Privacy Policy
How we collect, use, and protect your personal information across our global offices.
Effective Date: 10 April 2026 | Version 1.0
⚖️
1. Introduction & Who We Are
MLegal ("MLegal", "we", "us", or "our") is an international law firm providing legal, tax, immigration, and cross-border advisory services. Our principal place of business is in the United Kingdom, with offices in England, the United Arab Emirates, and India.
This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you visit www.mlegalfirm.com (the "Website"), contact us, or engage our legal services. It applies to all visitors, prospective clients, clients, and other individuals whose personal data we process.
MLegal is the data controller for personal data processed through this Website and in connection with our legal services in the United Kingdom. Mohit Suri, Managing Partner, bears overall responsibility for data protection compliance.
Mohit Suri is an SRA-registered foreign lawyer (SRA Registration No. 7583504). MLegal is authorised by the Bar Council of India. Not all individuals listed on this website are solicitors of England and Wales. Legal advice is provided only upon formal engagement.
Applicable Jurisdictions
Our activities span multiple jurisdictions. We comply with the data protection laws applicable to our processing activities, including:
🇬🇧 UK GDPR & Data Protection Act 2018
🇦🇪 UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection
🇮🇳 India Digital Personal Data Protection Act 2023 & IT Act 2000
🇪🇺 EU GDPR (where applicable)
📋
2. Personal Data We Collect
We collect personal data from you directly, automatically, and (where applicable) from third parties. The categories we may collect include:
| Category | Examples | Source |
|---|---|---|
| Identity Data | Full name, title, date of birth, nationality, passport or ID details | Directly from you |
| Contact Data | Email address, telephone number, postal address | Directly from you |
| Matter & Case Data | Instructions, legal documents, case facts, financial information relevant to your matter | Directly from you or third parties (e.g. courts, counterparties) |
| Financial Data | Bank account details, billing address, invoicing information | Directly from you |
| Due Diligence Data | Identity verification documents, source of funds information (required by AML/KYC obligations) | Directly from you or third-party verification services |
| Usage & Technical Data | IP address, browser type, pages visited, time on site, referring URL, device identifiers | Automatically via cookies and server logs |
| Communications Data | Emails, telephone call records, enquiry form submissions, live chat transcripts | Directly from you |
| Marketing Preferences | Opt-in/opt-out preferences for legal updates and newsletters | Directly from you |
Special Category Data: Occasionally, the nature of a legal matter (e.g. immigration, family, or criminal law) may require us to process sensitive personal data, including information about health, ethnicity, or criminal records. We will only do so where strictly necessary and with your explicit consent or where required by law.
🎯
3. How We Use Your Personal Data
We use personal data only for specified, legitimate purposes. Our processing activities and the lawful basis for each are set out below:
| Purpose | Lawful Basis (UK GDPR) |
|---|---|
| Responding to enquiries and providing legal advice and services | Performance of a contract / Our legitimate interests |
| Client onboarding, identity verification and KYC/AML compliance checks | Legal obligation (Money Laundering Regulations 2017; POCA 2002) |
| Managing client matters, files, and billing | Performance of a contract |
| Complying with court orders, regulatory requests, and statutory duties | Legal obligation |
| Sending legal updates, newsletters and marketing communications (where consented) | Consent (withdrawable at any time) |
| Improving our Website, services, and user experience (analytics) | Legitimate interests (proportionate, non-intrusive) |
| Preventing fraud, misuse of our services, and maintaining security | Legitimate interests / Legal obligation |
| Conflict-of-interest checking (professional obligation) | Legal obligation / Legitimate interests |
We do not use your personal data for automated decision-making that produces legal or similarly significant effects without human review.
🗄️
4. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law or professional regulatory obligations. Our principal retention periods are:
- Client matter files: 7 years from the conclusion of the matter (in line with SRA guidelines and Limitation Act 1980), or longer where required by statute or regulatory obligation.
- AML / KYC records: 5 years from the end of the business relationship (Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017).
- General enquiry / contact form data: 24 months from last contact unless a client relationship is established.
- Website analytics data: Up to 26 months (aggregated / anonymised after that point).
- Marketing consent records: Until consent is withdrawn plus 1 year as an audit trail.
After the applicable retention period, personal data is securely deleted or anonymised.
🤝
5. Disclosure of Your Personal Data
We do not sell, rent, or trade your personal data. We may share it only in the following circumstances:
Service Providers & Processors
We engage trusted third parties to provide services on our behalf (e.g. IT infrastructure, document management, email platforms, payment processing, identity verification). These parties are bound by data processing agreements and may only process your data on our documented instructions.
Professional Advisors & Counsel
Where necessary for your matter, we may share relevant data with barristers, expert witnesses, mediators, or other professional advisors under obligations of confidentiality.
Courts, Tribunals & Regulatory Bodies
We may disclose personal data to courts, tribunals, the Solicitors Regulation Authority, HMRC, immigration authorities, the Bar Council, or other competent authorities where required by law or court order.
