Privacy Policy

MANZARI Legal is a law firm registered with the Luxembourg Bar, with its registered office located at 2, rue Charles VI, L-1327 Luxembourg (“MANZARI Legal,” “we,” “us,” or “our”). We are committed to safeguarding personal data in accordance with applicable laws, particularly the European General Data Protection Regulation (Regulation 2016/679 of 27 April 2016) (“GDPR”).

This Privacy Policy is intended to inform data subjects about our processing of personal data. It explains, among other things, the purposes and legal bases for processing personal data, the categories of personal data we collect, the recipients of personal data, and the rights of data subjects regarding the handling of their personal data.

All terms used in this Privacy Policy shall have the meanings assigned to them under the GDPR.

Data controller
Purposes and legal bases for processing personal data
Categories of data subjects and personal data
Consequences of failing to provide personal data, updates, and third-party data
Disclosure of personal data
International transfers of data
Data retention periods
Rights of data subjects
Right to withdraw consent
Revisions to this Privacy Policy

Data Controller

This Privacy Policy applies to the processing of personal data by MANZARI Legal, a law firm, acting as the data controller.

Purposes and legal bases for processing personal data

The purposes of our personal data processing are as follows:

provision of legal services by MANZARI Legal, including external data protection officer services, and ensuring compliance with our legal obligations
general communications, including responding to enquiries, managing requests and complaints, and sharing information about our firm, services, and events (such as newsletters, client alerts, invitations to events, and other marketing materials), as well as organising conferences and events
operation of our website
processing applications for employment with our firm (HR recruitment)

The legal bases for processing are as follows:

processing for the provision of legal services by MANZARI Legal, including external data protection officer services, and compliance with our legal obligations:

legitimate interests and the performance of a contract to which the data subject is a party (individual clients and signatories): processing personal data necessary for the provision of legal services, invoicing, and processing payments
compliance with legal obligations: carrying out due diligence and know-your-customer requirements, conflict checks, compliance with anti-money laundering and counter-terrorism financing regulations, maintaining accounting records, adhering to data protection obligations (including managing data subjects’ requests), and fulfilling other applicable legal and regulatory requirements

legitimate interests of MANZARI Legal: maintaining records, facilitating communications, organising meetings, managing the firm and its staff, and ensuring the legal defence of our rights

processing for general communications, including responding to enquiries, managing requests and complaints, sharing information about our firm, services, and events (such as newsletters, client alerts, invitations to events, and other marketing materials), and organising conferences and events:
- legitimate interests of MANZARI Legal to address enquiries, requests, or complaints directed to us, and to support business development by providing information about our firm, services, and events to clients and professional contacts, as well as organising conferences and events
processing for the operation of our website:
- the legitimate interests of MANZARI Legal to ensure the proper technical functioning of our website or, where applicable, the consent of the website user for the use of non-essential cookies and similar technologies.

For more detailed information about our use of cookies and similar technologies, as well as how to manage cookie preferences, please refer to our Cookie Policy.

processing of applications for employment with our firm (HR recruitment):
- the legitimate interests of MANZARI Legal to process job applications.

Categories of data subjects and personal data

MANZARI Legal processes personal data relating to the following categories of data subjects:

clients using our legal services: This includes natural persons who are direct clients, as well as individuals associated with client entities, such as client representatives (employees, directors, or shareholders of the client), service providers acting on behalf of a client (e.g., representatives of a correspondent law firm acting on the client’s behalf), individuals linked to the client under know-your-customer, anti-money laundering, and counter-terrorism regulations (such as ultimate beneficial owners or economic owners, counterparties involved in the client matter and their representatives), and individuals concerned with the client’s matter for which our legal services are engaged (e.g., individuals involved in disputes, counterparties, appointed lawyers, bailiffs, judges, or other caseworkers).
professional contact persons: Individuals we may need to communicate with to carry out our legal services or to manage and operate the law firm. This includes individuals working for third-party service providers, regulatory bodies, governmental organisations, judicial authorities, other public institutions, or professional associations and clubs.
users of our website.
anyone who contacts us with an enquiry and any professional contacts to whom we may provide marketing information or communications.
job applicants.
personal data refers to any information that relates to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to that individual.

