Privacy Policy
1. Introduction

1. In the course of its activities, HMN & Partners (hereinafter ‘the Firm’ or ‘we’) collects and processes personal data relating to its prospects, clients and candidates.


2. The main objective of this document is to bring together in a concise, transparent, intelligible and easily accessible form all the appropriate information relating to the processing of data to help you understand how and why your personal data are processed.

2. Fair and transparent collection of your data

3. In order to ensure fairness and transparency for its clients, candidates and service providers, the Firm makes a point in informing each data subject about the processing it carries out through information notices.

3. Legitimate and proportionate use of your data

4. When we process data, we do so for specific purposes: each data processing has a legitimate, specified and explicit purpose.


5. For each processing operation, the Firm undertakes to collect and use only data that are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.


6. The Firm ensures that data are kept up to date, where necessary, and takes steps to ensure that data that are inaccurate are erased or rectified.

4. Types of personal data that we process

7. In processing the personal data collected for the purposes described below, the Firm collects and processes the following categories of data:


– identification data;
– contact data;
– data relating to the professional situation;
– economic and financial data;
– billing and payment information (amount, terms and conditions of payment, outstanding payments, credit notes, receipts);
– data relating to the education, diplomas and distinctions of the data subjects;
– sensitive data, such as on the health status required for managing files, particularly in relation to insurance law and health law;
– data relating to criminal convictions and offences or related security measures required for managing the files entrusted to us;
– elements of the proceedings (pleadings, statements, writings, testimonies, exhibits, evidence);
– contracts and enforcement documents;
– connection data, such as domain names and IP addresses of its users, statistics on usage (including types of browser and operating systems used) as well as browser history.

5. Legal bases and purposes for processing data

8. The processing operations carried out by HMN & Partners have the following purposes and legal bases:


Legal basis Purposes
Taking steps prior to entering into a contract or performance of a contract to which the data subject is party
  • Management and follow-up of client files,
  • Management and follow-up of invoicing times, management and follow-up of client payments
  • Management of unpaid invoices and client reminders
  • Management and follow-up of pre-billing and invoicing
  • Management of incoming payments
  • Revenue management
  • Management of procedural agendas and lawyers’ agendas
  • Management of litigation, pre- contentious and advisory client files
  • Contract management
  • Order management
  • Invoice management
  • Recruitment management (selection, interview, decision)
Controller’s legitimate interests To monitor and organise its activities
  • Statistics and control
  • Management of electronic signature tasks
To develop its business
  • Promotion, direct marketing, communication, segmentation, targeting
  • Contact and communication
  • Marketing strategy operations with clients and prospects (newsletters, greeting cards, informational content, press releases, invitations to training courses or events)
  • Objection list management and monitoring
  • Analysis (trend analysis, progress of marketing actions)
  • Manage the Firm’s external communications
To ensure the proper storage of paper archives
  • Archiving paper documents
Legal obligation
  • Combating money laundering and the financing of terrorism (AML/CFT)
  • Risk mapping, training and awareness-raising, (simplified, complementary and reinforced) duty of care for lawyers when entering into a relationship and during the course of the business relationship, refusal to enter into a relationship, Know Your Customer and beneficial ownership identification requirements, implementation of internal procedures…where applicable, suspicious transaction reporting phase, appointment of a contact person
  • Accounting
  • Website audience and traffic analysis
6. Recipients of your data

9. The personal data we collect, and those we obtained subsequently, are intended for us in our capacity as controller.


10. The following categories of recipients are also recipients of your data:
– members of the Firm;
– service providers;
– authorised authorities and courts.


11. We ensure that only authorised persons will have access to your personal data. The Firm applies a strict authorisation policy which ensures that the data it processes are only shared with those authorised to access them.

7. Transfer of your data

12. The Firm will not transfer your personal data to any country outside of the European Union, except in situations where it is necessary for the performance of the contract that we have concluded.


13. Within this framework, only personal data relating specifically to the contract in question can be transferred outside the European Union.


14. If the Firm is required to transfer data outside the European Union in situations other than those necessary for the performance of the contract, it will not do so without having first taken the necessary measures for ensuring a level of protection and security for personal data equivalent to that available in Europe, in which case you will be informed prior to the transfer.


15. To ensure the security of these transfers outside the European Union, we could use, for example, standard clauses for regulating data flows as defined by the European Commission.

8. Period for which your data will be stored

16. The Firm ensures that data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed.


17. The periods for which we keep your personal data are proportionate to the purposes for which your data were collected.


