Privacy notice

Johnson Stokes & Master (JSM), its representative offices and consultancy service provider in Mainland China (collectively the JSM Practices, We, us or our; the Firm refers to one or more of the JSM Practices) respect personal privacy and are committed to safeguarding your personal information. We act in accordance with applicable data privacy laws when collecting and using personal information provided to us, or which we have obtained from your visits to our websites and use of our online services.

This Privacy Notice explains our information practices in relation to personal information. If you have any further queries, there are a number of contacts listed below who can assist.

If you are a client of our Firm, you should read this Notice together with our terms of business.

When This Notice Applies

This Privacy Notice explains how we manage personal information that we obtain:

  • in the course of carrying out business intake procedures,
  • from or about individuals who are our clients,
  • from or about individuals in the course of providing legal services to our clients,
  • from or about individuals in the course of operating our business generally, and including marketing data and data from digital initiatives.

If you are a partner of or work for our Firm or are applying for a position at our Firm, you should consult the data privacy information provided to you in connection with your role. If you are applying for a position at our Firm you can find relevant information about how we handle your personal information on the recruitment and legal notices page of our website.

If your data is collected in Mainland China, your personal information will be processed in accordance with the applicable data protection laws in Mainland China, including the PRC Personal Information Protection Law, the PRC Data Security Law and the PRC Cybersecurity Law. We have prepared a Mainland China Addendum for individuals located in Mainland China. Please read this notice together with the Mainland China Addendum, which is provided at the end of this document.

How we collect personal information and the types of personal information

The personal information we may directly collect from you will depend on the nature of your interactions with our Firm and whether you:

  • have engaged our legal services,
  • are recipient of our marketing communications or attend events,
  • have interacted with our websites, similar technologies or your interactions involve the use of relationship insight tools,
  • have a connection to a member of our personnel, or
  • have a vendor relationship or similar with our Firm.

In addition, we may collect personal information about you from third parties. Third parties may include but are not limited to instructing clients (where your information forms part of a client matter) and providers of verification services for client onboarding. We may monitor your use and interactions with our websites, marketing we send and communications between you and our Firm.

Depending on the circumstances, the types of personal information collected by our Firm may include:

  • Basic details such as your name, contact details, job title and the name of your employer.  
  • Financial information such as billing addresses, bank accounts and payment information. 
  • Identification, background verification information, evidence of ownership or source of funds collected for business acceptance purposes and anti-money laundering requirements. 
  • Special categories of data such as race, ethnicity, trade union membership, information about health or information about your political, religious or philosophical beliefs. 
  • Information that relates to criminal matters. 
  • Information that relates to children (although our Firm does not target children when offering legal services).  
  • Photographic, audio and video content (which can include CCTV footage if you visit our premises in Hong Kong and Beijing). 
  • Information that you have provided in relation to marketing preferences, registering for events and meetings (which may include access and dietary requirements). 
  • Information relating to your website usage and technical data that is collected through tracking technologies and relationship insight tools; and 
  • Any other information relating to you that you or others may provide. 

Purposes for which we use your personal information

We will only use your personal information when the law allows us to do so. Most commonly we will use your personal information in the following circumstances, where permitted:

  • when we need to perform a contract we are about to or have entered into with you,
  • when we need to do so to comply with a legal obligation,
  • where permitted by law, when it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests,
  • when it is necessary to establish, exercise or defend legal claims,
  • if you have already made the information public, or
  • if you have given your consent (or, where required under the PRC Personal Information Protection Law, your separate consent).

We process your personal information for the purposes set out below. To the extent permitted by law, the particular legitimate interests on which we rely in processing your personal information include the following purpose:

For the purposes of carrying out business intake procedures: this will include using and/or obtaining information for the purposes of carrying out anti-money laundering, conflict and other business intake searches.

For providing legal advice to our clients: the information may include contact data, data concerning your employment or business activities and any other data relevant to the transaction, litigation or other matter upon which we are advising. Where necessary (such as in employment or pensions work) and, permitted by law, that data may include ‘special categories’ of personal information such as that relating to health. 

For the purposes of marketing our services: we may use information about you for the purposes of promoting our business, if you request information about our services or indicate that you have an interest in receiving communications on legal topics, respond to invitations to events, or comment on our blogs or social networks. Based on that information, we may also identify further products, services, legal topics and events about which you may wish to know more.

You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking the appropriate boxes on the forms we use to collect your data. You can also exercise that right at any time by contacting us as set out below. For information about our use of relationship insight tools, please see Use of Online Identification Technologies and Relationship Insight Tools below.

For the functioning of our business and its operations: we may use your personal information in the course of operating our business, including the management of our relationships with third party suppliers, dealing with our insurance arrangements, facilitating a business sale, acquisition or restructuring or for seeking external legal advice.

