Privacy Policy

Our commitment

MdME is firmly committed to the privacy and rights of data subjects and acts in accordance with the provisions of the applicable legislation.

Privacy policy

We want you to be familiar with the way MdME processes your personal data and with your rights as data subject.

The aim of this Policy is to answer the following questions: 

1. What data does MdME process, who does it concern and how is it collected?

2. For what purposes and on what lawful basis does MdME process personal data?

3. How long do we keep your personal data for?

4. Who does MdME transfer your personal data to?

5. Is your personal data safe?

6. What rights do you have as data subject?

7. How can you exercise your rights?

8.  How can you contact us?

9.  How can you stay informed about the processing of your personal data?

1. What data does MdME process, who does it concern and how is it collected?

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

MdME may process the following categories of personal data:

    a) Identification data (e.g. name, date of birth, gender, address, contact details, citizen’s card data, passport data, tax number, nationality);

    b) Data relating to education and work experience (e.g. education, qualifications, certifications, curriculum vitae, information from previous employer);

    c) Professional data (e.g. title, position, job description, company, office address);

    d) Professional activity data (e.g., business activities, information about cases and briefs, experience);

    e) Invoicing and expenses data (e.g. fees, client-related travelling and communications expenses); and

    f) Recorded image and sound data (e.g. photographic and video images).

Data subjects are the individuals to whom the data refers.

The personal data categories listed above may belong to different categories of data subjects, such as clients, employees of corporate clients, counterparties, applicants or alumni of MdME.

MdME collects personal data in various ways and at different times, including when you send us an e-mail or reply to an invitation, when you give us your visiting card, when you sign up for our information or events, when you apply for a position with us or when you engage our services.

In some cases, MdME may collect personal data indirectly from public sources. When MdME processes personal data that has been collected indirectly, it will provide all the information about the processing of that data to the relevant data subject at the earliest opportunity.

Moreover, MdME may collect sensitive data, whenever it is necessary to ensure the provision of legal services. Sensitive data may include personal data pertaining to philosophical or political convictions, union or political membership, religious faith, private life, racial or ethnic origin, data related to health and sexual health, including genetic data.

2. For what purposes and on what lawful basis does MdME process personal data?

MdME may process personal data for the following purposes and on the following lawful bases:

a) Provision of legal services, which may include:

  • Opening a client dossier;
  • Keeping a record of services proposals received;
  • Communications with the client, other parties and/or public bodies, including courts and tribunals; and
  • Keeping documents on file in digital and physical formats.

The lawful basis is contractual performance and legitimate interest:

  • MdME’s interest in processing clients’ information in a sustained and efficient manner, which ensures its quality and integrity and enables the provision of excellent services; and
  • Interest of the clients represented and advised by MdME.

Whenever the collected data is of sensitive nature, the lawful basis is the declaration, exercise or defense of a right in judicial proceedings.

b) Communications and sending of information, including the dissemination of legal information (e.g. newsletters, briefings, legal alerts);

The lawful basis is legitimate interest:

  • Reply to requests from persons that fill in MdME’s website forms with the relevant suitable correspondence;
  • Contribute to the development of legal science and play an important role in the community of legal professions; and
  • Bolster MdME’s culture and maintain a close relationship with its alumni.

c) Event management, which includes:

  • Sending invitations for events and registering event participants; and
  • Publicising events within and outside the firm.

The lawful basis for this management are legitimate interest and consent (*):

  • Reply to requests from persons that fill in MdME’s website forms with the relevant suitable correspondence;
  • Contribute to the development of legal science and play an important role in the community of legal professions; and
  • Publicise events arranged by MdME.

d) Protection of persons and goods, which includes collecting CCTV images.

The lawful basis is legitimate interest, in order to ensure the protection of MdME’s premises and the persons on those premises.

e) Complying with statutory compliance obligations

The lawful basis is compliance with statutory obligation.

f) Invoicing and accounts management, which includes:

  • Booking expenses, monitoring costs and refunds (e.g. travelling and mobile communications expenses to be paid by clients);
  • Invoicing and management of current accounts; and
  • Keeping accounting records and supporting documents on file.

