Privacy Policy for “Al Munshed” Law Firm
Responsibility
This Privacy Notice is provided by Al Munshed Law Firm, Building 1, Floor 4, Al-Daoudi, Al-Mansour, Baghdad; “Al Munshed Law Firm”, “we”, “us”, “our”), for and on behalf of itself and the various entities operating as part of the Al Munshed law firm across the Middle East.
We are devoted to safeguarding the privacy of the personal information that we process in the course of our business, including the personal information we get from you (“you” or “your”). This Privacy Notice explains how and why we gather, store and use personal information, and provides information about the rights of the individuals to whom such personal information relates.
For the purposes of applicable data protection law, Al Munshed Law Firm is typically the “data controller” of any personal information provided to us. Specifically, your data will be controlled by the Al Munshed that you have instructed, or that is providing services to or communicating with you. Very occasionally, we will act on specific retainers as a “processor” (meaning that we process personal data only in accordance with the directions of a data controller, or as otherwise permitted by law).
Please read the following information carefully to understand our views and practices regarding how we handle personal information. If you have any queries about our approach to data protection that are not already addressed in this Privacy Notice, please contact our Director of Compliance & Quality, as per the contact details set out at the end of this Privacy Notice.
Collection of Personal Information
We may collect personal information from you in the course of our business, when you contact us or request information from us, when you direct us to provide legal services, when you use our website as a result of your relationship with any of our personnel or clients.
The personal information that we process includes:
• Basic details, such as your name, role/title, employer/s, your relationship to a person, and your contact information (such as your email address, physical address, contact numbers);
• Identification information to authorize us to check and verify your identity (e.g. your birthdate; your passport details), and information collected from publicly available resources to verify the same;
• Data related to the matter on which you are seeking our legal services;
• Bank account or other financial information, if relevant to our engagement with you;
• Technical information (including your location, IP address, browser details, traffic data, location data), such as information from your visits to our website or mobile app (page interaction information, length of visits, etc.), or in relation to marketing emails we send to you;
• Information relating to your visits to our offices or our meetings and events, including appointment details (e.g. time, location, participants), CCTV images and other photographic or video images;
• Personal information provided to us by or on behalf of our clients, or caused by us in the course or providing services to them, which may include special categories of personal data;
• Any other information relating to you which you may provide to us.
We may collect your personal information:
• As part of our new business intake and client on-boarding or client maintenance activities, and when you seek legal services from us;
• When you seek employment from us, as part of our new employee on-boarding and maintenance of the employment relationship, or when you engage with our alumni group;
• When you provide (or offer to provide) services to us, either yourself or on behalf of your employer;
• When we are acting on a matter where you or your employer are a party to the same;
• When you interact with our website or mobile app, or use any of our online services;
• When you interact with us in respect of any of our marketing communications or events;
We gather most of this information directly from you, or through your use of our website. nevertheless, we may collect data about you from a third party source, such as our clients, your employer, other parties to matters in which we are involved, platform operators for technology used in our business (e.g. webinar platforms), other organizations that you have dealings with, regulators or other government authorities, credit reporting agencies, information service providers, or from publicly available records.
The information you provide may be confidential, and we will maintain such confidentiality and protect your information in accordance with our professional obligations and applicable law. We have arrangements in place with personnel and service providers who may process your personal information, to ensure that confidentiality is maintained.
Purposes
Whether we receive your personal data directly from you or from a third party, we will only use your personal information if we have obtained your consent (where necessary), or if we have another a lawful basis upon which to do so (e.g. for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into such contract; for compliance with a legal obligation on us; to protect your vital interests or those of another natural person; or for our own legitimate interests, or those of a third party, except where such interests are overridden by your own rights or interests).
The objectives for which we process your personal information are as follows:
• Providing legal services to you;
• Communicating with you in respect of legal developments and the promotion of our legal practice;
• Managing our business relationship with you (or your organization), whether in connection with the provision of our legal services, the procurement of your goods and services, or as your employer (or potential or former employer), including processing payments, accounting, auditing, billing and collection and related support services.
