Why and How We Handle Personal Information
Many countries have data protection laws that protect the privacy of individuals by regulating the way in which businesses handle personal information, as well as requiring businesses to be open and transparent about why and how they handle personal information, among other things.
Our Client Privacy Notices, linked below, provide a general explanation of why and how we handle personal information relating to our clients, business contacts and other persons in connection with the client-facing business we conduct:
Maples Group Client Privacy Notice – Legal Services (EU+JE+UK). This notice applies to the legal services we provide through our partnerships and other entities in Europe.
Maples Group Client Privacy Notice – Fiduciary Services (EU+UK+JE). This notice applies to the fiduciary services and related services, such as entity formation / registration services, registered office services and corporate secretarial services we provide through our European entities.
Maples Group Client Privacy Notice – Fund Services (EU). This notice applies to the fund administration and related services we provide through our European entities (excluding MPMF Fund Management (Ireland) Limited).
Maples Group Client Privacy Notice – MPMF Fund Management (Ireland). This notice applies to the fund management services we provide through MPMF Fund Management (Ireland) Limited.
Our Website Privacy Notice, linked below, explains why and how we handle personal information relating to visitors to our website:
Our Job Applicant Privacy Notice, linked below, describes how we handle personal information relating to job applicants:
Maples Group Job Applicant Privacy Notice – (EU+UK). This notice applies to those applying for a job, summer internship or a work experience placement with one of our European entities.
The Assurances We Offer Where We Act As a 'Processor'
In European countries, where the General Data Protection Regulation (GDPR) and equivalent legislation applies, businesses that engage a service provider that acts as a 'processor' are legally required to ensure that the service contract contains certain contractual assurances.
Our Data Processing Addendum, linked below, contains the assurances we offer to our clients in accordance with Article 28 of GDPR, and, unless specifically agreed otherwise, it applies from 25 May 2018 to all client engagements of our European entities where we act as a 'processor' in providing our services.
Where appropriate and necessary, the aforementioned Data Processing Addendum can also be offered to our clients outside Europe who are serviced by our non-European entities. This may be the case, for example, where such clients trigger the extra-territorial effect of GDPR by offering their products / services to European residents.
Please note that when we provide legal services, director services, AML services, fund management services and similar services where we act as a 'controller' in our own right for the purposes of GDPR and equivalent legislation, we will not enter into addendums or agreements that seek to impose the requirements of Article 28 of GDPR on us.
European Restriction on Cross-border Data Transfer
In European countries where GDPR and equivalent legislation applies, businesses that wish to allow personal information to be handled outside Europe are generally required to take steps to ensure that the personal information sent outside Europe (or accessed from outside Europe) continues to be protected to the same European standard.
We can offer to enter into the relevant, prevailing form of EU standard contractual clauses (either the 'controller-to-controller' form or the 'controller-to-processor' form) to address this restriction, where it is appropriate and necessary to do so. This may be the case where our clients inside Europe need to share personal information with our non-European entities, or where our clients outside Europe need to share personal information that was sourced from Europe with our non-European entities.