The lawful basis includes contractual performance; legitimate interest; and compliance with statutory obligation: manage efficiency, invoice the services provided correctly and in a timely fashion, and ensure compliance with the applicable statutory obligations.

g) Submitting cases to legal directories

The lawful basis is legitimate interest: MdME’s interest in fostering the firm’s culture and the excellence of its lawyers.

h) Judicial and non-judicial claims, which includes the collection and recovery of amounts owed by clients.

The lawful basis is legitimate interest: MdME has a legal interest in satisfying its debt-claims and defending its rights.

i) Recruitment and selection, which includes analysing applications and CVs, as well as the internal selection process for lawyers and staff according to the firm’s needs.

The lawful basis is pre-contractual audit at the request of the data subject and legitimate interest: MdME’s interest in analysing applications and having applicants undergo an internal selection process, in accordance with pre-defined criteria.

 (*) The data subject’s prior consent will be requested in cases where sound or image recordings are made or if photographs are taken.

3. How long do we keep your personal data for?

MdME will only keep your data for the period of time necessary to achieve the purposes established in this Policy or during the period required by the applicable legislation or regulations.

The personal data storage periods, depending on each processing purpose, are as follows:

Processing purpose > Storage period

  • Provision of legal services > For the duration of the client/firm relationship, plus 15 years.
  • Communications and sending of information > Until the data subject objects.
  • Event management > 5 years from the contact date or attendance at the event (as the case may be) if there is no contact or attendance at another event by the data subject.
  • Protection of persons and goods > 30 days.
  • Complying with statutory compliance obligations > 7 years from the time the client’s identification is processed or, in the case of business relationships, after the end of the same.
  • Invoicing and accounts management > 15 years.
  • Submitting cases to legal directories > For the duration of the case or brief
  • Judicial and non-judicial collection and complaints > Until payment of the amounts in debt or settlement of the dispute, whichever is applicable.
  • Recruitment and selection > 2 years from the time the application or CV is received if the applicant (staff) is not selected); 2 years from the time the application or CV is received if the applicant (lawyer) is not selected; and
  • For the duration of the professional relationship with MdME in the remaining cases.

4. Who does MdME transfer your personal data to?

MdME does not transfer your personal data to third parties, except in cases where this proves to be necessary for the provision of the services you have engaged or for compliance with the obligations to which MdME is subject.

The transfer of data to third parties is carried out in accordance with the applicable data protection legislation and within the limits of the purposes and lawful bases established in this Policy.

MdME may share your personal data with the following entities:

  • Relevant parties for the legal advisory services we provide, for example, counterparties, courts and tribunals, regulatory authorities, government institutions or other lawyers;
  • Law firms that are members of the Lex Mundi network;
  • Public authorities and the Macau Lawyers Association, with regard to compliance with legal obligations;
  • Service providers that supply services to MdME for the purposes described above, such as IT providers, communications services, translation services and digital and physical archive services.

In cases where the transfer of personal data to the above-mentioned entities involves an international transfer of personal data, and whenever such transfer is to a jurisdiction where the level of protection of personal data is deemed as not sufficiently adequate, MdME might still transfer the data in the following situations:

  • When it is necessary to perform a contract between the data subject and the data controller;
  • When it is necessary to conclude a contract, in the interest of the data subject, between MdME and a third party;
  • When it is necessary or legally required for the protection of an important public interest, or for the declaration, exercise or defense of a right in a judicial process;
  • When it is necessary to protect the vital interests of the data subject;
  • When it is carried out from a public registry, destined for public information.

In keeping with the potential transfers set out above, by providing your personal data, You expressly consent to transfer of said personal data to the jurisdictions of Hong Kong Special Administrative Region, Republic of Portugal, Republic of Angola, Republic of Mozambique and/or to the jurisdictions where Lex Mundi has associated offices as part of its network (full list available for consultation here: https://www.lexmundi.com/lexmundi/Member_Firms.asp )

5.  Is your personal data safe?

MdME has a very strict security policy, from a technical and organisation viewpoint, in order to protect your personal data from unauthorised destruction, loss, alteration, disclosure or access and against any other form of unlawful or abusive treatment. MdME exercises a strict control over entry to premises, data carriers, unauthorized amendments and disclosure of data, usage, access, transmission, introduction and transportation of data.

