Privacy Policy

Last updated 23 DEC 2025. Access the previously published version.

End user privacy statement last updated 9 JULY 2026

1. Scope of this Privacy Policy

This Privacy Policy explains how Opus 2 International Limited and the Opus 2 group of companies (referred to together as “Opus 2”, “we”, “us”, or “our”) collect, use, and share your personally identifiable information/personal data in connection with this website (“Website”), use Opus 2 software (but except where this is under a Customer Agreement between Opus 2 and the Customer organisation – see below for more details) or when you otherwise engage with us (for example attending an event, or applying for a role with Opus 2, ). This Privacy Policy should be read in conjunction with our Cookies Policy, which provides details of how Opus 2 uses cookies and similar technologies on the Website.

This Privacy Policy does not apply to:

  • individuals who are using Opus 2’s software under a Customer Agreement between Opus 2 and the Customer organisation (see “End User Privacy Statement” below). A Customer Agreement does not include terms, guidelines, or agreements relating to participation in the Opus 2 Labs Programme or any other agreement relating to access to pre-release or non-production use Opus 2 Software for evaluation purposes (collectively “Evaluation Agreements”), and this Privacy Policy applies to data processed by Opus 2 under an Evaluation Agreement.;
  • employees and independent contractors engaged by Opus 2 (the provisions of the separate data privacy policy supplied to you apply instead); and
  • any website, application, product, software, service, or content that is offered by third parties which links to their own privacy statement, privacy policy, or privacy notice.

End-User Privacy Statement
This Privacy Policy and the Cookies Policy does not apply to individuals who are using Opus 2 Lex software and other Opus 2 software which is being hosted by Opus 2 under a Customer Agreement between Opus 2 and the Customer organisation but excluding Evaluation Agreements as defined above in this Privacy Policy. If you are a user (“End User”) of Opus 2’s software via Opus 2’s Customer organisation (e.g. your employer, chambers, legal advisors or another third party), certain of your personal data is collected through your use of these solutions and is processed by Opus 2 as an independent “data controller”. The End-User Privacy Statement applies to the collection and use by Opus 2 of End User’s personal data via Opus 2 software instead of this Privacy Policy.

2. About Opus 2 and Contact details

Opus 2 includes Opus 2 International Limited is a company registered in England with its registered office at 5 New Street Square, London EC4A 3BF. Our company number is 05907841. The Opus 2 group of companies is made up of multiple legal entities and details can be found here. (“Opus 2 Group”).  This privacy policy is issued on behalf of the Opus 2 Group so when we mention “Opus 2″, “we”, “us” or “our” in this privacy policy, we are referring to the relevant company in the Opus 2 Group.

Opus 2’s privacy team is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, please contact the team at [email protected].

3. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave this website, we encourage you to read the privacy policy of the site you visit. If you follow a link to any of these websites, please note that Opus 2 does not accept any responsibility or liability for these policies.

4. Personal Information collected and used by Opus 2

This Privacy Policy covers personally identifiable information/personal data Opus 2 collects and processes as a “data controller” when you use the Website or otherwise engage with Opus 2. (“Personal Information”) This Privacy Policy does not apply to End Users. If you are an End User, this Privacy Notice does not apply to you and instead, you should refer to the End User Privacy Statement.

We may collect Personal Information in a number of different ways:

a) Information you provide to us directly
  • Contact Information: may include first name, last name, name of your employer or chambers, job title, email address, telephone number, and similar information.
  • Profile Information: your preferences in receiving marketing from Opus 2 and your communication channel preferences, interests you communicate to Opus 2 about key topics you are interested in, and feedback you provide to Opus 2 on any aspect of Opus 2’s business.
  • Recruitment Information: information or data you submit to Opus 2 regarding your interest in or application for a vacancy, such as your curriculum vitae.
  • Feedback Information: Information or data you provide us through inquiries and/or feedback. We may ask you for information when you report a problem with our site.
  • Other Information: other Personal Information you provide to us.
b) Information we collect automatically
  • PreRelease Software/Other software: If you agree to take part in testing any testing of Opus 2’s beta or other pre-release software or other software links to this Privacy Policy to which is otherwise stated as being covered by this Privacy Policy, in addition to the information you provide to Opus 2 directly, we may (a) generate or automatically collect metadata or other technical information collected via your use of the software, (b) collect any feedback you provide on features, performance, ease of use, bugs, interactions with other hardware and software, and other relates activities.
  • IP Address: Opus 2 may collect information about your computer, including your IP address, operating system, browser type and system admiration.
  • Aggregate/De-Identified Information: Opus 2 may aggregate and/or anonymise Personal Information so that it can no longer reasonably be used to identify an individual (“Aggregate/Anonymised Information”). Opus 2 may use Aggregate/De-Identified Information for Opus 2’s own business purposes and may also share such information with any third parties.
  • Cookies: The Websites use both technically necessary (for the functioning and security of the Website) and non-technically necessary Cookies for advertising and analytics purposes. A more detailed explanation of the Cookies used and how to opt-out from the non-technically necessary Cookies can be found in the Cookies Policy

