This Policy applies to Personal Information provided to us by an individual or by third parties, as well as confidential information provided by customers and potential customers. We may use Personal Data and confidential information provided to us for the purposes set forth in this Policy or disclosed at the time of collection.
This Policy is an important document. We recommend that you read it carefully and keep a copy for future reference.
In this Policy, we use the terms:
"Confidential information" means information provided to Moncey Avocats by a client or prospect, which is identified as confidential at the time of transmission or would be considered as such by a reasonable person, or which is protected by a statutory obligation of confidentiality.
"Engagement Letter" or fee agreement, means a written document that sets forth the terms and conditions of Moncey Avocats' specific engagement and describes the services to be provided to you by the specific entity. These terms of engagement shall serve as a reference for determining the legal entity responsible for the services provided.
"Partner Firm" refers to French or foreign legal or accounting firms with whom we may work in the course of advising clients.
"Personal Data" falls under the definition established by the European Regulation 2016/679 (General Data Protection Regulation - "GDPR") and includes any information relating to an identified or identifiable natural person.
"we", "us" and "our" (and other similar terms) means Moncey Avocats (the "Data Controller").
"You" and "your" (and similar terms) mean, as the context requires, our clients, persons associated with our clients, contacts, suppliers, applicants, staff and visitors to the Moncey Lawyers website, www.monceyavocats.com.
Your rights regarding Personal Data and how to exercise them:
Under certain circumstances, you have the following rights:
- the right to request that we provide you or a third party with copies of the Personal Data we hold about you at any time and to be informed of its content and origin, to verify its accuracy, or to request that it be completed, updated or rectified in accordance with local legislation;
- the right to request the deletion, anonymization or blocking of your Personal Data processed in violation of the law;
- the right to object on legitimate grounds to the processing of your Personal Data. In some circumstances we may not be able to stop using your Personal Data, if so we will let you know and explain why; and
- withdrawal of consent - although we do not generally process Personal Data on the basis of consent, where Personal Data is processed on the basis of consent, an individual may withdraw consent at any time (this may apply to the processing of special categories of Personal Data where you have asked us to act on your behalf and includes the following: racial/ethnic origin, political opinions, religious or philosophical beliefs and trade union membership). If you no longer wish to receive marketing material from us, please use the unsubscribe option (which is included in all marketing emails we send you) or contact the Data Controller as set out below.
To exercise these rights and if you have any questions about how we collect, hold and use Personal Data, please contact us using the contact details set out in the "Data Processor Contact Details" section below.
On what legal basis do we process your Personal Data?
We will only process Personal Data if we have a lawful reason to do so. The lawful basis for the processing of Personal Data by us will be one of the following:
- processing is necessary for the performance of a contract to which you are a party or in order to take action at your request before entering into a contract;
- processing is necessary to enable us to comply with our legal or regulatory obligations (such as compliance with anti-money laundering legislation or for conflict of interest purposes);
- processing is necessary for the pursuit of our legitimate business interests (including the provision and promotion of our services;
- the processing is necessary for the establishment, exercise or defence of legal claims; or
What Personal Data do we collect and process?
We aim to be transparent about why we process Personal Data and how we process it. For more information about our processing activities, please see the relevant section below.
We process Personal Data about contacts using a client relationship management tool. Personal Data is collected and added to this tool by Moncey Avocats staff and includes: name, email address, job title, phone number, business area, role, jurisdiction, language, seniority and other business contact information. Personal Information may also be collected because we provide our services to you or at a networking event. In addition, Personal Information may also be collected via the Moncey Avocats website, www.monceyavocats.com.
- For contact and communication purposes: we may use your contact information to send you legal updates as appropriate, information about any events we are hosting or participating in, and/or other information about us and the services provided by Moncey Avocats that we believe may be of interest to you. You may specify your contact preferences when you register online to receive communications from us (for example, through the Moncey Avocats website, www.monceyavocats.com) or by subsequently informing us of your contact preferences using the options provided on all of our marketing emails or contact details as set out in the "Data Processor Contact Details" section below.
- Make contact information available to Moncey Avocats staff.
- Perform analytics - such as trends, sales information, effectiveness (such as click-through rates and open rates), penetration and progress of marketing efforts.
- Use artificial intelligence to search for news feeds, websites, posts, etc., and perform analysis to help us contact you with relevant information.