We may rely on more than one purpose  for a particular category of personal information.

Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will only do so if legally permitted to do so and with appropriate notice (or consent, if required by law).

If you wish to understand more about the basis upon we are using your data please contact us as set out below.

Transferring and Sharing Your Information

JSM operates two representative offices in Beijing and Shanghai, as well as an IP consultancy service provider in Beijing. Your personal information is stored on JSM’s servers located in different countries, and your personal information may be processed by the JSM Practices in different jurisdictions for business or administrative purposes. Information held in hard copy is stored onsite or at secure locations. The type of personal information involved and uses include those detailed above where appropriate.

When we transfer personal information outside of the jurisdiction in which you are located, we do so in compliance with applicable data protection laws. This may include implementing appropriate safeguards such as data transfer agreements or standard contractual clauses, where required by law.

We may provide personal information to third parties that perform operational services for us solely for our use and benefit or professional advisors (such as barristers and local counsel) and service providers (such as document review platforms) in order for them to perform services on behalf of a client with their consent. We will only transfer your personal information in these circumstances where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required. On occasion, we may be required by law to disclose personal information by a regulator, court or authority. Where necessary and with appropriate safeguards, we may also need to disclose information to our professional advisors (e.g. legal and financial advisors), bankers, auditors, insurers and insurance brokers.

Identity Access Management

Some personnel and contractors of our Firm who use Firm-issued devices can choose to enable certain features that use personal and/or biometric information, securely stored on their devices. This information is stored securely on their devices while they use these features, and is deleted with a reasonable time after their departure from our firm, not to exceed 3 years in any event.

Online Identification Technologies

Use of Online Identification Technologies and Relationship Insight Tools

We use online identification technologies such as cookies and similar tools on our websites, collaboration sites and other digital media (Websites). You can access our Cookie Policy here.

If your contact details are held in our marketing database, we may use relationship insight tools which collect aggregate information about your interactions with us via emails, outlook calendar invitations, business development activities and other interactions for business development purposes. These relationship insight tools allow us to keep your contact details and profile up-to-date and to gain an understanding of the extent of your relationship with others within our Firm. Your marketing insight information is stored securely in Singapore and held in accordance with our retention policies. The lawful basis for processing your information, where this is required to be demonstrated, is legitimate interests for marketing purposes, understanding relationships and keeping information up-to-date.

If you would prefer us not to use relationship insight tools in relation to your profile, please email privacy@jsm.com or use the ‘private’ tag in emails. Please update us if your contact details change.

Confidentiality and Security

We take reasonable precautions to ensure that your personal information remains confidential and have put in place appropriate security measures to protect your personal information. We will limit access to those who have a business need to know; they will only process your personal information on our instructions and subject to a duty of confidentiality.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.

How Long do we Keep Your Personal Information?

We have document retention and destruction practices relating to data which differ according to the geographical region, practice area/business support team, the nature of the information, its format and type of documentation.

In determining the appropriate retention period for personal information we consider such factors as the nature of the information, the purposes for which the data is retained, appropriate security measures, relevant technical constraints and applicable legal requirements.

Please contact us if you would like further information about our record retention policies. 

Data Privacy Enquiries and Access to Information

If you believe the information we hold is inaccurate or no longer current, please contact us so that we can remove or correct the information as appropriate.

If you are in Hong Kong or Mainland China, the applicable data protection legislation gives you rights to access information held about you.

Further Information about Data Rights

In certain circumstances individuals have specific rights under application data protection laws, including the rights:

  • to have personal information erased; 
  • to object to, or request restrictions on, processing; 
  • the right to obtain information regarding the processing of your personal data and access to the personal data; 
  • where consent was provided for certain processing activities, the right to withdraw your consent to the collection, processing, use and/or disclosure of your personal data at any time; 
  • the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit or transfer that data to a third party where this is technically feasible; 
  • the right to request that we rectify your personal data if it is inaccurate or incomplete; and 
  • the right to object to any decision based solely on automated processing, including profiling, which produces legal consequences concerning you, or other seriously impactful consequences and to require such decision to be reviewed manually.

How to Exercise Your Data Privacy Rights

If you wish to exercise your data privacy rights, make a complaint, ask a question or make a suggestion, please see the section headed “How to Contact Us” below. It is recommended that you provide supporting documents that verify your identity and provide a clear and specific description of your request. Please note that in accordance with applicable laws, we may charge a fee for accessing your information, if permitted.

Data Controllers, Regulatory and Contact Information

Each JSM Practice acts as data controllers. Details of the individual JSM Practices can be found in the Legal Notices section of our website (www.jsm.com).

