Privacy Policy — Law27.eu
Law27.eu Omnexis Group LLC

Omnexis Group LLC · law27.eu

Privacy Policy

Effective date: 1 July 2025 Version: 1.0 Regulation: GDPR (EU) 2016/679

§ 01

Introduction

Omnexis Group LLC (“Company”, “we”, “us”, “our”) is committed to protecting the personal data of individuals who visit the website at https://law27.eu (“Website”) and engage with our document preparation services. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have in relation to it.

This Policy is issued in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”), which applies to the processing of personal data of individuals located in the European Union, regardless of where the data controller is established (Article 3(2) GDPR).

Please read this Policy carefully. By using the Website or placing an Order, you acknowledge that you have read and understood this Policy. This Policy should be read together with our Terms of Service and Cookie Policy.

§ 02

Data Controller

The controller of your personal data within the meaning of Article 4(7) GDPR is:

Omnexis Group LLC 5830 E 2nd St, Ste 7000 21135
Casper, Wyoming 82609
United States

EIN: 38-4340931

Email: office@law27.eu
Website: https://law27.eu

All data protection enquiries, requests to exercise data subject rights, and complaints should be directed to the email address above. We endeavour to respond within the timeframes set out in §15 below.

§ 03

Scope of Application

This Policy applies to all personal data processed by the Company in connection with:

  • visits to and use of the Website;
  • submission of enquiries via the contact form or by email;
  • the ordering, quotation, payment, and delivery process for our document preparation services;
  • any other communication between you and the Company.

This Policy does not apply to the websites or services of third parties that may be linked from the Website. We are not responsible for the data practices of such third parties.

§ 04

Personal Data We Collect

We collect and process the following categories of personal data, depending on how you interact with us:

CategoryData elementsSource
Identity dataFull name, name of legal entity (where applicable), position or roleProvided by you
Contact dataEmail address, correspondence address (where provided)Provided by you
Order & instruction dataDetails of the requested document, counterparty information, factual circumstances provided in instructions, uploaded files and attachmentsProvided by you
Payment dataTransaction reference, payment confirmation details. We do not store full payment card data; card processing is handled by our payment processor.Payment processor / provided by you
Technical dataIP address, browser type and version, operating system, referring URL, pages visited, time and date of accessCollected automatically
Communication dataContent of emails, contact form submissions, and any other correspondence with the CompanyProvided by you

We collect only the personal data that is necessary for the purposes described in §5. We do not knowingly collect special categories of personal data (Article 9 GDPR) unless you voluntarily include such information in your instructions, in which case it is processed solely for the purpose of preparing the requested document.

§ 05

Purposes of Processing & Legal Bases

We process personal data only where we have a valid legal basis under Article 6 GDPR. The table below sets out each processing purpose and its corresponding legal basis:

PurposeLegal basis (Article 6 GDPR)
Processing your enquiry and preparing a QuoteArt. 6(1)(b) — steps taken at the request of the data subject prior to entering into a contract
Performing the contract: preparing and delivering the requested DocumentArt. 6(1)(b) — performance of a contract to which the data subject is party
Processing and recording paymentArt. 6(1)(b) — performance of a contract; Art. 6(1)(c) — compliance with accounting and tax obligations
Responding to complaints and exercising or defending legal claimsArt. 6(1)(f) — legitimate interests of the Company in managing disputes and protecting its legal position
Compliance with legal obligations (e.g. record-keeping, anti-money-laundering checks)Art. 6(1)(c) — compliance with a legal obligation to which the Company is subject
Operating and improving the Website (analytics, security, performance)Art. 6(1)(f) — legitimate interests of the Company in operating a secure and functional website
Sending service-related communications (order confirmations, delivery notifications)Art. 6(1)(b) — performance of a contract
Direct marketing communications (where applicable)Art. 6(1)(a) — consent; or Art. 6(1)(f) — legitimate interests, subject to the right to object at any time

Where we rely on legitimate interests as our legal basis, we have assessed that our interests are not overridden by your interests or fundamental rights. You may request details of that assessment by contacting us at office@law27.eu.

