Privacy Policy

LEXIUM Lawyers & Consultants ("LEXIUM", "we", "our") is committed to protecting the privacy of its website visitors and clients. This policy explains how we collect, use, and protect personal data, in accordance with the Personal Data Protection Law (PDPL) issued by Royal Decree No. (M/19) dated 09/02/1443 AH and its Executive Regulations in the Kingdom of Saudi Arabia.

1. Data We Collect

We may collect the following types of personal data when you visit the website, request our services, or register on the client portal:

A) Data you provide voluntarily

• Full name, phone number, email address.
• Description of your legal matter and consultation area.
• Documents and files uploaded through the client portal.
• Password (encrypted using bcrypt — we never see it in plain form).

B) Data collected automatically

• Your device's IP address.
• Browser type and operating system.
• Pages visited and visit times.
• Referral source (the link that brought you to the site).

2. Purposes of Collection

We use your data only for the following legitimate purposes:

• Providing legal services: responding to your inquiries, drafting correspondence, representing you before judicial authorities.
• Managing the client portal: enabling you to follow your cases, message your legal team, and manage documents.
• Communication: sending notifications about your case, appointments, or service updates.
• Website improvement: analyzing visitor behavior (via Google Analytics).
• Regulatory compliance: fulfilling legal and accounting obligations.
• Security: preventing fraud and unauthorized access.

3. Legal Basis for Processing

We rely on one of the following bases when processing your data:

• Explicit consent when you submit the contact form or register on the portal.
• Performance of a contract (legal services agreement).
• Legitimate interest in operating and protecting the website.
• Legal obligation under applicable Saudi regulations.

4. Sharing With Third Parties

We do not sell your personal data to any third party. We may share your data only in the following cases:

• Judicial and governmental authorities within the context of your legal representation and with your consent.
• Trusted technical service providers (such as hosting and email services) under strict confidentiality agreements.
• Analytics tools (Google Analytics) in anonymized form to analyze visitor behavior.
• When legally required by a competent judicial or governmental authority.

Your relationship with your lawyer remains protected by the principle of professional confidentiality under the Saudi Law of Practice of Law. No information related to your case may be disclosed except with your written consent or by judicial order.

5. Data Retention Period

We retain your data for as long as necessary to fulfill the purposes described in this policy, or as required by Saudi law:

• Case files and legal correspondence: five (5) years from case closure, per the Saudi Law of Practice of Law.
• General contact data: three (3) years from last contact, unless you request earlier deletion.
• Technical site logs: up to twelve (12) months.

6. Your Rights as a Data Subject

Under the PDPL, you have the following rights:

• Right to be informed of the basis and purposes of processing.
• Right of access to a copy of your data stored with us.
• Right to rectification of any inaccurate or incomplete information.
• Right to erasure when the purpose has been fulfilled.
• Right to withdraw consent at any time without retroactive effect.

To exercise any of these rights, contact us at support@lexium.sa. We will respond within thirty (30) days.

7. Security Measures

We apply strict technical and organizational measures to protect your data, including:

• Full connection encryption via SSL/TLS.
• Passwords stored in encrypted form (bcrypt) that cannot be recovered.
• Protection against CSRF, SQL Injection, and XSS attacks.
• Rate limiting to prevent automated attempts.
• Audit logs for all sensitive administrative actions.
• Restricted access on a need-to-know basis only.

8. Cookies

Our website uses cookies to improve your experience. For full details on cookie types and management, please review our Cookie Policy.

9. Children's Privacy

Our services are not directed at individuals under eighteen (18) years of age. If we learn that a child has provided us with personal data, we will delete it immediately. If you are a parent and believe your child has provided us with data, please contact us.

10. Changes to This Policy

We may update this policy from time to time to reflect regulatory or operational changes. The updated version will be published on this page with the "Last updated" date at the top. Material changes will be notified to registered clients by email.

11. Contact Us

For any privacy-related inquiry or request:

If you are not satisfied with our response, you have the right to file a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) via its official website.