Privacy Policy
Our Commitment to Data Protection
RockStone Legal, established in Moscow in 2001 and now operating as an international legal consultancy with offices in Moscow and Singapore, recognizes that privacy is not merely a legal obligation but a foundational element of the trust relationship between counsel and client. This policy articulates our practices regarding the collection, use, and protection of personal information—practices designed to maximize the value of our services while minimizing intrusion upon individual privacy interests. The economic logic is straightforward: information has value, but so does privacy. Our approach seeks the efficient balance between these competing interests, ensuring that we collect only what serves legitimate purposes and protect what we collect with appropriate rigor.
1.Information We Collect
We collect information through several channels, each serving distinct purposes in our service delivery. The categories below represent the universe of data we may gather, though not every interaction will involve all categories.
1.1Contact Form Submissions
When you submit an inquiry through our contact form, we collect your name, company affiliation, the nature of your legal matter, and your message. This information enables us to assess whether we can assist you and to respond appropriately. We do not require information beyond what is necessary for this initial evaluation.
1.2Analytics and Usage Data
We employ standard analytics tools to understand how visitors interact with our website. This includes pages visited, time spent on pages, referral sources, and general geographic location derived from IP addresses. Such data, aggregated and anonymized, informs our efforts to improve the website experience. We do not use this information to identify individual visitors.
1.3Server Access Logs
Our servers automatically record certain information about each request, including IP addresses, browser types, and timestamps. These logs serve security and diagnostic purposes. They are retained for a limited period and are not correlated with personal identities except when investigating potential security incidents.
1.4Contract Verification Access
When parties access our contract verification system, we log the access event including timestamp and IP address. This logging serves the legitimate interest of maintaining an audit trail for document verification—a function that benefits all parties to verified contracts.
2.Lawful Bases for Processing
We process personal data only where we have a lawful basis to do so. Our processing activities rest on the following foundations:
2.1Legitimate Interests
Most of our data processing serves legitimate business interests: responding to inquiries, improving our services, maintaining security, and operating our website effectively. We have assessed these interests against potential impacts on data subjects and concluded that our processing is proportionate and expected by those who interact with us.
2.2Contractual Necessity
Where we enter into engagements with clients, processing of personal data becomes necessary for the performance of our contractual obligations. This includes communication, document preparation, and matter management.
2.3Legal Obligations
Certain processing is required by law, including professional responsibility requirements, anti-money laundering regulations, and tax obligations. We process data as necessary to comply with these requirements.
3.Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected. Contact form submissions are retained for two years unless they lead to an engagement, in which case client matter retention policies apply. Analytics data is retained in aggregated form indefinitely but individual session data is purged after 26 months. Access logs are retained for 90 days. Client matter files are retained in accordance with professional responsibility requirements and applicable statutes of limitation, typically seven years following matter closure.
4.Your Rights
Depending on your jurisdiction, you may have certain rights regarding your personal data. We honor these rights regardless of where you are located, as a matter of good practice:
4.1Right of Access
You may request confirmation of whether we process your personal data and, if so, access to that data along with information about how we use it.
4.2Right to Rectification
If personal data we hold about you is inaccurate or incomplete, you may request correction. We will respond promptly to such requests.
4.3Right to Erasure
In certain circumstances, you may request deletion of your personal data. We will comply unless retention is required by law or necessary for the establishment, exercise, or defense of legal claims.
4.4Right to Data Portability
Where technically feasible and legally required, you may request your personal data in a structured, commonly used, machine-readable format for transfer to another service provider.
5.Third-Party Disclosures
We do not sell personal data. We may share data with service providers who assist our operations (hosting providers, analytics services, email systems) under contractual terms requiring appropriate protection. We may also disclose data when required by law, court order, or regulatory authority, or when necessary to protect our rights or the safety of others. In the context of client matters, we share information only as authorized by the client or required by professional obligations.
6.International Data Transfers
As an international practice with offices in Moscow and Singapore, we may transfer personal data across borders. We implement appropriate safeguards for such transfers, including standard contractual clauses where applicable. The nature of international legal practice necessitates cross-border information flows; we manage these flows with attention to applicable data protection requirements in each jurisdiction.
7.Security Measures
We employ technical and organizational measures appropriate to the sensitivity of the data we process. These include encryption in transit and at rest, access controls, regular security assessments, and staff training. No system is impervious to all threats, but we maintain defenses commensurate with the risks we face and the expectations of those who entrust us with their information.
8.Contact Information
Questions regarding this policy or requests to exercise your rights should be directed to our Moscow headquarters at moscow@mirslegal.com or by post to White Gardens Business Center, 7 Lesnaya Street, Moscow, 125047, Russian Federation. We endeavor to respond to all inquiries within 30 days.