The Personal Data are kept in our management tool as long as necessary for the achievement of the purposes stated above (i.e. the duration of the business relationship). If a business contact requests to be "forgotten", their details will be removed from the tool. If a business contact chooses not to receive marketing material, their details will be retained (as our lawyers may still be in contact - and we need to keep a record of the request not to be contacted), but marketing material will no longer be sent.
Clients and people associated with clients
We ask our customers to provide only the Personal Information necessary to perform our services.
If we require Personal Information about individuals associated with clients in order to provide legal services, we ask our clients to provide this Policy to those individuals.
In most cases, we will collect Personal Information from our customers or from third parties acting on behalf of our customers.
- Providing legal services: we will use and disclose Personal Data in ways we believe are reasonably necessary to provide our services, for example, we may need to instruct an overseas lawyer on your behalf (including correspondence with you), to liaise with other professional service providers in relation to matters we are dealing with, or because we need to liaise with the opposing party on a matter for which you have instructed us. Personal Data will be passed to any Partner Firm if the data is relevant to the relevant instructions.
- Administration: to collect our fees or charges in connection with other law enforcement actions, we will use Personal Data to agree on payment arrangements and to collect fees and charges owed to us in connection with law enforcement actions.
- Managing client relationships: providing clients with information about our services and legal updates that we believe are relevant to them; organizing and hosting events; and identifying where we can make improvements to service delivery.
- Client Engagement: As part of the process of entering into a relationship, we conduct certain background checks to ascertain whether or not there are any potential issues that might prevent us from working with a particular individual (e.g. to identify potential criminal convictions, politically exposed individuals, sanctions or other reputational issues).
- Anti-money laundering compliance we may process your Personal Data (e.g. proof of identity) to fulfil our obligations to identify our clients under anti-money laundering rules. This information is shared with any Partner Firm required to comply with these obligations. Personal Data provided for the purpose of complying with our anti-money laundering obligations will only be used for the purpose of preventing money laundering and terrorist financing or as otherwise permitted or authorised by law, unless you have consented to its use for other purposes.
- Our third party business partners may provide us with your Personal Information to enable us to conduct background checks and monitoring activities, to comply with our legal obligations and for other purposes described in this Policy.
Our general retention period for documentation created for the purpose of providing legal services is 13 years. In some cases, there are legal and regulatory exceptions that may require documentation to be retained for longer or shorter periods. In particular, we are required to retain customer due diligence documentation for 5 years after the completion of any transaction or termination of the business relationship with you and for a maximum of 10 years, unless you have consented to its retention for a longer period or a longer period is required by any relevant regulation or for the purposes of legal proceedings. If you require further information, please contact us using the contact details set out in the "Data Processor Contact Details" section below.
Please refer to the information provided during an online application for more details on how Personal Data is collected, processed and how long it is kept.
Personal Data, including name, email address, telephone number and other business contact information, may be collected from public relations agencies or databases to which we subscribe.
- Press releases and joint press releases from our clients/organizations we work with.
- Invitations to meet the staff of Moncey Avocats.
- Press evening.
- Highlight any spokesperson who may be of interest on a specific industry theme or topic and relevant to the reporter.
- Business travel may require the use of Personal Information to help us make travel arrangements.
- Internal communications.
Personal Data will be kept for as long as necessary to fulfill the purposes mentioned above, or if you inform us that you no longer wish to be contacted your Personal Data will be removed from our contact lists.
Suppliers (including individual contractors)
Personal Data, including name, email address, phone number and other business contact information, is collected to receive services from suppliers, to manage the supplier relationship and to provide services to our clients. 5
- To receive services from our suppliers: please note that we will use and disclose their Personal Data in the manner we reasonably believe is necessary to receive and review the provision of such services from suppliers.
- Customer Services: if a supplier helps us provide services to our customers, we will process Personal Data to manage that relationship.
- Administration: agreeing payment terms with our suppliers and making payments to them.
A general retention period of 13 years will be applied unless there are legal and/or regulatory exceptions that may require documentation to be retained for shorter or longer periods. If you require further information, please contact us using the contact details set out in the "Data Processor Contact Details" section below.
Personal Data relating to staff will be held in various internal systems and applications. A data protection notice which sets out the purposes for which Personal Data will be processed and contains information on the rights of data subjects is provided to staff at the start of employment. If you require further information, please contact the Human Resources Department.
