Effective date: 21st July 2022
Your privacy is important for us. This Privacy Policy describes how M L F Group (a Swiss Association) with its member firms and affiliates, including Max law firm international Co, Ltd (Thailand), Max Law Firm Co, Ltd, (Thailand), Max Law Firm LLC, (Ukraine), Max Law Firm SARL, (Switzerland), and Max Law Data GmbH (Germany) hereinafter “we”, “us”, or “ Max Law Firm” collect, use, share and disclose your Personal Data about:
- The visitors of our websites, blogs, and other online properties (each, a “Site”)
- Contact persons for our existing and future customers
- Contact persons for Max Law Firm’s suppliers of products and services
- All other individuals whose Personal Data Max Law Firm obtains
This Privacy Policy is in line with the EU General Data Protection Regulation (GDPR) and, to the extent applicable, Thailand’s Personal Data Protection Act BE 2562 ( 2019) (PDPA), the Swiss Data Protection Act (DPA), and the UK data protection act 2018. We are committed to protecting the privacy and security of personal data collected by us or provided to us during our business in compliance with the above-mentioned regulations.
As “Personal Data” is defined in the EU General Data Protection Regulation 2016/679/EU (GDPR), “Personal Data” in this Privacy Policy refers to information that able you (either in isolation or when combined with other information likely to come into our possession) to be identified as an individual or recognized directly or indirectly.
We are a law firm that provides legal and other client services globally through member firms and affiliates of M L F Group (Swiss verein /Association) and under the name of “Max Law Firm”. MLF Group is a Swiss association that does not itself provide legal services or other client services. For more information (name, contact details, etc.,) about M L F Group member firms and affiliates, please click here.
Legal services are provided by each member firm and affiliates separately through the partners, associates, advocates, and lawyers who are qualified by the relevant bar associations in the countries where the member firms and affiliates provide legal services.
Remark: Although Max Law Data GmbH (registered under number HRB 123836 District Court Frankfurt am Main, Germany) is one of the affiliates of M L F Group ( Swiss Verein/ Association) but is not authorized to provide legal services, therefore, it does not provide any legal services. To know about Max Law Data GmbH details including its objectives and the services it provides, its location, commercial registration number, and any other information please click here or go to www.maxlawfirm.co.th/max-law-data/
Max Law Firm International Co, Ltd, is the owner of the website WWW.MAXLAWINT.COM. Max Law Firm SARL is the owner of the website WWW.MAXLAWFIRM.CH. Max Law Firm Co, Ltd is the owner of the website WWW.MAXLAWFIRM.CO.TH which all linked to each other.
Personal data is collected by each member of the M L F Group (a Swiss Association) separately in corresponding with the different data protection regulations based on the different locations. Max Law Firm SARL in Switzerland, Max Law Firm LLC in Ukraine, Max Law Firm Co, Ltd and Max Law Firm International Co, Ltd, jointly in Thailand, and Max Law Data GmbH, in Germany and European Union, which all here called, in short, “Max Law Firm”, are the data controllers.
Unless we clearly state differently, “Max Law Firm” is the data controller of the Personal Data we process and is thus responsible for ensuring that the systems and procedures we use are consistent with data protection regulations, to the degree that they apply to us. The employees of “Max Law Firm” must comply with this employment Privacy Policy and related Max Law Firm’s policies when they deal with Personal Information.
We collect personal data from the client, individuals, and business partners in the context of our business relationship, and site users when operating our websites, apps, or other applications. We receive and collect personal data from a variety of sources, including data subjects themselves, clients, employees, and publicly accessible sources, when you offer or provide us products and services and when you request information from us by evaluating your products and services.
In case we obtain data from our clients, it is the client’s responsibility to ensure that any such data about staff, customers, or other persons are transferring to us complies with applicable data protection laws.
If you do not provide personal information to us, certain features of our services may be unavailable and we may not be able to respond to your request, provide services to you, or provide you with marketing.
