Privacy policy

This website is owned and operated by Mathys & Squire LLP (“Mathys & Squire”, “us”, “we” or “our”).

This Privacy Notice governs the processing of personal data that you provide to us, that we collect or receive from you or that we receive about you when visiting our website and/or engage us to provide you with services (“Services”). Personal data is any information relating to an identified or identifiable natural person.

Please read this Privacy Notice carefully as it explains what personal data we process, how we use that personal data, who we share it with, and your rights as well as other information regarding our practices regarding the handling of your personal data.

For the purposes of applicable data protection laws, the controller is Mathys & Squire LLP, The Shard, 32 London Bridge Street, London SE1 9SG.

What personal data do we process?

This Privacy Notice describes the personal data we process of visitors to our website as well as business contacts of our clients. We primarily provide services to businesses, and therefore process personal data of individuals which work for or are associated with those businesses (e.g. business contact information). We may also receive personal data of clients if they are acting and instructing us in an individual capacity.

Information you provide to us

We may collect and use personal data from you such as your name, job title, postal and email address, telephone number and other personal data necessary to provide you with our Services.

Information received from third parties and publicly available sources

We may also receive personal data about you from third parties such as a third party acting on your behalf (e.g. a professional advisor) or from publically available sources or registers where necessary.

Website usage information

When you visit our website, we may use cookies and other technologies to automatically collect the following information:

• Technical information, including your IP address, browser type and version, device identifier, location and time zone setting, browser plug-in types and versions, operating system and platform, page response times and download errors;

• information about your visit, including the websites you visit before our websites and products or services you viewed or searched for;

• number of visits, length of visits to certain pages, pages viewed, page interaction information (such as scrolling, clicks and mouseovers) and methods used to browse away from the page; and

• similar information for additional content that can be accessed from website pages, such as opening or printing documents or which videos are played and for how long.

For further information about our use of cookies on our website, please see our cookies policy.

How do we use personal data?

We use your personal data for the following purposes:

1. Our Services. We use your personal data to provide you with our Services, for example we will use your personal data where this is necessary for us to perform our obligations under a contract with you.

Legal Basis: We use your personal data in this ways as it is necessary for us to perform our contractual obligations to you. It is also necessary for our legitimate interests to provide you with access to our Website and to provide you with our Services.

2. Website: We use your personal data to diagnose problems with our Website or administer our Website, to analyse user traffic to measure use of our Website and to improve the content of our Website and our Services as well as to keep our Website safe and secure. We also use cookies on our Website for the purposes set out in our cookies policy.

Legal Basis: We use your personal data in this way as it is necessary for our legitimate interest to: (a) analyse user traffic so that we can improve our Website and meet the needs of visitors to our Website; (b) to provide you with access to our Website; and (c) monitor how our Website is used to detect and prevent fraud, other crimes and the misuse of our Website. This helps us to ensure that you can safely use our Website. Where we use cookies, we rely on your consent to place cookies as required under applicable laws – please see our cookies policy for further information and how to manage cookies.

3.  Comply with legal requirements and exercise or defend legal claims. We may need to process personal data to comply with legal requirements to which we are subject and/or to defend legal claims or exercise our legal rights.

Legal Basis: Processing personal data in this way is necessary to ensure compliance with our legal obligations. It is also necessary for our legitimate interests to process personal data for the purposes of exercising and defending legal claims.

4.  To provide you with information about our products and services. We use your personal data (such as your email address or other contact details) to send you information about our Services and other information which may be of interest to you, including events, updates and other relevant information.

Legal Basis: Where we are permitted to send you such messages under applicable laws, our legal basis for processing your personal data is that it is necessary for our legitimate interests to promote our Services and provide you with other information which may be of interest to you. We will not send such messages to you if you have opted out of receiving these (please see “Your Rights” below for further information).

5. For our records, administration and managing our relationship with you. We will keep records of your personal data, such as your name, address, account details and marketing preferences, in order to administer our Services and keep our records up to date.

Legal Basis: We use your personal data in this ways as it is necessary for our legitimate interest to keep records of your personal details and update these when necessary.  It is also in our legitimate interests to keep records of any correspondence with you.  Our clients are important to us and so we need to keep track of your details and preferences.

The provision of your personal data is necessary when personal data is needed for the purposes of entering into or servicing a contract that you, or a company you are associated with, has with us or to receive the products or services or information you or your company request, or to comply with applicable laws and regulations.  Refusal to provide your information may make it impossible for us to provide the products, services or information requested or to fulfil our contractual obligations.

The provision of your personal data for marketing purposes and use of cookies is voluntary.  Marketing may be sent by email, but also sometimes through postal mail or telephone. Please see further information below under “Your Rights” in relation to your rights to opt out of receiving marketing messages. Please see our cookies policy for further information on how to manage cookies. 

How long we keep personal data for?

We will only retain your personal data for as long as is necessary for the purposes for which that personal data was collected or processed and to the extent permitted by applicable laws. When we no longer need to use your personal data, we will remove it from our systems/records are/or take steps to anonymise such information so that you can no longer be identified from it (unless we need to keep your personal data for a longer period to comply with legal or regulatory obligations to which we are subject).

