Welcome to mpm legal’s privacy notice.

mpm legal is committed to safeguarding the privacy of the personal information that is provided to us or collected by us during the course of our business, as well as the personal information that we receive from visitors to our mpm legal website (mpmlegal.co.uk).

mpm legal solutions Limited is a limited liability company with registered company number 08049479 and our registered office is at Chiltern House, 45 Station Road, Henley on Thames, RG9 1AT. mpm legal is registered with the Information Commissioner under registration number ZA029567.

 

Purpose of this notice

The purpose of this notice is to give you information about how mpm legal collects and processes your personal data.

A controller is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed.  We are the controller and responsible for the personal data that we are provided with or collect.

If you have any questions about this privacy notice, including any requests to exercise your rights, please contact Mark Minns, our Partner responsible for Privacy, using the details set out below:

Mark Minns
mpm legal solutions limited
Chiltern House
45 Station Road
Henley-on-Thames
RG9 1AT

 

The data we collect about you 

Personal data includes any information about an individual from which that person can be identified.

Special categories of personal data include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.

We collect, use, store and transfer different kinds of personal data about you.  We have grouped together the following categories of personal data to explain how this type of information is used by us:

  • Identity Data including your first name, middle names, maiden names, last name, marital status, title, date of birth, passport number, photographic identification and gender
  • Contact Data including your job title/function, the organisation you work for or are engaged by, email address, billing address, delivery address and telephone number
  • Business Information including information provided in the course of the client relationship between you or your organisation and mpm legal, or otherwise provided by you or your organisation
  • Financial Data including your bank account details
  • Marketing and Communication Data including your preferences in receiving marketing from us and your communication preferences
  • Profile and Usage Data including information about the use of our website, your usernames or passwords, your interests, feedback and survey responses. Typically, Profile and Usage Data will be collected by means of cookies or other similar technologies. For more information about the cookies we use, please see our Cookie Policy.
  • Technical Data including information collected when you access our website, your internet protocol (IP) address, your browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices that you use
  • Special Categories of Personal Data we process this type of data in limited circumstances, for example, where required to do so for legal or regulatory purposes or where you have provided us with such information as it is necessary for a specific service that we are providing to you.

 

How we collect your data

We use different methods to collect your personal data, including through the channels set out below:

Direct channels including where you or your organisation is our client or a prospective client, is a client or contact or prospective client of one of our clients, or a supplier or prospective supplier to us, you communicate with us, you visit our website or attend our events. Or, we may receive information about you from a client, prospective client or contact in circumstances where we are required to obtain information about you in connection with a dispute in the employment tribunal or courts.

Indirect channels including where your personal data has been provided by one of our members of staff, by someone else from your organisation, by someone else from another organisation with whom you or your organisation is dealing, by someone who has referred or recommended us to you, by someone involved in recruitment or visa applications, by or from publicly available sources and other third parties who decide to provide us with your details.

If you provide information to us about someone else you must ensure that you are entitled to disclose that information to us and that, without our taking any further steps, we may process that information in accordance with this Privacy Notice.  If you are in any doubt you should check with the relevant people in your organisation or seek your own legal advice.

 

How we use your data

The table below summarises the purposes for which we use your data and the legal basis on which we do so.

We may process your personal data for more than one legal basis depending on the specific purpose for which we are using it.  Please contact us at mark@mpmlegal.co.uk if you would like specific legal basis we are relying on to process your personal data where more than one ground is set out below.

 

Purpose and/or activity To conduct conflict of interest checks where you are a client or prospective client, a potential transaction counterparty or rival bidder, or a litigant in proceedings involving our client/prospective client
Type of data Identity Data
Contact Data
Legal basis for processing Legitimate interest: ensuring that we understand any conflict of interest which may arise for us in a matter
Legal or regulatory obligation
Performance of a contract

 

Purpose and/or activity Setting you or your organisation up as a client of mpm legal, including performing anti-money laundering, anti-terrorism, sanction screening, fraud and other background checks
Type of data Identity Data
Contact Data
Business Information
Financial Data
Special Categories of Personal Data
Legal basis for processing Legitimate interest: the efficient administration of our legal services
Legal or regulatory obligation
Performance of a contract
Public interest

 

Purpose and/or activity Providing and administering legal services on behalf of our clients, prospective clients or clients of our clients or prospective clients
Type of data Identity Data
Contact Data
Business Information
Financial Data
Special Categories of Personal Data
Legal basis for processing Legitimate interest: performing our business
Legal or regulatory obligation
Performance of a contract

 

Purpose and/or activity Dealing with introducers and referrers
Type of data Identity Data
Contact Data
Business Information
Financial Data
Special Categories of Personal Data
Legal basis for processing Legitimate interest: performing our business
Legal or regulatory obligation
Performance of a contract

 

Purpose and/or activity Relationship management, including complaints handling
Type of data Identity Data
Contact Data
Legal basis for processing Legitimate interest: ensuring that we provide a good service to our clients
Legal or regulatory obligation

 

Purpose and/or activity Business Development and marketing
Type of data Identity Data
Contact Data
Legal basis for processing Legitimate interest: marketing and promoting our services

