Shearman And Sterling

privacy, data protection, privacy notice

Privacy Notice

Last updated: September 2021

Shearman & Sterling is strongly committed to protecting personal data. This privacy notice describes why and how we collect and use personal data and provides information about rights individuals may have in relation to personal data. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy notice or as otherwise stated at the point of collection.

Shearman & Sterling LLP is a limited liability partnership organized under the laws of the state of Delaware. References in this notice to “Shearman & Sterling”, the “Firm”, “we” and “us” are references to Shearman & Sterling LLP and our affiliated entities, including Shearman & Sterling (London) LLP, a limited liability partnership through which we practice in the United Kingdom, and Shearman & Sterling, a partnership through which we practice in Hong Kong. Shearman & Sterling LLP also practices in Saudi Arabia in association with a Saudi firm, Dr. Sultan Almasoud & Partners, and in Italy in association with Studio Legale Associato Shearman & Sterling LLP.

At Shearman & Sterling, we collect and use personal data in the same manner across our offices and affiliated entities, as described in this privacy notice. We also adhere to local additional requirements, where applicable.

What is personal data?

As used in this notice, “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a natural person.

Information for European residents and persons subject to GDPR

Information for individuals in the United Kingdom (UK), European Union (EU) or European Economic Area (EEA), or that are otherwise subject to the General Data Protection Regulation (EU) 2016/679 (GDPR), is provided throughout this privacy notice, including where specifically noted. Please also see the section below titled Additional Information for Persons in the UK/EU/EE.A

Information for California residents

For information about our privacy practices that is required under the California Consumer Privacy Act (CCPA), please see our California Consumer Privacy Notice.

Information about our use of cookies

For information about our use of cookies and tracking technologies our website(s), please see our Cookie Notice.


How we obtain personal data

As a law firm, we regularly receive personal data in the course of professional activities. We may collect personal data:

  • As part of our business intake procedures;
  • When you or your organization seek legal advice or representation from us;
  • In the course of representing and counseling our clients;
  • When you or your organization offer or provide services as our vendor;
  • When you apply for employment or other roles with the firm;
  • When you browse or interact with our website(s), use any of our online services; or
  • When you email us or provide such data to us in other circumstances, such as when you request details about or attend a firm-sponsored event, or when you engage with the alumni or careers portal.

Ordinarily, you will provide any such personal data to us directly. In some cases, we may collect data about you from your organization, public records or third parties, such as government or credit reporting agencies, or via service providers that we may engage as part of the work we perform for our clients.

Use of cookies and tracking technologies

For additional information about our use of cookies and tracking technologies to collect personal data, please see our Cookie Notice.

Do not track requests

We do not currently respond to do not track requests made through browser settings.

Personal data we collect and process

The personal information that we collect and process may include:

  • Basic information, such as your name, company or organization, professional role or title, and your relationships to other individuals;
  • Contact information, such as your physical address, email address and phone number(s);
  • Technical information (including your IP address and usage data), such as information we collect automatically during visits to our website(s), use of applications or through materials and communications we send to you electronically;
  • Biographical information, such as your education or professional qualifications or otherwise related to your occupation, company or organization;
  • Details of your visits to our offices and attendance of firm-sponsored events, and
  • Content, such as correspondence when you communicate with us;
  • Health information, such as accessibility requirements and dietary restrictions;
  • Financial information, such as payment related information;
  • Identification and background information, such as passport, driver’s license, social security or other government identification numbers, as well as your account username and password if you register with our website or other digital services;
  • Demographic information, which may include sensitive or special categories of data, such as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership or health information;
  • Geographical information, such as your city, state, province and country;
  • Audio & visual information, such as your voice and likeness captured in photographs, video, or audio recordings;
  • Preferences, such as your stated interests or how frequently you wish to receive communications from us; and
  • Any other information that you provide to us.

How we use your personal data

Whether we receive your personal data directly from you or from a third party, we will only use your personal data in connection with our professional and business activities (including to meet our legal or regulatory obligations). These “Permitted Uses” may include:

  • Responding to your enquiries and communications;
  • Providing legal advice, representation or other services to our clients;
  • Managing our business relationship with you or your organization, including in connection with services that we provide to you;
  • Recruiting for roles with the firm;
  • Complying with legal, regulatory and professional obligations, including court orders and anti-money laundering and sanctions checks, and responding to legal, regulatory, professional and government bodies;
  • Managing and securing access to our offices and facilities, as well as our systems, online platforms and other technology;
  • Communicating with you with about legal and business developments, firm announcements and other news and events of interest to you, or to improve the quality and relevance of our communications and interaction with you;
  • For our business purposes, including internal administration, data analysis, billing, detecting and preventing fraud, illegal activities and intellectual property infringement;
  • Other processing that is necessary for purposes of the legitimate interests of the firm or third parties (that is not overridden by the fundamental rights and freedoms, or other interests of relevant individuals); and
  • For any other purpose described at the time you provide us with personal data, or for other purposes that are compatible with the original purpose for which we collected your personal data, with your consent, or as otherwise described in this privacy notice.

How we share your personal data

If we process your personal data, it may be shared among the Shearman & Sterling offices in order to provide services to our clients or for our business operations. View a list of our offices.