The categories of personal data that we collect are as follows:
- Basic data: Name, nationality, gender if you provide it to us, title, organization, job responsibilities, education, and employment history, business interests, phone number, mailing address, email address, contact information, information from CCTV, and information of all kinds from interactions with us, information about your family life including family, children, consultants, legal representatives, hobbies, and interests, etc.
- Special categories of data: We will also collect and process information of all kinds that is revealed to us in the course of our services or where you have provided us with the information which may include special categories of sensitive data. The data such as dietary information, which might reveal information about your health or religious beliefs, disability, or other similar requirements, as well as data about events you attend. Where your consent is needed for collecting and processing these sensitive data, we obtain your consent before. Please note we may not be able to respond to your particular needs if you do not provide such information.
- Client service & job applicants’ data: Personal data about staff, clients, or other people known to clients, data relevant to clients’ attendance at our events, as well as the completion of feedback questionnaires, invoicing information and payment history, record client’s attendance in our firms for security reasons, and client reviews. Data are given by applicants who are seeking jobs or other people on our websites or by offline means concerning job openings, which may also be subject to a separate local recruitment privacy policy.
- Compliance & Transaction data: The required data to Know Your Client ( KYC) and/or Anti-Money Laundering regulations, the existence of criminal offences or clean criminal record confirmation where permitted by applicable law and appropriate to do so, beneficial ownership data and due diligence data, dates of birth, Government identifiers, passports or other forms of identification, documents, correspondence, or other materials provided by or relating to transactions conducted by our clients in case they include personal data.
- Registration & Marketing data: Including registration for events/seminars, subscriptions, and subscriptions for the newsletter, special types of data about preferences, username/passwords, downloads, individual conference and in-person seminar attendance data, credentials, affiliations, preferences, and interest in the products.
- Device data: We also collect your IP address (Computer Internet Protocol address), (UDID) unique device identifier, information about the usage of our websites (usage data), and the data linked to a device such as cookies.
- Recruitment data: When you apply for a recruiting event or job at Max Law Firm, you may be needed to provide us with your personal data including special categories of personal data. by your application, you expressly grant us your consent to use this data. The purpose that we collect this data will be to use them to consider your application and to carry out checks to verify the data you provided us (including identity, background, excerpts from the debt enforcements register, references, suitability, and criminal record checks). To store this data, we use a third-party service provider based in the countries including Switzerland, United Kingdome, Germany, Ukraine and Thailand. In case we need to collect the required data for your employment where you fail to provide that data when requested, we may not be able to consider your application any longer.
Besides the above-mentioned information, the data that we collect regarding your job application is in the following categories:
Employment, compensation, benefits, and performance: for instance, hire date, job title, position/grade, adjusted service date, action/status codes, attendance, supervisor, site, family member/dependents names and dates of birth union, objectives, department, salary, bonus, long term incentives, business unit, projects, performance reviews, performance and leadership ratings, awards and retirement,
Education and training: for instance, curriculum vitae, education level, training courses, competency assessments; field, and institution; professional licenses and certifications.
National identification numbers: such as; passport number, Social security number, driving license number, vehicle license plate number, information about the bank account, corporate card number, letters of recommendation and employment history, accommodations and work restrictions, industrial hygiene exposure assessment, and monitoring information, agreements that you enter into with Max Law Firm, computer or facilities access and authentication information, grievance resolutions; and photos and your visual images.
This list is non-exhaustive but reflects the diverse nature of the personal data processed as part of our law firm-provided services.
- For providing legal consultation and for responding to inquiries
We use basic data, registration data, client service data, and device data, for providing legal consultation and for responding to inquiries. Our legal basis to process personal data in this manner is for performing our obligations arising from any contract with our clients.
- To handle our company processes and administer our client relationships
We use registration data, basic data, marketing data, special categories of data, and client service data to handle our company processes and administer our client relationships. Our legal basis for this processing is to perform our obligations in the contracts with suppliers (e.g. to manage to supply services or/and goods to our Firm) and/or with our clients (e.g., issuing and processing invoices).
- To protect the security and functionality of our Sites and information technology systems
We use basic data, login data, transaction data, and Device data to protect the security and functionality of our Sites and information technology systems. Our legal basis is monitoring how our Sites are used which is important for our legitimate interests to identify and deter fraud, other crimes, and abuse of our Sites. This enables us to ensure that you can use our Sites safely.
