Privacy Policy
General
This Privacy Notice sets out how Mourant ("we", "our", or "us") collects and processes personal data from you in connection with our recruitment processes.
In this Privacy Notice, "Data Protection Legislation" means all appliable legislation relating to privacy or data protection in force from time to time in any of the jurisdictions in which we operate (as the same may be amended and/or updated from time to time), including without limitation, the EU General Data Protection Regulation 2016/679 (GDPR), Hong Kong's Personal Data (Privacy) Ordinance (Ch. 486) (PDPO), and Singapore's Personal Data Protection Act(No.26 of 2012) (PDPA). The terms "controller" or "processor" will have the same or equivalent meaning as given to it under applicable Data Protection Legislation, save in respect of Hong Kong where "controller" should be construed as meaning "data user" as defined in the PDPO, and, in Singapore, where "controller" should be construed as meaning the "organisation" and "processor" should be construed as meaning "data intermediary" as respectively defined in the PDPA. We use the terms "controller" and "processor" throughout this Privacy Notice for consistency.
Any questions in relation to this Privacy Notice or requests in respect of personal data should be directed to dataprotection@mourant.com in the first instance. Alternatively, in the case of Singapore, please contact Simon Berry by e-mail at simon.berry@mourant.com or telephone +65 681 4590.
For the purpose of the Data Protection Legislation, the controller of any personal data collected or processed by us will be the relevant Mourant entity incorporated or established in the jurisdiction where the recruitment vacancy is located. Details of the Mourant entities who may process your data are provided at the end of this Privacy Notice.
We use Pinpoint, an online software product provided by The Infuse Group Ltd (t/a Pinpoint Software), to assist with our recruitment process. Where Pinpoint processes personal data it does so as a processor on our behalf. Pinpoint is only entitled to process your personal data in accordance with our documented instructions and we have agreed a data processing agreement with Pinpoint in accordance with the applicable Data Protection Legislation.
Where you apply for a job opening posted by us, these Privacy Notice provisions will apply to our processing of your personal information, in addition to our other Privacy Notice available on our website.
The personal data we collect from you
We collect and process personal data from you when you apply for a job opening. This includes information provided through an online application (including via Pinpoint), via email, in person at interview and/or by any other method during the recruitment process. In particular, we process personal details such as your name, email address, residential address, date of birth, qualifications, experience and any other information relating to your employment history, skills and experience that you provide to us. In addition, if you contact us, we may keep a record of that correspondence and we keep details of your visits to our career website including, but not limited to, traffic data, location data and other communication data, the site that referred you to our careers website and the resources that you access.
The personal data we collect from other sources
Pinpoint provides us with the facility to link the data you provide to us with other publicly available information about you that you have published on the internet. This may include sources such as LinkedIn and other social media profiles. Pinpoint's technology also enables us to search various databases which may include your personal data, to find possible candidates to fill our job openings. Where we find you in this way we will obtain your personal data from these sources.
We may also receive personal data about you from recruitment agents or other businesses you liaised with in connection with your application to us.
Purpose and lawful basis for processing
We will use your personal data for our general recruitment purposes. This includes, considering your application in respect of the job opening for which you have applied, considering your application in respect of other job openings within Mourant, to communicate with you in respect of the recruitment process, to enhance any information that we receive from you with information obtained from third party data providers, to find appropriate candidates to fill our job openings, and to help Pinpoint improve their services.
Where permitted to do so by applicable Data Protection Legislation, we will rely on our legitimate interests to recruit personnel for our business as the lawful basis for such processing. Your personal data will only be processed under this lawful basis in circumstances where we can balance your legitimate interests with our own in accordance with the applicable Data Protection Legislation.
Where we are unable to rely on our legitimate interests, then in instances where you have been provided with this Privacy Notice and you provide us with your personal data thereafter, the processing may be carried out on the basis of consent. We will only seek to rely upon your consent where no other legal basis is available to us, and your consent may be withdrawn at any time by writing to dataprotection@mourant.com.
Automated decision making / profiling
We may leverage Pinpoint's technology to help us select appropriate candidates for us to consider based on criteria we have identified. This process of finding suitable candidates is automatic, however, any decision as to who we will engage to fill the job opening will be made by an appropriate member of our team.
How we share your personal data
The provision of personal data to one Mourant Group entity may result in that data being accessible by all other Mourant Group entities. We use reasonable endeavours to ensure that data is only accessible by those with a need for access to fulfil the purposes set out above. Requests for access to data to be restricted in any particular manner should be made to dataprotection@mourant.com and will be considered and, where possible with reference to legal and regulatory obligations, actioned.
Our offices include jurisdictions outside the European Union which have not been deemed adequate for European Union data protection purposes (namely, the British Virgin Islands, the Cayman Islands, Hong Kong, Mauritius, and Singapore), however, please note that we operate a global data protection policy based on the requirements of the GDPR, and those offices are expected to meet the same standard as our other offices. In addition, we have a data transfer agreement in place between each Mourant Group entity to enable information to be shared across our businesses in accordance with applicable Data Protection Legislation.