We may disclose personal data to third parties in the course of representing our clients, for example (but not limited to) clients, other parties involved in client matters or those other parties’ counsel, courts, government agencies, industry regulators, vendors, service providers and consulting experts.

We may also disclose personal data to third parties in the course of administering, managing or developing our business and services, including managing our relationship with you and marketing our services to you.

Additionally, we may share personal data with third parties in the following circumstances:

  • To comply with our legal or professional obligations, a court order or other governmental or legally enforceable demand;
  • To establish or protect our legal rights, property or safety, or the rights, property or safety of others, or to defend against legal claims; or
  • In the event of any reorganization, merger or similar organizational event or transaction involving the firm.

When we share or transfer your personal data, we do this in accordance with applicable data protection laws and take appropriate safeguards to ensure its integrity and protection. 

International transfers, including from the UK and the EEA

We transfer personal data to countries or jurisdictions that do not by law provide similar safeguards for personal data as your local jurisdiction. We will ensure that such international transfers are made in accordance with applicable legal requirements and subject to appropriate safeguards for the protection and integrity of the transferred personal data.

For transfers of personal data from the UK or the EEA to third countries, we will use standard contractual clauses adopted by the European Commission or under UK law, or other safeguards recognized by applicable law. If you have any questions about or wish to obtain more information about international transfers of your personal data, please contact us at

No disclosures for others’ direct marketing or sale of data:

It is our policy not to provide your personal data to third parties for those third parties direct marketing purposes without your consent, and we do not sell personal data to third parties.

How long we retain your personal data

We will delete your personal data when it is no longer reasonably required for the Permitted Uses described above, or, where applicable, if you withdraw your consent, unless we are legally required or otherwise permitted to continue to hold such data. We may retain your personal data for an additional period if deletion would require us to overwrite our automated disaster recovery backup systems, or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.

Your rights regarding your personal data

You may have certain rights with respect to personal data we have collected about you. Individual rights concerning personal data vary by jurisdiction but may, for example, include rights to access, rectify or delete your personal data.

Rights of California residents

If you are a resident of California, please see our California Consumer Privacy Notice for information about your rights under the CCPA.

Rights under GDPR

Individuals in the UK, EEA or whose personal data is otherwise subject to the GDPR have the following rights, subject to certain exceptions and conditions:

  • Right to access: You may obtain confirmation as to whether we process personal data about you, to receive a copy of your personal data and obtain certain other information about how and why we process your personal data. We may require you to prove your identity before providing the requested information. If you require multiple copies of your personal data, we may charge a reasonable administration fee.
  • Right to rectify: You may request that your personal data be amended or rectified where it is inaccurate and to have incomplete personal data completed.
  • Right to erasure: You may request deletion of your personal data, which is available under certain defined circumstances.
  • Rights to restrict or object to processing: You may request we restrict the processing of your personal data, or you may object to our processing of your personal data, each of which is available under certain defined circumstances.
  • Right to data portability: You may request to receive a copy of your personal data, that you provided to us, in a structured, commonly-used, machine-readable format, and you have the right to send the data to another organization (or ask us to do so if technically feasible) under certain defined circumstances.
  • Right to withdraw consent: Where we process personal data based on your consent, you have a right to withdraw your consent at any time.
  • Right to complain to a supervisory authority: If you believe that the processing of your personal data violates the GDPR or applicable EU member state or UK data protection law, you may lodge a complaint with a supervisory authority, in particular in the country where you normally reside or work, or in the place where the alleged violation occurred.

To exercise rights

All requests to exercise rights under applicable data protection law should be addressed to

Keeping your personal data secure

We will take appropriate technical and organizational measures against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data in accordance with our internal security procedures covering its storage, access and destruction. Personal data may be stored on our own technology systems or those of our vendors, or in paper files.


Shearman & Sterling acts as the controller with respect to personal data for the purposes of the GDPR and may be contacted at:

Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom

Alternatively, you may email us at

You may also contact our German data protection officer with any questions or concerns regarding the processing of personal data in Germany, either at the address above or by emailing

Legal grounds for processing

We rely on one or more of the following legal grounds available under GDPR to process your personal data:

  • Legitimate interests of the firm in providing information and legal services to you and the legitimate interests of our clients in receiving legal services from us (provided these are not overridden by your interests or your fundamental rights and freedoms);
  • Legitimate interests of the firm in the effective and lawful operation of our business, developing and improving our business and legal services (provided these are not overridden by your interests or your fundamental rights and freedoms);
  • Compliance with applicable law, or regulations or rules of any professional body of which we are a member; or
  • To perform our obligations under a contractual arrangement with you.

Processing based on your consent

Where no other legal ground is available or we are required to, we may seek your consent to process your personal data for specified purposes. If you give consent, you may withdraw it at any time.


We may update this privacy notice from time to time to reflect changes in legal requirements or our processing practices. Any such changes will be posted on this website, with the date at the top of the privacy notice providing the date it was last updated. Changes to this privacy notice will be effective upon posting.


If you have any questions or comments about this privacy notice, or our collection and handling of your personal data, please email us at, or you may write to us via postal mail at:

Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom