Mayer Brown is a global legal services provider and we are committed to respecting your data privacy. We act in accordance with applicable data privacy laws when collecting and using personal information provided to us, or which we have obtained from your visits to our websites and use of our online services.
This Privacy Notice explains our information practices in relation to personal information. If you have any further queries, there are a number of regional contacts listed below who can assist.
If you are a client of Mayer Brown, you should read this notice together with our terms of business.
When This Notice Applies
This Privacy Notice explains how we manage personal information that we obtain:
- in the course of carrying out business intake procedures;
- from or about individuals who are our clients;
- from or about individuals in the course of providing legal services to our clients;
- from or about individuals in the course of operating our business generally, including marketing data and data from digital initiatives.
If you are a partner of or work for Mayer Brown or are applying for a position at Mayer Brown, you should consult the data privacy information provided to you in connection with your role. If you are applying for a position at Mayer Brown you can find relevant information about how we handle your personal information on the recruitment pages of our website.
A summary of the personal information we may collect from California residents may be found here.
How we collect personal information and the types of personal information
The personal information we may directly collect from you will depend on the nature of your interactions with Mayer Brown and whether you:
- have engaged our legal services,
- are recipient of our marketing communications or attend events,
- have interacted with Mayer Brown’s websites, similar technologies or your interactions involve the use of relationship insight tools,
- have a connection to a member of our personnel;
- or have a vendor relationship or similar with Mayer Brown.
In addition, we may collect personal information about you from third parties. Third parties may include but are not limited to instructing clients (where your information forms part of a client matter) and providers of verification services for client onboarding. We may monitor your use and interactions with our websites, marketing we send and communications between you and Mayer Brown.
Depending on the circumstances, the types of personal information collected by Mayer Brown may include:
- Basic details such as your name, contact details, job title and the name of your employer,
- Financial information such as billing addresses, bank accounts and payment information,
- Identification, background verification information, evidence of ownership or source of funds collected for business acceptance purposes and anti-money laundering requirements,
- Special categories of data such as race, ethnicity, trade union membership, information about health or information about your political, religious or philosophical beliefs,
- Information that relates to criminal matters,
- Information that relates to children (although Mayer Brown does not target children when offering legal services),
- Photographic, audio and video content (which can include CCTV footage if you visit our premises),
- Information that you have provided in relation to marketing preferences, registering for events and meetings (which may include access and dietary requirements);
- Information relating to your website usage and technical data that is collected through tracking technologies and relationship insight tools; and
- And any other information relating to you that you or others may provide.
Purposes for which we use your personal information
We will only use your personal information when the law allows us to do so. Most commonly we will use your personal information in the following circumstances, where permitted:
- when we need to perform a contract we are about to or have entered into with you;
- when we need to do so to comply with a legal obligation;
- where permitted by law, when it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
- when it is necessary to establish, exercise or defend legal claims;
- if you have already made the information public; or
- if you have given your consent.
We may rely on more than one circumstance for a particular category of personal information.
To the extent permitted by law, the particular legitimate interests upon which we rely in processing your personal information include the following:
For the purposes of carrying out business intake procedures: this will include using and/or obtaining information for the purposes of carrying out anti-money laundering, conflict and other business intake searches.
For providing legal advice to our clients: the information may include contact data, data concerning your employment or business activities and any other data relevant to the transaction, litigation or other matter upon which we are advising. Where necessary (such as in employment or pensions work) and, permitted by law, that data may include ‘special categories’ of personal information such as that relating to health.
For the purposes of marketing our services: we may use information about you for the purposes of promoting our business, if you request information about our services or indicate that you have an interest in receiving communications on legal topics, respond to invitations to events, or comment on our blogs or social networks. Based on that information, we may also identify further products, services, legal topics and events about which you may wish to know more.
You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking the appropriate boxes on the forms we use to collect your data. You can also exercise that right at any time by contacting us as set out below. For information about our use of relationship insight tools, please see Use of Online Identification Technologies and Relationship Insight Tools below.
For the functioning of our business and its operations: we may use your personal information in the course of operating our business, including the management of our relationships with third party suppliers, dealing with our insurance arrangements, facilitating a business sale, acquisition or restructuring or for seeking external legal advice.
For the purposes of operating our alumni website: we may use information we already hold about you and information you provide when you register on the website, or provide in response to subsequent requests for information, or during your use of the site. We will use this information to improve the site, communicate with you on alumni matters, send you marketing materials, make you aware of potentially interesting job opportunities, and analyze client and prospective client relationships. We will share your information with other alumni only to the extent that you agree.
Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will only do so if legally permitted to do so and with appropriate notice (or consent, if required by law).
If you wish to understand more about the basis upon we are using your data please contact us as set out below.
