Skip to content
Contact us

Marks & Clerk Group Privacy Notice

The Marks & Clerk Group (“the Group”), including Marks & Clerk LLP, any entity trading under the name Marks & Clerk and associated entities is committed to the protection of personal data (data relating to an identified or identifiable individual) and to fair and transparent processing of this data. This privacy notice sets out how and why the Group collects, stores, shares and uses personal data in the course of its business.  It also sets out the rights that you have in relation to your personal data.

Each firm within the Group is an independent "data controller" (referred to together as 'we' or 'us' for the purposes of this notice).  This means that the Marks & Clerk entity that you have instructed or that is providing services to you or is corresponding with you will be the relevant controller of your personal data.  This privacy notice applies to all the data controllers in the Group.  It should be read together with our Cookie Policy and our Terms of Use.

Contents

  1. About Marks & Clerk

  2. What personal data does the Group collect?

  3. How we obtain your personal data

  4. How we use your personal data

  5. Legal basis for processing personal data

  6. Sharing personal data with third parties

  7. International transfers of personal data

  8. Data retention

  9. Your rights

  10. Updates to this Privacy Notice

  11. Contact details

1. About Marks & Clerk

This policy applies to the following members of the Group: Marks & Clerk LLP, Marks & Clerk Insights LLP, Marks & Clerk Law LLP, , Marks & Clerk Intellectual Property Agency (Beijing) Limited, Marks & Clerk Hong Kong, Marks & Clerk Singapore LLP, Marks & Clerk Canada, Marks & Clerk Law LLP (Ontario), Marks & Clerk (Malaysia) Sdn Bhd, It does not apply to any other members of the Marks & Clerk Group.

2. What personal data does the Group collect?

The personal data we collect from you depends on our relationship with you.  We may collect personal data from you as a client or prospective client.  We may also collect your personal data where you have a connection with our clients and the matters we act on. We also collect personal data of suppliers, people who visit our offices or our website. We may collect and process the following categories of personal data:

Types of personal data
Description

Case-related data

Information related to your legal matter

Compliance & due diligence data

Address verification data including utility bills, bank statements, leases, mortgage statements, place of birth, nationality, professional background, residency, business connections (including shareholdings, memberships, management roles and directorships), family members, criminal convictions or related compliance matters.

Contact data

Your name, address and telephone number

Financial data

Bank details, billing information, payment history

Identification data

Copies of your passport, driving licence, national ID card

Marketing preferences

Your preferences regarding receiving updates, newsletters and event invitations

Risk data

Information used to assess matter and client risk profiles, sanctions list matches, beneficial ownership information, adverse media references, politically exposed person (PEP) status

Sensitive data

Information relating to:

  • Racial or ethnic origin
  • Religious, political or philosophical beliefs,
  • Trade Union membership
  • Genetic or biometric data
  • Health data
  • Sexual orientation
  • Criminal convictions and offences

Technical data

IP address, browser type, device type, usage data and similar technical information

Visitor data

Information relating to your visits to our premises

3. How we obtain your personal data

We may collect your personal data from various sources.  These include:

Source
Description

Personal data you provide to us
  • When you instruct us to act on a particular matter
  • When you interact with us online, on the phone or in person
  • In emails and letters
  • When you browse, complete a form or make an enquiry or otherwise interact with our website

Personal data we collect when you use our services
  • Payment and transaction data
  • Profile and usage data

Personal data from third parties we work with
  • Insurers
  • Social networks
  • Public information sources such as Companies House
  • Agents, suppliers, service providers, sub-contractors and advisers in the fields of:
    • Compliance, such as parties providing services in the fields of KYC, Anti money-laundering checks, sanctions checks and fraud prevention
    • Providers of technology services
    • Professional advisers such as legal advisers, accountants and tax specialists
  • Government and law enforcement agencies

4. How we use your personal data

We may collect your personal data from various sources.  These include:

Purpose
Description

Provision of professional services

to perform such services and/or provide advice and deliverables to you including:

  • registering you as a client
  • providing our professional services or other related services or solutions
  • to process payments, billing or for related matters

Managing, administering and developing the business

to manage our relationship with you including:

  • developing business and services
  • maintaining and developing IT systems
  • managing and hosting events and for professional networking purposes
  • to administer and manage the Group’s website, systems and applications

