Privacy Policy

onenda badge adopter


Too busy to read everything? We understand. Here are the most important bits you need to know:

  • How do we use your data and why? We use your personal data to analyse and promote the download and adoption of oneNDA and to manage the oneNDA community. 
  • How do you exercise your data subject rights? Under the law, you have ‘data subject rights’ which are designed to protect your privacy. You’ll find out more about these rights below, but in brief, they include things like asking us to delete your data and getting a copy of it. You can exercise your rights by getting in touch with us anytime at
  • How do you opt-out of marketing? You can opt-out of email marketing using the link at the bottom of the message we’ve sent you. 
  • Want to get in touch? You can email us anytime at

The basics

Who are we?

We’re The Law Boutique Ltd and we manage the oneNDA website and community. We’re a company that respects your privacy and is committed to protecting your personal data.

If you have any questions about how we collect, use or share your data, please contact us at

We’re registered with the Information Commissioner’s Office (ICO) (registration no. ZA270513) as a data controller - this means we’re responsible for your personal data. The ICO is the UK supervisory authority for data protection issues (

This policy applies to anyone that visits (‘Site’) . This might include our members, customers and anyone else that we process the personal data of. 

When we collect and process your personal data, we’re regulated under the Data Protection Act 2018.

What is the purpose of this policy?

We’ve written this policy to make sure you have all the information you need about how we collect and process your personal data, and how we make sure it is kept safe. 

Who does this policy apply to? 

How can you complain?

We hope you never have to, but you can complain to us at any time using the details above. You also have the right to make a complaint at any time to the ICO, or any supervisory authority in the EU Member State where you live. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us first. 

The details - how we’re collecting and using your data, and why

When do we collect your personal data? 

We use a few different methods to collect data from and about you. These include:

  • Direct interactions - such as when you use our services or visit our Site. 
  • Automated technologies or interactions  - where we automatically collect data about your equipment, browsing behaviour and patterns when you use our Site. Cookies and similar technologies might also be used to collect this information.

What personal data do we collect and why?

We collect personal data for a number of reasons, including to meet our legal obligations, manage our operations, improve our organisation and deliver our services to you. We’ve set out some examples below.

Type of personal data
Lawful basis

Personal and contact information 

Name, email address, company, job title and other similar information.  

So we can contact you as part of our relationship, for example when you have completed a form on the Site

When you consent to it.

When it is in our legitimate interest to:

  • Communicate with you
  • Keep our records up to date


Emails or other communications between us. 

Sending notification emails after you have downloaded or adopted oneNDA

Responding to feedback.

When it is in our legitimate interest to:

  • Communicate with you
  • Be efficient about how we fulfil our legal and contractual duties
  • Resolve issues


Details about the devices and technology you use (e.g. your website browser settings, IP address, login data, and marketing choices).

Administering the Site and protecting it. This includes troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting.

When you consent to it.

When it is in our legitimate interest to:

  • Ensure our organisation runs properly
  • Protect our organisations systems and software, including your personal data contractual duties
  • Improve our services


Information about how you use our Site.

Understanding how we can improve our Site, using data analytics.

When you consent to it.

When it is in our legitimate interest to:

  • Understand which of our services and content will be of interest to you, and telling you about them
  • Develop our business
  • Improve what we offer

Preferences and consents

Your marketing and communication preferences

Understanding your preferences for marketing, automated decision-making, profiling, cookies and any other processing activities that you can opt-out of. Developing and carrying out marketing activities.

When you consent to it.

When it is in our legitimate interest to:

  • Keep our records up to date
  • Ask for your consent when we need it to contact you

Do we collect special category data? 

We do not collect special category data from you. Special category data means details about things like your race or ethnicity, sex life, political opinions, information about your health etc. 

How long do we keep your data for? 

We won’t keep your personal data for any longer than we need it. We keep your data for the following reasons: 

  • To make sure we can do the things we said we would when we collected it
  • To meet our legal, accounting and reporting requirements

To decide what the fairest period is for keeping your data, we consider different factors, including: 

  • The amount, nature, and sensitivity of the personal data
  • The risk of harm to you that might be caused by unauthorised use or sharing of your personal data
  • The reasons we process your personal data
  • Whether we can achieve our purposes without processing your personal data
  • Any legal requirements we have to meet

Sometimes, we’ll anonymise your personal information (so that it can no longer be connected to you) for research or statistical purposes. If we do, we may keep the information for a long time, and we’re not required to let you know as it will no longer contain any information that could identify you as an individual. 

Do we use cookies and other tracking technologies? 

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer (if you agree). You can’t actually see cookies as they sit in the background of our Site, but they are likely present on most sites you visit. 

We may use cookies to set you apart from other users of our products or services. This helps us to provide you with a good experience, and also helps us to improve our services. You can find out more about the cookies we use in our Cookie Policy.

What marketing activities do we conduct? 

We want you to know all about us, our services and our products. To do this, we undertake marketing activities which involve using your personal data - such as sending you newsletters via email.

You won’t receive marketing from us by email unless you’ve given us permission or you’ve used our services or products before. 

Third parties

We sometimes collect and/or share personal data from third parties (provided we always have a lawful basis for doing so). We make sure all third parties keep your personal data safe and only use it in ways they’re allowed, and we also make sure that we get your consent before we share it for marketing purposes.

We’ve outlined below who those third parties are.

Third party

Google LLC

Email, document, productivity tools and web browsing

The Rocket Science Group LLC (Mailchimp)

Email marketing platform

Slack Inc.

Communication software

Hubspot, Inc.

