简介
Although we collect and use personal data in the same manner across our offices, our global presence means we are subject to a variety of data protection laws across the world.
In this section you will find jurisdiction-specific privacy notices, where local data protection laws require us to do something significantly different from the data handling practices described in this notice. This global notice applies to all other countries.
This section describes how we handle your personal data when you browse and interact with our websites, use any of our online services, or use our technology solutions.
When you browse and interact with our websites, or use any of our online services, we obtain your IP address from the operating systems and web browsers you use to get to them. We may use this personal data to compile statistical data on usage so that we can improve your user experience and develop our online services.
We use various technology solutions, such as information hubs, collaborative platforms and legal technology, to support our service delivery. If you use one of our technology solutions, we will create a user profile for you with the personal data you provide (e.g., your name and e-mail address). We use this user profile to administer and monitor access and usage. Where permitted, we also use your personal data to troubleshoot, develop and improve our technology solutions, and for business development.
Our websites often have links to third-party social media platforms that we use, such as LinkedIn, Facebook, Twitter and WeChat. This notice does not cover how your personal data is handled by these social media platforms because we are not responsible for how they handle your personal data. If you access a platform via one of the links on our websites, you will need to read their privacy notices to understand how they handle your personal data.
When you are using our website, online services, and technology solutions, we will handle your personal data where it is necessary. Ordinarily, this will be based on our legitimate interest to provide and operate our websites and technology solutions. There may be specific circumstances when we will ask for your consent beforehand.
We will also handle your personal data to comply with laws and regulations to which we are subject.
For information about our use of cookies, please see our Cookie Notice.
In this section we explain how we handle your personal data whilst providing services to our clients.
We will handle your personal data for the following purposes:
Whilst most of our clients are corporate entities, when we advise our clients, we do handle personal data about individuals. We are likely to handle your personal data if you are one of the following individuals:
The nature of the service we are providing will determine what personal data we handle. Ordinarily, this will be your name, job title, organization's name, and contact details. There may also be occasions when we will handle your special category personal data.
We will only handle your personal data whilst providing services to our clients where it is necessary. Ordinarily, this will be when entering into or performing a contract with our clients and complying with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.
We may also handle your personal data based on our legitimate interest (or that of our client) to provide our services to our clients, and there may be specific circumstances when we will ask for your consent beforehand.
In many cases, our clients or you will provide us with any personal data needed.
In some instances, we will collect your personal data from other sources, such as from court and public records or from third parties, such as government or credit reporting agencies, counterparties or via service providers that we may engage with as part of the work we perform for our clients.
If a client or you use one of our technology solutions, we will also collect your personal data via this source.
There may be situations where you provide us with the personal data of another individual. In these circumstances, you will need to ensure you comply with any legal obligations that may apply to you, including those that allow us to share the personal data, such as with our service providers.
There will be circumstances during the course of providing our legal services where we will share your personal data. Subject to confidentiality, this may be with:
There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.
We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.
In this section we describe our approach to handling your personal data when you or your organization offer or provide products or services to us.
We handle your personal data for the following purposes:
When you or your organization is offering or providing products or services to us, we will handle your personal data as one of their officers or personnel and ordinarily this will be your name, contact details, job title and your organization's name.
We will only handle your personal data where it is necessary whilst procuring and engaging with our service providers. Ordinarily, this will be when needed to enter into or perform a contract with our service providers, and to comply with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.
We may also handle your personal data based on our legitimate interest to provide and improve our services, and there may be specific circumstances when we will ask for your consent beforehand.
Usually, you or our service providers will provide us with the personal data we need and sometimes we collect this from a third-party source e.g., for sanctions checking purposes.
Where permitted, we will share your personal data with:
There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.
We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.
This section explains how we handle and protect your personal data when we promote our business and professional services, e.g., when we send you invitations, when you subscribe for newsletters and updates, and when you attend our seminars, webinars, and events.
We handle your personal data for the following purposes:
If you subscribe to our promotional services, we will handle your personal data. Ordinarily, this will be your name, job title, contact details and your organization's name. Most of our subscribers are clients, potential clients or their employees.