§ 06

Retention Periods

We retain personal data only for as long as is necessary for the purposes for which it was collected, taking into account applicable legal obligations and limitation periods:

Data categoryRetention period
Order & instruction data, delivered Documents5 years from delivery, to cover contractual limitation periods and potential legal claims
Payment and invoicing records7 years from the date of the transaction, in accordance with applicable accounting and tax law
General correspondence and enquiries not resulting in an Order2 years from the date of last communication
Technical / server log dataUp to 12 months, unless retained longer for security or legal purposes
Data subject rights requests and related records3 years from resolution, to demonstrate compliance

Upon expiry of the applicable retention period, personal data is deleted or anonymised in a manner that prevents re-identification.

§ 07

Recipients & Processors

We do not sell, rent, or trade your personal data to third parties. We may share your data with the following categories of recipients, each of whom is bound by confidentiality and data processing obligations:

  • Payment service providers — to process payments securely on our behalf. These providers handle transaction data in accordance with PCI-DSS standards and applicable data protection law.
  • Cloud infrastructure and hosting providers — to operate, host, and maintain the Website and our internal systems.
  • Email delivery providers — to transmit order confirmations, Quotes, delivered Documents, and other service communications.
  • Analytics providers — to collect and analyse aggregated Website usage data (see §10 on Cookies).
  • Professional advisers — accountants, auditors, and legal counsel, where disclosure is necessary for compliance or the exercise of legal claims, under strict confidentiality obligations.
  • Public authorities — where we are legally required to disclose data pursuant to applicable law, a court order, or a binding regulatory request.

All third-party processors engaged by the Company are subject to a data processing agreement meeting the requirements of Article 28 GDPR.

§ 08

International Data Transfers

Omnexis Group LLC is incorporated in the United States of America. As a result, your personal data is transferred to and processed in a country that the European Commission has not — in general — deemed to provide an adequate level of data protection equivalent to the EU (Article 45 GDPR).

Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with Chapter V GDPR. Transfers to the Company itself (as controller established in the USA) are based on Standard Contractual Clauses adopted by the European Commission (Implementing Decision (EU) 2021/914), supplemented where necessary by technical and organisational measures assessed to ensure an equivalent level of protection.

Where personal data is transferred to sub-processors located outside the EEA, we require those processors to implement equivalent transfer mechanisms and to provide reasonable assurances regarding governmental access to data.

You may request a copy of the applicable transfer safeguards by contacting us at office@law27.eu.

§ 09

Your Rights as a Data Subject

If you are located in the European Union (or, where applicable, the United Kingdom or another jurisdiction with equivalent legislation), you have the following rights in respect of your personal data under Articles 15–22 GDPR:

  • Right of access (Art. 15) — you may request confirmation of whether we process your data and obtain a copy of that data, together with supplementary information about the processing.
  • Right to rectification (Art. 16) — you may request correction of inaccurate or completion of incomplete personal data.
  • Right to erasure / “right to be forgotten” (Art. 17) — you may request deletion of your personal data where there is no longer a lawful basis for processing, subject to our legal retention obligations.
  • Right to restriction of processing (Art. 18) — you may request that we limit processing of your data in certain circumstances (e.g. while you contest its accuracy).
  • Right to data portability (Art. 20) — where processing is based on consent or contract and carried out by automated means, you may request receipt of your data in a structured, commonly used, and machine-readable format.
  • Right to object (Art. 21) — you may object at any time to processing based on legitimate interests (Art. 6(1)(f)), including profiling, and to processing for direct marketing purposes. We will cease such processing unless we can demonstrate compelling legitimate grounds.
  • Right to withdraw consent (Art. 7(3)) — where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
  • Right not to be subject to automated decision-making (Art. 22) — we do not engage in fully automated decision-making (including profiling) that produces legal or similarly significant effects on you.

