Although we collect and use personal data in the same manner across our offices, our global presence means we are subject to a variety of data protection laws across the world.

In this section you will find jurisdiction-specific privacy notices, where local data protection laws require us to do something significantly different from the data handling practices described in this notice. This global notice applies to all other countries.

California

• For additional information about our privacy practices under the California Consumer Privacy Act (CCPA), please see our California Consumer Privacy Notice.

China

• For additional information about our privacy practices under Personal Information Protection Law (PIPL), please see our mainland China Privacy Notice.

This section describes how we handle your personal data when you browse and interact with our websites, use any of our online services, or use our technology solutions.

Websites and online services

When you browse and interact with our websites, or use any of our online services, we obtain your IP address from the operating systems and web browsers you use to get to them. We may use this personal data to compile statistical data on usage so that we can improve your user experience and develop our online services.

Technology solutions

We use various technology solutions, such as information hubs, collaborative platforms and legal technology, to support our service delivery. If you use one of our technology solutions, we will create a user profile for you with the personal data you provide (e.g., your name and e-mail address). We use this user profile to administer and monitor access and usage. Where permitted, we also use your personal data to troubleshoot, develop and improve our technology solutions, and for business development.

Social platforms

Our websites often have links to third-party social media platforms that we use, such as LinkedIn, Facebook, Twitter and WeChat. This notice does not cover how your personal data is handled by these social media platforms because we are not responsible for how they handle your personal data. If you access a platform via one of the links on our websites, you will need to read their privacy notices to understand how they handle your personal data.

Legal basis and legitimate interests for handling your personal data

When you are using our website, online services, and technology solutions, we will handle your personal data where it is necessary. Ordinarily, this will be based on our legitimate interest to provide and operate our websites and technology solutions. There may be specific circumstances when we will ask for your consent beforehand.

We will also handle your personal data to comply with laws and regulations to which we are subject.

Cookies

For information about our use of cookies, please see our Cookie Notice.

In this section we explain how we handle your personal data whilst providing services to our clients.

Purposes

We will handle your personal data for the following purposes:

• providing our services, e.g., giving legal advice and representing our clients, including complying with disclosure obligations and court orders
• managing our business activities, e.g., client onboarding, billing and administration
• complying with laws, regulatory obligations and the rules of any professional body of which we are a member e.g., the requirement for conflicts, sanctions and anti-money laundering checks.

Whose personal data and what categories

Whilst most of our clients are corporate entities, when we advise our clients, we do handle personal data about individuals. We are likely to handle your personal data if you are one of the following individuals:

• a private client or a client's officer, personnel, shareholder, customer or service provider
• a counterparty to our clients, including an officer, personnel, or adviser to them
• an adviser, consultant or party associated with the matter on which we are advising, including an officer, or personnel to them
• a third-party involved in the matter, such as a court official or witness.

The nature of the service we are providing will determine what personal data we handle. Ordinarily, this will be your name, job title, organization's name, and contact details. There may also be occasions when we will handle your special category personal data.

Legal basis and legitimate interests for handling your personal data

We will only handle your personal data whilst providing services to our clients where it is necessary. Ordinarily, this will be when entering into or performing a contract with our clients and complying with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.

We may also handle your personal data based on our legitimate interest (or that of our client) to provide our services to our clients, and there may be specific circumstances when we will ask for your consent beforehand.

Sources of personal data

In many cases, our clients or you will provide us with any personal data needed.

In some instances, we will collect your personal data from other sources, such as from court and public records or from third parties, such as government or credit reporting agencies, counterparties or via service providers that we may engage with as part of the work we perform for our clients.

If a client or you use one of our technology solutions, we will also collect your personal data via this source.

There may be situations where you provide us with the personal data of another individual. In these circumstances, you will need to ensure you comply with any legal obligations that may apply to you, including those that allow us to share the personal data, such as with our service providers.

Recipients

There will be circumstances during the course of providing our legal services where we will share your personal data. Subject to confidentiality, this may be with:

• Shearman & Sterling offices and entities
• other professional advisers working with us, e.g., law firms, mediators, consultants and third-party experts
• other parties involved in a client's matter and their counsel, vendors, service providers and consulting experts
• courts, regulators and government officials
• service providers supporting us with providing our legal services, IT systems or supporting the administration of our business operations
• our professional advisers and insurers.

