Legal Counsel
Department: Legal
Level: Senior operational / Management
Primary objective: Contract management, document compliance, GDPR, and the company's legal archive
What this role does
The Legal Counsel is the custodian of legally binding documents in CRMconnect: drafts and manages contracts with customers, suppliers, and employees; oversees internal approval flows; processes GDPR requests; and ensures no contract expires unnoticed. They are the legal interface between the platform and the company's juridical reality.
Modules used regularly
| Module | Where to find it | What you use it for |
|---|---|---|
| Customer Contracts | CRM → Contracts | Draft, send, sign, renew |
| Vendor Contracts | Acquisitions → Vendor Contracts | Framework contracts, NDAs with vendors |
| Document Management | Operations → Documents | Multi-level internal approval, policies, procedures |
| GDPR | Settings → GDPR | Consents, deletion requests, audit |
| Proposals | Sales → Proposals | T&C review, accepted proposals → contracts |
| Workflow Automation | Integrations → Automation | Expiry alerts, approval tasks, reminders |
| Utilities — Activity Log | Settings → Utilities | Export audit trail for litigation or audits |
| Custom Fields | Settings → Custom Fields | Legal fields on contracts |
| Internal Announcements | Marketing → Announcements | Publish policies and compliance alerts |
Daily routine
Morning — legal triage (15–20 min)
- Contracts expiring in 60 days —
/admin/contracts→ filterdateendbetween today and today +60 days → initiate renewal process or notify customer - Unsigned contracts — filter
signed = 0ANDmarked_as_signed = 0with send date > 3 days → follow up on signing - Documents awaiting your approval —
/admin/document_management→ documents withapproval = pendingwhere you are approver → review and approve/return - Unresolved GDPR requests —
/admin/gdpr→ deletion or data export requests without response → process within the 30-day legal deadline
Weekly
| Day | Activity |
|---|---|
| Monday | Review contracts newly created by Sales in the previous week — check standard clauses |
| Wednesday | Approve internal documents in Document Management that are pending |
| Friday | Contract status report: how many signed, pending, expired this month |
Managing customer contracts
Where: /admin/contracts
Complete flow: from template to signed contract
1. Template → Contract created
/admin/contracts/templates → select contract type (NDA, Service Agreement,
Framework Contract, Annex) → merge fields auto-populated from customer file
2. [Optional] Internal approval
→ Upload to Document Management for multi-level review
→ Approver 1 (Department Manager) → Approver 2 (Director)
→ On final approval → send to customer
3. Send to customer
→ "Send" button → email with unique link + PDF attached
→ Customer accesses link without authentication (secure hash)
4. Customer signature
→ Reads contract in browser → draws signature → "Accept & Sign"
→ System captures: IP, timestamp, signatory name, signature image
→ You receive automatic notification
5. Post-signing
→ Contract becomes read-only (can no longer be modified)
→ Any modification requires an Amendment (new contract with parent_id)
→ Archive in Document Management
Contract types and when to use them
| Type | When | Where |
|---|---|---|
| NDA | Before sensitive commercial discussions | /admin/contracts |
| Service Agreement | At each delivery engagement | /admin/contracts |
| Framework Contract | Recurring customers with annual volume — terms valid for all period invoices | /admin/contracts |
| Annex | Technical specifications, price lists, SLAs attached to a parent contract | /admin/contracts (parent_id) |
| Amendment | Clause modification to an existing signed contract | /admin/contracts (parent_id) |
| Vendor Contract | Procurement agreements, vendor NDA, external services | /admin/contracts_vendor |
| HR Contract | Individual employment contracts, salary amendments | /admin/hr_profile/contracts |
| Opportunity Contract | Letters of intent (LOI), pre-contracts, agreements in principle | /admin/contracts_opportunity |
Key merge fields for templates
| Merge field | What it populates |
|---|---|
{client_name} |
Customer company name |
{client_vat} |
Customer VAT number |
{client_address} |
Full address |
{contract_subject} |
Contract title |
{contract_nr} |
Contract number |
{contract_value} |
Contract value |
{datestart} / {dateend} |
Validity period |
{staff_name} |
Internal representative |
{current_date} |
Current date |
Important: if a merge field doesn't populate, it means the corresponding field is empty in the customer file. Complete the file before creating the contract.