c) Information we obtain from other sources:

Other Personal Information which you submit to Opus 2, which is generated by Opus 2, or which Opus 2 obtains from third parties or through publicly available sources.

5. Purposes for which Opus 2 may use or process Personal Information
  • To manage Opus 2’s relationship with you: to respond to communications from you, to notify you about changes to this Privacy Policy, to ask for your feedback.
  • Invoicing and billing: to issue invoices, to keep track of billing and payments, to collect and recover money owed.
  • Legal and regulatory purposes: as necessary for Opus 2 to comply with its legal and regulatory obligations.
  • Events: to administer events that you have signed up to attend and to provide any post-event support and materials.
  • Marketing & advertising: to send you emails about new product features, promotional communications, or other news about where you have requested to receive such communications, to get in touch with you about taking part in our surveys or about features and offers relating to our products and services that we think you would be interested in, or where there is another legal basis to send you such communications.  You can opt-out of these communications either by following the unsubscribe link in the email or by contacting us at [email protected].; to display personalised advertisements and content, to provide our websites and social media branded pages, in accordance with our Cookies Policy.
  • Customer Satisfaction & Support: to administer surveys and conduct research to get your feedback on our products and services to help improve and optimise them; to handle contact and user support requests;
  • Safety, security, fraud and abuse measures: to administer and protect our business and this Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  • Recruitment: to conduct and communicate with you regarding recruiting and human resources administration.
  • Internal Development: to update and improve Opus 2’s products and services; to develop new products and services.
  • Other business purposes: as otherwise required to perform or support Opus 2’s day-to-day business activities where such use is in Opus’s legitimate interests and provide such interests do not override your fundamental rights. For matters that we are required to use your information by law: We will use or disclose your information where we reasonably believe that such action is necessary to comply with the law and the reasonable requests of law enforcement.
  • Other purposes for which you consent: from time to time, we may seek your consent to use your information for a particular purpose. Where you consent to our doing so, we will use it for that purpose. Where you no longer want us to use your information for that purpose you may withdraw your consent to this use.
  • Pre-Release Software/Other software: if you agree to take part in testing of Opus 2’s beta or other pre-release software, or use other Opus 2 software which is stated as being covered by this Privacy Policy (and not the End-User Privacy Statement), Opus 2 may use your Personal Information to provide, deliver, analyse, and administer the software, to improve, test, and enhance the features and functions of the software, to investigate and address any violations or abuse of the software or to detect, prevent and remediate any security issues.
6. Sharing of your Personal Information

Opus 2 may share Personal Information with third parties as necessary to support and fulfil the purposes (as set out in this Privacy Policy) for which the Personal Information is collected and processed.

  • Affiliates and Subsidiaries: Opus 2 may share Personal Information within the Opus 2 group of companies.
  • Service Providers: Opus 2 utilises trusted third-party providers to help support us in providing, updating and protecting our Services, Websites, and business. On occasion, we may need to share the Personal Information with these third parties. These third parties provide a variety of services to Opus 2, including but not limited to sales, marketing, provision of content and features, analytics, data storage, security, fraud prevention, and other services.
  • Business Transactions: If the ownership of Opus 2’s business changes, Opus 2 may transfer the Personal Information to the new owner. If such transfer is subject to additional mandatory restrictions under applicable laws, Opus 2 will comply with such restrictions.
  • Legal obligation and protection of rights: Opus 2 may share Personal Information where Opus 2 is under a duty to disclose it in order to comply with any legal obligation or to respond to any claims, as may be needed to protect Opus 2’s rights or the rights of a third party.
  • Other business purposes: Opus 2 may share Personal Information where it is in Opus 2’s legitimate interests to do so to support the purposes (as set out in this Privacy Policy) for which the Personal Information is collected and processed.
  • Anonymised Data: We may also remove all personally identifying data from your Personal Information and may share this anonymized data with third parties.

