Privacy notice

Johnson Stokes & Master (“JSM”) is a Hong Kong law firm with representative offices and a consultancy service provider in Mainland China (collectively the “JSM Practices”, “We”, “us” or “our”; the “Firm” refers to one or more of the JSM Practices). We respect personal privacy and are committed to safeguarding your personal information. We act in accordance with applicable data privacy laws when collecting and using personal information provided to us, or which we have obtained from your visits to our websites and use of our online services.

This Privacy Notice explains our information practices in relation to your personal information. If you have any further queries, there are a number of regional contacts listed below who can assist.

If you are a client of our Firm, you should read this Notice together with our terms of business.

When This Notice Applies

This Privacy Notice explains how we manage personal information that we obtain:

  • in the course of carrying out business intake procedures,
  • from or about individuals who are our clients,
  • from or about individuals in the course of providing legal services to our clients,
  • from or about individuals in the course of operating our business generally, and including marketing data and data from digital initiatives.

If you are a partner of or work for our Firm or are applying for a position at our Firm, you should consult the data privacy information provided to you in connection with your role. If you are applying for a position at our Firm you can find relevant information about how we handle your personal information on the recruitment page of our website.

If your data is collected in Mainland China, your personal information will be processed in accordance with the applicable data protection laws in Mainland China, including the PRC Personal Information Protection Law, the PRC Data Security Law and the PRC Cybersecurity Law. We have prepared a privacy policy for individuals located in Mainland China. Please read this notice together with the Privacy Policy for Mainland China.

How we collect personal information and the types of personal information

The personal information we may directly collect from you will depend on the nature of your interactions with our Firm and whether you:

  • have engaged our legal services,
  • are recipient of our marketing communications or attend events,
  • have interacted with our websites, similar technologies or your interactions involve the use of relationship insight tools,
  • have a connection to a member of our personnel, or
  • have a vendor relationship or similar with our Firm.

In addition, we may collect personal information about you from third parties. Third parties may include but are not limited to instructing clients (where your information forms part of a client matter), the Mayer Brown Practices (defined below) and providers of verification services for client onboarding. We may monitor your use and interactions with our websites, marketing we send and communications between you and our Firm.

Depending on the circumstances, the types of personal information collected by our Firm may include:

  • Basic details such as your name, contact details, job title and the name of your employer,
  • Financial information such as billing addresses, bank accounts and payment information,
  • Identification, background verification information, evidence of ownership or source of funds collected for business acceptance purposes and anti-money laundering requirements,
  • Special categories of data such as race, ethnicity, trade union membership, information about health or information about your political, religious or philosophical beliefs,
  • Information that relates to criminal matters,
  • Information that relates to children (although our Firm does not target children when offering legal services),
  • Photographic, audio and video content (which can include CCTV footage if you visit our premises in Hong Kong and Beijing),
  • Information that you have provided in relation to marketing preferences, registering for events and meetings (which may include access and dietary requirements),
  • Information relating to your website usage and technical data that is collected through tracking technologies and relationship insight tools; and
  • Any other information relating to you that you or others may provide.

Purposes for which we use your personal information

We will only use your personal information when the law allows us to do so. Most commonly we will use your personal information in the following circumstances, where permitted:

  • when we need to perform a contract we are about to or have entered into with you,
  • when we need to do so to comply with a legal obligation,
  • where permitted by law, when it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests,
  • when it is necessary to establish, exercise or defend legal claims,
  • if you have already made the information public, or
  • if you have given your consent.

To the extent permitted by law, we may process your personal information for the following purposes:

For the purposes of carrying out business intake procedures: this will include using and/or obtaining information for the purposes of carrying out anti-money laundering, conflict and other business intake searches.

For providing legal advice to our clients: the information may include contact data, data concerning your employment or business activities and any other data relevant to the transaction, litigation or other matter upon which we are advising. Where necessary (such as in employment or pensions work) and, permitted by law, that data may include ‘special categories’ of personal information such as data relating to your health.

For the purposes of marketing our services: we may use information about you for the purposes of promoting our business, if you request information about our services or indicate that you have an interest in receiving communications on legal topics, respond to invitations to events, or comment on our blogs or social networks. Based on that information, we may also identify further products, services, legal topics and events about which you may wish to know more.

You have the right to ask us not to process your personal information for marketing purposes. You can exercise your right to prevent such processing by checking the appropriate boxes on the forms we use to collect your data. You can also exercise that right at any time by contacting us as set out below. For information about our use of relationship insight tools, please see Use of Online Identification Technologies and Relationship Insight Tools below.

For the functioning of our business and its operations: we may use your personal information in the course of operating our business, including the management of our relationships with third party suppliers, dealing with our insurance arrangements, facilitating a business sale, acquisition or restructuring or for seeking external legal advice.

We may rely on more than one purpose  for a particular category of personal information.

Change of Purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will only do so if legally permitted to do so and with appropriate notice (or consent, if required by law).

If you wish to understand more about the basis upon we are using your data please contact us as set out below.

Transferring and Sharing Your Information

With effect on 2 December 2024, the JSM Practices will operate independently of the global Mayer Brown Practices (defined below). At the same time, Mayer Brown Hong Kong LLP (“MBHK”) will begin operating as part of the global Mayer Brown Practices and MBHK and JSM will enter into a formal association (the “Association”) for regulatory purposes.

