Shearman And Sterling

privacy, data protection, privacy notice

Privacy Notice

Last updated: October 1, 2020

Shearman & Sterling is strongly committed to protecting personal data. This privacy notice describes why and how we collect and use personal data and provides information about rights individuals may have in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy notice or as otherwise stated at the point of collection.

Shearman & Sterling LLP is a limited liability partnership organized under the laws of the state of Delaware. References in this notice to Shearman & Sterling, the firm, we and us are references to Shearman & Sterling LLP and our affiliated entities, including Shearman & Sterling (London) LLP, a limited liability partnership through which we practice in the United Kingdom and Italy, and Shearman & Sterling, a partnership through which we practice in Hong Kong. We also practice in Saudi Arabia in association with a Saudi firm, Dr. Sultan Almasoud & Partners.

At Shearman & Sterling, we collect and use personal data in the same manner across our offices and affiliated entities, as described in this privacy notice. We also adhere to local additional requirements, where applicable.

What is personal data?

As used in this notice, personal data means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a natural person.

Information for European residents and persons subject to GDPR

Information for individuals in the European Union (EU) or European Economic Area (EEA), or otherwise subject to the General Data Protection Regulation (EU) 2016/679 (GDPR), is provided throughout this privacy notice, including where specifically noted. Please also see the section below titled Additional Information for Persons in the EU/EEA.

Information for California residents

For information about our privacy practices that is required under the California Consumer Privacy Act (CCPA), please see our California Consumer Privacy Notice.

Information about our use of cookies

For information about our use of cookies and tracking technologies our website(s), please see our Cookie Policy.

PERSONAL DATA WE COLLECT AND HOW WE USE IT 

How we obtain personal data

As a law firm, we regularly receive personal data in the course of professional activities. We may collect personal data:

  • As part of our business intake procedures;
  • When you or your organization seek legal advice or representation from us;
  • In the course of representing and counseling our clients;
  • When you or your organization offer or provide services as our vendor;
  • When you apply for employment or other roles with the firm;
  • When you browse or interact with our website(s), use any of our online services; or
  • When you email us or provide such data to us in other circumstances, such as when you request details about or attend a firm-sponsored event, or when you engage with the alumni or careers portal.

Ordinarily, you will provide any such personal data to us directly. In some cases, we may collect data about you from your organization, public records or third parties, such as government or credit reporting agencies, or via service providers that we may engage as part of the work we perform for our clients.

Use of cookies and tracking technologies

For additional information about our use of cookies and tracking technologies to collect personal data, please see our Cookie Policy.

Do not track requests

We do not currently respond to do not track requests made through browser settings.

Personal data we collect and process

The personal information that we collect and process may include:

  • Basic information, such as your name, employer, professional role or title, and your relationships to other individuals;
  • Contact information, such as your physical address, email address and phone number(s);
  • Financial information, such as bank account details;
  • Technical information (including your IP address and usage data), such as information we collect automatically during visits to our website(s), use of applications or through materials and communications we send to you electronically;
  • Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements;
  • Identification and background information, such as passport, driver’s license, social security or other government identification numbers;
  • Biographical information, such as your education or professional qualifications;
  • Details of your visits to our offices and attendance of firm-sponsored events, and correspondence when you communicate with us;
  • Special categories of data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation trade union membership or health information—when it is necessary for a specific service we are providing or we have a legal obligation to process such information, or for other reasons that we may explain to you, as required under applicable law; and
  • Any other information that you provide to us.

How we use your personal data

Whether we receive your personal data directly from you or from a third party, we will only use your personal data in connection with our professional and business activities (including to meet our legal or regulatory obligations). These “Permitted Uses” may include:

  • Providing legal advice, representation or other services to our clients;
  • Managing our business relationship with you or your organization, including in connection with services that we provide to you;
  • Recruiting for roles with the firm;
  • Complying with legal, regulatory and professional obligations, including court orders and anti-money laundering and sanctions checks;
  • Managing and securing access to our offices and facilities, as well as our systems, online platforms and other technology;
  • Communicating with you with about legal and business developments, firm announcements and other news and events of interest to you, or to improve the quality of our communications and interaction with you;
  • Processing that is necessary for purposes of the legitimate interests of the firm or third parties (that is not overridden by the fundamental rights and freedoms, or other interests of relevant individuals); and
  • For any other purpose described at the time you provide us with personal data, or for other purposes that are compatible with the original purpose for which we collected your personal data, with your consent, or as otherwise described in this privacy notice.

How we share your personal data

If we process your personal data, it may be shared among the Shearman & Sterling offices in order to provide services to our clients or for our business operations. A list of our offices is available at https://www.shearman.com/contact-us.

We may disclose personal data to third parties in the course of representing our clients, for example (but not limited to) clients, other parties involved in client matters or those other parties’ counsel, courts, government agencies, industry regulators, vendors, service providers and consulting experts.

We may also disclose personal data to third parties in the course of administering, managing or developing our business and services, including managing our relationship with you and marketing our services to you.

