Who we are
We are Macfarlanes LLP, the City of London based, international law firm, and entities controlled by Macfarlanes LLP through which it carries out its business ("Macfarlanes", "we", "us" or "our").
As an independent law firm, who determine the purposes for which we process personal information, we will usually be the data controller in relation to that processing.
Our registered office is at 20 Cursitor Street, London, EC4A 1LT, and we are authorised and regulated in England and Wales by the Solicitors Regulation Authority.
How you can contact us
The personal information we hold
"Personal information" is information that can be used to identify you or that is about you. We collect and process the following personal information:
- identity, contact and background information such as your full name, address, title, telephone number, email address, gender, business and personal, biographical and background information, information about your employer or business and/or information about your employees and officers, as relevant;
- financial information, including source of and net wealth, assets held, source of funds and bank account details;
- technical information, such as the number and frequency of visits you make to our website, your geographic location, your operating system and browser type and the search terms you use, which we receive via our technology tools; and
- marketing information such as your marketing preferences.
We may process special categories of personal information. The General Data Protection Regulation (GDPR) provides that this includes data concerning your health, personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, data concerning sexual orientation or data relating to a criminal record or alleged criminal activity.
We will only process and share special categories of personal information for marketing purposes, for example in relation to your dietary or access requirements, if necessary for a particular event and we will not keep such data longer than is needed for such event.
How we collect, or you provide, personal information to us
We collect, or you provide, your personal information to us:
- when signing up for services and/or to receive information via our technology tools, including when you sign up for a virtual trainee experience;
- in connection with our provision of legal services:
- if you are a client of Macfarlanes you or your intermediary may provide us with personal information about you and others and we may collect information about you and others, including your personnel, from other public and non-public sources, as necessary for our provision of legal services including carrying out our client/matter inception procedures;
- if you are not a client, we may collect or be provided with your personal information because you are involved with one or more of our clients’ matters;
- in connection with your provision of services to us; and
- in connection with a recruitment application, including via virtual assessment centres.
Why we process your personal information
We process your personal information:
- to provide legal, trustee and trust administration services to our relevant clients, which, if you are not a client, may involve our handling your personal information on behalf of our clients; we may disclose personal information to third parties if reasonably necessary in connection with our provision of legal and other services;
- to manage and administer our relationships with our clients, their personnel and intermediaries and our other business, supplier and professional contacts;
- to comply with our legal, regulatory and risk management (including anti-financial crime, data protection, conflicts, security and information security, complaints handling and insurer notification) obligations; our client/matter inception procedures may involve our processing: i) copies of your or your personnel’s identity documents (e.g. passport copies) and other background information; and ii) personal data when we carry out customer due diligence background checks through third party suppliers, including Refinitiv, whose privacy statement can be found on its website: www.refinitiv.com/en/products/world-check-kyc-screening/privacy-statement;
- to establish, exercise or defend our legal rights and/or for the purpose of legal proceedings;
- for recruitment purposes, (including via virtual assessment centres and virtual trainee experiences);
- to promote our legal services, including sending you and your personnel newsletters, legal updates, marketing communications and other information that may be of interest and inviting you to events; and
- to record and monitor your visits to our website and use of our technology tools.
You have the right to ask us not to not send you marketing messages by post, telephone or e-mail or any combination of these at any time.
You can do this:
- by replying directly to our marketing message;
- by unsubscribing from all marketing by clicking the appropriate link in any marketing message you receive from us; or
- at any time by contacting us at email@example.com.
Legal grounds for processing your personal information
We rely on the following legal grounds to process your personal information:
- performance of a contract, typically for our legal services but the contract may alternatively involve your provision of services to us if you are a supplier;
- compliance with law or regulation;
- our and others’ (including our clients’) legitimate business interests whilst applying appropriate safeguards that protect your privacy; or
Where we process special categories of personal information, we will do so on one of the following bases:
- your explicit consent;
- where necessary for the establishment, exercise or defence of legal claims; or
- in relation to employment, where necessary for carrying out our obligations and exercising specific rights as a data controller.
We do not use your personal data for solely automated decision-making or profiling.
Sharing your personal information
We may share your personal information with trusted third parties both within and outside the European Economic Area (EEA) pursuant to contractual arrangements or regulatory obligations we have with or owe to them, including:
- third party professional advisers such as barristers and overseas law firms;
- our bank and pooled client account provider;
- suppliers to whom we outsource certain support services such as word processing, translation, photocopying, e-disclosure, data room provision and document review;
- other suppliers of good and services (including IT services) to Macfarlanes;
- our auditors, insurers, brokers and other advisers;
- third parties involved with the services we provide to clients such as counterparties and their solicitors, accountants, surveyors, family offices and other intermediaries and courts, tribunals, public registrars and stock exchanges; and
- third parties involved in organising events or seminars.
On occasions we may need to share your personal information with regulatory authorities, government agencies and law enforcement agencies. If so, we will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
The level of information protection in countries outside the EEA may be lower than that offered within the EEA. Where third parties with whom we share your personal information process it outside the EEA, our written agreement with them will include appropriate contractual clauses to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.
We may use social media sites such as LinkedIn, Facebook and Twitter and you are directed to such sites’ own privacy policies in relation to how they may process your personal information.
Where we store your information
In the course of our business, including where we share information as set out above and when our personnel are working overseas, we may need to transfer your personal information to locations outside England and Belgium, where we have offices, including to countries outside the EEA.
Keeping your personal information
We will keep your personal information on our various systems, for the periods specified in relation to the relevant system in our data protection policy.
When determining relevant retention periods, we take into account factors including:
- our contractual and business relationships with you and the purpose for which we hold your personal information;
- legal obligations to retain data for a certain period of time;
- relevant statutes of limitations;
- potential disputes;
- best practice; and
- guidelines issued by our regulator and relevant supervisory authorities.
We ensure that the personal information we hold is secured by appropriate technical and organisational security measures. We have put in place and trained all our personnel on procedures to deal with data breaches. We will notify you and any applicable regulator of a breach where we are legally required to do so.
Your rights in connection with personal information
Under certain circumstances, by law you may have the right to:
- request access to your personal information and information about how we process it (known as a "subject access request"); should you wish to make a subject access request, then please contact us at: firstname.lastname@example.org; we may need to refuse your request for your personal information, if it is the subject of legal professional privilege belonging to one or more of our clients;
- object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground; you also have the right to object where we are processing your personal information for direct marketing purposes;
- request rectification or deletion of the personal information that we hold about you;
- request the restriction of processing of your personal information; or
- request the transfer of your personal information to another party in a machine-readable, commonly used and structured format.
If you want to exercise any of these rights, other than a subject access request, then please contact us at email@example.com. The above rights are not absolute and each is subject to exceptions and qualifications. We will respond to your request within one month of its receipt. In some cases we may not be able to fulfil your request before this date, and may need to request more time. Where we cannot provide a full response to you for any reason, we will let you know about this in our initial reply to your request.
If your provision of your personal information to us is a legal or contractual requirement or necessary for us to fulfil a contract with you and you choose not to provide it, we may not be able to provide legal or other services to you.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your business relationship with us.
Cookies and web beacons
The cookies we use are "analytical cookies" sent by Google Analytics. They allow us to recognise and count the number of visitors and to recognise and track which parts of our website you visit when you are using our website. This helps us to improve the way our website works, for example by making sure visitors are finding what they need easily.
An overview of Google Analytics is available at http://www.google.co.uk/intl/en/analytics/privacyoverview.html.
You are not obliged to accept cookies. If you wish, you can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to refuse to receive or send all cookies. The website http://www.allaboutcookies.org/ (run by the Interactive Marketing Bureau) contains step-by-step guidance on how cookies can be switched off by users.
Google Analytics also uses web beacons (also known as web bugs). A "web beacon" is a clear picture file which keeps track of your navigation through the website. Turning off the website's cookies as detailed above will prevent web beacons from tracking your specific activity. The web beacon may still record an anonymous visit from your IP address but unique information will not be recorded.
If you wish to opt out of being tracked by Google Analytics across all websites you can visit http://tools.google.com/dlpage/gaoptout and download the Google Analytics Opt-out Browser Add-on.
More information on cookies and web beacons is available at the website http://www.allaboutcookies.org/
To review or change your cookie settings, please click here:
Right to complain
If you wish to request further information about any of the above rights, or if you are unhappy with how we have handled your information, please contact us at firstname.lastname@example.org.
If you are not satisfied with our response to your complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office at https://ico.org.uk/global/contact-us/ or on T: 0303 123 1113.
We may update this policy at any time without notice; any changes will be notified to you using the email address you have given us and/or by an announcement on this website. Your continued use of this website, following the posting of changes to these terms, will mean you accept these changes.