CS Disco, Inc. (“Company” “Us” or “We”) respects your privacy and is committed to protecting it through our compliance with this policy.
This policy applies to information we collect:
It does not apply to information collected by:
We collect several types of information from and about users of our Website, including information:
We collect this information:
The information we collect on or through our Website may include:
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions”). Your User Contributions are posted and transmitted to others at your own risk. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
The information we collect automatically may include personal information, and we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
The technologies we use for this automatic data collection may include:
We may collect information about you from public sources including without limitation LinkedIn, Facebook, or your company’s website. The information that we collect may include your name, email address, job title, telephone number, employer, and any additional information that you provide to us when communicating with us.
We use information that we collect about you or that you provide to us, including any personal information:
We may disclose anonymized and aggregated information about our users without restriction.
We may also disclose your personal information:
If you provide personal information to us through our website, or if you otherwise contact us (for example by email or telephone), our legal basis for processing your personal information is that it is necessary for our legitimate interest in conducting our business, in particular by providing any products, services and information that you request.
If we collect your personal information from publicly available sources, our legal basis for processing your personal information is that it is necessary for our legitimate interest in promoting our business.
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on NAI’s website.
You may have certain rights in relation to any personal information we collect about you. These may include the rights to request access to the personal information we hold about you, to obtain a copy of your personal information in machine readable format, or to request that it is erased or that any inaccurate personal information is rectified. You may also have the right to ask us to restrict how we process your personal information, to withdraw your consent to how we process your personal information, or to request that we do not use your personal information for the purposes of direct marketing.
Although you have the right to make these requests, we may deny your requests, in whole or in part, under certain circumstances, such as if we are unable to authenticate that you are the individual for whom the personal information is being requested or providing you with access to personal information would necessarily violate the legitimate rights of another individual. If we deny access to you, we will communicate the denial to you and reasons for the denial in a timely manner unless prohibited from doing so by law or regulation. Further, as a consequence of you exercising these rights, you may not be able to use our Website, download materials from our Website and we will not be able to provide you with requested services or information from our Website.
You also have the right to complain about the use of your personal information to your local supervisory authority.
CS Disco, Inc.
111 Congress Ave, Suite 900
Austin, Texas 78701
833.653.4726 toll free
CS Disco, Inc. (“DISCO”, the “Company,” “we,” or “us”) is committed to safeguarding the private information entrusted to it by its customers. DISCO complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. DISCO has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. DISCO has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Data Privacy Framework Notice (this “Notice”) and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles (collectively, the “DPF Principles”), the DPF Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
DISCO is responsible for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on its behalf. DISCO complies with the DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
We collect and store Personal Data provided to us by individuals, law firms, business organizations, and government entities (each, a “Customer”, and collectively, our “Customers”) who sign agreements with us to use our software. Personal Data we receive from Customers are names, addresses, email addresses, email content, file-shares and other Personal Data identifiable to an individual. Any Personal Data received from our Customers is used strictly for the business purposes defined in the software agreement between a Customer and DISCO. It is not shared with third parties except in compliance with the provisions of the software agreement between a Customer and DISCO, and in such a case, such Personal Data is shared only with third parties who are authorized to receive it under the provisions of the software agreement, which may include without limitation, parties or counsel involved in litigation or other forms of dispute resolution, DISCO affiliates or service providers, and DISCO subprocessors as defined in DISCO’s Data Processing Addendum. Such sharing occurs solely to permit DISCO to exercise its rights and satisfy its obligations pursuant to the software agreement between a Customer and DISCO. We also collect and store names, addresses, email addresses, and email content received from Customer representatives using our software and accessing our support services site at login.csdisco.com and support.csdisco.com.
You have rights with respect to the Personal Data we receive from our Customers including the right to access, delete, amend, and correct your Personal Data. If you wish to access, correct, amend, or delete your Personal Data provided by a Customer to DISCO, you may contact us as described below. Similarly, if you wish to limit the use or sharing of your Personal Data, you should contact us as described below.
Visitors to our website www.csdisco.com will occasionally provide us with Personal Data on a completely voluntary basis. DISCO will only process and store this data in ways that are compatible with the purpose for which the visitor gave it to DISCO, or for which DISCO stored it, or for purposes the visitor later authorizes. Before we use this data for a purpose that is materially different than the purpose for which we received it or for which it was later authorized, we will provide the visitor with the opportunity to opt out. DISCO maintains reasonable procedures under the circumstances to help ensure that data collected from visitors is reliable for its intended use, accurate, complete, and current.