Additionally, we may share personal data with third parties in the following circumstances:

  • To comply with our legal or professional obligations, a court order or other governmental or legally enforceable demand;
  • To establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims; or
  • In the event of any reorganization, merger or similar organizational event or transaction involving the firm.

When we share or transfer your personal data, we do this in accordance with applicable data protection laws and take appropriate safeguards to ensure its integrity and protection. 

International transfers, including from the EEA

We may need to transfer personal data to countries or jurisdictions that do not by law provide similar safeguards for personal data as your local jurisdiction. We will ensure that such international transfers are made in accordance with applicable legal requirements and subject to appropriate safeguards for the protection and integrity of the transferred personal data.

For transfers of personal data from the EEA to third countries, we will use standard contractual clauses adopted by the European Commission, or rely on the recipient's certification to the EU-US Privacy Shield (or Swiss-US Privacy Shield, if applicable) or other safeguards recognized by the European Commission. If you have any questions about or wish to obtain more information about international transfers of your personal data, please contact us at data.privacy@shearman.com.

No disclosures for others’ direct marketing or sale of data:

It is our policy not to provide your personal data to third parties for those third parties direct marketing purposes without your consent, and we do not sell personal data to third parties.

How long we retain your personal data

We will delete your personal data when it is no longer reasonably required for the Permitted Uses described above, or, where applicable, if you withdraw your consent, unless we are legally required or otherwise permitted to continue to hold such data. We may retain your personal data for an additional period if deletion would require us to overwrite our automated disaster recovery backup systems, or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.

Your rights regarding your personal data

You may have certain rights with respect to personal data we have collected about you. Individual rights concerning personal data vary by jurisdiction but may, for example, include rights to access, rectify or delete your personal data.

Rights of California residents

If you are a resident of California, please see our California Consumer Privacy Notice for information about your rights under the CCPA.

Rights under GDPR

Individuals in the EEA or otherwise subject to the GDPR have the following rights, subject to certain exceptions and conditions:

  • Right to access: You may obtain confirmation as to whether we process personal data about you, to receive a copy of your personal data and obtain certain other information about how and why we process your personal data. We may require you to prove your identity before providing the requested information. If you require multiple copies of your personal data, we may charge a reasonable administration fee.
  • Right to rectify: You may request that your personal data be amended or rectified where it is inaccurate and to have incomplete personal data completed.
  • Right to erasure: You may request deletion of your personal data, which is available under certain defined circumstances.
  • Rights to restrict or object to processing: You may request we restrict the processing of your personal data, or you may object to our processing of your personal data, each of which is available under certain defined circumstances.
  • Right to data portability: You may request to receive a copy of your personal data, that you provided to us, in a structured, commonly-used, machine-readable format, and you have the right to send the data to another organization (or ask us to do so if technically feasible) under certain defined circumstances
  • Right to withdraw consent: Where we process personal data based on your consent, you have a right to withdraw your consent at any time.
  • Right to complain to a supervisory authority: If you believe that the processing of your personal data violates the GDPR or applicable EU member state data protection law, you may lodge a complaint with a supervisory authority, in particular in the country where you normally reside or work, or in the place where the alleged violation occurred.

To exercise rights

All requests to exercise rights under applicable data protection law should be addressed to data.privacy@shearman.com.

Keeping your personal data secure

We will take appropriate technical and organizational measures against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data in accordance with our internal security procedures covering its storage, access and destruction. Personal data may be stored on our own technology systems or those of our vendors, or in paper files.

ADDITIONAL INFORMATION FOR PERSONS IN THE EU/EEA 

Shearman & Sterling acts as the controller with respect to personal data for the purposes of the GDPR and may be contacted at:

Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom

Alternatively, you may email us at data.privacy@shearman.com.

You may also contact our German data protection officer with any questions or concerns regarding the processing of personal data in Germany, either at the address above or by emailing data.privacy@shearman.com.

Legal grounds for processing

We rely on one or more of the following legal grounds available under GDPR to process your personal data:

  • Legitimate interests of the firm in providing information and legal services to you and the legitimate interests of our clients in receiving legal services from us (provided these are not overridden by your interests or your fundamental rights and freedoms);
  • Legitimate interests of the firm in the effective and lawful operation of our business, developing and improving our business and legal services (provided these are not overridden by your interests or your fundamental rights and freedoms);
  • Compliance with applicable law, or regulations or rules of any professional body of which we are a member; or
  • To perform our obligations under a contractual arrangement with you.

Processing based on your consent

Where no other legal ground is available, we may seek your consent to process your personal data. If you give consent, you may withdraw it at any time.

UPDATES TO THIS PRIVACY NOTICE 

We may update this privacy notice from time to time to reflect changes in legal requirements or our processing practices. Any such changes will be posted on this website, with the date at the top of the privacy notice providing the date it was last updated. Changes to this privacy notice will be effective upon posting.

HOW TO CONTACT US 

If you have any questions or comments about this privacy notice, or our collection and handling of your personal data, please email us at data.privacy@shearman.com, or you may write to us via postal mail at:

Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom