This policy is maintained by Adam Rose and Michele Morgan. Last reviewed in March 2024.
We respect your rights to data protection and privacy
This notice only applies to the processing of personal data directly provided by you or collected as a result of visiting this website. If we process your personal data in a different context or circumstances (for instance if you instruct us and become our client), a separate notice will apply.
Who are we?
We are Mishcon de Reya LLP, a limited liability partnership, incorporated in England (number OC399969), whose registered office is at Africa House, 70 Kingsway, London, WC2B 6AH. We are a body corporate which has members rather than partners. We are authorised and regulated by the Solicitors Regulation Authority under SRA number 624547. We also operate a Singapore branch office under licence from the Legal Services Regulatory Authority, licence number LSRA/FLP/ 2020/00001.
We are committed to protecting the privacy of our users. Where we refer to "data protection law", we primarily mean the UK GDPR, the EU GDPR, the Data Protection Act 2018 and the Singapore Personal Data Protection Act 2012, as appropriate.
For the purposes of data protection law, when we process personal data, we ordinarily do so as a controller (we are registered as a fee-payer with the Information Commissioner under registration number ZA144945).
What personal data do we collect?
As a result of your visiting this website, we may collect or otherwise process your personal data in the following ways:
- When you provide your personal data on a contact form.
- When you contact us by other means, such as email, telephone or fax
- In the form of information provided by your web browser, through the use of cookies or similar software (for details about our use of such software, please see our Cookies page)
What is our basis for processing your personal data?
Any personal data that you give to us may be retained by us to provide a requested service, or for our legitimate interests as a business. You do not have to give us any of your personal data in order to use most of the website or associated online systems. However, if you wish to take advantage of some of the more special personalised services that we offer on our website, you will need to provide certain information.
In general, our legal basis for processing your personal data is that it is in our legitimate interests (and, indeed, in some cases, yours) to do so, although we would refrain from doing so if our legitimate interests were overridden by your interests or fundamental rights and freedoms. We have an interest in operating our business in the most customer-focused and professional way, and our processing of your personal data is done in accordance with this.
Who might access or receive your personal data?
Recipients of personal data provided as a result of your visiting this website will generally only consist of our employees. In certain circumstances we may be compelled to provide information we hold to third parties, such as regulatory or law enforcement bodies. We would only do so in compliance with the law, and where strictly necessary.
Marketing
As a result of your providing requests for services or updates, we may occasionally send you those mailings which you have requested or, in accordance with marketing laws, which we feel may interest you and/or are relevant to your practice/work. Such mailings may include details of our products and services, newsletters, briefing notes and legal updates and invitations to our various training seminars and other events. We will not send you such marketing unless you have asked to receive it, and we will always offer you the option to opt out of any future marketing (please note that the situation might be different if you subsequently become one of our clients).
General
For the purposes of the processing of personal data in the context of the offering of goods or services to those in the European Union, under Article 3(2) of GDPR, we have designated, in line with our obligations under Article 27 of the GDPR, a representative in the Union. This is Mishcon de Reya IP B.V., of Prinsenkade 9D, 4811 VB Breda, The Netherlands (email address: gdpreu@mishcon.com).
We do not intend to transfer your personal data provided or collected as a result of visiting our website outside of the UK but, if we must, we will only do so in line with our obligations under Chapter V of the UK GDPR, or Chapter V of the GDPR (as appropriate). Where the transfer is to a recipient in a country which does not have an adequacy decision under Article 45 of the UK GDPR or Article 45 of the GDPR (as appropriate), we will rely on standard contractual clauses (with supplementary measures where appropriate) under Article 46(2)(c) of the UK GDPR or Article 46(2)(c) of the GPDR (as appropriate), or an appropriate derogation under Article 49 of the UK GDPR or Article 49 of the GDPR (as appropriate).
We do not make automated decisions, as referred to in Article 22 of the UK GDPR and Article 22 of the GDPR.
Your rights
If you wish to make a subject access request at any time, please email us on DSAR@mishcon.com and your request will be dealt with expeditiously.
You also have the right, in certain circumstances:
- to request from us rectification or erasure of personal data;
- to request from us restriction of processing concerning you;
- to object to our processing of the data;
- to data portability; and
- to complain to the Information Commissioner's Office (or, in some circumstances, a supervisory authority in an EU member state) about the manner in which we process your personal data.
Contacting us about your information
If you have any questions or concerns regarding your personal data or how it is used, please contact us.
To help us keep your personal data up-to-date, you should let us know should any of your contact details change, or if you notice any inaccuracies in them. You can do this directly via email. From time to time we may contact you to confirm that the data we hold for you is correct.
Explanatory note: this Privacy Notice is in place to inform you, in line with our general obligations, and in particular in line with Article 13 of the UK GDPR, of the processing by us of your personal data. It isn't a contractual document, so we don't ask you to "agree" to it, or claim that by reading it you are taken to have agreed to it.
Please note that where we are offering goods or services to individuals in the European Union we will also be subject to the GDPR itself (not just the UK GDPR). In those cases you would also have the right to make a complaint, under Article 77, to another GDPR supervisory authority. Also in those cases, we have designated a representative, under Article 27(1) of the GDPR. This is Mishcon de Reya IP B.V., of Prinsenkade 9D, 4811 VB Breda, The Netherlands, who can be contacted at gdpreu@mishcon.com.