Transfer of personal data to third countries or international organizations

There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.

Retention period

We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.

In this section we describe our approach to handling your personal data when you or your organization offer or provide products or services to us.

Purposes

We handle your personal data for the following purposes:

• assessing potential service providers and negotiating contractual terms
• managing operational activities, such as billing and administration
• complying with applicable laws and regulatory obligations e.g., sanctions checks.

Whose personal data and what categories

When you or your organization is offering or providing products or services to us, we will handle your personal data as one of their officers or personnel and ordinarily this will be your name, contact details, job title and your organization's name.

Legal basis and legitimate interests for the processing

We will only handle your personal data where it is necessary whilst procuring and engaging with our service providers. Ordinarily, this will be when needed to enter into or perform a contract with our service providers, and to comply with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.

We may also handle your personal data based on our legitimate interest to provide and improve our services, and there may be specific circumstances when we will ask for your consent beforehand.

Sources of personal data

Usually, you or our service providers will provide us with the personal data we need and sometimes we collect this from a third-party source e.g., for sanctions checking purposes.

Recipients

Where permitted, we will share your personal data with:

• Shearman & Sterling offices and entities
• other service providers, supporting us with providing our services e.g., IT systems providers or providers supporting the administration of our business operations
• our professional advisers and insurers.

Transfer of personal data to third countries or international organizations

There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.

Retention period

We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.

This section explains how we handle and protect your personal data when we promote our business and professional services, e.g., when we send you invitations, when you subscribe for newsletters and updates, and when you attend our seminars, webinars, and events.

Purposes

We handle your personal data for the following purposes:

• developing our relationship with you
• marketing our legal services to you.

Whose personal data and what categories

If you subscribe to our promotional services, we will handle your personal data. Ordinarily, this will be your name, job title, contact details and your organization's name. Most of our subscribers are clients, potential clients or their employees.

Legal basis for the processing and legitimate interests for the processing

We will only handle your personal data where it is necessary whilst promoting our services. Ordinarily, this will be based on our legitimate interest to develop and improve our business activities and business relationships, and there may be specific circumstances when we will ask for your consent beforehand – this could include your consent to handling personal data which may reveal special category data, e.g., if you visit our offices or attend our events, your personal data may include access or dietary requirements.

We may also handle your personal data to perform necessary preparatory steps before entering into a contract.

Sources of personal data

We will collect your personal data from you, our business contacts and our service providers, e.g., business marketing services and events organizers.

Recipients

Where permitted, we will share your personal data with:

• Shearman & Sterling offices and entities
• our service providers e.g., tech support, events, organizers and marketing service providers
• co-hosts of promotional events.

We will not sell your personal data.

Transfer of personal data to third countries or international organizations

There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.

Retention period

We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.

Marketing opt-out

To opt-out of receiving our marketing communications please click here, or follow the opt-out link on any marketing sent to you.

If you opt-out of receiving marketing communications from us it will not affect the way we handle your personal data for other purposes.

This section explains how we handle your personal data during our recruitment activities and processes, including when you attend recruitment events or apply for a role with us.

Recruitment events

We regularly hold and attend various recruitment events to meet potential candidates.

Purposes

We handle your personal data for the following purposes:

• to manage event administration, including preparation and participation at events
• to select, assess and contact you during and after events.

Whose personal data and what categories

For recruitment events, we will handle your personal data if you are an attendee or potential candidate. Ordinarily, this will be your name and contact details; there may be circumstances where you provide us with your biographical information e.g., your educational history, professional qualifications and bar admissions.

Legal basis for the processing and legitimate interests for the processing

We will only handle your personal data for recruitment events where it is necessary. Ordinarily, this will be based on our legitimate interest to search, find and recruit prospective employees. There may be specific circumstances when we will ask for your consent beforehand - this could include your consent to handling personal data which may reveal special category data, e.g., if you visit our offices or attend our events, your personal data may include access or dietary requirements.

Sources of personal data

We collect personal data from you when you register or apply to join an event and when you attend.

Recipients

Where permitted, we will share your personal data with:

• Shearman & Sterling offices and entities
• our service providers, facility providers and event organizers.

Transfer of personal data to third countries or international organizations

There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.

Retention period

We keep most personal data where there is a legitimate reason or legal basis to do so.

Once we no longer have a legitimate reason or legal basis to keep your personal data, we have policies in place to delete it securely or anonymize it.