18. More precisely, our data storage policy is the following.


Purposes Storage period
Managing clients and prospects 3 years from last incoming contact
Management and follow-up of client files 10 years after the file has been archived
Billing and accounting 10 years
Purchase management (supplier information) Duration of the contractual relationship, plus 3 years
Archives management 10 years
Managing the fight against money laundering and the financing of terrorism 5 years from the end of the business relationship
Website and social network management Request will be deleted after it has been processed
Recruitment management 2 years for unsuccessful candidates (unless the candidate requests that data be deleted)
Duration of contractual relationship, plus statutory limitation periods for successful candidates
9. Security of data

19. The security of your personal data is very important to us.


20. The Firm has implemented technical and organisational measures appropriate to the degree of sensitivity of the personal data, in order to ensure the integrity and confidentiality of the data and protect them against malicious intrusion, loss, alteration or disclosure to unauthorised third parties.


21. Nevertheless, the security and confidentiality of personal data is dependent on everyone taking the best possible care. All data subjects are invited to remain particularly vigilant about their personal data.

10. Processors

22. When the Firm decides to engage service providers, it will not disclose personal data without first obtaining from those service providers a commitment to, and guarantees on, their capacity to meet security and confidentiality requirements.


23. In compliance with our legal and regulatory obligations, the contracts concluded with our processors set out precisely the terms and conditions of the processing of personal data by them.

11. Your rights

24. The Firm is committed to respecting your rights in relation to the data it processes, in order to ensure fair and transparent processing, taking into account the specific circumstances and context in which your personal data are processed.

11.1 Your right of access

25. You have the right to obtain confirmation as to whether or not your personal data are being processed and, where that is the case, you have the right to request a copy of your data as well as information about:


– the purposes of the processing;
– the categories of personal data concerned;
– the recipients or categories of recipient, and where applicable, the international organisations, to whom the personal data have been or will be disclosed, in particular recipients in third countries;
– where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
– the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
– the right to lodge a complaint with a supervisory authority;
– where the personal data are not collected from the data subject, any available information as to their source;
– the existence of automated decision-making, including profiling, and, in latter case, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

11.2 Your right to rectification of your data

26. You have the right to ask us to rectify and complete your personal data, if they are inaccurate, incomplete, ambiguous, or outdated.

11.3 Your right to erasure of your data

27. You have the right to ask us to erase your personal data in the cases provided for by laws and regulations.


28. Please note, however, that the right to erasure is not a general right and can only be exercised if one of the reasons provided for in the applicable laws is met.

11.4 Your right to restriction of processing

29. You have the right to request restriction of processing of your personal data in the cases provided for by laws and regulations.

11.5 Your right to object to the processing of your data

30. You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on the legitimate interests pursued by the controller (see section above on the legal basis for processing data).
If you exercise your right to object, we will no longer process your personal data for the processing concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
You have the right to object to direct marketing.

11.6 Your right to data portability

31. You have the right to the portability of your personal data. Please note, however, that the right to data portability is not a general right. Not all data from all processing operations are portable; the right to data portability only concerns processing carried out by automated means to the exclusion of manual or paper processing.
This right is limited to processing based on your consent, on the performance of a contract or on the taking of steps prior to entering into a contract.
This right does not include derived or inferred data, which are personal data created by the Firm.

11.7 Your right to withdraw consent

32. Where the data processing we carry out is based on your consent, you have the right to withdraw you consent at any time. We will then stop processing your personal data; but this will not affect the operations based on consent before its withdrawal.

11.8 Your right to lodge a complaint

33. You have the right to lodge a complaint with the CNIL (3 place de Fontenoy 75007 Paris, France) on French territory and without prejudice to any other administrative or judicial remedy.

11.9 Your right to give post-mortem instructions

34. You have the right to give special instructions on how your personal data should be stored, erased and shared after your death, in the manner described below. These special instructions only concern, and will be limited to, the processing carried out by us.
You also have the right, when that person will be designated by the French executive branch, to give general instructions for the same purpose.

11.10 How to exercise your rights

35. You may exercise all of the rights listed above by sending a request, together with a document proving your identity by any means, by email to or by post to Lexing Alain Bensoussan Avocats DPO HMN & Partners, Immeuble Cap Etoile – 58 boulevard Gouvion-Saint-Cyr 75017 Paris, France.

12. Change to this document

36. We invite you to review our policy regularly on our web site. It may be updated at any time.