Privacy Statement

 1. Introduction

Mathema values your privacy and is committed to protecting your personal data. The following Privacy Statement sets out how we collect and use your information, the rights you have in relation your information and the legal basis upon which we rely on to process your information.

Personal data includes any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

This Privacy Statement should be read together with our terms of use and cookies statement and any location specific legal notice. For Mathema workers in the EU, please refer to our Privacy Notice for Employees, Workers and Contractors. 

2. Data Controller - Who we are

Mathema is an international firm.  Our contact details can be found in section 12 of this statement. When you engage us to provide services for you, we will let you know which Mathema entity will be the “data controller” for your personal data. 

3. Explaining the legal basis we rely upon to process your personal information

Data protection laws set out various grounds on which an organisation may lawfully collect and process your personal data. These include: 


We can collect and process your data with your consent. For example, when we are processing sensitive or special personal data, such as information relating to your health or religious beliefs. In many circumstances, if we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time. 

Contractual obligations

In many circumstances, we require your personal data to comply with contractual obligations. For example, we collect your identity and contact information when we verify you as a new client. If you are unable to provide such information to us, we may not be able to perform the contract we have with you or your organisation or enter into a contract with you or your organisation. 

Legal compliance

If the law requires us to, we may need to collect and process your personal data. For example, we may require your personal data to comply with anti-money laundering legislation or laws relating to the provision of services. If you are unable to provide such information to us, we may not be able to perform the contract we have with you or your organisation or enter into a contract with you or your organisation. 

Legitimate interests

In many situations, we require your personal data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests. For example, it may be in our legitimate interests to use your personal information for marketing purposes to assist us with the growth of our business.

Data protection laws do vary across the different jurisdictions in which Mathema operates.  

4. Personal data that we collect - What, when & why

We may collect personal data from you in the course of our business, including when you engage our legal or other services, through your use of our website, when you contact or request information from us, or as a result of your relationship with our staff and clients. 


The personal information that we process includes, but is not limited to:

  • Contact information, such as your name, the company you work for, your title, position, your relationship to a person, your postal address, email address and phone number(s);
  • Identification and background information provided by you or collected as part of our business acceptance processes, this may include your full name, photographic identification and gender;
  • Financial information, such as bank account and payment card details;
  • Technical information, such as information collected from your visits to our website;
  • Information you provide to us for the purposes of attending meetings and Mathema events, including dietary requirements;
  • Personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them.

We collect your personal information for a number of reasons. These may be to:

  • help us deliver our services;
  • confirm your identity;
  • develop and market new services;
  • comply with any applicable law or court order;
  • enforce our agreements with you;
  • recruit new employees.


Online data collection – Mathema website

We may collect information from you online in a number of ways, such as through the use of this website.


In some of the jurisdictions in which Mathema operates, you are required to complete an online job application form which allows you to provide us with information relating to your education, employment history and similar matters. This allows our hiring team to make an informed decision as to whether to proceed with your application. We consider that the collection of this personal information is necessary to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. We may also require your personal data to enter into a contract with you. We will not process any sensitive or special personal information unless we are able to do so under relevant legislation or with your explicit consent.

Automated technologies or interactions 

As you interact with our website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. We may also receive technical data if you visit other websites employing our cookies including, analytics providers such as Google based outside the EU; advertising networks based outside the EU; and search information providers based inside or outside the EU. We consider that the collection of this information is necessary to pursue our legitimate interests in a way which might reasonably be expected (eg. to analyse how our clients use our services, to develop our services and grow our business) and which does not materially impact your rights, freedom or interests. Please refer to our cookies policy for further information.

“Off-line” data collection

We use different methods to collect personal data from you and about you. These may be through direct interactions (such as when you provide us with your business card at a meeting or event), from third-party sources (such as tax authorities) or from publicly available sources.

Mathema is primarily instructed by corporate entities, rather than individual clients. However, as part of these instructions from corporate entities, we process personal data relating to, but not limited to, our client’s workers, opponents or vendors. 

Anti-Money laundering, anti-terrorism, fraud and other background checks for new clients

There are laws and regulations that we are required to comply with when we take you on as a new client or open a new matter for you. In order to fulfil our legal obligations, we are obliged to verify the identity of new clients, and in some circumstances, existing clients. In some circumstances we may decline to, or may not be permitted to, proceed to act until such procedures have been completed. We consider that the legal basis for this processing is to perform contractual obligations and to comply with legal or regulatory obligations that we are subject to.

5. How we protect your data

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and protect your personal data. 

We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.

We limit access to your personal data to those employees, agents, contractors and other third parties on a “need to know” basis. We have procedures in place to identify and respond to data security breaches. We will notify you and any data protection authority of a breach where we are legally required to do so.

6. How long will we keep your personal data?

Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements.