Consequences of not providing the information

You can choose what personal data to provide us. However, without your contact details we will not be able to communicate with you in relation to recruitment events.

Recruitment process

We have two stages to our recruitment process and how we handle your personal data differs between the two:

• the application stage – where you apply, and we consider your application
• the onboarding stage – where, if your application is successful, any permitted pre-employment vetting is carried out before joining us.

Purposes

We handle your personal data for the following purposes during our recruitment process:

• the application stage – to manage the application processes, including recruitment administration, and assessing your suitability for the role you applied for
• the onboarding stage – to carry out any permitted onboarding checks and administration.

If your application is successful, the information you provide us with during the recruitment process will also be handled during the course of your employment, for which we will provide you with our internal data privacy notice.

Whose personal data and what categories

We handle the personal data of applicants, candidates and referees during our recruitment process.

Where permitted, the type of personal data we will handle is:

the application stage –

• your name and contact details
• your biographical information e.g., your educational background, professional qualifications and bar admissions.

the onboarding stage –

• your identification information e.g., social security or other applicable governmental identification numbers
• your financial information e.g., payment related information
• sensitive 'special category' personal data, which could reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation and health information
• your personal data relating to criminal convictions and offences
• the name and contact details of other individuals, e.g., your next of kin, or referees for references - it is important you tell these individuals you are sharing their personal data and obtain any necessary consents.

Legal basis for the processing and legitimate interests for the processing

We will handle your personal data during the recruitment process where it is necessary. Ordinarily, this will be based on our legitimate interest to operate our business and recruit individuals, and there may be specific circumstances when we will ask for your consent beforehand – this could be during our onboarding stage, which may include handling your special category personal data.

We will also handle your personal data when needed to enter into an employment contract with you, and to comply with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.

Sources of personal data

Initially, you will provide us with the personal data we need. We will also collect from third-party sources, e.g., during the application stage, from recruitment providers and professional career networks; and during the onboarding stage, from sources you tell us about, such as previous employers, academic institutes, and professional bodies.

Recipients

Where permitted we will share your personal data with:

• Shearman & Sterling offices and entities
• our service providers
• third-party sources provided by you during the application process, e.g., referees.

Transfer of personal data to third countries or international organizations

There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.

Consequences of not providing the information

You can choose what personal data to provide us. However, without your personal data we will not be able to process your application.

Retention period

We keep most personal data where there is a legitimate reason or legal basis to do so. Ordinarily, this will be for no longer than two years from the date of your application and we may keep it for longer with your consent.

If your application is successful, we will keep your personal data, collected throughout the recruitment process, in accordance with our internal data privacy notice.

Once we no longer have a legitimate reason or legal basis to keep your personal data, we will delete it securely or anonymize it.

Lateral Partnership Onboarding Program

When you apply to join our partnership, we will handle your personal data during that process.

Our Partnership Onboarding Program consists of:

• the application stage – where we consider your partnership application
• the onboarding stage – where, if your application is successful, pre-partnership vetting is carried out before joining us.

Purposes

We handle your personal data for the following purposes during our Lateral Partnership Onboarding Program:

• the application stage – for managing the administration of your partnership application and assessing your suitability
• the onboarding stage – for managing the onboarding administration, assessing your suitability for partnership, and conducting permitted onboarding checks.

If your application is successful, the information you provide us with during the onboarding process will also be handled during the course of your partnership, for which we will provide you with our internal data privacy notice.

Categories of personal data and data subjects

Ordinarily, we handle the personal data of potential partners and referees during our onboarding process. The type of personal data we handle is your:

• contact details
• identification information e.g., social security or other applicable governmental identification numbers
• biographical information e.g., your educational background, professional qualifications, bar admissions
• financial information e.g., payment related information
• sensitive 'special category' personal data which may reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation and health information
• your personal data relating to criminal convictions and offences.

Legal basis for the processing and legitimate interests for the processing

We will only handle your personal data during your partnership application where it is necessary. Ordinarily, this will be based on our legitimate interest to operate our business and recruit individuals, and there may be specific circumstances when we will ask for your consent beforehand – this could be during our onboarding stage which may include handling your special category personal data.
We will also handle your personal data when needed to enter into a contract with you, and to comply with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.

