Privacy Policy

May 2018

This Policy explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

Any questions or comments regarding this Policy should be sent by email to or in writing to Mays Brown Solicitors, 66 Royal Mint Street, London, E1 8LG, United Kingdom.

Who we are

Mays Brown Limited will be the Controller of the personal data you provide to us and is registered with the ICO under number ZA334575. Mays Brown Solicitors is the trading name of Mays Brown Limited, a limited liability company registered in England and Wales (with registered number 09104589) authorised and regulated by the Solicitors Regulation Authority with registration number 615313. A list of directors is open to inspection at the registered office, 66 Royal Mint Street, London E1 8LG.

What type of information is collected from you

We collect and process personal information provided by you in the course of our business. In circumstances where we are instructed by organisations, we collect and process information concerning: individuals who work for such organisations; directors and shareholders of such organisations; and third-party advisors and contractors of such organisations. We also collect and process personal information concerning individuals who are involved directly or indirectly in client matters. We may also collect and process information concerning individuals who are not our clients, for the purposes of marketing and developing business relationships. The information we collect may include details regarding your identity (title, first name, last name, maiden name); contact details (work addresses, telephone and fax numbers, email addresses and other relevant contact information); employment information (organisation name, title or position). We only collect basic personal data about you which does not include any special categories of information.

How we collect this information

We use different methods to collect data about you, including through: direct interactions with you; the organisation(s) for which you work; our clients; other parties involved in a client matter; professional advisors; and publicly available sources (such as information available online).

How we use this information

We need to process your basic personal information for the following purposes:

Purpose Lawful Basis
To carry out our obligations arising from any contracts entered into between you and us Legitimate Interest (GDPR Art. 6.1.f)
To provide legal services such as the conduct of litigation or legal advice Legitimate Interest (GDPR Art. 6.1.f)
To communicate with you on client matters Legitimate Interest (GDPR Art. 6.1.f)
To promote our services, e.g. sending legal updates Legitimate Interest (GDPR Art. 6.1.f)
To maintain our records and accounts Legal Obligation (GDPR Art. 6.1.c)
To comply with our legal, professional and other regulatory obligations Legal Obligation (GDPR Art. 6.1.c)

You can ask us to stop sending marketing emails at any time by contacting us at This will not affect any communications with you for the purposes of providing our services.

We will never sell or rent your personal information to third parties, nor will we share your information with third parties for marketing purposes.

Who has access to this information

Personal information will be accessed by our staff based in the UK. This information may be shared with third party suppliers necessary for digital audio typing, archiving and the day-today operation of our business. We have confidentiality agreements in place with these suppliers. In order to fulfil our contractual obligations and / or to provide our services to clients, it may be necessary to share personal information with other third party suppliers or service providers such as:

  • Barristers
  • Arbitrators
  • Courts of Law
  • Experts
  • Local lawyers
  • Translators
  • Surveyors
  • Correspondents

Occasionally we will transfer data outside of the EU/EEA. When personal data is sent to these third party suppliers or service providers it will usually be in accordance with instructions from our clients. We will take all reasonable steps to ensure that this data is kept secure. External firms or organisations may conduct audit or quality checks on our practice. These external firms or organisations are required to maintain confidentiality in relation to your files.

Data security

We have in place appropriate IT systems and physical security measures to protect the security and confidentiality of the information and personal data that you provide to us and and protect against the risks of hacking, malicious viruses / programs and ransomware attacks etc. While we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems.

Data retention

We will only keep your personal information on our systems for as long as is necessary for the relevant purpose(s) and under our legal, professional and regulatory obligations.

How to update your data

If you are aware or become aware of any inaccuracies or errors with regard to your personal information please let us know by contacting

Your rights

The European Union’s GDPR and other applicable data protection laws provide certain rights for data subjects.

These are:

  • The right to be informed – you have the right to be informed about the collection and use of your personal data.
  • The right of access – you have the right to request access to your personal data.
  • The right to rectification – you have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • The right to erasure – you may have the right to have personal data erased (‘the right to be forgotten’) depending on our legal basis for processing it.
  • The right to restrict processing – you may have the right to request the restriction or suppression of your personal data if you believe that the data is inaccurate or the data has been unlawfully processed.
  • The right to data portability – you may have the right to obtain and reuse your personal data for your own purposes across different services depending on our legal basis for processing it.
  • The right to object – you have the right to object to our processing of your personal data for direct marketing purposes at any time. You may have the right to object to our processing of personal data for other purposes depending on our legal basis for processing it.

If you have any queries or concerns regarding our Privacy Policy or the personal information we are processing then please contact us in the first instance and we will investigate the matter. However, if after contacting us you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner’s Office (ICO) at or on +44 (0)303 123 1113.

Updates to this Policy

We will keep this Policy under regular review and will place any updates on our website at