to exercise any of the above rights you will be able to do so by contact us at any of the contact details stated above in this Privacy Policy, preferably by email specifying the type of right you seek to exercise.

Please note that before acting upon any of your above requests, we may require you to prove your identity, if we are in doubt about your true or correct identity. If we cannot identify you, i.e., we do not hold personal data belonging to the person you are saying you are, we will inform you accordingly and we will not act upon your request.

The personal data relating to the handling of any of your requests will be retained up to nine (9) months after the completion of any procedure relating to the request.

What security measures do we apply to protect your information?

When you give us personal information, we take organizational and technical measures to ensure to keep it secure and protected against unauthorized disclosure, alteration, accidental loss or other violation or unlawful processing. Such measures, amongst others, aim at restricting access to personal information, ensuring secure storage, limiting the risk of viruses and other harmful events, securing and keeping secure back-ups and effectively destroying unnecessary or outdated data.

We follow the Payment Card Industry Data Security Standard (PCI DSS) when handling credit card data and any communications through our website are encrypted and protected through the use of 256 Bit encryption on SSL. This means that what you send and receive from the website is encrypted, which makes it difficult for anyone else to see, read or take possession of this data. You know your information is encrypted, when you see a lock icon appearing in address bar of your web browser before the URL of the web page you are on. The data related to the handling of any incident of personal data breach are kept for a period of twelve (12) months from its notification to the competent authority or the final termination of any process related to the breach if such a process exists.

Use of Cookies

Please click here to read our Cookie Policy.

Transferring your information outside the European Union

We do not transfer your information outside the European Union.