Website Data Protection Policy
This Policy governs the processing of personal data collected through the MKS Law institutional
website. It applies to all users, regardless of location, and is intended to comply with applicable data
protection laws in relevant jurisdictions, including the Brazil’s LGPD, the EU GDPR, Switzerland’s
FADP, the UK GDPR, and other frameworks such as the CCPA, the CPRA, and the APEC CBPR.
For the purposes of this Policy, MKS Law acts as the data controller. This document applies
exclusively to personal data collected through website use.
Structure
This Policy is structured into sections covering scope, data categories, processing purposes, legal
bases, data subject rights, international transfers, security, retention, incident handling, and contact
mechanisms. Each section is binding and must be read as part of an integrated set of rules
applicable to website related data processing. This version replaces any prior publication, and
updates are published with version identification and an effective date.
Introduction and Scope
This Policy applies to personal data processed via the website, including contact forms, access
logs, and any technical tools used to support website operation. It does not apply to offline
interactions or services unrelated to digital interactions through the website. By using the website,
the user acknowledges the terms described in this Policy.
Information Collected
The website may collect data such as name, email, IP address, device and browser details, access
time, and navigation information. Data may be obtained directly through user interaction and, where
applicable, through technical tools used to support website operation, security, and performance.
Collection is limited to what is necessary and proportionate for the purposes described in this
Policy, and unnecessary or excessive collection is prohibited.
Purposes and Legal Bases
Personal data may be processed to respond to contact requests, support website security, manage
performance and usage analysis where applicable, and comply with legal obligations. Processing is
based on applicable legal grounds, which may include consent, legitimate interest, pre contractual
steps, and compliance with legal duties. Personal data is not used for profiling or automated
decision making through the website and is not processed beyond the purposes described in this
Policy.
Sharing and International Transfers
Personal data may be shared with infrastructure, cybersecurity, analytics, or website maintenance
providers, to the extent necessary to perform the relevant service and subject to contractual
safeguards appropriate to the scope of processing. Personal data is not sold. International transfers
may occur depending on the technical configuration of service providers and are carried out only
where permitted by applicable law and subject to safeguards required under the relevant
framework, which may include standard contractual clauses or equivalent measures.
Security Measures
Appropriate technical and administrative measures are applied to reduce unauthorized access,
loss, alteration, or improper use, taking into account the nature of the data processed through the
website and the associated risks. Access to personal data is restricted to authorized personnel and
service providers acting within their assigned scope.
Data Subject Rights
Users may exercise rights provided under applicable law, including confirmation of processing,
access, correction, deletion, restriction or limitation where applicable, portability where applicable,
information on sharing, and withdrawal of consent where processing is based on consent. Requests
must be submitted through the contact channel published on the website. Responses are provided
within the legally applicable timeframe, and information may be requested to confirm identity and
scope. Where a request cannot be fulfilled due to legal or technical limitations, a justification is
provided.
Cookies and Tracking Technologies
The website may use cookies or similar technologies depending on the services and technical
configuration in place at a given time. Where used, they may support functionality, security, and
performance and may be subject to applicable legal requirements, including consent where
required. Users may manage such technologies through browser settings and any controls that
may be made available through the website. Cookies are not used for third party advertising
through the website.
Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes described in this
Policy or to meet applicable legal requirements. Retention periods may vary depending on data
type and context. Once no longer required, data may be deleted or anonymized using reasonable
and secure methods where applicable. Indefinite retention is not permitted.
Incident Response and Contact
Security incidents involving website data are subject to containment and assessment to determine
potential impact. Where required by applicable law, notifications may be made to the competent
authority and affected data subjects. Communications are handled confidentially and may be
recorded internally for control purposes.
Legal Compliance
Processing under this Policy is conducted in line with applicable data protection frameworks in
relevant jurisdictions. This Policy may be updated to reflect legal changes, operational revisions, or
website adjustments. Failure to comply with this Policy may be treated as internal non compliance
and addressed through appropriate measures. Agreements with service providers may include data
protection and confidentiality obligations consistent with the scope of their services.
Policy Updates
This Policy is reviewed periodically and updated when legal, operational, or technological changes
require revision. The current version is available on the website and takes effect upon publication.
Continued use of the website indicates acceptance of the version in force at the time of use.
Previous versions may be archived internally for control purposes and may be made available upon
request where required for audit or accountability purposes