Customer relationship management


Website hosting and information collection

Social networks and other online platforms providers

Market research and marketing campaigns, such as Linkedin andGoogle

SimpleDocs, Inc.  

To share information about AutoNDA and SimpleDocs tech products to facilitate a digital experience of oneNDA and enable you to demo their products, if you ask for that to happen 

What about third party links on our Site? 

These might include links to third party websites, plug-ins and applications. Clicking on those links might allow third parties to collect or share data about you. 

We don’t control these third party websites and aren’t responsible for their privacy information. When you leave our Site, we encourage you to read the privacy notice of every website you visit.

Do we transfer data outside of the EEA? 

The personal data that we hold about you will be held in the UK and the European Economic Area (‘EEA’), but it might also be transferred to or stored outside the UK or EEA.

When we transfer your data to third parties outside the EEA, we make sure your data is safe. We do this by putting one of the following safeguards in place: 

  • Only transferring it to a country the European Commission has decided has a suitable level of protection (known as an adequate country)
  • By putting in place a contract that make sure  the third party outside of the EEA promises to protect your personal data. We’ll also make sure supplementary security measures are put in place where necessary. 

If you’re in the EEA or the UK, you can contact us at any time and we’ll let you know exactly what safeguards we’ve put in place for the transfer of your personal data outside the EEA or UK.

Your rights

What are your rights and how do you exercise them? 

Under the data protection laws, you are entitled to the following rights:

EU and UK  residents
Rights under the data protection laws

Asking us for a copy of your data

You can ask us for a copy of the personal data we hold about you and to check that we are lawfully processing it.

Asking us to delete or erasure your data

You can ask us to delete your personal data where there is no good reason for us continuing to process it. 

Sometimes we cannot meet your request because of legal reasons. Don’t worry, we’ll tell you if this applies when you make your request!

Asking us to correct your data

When the data we hold about you is incomplete or not correct, you can ask us to change it. We might need to check that the new data you give to us is right.

Ask us to send your data to another organisation

You can ask us to move, copy or transfer your personal data to a different organisation, where it is reasonable and fair.

Ask us how we’re using your data

We’ll tell you how we collect, use and share your personal data. 

Asking us to restrict the processing of your data 

When you have a particular reason (for example the content or how we’re using it), you can ask us to limit the ways in which we’re using your data.

Objecting to our processing activities

For certain types of activities, like direct marketing, you can ask us to stop at any time.

You can also object when we’re making decisions that are automated or when we’re using your data to profile you (this basically means we’re using your data to guess what you’re interested in or make decisions about you). Sometimes this isn’t possible because our needs are really important and the processing is unlikely to affect you. But don’t worry, we’ll let you know if this is the case - and our reasons.

Californian residents
Rights under the CCPA

Asking us to delete or erasure your data

You can ask us to delete any personal data we have collected from or about you.

Asking us to share information about what and how we process your personal data 

You can ask us to share with you: 

  • The categories of personal information we’ve collected about you
  • The categories of sources where we collect your personal information from 
  • The purpose for collecting or selling your personal information
  • The categories of third parties with whom we shared your personal information
  • The specific pieces of personal information we’ve collected about you

Asking us to stop selling your personal data with third parties

You can ask us not to sell your information, if that is something that we conduct. We don’t currently do this, but we’ll let you know if this changes. 

‍We might ask you to give us information that helps us know that you are who you say you are. This is to make sure we keep yours and our other users’ personal data safe.

We try to respond to legitimate requests within one month of receiving them. Sometimes it might take us longer than a month if your request is complicated or you have more than one request. But don’t worry, we’ll make sure to let you know if we need more time and will keep you updated. 

If you want to exercise any of these rights, please get in touch with us at the details provided above. If you need more information about your rights, including the circumstances in which they apply to you, please see the ICO’s websites or contact us.

How can you withdraw your consent and opt-out of processing? 

You can opt-out of marketing at any time by: 

Using the unsubscribe link at the bottom of marketing emails and text we send you 

  • Contacting us at

When you opt-out of marketing, we won’t delete your data - just stop using your personal data for marketing purposes. If you want us to delete your data, please ask us.

Where we’re relying on your consent for other types of processing, you can ask us to withdraw your consent. Sometimes, we might not be able to continue offering you our services if you withdraw your consent. If that’s the case, we’ll let you know.


What security measures do we have in place? 

We will put in place security measures to stop your personal data from being accidentally lost, used or viewed in a way that it shouldn’t be. These methods include: 

  • Taking out any information from the data that could be used to identify you
  • Converting your data into a code that only we understand  
  • Making sure only the people that are allowed to see your data are given access to it
  • Making sure no one tampers or changes your data 
  • Making sure our systems are up-to-date, working, hardy and safe
  • Being able to get your data back quickly if there is an issue
  • Regularly testing our measures to make sure they’re still good enough

We have put in place processes to deal with any breaches of your personal data and we’ll let you know (and any regulatory body) about the breach when we need to.


How can you keep your data accurate? 

We will use reasonable effort to ensure that your personal data is accurate, complete and up-to-date, but please tell us if there are any changes!

What if we want to change the purpose for processing your data? 

We’ll only use your personal data for the purpose we collected it for, unless we reasonably think that we need to use it for another reason (and that reason matches the original purpose). If you want to find out more about these purposes, please get in touch with us. 

If we need to use your personal data for a purpose which is not related to the original one, we’ll let you know and explain the legal basis which allows us to do so.

Updates to this privacy policy

We understand that things change, so we’ll continue to review the effectiveness of this policy and make sure it’s achieving its goals. If you have any questions about this policy or how it works, please get in touch and we’d be happy to chat!