Privacy Policy
Matheson LLP [“we”, “us” or “our”] is committed to protecting your privacy. This Privacy Statement tells you about your privacy rights and sets out how we, as a Data Controller, collect and process personal data about:
- Clients;
- Employees;
- Experts / Consultants;
- Solicitors / Counsel;
- Suppliers;
- Business Contacts;
- Individuals who apply for jobs with us;
- Individuals who we communicate or interact with in the course of the provision of our services;
- Individuals whose personal data is provided to us in connection with the provision of our services, whether directly or indirectly;
- Individuals who attend events we organise;
- Individuals who are employed or engaged by suppliers of goods or services or parties tendering goods or services; and
- Visitors to our website.
This Privacy Statement should be read in conjunction with the page detailing Which Cookies We Use
Information we colect
“Personal data” means any information about an individual from which that person can be identified. We do not collect any personal data about you on our website, apart from information which you volunteer (for example by emailing us or by using our feedback facility), and as set out in our Cookie Policy.
In providing our services, we may also receive personal data directly and indirectly, including from other law firms, solicitors, and various other professionals we interact with in the course of providing services, as well as from publicly accessible sources. Categories of such personal data are set out below.
If you do not provide us with personal data we request, we may not be able to provide you with our services or respond to any questions or requests you submit to us via our website, by telephone, email or in writing.
How we use personal data we collect
We will only use your personal data for the purposes and legal bases set out in the table below:
Purpose/Activity | Type of Personal Data | Lawful basis of processing |
|---|---|---|
| Communicating with you, our clients, or other persons in the course of our business and for the purpose of providing legal services, including instructing and liaising with counsel and other professional service providers in relation to matters that we are handling, or because we need to liaise with a counterparty on a matter in which we are instructed, or to collect our fees or costs |
|
|
| Corresponding with other solicitors and barristers in relation to client matters |
|
|
| To manage relationships between us and any expert witnesses / consultants including the processing of personal data included in professional curriculum vitae (CV) in order to assist clients in appointing individuals of necessary expertise |
|
|
| To provide information on our services or legal updates that we consider may be relevant to you, or our clients |
| To support our legitimate interests in providing legal services, provided such interests are not overridden by the rights and interests of the data subjects concerned |
|
| To comply with our legal or regulatory obligations |
| For public health reasons in the public interest such as protecting against serious cross border threats to health | Health data | To comply with any legal or regulatory obligations and any public health requirements |
| For the purposes of managing and improving our business and services |
| To support our legitimate interests in managing our business and providing and improving our services, provided such interests are not overridden by the rights and interests of the data subjects concerned |
| Marketing about our firm, services and events |
|
|
| Managing the goods and services we receive (including contract management, managing security and access to our systems and premises, payment of invoices and assessment of our suppliers or parties who tender to provide goods or services to us) |
|
|
| Maintaining and operating our website |
| To support our legitimate interests in managing our business and services, improving our website offerings and enhancing your online visit to us, provided such interests are not overridden by the rights and interests of the data subjects concerned |
| Use of images captured by us through film/photographs taken at events or otherwise at our offices and published in printed or online media (including on our websites) | Photographs or videography in which your image and voice may be recorded |
|
| For the purposes of providing our services to you, using a variety of technologies and software applications, which may include cloud-based systems and artificial intelligence. (This means that these service providers may access and process your personal data on our behalf) |
| To support our legitimate interests in managing and improving our services and technology offerings, provided such interests are not overridden by the rights and interests of the data subjects concerned |
| Processing internship and job applications | Names; addresses; contact information; CVs |
|
Retention of your Personal Data
We will retain your personal data only for as long as necessary for the purposes for which it was collected; as required by law, and for the exercise and defence of legal claims that may be brought by or against us.
We will retain personal data relating to job applications for no longer than 18 months. Trainee applications screened out at application stage are retained for 14 months from the date of initial submission, and applications that are screened out at interview stage are retained for two years after the date of the initial submission so to allow for development and re-application. Our retention practices may be reviewed and updated from time to time in line with legal requirements and best practice.
Disclosure of your information
We may disclose your personal data to:
- Affiliates of Matheson LLP;
- A third party who provides a service to us (including cloud service providers);
- A third party where we are under a duty to disclose or share your personal data in order to comply with any legal obligation or court order;
- A third party where it is necessary to protect the vital interests of the data subject or another natural person;
- A third party who tenders to us or provides services or goods to us;
- A third party who we partner with to organise or sponsor events; and
- A prospective seller or buyer of any of our assets or business.
To the limited extent that it is necessary to transfer personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data, including standard contractual clauses under Article 46.2 of the GDPR or an adequacy decision under Article 45 for the GDPR. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).
Links to other websites
Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies, and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.
Your rights
You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. In each case, these rights are subject to restrictions as laid down by law. The following is a summary of your rights:
- enables you to receive details of your personal data
- enables you to correct any inaccurate or incomplete personal data we hold about you
- enables you to ask us to delete your personal data in certain circumstances
- enables you to ask us to halt the processing of your personal data in certain circumstances
- enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party)
- enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible.
You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR. In Ireland, this is the Data Protection Commission.
You also have the right to withdraw your consent to our processing of your personal data at any time (without affecting the lawfulness of processing based on consent before its withdrawal), in circumstances where we rely on this legal basis to process your data.
If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may require proof of identification to verify your request. We have the right to refuse your request where there is a basis to do so in law, or if it is manifestly unfounded or excessive.
Security and where we store your personal data
We are committed protecting the security of your personal data. We use a variety of technologies and procedures to help protect your personal data from unauthorised access, use or alteration, including industry standard security measures. All Matheson personnel are subject to strict confidentiality obligations. However, as effective as modern security practices are, no physical or electronic security system is entirely secure and we cannot guarantee that information you supply will not be intercepted while being transmitted to us over the internet. Any transmission of personal data is at your own risk. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation. We will continue to revise policies and implement additional security features as new technologies become available. If you would like to raise a security issue with our team, please email infosec@matheson.com
Changes to this Privacy Statement
We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the website prior to the change becoming effective. Please review this Privacy Statement periodically for updates.
Contact Us
Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome, and should be addressed to DataPrivacy@matheson.com or sent in writing to:
Risk and Professional Standards
Matheson LLP
70 Sir John Rogerson’s Quay
Dublin 2
All requests will be dealt with promptly and efficiently.
Last Updated: November 2025