To exercise any of the above rights, submit a written request to office@law27.eu. We will respond within one calendar month of receipt of your request (Article 12(3) GDPR). Where a request is complex or we receive multiple requests, we may extend this period by a further two months, of which we will notify you.

We may ask you to verify your identity before processing a request, to ensure we do not disclose data to an unauthorised person.

You also have the right to lodge a complaint with the supervisory authority of your EU member state of habitual residence, place of work, or the place of the alleged infringement. A list of EU supervisory authorities is available at edpb.europa.eu.

§ 10

Cookies & Tracking Technologies

The Website uses cookies and similar tracking technologies to ensure correct functionality, measure traffic, and improve your browsing experience. Cookies are small text files stored on your device when you visit the Website.

We use the following categories of cookies:

  • Strictly necessary cookies — essential for the Website to function correctly. They do not require your consent and cannot be disabled without impairing core functionality.
  • Analytical / performance cookies — collect aggregated information about how visitors use the Website (pages visited, time spent, errors encountered). Used to improve Website performance. These cookies require your consent where applicable law demands it.
  • Functional cookies — remember your preferences (e.g. language settings) to provide a more personalised experience.
  • Marketing / targeting cookies — used to track visitors across websites to display relevant advertising. We use these only with your prior consent.

You may manage or withdraw your cookie consent at any time through your browser settings or our cookie consent tool. Withdrawal of consent for non-essential cookies does not affect the lawfulness of prior processing.

Full details on individual cookies, their providers, and their retention periods are set out in our Cookie Policy.

§ 11

Children’s Privacy

The Website and our Services are directed exclusively to adults and business users. We do not knowingly collect personal data from persons under the age of 18. If we become aware that personal data of a minor has been provided to us without appropriate parental consent, we will delete it promptly. If you believe that we may hold data relating to a minor, please contact us at office@law27.eu.

§ 12

Security Measures

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access, in accordance with Article 32 GDPR. These measures include, but are not limited to:

  • transport layer encryption (TLS/HTTPS) for all data transmitted between your device and the Website;
  • access controls ensuring that personal data is accessible only to authorised personnel on a need-to-know basis;
  • use of reputable, security-certified cloud infrastructure and payment processing providers;
  • regular review of our data protection practices and security posture.

No method of transmission over the internet or electronic storage is entirely secure. While we apply industry-standard measures, we cannot guarantee absolute security. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.

§ 13

Third-Party Links

The Website may contain links to third-party websites, tools, or services. This Policy does not apply to those third-party sites. We have no control over their content or privacy practices and accept no responsibility or liability for them. We encourage you to review the privacy policy of any third-party site you visit.

§ 14

Amendments to this Policy

We reserve the right to update or amend this Privacy Policy at any time. The revised version will be published on the Website with a new effective date. Where changes are material — particularly changes affecting your rights or the legal basis for processing — we will take reasonable steps to notify you directly (e.g. by email) where we hold your contact details.

Continued use of the Website following publication of an amended Policy constitutes acceptance of the updated terms. We encourage you to review this Policy periodically.

§ 15

Contact & Complaints

For all data protection enquiries, requests to exercise your rights, or complaints regarding our processing of your personal data, please contact us in writing:

Omnexis Group LLC — Data Protection 5830 E 2nd St, Ste 7000 21135, Casper, Wyoming 82609, USA

Email: office@law27.eu
Website: https://law27.eu

We will acknowledge receipt of your request within 5 business days and provide a substantive response within one calendar month of receipt, in accordance with Article 12(3) GDPR.

If you are not satisfied with our response, or if you believe that we are processing your personal data in breach of applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority in your EU member state of habitual residence or place of work. Contact details for all EU supervisory authorities are available on the European Data Protection Board website at edpb.europa.eu.