We will only handle your personal data where it is necessary whilst promoting our services. Ordinarily, this will be based on our legitimate interest to develop and improve our business activities and business relationships, and there may be specific circumstances when we will ask for your consent beforehand – this could include your consent to send you marketing communications or to handling personal data which may reveal special category data, e.g., if you visit our offices or attend our events, your personal data may include access or dietary requirements.
We may also handle your personal data to perform necessary preparatory steps before entering into a contract.
We will collect your personal data from you, our business contacts and our service providers, e.g., business marketing services and events organizers.
Where permitted, we will share your personal data with:
We will not sell your personal data.
There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.
We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.
To opt-out of receiving our marketing communications please click here, or follow the opt-out link on any marketing sent to you.
If you opt-out of receiving marketing communications from us it will not affect the way we handle your personal data for other purposes.
This section explains how we handle your personal data during our recruitment activities and processes, including when you attend recruitment events or apply for a role with us.
We regularly hold and attend various recruitment events to meet potential candidates.
We handle your personal data for the following purposes:
For recruitment events, we will handle your personal data if you are an attendee or potential candidate. Ordinarily, this will be your name and contact details; there may be circumstances where you provide us with your biographical information e.g., your educational history, professional qualifications and bar admissions.
We will only handle your personal data for recruitment events where it is necessary. Ordinarily, this will be based on our legitimate interest to search, find and recruit prospective employees. There may be specific circumstances when we will ask for your consent beforehand - this could include your consent to handling personal data which may reveal special category data, e.g., if you visit our offices or attend our events, your personal data may include access or dietary requirements.
We collect personal data from you when you register or apply to join an event and when you attend.
Where permitted, we will share your personal data with:
There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.
We keep most personal data where there is a legitimate reason or legal basis to do so.
Once we no longer have a legitimate reason or legal basis to keep your personal data, we have policies in place to delete it securely or anonymize it.
You can choose what personal data to provide us. However, without your contact details we will not be able to communicate with you in relation to recruitment events.
We have two stages to our recruitment process and how we handle your personal data differs between the two:
We handle your personal data for the following purposes during our recruitment process:
If your application is successful, the information you provide us with during the recruitment process will also be handled during the course of your employment, for which we will provide you with our internal data privacy notice.
We handle the personal data of applicants, candidates and referees during our recruitment process.
Where permitted, the type of personal data we will handle is:
the application stage –
the onboarding stage –
We will handle your personal data during the recruitment process where it is necessary. Ordinarily, this will be based on our legitimate interest to operate our business and recruit individuals, and there may be specific circumstances when we will ask for your consent beforehand – this could be during our onboarding stage, which may include handling your special category personal data.
We will also handle your personal data when needed to enter into an employment contract with you, and to comply with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.
Initially, you will provide us with the personal data we need. We will also collect from third-party sources, e.g., during the application stage, from recruitment providers and professional career networks; and during the onboarding stage, from sources you tell us about, such as previous employers, academic institutes, and professional bodies.
Where permitted we will share your personal data with:
There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.
You can choose what personal data to provide us. However, without your personal data we will not be able to process your application.
We keep most personal data where there is a legitimate reason or legal basis to do so. Ordinarily, this will be for no longer than two years from the date of your application and we may keep it for longer with your consent.
If your application is successful, we will keep your personal data, collected throughout the recruitment process, in accordance with our internal data privacy notice.
Once we no longer have a legitimate reason or legal basis to keep your personal data, we will delete it securely or anonymize it.
When you apply to join our partnership, we will handle your personal data during that process.
Our Partnership Onboarding Program consists of:
We handle your personal data for the following purposes during our Lateral Partnership Onboarding Program:
If your application is successful, the information you provide us with during the onboarding process will also be handled during the course of your partnership, for which we will provide you with our internal data privacy notice.
Ordinarily, we handle the personal data of potential partners and referees during our onboarding process. The type of personal data we handle is your:
We will only handle your personal data during your partnership application where it is necessary. Ordinarily, this will be based on our legitimate interest to operate our business and recruit individuals, and there may be specific circumstances when we will ask for your consent beforehand – this could be during our onboarding stage which may include handling your special category personal data.
We will also handle your personal data when needed to enter into a contract with you, and to comply with laws and regulations to which we are subject, including for anti-money laundering and sanctions compliance checks.