You also have the right to lodge a complaint with a relevant data protection authority if you believe that our processing of your personal data violates applicable data protection laws. If you have a complaint about our handling of your personal data, we would appreciate the opportunity to deal with your concerns before you approach any regulator.

Changes to Our Privacy Notice

We may change our Privacy Notice from time to time. Any changes will be posted to this page. You should check this website periodically.

How to Contact Us

This Privacy Notice was drafted with brevity and clarity in mind. We are very happy to assist with any further queries. You may contact our privacy team directly by emailing privacy@jsm.com or use the contact details provided here.

Mainland China Addendum to JSM Privacy Notice

This addendum applies when the representative offices and consultancy service provider of Johnson Stokes & Master (JSM) in Mainland China (the JSM Mainland China Entities, we, us or our) collect personal information or you, your employer or relevant third parties provide your personal information to the JSM Mainland China Entities.

This addendum supplements the information contained in the JSM Privacy Notice above.

Transferring and Sharing of your information

We may transfer your personal information out of Mainland China for the following purposes:

  • to provide client services and respond to enquiries,
  • to fulfil compliance and legal obligations,
  • to manage our business and client relationships, and
  • to market our business and services, such as providing information about our events or services, client conferences, seminars or networking events.

The information may initially be transferred to a Hong Kong service company established by JSM named Sekots & Co., Limited, and located on the 16-18th Floors, Prince’s Building, 10 Chater Road, Central, Hong Kong (the Overseas Recipient), which provides the infrastructure located in Hong Kong for us to store and manage your personal information.  

To the extent required, your personal information transferred to the Overseas Recipient may be provided to or accessed by JSM. JSM may process your information for the purposes of enabling the JSM Mainland China Entities to achieve the abovementioned purposes. The type of personal information transferred outside Mainland China may include: 

  • basic personal information such as names, contact details and information about family relationships (excluding sensitive personal information), 
  • personal identity information such as your ID numbers and photographs on your ID card and passport, 
  • personal education and work information such as personal occupation, position and department, 
  • personal financial information such as your bank account information and source of funds collected for business acceptance purposes and anti-money laundering and terrorist financing requirements, 
  • personal communication information pertaining to your communication records, including technical data relating to your interactions or communication with us, 
  • personal information pertaining to transactions, proceedings, or other legal matters, such as those contained in documents and other materials related to transactions, litigation, arbitration, dispute resolution, and tax registration, 
  • marketing data, such as information about individuals participating in events, meetings, in-person conferences, interests and preferences, and 
  • other information, EG. trade union membership information. 

In very limited circumstances, we may collect and process sensitive personal information (including sensitive personal information that you have voluntarily provided to us) if it is necessary to achieve the purposes set out above. This may include your ID numbers and photos (without specific technical processing) from your identification documents and financial data, which are necessary for verification of your identity and complying with business intake procedures. Additionally, if necessary for a specific service we are providing to you, we may also process other sensitive personal information. The types of sensitive personal information we process will depend on the requirements of the specific matters.

Without providing your relevant personal information, including sensitive personal information, we may not be able to respond to your request or provide you with our legal services.

If you provide us with personal information relating to other persons (such as family members, work colleagues, employees, etc.) located in Mainland China, you are responsible for ensuring the relevant individuals are made aware of the terms of this addendum and the JSM Privacy Notice and that you are legally authorised or entitled to provide us with their personal information. You are also responsible for ensuring that their personal information is accurate and up-to-date, and you transfer the information to us in compliance with applicable data protection laws.

Your rights in connection with personal information

As a data subject in Mainland China, you have rights according to the PRC Personal Information Protection Law (PIPL) which may include the rights set out in the JSM Privacy Notice above. We will endeavour to support the exercise of your rights in accordance with applicable law. Please note that exercising certain rights may affect the services we can offer and we may be subject to certain constraints. For example, if you would like to delete your personal information provided to us, but the retention period prescribed by the applicable laws and regulations has not expired, or it is technically difficult to delete the personal information, we may cease the processing of the personal information, except for the storage and any necessary measure taken for security protection.

If we process your personal information based on your consent, you will have the right to withdraw your consent at any point. The withdrawal of your consent does not invalidate the processing activities that were carried out based on your consent prior to the withdrawal.

Contact Information

If you wish to exercise any of your data subject rights, you may submit your request via email to our privacy team by using the privacy@jsm.com or use the contact details provided here to reach the JSM Mainland Entities and the Overseas Recipient.

In order to facilitate this process and to enable us to assist you, when you make a request please specify the nature of your request, and provide your name, e-mail, telephone number, and proof of identity. We will use this information solely to validate your request by matching it with our records.

Please scan the QR code and follow us on WeChat

Wechat ID: JSM_Legal
JSM WeChat QR code
Close