Privacy and cookie policy

Overview 

This website is operated by Mayer Brown Limited (a company registered in England and Wales (company number 3531997, whose registered office is at Lion House, Oriental Road, Woking. Surrey GU22 8AR). Mayer Brown is a member of a group of companies which may process your personal data. 

Mayer Brown is a leading consultancy firm for transport planning, transport infrastructure design, and environmental assessment in the UK.

All references to ‘Mayer Brown, 'our', 'us' or 'we' within this policy are deemed to refer to either Mayer Brown Limited or its group companies such as MBL (Holding) Ltd, and/or their contractors or associates which provide services to us, as appropriate. 
We value the privacy of those who provide personal data to us. This policy applies to our customers (and potential customers), personnel that work for our customers, members of the public applying for travel schemes we manage, website visitors, our suppliers (and potential suppliers), personnel of such suppliers and contractors. It describes: 

(a)    the data identifying you that we collect 
(b)    how we use this data 
(c)    the legal basis upon which we process it 
(d)    with whom it is shared 
(e)    how it is stored 

This policy also describes other important topics relating to your data and its privacy, including how we use cookies on our website. 

This privacy policy applies to personal data we collect through our website, social media platforms, or you provide to us by email or telephone or otherwise e.g. as part of travel scheme questionnaires or leaflets. 

Please read this privacy policy carefully to understand how we handle your personal data before you access or browse our website or provide your personal data to us. 
 
Policy in detail 

The Policy is comprised of the following Sections: 
Section 1: Data collection 
Section 2: Use of data 
Section 3: Legal basis for use of your personal data 
Section 4: Cookies 
Section 5: Disclosure of personal data 
Section 6: Retention of personal data 
Section 7: Your rights 
Section 8: Marketing 
Section 9: Transfers of data 
Section 10: Security 
Section 11: Third party websites 
Section 12: Changes to our privacy policy 
Section 13: Further questions or making a complaint 

1.    Data collection 

We may receive some data about you directly from you. However, we may also receive data about you from third parties such as your employer, our suppliers, our clients, marketing partners, our group companies and public websites, which we refer to as "Third Party Sources" throughout this policy. 
We, or third parties on our behalf, may collect and use any of the following data about you and we refer to this as “personal data” throughout this policy: 

1.1    Personal data which you (or a Third Party Source) gives us. 

You may give us personal data about yourself by using the online forms provided on our website such as for our newsletter, completing questionnaires, joining travel schemes, ordering services from us, setting up an account with us, or by contacting us by phone, e-mail or other means. This includes, for example, when you or your employer provide your personal data to us in order to receive our services. You, or our Third Party Sources may also give us personal data about you when you or they are offering or providing services to us. 

This personal data will include:

(a)    Data about you if you are a client: 
(i)    your name 
(ii)    your job title 
(iii)    company name 
(iv)    e-mail address 
(v)    your company's address 
(vi)    data provided when you correspond with us `
(vii)    any updates to data provided to us 

(b)    Data about members of the public related to travel schemes:

(i)    Name
(ii)    Age
(iii)    Address
(iv)    Proof of address
(v)    Email address

(c)    Data about our website visitors:

(i)    if you visit our website, your IP address
(ii)    your user name 
(iii)    your behaviour on our website (for example, the pages that you click on) or on our software app 

(d)    Data about the services we provide to you or your employer:

(i)    data needed to provide our services (including data on account opening forms, details of your order, our services, order history, payment details, trade references, local authority council and public bodies/trust references, and tax information) 
(ii)    customer services data 
(iii)    customer relationship management and marketing data 

Please note that we need certain types of personal data so that we can provide services to you or so you, or our Third Party Sources, can provide services to us. If you do not provide us with such personal data, or if you ask us to delete it, you may no longer be able to access our goods and services or provide goods and services to us. 

1.2    Personal data we collect about you (including from Third Party Sources). 

(a)    Each time you visit our website (including www.mayerbrown.co.uk) we may automatically collect any of the following data: 
(i)    technical data, including the Internet protocol (IP) address used to connect your computer to the internet, domain name and country which requests data, the files requested, browser type and version, browser plug-in types and versions, operating system and platform 
(ii)    data about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), time and length of visits to certain pages, page interaction data (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location data, weblogs and other communication data and data provided when requesting further service or downloads 
(b)    If you are a customer or a supplier (or a potential customer or supplier) or work for one of them (including as a consultant), we may obtain data about you from your company's website. 