Amendments and document hierarchy
Contracts can form hierarchies through the parent_id field:
Framework Contract #001/2026 (parent contract)
├── Annex 1 — Technical Specifications (parent_id = 001)
├── Annex 2 — Price List Q1 2026 (parent_id = 001)
└── Amendment 1 — Modification of clause 5.3 (parent_id = 001)
└── signed separately, same signing flow
When creating an Amendment:
- Don't modify the original signed contract (it's locked)
- Create new contract → select
parent_id= original contract - Document only the modified clauses
- Send for separate signing
Contract renewal
Where: From open contract → Renewal button
→ New record created in tblcontract_renewals with:
Old value vs. new value
Old start date vs. new start date
Who renewed + when
→ Signature option at renewal:
Keep existing signature (renew_keep_signature = 1)
→ customer doesn't need to sign again
Reset signature (renew_keep_signature = 0)
→ customer signs the new term again
→ useful when clauses have changed
Renewal history is visible from the open contract — you can track the evolution of values and terms throughout the entire customer relationship.
Document Management — internal approval flows
Where: /admin/document_management
When to use Document Management vs. Contracts
| Situation | Module |
|---|---|
| Document sent to customer for signing | Contracts |
| Internal document with multi-level approval | Document Management |
| Internal policies, procedures, regulations | Document Management |
| Technical proposals for director approval | Document Management |
Recommended folder structure
📁 Active Contracts/
📁 Customers 2026/
📁 Vendors 2026/
📁 Legal Templates/
📄 Standard NDA.docx
📄 Framework Services Contract.docx
📄 Service Agreement.docx
📁 Internal Documents/
📁 HR Policies/
📁 Compliance Procedures/
📁 GDPR/
📁 Archive/
📁 Expired Contracts 2025/
Approval flow
Document created or uploaded
↓
Approver 1 notified (e.g. Department Manager)
→ Approves → passes to next level
→ Rejects → returns to creator with justification note
↓
Approver 2 notified (e.g. Director)
→ Approves → Document FINAL APPROVED
→ Optionally: automatically moved to "Approved" folder
At each approval, captured: approver identity, IP, timestamp, comment (if any). Complete audit trail.
Document versioning
Each modification → new version saved automatically. You can:
- View complete version history
- Revert to previous version
- Download any version for external archiving
GDPR — compliance and data subject rights
Where: /admin/gdpr
Consent tracking
The system records every consent given or withdrawn:
- Who consented (contact or lead)
- For what purpose (marketing email, data sharing with partners, cookies)
- When and from which IP
- Action type:
opt-in(consent) oropt-out(withdrawal)
Processing deletion requests (right to be forgotten)
1. Customer requests data deletion
(from client portal or by email)
2. Request appears in /admin/gdpr with "pending" status
3. You verify:
→ Are there active contractual obligations? (unsigned contract, unpaid invoice)
→ Are there legal retention obligations? (invoices — 10 years, per fiscal law)
→ If no impediment → anonymise or delete
4. System anonymises personal fields in documents
(contracts remain in archive without identifiable data)
5. Reply to person with action confirmation
DEADLINE: 30 days from date of request (GDPR obligation)
Right to portability
From customer or lead file → export all data: activities, documents, communications, tickets. Provide the person with the complete file of stored data.
Custom GDPR fields on contracts
You can add custom fields from /admin/custom_fields for GDPR tracking:
- Legal basis for processing (art. 6(1)(a)/(b)/(c)/(f))
- Responsible DPO
- International data transfers
- Applicable retention period
Reviewing commercial proposals
Where: /admin/proposals
Proposals digitally accepted by the customer have quasi-contractual value — they capture IP, timestamp, acceptor name, and signature image.