Opus 2 may share Customer Data (as defined in the End User Privacy Statement) with Subprocessors as authorised by the Customer and in accordance with the Customer Agreement (as defined in the End User Privacy Statement) Details of the Subprocessors appointed by Opus 2 is here List of Subprocessors. If you have any questions about the Subprocessors appointed by Opus 2, please contact the Customer.

7. Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context, and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Opus 2 implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing. Details of the security measures we have in place can be found here at the Opus 2 Security page available here https://www.opus2.com/company/security/

8. Legal bases for processing Opus 2 Information

Opus 2 only uses your Personal Information when we have a legal basis for processing. Below are the legal bases that Opus 2 relies on when processing Personal Information as a “data controller”.

  • Performance of a contract: where we need to perform a contract (including a contract between Opus 2 and its customer) which Opus 2 has entered into.
  • Legal or regulatory obligation: where Opus 2 needs to comply with a legal or regulatory obligation to which it is subject.
  • Legitimate interests: where necessary for Opus 2’s interests (or those of a third party), provided that Opus 2’s interests do not override your fundamental rights.
  • Consent: where you have provided Opus 2 with your consent to the processing.

Opus 2 does not typically rely on Consent as a legal basis for processing. Where we rely on Consent (e.g. to send you marketing emails), you have the right to withdraw your consent and opt-out at any time. If you wish to opt-out, you can do so either by using the unsubscribe link in the email or by contacting us at [email protected].

9. Where does Opus 2 store the Opus 2 Information

The location of the storage of Personal Information typically depends on where the Opus 2 entity with whom you are engaging is based.

Opus 2 operates globally and has offices and teams across the world. Many of our third-party suppliers, partners and services provider are based are based globally.  Personal Information you provide to us or which we collect under the ways set out in this Privacy Policy may be used, processed or stored in countries globally, including outside of the country where you are located.

We take confidentiality and data privacy seriously. We are committed to safeguarding the confidentiality of Personal Information and we expect third parties who process Personal Information on behalf to hold the same high standards. Personal information will only be shared with third parties who provide assurances of privacy protection that meet or exceed the requirements of this Privacy Polic. If Opus 2 becomes aware that a third party is using or disclosing Personal Information in violation of this policy, it will take appropriate and reasonable steps to prevent or halt such processing.

10. Data retention

Opus 2 keeps Personal Information for no longer than is necessary for the purposes for which it is to be used. The length of time Opus 2 retains particular Personal Information depends on the purposes for which we collect and use it.

11. Your legal rights

Data privacy laws across the world give individuals certain legal rights in respect of their Personal Information. These rights may include:

  • the right to ask Opus 2 provides you with confirmation that Opus 2 processes your Personal Information, and the right to access the Personal Information Opus 2 holds about you.
  • the right to request erasure sometimes referred to as the right to be forgotten;
  • the right to request that Opus 2 rectifies inaccurate Personal Information concerning you and, depending on the purposes of the processing, you may have the right to have incomplete Personal Information completed.
  • the right to object on legitimate grounds to the processing of your Personal Information.
  • withdrawal of consent – when Personal Information is processed on the basis of consent you may withdraw consent at any time. If you no longer want to receive any marketing material from Opus 2, please use the unsubscribe link which is in the email, or email us at [email protected].
  • you may have the right to lodge a complaint to an applicable supervisory authority or another regulator if you are not satisfied with our responses to your requests or how we manage your Personal Information. Opus 2 encourages you to first also reach out directly (via [email protected]) so that Opus 2 may have an opportunity to address your concerns directly.

The above rights are not an exhaustive list and you may have additional rights depending on the data privacy laws that apply to you. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions. Please keep in mind all of the above rights are not absolutely guaranteed. Again, please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions. While Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or under an obligation, to fulfil your request.