We also collect anonymised details about visitors to our websites for the purposes of creating aggregate statistics or reporting purposes. However, no single individual will be identifiable from the anonymised details we collect for these purposes. 

2.    Use of data 

2.1    We, or our Third Party Sources acting on our behalf, collect, use and store the personal data listed above for the following reasons:

 
(a)    Visiting our websites: 
(i)    to allow you to access and use our websites 
(ii)    to provide technical support 
(iii)    to provide you with the information and services that you request from us
(iv)    to ensure the security of our services and our websites 
(v)    to store information about your preferences 
(vi)    to recognise you when you return to our websites 
(vii)    to process orders which you place for information or services from us 
(viii)    for improvement and maintenance of our websites 
Details relating to the usage of our websites by individuals will be anonymised as far as is reasonably possible and you will not be identifiable from the data collected. 

(b)    Providing services to you: 
(i)    to register you as a user of our services. 
(ii)    providing travel schemes.
(iii)    client services such as air quality, environmental assessment, flood risk, noise and vibration, road safety, transport planning, waster management, CEMP, infrastructure, rail interchange services, topographical surveys.
(iv)    to provide relevant services to you or your employer (including, to confirm and process orders, for administration of your account with us, tax, invoicing and debt collection purposes). 
(v)    to deal with any enquiries or issues you have about our services, including any questions you may have about how we collect, store and use your personal data, or any requests made by you for a copy of the data we hold about you. If we do not have a contract with you, we may process your personal data for these purposes where it is in our legitimate interests for customer services purposes. 
(vi)    to send you certain communications (including by email or post) about our services such as our newsletter, service announcements and administrative messages. 
(vii)    for legitimate business development and marketing purposes, to contact you (including by email or post) with information about our services which either you request, or which we feel will be of interest to you. 

(c)    For profiling and statistical analysis. 
(d)    For internal corporate reporting, business administration, ensuring adequate insurance coverage for our business, and to identify and implement business efficiencies. 
(e)    To comply with any procedures, laws and regulations which apply to us – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others to comply, as well as where we are legally required to do so. 
(f)    To establish, exercise or defend our legal rights – this may include where we reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as where we are legally required to do so. 

2.2    We will not use your personal data in any way that is incompatible with the purposes set out in this section 2 without contacting you first. 

Please contact us at the details set out at the end of this policy if you want further information on the analysis we will undertake to establish if a new use of your personal information is compatible with these purposes. 

3.    Legal basis for use of your personal data 

3.1    We consider that the legal bases for using your personal data as set out in this privacy policy are as follows: 

(a)    our use of your personal data is necessary to perform our obligations under any contract with you (for example, to comply with the terms of use of our websites which you accept by browsing our websites). 
(b)    our use of your personal data is necessary for complying with our legal obligations (for example, providing information to HMRC). 
(c)    your consent, as further described in sections 3.3 and 3.4 below. 
(d)    where neither (a) nor (b) apply, use of your personal data is necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the security of our websites). In some cases, we have identified where this is case elsewhere in this Policy. Our legitimate interests are to: 
(i)    run, grow and develop our business 
(ii)    operate our websites 
(iii)    select appropriately skilled and qualified suppliers 
(iv)    marketing, market research and business development 
(v)    provide services to our customers, make and receive payment, and provide customer service support (vi) know our customers and any of their service users 
(vi)    for internal group administrative purposes, as described in section 5.1 below. 
3.2    If we rely on our (or another person's) legitimate interests for using your personal data, we will undertake a balancing test to ensure that our (or the other person's) legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require protection of the personal information. You can ask us for information on this balancing test by contacting us at the details set out at the end of this policy. 
3.3    In the future, certain new uses of your personal data may require us to obtain your consent. In those cases, that need for consent will be identified in this privacy policy and/or at the time we collect the personal data. 
3.4    Where we rely on your consent for us to use your personal data in a particular way, but you later change your mind, you may withdraw your consent by contacting us at the details set out at the end of this policy or, in relation to marketing, by unsubscribing from the marketing communications using the link in the communications, and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to provide services to you.