- To make our Sites more intuitive and easier to use
We use device data to make our Sites more intuitive and easier to use. Our legal basis is monitoring how our services are used which is important for our legitimate interests to help us enhance the design and information available on our Sites and offer better support and services to users of our Sites.
- For marketing communications
We use marketing data, basic data, special categories of data, registration data, client service data, and device data for marketing communications, including providing you with information about activities or programs that might be of interest to you, such as legal services, legal alerts, client conferences or networking events, and groups of particular interest (e.g. specific types of networking groups). Our legal basis is processing this information which is important for our legitimate interests in providing you with personalized and appropriate ads, alerts, and invitations. Marketing communications will be only sent to you if you have given us your consent or if we have the right based on the applicable law to do so.
- To resolve compliance and legal obligations
We use compliance data, basic data, registration data, transaction data, and device data to resolve compliance and legal obligations, such as complying with Max Law Firm’s tax reporting obligations, verifying the identity of new customers, Know Your Client, and preventing money laundering and/or fraud. Our legal basis to process such data is required in order to comply with legal obligations to which we are subject.
- To consider individuals for jobs and contractor opportunities, as well as to handle on-boarding procedures.
We use compliance data and job applicant data to consider individuals for jobs and contractor opportunities, as well as to handle on-boarding procedures. Our legal basis to process is required for the purposes of recruiting and on-boarding, as well as to comply with our legal obligations, which may be required by a relevant local recruitment privacy policy.
- For our business purposes, for managing and establishing, or terminating your employment relationship
We process the collected personal data for our business purposes, and for managing and establishing, or terminating your employment relationship with us which may include:
- verification of references and qualifications for determining eligibility for initial employment;
- to administer pay and benefits;
- to process claims related to employee work such as insurance claims, worker compensation, etc.);
- to establish development and/or training requirements;
- to determine performance and to conduct performance reviews;
- to assess qualifications for a particular task or job;
- to collect evidence for termination or disciplinary action;
- in the event of an emergency to establish a contact point (such as next of kin);
- to comply with applicable employment or labor statutes;
- to compile directories;
- to ensure the security of company-held data; and
- such other purposes as are reasonably required by Max Law Firm.
The purposes above are not exhaustive, and we may collect comparable or related data in accordance with local laws and regulations, with a subsequent notice that will be supplied or displayed in accordance with applicable legal requirements.
Our policy on employee and contractor privacy: Personal information about our staff and contractors is handled by internal Firm processes and procedures, which are not covered by this Privacy Policy.
The reasons to use your personal data, as well as the legal basis for this use, are as follows:
It is necessary for us to collect and use Personal Data, based on;
- a) your consent that you have given us,
- b) the performance of our obligations under any contract with you,
- c) a sufficient legitimate interest such as our legitimate interest or a third party’s legitimate interest, provided this does not override any interests or rights that you have as an individual,
- d) as necessary to deal with legal claims,
- e) to comply with any legal obligations that may oblige us to collect and use your Personal Data, such as anti-money laundering or bribery regulations.
With the following categories of recipients, Personal Data may be shared:
- Service providers and Suppliers: We share Personal Data with suppliers and service providers so that they can execute tasks on our behalf and in accordance with our legal and regulatory requirements in order to achieve the above-mentioned goals. Service providers include but are not limited to translators, document processing, confidential waste disposal, software, and IT service providers that we may outsource these services to them, Google Analytics, postal providers to deliver our postal documents, Infrastructure, and IT service providers, tax advisors, insurers arbitration providers, mediators, valuers, secretaries, court, Government, opposing party, and their lawyers, witnesses, our experts such as attorneys and accountants, regulatory authorities, Tax authorities, Infrastructure and IT service providers, such as those that provide our client intake system, finance systems, and customer relationship management databases, consultants who assist us with business intelligence and marketing strategies, as well as external venue providers where we conduct conferences and events. By entering into the contract with these third parties, we require them to provide reasonable security for Personal Information and to use and process it solely on our behalf. Also, in order to process invoices and payments, we share Personal Data with financial institutions.
