Many countries have data protection laws that protect the privacy of individuals by regulating the way in which businesses handle personal information.  Amongst other things, data protection laws require businesses that handle personal information to be open and transparent about why and how they handle personal information.  Our privacy notices linked below explain why and how we handle personal information in conducting our business.

Please note that we consider each of our partnerships and other entities that provide legal services to be a ‘controller’ in their own right for the purposes of the General Data Protection Regulation ("GDPR") and equivalent legislation, and therefore we do not enter into addendums or agreements which seek to impose the requirements of Article 28 of GDPR on us.

Where our clients outside Europe need to share personal information which were imported from Europe with our non-European partnership or entity, we will offer to enter into the prevailing ‘controller-to-controller’ form of EU standard contractual clauses, so long as it is appropriate and necessary to do so.

Our offer to enter into EU standard contractual clauses extends to entities in the Maples Group providing registered agent/registered office and/or authorised representative services in the Cayman Islands and the British Virgin Islands who will, where required, enter into the appropriate form of EU standard contractual clauses with clients. 

We recognise that unlike the various partnerships and other entities/undertakings in the Maples Group providing legal services (i.e. our law firms), members of the Maples Group that provide corporate support services tend to act as a ‘processor’ in providing their services and accordingly, where GDPR has extraterritorial effect on our non-European clients (e.g. because such clients offer their products/services to European residents from outside Europe), the relevant Maples Group entity can also offer to enter into a Data Processing Addendum in the form linked below as required, so that such clients may discharge their obligations under Article 28 of GDPR.