4.    Cookies 

4.1    Our websites use cookies, which are small files placed on your device when you visit our websites. We use cookies in order to offer you a more tailored experience in the future, by understanding and remembering your particular browsing preferences, and for marketing purposes. 
4.2    You may block the use of cookies at any time. To do so, you can activate the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies), you may not be able to access all or parts of our websites or to use all the functionality provided through our websites. 
4.3    Please see our Cookies Policy for more information on our use of cookies and other tracking technologies on our websites. 

5.    Disclosure of personal data 

5.1    We may share your personal data with any company that is a member of our group, which includes our holding company, where it is in our legitimate interests to do so for internal administrative purposes (for example, ensuring consistent and coherent delivery of services to our customers, corporate strategy, compliance, auditing and quality assurance). We may also share your personal data with our group where they provide services to us, such as information technology systems. 
5.2    We will share your personal data with the following categories of third parties: 
(a)    our service providers and sub-contractors, including but not limited to CRM platform providers, payment processors, and suppliers of technical and support services 
(b)    freelancers and sub-contractors assisting with individual projects
(c)    public agencies (including tax officials) 
(d)    companies that assist us in our marketing, advertising and promotional activities 
(e)    analytics and search engine providers that assist us in the improvement and optimisation of our website 
Any third parties with whom we share your personal data are limited (by law and by contract) in their ability to use your personal data for any purpose other than to provide services for us. We will always ensure that any third parties with whom we share your personal data are subject to privacy and security obligations consistent with this privacy policy and applicable laws. 

5.3    We will also disclose your personal data to third parties: 
(a)    where it is in our legitimate interests to do so to run, grow and develop our business, such as: 
(i)    if we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets 
(ii)    if substantially all of Mayer Brown's or any of its affiliates' assets are acquired by a third party, in which case personal data held by Mayer Brown will be one of the transferred assets 
(b)    if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity 
(c)    in order to enforce or apply our terms and conditions or any other agreement or to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity 
(d)    to protect the rights of Mayer Brown, our staff, our customers or other persons. This may include exchanging personal data with other organisations for the purposes of fraud protection and credit risk reduction. 
5.4    Save as expressly detailed above, we will never share, sell or rent any of your personal data to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal data in a particular way, but later change your mind, you can contact us to withdraw your consent using the details set out at the end of this policy. 

6.    Retention of personal data 

6.1    We keep your personal data for no longer than necessary for the purposes for which the personal data is processed. The length of time we retain personal data for depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights. Our retention policy is based on the following criteria: 
(a)    if you were an active contact but have not interacted with us or any of our platforms or materials over a set period of time, we will delete our contact record of you; and 
(b)    if you are a new prospective contact but have not interacted with us or any of our platforms or materials within a set period of time (thus indicating you have no intention of starting a business relationship with us), we will delete our contact record of you. 
6.2    If you have any specific queries in relation to our data retention policy please contact us for more information.

7.    Your rights 

7.1    You have certain rights in relation to your personal data. If you would like further information in relation to these or would like to exercise any of them, please contact us by email at the details set out at the end of this policy. Subject to certain exemptions permitted by law, you have the following rights: 
(a)    Right of access. You have a right of access to any personal data we hold about you. You can ask us for a copy of your personal data; confirmation whether your personal data is being used by us; details about how and why it is being used; and details of what safeguards are in place if we transfer your personal data outside of the EEA.
(b)    Right to update your information. You have a right to request an update to any of your personal data which is out of date or incorrect. 
(c)    Right to delete your information. You have a right to ask us to delete any personal data which we are holding about you in certain specific circumstances. 
(d)    Right to restrict use of your information: You have a right to ask us to restrict the way that we process your personal data. 
(e)    Right to stop marketing: You have a right to ask us to stop using your personal data for direct-marketing purposes. If you exercise this right, we will stop using your personal data for this purpose. 
(f)    Right to data portability: Where we use your personal data on the basis of your consent or performance of a contract, you have a right to ask us to provide your personal data to a third party provider of services. 
(g)    Right to object. You have a right to ask us to consider any valid objections which you have to our use of your personal data where we process your personal information on the basis of our or another person's legitimate interest, or where we use your personal data for profiling purposes. 
7.2    We will consider all such requests and provide our response within a reasonable period (and in any event within one month of your request unless we tell you we are entitled to a longer period allowed by applicable law). Please note, however, that certain personal data may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims. 
7.3    We may request you provide us with information necessary to confirm your identity before responding to any request you make. If an exception applies we will tell you this when responding to your request. 
7.4    If you want to know more about these rights, when they might not apply or where they are subject to certain exceptions, please contact us at the details set out at the end of this policy. Alternatively, the Information Commissioner's Office website sets out further information on individuals' rights: www.ico.org.uk
7.5    Two fundamental rights of which you should be aware are that you may: 
(a)    ask us to stop using your personal information for direct-marketing purposes. If you exercise this right, we will stop using your personal information for this purpose. 
(b)    ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our, or another person's, legitimate interest. 