Anti-Money Laundering Obligations
In circumstances required by the Proceeds of Crime Act 2002, the Money Laundering Regulations 2017, or equivalent legislation in the UAE or India, we may be legally compelled to disclose information to the National Crime Agency (NCA) or other financial intelligence units without being able to notify you of such disclosure ("tipping-off" provisions).
Business Transfers
In the event of a merger, acquisition, restructuring, or sale of the firm, personal data may be transferred to the successor entity, subject to equivalent data protection safeguards.
Affiliates & Cross-Office Working
Our UK, UAE and India offices work collaboratively. Personal data may be shared between these offices to deliver the services you have requested, subject to the international transfer safeguards described in Section 6 below.
🌐
6. International Data Transfers
MLegal operates across multiple jurisdictions. Personal data collected in the UK may be transferred to, stored in, or processed in the UAE or India. In each case:
- Transfers to the UAE are conducted under appropriate safeguards including standard contractual clauses (SCCs) adopted or approved by the UK ICO, or equivalent contractual protections.
- Transfers to India are conducted in accordance with the UK's International Data Transfer Agreement (IDTA) framework or binding contractual protections, pending any adequacy decision.
- Where we rely on Standard Contractual Clauses, copies are available on request by contacting us at info@mlegalfirm.com.
Regardless of where your data is processed, we apply the same level of data protection as required under UK GDPR and the Data Protection Act 2018.
🛡️
7. Your Data Protection Rights
Subject to applicable law and relevant exemptions (including legal professional privilege and AML obligations), you have the following rights in respect of your personal data:
Right of Access
Obtain a copy of the personal data we hold about you (Subject Access Request).
Right to Rectification
Have inaccurate or incomplete personal data corrected without undue delay.
Right to Erasure
Request deletion of your personal data where we no longer have a lawful basis to retain it.
Right to Restriction
Request that we restrict processing of your data in certain circumstances.
Right to Portability
Receive your data in a structured, machine-readable format where processing is based on consent or contract.
Right to Object
Object to processing based on legitimate interests, including direct marketing and profiling.
Withdraw Consent
Withdraw consent at any time where processing is based on consent, without affecting prior processing.
Right to Complain
Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
To exercise any of these rights, please contact us at info@mlegalfirm.com. We will respond within one calendar month of receipt (extendable by a further two months for complex requests, with notice). There is no charge for exercising your rights unless requests are manifestly unfounded or excessive.
Note for clients: Legal professional privilege may restrict our ability to disclose certain information contained in client files. Where this applies, we will inform you of the nature of the restriction.
🍪
8. Cookies & Tracking Technologies
Our Website uses cookies and similar technologies to provide functionality, improve performance, and (where consented) to support analytics and marketing.
| Cookie Type | Purpose | Consent Required? |
|---|---|---|
| Strictly Necessary | Core website functionality, session management, security | No — essential to operate the site |
| Functional | Remembering preferences (e.g. language, region) | No (unless non-essential) |
| Analytics | Understanding how visitors use the site (e.g. Google Analytics) | Yes — opt-in via cookie banner |
| Marketing / Tracking | Remarketing, conversion tracking, personalised advertising | Yes — opt-in via cookie banner |
You may manage or withdraw cookie consent at any time by clicking the "Cookie Preferences" link in our website footer, or by adjusting your browser settings. Note that disabling certain cookies may affect the functionality of the Website.
For full details of cookies in use on this Website, including third-party cookie providers, please refer to our Cookie Policy.
🔒
9. Security of Your Personal Data
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, alteration, disclosure, or destruction. These include:
- TLS/SSL encryption for data in transit and encryption at rest for sensitive data stores
- Role-based access controls and least-privilege principles for staff
- Multi-factor authentication for internal systems
- Regular security assessments and vulnerability reviews
- Staff training on data protection and information security
- Incident response procedures, including breach notification protocols under Article 33 UK GDPR (72-hour notification to the ICO where applicable)
Despite these measures, no data transmission over the internet or electronic storage system is completely secure. If you believe your data has been compromised, please contact us immediately at info@mlegalfirm.com.
🔗
10. Third-Party Links
Our Website may contain links to third-party websites, portals (including court filing systems, government portals, or professional body websites), and social media platforms. These sites operate independently and are governed by their own privacy policies.
We are not responsible for the privacy practices or content of any third-party site. We encourage you to review the privacy policies of any third-party sites you visit.
👶
11. Children's Privacy
Our Website and legal services are not directed at children under the age of 18. We do not knowingly collect personal data from children under 18 without verifiable parental consent. If you believe we have inadvertently collected such data, please contact us at info@mlegalfirm.com and we will delete it promptly.
📝
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or regulatory guidance. The current version will always be available at www.mlegalfirm.com/privacy-policy.
Where changes are material, we will notify you by email (if you are a client or have subscribed to our communications) or by posting a prominent notice on our Website. The "Effective Date" at the top of this policy indicates when this version came into force.
Continued use of our Website or services after the updated policy has been published constitutes acceptance of those changes.
Questions About Your Privacy?
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or would like to raise a concern, please contact us.
Email: info@mlegalfirm.com Contact Page