Privacy Policy

Revised January 2021

This Policy explains when and why we collect personal data, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Any questions or comments regarding this Policy should be sent by email to privacy@maysbrown.com or in writing to Mays Brown Solicitors, 66 Royal Mint Street, London, E1 8LG, United Kingdom.

Who we are

Mays Brown Solicitors will be the Controller of the personal data you provide to us and is registered with the ICO under number ZA334575. Mays Brown Solicitors is the trading name of Mays Brown Limited, a limited liability company registered in England and Wales (with registered number 09104589) authorised and regulated by the Solicitors Regulation Authority with registration number 615313. A list of directors is open to inspection at the registered office, 66 Royal Mint Street, London E1 8LG.

What type of personal data is collected from you

We collect and process personal data provided by you in the course of our business. In circumstances where we are instructed by organisations, we collect and process data concerning: individuals who work for such organisations; directors and shareholders of such organisations; and third-party advisors and contractors of such organisations. We also collect and process personal data concerning individuals who are involved directly or indirectly in client matters. We may also collect and process data concerning individuals who are not our clients, for the purposes of marketing and developing business relationships. The data we collect may include details regarding your identity (title, first name, last name, maiden name); contact details (work addresses, telephone and fax numbers, email addresses and other relevant contact information); employment information (organisation name, title or position). We only collect basic personal data about you which does not include any special categories of information.

How we collect this data

We use different methods to collect data about you, including through: direct interactions with you; the organisation(s) for which you work; our clients; other parties involved in a client matter; professional advisors; and publicly available sources (such as information available online).

How we use this data

We need to process your basic personal data for the following purposes:

Purpose Lawful Basis
To carry out our obligations arising from any contracts entered into between you and us Performance of a Contract (GDPR Art. 6.1.b)
To provide legal services such as the conduct of litigation or legal advice Performance of a Contract (GDPR Art. 6.1.b)
Legitimate Interest (GDPR Art. 6.1.f)
To communicate with you on client matters Legitimate Interest (GDPR Art. 6.1.f)
To promote our services, e.g. sending legal updates Legitimate Interest (GDPR Art. 6.1.f)
To maintain our records and accounts Legal Obligation (GDPR Art. 6.1.c)
To comply with our legal, professional and other regulatory obligations Legal Obligation (GDPR Art. 6.1.c)

You can ask us to stop sending marketing emails at any time by contacting us at privacy@maysbrown.com. This will not affect any communications with you for the purposes of providing our services.

We will never sell or rent your personal data to third parties, nor will we share your data with third parties for marketing purposes.

Who has access to this data

Personal data will accessed by our staff based in the United Kingdom. This data may be shared with third party suppliers necessary for digital audio typing, archiving and the day-to-day operation of our business. We have confidentiality agreements in place with these suppliers. In order to fulfil our contractual obligations and / or to provide our services to clients, it may be necessary to share personal data with other third party suppliers or service providers such as:

  • Barristers
  • Arbitrators
  • Courts of Law
  • Experts
  • Local lawyers
  • Translators
  • Surveyors
  • Correspondents

External firms or organisations may conduct audit or quality checks on our practice. These external firms or organisations are required to maintain confidentiality in relation to your data.

Data transfers

Occasionally, in order to provide our services, we may transfer personal data to countries outside of the UK or the European Economic Area (“EEA”) which may not provide the same level of data protection as the UK or EEA. We will only transfer personal data to third party suppliers or service providers in these countries in accordance with instructions from our clients or when it is necessary for the establishment, exercise or defence of legal claims. We will take all reasonable steps to ensure that this data is kept secure.

Data security

We have in place appropriate IT systems and physical security measures to protect the security and confidentiality of the information and personal data that you provide to us and protect against the risks of hacking, malicious viruses / programs and ransomware attacks etc. While we strive to protect your personal data, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Data retention

We will only keep your personal data on our systems for as long as is necessary for the relevant purpose(s) and under our legal, professional and regulatory obligations.

How to update your data

If you are aware or become aware of any inaccuracies or errors with regard to your personal data please let us know by contacting privacy@maysbrown.com.

Your rights

As a data subject you will have rights in relation to personal data that we hold about you.

These are:

  • The right to be informed – you have the right to be informed about the collection and use of your personal data.
  • The right of access – you have the right to request access to your personal data.
  • The right to rectification – you have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • The right to erasure – you may have the right to have personal data erased (‘the right to be forgotten’) depending on our legal basis for processing it.
  • The right to restrict processing – you may have the right to request the restriction or suppression of your personal data if you believe that the data is inaccurate or the data has been unlawfully processed.
  • The right to data portability – you may have the right to obtain and reuse your personal data for your own purposes across different services depending on our legal basis for processing it.
  • The right to object – you have the right to object to our processing of your personal data for direct marketing purposes at any time. You may have the right to object to our processing of personal data for other purposes depending on our legal basis for processing it.

If you have any queries or concerns regarding our Privacy Policy or the personal data we are processing then please contact us in the first instance and we will investigate the matter. However, if after contacting us you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at https://ico.org.uk/global/contact-us/ or on +44 (0)303 123 1113.

EU GDPR Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Mays Brown Solicitors has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

– by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
– by writing to EDPO at: Avenue Huart Hamoir 71, 1030 Brussels, Belgium

Updates to this Policy

We will keep this Policy under regular review and will place any updates on our website at https://maysbrown.com/privacy-policy/