8.    Marketing

8.1    We may collect and use your personal data for undertaking marketing by email, telephone and post including but not limited to our newsletter. 
8.2    We may send you certain marketing communications (including electronic marketing communications to existing customers) if it is in our legitimate interests to do so for marketing and business development purposes.
8.3    However, we will always obtain your consent to direct marketing communications where we are required to do so by law and if we intend to disclose your personal data to any third party for such marketing. 
8.4    If you wish to stop receiving marketing communications, you can contact us at any time at the details set out below or by email at enquiry@mayerbrown.co.uk You may also unsubscribe using the unsubscribe link in any electronic communication we send to you. 

9.    Transfers of personal data

9.1    We may share your personal data within the ‘Mayer Brown Group’ and other third parties as set out in section 5. This may involve transferring your data outside the UK and EEA. Whenever we transfer your personal data out of the UK and EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
(a)    We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. 
(b)    For transfers between companies within the Mayer Brown Group, we have appropriate intra-group data transfer agreements in place.
(c)    Where we use certain service providers, we may use specific contracts approved for use in the UK/EEA which give personal data the same protection it has in the UK/EEA, including where relevant ensuring that the European Commission’s standard contractual clauses for international data transfers apply to the relevant contract.
9.2    Please contact us anytime if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and EEA. Our contact details are set out at section 13 below.

10.    Security 

10.1    The main risk of our processing of your personal data is if it is lost, stolen or misused. This could lead to your personal data being in the hands of someone else who may use it fraudulently or make public information that you would prefer to keep private. 
10.2    For this reason, Mayer Brown is committed to protecting personal data from loss, misuse, disclosure, alteration, unauthorised access, unavailability and destruction and takes all reasonable precautions to safeguard the confidentiality of personal data, including through use of appropriate organisational and technical measures. Organisational measures include physical access controls to our premises, implementing internal policies and staff training and ensuring confidentiality obligations are imposed on our employees and third parties. Technical measures include requiring passwords for access to our systems, the use of encryption and anti-virus software and logically separating data. 
10.3    In the course of provision of your personal data to us, your personal data may be transferred over the internet. Although we make every effort to protect the personal data which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal data transmitted to our website and that any such transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to protect it against unauthorised access. 
10.4    Where we have given you (or where you have chosen) a password which enables you to access your online account, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. 

11.    Third party websites 

Our websites may, from time to time, contain links to websites operated by third parties including partner networks and our group companies. Please note that this privacy policy only applies to the personal data that we collect through our websites or which we receive from Third Party Sources, and we cannot be responsible for personal data about you that is collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal data to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies. 

12.    Changes to our privacy policy 

We may update our privacy policy from time to time. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by post or email. Please check back frequently to see any updates or changes to our privacy policy. By continuing to use the services and our website, or to offer and/or provide services to us you are confirming that you have read and understood the latest version of our privacy policy. 

13.    Further questions or making a complaint 

If you have any queries or complaints about our collection, use or storage of your personal data, or if you wish to exercise any of your rights in relation to your personal data, please contact us at the details below. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal data. 

Our contact details are:
By email: enquiry@mayerbrown.co.uk
By post: Mayer Brown Limited, Lion House, Oriental Road, Woking. Surrey. GU22 8AR

You may also make a complaint to Information Commissioners' Office in the UK or, in certain circumstances, the data protection authority in the European Union country where you usually live or work. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached. The practices described in this privacy policy are current as of 17 June 2025.