Skip to main content
LexLogik LogoLexLogik

Legal

SRA Compliance & Confidentiality (UK)

UK GDPR, SRA Code of Conduct & Legal Professional Privilege

In accordance with the SRA Code of Conduct for Solicitors, law firms and practitioners may outsource specific tasks to external service providers. As a provider of high-security infrastructure for document processing, LexLogik UG is fully committed to upholding the strict requirements of Legal Professional Privilege (LPP) and the Duty of Confidentiality as required by UK legal standards.

LexLogik UG acknowledges its role as a "service provider" and "data processor" and is committed to the following standards:

1. Duty of Confidentiality

The Client (LexLogik user) is bound by a strict duty of confidentiality towards their clients under Paragraph 6.3 of the SRA Code of Conduct. This duty applies to all information communicated to the solicitor in their professional capacity.

LexLogik UG acts as a supporting party to the Client's professional activities. We are therefore contractually bound to the same standard of confidentiality as the Client. LexLogik UG maintains strict secrecy regarding all "protected information" and "secrets" accessed during the processing of documents.

2. Scope of Data Access

LexLogik UG shall only access confidential information to the extent strictly necessary for the fulfilment of its contractual obligations (technical processing and software provision). Through our Zero-Retention Architecture and sovereign servers located in Germany, human access to data is reduced to the absolute technical minimum.

The EU has recognised UK adequacy under Commission Implementing Decision (EU) 2021/1772, as renewed by the European Commission in December 2024 (in force through 2031), and the UK Government has recognised EEA adequacy for transfers to Germany. Processing therefore qualifies as a permitted international transfer under UK GDPR Chapter V.

Frontend delivery: Our marketing website uses Cloudflare (US, Data Privacy Framework certified) for security and performance. Document content you upload for processing is transmitted directly to our servers in Germany and is never routed through Cloudflare; it remains on EU-only infrastructure for processing.

3. Engagement of Third Parties

LexLogik UG is authorised to engage further persons (employees or specialised sub-processors) to fulfil the contract. Should LexLogik UG engage such parties, it will bind them to strict confidentiality in writing, ensuring a level of protection equivalent to the requirements of the SRA Code of Conduct.

4. Legal Liability and Sanctions

LexLogik UG is expressly aware of the legal consequences regarding the unauthorised disclosure of information. While the UK does not have a direct equivalent to § 203 StGB, breaches are subject to:

  • Civil Liability: Action for Breach of Confidence, which can result in significant damages and injunctions.
  • Regulatory Sanctions: Failure to protect client data may lead to investigations by the Information Commissioner's Office (ICO) and the SRA.
  • Criminal Liability: Unlawful obtaining or disclosure of personal data may constitute a criminal offence under Section 170 of the Data Protection Act 2018 or the Computer Misuse Act 1990.

Our Promise to the UK Legal Profession

We have designed LexLogik to exceed standard cloud security, ensuring that your data remains within a secure, European ecosystem:

  • Reduced exposure to the US CLOUD Act: As a German entity using only EU-headquartered infrastructure providers for document processing, our processing falls outside the direct scope of the US CLOUD Act. (Marketing pages may use Cloudflare; document uploads do not pass through Cloudflare - see section 2.)
  • UK GDPR Compliance: We provide a comprehensive Data Processing Agreement (DPA) that supports international data transfers from the UK to the EEA. Download DPA (PDF)
  • Zero-Retention Paradigm: Document data is processed exclusively in volatile RAM. No client data is persistently stored on physical disks, and instances are destroyed immediately after processing.
  • ISO 27001 (hosting): We host with Hetzner Online GmbH in ISO 27001-certified German data centres and apply rigorous security practices for our systems and operations.

For detailed information regarding our Technical and Organisational Measures (TOMs) or to request a bespoke Non-Disclosure Agreement (NDA), please contact us.

Contact: info@lexlogik.com

Back to home