Transferring and Sharing Your Information
Mayer Brown is a global organization. Your personal information is stored on servers located in different countries, and your personal information may be processed by Mayer Brown worldwide for business or administrative purposes. Information held in hard copy is stored onsite or at secure locations. The types of personal information involved and uses include those detailed above where appropriate.
Within Mayer Brown, we may transfer personal information outside of the United Kingdom (‘UK’), European Economic Area ("EEA") or outside of a jurisdiction where you are located. When we transfer personal information from our offices in the UK and EEA to our offices outside of the UK or EEA or the jurisdiction where you are located, we do so under a Personal Data Transfer Agreement that conforms to UK and European data privacy law, using Standard Contractual Clauses, or to applicable law in the jurisdiction where you are located.
We may provide personal information to third parties that perform operational services for us solely for our use and benefit or professional advisors (such as barristers and local counsel) and service providers (such as document review platforms) in order for them to perform services on behalf of a client with their consent. We will only transfer your personal information in these circumstances where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required. On occasion, Mayer Brown may be required by law to disclose personal information by a regulator, court or authority. Where necessary and with appropriate safeguards, Mayer Brown may also need to disclose information to its professional advisors (e.g. legal and financial advisors), bankers, auditors, insurers and insurance brokers.
Identity Access Management
Some employees and contractors of Mayer Brown who use firm-issued devices can choose to enable certain features that use personal and/or biometric information, securely stored on their devices. This information is stored securely on their devices while they use these features, and is deleted with a reasonable time after their departure from the firm, not to exceed 3 years in any event.
Online Identification Technologies
Use of Online Identification Technologies and Relationship Insight Tools
If your contact details are held in our marketing database, Mayer Brown may use relationship insight tools which collect aggregate information about your interactions with us via emails, outlook calendar invitations, business development activities and other interactions for business development purposes. These relationship insight tools allow us to keep your contact details and profile up-to-date and to gain an understanding of the extent of your relationship with others within Mayer Brown. Your marketing insight information is stored securely in the US and held in accordance with our retention policies. The lawful basis for processing your information, where this is required to be demonstrated, is legitimate interests for marketing purposes, understanding relationships and keeping information up-to-date.
If you would prefer us not to use relationship insight tools in relation to your profile, please email ContactEdits@mayerbrown.com or use the ‘private’ tag in emails. Please update us if your contact details change.
Confidentiality and Security
We take reasonable precautions to ensure that your personal information remains confidential and have put in place appropriate security measures to protect your personal information. We will limit access to those who have a business need to know; they will only process your personal information on our instructions and subject to a duty of confidentiality.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.
How Long do we Keep Your Personal Information?
Mayer Brown has document retention and destruction practices relating to data which differ according to the geographical region, practice area/business support team, the nature of the information, its format and type of documentation.
In determining the appropriate retention period for personal information we consider such factors as the nature of the information, the purposes for which the data is retained, appropriate security measures, relevant technical constraints and applicable legal requirements.
Please contact us if you want further information about our record retention policies.
Data Privacy Enquiries and Access to Information
If you believe the information we hold is inaccurate or no longer current, please contact us so that we can remove or correct the information as appropriate.
If you are in the United Kingdom, European Union or your personal information is processed by us in the United Kingdom or European Union, Hong Kong, UAE (DIFC), Mexico, Singapore, Japan, Brazil or China the applicable data protection legislation gives you rights to access information held about you.
How to Exercise Your Data Privacy Rights
If you wish to exercise your data privacy rights, make a complaint, ask a question or make a suggestion, please see the section headed "How to Contact Us" below.
Data Controllers, Regulatory and Contact Information
Mayer Brown is a global services provider comprising legal practices that are separate entities, including Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated (collectively the "Mayer Brown Practices"), and affiliated non-legal service providers, which provide consultancy services (the "Mayer Brown Consultancies"). The Mayer Brown Practices and Mayer Brown Consultancies are established in various jurisdictions and may be a legal person or a partnership. Details of the individual Mayer Brown Practices and Mayer Brown Consultancies can be found in the Legal Notices. Any legacy data transferred to a successor Mayer Brown Practice or Mayer Brown Consultancy will also be treated in accordance with this Privacy Notice.
Mayer Brown Practices and Mayer Brown Consultancies act as data controllers. Further information about data protection contacts including (where applicable), Data Protection Officers and representative offices for the purposes of Article 27 of GDPR are listed here.
Details of relevant data protection authorities are listed by each office in the Legal Notices. If you have a complaint about our handling of your personal data, we would appreciate the opportunity to deal with your concerns before you approach the regulator.
Changes to Our Privacy Notice
We may change our Privacy Notice from time to time. Any changes will be posted to this page. You should check this website periodically.
How to Contact Us
This Privacy Notice was drafted with brevity and clarity in mind. We are very happy to assist with any further queries. You may contact our privacy team directly by emailing firstname.lastname@example.org or use the contact details provided here.