Visitors to the Moncey Avocats website
We do not regularly monitor the IP addresses of visitors to our website. Personal Data will be collected if you register to attend one of our events and/or to receive our marketing materials.
- Business Contacts: If you have registered to attend one of our events or to receive our marketing materials, please see the paragraph above entitled "Business Contacts".
Who else may have access to your Personal Information?
On occasion, we may need to share your Personal Information with third parties. We will only share Personal Information where permitted by law.
When you provide Personal Data to us as a customer, we will assume, unless you instruct us otherwise in writing, that we may disclose your Personal Data as reasonably necessary to provide our services (including those described in this Policy) or as required by applicable law. This may be because, for example, we may pass your Personal Data to third parties such as:
- credit bureaus for credit control purposes;
- events: we may transmit your Personal Data (e.g. name, company, profession) to a third party in the context of the management of an event, in which case the data will only be used by the third party for this specific purpose;
- Business partners, service providers and other affiliated third parties: to enable us to provide our services to you, we may need to share your Personal Data with a Partner Firm, our business partners (including other professional advisors such as accountants or auditors), external service providers and/or overseas legal advisors. Our contracts with external service providers currently cover the provision of support services, including IT, anti-
- bleaching/customer due diligence, event management, document production, business and legal research, secretarial services, marketing and business development and facilities management;
- disclosures required by law or regulation: In certain circumstances, please note that we may be required to disclose Personal Data under applicable law or regulation, including to law enforcement agencies or in connection with proposed or actual legal proceedings.
International transfers of Personal Data (including to external service providers)
From time to time, we may need to transfer your Personal Data to other Partner Firms, which may have offices located in territories outside the European Economic Area ("EEA"), including the United States, in order to provide you with the required services.
Please note that the legal regimes of some territories outside the EEA may not offer the same level of data protection as those in the EEA, although we will ensure that your Personal Data is only processed in accordance with this Policy.
Where necessary, we have entered into European Commission approved standard data protection clauses with Partner Firms that have offices located in territories outside the EEA to provide the required service to you and with our external service providers and business partners in respect of services they may provide that involve data processing outside the EEA for which we are a Data Processor.
How we handle your Confidential Information
From time to time, we may need to share your confidential information with other Partner Firms and third parties. We will only share confidential information if we are legally permitted to do so.
When you provide us with Confidential Information, we will assume, unless you instruct us otherwise in writing, that we may disclose your Confidential Information in the manner we deem reasonably necessary to provide the services you have requested from a Partner Firm (including those described in this Policy), or as required by applicable law. Examples of when this may be applicable include:
- Business partners, service providers and other affiliated third parties: In order to enable us to provide our services to you, we may share your confidential information with other Partner Firms, our business partners (including other professional advisers such as accountants or auditors), external service providers and/or overseas lawyers. Our agreements with external service providers currently cover the provision of support services including IT, anti-money laundering/customer due diligence, event management, document production, business and legal research, secretarial services, marketing and business development and facilities management;
- disclosures required by law or regulation: In certain circumstances, please note that we may be required to disclose confidential information under applicable law or regulation, including to Partner Firms (for example, to conduct conflict of interest and anti-money laundering checks), to law enforcement agencies, or in connection with proposed or ongoing legal proceedings.
How we handle your Personal Information
We have implemented appropriate technical and organizational security measures to protect your Personal Data against unauthorized or unlawful use and against accidental loss, damage or destruction.
We have strict confidentiality agreements (including data protection obligations) in place with our third party service providers.
Links to other websites
The Moncey Avocats website, www.monceyavocats.com, may contain links to other unaffiliated third party websites. Please note that Moncey does not, and cannot, control or be responsible for the content or the privacy and confidentiality practices of third party websites. You should always carefully review the privacy and data protection policy of any third party website you visit to understand how the operators of that website may collect, store and use your Personal Data.
Updates to this policy
This Policy was last updated in November 2021. Please check this page periodically for updates to this Policy.
Contact details of the Data Processor
Moncey Avocats is the Data Controller.
Although we hope you won't need it, if you have any complaints about the use of Personal Data, please send an email detailing your complaint to the DPO at the email address: email@example.com.
You also have the right to lodge a complaint with the competent supervisory authority, in France, the CNIL.