12. Information if you are resident in the EEA, Switzerland or UK

If you are resident in the EEA, Switzerland or UK: we need a lawful basis to collect, use and disclose your Personal Information as Data  Controller. Our lawful basis will depend on the Personal Information concerned and purpose for which it is processed. We rely on the following:

  • Contractual necessity: the processing is required to perform a contract you have entered in to, for example administering billing or payment processes.
  • Legal obligations: the processing is required for us to comply with our obligations under law.
  • Legitimate interests: the processing is required for our legitimate interests. We do not rely on this lawful basis where our legitimate interests are overridden by your rights and interests.
  • Consent: you consent to the processing of your Personal Information for the stated purpose.  If you have provided consent for the processing of your Personal Information, you can withdraw that consent at any time, please email [email protected]

Cross Borders Transfers of your Personal Information: We may transfer your Personal Information to countries other than where you are located, to countries where our affiliates and service providers are located. Please note that some of these countries may have data protection laws that are different from the country in which you are located, and these laws may not offer the same level of data privacy protection. If you are resident in the EEA, Switzerland or UK, where we transfer your Personal Information to a third party that is not located in Europe, and is not in a country that benefits from an adequacy decision by the European Commission, UK or Swiss data protection authorities, before performing any transfer of your Personal Information, Opus 2 will enter into a written agreement with the third party that provides appropriate safeguards for your Personal Information such as Standard Contractual Clauses or the UK International Data Transfer Addendum

EU – US Data Privacy Framework: Opus 2 International Inc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Opus 2 International Inc has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Opus 2 International Inc has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. You can review our Data Privacy Framework Statement at https://www.opus2.com/data-privacy-framework/ to learn more about the Data Privacy Framework (DPF) Program.

13. Information if you are resident in the United States

Individuals in some US states have additional rights under applicable state privacy laws, including the California Consumer Privacy Act (as amended by the California Privacy Rights Act), the Connecticut Data Privacy Act, the Utah Consumer Privacy Act the Colorado Privacy Act, and the Virginia Consumer Data Protection Act.

Personal Information collected by Opus 2

  • Details regarding Personal Information Opus 2 has collected in the past 12 months is available under the section above titled “Personal Information collected and used by Opus 2”
  • Details regarding how Opus 2 has processed or used the Personal Information is available under the section above titled “Purposes for which Opus 2 may use or process Personal Information”
  • Details regarding third parties Opus 2 shares information is available under the section above titled “Sharing of your Personal Information”
  • Details regarding how long we keep Personal Information is available the section above titled “Data retention”.

US state privacy laws may provide you with additional legal rights in respect of your Personal Information:

  • the right to request access / request disclosure of  Personal Information Opus 2 has collected about you, the categories of sources for that Personal Information, the business or commercial purposes for collecting the Personal Information the categories of Personal Information that we have disclosed, and the categories of third parties with which the Personal Information was shared.
  • the right to request that Opus 2 rectifies inaccurate Personal Information concerning you
  • the right to request that Opus 2 delete your Personal Information
  • the right to Opt-Out from the “sale” of your personal information;
  • the right to Opt-Out of the “sharing” of your personal information for cross-context behavioural advertising;
  • the right to appeal a decision where Opus 2 denies your request.

Right to Opt-Out: Opus 2 does not sell your Personal Information  to third parties for monetary value. To the extent that “sale” under is interpreted to include the purposes of use specified in this Privacy Policy, Opus 2 will comply with applicable law as to those activities. To the extent that Opus 2 “sells” Personal Information  (as that term is defined under applicable state privacy laws),  applicable US state privacy laws may entitle to opt-out of the “sale” of the Personal Information at any time. You can opt-out by contacting us at [email protected].

Opus 2 does not share any Personal Information with third parties for their own direct marketing purposes. However, as companies within the Opus 2 group are separate legal entities, these could be classed as third parties under certain US state privacy laws. Any transfer of your Personal Information  to companies within the Opus 2 group and their use of your data will always be in accordance with this Privacy Policy and applicable laws.

The above rights are not an exhaustive list and you may have additional rights depending on the data privacy laws that apply to you. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions. Please keep in mind all of the above rights are not absolutely guaranteed. Again, please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions. While Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or under an obligation, to fulfil your request.

14. How to exercise your rights

If you want to exercise any of your legal rights in respect of the Personal Information Opus 2 processes about you please send an email to [email protected]. Please keep in mind that the rights are not absolutely guaranteed. Whilst Opus 2 will always try to respond to your satisfaction, there are exemptions and situations where Opus 2 may not be able, or under an obligation, to fulfill your request. Please consult the data protection laws that apply to you to determine what rights may be available to you and any exemptions.

