Purpose and scope
Marks & Clerk LLP, any entity trading under the name Marks & Clerk and associated entities (“the firm”) is committed to the protection of personal data (data relating to an identified or identifiable individual) and to fair and transparent processing of this data. This privacy notice sets out how and why the firm collects and processes personal data in the course of its business. It applies to personal data provided directly to the firm by the individuals concerned, other companies and/or organisations.
Marks & Clerk is an international firm, and any information that we collect or that you provide to us may be shared and processed by any Marks & Clerk entity where relevant and necessary. You can find out more about the Marks & Clerk entities and locations here. Note that Marks & Clerk Malaysia and Marks & Clerk Singapore have additional country-specific privacy notices and policies, which can be seen on the relevant firm pages. The current privacy notice also applies to these firms unless this is in conflict with a country-specific privacy notice.
What personal data does the firm collect and how is it used?
The firm collects personal data only to the extent necessary to provide services to its clients and for other agreed purposes. The categories of data we process may include name, contact details, personal identification (such as copies of your passport), and financial information.
We may obtain this personal data from you directly or from third parties, such as credit reference agencies, regulatory or professional bodies. Note that third parties which we use may hold and process additional personal data, including special category personal data, but we do not hold or process such additional personal data ourselves.
Such personal data may be used for the following:
- Identification and provision of professional services – the firm may have to process personal data in order to perform such services and/or provide advice and deliverables to its clients.
- Managing, administering and developing the business – the firm processes personal data in order to manage relationships with clients; develop business and services; maintain and develop IT systems; manage and host events; and to administer and manage the firm’s website, systems and applications.
- Quality and risk management, and security – the firm uses various measures to protect personal data and other client information, which includes monitoring the services provided to clients to detect, investigate and resolve security threats. Such monitoring may involve processing personal data, for example the automatic scanning of email correspondence for threats.
- Providing information about services to clients – unless the relevant individual has opted-out, the firm may use client business contact details to provide information about its services, and activities and events that may be of interest.
- Compliance with legal obligations – the firm may be required to process and/or retain personal data to fulfil its legal obligations.
In processing your personal data for these purposes, we will rely on one of the following grounds for processing:
- where it is necessary for the performance of a contract with you or the organisation you work for;
- where it is necessary in connection with a legal obligation;
- If we have a legitimate interest which is not overridden by your interests or your rights and freedoms. Such legitimate interests include the provision of our services and the running of our firm's business; or
- in specific circumstances only, where you have given your consent or the organisation you work for has obtained your consent.
Personal data and third parties
The firm will only share personal data with third parties where it is appropriate to do so for the performance of its services and where it is legally permitted to do so. The firm will not provide information to third parties for their own marketing purposes. The third parties we may share your personal data with include:
- our IT service providers – to assist in the performance of the services we provide;
- other service providers who enable us to provide services to you; and
- where necessary with our regulators, government agencies or other third parties – in accordance with our legal compliance requirements.
Personal data may also be shared within the firm, including between separate Marks & Clerk entities.
Where the firm transfers personal data to third parties, it will put in place appropriate contractual arrangements and seek to ensure that there are appropriate technical and organisational measures in place to protect personal data.
International transfers of personal data
In the course of running our business and providing services to clients the firm may transfer personal data within the firm to countries outside the EEA or to third parties located in other countries. This may include names and addresses of inventors; where the inventor themself is not a client of the firm, then it is the responsibility of the client to advise the inventor that such transfers may take place.
Any transfer of your data will be subject to appropriate contractual protections to safeguard your privacy rights.
The firm will only store personal data for as long as necessary for the purposes for which it was collected, or as required by law.
Unless there are any overriding legal, regulatory or contractual requirements, the firm will retain records of services provided (which may include personal data) in accordance with the firm’s document retention policy.
For further information in relation to our retention of your personal data, please contact us at email@example.com.
You have rights in relation to any of your personal data held by the firm, which are set out below. Should you wish to exercise your rights, please contact the firm’s Data Protection Coordinator via email at firstname.lastname@example.org. The firm will endeavour to respond to any request promptly and within any legally required time limit.
The right to access information we hold about you
At any point you can contact us to request that the information we hold about you as well as why we have that information, who has access to the information and where we got the information.
The right to correct and update the information we hold about you
If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated.
The right to have your information erased
If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted.
The right to object to processing of your data
You have the right to request that we stop processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your data to comply with your other rights.
The right to ask us to stop contacting you with direct marketing
You have the right to request that we stop contacting you with direct marketing. In order to process your request we may need to verify your identity for your security.
The right to data portability
You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.
The right to withdraw consent
If we rely on your consent for processing your personal data, you have the right to withdraw your consent for the processing of this data.
The firm’s Data Protection Coordinator is responsible for ensuring that this notice is made available to data subjects prior to the firm collecting, processing and storing their personal data.
In the event that you wish to make a complaint about the processing of your personal data by the firm, you should contact the firm’s Data Protection Coordinator at: email@example.com.
You also have the right to make a complaint about the processing of your data to the Information Commissioners Office (in respect of UK-based entities), or to equivalent supervisory authorities in other jurisdictions. For further information please visit: www.ico.org.uk.