MFB Privacy Notice
MFB is committed to protecting the privacy and security of the personal information that we receive from our clients and process on their behalf, and intend such processing to be open and transparent.
This Privacy Notice ("Notice"), sets out the types of personal information we collect, how we collect and process it, who we may share it with and certain rights and options that you have.
For the purposes of this policy, "you means you personally, and also includes your company, firm or organisation, and may include your colleagues and staff.
Who is responsible for your personal data?
MFB is responsible for your personal data.
Personal data we collect
We may collect and process the following personal data from you:
- Identity and Contact Data, including your name, address, telephone number, date of birth, marital status, passport number, employment history, educational or professional background, tax status, job title and function, and other personal data concerning your preferences relevant to our services;
- Financial and Payment Data, including your bank account and other data necessary for processing payments and fraud prevention, including credit/debit card numbers, and other related billing information;
- Business Information, including information provided in the course of the relationship between you and MFB, or otherwise voluntarily provided by you;
- Physical Access Data, meaning details of your visits to our office;
- Sensitive personal data: We may represent you in matters that involve us collecting and using sensitive personal information relating to you.
For example, in employment disputes involving alleged discrimination, information about medical conditions, race, religion and/or sexual orientation may be relevant.
Where we process sensitive personal information in the course of our services, we do so to assist you to protect, establish, exercise or defend legal rights.
Information about other people
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our external service providers, to use it.
How do we collect your personal data?
We may collect personal data about you:
- when you seek legal advice from us;
- when you offer to provide, or provide, services to us;
- when you correspond with us by whatever means, or when you provide other information to us;
- when you browse or otherwise interact on our website;
- when you attend our seminars or other events;
- by making enquiries from you, or other organisations with whom you have dealings such as former employers and educational institutions, or from third party sources such as government agencies, a credit reporting agency, information service providers or from publicly available records.
If you fail to provide personal data
Where we need to collect personal data by law or in order to handle your instructions or perform a contract between us and you fail to provide that data, we may not be able to carry out your instructions or perform the contract. In this case, we may have to cancel our engagement with you, but we will notify you if this is the case.
How will we use your personal data?
We may use your personal data only for the following purposes:
1. to register you as a client of MFB;
2. to provide legal services or other services or solutions, as instructed by you;
3. to manage our relationship with you, including processing payments, accounting, auditing, billing and collection and taking other steps linked to the performance of our business relationship including identifying persons authorised to represent our clients, suppliers or service providers;
4. to carry out background checks;
5. compliance with our legal obligations, including maintaining records, compliance checks or screening and recording (e.g. anti-money laundering, financial and credit checks, fraud and crime prevention and detection, trade sanctions and embargo laws). This may include contacting you to confirm your identity, or making records of our communications with you for compliance purposes;
6. to improve our services and communications and to monitor compliance with our policies and standards;
7. to manage access to our premises and for security purposes;
8. to protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
9. for insurance purposes;
10. to process applications for employment;
11. to exercise or defend our legal rights, or to comply with court orders;
12. for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us;
13. to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our services and events; and
14. to collect information about your preferences to personalise and improve the quality of our communications with you.
We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
- because it is necessary for us to do so to perform your instructions or another contract with you;
- to comply with our legal obligations and to keep records of our compliance processes or tax records;
- because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
- because you have expressly given us your consent to process your personal data in that manner.
We will only provide you with marketing-related information after you have, where legally required to do so, opted in to receive those communications and having provided the opportunity for you to opt out at any time.
We will not use your personal data for taking automated decisions and we will never sell your personal data to another person.
Disclosure of your personal data
We may share your personal data:
- with third parties including service providers we have retained in connection with the legal services we provide, such as barristers, consultants, mediators, or experts and other legal specialists such as law firms for obtaining specialist or foreign legal advice, translators, couriers, or others we consider necessary or appropriate;
- if we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
- on a confidential basis with third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve and promote our services;
- with companies providing services for money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such personal data is shared;
- with courts, law enforcement authorities, regulators, government officials or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a claim, or for the purposes of an alternative dispute resolution process;
- with service providers who we engage within or outside of MFB, domestically or abroad, e.g. shared service centres, to process personal data for any of the purposes listed above on our behalf and in accordance with our instructions only.
Information we transfer
When we transfer your information to other countries, we will use, share and safeguard that information as described in this Notice. To provide legal and other services, we may transfer the personal information we collect to countries outside the EEA which do not provide the same level of data protection as the United Kingdom and are not recognised by the European Commission as providing an adequate level of data protection. We only transfer personal information to these countries when it is necessary for the services we provide you, or it is necessary for the establishment, exercise or defence of legal claims or subject to safeguards that assure the protection of your personal information.
Security of your personal data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Updating personal data about you
If any of the personal data that you have provided to us changes, for example if you change your email address or if you wish to cancel any request you have made of us, or if you become aware we have any inaccurate personal data about you, please let us know. We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
You have various rights with respect to our use of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. There are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
- Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us.
- Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Erasure: You have the right to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority, or to seek a remedy through the courts.
You may, at any time, exercise any of the above rights, by contacting us together with a proof of your identity.
Right to withdraw consent
If you have provided your consent to the collection, processing and transfer of your personal data, you have the right to fully or partly withdraw your consent. To withdraw your consent please contact us.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any continuing legal, accounting, or reporting requirements and where required for MFB to assert or defend against legal claims.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you want to learn more about our specific retention periods for your personal data established in our retention policy you may contact us.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
Changes to our Privacy Notice
We may update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our Notice.
If you have any questions, comments and requests regarding this Notice please contact us.
- would like to access the personal information we hold about you;
- believe that information we hold about you is incorrect; or
- have any questions in relation to the information concerning privacy and personal information;
then we ask that you contact us and we will take reasonable steps to resolve those concerns as soon as practicable. In some cases we may not be able to give you access to personal information we hold regarding you if making such a disclosure would breach our legal obligations to our client or if prevented by any applicable law or regulation.