- Corporate purchasers: To the extent allowed by law, we may share Personal Data with any corporate purchaser or prospect as part of any sale of Firm assets, merger, acquisition, or change of service to another provider, as well as in the event of insolvency, bankruptcy, or receivership in which Personal Data will be transferred as a Firm asset.
- Mandatory disclosures and legal claims: We share Personal Data to comply with Max Law Firm’s tax reporting obligations, any subpoena, court order, or other legal process, a request from our regulators, a governmental request, or any other legally enforceable demand. Personal Data is often shared to determine or secure our legal rights, property, or safety, as well as the rights, property, and safety of others, or to defend against legal claims.
- Affiliates: Any collected data may be shared and processed by any of our member firms and affiliates. For the above-mentioned reason and for managing our relationship with you such as marketing, invoicing, and providing legal services to you each of our member firms may share your personal data with other affiliates and member law firms.
A list and details of the above-mentioned members and affiliates are available here.
Thailand:
Max Law Firm Co, Ltd
Max Law Firm International Co, Ltd
Nana Branch: 2nd Floor Nana Square Building
Soi 3 Sukhumvit Road, Klong Toi Nuea, Wattana, Bangkok 10110.
Asok Branch: Grand Floor Interchange Building, 399 Sukhumvit Rd, Khlong Toei Nuea, Watthana, Bangkok 10110.
49 Branch: No. RQ.1 302 Racquet Club, Building A Sukhumvit Soi 49/9 Klongtoey Nau, Watthana, Bangkok 10110. Call center: +66 2 255 5515, Email: info@maxlawint.com www.maxlawfirm.co.th
Ukraine: Max Law Firm LLC
03056, Kyiv, vul. Borshchahivska, Building 117.
Phone: +380 93 333 3110, Email: info@maxlawint.com, www.maxlawint.com
Germany: Max Law Data GMBH
Zeil 109, 60313 Frankfurt
Phone: +4915214356757, Email: info@maxlawint.com
Switzerland: Max Law Firm SARL(LLC)
Headquarter: Centre commercial Migros Gare de Fribourg, Rue Louis-d’Affry 2, 1700 Fribourg
Phone: +41263036200
Email: Fribourg@maxlawfirm.ch
Branch: Esplanade de Pont-Rouge 4, 1212 Lancy
Phone: +41225921070, Email: geneva@maxlawfirm.ch
Also, with the following categories of recipients we may share your Personal Data:
Our staff, consultants, contractors, and other parties who require such data to assist us in establishing, managing, or terminating the employment relationship between our organization and you, including parties that cooperate with us in the provision of products or services to you and provide products or services to us or on our behalf.
In some cases, such above-mentioned parties may also provide certain data processing and data technology services to us in order that we may operate our business.
Both in and outside of your home country, we may share Personal Data with such parties and, as a result, your Personal information may be collected, used, processed, stored, or disclosed in jurisdictions outside of your home country.
When we share Personal Data with third parties, we demand that they only use or disclose it in accordance with this Privacy Policy ‘s use and disclosure restrictions, as well as the laws and regulations of the country in which you live.
Further, Personal Data may be disclosed or transferred to another party (including Third Parties) in the event of a change in ownership of, or a grant of a security interest in, all or a part of Firm through, for example, an asset or stock sale, or another type of business combination, joint venture, or merger, provided that such party is bound by appropriate agreements or obligations and is required to use or disclose your personal information in accordance with the use and disclosure provisions of this Privacy Policy unless you consent otherwise.
In addition, your Personal Data may be disclosed:
- as required or permitted by regulatory requirements of applicable law.
In such instances, we will endeavor to not disclose more personal data than is required under the circumstances;
- for complying with valid legal processes including search subpoenas, warrants, or court orders;
- to protect the property and rights of Max Law Firm;
- as part of our regular reporting activities to other parts of our enterprise
- where necessary to protect the safety of a person or group of persons or during emergency situations;
- where such consent is required by law, with your consent. or
- where the personal data is publicly available;
We may need to collect Sensitive Personal Information, to a limited extent. We will ensure that the Data Subject is informed of such collection and processing through a notice provided at the outset of the employee’s employment with us and at other times where required by law.