The technical and organisational security measures created and implemented by MdME are also required of MdME’s service providers that may process personal data on their own behalf. These service providers may not process your personal data without MdME’s further instruction, unless in pursuance of legal obligations.

If you have any questions about this matter, or if you would like more details about our data security, or if you know of any inappropriate situation, please contact us through either of the channels in point 9 below.

6. What rights do you have as data subject?

As data subject, you have the following rights:

  • Right to information

When collecting your data, you have the right to be informed of the entity responsible for the collection and processing of data (MdME), as well as the purpose of the processing, the data recipients, and the existence and conditions for the access and rectification of data.

  • Right of access

You may ask MdME at any time for confirmation as to whether it processes your data, for access to your personal data and for information about that processing.

You may also obtain a copy of the personal data that is processed.

This right may be restricted when the access may impair security, prevention or criminal investigation or even freedom of expression and information or freedom of press.

  • Right to rectification

If your personal data is incorrect or incomplete, you may ask for it to be rectified or completed.

  •  Right to erasure or to be forgotten

In certain situations, you have the right to request the erasure of your personal data.

This right may be restricted in certain situations if the processing of the data is necessary for compliance with statutory obligations to which MdME is subject or when the processing is necessary for the purposes of declaring, exercising or defending a right in legal proceedings.

  •  Right to restrict processing

In certain situations, you may ask MdME to limit access to personal data or suspend processing activities. This will happen, for example, in cases where you dispute the accuracy of your personal data, for a period of time which enables MdME to check its accuracy, or in cases where you have objected to the processing, until it is verified whether the legitimate interests of MdME or of a third party prevail over yours.

  •  Right to data portability

In cases where the processing of data is based on a contract to which you are a party or on your consent, you may ask MdME to hand over to you the data you supplied in a structured, current and automatic reading format. 

  •  Right to object

When the data processing is based on MdME’s legitimate interest or when it is carried out for purposes other than those for which the data was gathered, but which are compatible with the same, you have the right to object to the processing of your data for reasons related to your own personal situation.

MdME will cease to process your personal data in such cases unless it has legitimate reasons to carry out this processing and these reasons prevail over your interests.

  •  Right not to be subject to automated decision-making

MdME make no automated individual decisions, including profiling, which have an effect on your legal status or significantly affect it in a similar way.

  •  Right to withdraw consent

In cases where the processing of the data is based on your consent, you may withdraw your consent at any time.

If you withdraw your consent, your personal data will no longer be processed, unless there is another lawful basis that permits processing.

  •  Right to lodge a complaint

You have the right to lodge a complaint with the relevant supervisory authority about matters related to the processing of your personal data.

In Macau, the infringement of privacy rights can be reported to the Office for Personal Data Protection (GPDP).

For more information, visit https://www.gpdp.gov.mo/.

Please note that the exercise of the above-mentioned rights may be restricted by virtue of third-party rights and freedoms, statutory obligations or confidentiality obligations or the prevailing legitimate interests of MdME or a third party.

  •  Other rights

In cases where the transfer of personal data involves a member of the European Union, the data subject may also have the following rights: 

    • Right to restrict processing
    • Right to data portability
    • Right to withdraw consent

7. How can you exercise your rights?

You may exercise your right in either of the following ways:

  • E-mail: to the e-mail address mdmehr@mdme.com.mo; or
  • Letter: addressed to João Encarnação, Avenida da Praia Grande, n.º 409, 21, 23 - A/B, China Law Building, Macau.

There is no charge for exercising your rights.

 8. How can you contact us?

If you have any questions or need more information about the processing of your personal data or your rights as data subject, please contact us at the addresses below:

  • E-mail: to the e-mail address mdmehr@mdme.com.mo; or
  • Letter: addressed to João Encarnação, Avenida da Praia Grande, n.º 409, 21, 23 - A/B, China Law Building, Macau.

9. How can you stay informed about the processing of your personal data?

The Privacy Policy may be updated from time to time and we recommend that you check it regularly for any changes.

You can obtain more information about personal data processing from the Cookie Policy available on the Terms and Conditions of our website.

Please note, your browser is out of date.
 For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.