Initially, you will provide us with the personal data we need. We will also collect from third-party sources e.g., during the application stage, from recruitment providers and professional career networks; and during the onboarding process from sources you tell us about, such as previous employers, academic institutes, and professional bodies.
Where permitted we will share your personal data with:
There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.
We retain most personal data for as long as there is a legitimate reason or legal basis to do so. Ordinarily, this means we will keep your partnership application for up to two years after your application and if you application is successful, we will retain the personal data we collect during the recruitment process in accordance with our internal data privacy notice.
Once we no longer have a legitimate reason or legal basis to keep your personal data, we will delete it securely or anonymize it.
You can choose what personal data to provide us. However, without your personal details it will not be possible to complete the onboarding process or progress your candidacy with us.
This section explains how when handle your personal data if you join our alumni network.
If you are a former employee or partner who has joined our alumni network, we will handle your personal data during the administration of the program and for the purpose of keeping in touch with you.
Ordinarily, we will collect your name, contact details and your role at Shearman & Sterling.
If you visit our offices or attend our events, your personal data may include access or dietary requirements which may reveal information about your health or religious beliefs.
We will only handle your personal data in the context of our alumni program where it is necessary. Ordinarily, this will be based on our legitimate interest to develop and maintain our business network, and there may be circumstances when we will ask for your consent beforehand.
Your personal data will also be processed by us to comply with laws and regulations to which we are subject.
You will provide us with the information we need when joining our alumni network.
We will share personal data between our offices and entities, and with our service providers, e.g., event organizers.
There are circumstances where we will need to transfer your personal data out of the country from which it was provided to us. These international transfers will be made in accordance with applicable data protection laws and safeguards.
We retain most personal data for as long as there is a legitimate reason or legal basis to keep it, after which we will delete your personal data securely or anonymize it.
You have rights under applicable data protection law which allow you to exercise control over your personal data and how we handle it.
This section applies where your personal data is handled subject to either the EU and UK data protection law (the General Data Protection Regulation (EU) 2016/679 and as incorporated into UK law by the Data Protection Act 2018), or data protection laws that offer equivalent rights.
Where these rights do not apply to you, you may have rights under different data protection laws. For information about your rights in some of these jurisdictions please refer to Jurisdiction-specific notices and statements.
If you wish to exercise your rights, please refer to Contacting us.
To ensure we protect your rights and privacy, we may request proof of your identity and if you require multiple copies of your personal data, we may charge a reasonable administration fee.
You have the following rights in relation to how we handle your personal data, some of which are subject to exceptions and conditions.
Information: You have the right to be informed about the collection and use of your personal data.
Access: You have a right to access and receive a copy of the personal data we hold about you.
Rectify: If your personal data is inaccurate or incomplete, you are entitled to have your personal data corrected.
Erasure: You have the right to ask us to delete and stop handling your personal data where we no longer need it or where you withdraw your consent.
Restriction or objection: You have a right to restrict and object to the processing of your personal data.
Portability: You have a right to request a copy of your personal data in a structured, commonly used, machine-readable format. Where technically feasible, we can send a copy of your personal data to another IT environment at your request.
Rights to automated decision making and profiling: Where a decision is automated and significantly affects you, you have the right to challenge it or ask for a person to review the automated decision.
Withdrawal of consent: We will ask for your consent to handle your personal data for specific purposes which you can withdraw at any time.
Complaint: You can make a complaint to us or to the relevant data protection authority.
We take appropriate technical and organizational measures against unauthorized or unlawful handling of personal data and against accidental loss or destruction of, or damage to, personal data.
We have internal security procedures to protect the storage, access and destruction of personal data stored on our own technology systems or those of our service providers, or in paper files. Our information security management systems are certified to the ISO27001 security standard for best practice in information security and information risk management. Our privacy information management systems are certified to the ISO 27701 standard for best practice in privacy information management.
If you have a question or request, you can contact our Data Privacy Team by email or post.
Our email address:
Please email data.privacy@shearman.com.
Our postal address:
Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom
We regularly review this notice and may update it from time to time to reflect changes in legal requirements and how we handle your personal data. We will post these changes on this page and update the date at the top of the notice.