Otevana Legal Privacy Policy

Effective Date: 1 July 2025

1. Introduction

Otevana Legal ("Otevana", "we", "us" or "our") is committed to safeguarding the privacy of law firms and their personnel using our cloud-based practice management platform (the "Platform"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, with whom we share it, and your rights in relation to your personal data.

2. Scope & Applicability

This Policy applies to all personal data processed by Otevana in connection with your access to and use of the Platform, including data provided through registration, profile management, invoicing, calendar sync, client files, and communications.

3. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Controller" means the entity that determines the purposes and means of processing Personal Data (Otevana Legal).
  • "Processor" means a third party processing Personal Data on Otevana's behalf (e.g., payment gateways, email providers).
  • "User" means law firms and their Authorized Users (attorneys, staff) who register for the Platform.

4. Personal Data We Collect

4.1 Account & Profile Data: Name, email address, telephone number, firm name, professional credentials.

4.2 Authentication Data: Username, password, security questions.

4.3 Billing & Payment Data: Bank account or payment card details (collected by third-party gateway), billing address.

4.4 Usage Data: IP address, device type, browser type, log-in times, pages visited, crash reports.

4.5 Client File Data: Client file date and records uploaded on the platform.

4.6 Communications Data: Communication data and calendar uploaded on the platform.

5. How We Use Your Personal Data

We process Personal Data for the following purposes:

  • Provision of Services: To create and manage your Account, host and back up Client Data, sync calendars, send invoices, and reminders.
  • Billing & Payments: To issue invoices, process payments via third-party gateways, record payment history.
  • Communications: To respond to support requests, send transactional messages (account notifications, payment reminders).
  • Platform Improvement: To analyze usage patterns and improve functionality, diagnose technical issues, and plan new features.
  • Compliance & Legal Obligations: To enforce our Terms & Conditions, comply with legal obligations (e.g. record retention, audits).
  • Marketing & Promotions (optional): To send news and promotional materials, where you have opted in; you may opt out at any time.

6. Legal Basis for Processing

We rely on the following legal grounds for processing Personal Data:

  • Performance of Contract: Processing necessary to perform our Agreement (e.g. hosting files, billing).
  • Legitimate Interests: For platform maintenance, security monitoring, and fraud prevention.
  • Consent: Where required (e.g. marketing communications).
  • Legal Compliance: To comply with statutes, regulations, or court orders.

7. Data Sharing & Disclosure

7.1 We do not sell Personal Data.

7.2 We share Personal Data with:

  • Service Providers (Processors) fulfilling services: payment gateways, email delivery, cloud hosting, analytics.
  • Law Enforcement & Regulators when required by law or to protect our rights.
  • Affiliates in connection with internal audits and compliance.

7.3 All Processors must adhere to contractual confidentiality and security obligations.

8. International Transfers

Personal Data may be stored and processed in Namibia or in countries where our cloud and service providers operate. We implement safeguards (standard contractual clauses, encryption) to protect data transferred across borders.

9. Data Retention

We retain Personal Data only as long as necessary to fulfill the purposes outlined above or as required by applicable law (generally up to 5 years for financial records). Upon termination of your Account, we will:

  • Archive inactive Client Data for 60 days to allow export.
  • Securely delete or anonymize Personal Data thereafter, except as required to be retained by law.

10. Security Measures

We employ industry-standard technical and organizational controls, including:

  • Encryption of data in transit (TLS) and at rest (AES-256).
  • Access Controls: Role-based permissions, multi-factor authentication.
  • Network Security: Firewalls, intrusion detection.
  • Incident Response: Breach detection and notification within 72 hours.

11. Your Rights

As a data subject, you have the right to:

  • Access your Personal Data.
  • Rectify inaccurate or incomplete data.
  • Erase data where no longer necessary, subject to legal retention.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Data Portability: Receive your data in a structured, commonly used format.
  • Withdraw Consent where processing is based on consent.

To exercise your rights, contact us as detailed in Section 15.

12. Cookies & Tracking

We use cookies, web beacons, and similar technologies to enhance user experience and analyze usage. You may manage cookie preferences through your browser settings.

13. Children's Privacy

Our Platform is intended for users aged 18 and above. We do not knowingly collect Personal Data from children under 18. If we become aware of such data, we will delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will post the revised Policy on the Platform with an updated "Effective Date." Your continued use after changes constitutes acceptance.

15. Contact Information

If you have questions, requests or complaints regarding this Privacy Policy, please contact:

Otevana Legal (Pty) Ltd
Email: admin@otevana.com

End of Privacy Policy

Return to Home