We also collect and store anonymous general information about the use of our websites and software, such as which software features our Customers use most frequently, and which services our Customers access the most. We use only aggregated data for this purpose, which de-identifies any individual Customer or visitor to our site. This information helps us determine what is most beneficial for our users and how we can continually create a better overall software and services experience. We may use this general and aggregated anonymous information and share it with our business partners so that they too may understand how our site is used.
Our Customers may, without our knowledge, provide us data that includes Personal Data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic information, or health or sex-life information (collectively “Sensitive Personal Data”), solely for the purpose of using DISCO’s software and services. DISCO does not otherwise collect or store Sensitive Personal Data as a matter of course in its operations and does not ask our Customers or any visitors to supply it. Any Sensitive Personal Data received from Customers is used strictly for the business purposes defined in the software agreement between a Customer and DISCO. It is not shared with third parties except in compliance with the provisions of the software agreement between a Customer and DISCO, and in such a case, such Personal Data is shared only with third parties who are authorized to receive it under the provisions of the software agreement, which may include without limitation, parties or counsel involved in litigation or other forms of dispute resolution, DISCO affiliates or service providers, and DISCO subprocessors as defined in DISCO’s Data Processing Addendum. Such sharing occurs solely to permit DISCO to exercise its rights and satisfy its obligations pursuant to the software agreement between a Customer and DISCO.
You have the rights with respect to the Sensitive Personal Data we receive from our Customers including the right to access, delete, amend, and correct your Sensitive Personal Data. If you wish to access, correct, amend, or delete your Sensitive Personal Data provided by a Customer to DISCO, you may contact us as described below. Similarly, if you wish to limit the use or sharing of your Sensitive Personal Data, you should contact us as described below. Any requests to obtain your opt-in consent where the DPF requires, including disclosure of your Sensitive Personal Data to third parties, or before your Sensitive Personal Data is used for a different purpose than for which it was provided to DISCO by a Customer or for which you later authorized, should be directed to us as described below.
In certain situations, DISCO may be required to disclose EU, UK, or Swiss Personal Data in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.
For purposes of enforcing compliance with the DPF, DISCO is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the DPF, see the US Department of Commerce’s Data Privacy Framework website located at: https://www.dataprivacyframework.gov/. To review our representation on the Data Privacy Framework list, see the US Department of Commerce’s DPF self-certification list located at https://www.dataprivacyframework.gov/s/participant-search.
In compliance with the DPF, DISCO commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on DPF should first contact DISCO at:
CS Disco, Inc.
Attn: General Counsel
111 Congress Ave, Suite 900
Austin, Texas 78701
DISCO will respond to individuals within forty-five (45) days of an inquiry or complaint. If an individual has an unresolved complaint or concern that is not addressed satisfactorily, that individual may contact our U.S. based third-party dispute resolution provider: JAMS Dispute Resolution Services. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-data-privacy-framework for more information or to file a complaint. The services of JAMS are provided at no cost to you.
If the dispute involves human resources personal information or information collected in the context of an employment relationship, DISCO commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC). For information on how to contact your EU jurisdiction’s DPA, visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en. For information on how to contact your UK Information Commissioner, visit: https://ico.org.uk/. For information on how to contact your Swiss jurisdiction’s Commissioner, visit: https://www.edoeb.admin.ch/index.html?lang=en.
Under certain circumstances, you may have the option to select binding arbitration for the resolution of your complaint, provided you have already taken the following steps (as applicable): (1) raised your complaint directly with our Customer and provided them with the opportunity to resolve the issue; (2) raised your complaint directly with DISCO and provided us with the opportunity to resolve the issue; (3) made use of the independent dispute resolution mechanism identified above; and (4) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you.
DISCO maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the DPF and the DPF Principles.
By using our website, you signify your acceptance of this Notice. If you do not agree to this Notice, please do not use our website. Your continued use of our website following the posting of changes to this Notice will be deemed your acceptance of those changes.
We reserve the right to amend this Notice from time to time consistent with the DPF requirements.
Effective Date: 10 October 2023