1. Client Data

We may collect, process and disclose personal data relating to clients and counterparties and their personnel in the following circumstances:

1. For the legitimate interest of the provision of our services including instructing and liaising with professional service providers in relation to matters that we are handling, or because we need to liaise with a counterparty on a matter in which we are working upon.
2. To collect our fees or costs.
3. In providing information on our services that we consider may be relevant
4. Identifying where we may make improvements in service delivery.
5. In order to comply with our obligations to check the identity of our service providers in compliance with anti-money laundering law and regulations.
6. Where required by our insurers and other regulatory authorities.

2. Business Contacts

We may process personal data such as name, email address, job title, telephone number, area of business, job role, jurisdiction, language, seniority and other business contact information in the administration and operation of our legal services for legitimate business purposes such as:

1. Making contact details available to our personnel.
2. Performing analytics – such as trends, business intelligence, marketing effectiveness, uptake and progress.

Any personal data processed for the above purposes will be retained for no longer than is necessary for those purposes

If a business contact requests to be forgotten their contact details will be deleted. If a business contact opts out of receiving marketing materials their details will still be retained (as we may still be in contact) but marketing materials will no longer be sent to them.

3. Suppliers

Personal data, including name, email address, telephone number and other business contact information is collected.

1. To receive services from our suppliers – we will use and disclose personal data in such manner as we believe is reasonably necessary to receive and to review the provision of those services from suppliers.
2. To provide services to clients – if a supplier is assisting us in delivering services to our clients we will process personal data to manage that relationship.
3. To agree payment arrangements with our suppliers, and to make payments to them.

Our legal basis for such processing is the performance of the supplier contract.

A general retention period of seven years (after the supplier relationship ends) will be applied unless there are any legal and or regulatory exceptions which require documentation to be held for longer periods. If you require further information please contact us.

4. Website

Personal data will be collected from visitors to our website such as the time and date of your visit, the pages you visit and your physical location when visiting them, and other more specific details like your IP address, the links you click and the route you take through the website, and your information if you report a problem with our website. This is in our legitimate interest to improve our website offerings and enhance your online visit to us.

We share this data with our client relationship and e-marketing management system providers. They may process this data only for the purpose of providing us with their services.

We use cookies on our website. Cookies are small files which are stored on a computer. They have designed to hold a small amount of data specific to a user and website and they help to deliver content tailored to a particular user. You can access our Cookie Policy here.

5. Links to Third Party Websites

Our website may contain links to other websites. We are not responsible for the privacy practices or the content of such other websites. If you link to or visit another website, please review the privacy statement for that website.

6. Security of your Data

We use industry standard security measures to protect your information and to prevent the loss, misuse or alteration of any information in our control. All our personnel are subject to strict confidentiality obligations. However, as effective as modern security practices are, no security system is entirely secure and we cannot guarantee the security of your information. If you would like to raise a security issue with our team, please email dpo@mastercroff.me.

7. Transfers of personal data to non-EEA countries

We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights in accordance with Applicable Data Protection Law as defined as follows:- (i) the General Data Protection Regulation (2016/679) (“GDPR”), including any EFTA or Member State law made under or pursuant to the GDPR, (ii) the GDPR as saved into United Kingdom law by virtue of section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 and the Data Protection Act 2018 (“UK Data Protection Law”), (iii) the Swiss Federal Data Protection Act of 19 June 1992 and its corresponding ordinances ("Swiss DPA"), (iv) the Brazilian General Data Protection Law (Federal Law 13.709/2018) (“LGPD”), and (v) the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq. (“CCPA”) (collectively, “Applicable Data Protection Law”).

This may be because you have instructed us or where we enter into standard European Commission approved data protection contracts. Remote access to our systems is on authorised devices only and appropriate technical safeguards are applied to protect personal data.

8. Your rights in relation to your personal data

Under certain circumstances you may:

• Request access to copies of the personal data we hold about you and further information in relation to its processing, or else request that such information be supplemented, updated or rectified.
• Request erasure, anonymisation or blocking of your personal data that is processed in breach of the law.
• Object on legitimate grounds to the processing of your personal data. In certain circumstances we may not be able to stop using your personal data; if that is the case, we’ll let you know why.
• Withdraw your consent – when personal data is processed on the basis of consent you may withdraw consent at any time. This does not affect the lawfulness of processing which took place prior to its withdrawal. In the event that you no longer want to receive any marketing material from us, please use the unsubscribe option (which is in all of our marketing emails to you), or contact us.

To exercise such rights (other than withdrawing from marketing emails) please contact dpo@mastercroff.me.

9. Changes to our Privacy Statement

We may change this Privacy Statement from time to time. If we make changes, they will be posted here so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it.

Each time you use this website the then current Privacy Statement will apply and you should review it each time you use the website to satisfy yourself that you are happy with it.