As with many businesses offering services like those of Mourant, we utilise third party IT platforms, including cloud-based platforms and subscription application services. Certain of these services (for example the use of Microsoft 365 and iManage (our document management system)) are deployed as a matter of course. The use of such services may require information to be stored or processed in a cloud or infrastructure managed by the relevant service provider. The confidentiality and security of your personal data is of key importance to us, and we conduct careful due diligence on the security of any third-party technology systems we use. In addition, and where possible, we request that service providers of cloud-based platforms and subscription application services processing information provided by us, do so using data centres based in either an EU member state or the UK.
By way of example, the personal data that we collect from you and process using Pinpoint's services will be transferred to and stored at one of several datacentre locations in Amsterdam (Netherlands) and may be synchronised to one of several datacentre locations in London (United Kingdom) for backup and redundancy purposes. By submitting your personal data, you agree to this transfer, storing or processing.
Security
We use up-to-date storage and security to hold your data securely in electronic or physical form to protect your data from unauthorised access, improper use or disclosure, unauthorised modification or unlawful destruction or accidental loss. Our IT usage and securities policies are supported by our ISO 27001 certification and our premises are access controlled and our electronic databases require logins and password authentication. All our partners, employees, and third-party service providers who have access to data are subject to confidentiality obligations.
Please note, however, that the transmission of information via the internet is not completely secure and although we take appropriate and proportionate steps to manage the risks posed, we cannot guarantee the security of your information transmitted to our online services.
Retention
Mourant only keeps data for as long as necessary to fulfil the purposes (as set out above) for which we have collected it. For recruitment purposes, our policy is to retain all candidate data for a period of 6 months from the time of application. Your personal data will be deleted on the occurrence of one of the following:
- deletion of your personal data by you via the Manage Your Data tool; or
- receipt of a written request from you to us (see below).
Any requests for further information in relation to the continued processing of personal data, and requests for destruction of personal data, should be made to dataprotection@mourant.com.
Rights of data subjects
Data subjects who have data held by Mourant may have certain rights in respect of their personal data.
Any such data subject wishing to exercise any rights under applicable Data Protection Legislation (including the right to withdraw any consent to processing previously given; the right of access to data; or to have data corrected, updated, rectified or erased; or for access to data to be restricted to provided to any third party; or to object to any particular processing) should send the request in the first instance to dataprotection@mourant.com or utilise the Manage Your Data tool provided.
Mourant Group Entities
Full details of all Mourant Group entities are included on the Legal and Regulatory Notice and Disclaimer section of our website.
Mourant LP is the ultimate data controller for Mourant. In addition, the below table lists the primary entities within Mourant who may process your personal data in connection with this Privacy Notice. Each of these entities are, where required, registered as a data controller (and in some cases a data processor) in the listed jurisdictions. Any complaint may be brought to the attention of the relevant Data Protection Authority.
Entity: Mourant Services (BVI) Limited
Jurisdiction: British Virgin Islands
Data Protection Authority: Office of the Information Commissioner
(Currently subject to appointment).
Jurisdiction: British Virgin Islands
Data Protection Authority: Office of the Information Commissioner
(Currently subject to appointment).
Entity: Mourant Cayman Limited
Jurisdiction: Cayman Islands
Data Protection Authority: Office of the Ombudsman
5th Floor, Anderson Square, 64 Shedden Road, PO Box 2252, George Town, Grand Cayman KYI-1107, Cayman Islands
Jurisdiction: Cayman Islands
Data Protection Authority: Office of the Ombudsman
5th Floor, Anderson Square, 64 Shedden Road, PO Box 2252, George Town, Grand Cayman KYI-1107, Cayman Islands
Entity: Mourant Services (Guernsey) Limited
Jurisdiction: Guernsey
Data Protection Authority: The Office of the Data Protection Authority
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
+44 (0) 1481 742074
Entity: Mourant Services (Hong Kong) Limited
Jurisdiction: Hong Kong
Data Protection Authority: Office of the Privacy Commissioner for Personal Data
Room 1303, 13/F, Sunlight Tower, 248 Queen's Road East, Wanchai, Hong Kong
+852 2827 2827
Entity: Mourant Services (Jersey) Limited
Jurisdiction: Jersey
Data Protection Authority: Jersey Office of the Information Commissioner
2nd Floor, 5 Castle Street, St. Helier, Jersey, JE2 3BT
+44 (0) 1534 716530
Entity: Mourant Governance Services (Luxembourg) S.à r.l.
Or
Entity: MourantGS Services (Luxembourg) S.à r.l.
For vacancies within Governance Services. Further details on the relevant entity will be set out in the job description for the role.
Jurisdiction: Luxembourg
Data Protection Authority: Commission Nationale pour la Protection des Données, 15, Boulevard du Jazz, L04370 Belvaux, Luxembourg, Grand Duchy of Luxembourg
Or
Entity: MourantGS Services (Luxembourg) S.à r.l.
For vacancies within Governance Services. Further details on the relevant entity will be set out in the job description for the role.