Opus 2 may need to request specific information from you to help Opus 2 to verify your identity before we disclose Personal Information to you or fulfill another of your requests in respect of your Personal Information. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Opus 2 may also contact you to ask you for further information in relation to your request to speed up our response. You can help Opus 2 to respond to you and fulfill your requests more quickly by (a) providing sufficient information to help Opus 2 verify your identity when you submit your request, (b) letting Opus 2 know which legal right you are wanting to exercise, and (c) giving information about your relationship with Opus 2, for example, are you a candidate for a role, former employee, etc. Opus 2 may share your information with third-party service providers where this is needed to fulfill your request.

15. Opus 2 Data Protection Officer and contact details

If you wish to exercise your legal rights, have any queries, concerns or complaints about this Privacy Policy about Opus 2’s processing your Personal Information, or you wish to contact Opus 2’s Data Protection Officer, please email [email protected].

You may have the right to lodge a complaint to the applicable supervisory authority or another regulator if you are not satisfied with Opus 2’s response to your request or how Opus 2 manages your Personal Information. Opus 2 would always encourage you to first contact Opus 2, as Opus 2 aims to resolve all concerns and complaints you have in respect of Opus 2’s use of your data in an efficient manner.

Opus 2 has appointed Uncover Legal B.V., as its representative in the EU. Uncover Legal B.V., can be contacted by email at [email protected] or by post at Herengracht 206-216, Amsterdam 1016 BS, Netherlands

16. Changes to this Policy

Opus 2 reserves the right to make changes to this Privacy Policy. If there are any material changes, we will notify you. We also recommend that you check this page from time to time to inform yourself of any changes. When we make changes to this Privacy Policy, we will revise the “Last Updated” date at the top of this Privacy Policy.

Opus 2 group of companies

Opus 2 International Limited incorporated and registered in England and Wales. Registered address is 5 New Street Square, London EC4A 3BF. Company Number: 05907841. Information Commissioner’s Office (ICO) Registration No: Z1361097.

Opus 2 International Singapore PTE Limited incorporated and registered in Singapore. Registered address is 16 Raffles Quay #33-03 Hong Leong Building, Singapore 048581 and principal place of business at 28 Maxwell Rd, #04-12/13 Maxwell Chambers Suites, Singapore 06912.

Opus 2 International Inc. incorporated and registered in the USA. Registered address is 100 Pine Street, Suite 775, San Francisco, CA 9411, USA

Opus 2 Lex Limited: incorporated and registered in England and Wales. Registered address is 5 New Street Square, London EC4A 3BF. Company Number: 05907841. Information Commissioner’s Office (ICO) Registration No: Z1361097.

Bar Squared Pty Limited: incorporated and registered in Australia. Registered address is C/-Logicca Pty Limited, Level 6 151 Macquarie Street, Sydney, NSW 2000. ABN: 37154822090

Opus 2 International PTY Limited: registered in NSW, Australia. ABN: 51163033538 and ACN: 163 033 538

Opus 2 International HK Limited: incorporated and registered in England and Wales.  Registered Address is Unit 304-7, 3/F. Laford Centre, 838 Lai Chi Kok Road, Cheung Sha Wan, Hong Kong and principal place of business is at 1609, Nexxus Building, 41 Connaught Road, Central, Hong Kong. Company Registration Number: 76765672

Opus 2 MENA Limited: incorporated and registered in the ADGM. Registered address is Office 2201, 22, Sky Tower, Shams Abu Dhabi, Al Reem Island, Abu Dhabi, United Arab Emirates. Company Registration Number: 19979

End User Privacy Statement

1. Scope of this End User Privacy Statement

This End User Privacy Statement (“Privacy Statement”) applies to personal data which is submitted to or generated from an individual (“End User“) who uses Opus 2 software (“Software Services”) pursuant to a Customer Agreement (as described below) and which links to this Privacy Statement.

This Privacy Statement does not apply:

  • to visitors of the Opus 2 website or individuals who otherwise interact with Opus 2 other than solely as a user of the Software Services (the Opus 2 Privacy Policy applies instead);
  • to employees and independent contractors engaged by Opus 2 (the separate data privacy policy supplied to them applies instead);
  • to any website, application, product, software, service, or content offered by third parties or which links to its own privacy notice;
  • to Opus 2 software (other than Opus 2 Lex software) which is hosted by the Customer in the Customer’s own environment;
  • to Content or to End User Information processed by Opus 2 as a data processor (together “Customer Data”, as defined below), or to the Customer’s own use of Usage Information; instead, the Customer’s own privacy practices and notices apply.
2.  About Opus 2 and Contact details

Opus 2 International Limited is a company registered in England with its registered office at 5 New Street Square, London EC4A 3BF. Our company number is 05907841. The Opus 2 group of companies is made up of multiple legal entities (details available at link). References to “Opus 2” in this Privacy Statement mean the Opus 2 entity which has entered into the Customer Agreement.

