Mishcon de Reya page structure
Site header
Menu
Main content section
blurred class

Privacy

This notice applies where Mishcon process your personal data when we are onboarding you as a client, instructed or otherwise engaged to provide you with our services. If we process your personal data in a different context or circumstance, a separate notice will apply. To view our privacy notice for website visitors, please see here.

We are Mishcon de Reya LLP, a limited liability partnership, incorporated in England (number OC399969), whose registered office is at Africa House, 70 Kingsway, London, WC2B 6AH. We are a body corporate which has members rather than partners. We are authorised and regulated by the Solicitors Regulation Authority under SRA number 624547. We have offices in Cambridge and Oxford. We also operate a Singapore branch office under licence from the Legal Services Regulatory Authority, licence number LSRA/FLP/ 2020/00001. We also operate in Hong Kong via an association with the law firm Karas So LLP. We also wholly own subsidiary operations companies including Mishcon Group (Operations) Limited and Lawton Operations Private Limited, which provide non-fee earning support across our offices. References in this policy to "us", "we", "our" and "Mishcon" are references to all offices, subsidiaries, and trading names under which we operate.

We are committed to protecting the privacy of our users. Where we refer to "data protection law", we primarily mean the UK GDPR, the EU GDPR, the Data Protection Act 2018 and the Singapore Personal Data Protection Act 2012, as appropriate.

lf you have any questions about this notice, including any requests to exercise your legal rights, please contact us at CRM@mishcon.com or by writing to the address set out above. This notice was last updated on 3 November 2025. This notice may be updated from time to time.

How do you use my data?

Any personal data that you give to us may be retained by us to provide a requested service, or for our legitimate interests as a business. In general, our legal basis for processing your personal data is that it is in our legitimate interests (and, indeed, in some cases, yours) to do so, although we would refrain from doing so if our legitimate interests were overridden by your interests or fundamental rights and freedoms. We have an interest in operating our business in the most customer-focused and professional way, and our processing of your personal data is done in accordance with this. 

Examples of how we may use your data include:

  • Client relationships. If you are an individual, you will need to provide us with personal data about yourself (and possibly others) at the start of our business relationship with you, and otherwise as may be requested from time to time. This personal data helps us confirm your identity as required by our regulator and in order to comply with the law and manage the risks associated with sanctions, fraud, money laundering and terrorist financing. We may also use this personal data to check whether we would have a conflict of interest if we were to act for you. The personal data we collect may include your name, address, date of birth, passport or other identification documentation, contact numbers and email, bank account details, assets, family details including the names and ages of any children (where appropriate), proof of address documentation and details about the source of funds. We collect and use your personal data in this way to comply with our legal obligations, perform our contract with you and because it's in our legitimate interests to ensure we comply with our regulatory obligations, prepare for and perform our agreed services, and prevent criminal activity.

    Where necessary for the purposes above, we may also obtain from public and other resources (such as public registers of sanctioned individuals, public registers of companies, public registers of governments or public sources such as the internet), information about you and the parties involved with your matter.

    We will look after any such personal data, and we may use it for the provision of our legal services, billing and other administrative purposes (including the processing of any such personal data as part of those services or so as to improve the delivery of similar services in the future). It may also be used by us from time to time to provide you (and where appropriate anyone for whom you act) with information about the Mishcon Group and our services (including contacting you or them by email or telephone).
  • Business relationships. If you are the representative of any legal entity and are instructing us on any basis other than as an individual, we will look after and use any personal data you provide to us for the purposes of providing our agreed services, on the same basis as set out above.

    It is your responsibility to ensure that you have appropriate procedures in place within your business or operations (including adequate privacy notices pursuant to data protection laws) when you ask us to collect and process personal data for the purposes of your matter. If you have any concerns about the status of such personal data, you must let your Matter Partner know before any personal data is shared with us.
  • To provide, quote or pitch our services. In order to carry out your instructions and quote or pitch for work and provide our agreed services, we may need to collect and process your personal data. We do this in order to perform the contract that we have with you. We may also process your personal data where it is in our or your legitimate interest for the provision or consideration of further services. We may also use Artificial Intelligence technology in the provision of our services.
  • To send you marketing information. Where you have previously expressed an interest in our products or services (and have not opted-out of marketing) we will use your name and email address to send you updates because it is in our legitimate interests to promote our other products and services we think you might be interested in.

    Where you are a new client or have opted in via our website to receive updates on our products and services including offers, promotions and new options, we will process your personal data to provide you these updates in line with the preferences you have provided and will only use your personal data in this way with your consent.

    If you do not wish to receive marketing information about us and our services, wish to receive only certain kinds of information, or wish to receive information only by a particular method, please use the unsubscribe function on our communications or email digitalmarketing@mishcon.com.
  • When you contact us either by phone, email, via our contact forms or via social media, we will usually collect your name, social media handle, the contents of your message, and contact details, because it's in our legitimate interest to make sure we can properly respond to your query.
  • When you use our website and consent to our use of cookies we will collect information about how you use our website. We may use your personal data contained within this information to improve our website and to better understand how people use it. More details on the information we collect and how we do this is set out in our Website Privacy Policy. For details about cookies and technologies we use to track your use of our website please refer to our Cookie Policy.
  • When you attend one of our events or a third-party event we also attend (including virtual events via video conferencing providers), we will usually collect your name, address, email address and phone number. We may also take your photo or capture video of the event which includes you. We collect this personal data because it's in our legitimate interests to promote our business and to know who is attending our events.
  • If our business is sold or is being offered for sale. We process the personal data we hold about you and may share it for this purpose because we have a legitimate interest to ensure our business can be continued by the buyer. If you object to our use of your personal data in this way, the buyer of our business may not be able to provide services to you.
Who do you share my data with?