The Data Subject’s explicit consent to the processing and particularly to the transfer of such Sensitive Personal Data to Third Parties will be obtained, where required by law. Appropriate protection measures and security will be provided depending on the nature of the data and the risks related to the intended uses.
Please consider that the above list is non-exhaustive therefore, in connection to providing you with more efficient services, there may be other examples where we need to share with other parties.
In case of any questions concerning the parties with whom we share your Personal Data, please contact us using the details provided in Section 16 below.
We use security measures to protect and keep secure the information provided to us from unauthorized access, unauthorized modification improper use or disclosure, and unlawful destruction or accidental loss, by implementing appropriate data security policies, regulations, and technical measures in accordance with applicable data protection requirements, however, data transmission over the internet or through a website cannot be guaranteed to be secure due to the inherent existence of the Internet as an open global communications vehicle and other risk factors.
All of our staff, partners, lawyers, consultants, experts, workers, and those data processors who process your personal data on our behalf and are associated with and have access to the processing of your personal data, are obliged to respect the confidentiality of such personal data. If you have any questions regarding this section, please contact us at the details provided in Section 16 below.
We do not knowingly collect or store information (including Personal Data) from children under the age of 16, and no aspect of the Websites is designed to appeal to children under the age of 16. If we discover that we have collected or obtained Personal Information from a child under the age of 16, we will delete that information.
You have discretion over how we use your personal information for direct marketing purposes, and you can opt-out to not receive communication regarding direct marketing from us at any time.
Personal Data relevant to marketing activities is retained as long as you accept marketing messages from us, we will safely delete such data in compliance with applicable law upon request. If you no longer wish to receive marketing communications, such as staying on a mailing list to which you previously subscribed, or receiving any other marketing communication, please unsubscribe using the connection given in the related communication or contact us using the details provided in Section 16 below.
On our Sites, we use and engage third-party providers to use cookies, web beacons, and other similar monitoring technologies (collectively, “cookies”). To know about the cookies we use, and how you can control, manage, and delete cookies, please see the section related to our Cookie Policy or here.
Following the applicable law, and where the General Data Protection Regulation (GDPR) is applicable, or where similar rules apply, you have the following rights relevant to your data.
Access: It is your right to ask us if we are processing your Personal Data and request to provide you a copy of your personal data and any relevant information about how the data has been used or is being used, free of charge. If you want several copies of your Personal Data, we may charge a reasonable fee.
- Rectification: If we hold and process any inaccurate or incomplete Personal Data about you, you have the right to ask us to correct or update your data., please contact us at the details provided in Section 16 below and we will correct or update them.
- Deletion: You have the right to ask us to delete or remove Personal Data that we process about you. Please note that this may not always be possible when we are obliged to retain such data to comply with legal obligations or to create, exercise, or defend legal claims.
- Restriction: You are entitled to ask us that we restrict our processing of your Personal Data in the following situations:
– You think the data is inaccurate.
– Our processing is illegal or against applicable law.
or
– We no longer need to process such data for a specific reason.
- Portability: You are entitled to ask us to transfer the Personal Data that we hold about you to another data controller or a third party of your choice, where this is:
– Personal information that you have given to us; and we are processing that data with your consent or to fulfill our contractual obligations to you (such as to provide legal services).
- Objection: Where the legal justification for our processing of your Personal Data is our, or a third-party legitimate interest, you have the right to object and ask us to stop processing your Personal Data, and we will do so, except where we can demonstrate compelling legitimate grounds for the processing such as for the establishment, exercise or defense of legal claims. Where we process your data for direct marketing purposes, you are also entitled to object.
- Withdrawing Consent: If you have given us your consent to our processing of your Personal Data, you have the right to withdraw your consent at any time. This involves situations where you want to opt-out of receive marketing messages from us.