3. Customer Agreements and Opus 2 as a “data processor” of Customer Data

Opus 2 enters into separate agreements (each a “Customer Agreement”) for the supply of Software Services to its Customers. The organisation (for example, your employer, chambers, legal advisors or another entity) which has entered into the Customer Agreement with Opus 2 is the “Customer”. If you use the Software Services pursuant to a Customer Agreement, you are an “End User” of the Customer.

  • Opus 2 processes personal data within content, data or other information submitted to the Software Services (“Content”) as necessary to perform the Services pursuant to the Customer Agreement.
  • Opus 2 also processes certain personal data about End Users which is submitted to the Software Services (“End User Information”) as necessary to perform the Software Services pursuant to the Customer Agreement.

Content and End User Information processed by Opus 2 as a data processor are together the “Customer Data”. Opus 2 processes Customer Data as a data processor, on the instructions of the Customer and in accordance with the Customer Agreement.

Acting as the Customer’s processor and on the Customer’s instructions, Opus 2 processes End User Information to provide the Software Services, including to create and administer End User accounts, manage billing, authenticate log-ins, deliver the features the End User is entitled to use, personalise and optimise the End User’s experience of the Software Services, provide support, and give effect to the Customer’s instructions (for example, to grant, restrict, suspend or terminate access, or to export, retain or delete an End User’s data). The Customer determines the purposes of this processing; Opus 2 carries it out on the Customer’s behalf under the Customer Agreement.

4. Opus 2 acting in more than one capacity.

Opus 2 processes Customer Data as a processor to perform the Services. Separately, Opus 2 also processes certain personal data relating to End Users as an independent data controller for its own purposes, as described in Section 5 (Usage Information). The same item of personal data, for example, an End User’s email address, may be processed by Opus 2 both as a processor (to perform the Services) and as an independent controller (for the purposes set out in this Statement). The capacity in which Opus 2 acts is determined by the purpose of the processing, not by the type of data.

Depending on the Software Services supplied, the Customer may be able to access, retain, export or delete personal data or other information about an End User submitted to or generated via the Software Services, and to grant, restrict, suspend or terminate an End User’s access. The Customer’s own privacy practices and notices apply to the Customer’s collection and use of Customer Data; please contact the Customer with any questions about those practices, account set-up or access. Opus 2 may share Customer Data with subprocessors as authorised by the Customer and in accordance with the Customer Agreement.

5. Opus 2 as an independent “data controller” of Usage Information

When an End User uses the Software Services, Opus 2 generates and collects certain information about that use, and may process certain account identifiers, which Opus 2 processes as an independent data controller. This “Usage Information” comprises:

  • Platform Usage Data:
    • Activity Metadata: When an End User interacts with the Software Services, activity metadata is generated regarding the way in which the End User uses the Software Services. This may include usage metrics (such as usage rates, occurrences of technical errors, diagnostic reports, settings preferences, interactions with third-party integrations which may be enabled by the Customer), content interactions (such as searches, views, downloads, prints, shares) and user journey history (such as page navigation, timestamps, page response times, page interaction information).
    • Technical Information: As with most technology services delivered over the internet, Opus 2’s servers automatically collect certain technical information when an End User accesses or uses the Software Services. This may include IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information, operating system and version, and similar data.
  • Account Information: End User’s name, email address, job title or role, employer or firm name, and similar account identifiers, to the extent processed by Opus 2 as a controller for the purposes set out below.
  • Communications Data: information relating to an End User’s communications with Opus 2 and engagement with Opus 2’s communications, for example, feedback and survey responses, correspondence with Opus 2, and whether an End User opens or interacts with communications Opus 2 sends, the extent Opus 2 processes it as a controller for the purposes set out below.

Purpose Legal basis Categories of Usage Information
Protecting of Software Services: detecting and remediating security issues; investigating, in good faith, suspected misuse or breach of the Acceptable Use Policy or Customer Agreement; and enforcing those agreements, including establishing, exercising or defending legal claims. Legitimate interests; legal or regulatory obligation Account Information; Platform Usage Data
Compliance with laws: processing as required for compliance with applicable laws, regulations and legal processes. Legal or regulatory obligation Such Usage Information as is necessary to comply with the relevant obligation
Product engagement communications: non-essential messages that help end users get the most from the software and drive adoption and engagement, such as reminders to resume an incomplete task, invitations to instructional webinars and events, and requests for feedback on features and functionality. Legitimate interests (with opt-out)

End Users can unsubscribe at any time.