We may share your personal data

  • Mishcon employees, contractual workers, consultants and members for the performance of our contract with you for the provision of our services.
  • The Mishcon Group. We work with a range of affiliates and subsidiary entities under Mishcon which provide a range of services to us to assist us with the running of our business and the provision of our services to you. These entities, together with Mishcon are the Mishcon Group. The Mishcon Group assists with a range of activities from administration and billing assistance to consultancy services. The main entities that provide this assistance are Mishcon Group (Operations) Limited and Lawton Operations Private Limited which are wholly owned subsidiary companies of Mishcon de Reya LLP. We may share your personal data with the Mishcon Group (and specifically Mishcon Group (Operations) Limited and Lawton Operations Private Limited) in order to perform the contract we have entered with you or them.
  • Foreign law providers, Chambers, Barristers and other professional services. In order to arrange or otherwise assist in the provision of services to you from professional services, foreign lawyers, barristers, or barrister's chambers, we may share personal data with them for the performance of the contract we enter into with them or you.
  • Business partners, suppliers and subcontractors for the performance of the contract we enter into with them or you.
  • Professional advisors such as consultants, lawyers, auditors and accountants. In order to obtain advice, and comply with our legal and regulatory requirements, we do this on the basis of our legitimate interest in the continuance and management of our business, and our legal obligations to comply with certain requirements (e.g. to report to HMRC for taxation purposes).
  • Professional cataloguing bodies, legal directories and other feedback agencies. We do this to obtain feedback and references in relation to our provision of services to you. we do this on the basis of our legitimate interest in the promotion of our business. Where we provide contact details for you, we will first obtain your consent.
  • Financial Institutions. In order to gain financing for our business. We do this on the basis of our legitimate interest in the continuance and management of our business.
  • Promotional events and marketing organisations for the management and planning of our events where we rely our legitimate interest in promoting our business or services. We do not sell data for marketing purposes, but may share your data with an event organiser or brand we are working in collaboration with including where we run workshops with co-presenters and/or offer a promotion alongside a partner brand. We will always tell you before we share your data in this way (usually on the event registration form) and you will be given the chance to opt-out before we do this.
  • Governments/Regulators/Authorities/Enforcement Agencies. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of business, retainer letter and other agreements; or to protect our, our customers' and others' rights. This includes exchanging your personal data with other companies and organisations for the purposes of fraud prevention and detection.
  • Prospective buyers of our business, or parts of our business under our legitimate interest to ensure our business can be continued by the buyer.
Where do you store my data?

We store your data on third party servers which are based in the UK, EU and outside of the UK and EU.

When working with third parties we may need to transfer your personal data outside of the UK and or EU. Whenever we transfer your personal data outside of the UK and the EU, we ensure it receives additional protection as required by law. To keep this notice as short and easy to understand as possible, we haven't set out the specific circumstances when each of these protection measures are used. You can contact us at CRM@Mishcon.com for more information about this.

How long do you keep my data for?

We will only retain your personal data for as long as we need it unless we are required to keep it for longer to comply with our legal, accounting or regulatory requirements.

In some circumstances we may carefully anonymise and aggregate your personal data so that it can no longer be associated with you. At this point it is no longer considered personal data and we may use this anonymised information indefinitely without notifying you. We use this anonymised and aggregated information to improve the way we work and our services. We may also use anonymised and aggregated information in order to train or improve AI which we use as part of our work.

What are my rights under data protection law?

Depending on where you live, you may have various rights under applicable data protection laws, including the right to:

  • access your personal data (also known as a "subject access request");
  • correct incomplete or inaccurate data we hold about you;
  • ask us to erase the personal data we hold about you;
  • ask us to restrict our handling of your personal data;
  • ask us to transfer your personal data to a third party; 
  • object to how we are using your personal data; and
  • withdraw your consent to us handling your personal data.

If you wish to make a subject access request at any time, please email us on DSAR@mishcon.com and your request will be dealt with expeditiously.

You also have the right to lodge a complaint with us or the Information Commissioner's Office, the supervisory authority for data protection issues in England and Wales. If you are based in the EU you can find your relevant supervisory authority here.

Please keep in mind that privacy law is complicated, and these rights will not always be available to you all of the time.

Contacting us about your information

If you have any questions or concerns regarding your personal data or how it is used, please contact us at CRM@mishcon.com.

To help us keep your personal data up-to-date, you should let us know should any of your contact details change, or if you notice any inaccuracies in them. You can do this directly via email. From time to time we may contact you to confirm that the data we hold about you is correct.

 

Cookies

If you want more information or want to change your cookie settings please click below 

Manage cookies

Contacting us about your information

If you have any questions or concerns regarding your data or how it is used, please contact us

Get in touch
How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

I'm a client

I'm looking for advice

Something else