• Complying with our legal obligations, including with respect to legal and regulatory considerations (e.g. anti-money laundering and sanctions checks, audits, enquiries by regulatory authorities);
• Managing and securing access to our premises and information technology systems, and monitoring the technology side of our operations;
• Keeping your contact details accurate and current using information provided by you, or information publically available;
• For any purpose related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us.
Cookies
A web server sends little files called cookies to a computer’s hard disk so that a website can remember who you are. Cookies may collect data about how you use our websites, demographic information, and computer information (such your IP address and browser type). Cookies help us make our website better.
In particular, we track unique visitors to our website and app using Google Analytics and other similar products. We store a unique visitor ID, the time and date of their first visit, the start of their current visit, and the total number of visits they have made. We also record session details so that we can attribute visit information, such as conversions and transactions, to a traffic source. Finally, we record the fact that a website visit has ended and the browser has closed. The majority of web browsers include a feature that lets you know when a new cookie is sent to you and instructs you on how to reject it or turn off cookies completely, if that’s your preference.
Sharing your Personal Information
We may disclose your personal information to a recipient (i) for the purposes of outsourcing one or more of the purposes-related functions expressed above; (ii) to confirm or update information provided by you; (iii) to inform you of events, information about our services, and other important information, or (iv) for other purposes disclosed at or before the time the information is collected. If we re-organize our business, we may need to transfer your personal information to other group entities or to third parties.
In relation to any other disclosures to third parties as mandatory to provide the services as effectively as we can (for example but not limited to our professional advisors as such as lawyers and accountants, government or regulatory authorities, professional indemnity insurers, tax authorities, document processing and transaction services, corporate registries, counsel, arbitrators, mediators, clerks, witnesses, experts, third party postal and courier services), we will only do so where you have given your consent, where we are required to do so by law, or where it is necessary for the purpose of or in connection with legal proceedings or in order to exercise or defend legal rights. We do not sell, rent, distribute, or otherwise make, personal information commercially available to any third party.
In addition, we make use of third party technology services including, amongst other things, cloud security systems. The use of these services may require your personal information to be held in the cloud on infrastructure managed by the relevant service provider.
How long we keep your Personal Information
We will keep your personal information for the length of time needed to fulfill the purposes for which it was collected, unless we specifically agree a longer retention period with you, or a longer retention period is required or permitted by law.
Your Rights
Various rights may be available to you, depending on the circumstances and the applicable law. We summarize key rights likely to be available to most data subjects:
• Withdraw consent: When personal information is processed on the basis of consent, you may withdraw consent at any time, although such withdrawal will not affect the lawfulness of processing occurring prior to such withdrawal;
• Access and rectification, etc.: You may request access to and rectification or erasure of personal information, or restriction of Processing concerning the Data Subject or to object to Processing as well as the right to data portability.
• Objecting and restricting: You may object, on legitimate grounds, to the processing of your personal information, or request that processing be restricted; and
• Complaints: If you believe that your data protection rights may have been breached, you may lodge a complaint with the relevant data protection authority (e.g. the Commissioner of Data Protection in the case of the DIFC).
If you would like to exercise any of the above rights, or any other rights available to you pursuant to applicable law, please contact our Director of Compliance & Quality using the contact details set out below
Information Security
In order to protect your personal information against loss, change and exploit, we have implemented reasonable administrative, technical and physical measures.
Changes to this Privacy Notice
We may once and a whole make change to this Privacy Notice. Where these are likely to be necessary, we will communicate these beforehand. Otherwise, these will become functional once the amended Privacy Notice is published on our website. Please keep a check on regular basis to keep informed of updates to this Privacy Notice.
Contact Details
If you have any questions about this Privacy policy, or our processing of your personal data, feel free to contact us using the contact details set out below:
Director of Compliance & Quality
Building 1, Floor 4, Al-Daoudi, Al-Mansour, Baghdad
Email: info@almunshed.law
Telephone: +964 786 600 0664