Mathema has a document retention and deletion policy. At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).

In some circumstances, you can ask us to delete your data.

7. Who do we share your personal data with?

Mathema may share your personal data with a number of third parties (who may act as “data processors” or “joint data controllers”) in the course of providing our services. These may include, but are not limited to:

  • Insurers;
  • IT service providers;
  • Legal practitioners;
  • Translators;
  • Various professional experts, including accountants and tax advisers;
  • Document management services;
  • Regulators or tax authorities.

We employ the services of third parties to assist us with website hosting. 

8. Where your data may be processed

To facilitate our global operations, Mathema may transfer, store and process your information within our group of firms around the world.

For those individuals residing in the European Economic Area (EEA), this may sometimes involve the transferring of your personal information out of the EEA. Laws in these countries may differ from the laws applicable to your country of residence. Where we transfer, store and process your data outside of the EEA we have ensured that appropriate safeguards are in place to provide an adequate level of data protection. This may be by way of an adequacy decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country or by way of an agreement containing EU Model Clauses (a set of clauses issued by the European Commission). Further information on these EU Model Clauses and the rights they provide to data subjects can be found on the European Commission website.

Please contact us if you require further information on the specific mechanism used by us when transferring your personal data outside of the EEA.

9. Direct marketing

There are several ways you can stop receiving direct marketing communications from us. Click the ‘unsubscribe’ or ‘opt-out’ link in any email communication that we send you, or email us at This email address is being protected from spambots. You need JavaScript enabled to view it. . Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. In relation to any third-party marketing, we will get your express opt-in consent before we share your personal data with any company outside Mathema for any marketing purposes.

10. What are your rights over your personal data?

You have a number of rights in relation to the personal data that we hold about you. These rights are subject to certain exemptions and do differ across the jurisdictions in which Mathema operates.

Request access to the personal data we hold about you

Subject to any applicable exceptions, we will provide you with a copy of your personal data within the timescales set out in relevant legislation. For EU residents, we will do this for no fee, in accordance with applicable legislation.

Right to rectification

If the information we hold about you is inaccurate, you have the right to have this information rectified.

Right to erasure / ‘Right to be forgotten’

You can ask us to delete or remove your information in certain circumstances. For EU residents, whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. In cases where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing your data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Right to data portability

In certain circumstances, you may have the right to obtain your personal data in a structured, commonly used and machine readable format and to reuse it elsewhere or ask us to transfer it to a third party of your choice. 

Right to object

In certain circumstances, you have a right to object to processing being carried out by us. Where personal data is being processed for direct marketing purposes, you have a right to object at any time

Rights in relation to automated decision-making and profiling

In certain circumstances, you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.

To protect the confidentiality of your information, we will require you to verify your identity before proceeding with any request. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

11. Links to third party websites

Our website may contain links to third party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. If you follow a link to any third party website, please be aware that these websites have their own privacy notices or policies and we do not accept any responsibility or liability for their data processing activities.

12. Contact us

We hope this Privacy Statement has been helpful in setting out the way we handle your personal data and your rights to control it. This Privacy Statement sets out most of your rights under relevant laws, but not necessarily every right you have.

If you have any concerns, requests, complaints or questions that haven’t been covered, please contact our Group Privacy Officer who will be pleased to help you:

Email us on This email address is being protected from spambots. You need JavaScript enabled to view it., or write to us at:

Mathema Group Privacy Officer, Mathema,  15 Rue du Cendrier, 1201 Geneva, Switzerland.

13. Complaints

You have a right to make a complaint to the relevant data protection authority (“DPA”) at any time. We would appreciate the chance to understand your concerns in the first instance before your contact the DPA however.

Data Protection Authorities

United Kingdom: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Germany: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit - Husarenstr. 30 - 53117 Bonn

Belgium: Commissie voor de bescherming van de persoonlijke levenssfeer, Rue de la Presse 35, 1000 Brussels

Spain: Agencia Espanola de Proteccion De Datos - C / Jorge Juan, 6. 28001 - Madrid

Italy: Garante per la Protezione dei Dati Personali, Piazza di Monte Citorio, 121 – 00186 Roma 

Rest of World

Australia: Office of the Australian Information Commissioner (OAIC), GPO Box 5218, Sydney, NSW 2001

Hong Kong: Privacy Commissioner for Personal Data, 12/F, Sunlight Tower, 248 Queen’s Road East, Wanchai, Hong Kong

14. Changes to this Privacy Statement and your duty to inform us of any changes to your personal data 

This Privacy Statement was last updated on 18 December 2018. Previous versions can be obtained by contacting us. Should any substantive or material change be made to this Privacy Statement, we will notify you.

It is important that the personal data that we hold about you is accurate and current. Please keep us informed if any of the personal data you have provided us with changes during your relationship with us.