Quality and risk management, security

 to keep our systems secure, including monitoring the services provided to you to detect, investigate and resolve security threats, for example automatic scanning of email correspondence for threats

Providing information about services

 using your business contact details to provide information about services, activities, and events that may be of interest

Compliance with our professional obligations

 to comply with legal and regulatory obligations including:
maintaining records of our communications with you for compliance purposes
  • compliance checks or screening and recording (for example in relation to trade sanctions and fraud prevention, KYC procedures and anti-money laundering measures)
  • conducting checks of the personal data you provide to us about your identity against relevant databases and making records of our communications with you for compliance purposes
  • to monitor compliance with our policies and standards
  • for insurance purposes

Security at our premises

 To manage access to our premises and for security purposes

5. Legal basis for processing personal data

We will only process your personal data where we have a legal basis to do so.  Depending on the context, we rely on one or more of the following legal bases for processing your personal data:

  • Legitimate interests: we may process your personal data for our legitimate business interests or those of a third party, but only where such interests are not overridden by your interests or fundamental rights and freedoms

  • Legal obligation: in some cases we may have a legal obligation to process your personal data

  • Contract: in certain circumstances we may process your personal data where this is necessary for the performance of a contract to which you are a party or for taking steps prior to entering into such a contract

  • Consent: in certain circumstances we may ask for your consent to process your personal data

    The purposes for processing your personal data and the legal bases for doing so are set out below.

Purpose
Types of personal data
Lawful basis for processing

Provision of professional services

Contact data

Identification data

Case-related data

Sensitive data

Our legitimate interests and (if applicable) those of third parties including:

  • providing our services to you
  • administering our relationship and maintaining contractual relations
  • establishing, exercising or defending legal rights

 To comply with our legal and professional obligations

For entering into a contract with you (where you as an individual are a party to the contract)

Consent (where relevant)

Where we process relevant Sensitive data we will only do so where the applicable conditions have been met including:

  • where you have given your explicit consent;
  • where the processing is necessary for the establishment, exercise or defence of legal claims
  • where the processing is necessary for reasons of substantial public interest and is permitted by applicable law

To comply with our legal and professional obligations

Contact data

Identification data

Compliance and due diligence data

Financial data

Risk data

Sensitive data

To comply with our legal obligations including:

  • carrying out client onboarding and KYC procedures
  • conducting anti money-laundering and sanctions screening
  • maintaining records
  • carrying out conflicts of interests checks
  • completing records and complying with other regulatory, legal and professional standards requirements

 Our legitimate interests and (if applicable) those of third parties including:

  • establishing, exercising or defending legal rights
  • complying with legal and professional obligations
  • providing our services to you
  • administering our relationship and maintaining contractual relations

For entering into a contract with you (where you as an individual are a party to the contract)

Consent (where relevant)

Where we process relevant Sensitive data we will only do so where the applicable conditions have been met including:

  • where you have given your explicit consent;
  • where the processing is necessary for the establishment, exercise or defence of legal claims
  • where the processing is necessary for reasons of substantial public interest and is permitted by applicable law

Managing, administering and developing the business

Providing information about services

Contact data

Financial data

Marketing preferences

Visitor data

Sensitive data

Our legitimate interests and (if applicable) those of third parties including:

  • Providing our services to you
  • Administering our relationship and maintaining contractual relations
  • Developing and marketing our business
  • Improving our website or our services and marketing, for example through website analytics, identifying browsing trends and patterns

To comply with our legal and professional obligations

For entering into a contract with you (where you as an individual are a party to the contract)

Consent (where relevant)

Where we process relevant Sensitive data we will only do so where the applicable conditions have been met including:

  • where you have given your explicit consent
  • where the processing is necessary for reasons of substantial public interest and is permitted by applicable law 

Quality and risk management

Technical data

Sensitive data

Our legitimate interests and (if applicable) the interests of third parties in detecting, investigating and resolving security threats

Where we process relevant Sensitive data we will only do so where the relevant conditions have been met including where the processing is necessary for reasons of substantial public interest and is permitted by applicable law 

Arranging and administering visits at our premises

Contact data

Visitor data

Sensitive data 

Our legitimate interests and (if applicable) those of third parties including:

  • administration of events
  • the security of our premises

To comply with our legal and professional obligations (for example requirements relating to health & safety)

Consent (where relevant)

Where we process relevant Sensitive data we will only do so where the applicable conditions have been met including:

  • where you have given your explicit consent
  • where the processing is necessary for reasons of substantial public interest and is permitted by applicable law 

6. Sharing personal data with third parties

The Group will only share personal data with third parties where it is appropriate to do so for the performance of our services and where this is legally permitted. The Group will not provide information to third parties for their own marketing purposes. Where the Group transfers personal data to third parties, it will put in place appropriate contractual arrangements and seek to ensure that there are appropriate technical and organisational measures in place to protect personal data.

