This Statement is only applicable for data subjects in Hong Kong who provide personal data to us, whether by visiting this website, using our services or otherwise.
We, Mishcon de Reya, respect your rights to data protection and privacy and we will protect your personal data as a core value and principle of our practice. We recognise our responsibilities in relation to the collection, holding, processing, use or transfer of personal data under the Personal Data (Privacy) Ordinance (Cap. 486) (“PDPO”).
This Statement informs you:
- of the purpose for which your personal data (“Personal Data”) collected by us in connection with your use of this website, our services or in any other manner will be used following collection;
- to whom your Personal Data will be transferred; and
- to whom you may address Personal Data access or correction requests.
Types of Personal Data we collect
The categories and types of Personal Data that we may collect include without limitation:
- IP addresses or other unique device identifiers;
- names and aliases;
- email addresses, telephone numbers and other contact information;
- residential addresses, office addresses or other addresses;
- country of nationality, citizenship or other residency statuses;
- photographs, visual images or other audio or visual recordings or other audio and visual information;
- age, gender, race, sexual orientation, marital status or other demographic information;
- medical information, biometric data or other health information;
- credit history, credit data and other financial information;
- employment records, travel history or other professional and educational information; or
- stated interests, your preferences for our marketing materials (if requested by you) or other preferences and communications.
It is voluntary for you to provide the Personal Data we have requested. However, failure to receive the Personal Data from you may result in us being unable to provide effective legal services to you or engaging you as a client.
You must ensure that all information provided to us is accurate, complete and up-to-date. Personal Data you provide that is inaccurate or incomplete may adversely affect how we engage with you in the course of our business.
We may also obtain your Personal Data in the course of providing you with our legal services or conducting our business, including from other publicly available sources (such as media providers, LinkedIn and similar social media platforms, and public registries).
Purpose and Use
We may collect, hold, process, transfer and use your Personal Data for any of the following purposes:
- to provide legal services to clients or prospective clients;
- to engage and register you (or the relevant entity) as a client of our firm;
- to review and process your job application, if you have applied for employment with us;
- to process payments, billing and collection;
- to manage access to our premises and for security purposes;
- to protect the security of our communications and other systems;
- to collect information about your preferences to improve the quality of our services and our communications with you;
- to request you to act as a referee for our firm in professional surveys or directories;
- to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
- to comply with legal and regulatory obligations (including anti-money laundering obligations);
- for insurance purposes;
- to record and monitor your use of our website or our other services for our business purposes (including without limitation analysis of usage, measurement of site performance and generation of marketing reports);
- for legitimate business interests and purposes (including without limitation risk management, client relationship management, credit control management, business research and analysis, and other business purposes);
- to prevent and respond to actual or potential security threats, fraud or illegal activities;
- to review and respond to any complaints or queries you may have;
- for providing you (or where appropriate anyone for whom you act) with information in relation to us and our legal services; and
- for other directly related matters in the conduct of our business.
If we provide services or interact with you in the course of your employment, office or engagement with a company or business entity, we may provide you information about us and our services to you in that capacity and for the use of that company or business entity. If you do not want us to use your Personal Data for the purposes mentioned in this paragraph, you may contact using the details at the end of this Statement stating your decision.
Your Personal Data will generally be kept confidential and will not be disclosed to any other person without your consent, except for the purposes notified in this Statement for which your Personal Data was collected or if we are required to do so by applicable laws, regulations or professional rules of conduct. We do not sell Personal Data you provide to us to any third-party.
Personal Data collected by us may not be used for other purposes, unless:
- you have expressly given your consent to the use for the relevant other purposes;
- the purpose is directly related to the purpose for which the Personal Data was collected; or
- we are permitted to use the Personal Data for other purposes arising from an exemption or otherwise in accordance with applicable law and regulation.
We may use anonymous, de-identified, or aggregate information that does not reasonably identify you for any purpose, as permitted by applicable law.
We may transfer your Personal Data to:
- our employees, partners and officers;
- any other entity that is controlled by Mishcon de Reya and their employees and officers;
- any other branch, associated firm or office of Mishcon de Reya (including without limitation Karas LLP);
- our insurers, bankers, auditors and external legal and financial advisors;
- other service providers, suppliers, business partners and sub-contractors engaged by us in connection with the operation of our business such as:
- administrative service providers;
- human resources providers;
- telecommunications providers;
- IT services and software suppliers;
- data analytics providers;
- data entry and processing service providers; and
- cloud service providers;
- barristers, solicitors, other legal representatives, experts and other service providers engaged in a matter in which we are acting, which may include foreign law firms;
- directories for ranking of professionals;
- any professional body, regulator, or government body to whom Mishcon de Reya is under an obligation or otherwise required to make disclosure under the requirements of any applicable law or regulation or as a matter of proper professional practice;
- any enforcement authority to whom Mishcon de Reya believes it appropriate to make disclosure;
- persons or companies seeking references in respect of you, provided you have given your prescribed consent;
- business contacts of Mishcon de Reya in the course of performing our legal services for you (including marketing and business development activities);
- companies providing services for anti-money laundering and terrorist financing checks, credit risk reduction and other fraud and crime prevention purposes;
- debt collection agencies or other debt recovery service providers; and
- any actual or proposed assignee of Mishcon de Reya or transferee of Mishcon de Reya’s rights in respect of the client or any firm of solicitors or other law firm which takes over, or is negotiating the takeover of, the business of Mishcon de Reya or into which Mishcon de Reya is merged.
Some persons to whom we transfer your Personal Data may be located outside Hong Kong, in locations that may not have in place data protection laws which are substantially similar to Hong Kong, and this may mean your Personal Data may not be protected to the same or similar level as that in Hong Kong.
Access and Correction
You have a right to:
- request a copy of your Personal Data held by us, unless we are exempted from complying with a data access request; and
- request for us to make necessary corrections in respect of any Personal Data that you consider inaccurate after we have fulfilled a data access request from you. We may refuse a data correction request if we believe the Personal Data is accurate, an expression of opinion or the proposed correction is inaccurate.
If you wish to access or correct your Personal Data, please contact our Data Protection Officer by email at firstname.lastname@example.org
In accordance with the terms of the PDPO, we reserve the right to charge a reasonable fee for the processing of any access or correction request.
This Statement is intended to notify you of key points about your Personal Data which is collected by us (whether through your use of our website, our services or otherwise).
Our website, our communications or our provision of services may include integrated content or links to content provided by third parties (such as video materials). This Statement does not address the privacy, security, or other practices of the third parties that provide such content.
We may revise this Statement by amending this page at any time. You should check this Statement from time to time to take notice of any changes that we may make.
Please visit the website of the Privacy Commission for Personal Data, Hong Kong (pcpd.org.hk) for more information about personal data privacy in Hong Kong.
“Mishcon de Reya”, “we”, “our” or “us” refer to the United Kingdom solicitors firm of Mishcon de Reya LLP and any other branch or associated firm or office of Mishcon de Reya LLP (including without limitation Karas LLP). Mishcon de Reya is the data user.