To exercise your rights, please contact us by e-mail or mail at the details provided in Section 16 below.
You have the right to lodge a complaint in the relevant court or with the relevant local data protection authority if you believe that we have not complied with applicable data protection laws.
To find out the relevant local data protection authority in your place of residence, please click here.
In Thailand, Currently, the Ministry of Digital Economy and Society (MICT) is responsible for complaints regarding noncompliance with PDPA.
In EEA counties, a list of the relevant local data protection authorities, are available here
In Switzerland, the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch), is the competent authority for data protection.
In the UK, the Information Commissioner’s Office (Tel: 0303 123 1113 or at www.ico.org.uk) is the competent authority for data protection.
To provide the services as well as for the reasons outlined above, Personal Data is transferred as necessary to outside the jurisdictions that you provide it. Our Sites are hosted on servers in the United States therefore If you are located outside of the United States, the transfer of Personal Data is necessary. Please be aware, you are moving your data across borders when you send personal information to us.
If you are resident within the European Economic Area ( EEA), to provide the services to you, as necessary we will transfer personal data outside of the European Economic Area as well as to M L F Group ( a Swiss Association ) is located outside the EEA and its member firms and affiliates including Max Law Firm International Co, Ltd, and Max Law Firm Co, Ltd both based in Thailand, Max Law Firm LLC ( Ukraine), Max Law Firm SARL ( Switzerland) Max Law Data GmbH ( Germany).
To have a lawful basis to transfer personal data and put appropriate protection measures, to ensure an adequate level of protection and safeguards regarding personal data, we use standard contractual clauses authorized by the European Commission and other acceptable solutions in order to resolve cross-border transfers originating from the European Economic Area (“EEA”) to the United States and other non-EEA jurisdictions, in compliance with Articles 46 and 49 of the General Data Protection Regulation (GDPR).
Besides, all our member firms and affiliates mentioned above, have signed a data protection contract, based on the EU standard contractual clauses in compliance with our obligation.
Based on legal grounds such as your consent, the performance of our obligations under any contract with you, and for our legitimate interests or a third party’s legitimate interest to use personal data in such a way to ensure that we provide our services in the best way that we can, we may appoint third-party contractor data processors as required to provide our services to you, including but not limited to translation and document processing services, IT systems or software providers, IT support service providers, documents, and information storage providers, who will process personal data on our behalf and in accordance with our instructions. In regard to any subcontractor, we do adequate due diligence and put in place contractual paperwork to guarantee that they process personal data appropriately and in accordance with our legal and regulatory requirements.
You can request a copy of the appropriate mechanisms we have in place, if such laws require it, by contacting us in the details provided in Section 16 below.
Personal Data is usually retained for as long as necessary to fulfill the purposes for which we collected and continue to process it. We will typically retain Personal Data collected and processed for other purposes including satisfying any legal, accounting, or reporting requirements for as long as it is appropriate to meet the purposes described in this Privacy Policy or, otherwise stated in applicable record retention policies and procedures. We typically retain personal data in the range of 3 to 15 years.
In case of need for more information or any queries related to data retention including the different aspects of your personal information, please contact us using the details provided in Section 16 below.
Links and references to other websites maintained by unaffiliated third parties may be found on the pages of our Sites. These third-party sites are not covered by this Privacy Policy. When you click a link to visit a third-party website, you are subject to the privacy notices of that website. Before presenting any Personal Data on any related third-party websites, please note that these websites have their own privacy notices, and we recommend you familiarize yourself with such privacy notices.
This Privacy Policy may be changed from time to time. Our Privacy Policy is valid as of the date mentioned above, and we invite you to visit our Sites on a regular basis to stay updated about our privacy policies. If we make significant changes, we will try to notify you ahead of such changes via a notice on our websites www.maxlawint.com, www.maxlawfirm.ch and www.maxlawfirm.co.th.
Please contact us by the following email, if you have any question, concerns, or feedback about this Privacy Policy:
Email address: dataprivacy@maxlawint.com
Although our website is available and translated into other languages, but we offer these policies in English language, and the English version of this document controls and governs your use of the Max Law Firm services.