 

Purpose and/or activity Communicating with you in response to an enquiry from you, or where you have asked us to provide you with communications from time to time or have indicated that you are happy to received such communications, such as updates on legal matters or about us
Type of data Identity Data
Contact Data
Marketing and Communications Data
Legal basis for processing Legitimate interest: providing a responsive service and/or marketing and promoting our services

 

Purpose and/or activity Recruitment purposes
Type of data Identity Data
Contact Data
Legal basis for processing Legitimate interest: recruitment of staff
Performance of contract
Consent

 

Purpose and/or activity Quality control
Type of data Identity Data
Contact Data
Business Information
Technical Data
Profile and Usage Data
Legal basis for processing Legitimate interest: providing a good quality service to our clients

 

Purpose and/or activity Security of our physical premises and our IT systems together with ensuring our safety whilst on our premises or at an event we have organised
Type of data Identity Data
Contact Data
Technical Data
Legal basis for processing Legitimate interest: keeping our information and infrastructure secure and ensuring physical safety

 

Purpose and/or activity Dealing with our insurers
Type of data Identity Data
Contact Data
Business Information
Legal basis for processing Legitimate interest: risk management

 

Purpose and/or activity Enforcing any legal claims against you or your organisation or defending any claims from you or your organisation
Type of data Identity Data
Contact Data
Business Information
Financial Data
Special Categories of Personal Data
Legal basis for processing Legitimate interest: establishing, enforcing or defending a legal claim

 

Purpose and/or activity To check whether we would have a conflict of interest in appointing you as a client or supplier
Type of data Identity Data
Contact Data
Business Information
Legal basis for processing Legitimate interest: risk management

 

Purpose and/or activity To take you on as a new supplier including performing anti-money laundering, anti-terrorism, sanction screening, fraud and other background checks
Type of data Identity Data
Contact Data
Legal basis for processing Legitimate interest: ensuring that we understand any conflict of interest which may arise for us in a matter
Legal or regulatory obligation
Performance of a contract

 

Purpose and/or activity Receiving and administering services
Type of data Identity Data
Contact Data
Business Information
Financial Data
Legal basis for processing Legitimate interest: supporting the effective running of our business
Performance of a contract

 

Purpose and/or activity Other purposes required by law
Type of data Any of the information detailed in this notice
Legal basis for processing Legal Obligation

 

Purpose and/or activity Other purposes described at the point of personal data
Type of data As described at point of collection
Legal basis for processing As described at point of collection

 

Change of Purpose

 We will only use your information for the purposes for which we collected it as detailed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.  If you would like to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at mark@mpmlegal.co.uk

 

Disclosures of your Personal Data

We may share your personal data as follows:

  • our professional advisers such as lawyers, accountants, counsel, expert witnesses, medical professionals and consultants;
  • any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
  • service providers who provide information technology and system administration services to us;
  • professional indemnity and other insurers;
  • organisations to whom we outsource certain services including practice management and office management systems, telephone reception services, archive storage providers, data hosting, website management, email marketing, confidential waste disposal, IT systems or software providers, IT support service providers, document and information storage providers;
  • organisations or individuals engaged by us in the course of providing our services to you or the organisation that you work for, such as consultants, other specialist law firms or barristers;
  • organisations with whom you or your organisation is dealing and their professional advisers;
  • postal or courier providers who assist us in delivering out postal marketing campaigns to you, or delivering documents related to our work for you;
  • prospective purchaser of our business or its assets;
  • referees where dealing with job applications.

 

International Transfers

In some cases, the parties who we use to process personal data on our behalf are based outside the EEA, therefore their processing of your personal data will involve a transfer of such data outside the EEA.  Similarly, in the course of advising clients based outside of the EEA, we may be required to share matter relevant personal data with them.  Where this is the case we will only share the minimal amount of personal data necessary for the purpose of processing.

Whenever we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we will only transfer your personal data to countries that have been deemed to provide and adequate level of protection for personal data by the European Commission;
  • where we use certain service providers, we may use specific contracts approved by the European Commission which gives personal data the same protection it has with the EEA; and
  • where we use providers based in the US, we may transfer personal data to them if they are certified under the EU-US Privacy Shield.

 

Data Security

We have put appropriate technical and organisational security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We have also put procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.  This includes for the purposes of satisfying any legal, accounting, insurance or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of specific retention periods for different aspects of your personal data are available from us on request by emailing mark@mpmlegal.co.uk

Upon expiry of the specific retention period we will securely destroy your personal data in accordance with applicable laws and regulations.

 

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.  It is our policy to respect those rights and we will act promptly and in accordance with any law, rule or regulation relating to the processing of your personal data.

Your rights are:

  • to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
  • right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
  • right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
  • right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
  • right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances. This right arises if you are disputing the accuracy of personal data, if you have raised an objection to processing, if processing of personal data is unlawful and you oppose erasure and request restriction instead or if the personal data is no longer required by us but you require the personal data to be retained to establish, exercise or defend a legal claim;
  • right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
  • right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
  • right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.

You may exercise any of your rights by emailing mark@mpmlegal.co.uk. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.