The categories of personal data we process include the following:

processing for the provision of legal services by MANZARI Legal, including external data protection officer services, and compliance with our legal obligations:
- contact details of individuals involved in the client matter, including first name, last name, job title and role, company name, email address, physical address, telephone numbers, and similar identifiers
- information required for know-your-customer (KYC) procedures, anti-money laundering, and counter-terrorism financing regulations, such as details about the client, their representatives and ultimate beneficial owners, contact details, activities and sources of funds, links to other relevant individuals as mandated by applicable laws, place and date of birth, residency, citizenship, passport information, judicial or criminal convictions, and status as a politically exposed person
- details related to the client’s matter necessary to provide legal services and comply with legal obligations
- payment and contractual information related to the execution of legal services, including invoicing details
- any other information required for MANZARI Legal to fulfil the requested legal services

The personal data is obtained from the client and/or their representatives, as well as from third-party sources involved in the client’s legal matter, such as counterparties, their representatives and legal advisers; administrative, regulatory, governmental, or judicial bodies; and third-party service providers or public sources used by the firm to conduct the necessary checks under KYC, anti-money laundering, and counter-terrorism financing rules.

processing for general communications, including responding to enquiries, managing requests and complaints, and providing information about our firm, services, and events (including newsletters, client alerts, invitations to events, and other marketing materials), as well as organising conferences and events:
- contact details, including first name, last name, job title and role, company name, email address, physical address, business telephone numbers, and other similar identifiers, as well as professional social media account details and areas of professional interest
- other information required for MANZARI Legal to respond to specific enquiries, requests, or complaints

The personal data is collected from the individual making the enquiry, request, or complaint, from clients and their representatives, and/or from other professional contact persons associated with the firm.

processing for the operation of our website:
- Technical and other data automatically collected through cookies and similar technologies, including Internet Protocol (IP) address, browser type and version, device type, browser plug-in types and versions, operating system, and platform, as well as information gathered during visits to our website

For further details about our use of cookies and similar technologies, and how to manage your preferences, please consult our Cookie Policy.

Processing of applications for employment with our firm (HR recruitment):
- contact details, including first name, last name, physical address, telephone numbers, email address, and other similar contact information.
- professional and employment-related information, including career history, work experience, education, qualifications, training, language skills, as well as information collected during the recruitment process, such as CVs, cover letters, reference letters, copies of diplomas or certifications, interview details, pre-hire interactions, and communications.
- citizenship, work authorisation, and visa status.

The personal data is collected from the job applicant. Former employers and/or references may be contacted with the prior consent of the job applicant.

Failure to provide personal data, updates, and third-party data

Where we are required to collect personal data by law or to perform a contract, and such data is not provided upon request, we may be unable to enter into a contract to provide legal services or may need to cease the provision of such services.

We kindly request that data subjects and clients notify us in writing and without undue delay of any changes to the personal data or information provided to us. This ensures that we can maintain up-to-date records and deliver services based on accurate information.

If an individual provides us with information about other persons, they must ensure they are authorised to do so and that those persons are aware of how their personal data will be processed. This includes directing them to this Privacy Policy and informing them of their rights as data subjects.

Disclosure of Personal Data

For the purposes outlined in this Privacy Policy and in accordance with professional confidentiality rules, we may share personal data with the following categories of recipients:

our clients and their representatives in the course of providing legal services to them.
our lawyers and staff.
authorised third-party service providers: we may share your personal data with processors who provide services essential for achieving the purposes described above. these include third-party service providers offering professional services to the firm, such as it, accounting, invoicing, auditing, and companies that supply software for anti-money laundering and counter-terrorism financing checks, web analytics, marketing support, or other related services. these third parties are authorised to use personal data only to the extent necessary to provide their services to us.
other third parties where necessary to achieve the purpose of data processing or when required by law: personal data may be disclosed to independent entities such as administrative, regulatory, governmental, judicial, or other public authorities, as well as other third parties relevant to the client matter or involved in claims, disputes, litigation, or investigations. such disclosure occurs where required by law, pursuant to legal processes, or to establish, exercise, or defend legal claims, including protecting or defending the rights of our clients or the firm.
other third parties with consent: in certain cases, we may share personal data with other third parties based on your consent. for example, this may occur when providing professional contact details of client representatives to legal directories for the purposes of legal service rankings.