We may share your personal data with the following entities:

  • the Group and/or with our affiliates in order to provide our services to you as described in this Notice

  • third parties service providers including data processing service providers, website spam security service providers, website hosts and website analytics providers

  • companies providing solutions relating to due diligence and regulatory requirements including credit reference agencies, companies providing checks for money laundering, terrorist financing and fraud prevention, and checking against sanctions lists

  • professionals such as barristers, consultants, tax advisers, translators, accountants, mediators, experts, foreign patent and trade mark attorneys, lawyers providing specialist advice or advice on foreign law, marketing or public relations consultants and other professionals as relevant

  • any competent law enforcement body, regulator, government agency, court or other relevant third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation; (ii) to exercise, establish or defend our legal rights; (iii) to protect your vital interests or those of another person

  • if we buy or sell any business or assets we may share your personal data in the course of that transaction. 

7. International transfers of personal data

In the course of running our business and providing services to clients the Group may transfer personal data from the EU or the UK to other controllers within the Group or to service providers located outside the EU or the UK.

Where the jurisdictions or entities to which the personal data is transferred have been formally recognised as providing an adequate level of protection for personal data, we rely on the relevant adequacy decision of the European Commission or the applicable UK adequacy regulations.

Where a transfer of personal data is not made to an adequate jurisdiction or entity, we rely on appropriate safeguards, such as the International Data Transfer Addendum or International Data Transfer Agreement (issued by the UK Information Commissioner) and the EU Standard Contractual Clauses (adopted by the European Commission).

8. Cookies and similar tracking technology

 A cookie is a small text file which is placed onto your device (e.g. computer, smartphone, or another electronic device) when you use our website. We use cookies and similar tracking technology (collectively, “Cookies”) to collect and use personal data about you. For further information about the types of Cookies we use, why, and how you can control Cookies, please see our Cookie Policy here.

9. Data retention

The Group will only store personal data for as long as necessary for the purposes for which it was collected, or as required by law.

Unless there are any overriding legal, regulatory or contractual requirements, the Group will retain records of services provided (which may include personal data) in accordance with the Group’s document retention policy.

10. Your rights 

You have rights in relation to any of your personal data held by the Group.

Individuals in the UK and EEA have the following data protection rights. To exercise any of these rights, please use the contact details provided under the “How to contact us” section below.

  • Rights of access, correction or deletion: you may access, correct, update or request deletion of your personal data

  • Objection to processing and restriction of processing: you can object to the processing of your personal data or ask us to restrict the processing of your personal data

  • Right to data portability: in certain circumstances you have the right to have your data transferred in a readable and standardised format

  • Right to opt out of marketing communications: you have the right to opt out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. If you choose to opt out of marketing communications, we may still send you non-promotional emails, such as emails about our ongoing business

  • Withdrawing consent: If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data which relies on legal bases other than consent

  • Right to complain about the processing of your personal data: you have the right to complain to a supervisory authority about our collection and use of your personal data. Contact details for the UK's data protection authority are available here. Contact details for data protection authorities in the European Economic Area, are available here. Certain supervisory authorities (including in the UK) will require that you exhaust our internal complaints process before they will consider your complaint. Please contact us at the email below for details about our complaints process.

We respond to all requests received from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Should you wish to exercise your rights, please contact the Group’s Data Protection Coordinator via email at dataprotection@marks-clerk.com. The Group will endeavour to respond to any request promptly and within any legally required time limit.

11. Updates to this Privacy Notice

We may update this Privacy Notice from time to time in response to legal, regulatory, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, which will be consistent with the significance of the changes we make.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the end of this Privacy Notice.

12. Contact details

 Please address any questions or requests related to this privacy notice to: dataprotection@marks-clerk.com.

 Last Updated: April 2026