Jurisdiction: Luxembourg
Data Protection Authority: Commission Nationale pour la Protection des Données, 15, Boulevard du Jazz, L04370 Belvaux, Luxembourg, Grand Duchy of Luxembourg
+(352) 26 10 60-1
Entity: Mourant Ozannes (Luxembourg) S.à r.l.
For vacancies within Legal Services.
Jurisdiction: Luxembourg
Data Protection Authority: Commission Nationale pour la Protection des Données, 15, Boulevard du Jazz, L04370 Belvaux, Luxembourg, Grand Duchy of Luxembourg
For vacancies within Legal Services.
Jurisdiction: Luxembourg
Data Protection Authority: Commission Nationale pour la Protection des Données, 15, Boulevard du Jazz, L04370 Belvaux, Luxembourg, Grand Duchy of Luxembourg
+(352) 26 10 60-1
Entity: Mourant Global Solutions Limited
Jurisdiction: Mauritius
Data Protection Authority: Data Protection Office
Level 5, SICOM Tower, Wall Street, Ebene Cyber City, Ebene, Republic of Mauritius
+230 460 02 51
Entity: Mourant Governance Services (Singapore) Pte. Ltd
For vacancies within Governance Services.
Jurisdiction: Singapore
Data Protection Authority: Personal Data Protection Commission
10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
+65 6377 3131
Entity: Mourant Ozannes (Singapore) LLP
For vacancies within Legal Services.
Jurisdiction: Singapore Data Protection Authority: Personal Data Protection Commission
10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
Jurisdiction: Singapore Data Protection Authority: Personal Data Protection Commission
10 Pasir Panjang Road, #03-01 Mapletree Business City, Singapore 117438
+65 6377 3131
Entity: Mourant Services (UK) Limited
Jurisdiction: United Kingdom
Data Protection Authority: Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
0303 123 1113
All enquiries in respect of this Privacy Notice or any request to exercise any of the rights set out above should be directed to the relevant Data Protection Officer, as follows:
Entities: All entities listed in this Privacy Notice other than those entities listed below
DPO Email: dataprotection@mourant.com
DPO address: Data Protection Officer, Mourant Ozannes, 22 Grenville Street, St Helier, Jersey, JE4 8PX, Channel Islands
Entities: All entities listed in this Privacy Notice other than those entities listed below
DPO Email: dataprotection@mourant.com
DPO address: Data Protection Officer, Mourant Ozannes, 22 Grenville Street, St Helier, Jersey, JE4 8PX, Channel Islands
Entity: Mourant Global Solutions Limited
DPO Email: Will.morgan@mourant.com
DPO address: Data Protection Officer, Mourant Global Solutions Limited
DPO Email: Will.morgan@mourant.com
DPO address: Data Protection Officer, Mourant Global Solutions Limited
Office 14-17, 2nd Floor, Block 2, The Strand, Lakeside District, Beau Plan 21001, Mauritius
Entity: Mourant Ozannes (Luxembourg) S.à r.l.
DPO Email: dataprotection@mourant.com*
DPO address: DPO address: Mourant Ozannes (Luxembourg) S.à r.l., 4 avenue Jean-Pierre Pescatore, L-2324 Luxembourg, Grand Duchy of Luxembourg
DPO Email: dataprotection@mourant.com*
DPO address: DPO address: Mourant Ozannes (Luxembourg) S.à r.l., 4 avenue Jean-Pierre Pescatore, L-2324 Luxembourg, Grand Duchy of Luxembourg
Entity: Mourant Governance Services (Luxembourg) S.à r.l.
DPO Email: info@mourant.lu*
DPO address: Mourant Governance Services (Luxembourg) S.à r.l., 18, rue Michel Rodange, L-2430, Luxembourg, Grand Duchy of Luxembourg
DPO Email: info@mourant.lu*
DPO address: Mourant Governance Services (Luxembourg) S.à r.l., 18, rue Michel Rodange, L-2430, Luxembourg, Grand Duchy of Luxembourg
Entity: MourantGS Services (Luxembourg) S.à r.l.
DPO Email: dataprotection@mourant.com*
DPO address: MourantGS Services (Luxembourg) S.à r.l., 20, rue Michel Rodange
DPO Email: dataprotection@mourant.com*
DPO address: MourantGS Services (Luxembourg) S.à r.l., 20, rue Michel Rodange
L-2430, Luxembourg, Grand Duchy of Luxembourg
*Mourant Ozannes (Luxembourg) S.à r.l., Mourant Governance Services (Luxembourg) S.à r.l., and MourantGS Services (Luxembourg) S.à r.l. have not appointed a data protection officer. All enquiries to these email addresses will be directed to the board of managers (gérants) of the relevant company.
*Mourant Ozannes (Luxembourg) S.à r.l., Mourant Governance Services (Luxembourg) S.à r.l., and MourantGS Services (Luxembourg) S.à r.l. have not appointed a data protection officer. All enquiries to these email addresses will be directed to the board of managers (gérants) of the relevant company.
Changes to this Privacy Notice
We keep this Privacy Notice under review and any updates will appear on our website at www.mourant.com.
We last updated this Privacy Notice on 27 August 2024.