Who do we share personal data with?

We may share your personal data with the following third party organisations:

• Within Mathys & Squire:  We may share your personal data among other offices, affiliates and locations within our firm, in order to administer our Services, provide you with our Services, understand your preferences, send you information about products and services that may be of interest to you, and conduct the other activities described in this Privacy Notice.

• Auditors and other professional advisers where necessary or required;

• Our service providers.  We use other companies or contractors (“Service Providers”) to perform services on our behalf or to assist us with the provision of the Services to you.  We may share personal data with the following categories of Service Provider:

• Infrastructure and IT service providers;

• Marketing, advertising, analysis, research, event and communications providers;

• Providers of services to us which assist us in providing the Services to you.

• In the course of providing such services, these Service Providers may have access to your personal data.  However, we will only provide our Service Providers with the information that is necessary for them to perform the services, they will act under our instructions and we ask them not to use your personal data for any other purpose.

• Third parties permitted by law.  In certain circumstances, we may be required to disclose or share your personal data in order to comply with a legal or regulatory obligation (for example, we may be required to disclose personal data to the police, regulators, government agencies or to judicial or administrative authorities). We may also disclose your personal data to third parties where disclosure is both legally permissible and necessary to protect or defend our rights, matters of national security, law enforcement, to enforce our agreements or protect your rights or those of the public.

• Your company and other third parties connected with your company or its account.  We may disclose your personal data to your company, such as when you are included on an email with others or to confirm your details or role with your company. We also may disclose your personal data to third parties connected with your company or its account, such as a consultant or other professional advisor. 

• Third parties connected with business transfers.  We may disclose your personal data to third parties in connection with a reorganisation, restructuring, merger, acquisition or transfer of assets, provided that the receiving party agrees to treat your personal data in a manner consistent with this Privacy Notice.

Where do we process your personal data?

In most instances personal data is processed in the UK or another jurisdiction within the European Economic Area (“EEA”). However, personal data may be transferred to, and stored at, a jurisdiction outside the EEA. We will take steps that are reasonably necessary to ensure that your personal data is treated in accordance with applicable data protection laws, including, where relevant, entering into EU standard contractual clauses (or equivalent measures) with the party outside the EEA receiving the personal data.

Security

We have implemented technical and organisational security measures to safeguard personal data in accordance with applicable data protection laws. Such measures include limiting access to personal data only to employees, contractors and authorised Service Providers who need to know such information for the purposes described in this Privacy Notice, training for our employees, as well as other technical, administrative and physical safeguards.

While we endeavour to always protect our systems, sites, operations and information against unauthorised access, use, modification and disclosure, due to the inherent nature of the Internet as an open global communications vehicle and other risk factors, we cannot guarantee that any information, during transmission or while stored on our systems, will be absolutely safe from intrusion by others.

Your Rights

You have various rights under data protection laws in relation to your personal data, which we have summarised below. If you wish to make a request to exercise any of your rights, please contact us using the contact details set out under “Contact Us” below.

Access. You may have the right to confirm with us whether your personal data is processed, and if it is, to request access to that personal data including the categories of personal data processed, the purpose of the processing and the recipients or categories of recipients. We do have to take into account the interests of others though, so this is not an absolute right.

Rectification. You may have the right to rectify inaccurate or incomplete personal data concerning you.

Deletion. You may have the right to ask us to erase personal data concerning you, except we are not obligated to do so if we need to retain such data in order to comply with a legal obligation or to establish, exercise or defend legal claims.

Restriction. In limited circumstances, you may have the right to request that we restrict processing of your personal data. This may apply where you believe such data to be inaccurate, our processing is unlawful or that we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not wish for us to delete it. In such case, we would mark stored personal data with the aim of limiting particular processing for particular purposes in accordance with your request, or otherwise restrict its processing.

Portability. You may have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that data to another entity.

Objection. Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data. This may include requesting human intervention in relation to an automated decision so that you can express your view and to contest the decision.

Withdrawing Consent. If we are processing your personal data on the basis of your consent, you have the right to withdraw your consent at any time.

Marketing: If you would like to opt out of receiving marketing messages from us, please contact us at the contact details set out under “Contact Us” below or by following the opt out/unsubscribe instructions in the email. Please note that if you opt out of or unsubscribe from receiving marketing messages from us, we may still contact you in connection with a continuing or ongoing relationship, activities, and communications with us.

Make a Complaint. You have the right to lodge a complaint with the local data protection authority, which for the UK is the Information Commissioner’s Office. For further information on how to make a complaint to the ICO, please see the ICO website (https://ico.org.uk/

Contact Us

If you have any questions about this Privacy Notice, about your personal data which is processed by us, or if you wish to exercise any of your rights in relation to your personal data that we process, please contact us at: [email protected] or by writing to us at:

Data Privacy Manager
Mathys & Squire LLP
The Shard
32 London Bridge Street
London SE1 9SG

Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any changes to this Privacy Notice will be posted on this page, and where appropriate, you will be notified of any material changes.

This Privacy Notice was last updated on 23 May 2018.