Sources of personal data

Initially, you will provide us with the personal data we need. We will also collect from third-party sources e.g., during the application stage, from recruitment providers and professional career networks; and during the onboarding process from sources you tell us about, such as previous employers, academic institutes, and professional bodies.

Recipients

Where permitted we will share your personal data with:

• Shearman & Sterling offices and entities
• our service providers
• third-party sources you provide to us e.g., referees.

Transfer of personal data to third countries or international organizations

There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.

Retention period

We retain most personal data for as long as there is a legitimate reason or legal basis to do so. Ordinarily, this means we will keep your partnership application for up to two years after your application and if you application is successful, we will retain the personal data we collect during the recruitment process in accordance with our internal data privacy notice.

Once we no longer have a legitimate reason or legal basis to keep your personal data, we will delete it securely or anonymize it.

Consequences of not providing the information

You can choose what personal data to provide us. However, without your personal details it will not be possible to complete the onboarding process or progress your candidacy with us.

This section explains how when handle your personal data if you join our alumni network.

Purposes

If you are a former employee or partner who has joined our alumni network, we will handle your personal data during the administration of the program and for the purpose of keeping in touch with you.

Categories of personal data and data subjects

Ordinarily, we will collect your name, contact details and your role at Shearman & Sterling.

If you visit our offices or attend our events, your personal data may include access or dietary requirements which may reveal information about your health or religious beliefs.

Legal basis for the processing and legitimate interests for the processing

We will only handle your personal data in the context of our alumni program where it is necessary. Ordinarily, this will be based on our legitimate interest to develop and maintain our business network, and there may be circumstances when we will ask for your consent beforehand.

Your personal data will also be processed by us to comply with laws and regulations to which we are subject.

Sources of personal data

You will provide us with the information we need when joining our alumni network.

Recipients

We will share personal data between our offices and entities, and with our service providers, e.g., event organizers.

Transfer of personal data to third countries or international organizations

There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.

Retention period

We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.

You have rights under applicable data protection law which allow you to exercise control over your personal data and how we handle it.

This section applies where your personal data is handled subject to either the EU and UK data protection law (the General Data Protection Regulation (EU) 2016/679 and as incorporated into UK law by the Data Protection Act 2018), or data protection laws that offer equivalent rights.

Where these rights do not apply to you, you may have rights under different data protection laws. For information about your rights in some of these jurisdictions please refer to Jurisdiction-specific notices and statements.

If you wish to exercise your rights, please refer to Contacting us.

To ensure we protect your rights and privacy, we may request proof of your identity and if you require multiple copies of your personal data, we may charge a reasonable administration fee.

EU and UK rights

You have the following rights in relation to how we handle your personal data, some of which are subject to exceptions and conditions.

Information: You have the right to be informed about the collection and use of your personal data.

Access: You have a right to access and receive a copy of the personal data we hold about you.

Rectify: If your personal data is inaccurate or incomplete, you are entitled to have your personal data corrected.

Erasure: You have the right to ask us to delete and stop handling your personal data where we no longer need it or where you withdraw your consent.

Restriction or objection: You have a right to restrict and object to the processing of your personal data.

Portability: You have a right to request a copy of your personal data in a structured, commonly used, machine-readable format. Where technically feasible, we can send a copy of your personal data to another IT environment at your request.

Rights to automated decision making and profiling: Where a decision is automated and significantly affects you, you have the right to challenge it or ask for a person to review the automated decision.

Withdrawal of consent: We will ask for your consent to handle your personal data for specific purposes which you can withdraw at any time.

Complaint: You can make a complaint to us or to the relevant data protection authority.

We take appropriate technical and organizational measures against unauthorized or unlawful handling of personal data and against accidental loss or destruction of, or damage to, personal data.

We have internal security procedures to protect the storage, access and destruction of personal data stored on our own technology systems or those of our service providers, or in paper files. Our information security management systems are certified to the ISO27001 security standard for best practice in information security and information risk management. Our privacy information management systems are certified to the ISO 27701 standard for best practice in privacy information management.

If you have a question or request, you can contact our Data Privacy Team by email or post.

Our email address:

Please email data.privacy@shearman.com.

Our postal address:
Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom

In Germany, please contact our Data Protection Officer by email: data.privacy@shearman.com or by post to the postal address above.

We regularly review this notice and may update it from time to time to reflect changes in legal requirements and how we handle your personal data.  We will post these changes on this page and update the date at the top of the notice.