Your role:
- Verify that the
termsfield in proposals contains the company's standard legal clauses (T&C) - On acceptance → system automatically creates a task or notification → you initiate the formal contract
- Create Contract button from the accepted proposal automatically pulls in customer and value
Configuring Workflow Automation for Legal
Where: /admin/workflow_automation
Essential automations to configure once:
| Trigger | Action | Benefit |
|---|---|---|
Contract dateend − 60 days |
Task "Initiate renewal — [customer]" → you | Zero unnoticed expired contracts |
Contract dateend − 30 days |
Reminder email → customer | Proactive external alert |
dateend passed |
Urgent notification → you + management | Last line of defence |
Contract signed (signed = 1) |
Task "Archive in Document Management" → you | Systematic archiving |
| Contract signed | Welcome / confirmation email → customer | Professional customer experience |
| DM document approved | Automatically move to "Approved" folder | Archiving without manual intervention |
| GDPR request received | Urgent task "Process GDPR request — 30-day deadline" → you | Compliance with legal deadline |
| Proposal accepted | Task "Issue formal contract" → you or agent | Sales → contract flow continuity |
| Contract created by Sales | Task "Legal review" → you | No contract without verification |
Communicating with customers on contracts
Where: Comments tab from open contract
Works bidirectionally:
- You add comment → customer receives email + sees it in client portal
- Customer adds comment from portal → you receive notification
Practical use:
- Clause clarifications before signing
- Term negotiations (chronologically documented)
- Receipt confirmations
- Modification requests with response and justification
The entire exchange is archived with timestamp and author — evidentiary value in case of dispute.
Monitoring contracts — useful filters
Filter in /admin/contracts |
What you find |
|---|---|
dateend < today |
Already expired contracts — archive or action |
dateend in 30 days |
Expiring this month — urgent renewal |
dateend in 31–60 days |
Expiring in 2 months — initiate renegotiation |
signed = 0 + marked_as_signed = 0 |
Unsigned — follow up on signing |
signed = 1 OR marked_as_signed = 1 |
Active archive |
Per contract_type = NDA |
Only non-disclosure agreements |
| Per customer | All contracts for a specific customer |
Audit trail — what's logged automatically
You don't need to manually document actions — the system logs automatically:
| Event | What's captured |
|---|---|
| Contract created | Staff, timestamp, subject, customer |
| Contract sent | Timestamp, recipient email |
| Contract digitally signed | IP, timestamp, signatory name, signature image |
| Contract marked as manually signed | Staff, timestamp |
| Contract renewed | Staff, timestamp, old vs. new values and periods |
| Comment added | Author, timestamp, content |
| DM document approved/rejected | Approver, IP, timestamp, note |
| Document accessed | User, timestamp (Document Management) |
Export log: /admin/utilities/activity_log — filterable by staff, period, action type. Useful for external audits or litigation files.
Metrics to track
| Indicator | Target |
|---|---|
| Expired contracts without action | 0 — workflow alerts must fully prevent this |
Average signing time (from send to signed = 1) |
< 5 working days |
| Unsigned contracts > 14 days | Escalate to account manager |
| GDPR requests processed on time | 100% within 30 days |
| Documents approved in DM on time | 100% within configured deadline (number_day_approval) |
Collaboration with other departments
| Department | How you collaborate |
|---|---|
| Sales | Review newly created contracts; notified on proposal acceptance to issue formal contract |
| Acquisitions / VRM | Draft and renew framework contracts with vendors |
| HR | Manage individual employment contracts, amendments, signed job descriptions |
| Finance | Active contracts define invoicing and payment terms; CFO needs list of expired contracts for provisioning |
| IT/Admin | Request custom fields on contracts for legal tracking; escalate technical issues (merge fields, SMTP) |
Practical tips
Good templates save hours of work. Investing in 3–5 well-drafted templates — with correct merge fields and validated standard clauses — eliminates manual drafting for 90% of contracts. Any contract that deviates from standard → Amendment on top of template, not new contract from scratch.
Accepted proposal ≠ signed contract. It has evidentiary value, not full enforceability. Convert to formal contract immediately after acceptance — especially for engagements > 6 months or significant values.
No contract expires without your knowledge. The 60-day and 30-day workflow alerts are mandatory. An expired unrenewed contract can leave services running without a contractual basis — legal and financial risk.
GDPR is not bureaucracy, it's a deadline. 30 days from request. If you don't have a Workflow configured to alert on GDPR request — configure it today.
Document Management is the living legal archive. Don't store signed contracts only in email or on a local filesystem. Any document with legal value → in DM with correct folder, versioning enabled, permissions set. At an audit or dispute, you need instant access to any document from the last 10 years.
Configure Workflow Automation to send contract renewal alerts 60 and 30 days before expiry — the platform sends these automatically so no contract lapses unnoticed regardless of how many active agreements are in the system.
GDPR right-to-erasure requests have a strict 30-day legal deadline. Configure a Workflow that creates an assigned task immediately when a GDPR request is logged — a missed deadline is a regulatory violation regardless of workload.