We collect and store Personal Data provided to us by individuals, law firms, business organizations, and government entities (collectively, our “Customers”) who sign agreements with us to use our software. Personal Data we receive from Customers are names, addresses, email addresses, email content, file-shares and other Personal Data identifiable to an individual. Any Personal Data received from our Customers is used strictly for the business purposes defined in the software agreement between the Customer and DISCO. It is not shared with third parties unless otherwise agreed between DISCO and the Customer, and in such a case, solely to third parties who are parties or counsel involved in litigation or other forms of dispute resolution, but strictly to provide the software and services to the Customer in accordance with the software agreement. We also collect and store names, addresses, email addresses, and email content received from Customer representatives using our software and accessing our support services site at www.login.csdisco.com and www.support.csdisco.com.
You have rights with respect to the Personal Data we receive from our Customers including the right to access, delete, amend, and correct your Personal Data. If you wish to access, correct, amend, or delete your Personal Data provided by a Customer to DISCO, you may contact us as described below. Similarly, if you wish to limit the use or sharing of your Personal Data, you should contact us as described below.
Visitors to our website www.csdisco.com will occasionally provide us with Personal Data on a completely voluntary basis. DISCO will only process and store this data in ways that are compatible with the purpose for which the visitor gave it to DISCO, or for which DISCO stored it, or for purposes the visitor later authorizes. Before we use this data for a purpose that is materially different than the purpose for which we received it or for which it was later authorized, we will provide the visitor with the opportunity to opt out. DISCO maintains reasonable procedures under the circumstances to help ensure that data collected from visitors is reliable for its intended use, accurate, complete, and current.
We also collect and store anonymous general information about the use of our websites and software, such as which software features our Customers use most frequently, and which services our Customers access the most. We use only aggregated data for this purpose, which de-identifies any individual Customer or visitor to our site. This information helps us determine what is most beneficial for our users and how we can continually create a better overall software and services experience. We may use this general and aggregated anonymous information and share it with our business partners so that they too may understand how our site is used.
Our Customers may provide us data without our knowledge that includes Personal Data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic information, or health or sex-life information (collectively “Sensitive Personal Data”), solely for the purpose of using DISCO’s software and services. DISCO does not otherwise collect or store Sensitive Personal Data as a matter of course in its operations and does not ask its Customers or any visitors to supply it. Any Sensitive Personal Data received from Customers is used strictly for the business purposes defined in the software agreement between the Customer and DISCO. It is not shared with third parties unless otherwise agreed in writing between DISCO and the respective Customer, and in such a case, solely to third parties who are parties or counsel involved in litigation or other forms of dispute resolution, and strictly to provide DISCO’s software and services to the Customer.
You have the rights with respect to the Sensitive Personal Data we receive from our Customers including the right to access, delete, amend, and correct your Sensitive Personal Data. If you wish to access, correct, amend, or delete your Sensitive Personal Data provided by a Customer to DISCO, you may contact us as described below. Similarly, if you wish to limit the use or sharing of your Sensitive Personal Data, you should contact us as described below. Any requests to obtain your opt-in consent where the Privacy Shield requires, including disclosure of your Sensitive Personal Data to third parties, or before your Sensitive Personal Data is used for a different purpose than for which it was provided to DISCO by the Customer or for which you later authorized, should be directed to us as described below.
DISCO may be required to disclose EU or Swiss Personal Data in response to a lawful request by public authorities, including the need to meet national security or law enforcement requirements.
For purposes of enforcing compliance with the Privacy Shield, DISCO is subject to the investigatory and enforcement authority of the US Federal Trade Commission. For more information about the Privacy Shield, see the US Department of Commerce’s Privacy Shield website located at: https://www.privacyshield.gov. To review our representation on the Privacy Shield list, see the US Department of Commerce’s Privacy Shield self-certification list located at https://www.privacyshield.gov/list.
DISCO maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield and its Principles.
By using our website, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our website. Your continued use of our website following the posting of changes to this policy will be deemed your acceptance of those changes.
In compliance with the Privacy Shield Principles, DISCO commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact DISCO at:
Deputy Chief Ethics and Compliance Officer CS Disco, Inc. 3700 N. Capital of Texas Highway, Suite 150 Austin, Texas 78746, firstname.lastname@example.org, 833.653.4736 (toll free)
DISCO has further committed to refer unresolved Privacy Shield complaints to JAMS Dispute Resolution Services, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Additionally, DISCO is committed to cooperation with the EU Data Protection Authorities (“DPAs”) and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) and will comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of an employment relationship. For information on how to contact your EU jurisdiction’s DPA, visit: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm For information on how to contact your Swiss jurisdiction’s Commissioner, visit: https://www.edoeb.admin.ch/index.html?lang=en
You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have already taken the following steps: (1) raised your complaint directly with our Customer and provided them with the opportunity to resolve the issue; (2) raised your complaint directly with DISCO and provided us with the opportunity to resolve the issue; (3) made use of the independent dispute resolution mechanism identified above; and (4) raised the issue through the relevant data protection authority and allowed the US Department of Commerce an opportunity to resolve the complaint at no cost to you.
We reserve the right to amend this Policy from time to time as is consistent with the Privacy Shield requirements.
Effective Date: 14 July 2021