While the Association is in effect, the Mayer Brown Practices and JSM Practices will share certain systems and data and their staff will collaborate in the operation of those systems. Your personal information may be transferred outside of the jurisdiction where you are located and stored on JSM’s or Mayer Brown’s servers located in different countries. Your personal information may be processed by the Mayer Brown Practices and us on those servers for business or administrative purposes. The types of personal information involved and uses may include those detailed above where appropriate. Because information may be shared, the Mayer Brown Practices and JSM treat themselves as one firm for purposes of the professional rules of conduct relating to confidentiality and conflicts of interest.

When we transfer personal information outside of the jurisdiction you are located, we do so under a personal data protection agreement or contractual clauses that conform to applicable law in the jurisdiction where you are located, including standard contractual clauses or contracts where required by laws.

We may provide personal information to third parties that perform operational services for us solely for our use and benefit or professional advisors (such as barristers and local counsel) and service providers (such as document review platforms) in order for them to perform services on behalf of a client with their consent. We will only transfer your personal information in these circumstances where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required. On occasion, we may be required by law to disclose personal information by a regulator, court or authority. Where necessary and with appropriate safeguards, we  may also need to disclose information to its professional advisors (e.g. legal and financial advisors), bankers, auditors, insurers and insurance brokers.

Identity Access Management

Some employees and contractors of our Firm who use Firm-issued devices can choose to enable certain features that use personal and/or biometric information, securely stored on their devices. This information is stored securely on their devices while they use these features, and is deleted with a reasonable time after their departure from our firm, not to exceed 3 years in any event.

Online Identification Technologies

Use of Online Identification Technologies and Relationship Insight Tools

We use online identification technologies such as cookies on our websites, collaboration sites and other digital media (“Websites”). You can access our Cookie Policy here.

If your contact details are held in our marketing database, we may use relationship insight tools which collect aggregate information about your interactions with us via emails, outlook calendar invitations, business development activities and other interactions for business development purposes. These relationship insight tools allow us to keep your contact details and profile up-to-date and to gain an understanding of the extent of your relationship with others within our Firm. Your marketing insight information is held in accordance with our retention policies.

If you would prefer us not to use relationship insight tools in relation to your profile, please email privacy@jsm.com or use the ‘private’ tag in emails. Please update us if your contact details change.

Confidentiality and Security

We take reasonable precautions to ensure that your personal information remains confidential and have put in place appropriate security measures to protect your personal information. We will limit access to those who have a business need to know; they will only process your personal information on our instructions and subject to a duty of confidentiality.

We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator where we are legally required to do so.

How Long do we Keep Your Personal Information?

We have document retention and destruction practices relating to data which differ according to the geographical region, practice area/business support team, the nature of the information, its format and type of documentation.

In determining the appropriate retention period for personal information we consider such factors as the nature of the information, the purposes for which the data is retained, appropriate security measures, relevant technical constraints and applicable legal requirements.

Please contact us if you would like further information about our record retention policies. 

Data Privacy Enquiries and Access to Information

If you believe the information we hold is inaccurate or no longer current, please contact us so that we can remove or correct the information as appropriate.

If your personal information is processed by us in Hong Kong or Mainland China, the applicable data protection legislation gives you rights to access information held about you.

Further Information about Data Rights

You have certain rights under the applicable data protection laws that you can exercise under certain circumstances in relation to the personal information that we hold. These rights include:

  • the right to request access to and correct your personal information in our records,
  • the right to receive a copy of you personal information in a intelligible format, if we hold any of your information, and
  • the right to object to the processing of your personal information in certain situations, such as objecting to its use for direct marketing purposes.

How to Exercise Your Data Privacy Rights

If you wish to exercise your data privacy rights, make a complaint, ask a question or make a suggestion, please see the section headed “How to Contact Us” below. It is recommended that you provide supporting documents that verify your identity and provide a clear and specific description of your request. Please note that in accordance with applicable laws, we may charge a fee for accessing your information, if permitted.

Regulatory and Contact Information

JSM is an independent law firm in Hong Kong with representative offices and a consultancy service provider in Mainland China. Details of the individual JSM Practices can be found in the Legal Notices section of our website (www.jsm.com). For information about the data privacy contacts for each JSM Practice, please read the list here.

Mayer Brown is a global services provider comprising legal practices that are separate entities (collectively the “Mayer Brown Practices”). Details of the individual Mayer Brown Practices can be found in the Legal Notices section of Mayer Brown’s website (www.mayerbrown.com). Further information about Mayer Brown’s data protection contacts including (where applicable), Data Protection Officers and representative offices are listed here.

Changes to Our Privacy Notice

We may change our Privacy Notice from time to time. Any changes will be posted to this page. You should check this website periodically.

How to Contact Us

This Privacy Notice was drafted with brevity and clarity in mind. We are very happy to assist with any further queries. You may contact our privacy team directly by emailing privacy@jsm.com or use the contact details provided here.

 

 

Please scan the QR code and follow us on WeChat

Wechat ID: JSM_Legal
JSM WeChat QR code