Direct marketing: Sending communications to keep End Users updated on Opus 2 product and company information and announcements, and on developments in the legal technology market. These may include, for example, newsletters, invitations to relevant events, and other product, company and market updates. Legitimate Interests (or Consent where required by applicable law)

End Users can unsubscribe at any time.

Account Information; Communications Data
Deciding which communications are relevant to an End User. Legitimate Interests (or Consent where required by applicable law) Account Information; Platform Usage Data
Aggregated data that does not identify, and is not used to identify, any individual End User: for product and service development, updates and improvements; benchmarking, research. Legitimate interests Aggregated data that does not identify, and is not used to identify, any individual End User

6. Sharing Usage Information with third parties

Opus 2 may share Usage Information with third parties as necessary for the purposes set out in this Statement:

  • Customers: the Customer may access certain Usage Information through the Software Services. The Customer’s own privacy practices and notices apply to the Customer’s use of it.
  • Affiliates and subsidiaries: within the Opus 2 group, as necessary for the purposes set out in this Statement.
  • Service providers: with subprocessors and service providers engaged by Opus 2 to act on its behalf for the purposes set out in this Statement, subject to appropriate contractual protections.
  • Legal obligation and protection of rights: with third parties where necessary to comply with law or to establish, exercise or defend legal claims.
  • Business transactions: in connection with a sale, merger, restructuring or similar transaction, Usage Information may transfer to a successor as part of the business, under equivalent protections. Opus 2 will comply with any additional mandatory restrictions under applicable law.
7. Security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risks to individuals, Opus 2 implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

8. Legal bases for processing Usage Information

Opus 2 only uses Usage Information where there is a legal basis to do so. The bases Opus 2 relies on when processing Usage Information as an independent controller are:

  • Legal or regulatory obligation: where Opus 2 needs to comply with a legal or regulatory obligation.
  • Legitimate Interests: where necessary for Opus 2’s interests (or those of a third party), provided these do not override the End User’s fundamental rights.
  • Consent: where required by applicable law, for example for certain marketing communications. Where Opus 2 relies on consent, the End User may withdraw it at any time.
9. Where Opus 2 stores Usage Information

Where Usage Information is stored typically depends on where the Opus 2 contracting entity is based and, for Usage Information shared with the third parties listed above, where the third party is based.

Where Usage Information is transferred outside the country in which it was collected, Opus 2 will ensure the transfer is protected by an appropriate safeguard in accordance with applicable law. For transfers of personal data from the UK or EEA, Opus 2 relies on: (a) Standard Contractual Clauses approved by the European Commission or the UK Information Commissioner’s Office; (b) the EU–US Data Privacy Framework (where Opus 2 International Inc is the recipient); or (c) another lawful transfer mechanism permitted under applicable data protection law. Opus 2 also complies with any additional transfer terms set out in the Customer Agreement.

If you are resident in the EEA, Switzerland or the UK, where Opus 2 transfers your personal data to a third party that is not located in Europe and is not in a country benefiting from an adequacy decision, Opus 2 will, before the transfer, enter into a written agreement providing appropriate safeguards (such as Standard Contractual Clauses or the UK International Data Transfer Addendum).

EU–US Data Privacy Framework. Opus 2 International Inc complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce and has certified to the U.S. Department of Commerce its adherence to the relevant Principles for personal data received from the EU, the UK and Switzerland. You can review our Data Privacy Framework Statement at opus2.com/data-privacy-framework.

10. Retention of Usage Information

Opus 2 keeps Usage Information for no longer than is necessary for the purposes for which it is used. The appropriate retention period depends on the nature of the data and the purpose for which it is processed. In determining it, Opus 2 considers: (a) the duration of the Customer Agreement and the End User’s active use of the Software Services; (b) Opus 2’s legal and regulatory obligations, including any obligation to retain records; (c) the period during which a claim could be brought in connection with the Customer Agreement or the End User’s use of the Software Services; and (d) applicable guidance from data protection authorities. When Usage Information is no longer required, Opus 2 will securely delete or anonymise it.

If you cease to be an End User, Opus 2’s Privacy Policy will govern any further processing of your personal data.