International transfers

To provide legal services, we may transfer personal data to countries outside the european economic area (eea) that do not offer the same level of data protection as your country of residence and are not recognised by the european commission as providing an adequate level of protection. we will only transfer personal data to such countries when it is necessary for the services we provide, the establishment, exercise, or defence of legal claims, or when subject to safeguards that ensure the protection of personal data, such as european commission-approved standard contractual clauses and other protective measures. For further information, please contact us at contact@manzarilegal.lu

Data Retention Periods

MANZARI Legal will retain personal data only for as long as necessary to fulfil the purposes of the relevant data processing, extended by any applicable legal limitation periods. Once the applicable data retention period expires, MANZARI Legal will delete or anonymise the relevant personal data. The standard data retention periods are as follows:

processing for the provision of legal services by manzari legal, including external data protection officer services, and compliance with legal obligations:
data related to a client matter will be retained for five years after the end of the accounting year in which the matter is completed. accounting data will be retained for ten years after the end of the accounting year to which it relates.
processing for general communications, including responding to enquiries, managing requests and complaints, and communicating about our firm, services, and events (such as newsletters, client alerts, invitations to events, and other marketing materials), as well as organising conferences and events:
data will be retained for as long as necessary to respond to enquiries and manage requests and complaints, plus the applicable legal limitation period. information regarding communications about our firm, services, and events will be updated periodically unless the data subject exercises their right to opt-out.
processing for the operation of our website:
please refer to our cookies policy for specific data retention periods related to cookies and similar technologies on our website.
processing of applications for employment with our firm (hr recruitment):
personal data collected from job applicants who are not offered employment will be deleted no later than six months after the end of the relevant recruitment process. for those who are hired, manzari legal will continue to process personal data in accordance with its employee data protection policy.

Data Subjects’ Rights

Subject to the conditions set out in the GDPR, data subjects have the following rights concerning the processing of their personal data:

Right of access: The right to request confirmation as to whether or not a data subject's personal data is being processed and to receive a copy of such data.
Right of rectification: The right to request the correction of inaccurate or incomplete personal data.
Right of erasure: The right to request the deletion of personal data under the conditions defined in the GDPR. For instance, this right does not apply where the processing is necessary to establish, exercise, or defend legal claims.
Right of restriction: The right to request a restriction on the processing of personal data under the conditions defined in the GDPR.
Right of data portability: For processing carried out by automated means and under the conditions defined in the GDPR, the right to request a copy of personal data in a structured, commonly used, and machine-readable format.
Right of objection: The right to object, on grounds relating to the data subject's particular situation, to the processing of their personal data. For instance, a data subject can object at any time to the processing of personal data for direct marketing purposes.

Right to Withdraw Consent

If a data subject has provided consent for the processing of their personal data, they have the right to withdraw that consent at any time. Upon receiving notification of consent withdrawal, we will acknowledge receipt and cease processing the relevant personal data unless another legal basis applies. This is without prejudice to the lawfulness of processing conducted before the withdrawal of consent.

To opt out of receiving marketing communications from us, please email contact@manzarilegal.lu. Opting out of marketing communications will not impact the processing of personal data for other legitimate purposes, such as the provision of legal services or compliance with legal obligations.

Questions and Complaints

To exercise your data protection rights or for any questions or complaints about our data processing, please email us at contact@manzarilegal.lu or write to:

MANZARI Legal

2, rue Charles VI

L-1327 Luxembourg

If, after contacting us and receiving our response, a data subject believes their data protection rights have been violated, they may lodge a complaint with the National Data Protection Commission (www.cnpd.lu).

Third-Party Website Links

The website may contain hyperlinks to third-party websites. This Privacy Policy does not apply to such third-party content or websites, and MANZARI Legal does not accept any responsibility for them.

Revisions to This Privacy Policy

MANZARI Legal reserves the right to amend or update this Privacy Policy at any time. The applicable version of the Privacy Policy will be published on our website, which data subjects are encouraged to review regularly. Information regarding updates may also be communicated separately.

Latest update : January 2025