11. Legal rights which may be available to End Users

Data protection laws give individuals certain rights in respect of their personal data, which may include:

  • the right to confirmation that Opus 2 processes your personal data, and to access it;
  • the right to request erasure (the “right to be forgotten”);
  • the right to rectification of inaccurate personal data and, depending on the purpose, completion of incomplete data;
  • the right to object, on grounds relating to your situation, to processing based on legitimate interests;
  • the right to data portability — where Opus 2 processes your personal data by automated means on the basis of consent or performance of a contract, you may have the right to receive it in a structured, commonly used and machine-readable format and to have it transmitted to another controller where technically feasible;
  • the right to object at any time to processing of your personal data for direct marketing and to opt out of marketing communications at any time (for example, via the unsubscribe link in any marketing email or by contacting [email protected]. If you opt out, Opus 2 will continue to send service and transactional communications;
  • the right to withdraw consent at any time where processing is based on consent;
  • the right to lodge a complaint with an applicable supervisory authority or regulator.

Not all of these rights may be available to you; please consult the data protection laws that apply to you to determine your rights and any exemptions. Rights are not absolute, and there are situations where Opus 2 may not be able, or under an obligation, to fulfil a request.

12. Information for End Users resident in the United States

Individuals in some US states have additional rights under applicable state privacy laws, including the California Consumer Privacy Act (as amended by the California Privacy Rights Act), the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Colorado Privacy Act, and the Virginia Consumer Data Protection Act.

Details of the personal data Opus 2 collects and the purposes and legal bases on which Opus 2 processes it are set out in Section 5 (Opus 2 as an independent data controller of Usage Information); the third parties with which Opus 2 shares information are described in Section 6 (Sharing Usage Information with third parties); and retention is described in Section 10.

US state privacy laws may give you additional rights, which may include:

  • the right to request access to, or disclosure of, the personal information Opus 2 has collected about you, the categories of sources, the purposes for collection, the categories of personal information disclosed, and the categories of third parties with which it was shared;
  • the right to request that Opus 2 rectifies inaccurate personal information concerning you;
  • the right to request that Opus 2 deletes your personal information;
  • the right to opt out of the “sale” of your personal information;
  • the right to opt out of the “sharing” of your personal information for cross-context behavioural advertising;
  • the right to appeal a decision where Opus 2 denies your request.

Right to opt out. Opus 2 does not sell your personal information to third parties for monetary value. To the extent that “sale” or “sharing” (as defined under applicable state privacy laws) is interpreted to include uses described in this Statement, Opus 2 will comply with applicable law, and you may opt out at any time by contacting [email protected]. Opus 2 does not share personal information with third parties for their own direct-marketing purposes. As the companies within the Opus 2 group are separate legal entities, transfers within the group could be treated as third-party transfers under certain US state laws; any such transfer and use will be in accordance with this Statement and applicable law.

13. How an End User may exercise their legal rights

Opus 2 can only fulfil requests in respect of personal data for which Opus 2 is a data controller (Usage Information). For Customer Data (which Opus 2 processes as a processor, and which may include personal data of End Users collected via or submitted to the Services), the Customer is responsible for managing and fulfilling requests; Opus 2 will forward any such request to the Customer and provide reasonable assistance. To exercise your rights in respect of Usage Information, email [email protected].

Verifying your identity. Opus 2 may need specific information from you to verify your identity before disclosing personal data or fulfilling a request, a security measure to ensure personal data is not disclosed to anyone without the right to receive it. You can help Opus 2 respond more quickly by (a) providing sufficient information to verify your identity, (b) stating which right you wish to exercise, and (c) giving information about your relationship with Opus 2 (for example, that you are an End User and the name of the Customer through which you use the Software Services). Opus 2 may share your information with third-party service providers where needed to fulfil your request. Rights are not absolute, and exemptions may apply.

14. Data Protection Officer and contact details

For any queries, concerns or complaints about this Statement or Opus 2’s processing of Usage Information, or to contact Opus 2’s Data Protection Officer, email [email protected]. You may also lodge a complaint with the applicable supervisory authority, though Opus 2 encourages you to contact Opus 2 first so it can try to resolve the matter.

15. Changes to this End User Privacy Statement

Opus 2 may make changes to this Privacy Statement from time to time. Where there are material changes, End Users will be notified in the form appropriate to the changes. End Users are encouraged to review this Statement regularly.