简介
As a law firm, we regularly receive personal data in the course of professional activities. We may collect personal data:
Ordinarily, you will provide any such personal data to us directly. In some cases, we may collect data about you from your organization, public records or third parties, such as government or credit reporting agencies, or via service providers that we may engage as part of the work we perform for our clients.
For additional information about our use of cookies and tracking technologies to collect personal data, please see our Cookie Notice.
We do not currently respond to “do not track” requests made through browser settings.
The personal information that we collect and process may include:
Whether we receive your personal data directly from you or from a third party, we will only use your personal data in connection with our professional and business activities (including to meet our legal or regulatory obligations). These “Permitted Uses” may include:
If we process your personal data, it may be shared among the Shearman & Sterling offices in order to provide services to our clients or for our business operations. View a list of our offices.
We may disclose personal data to third parties in the course of representing our clients, for example (but not limited to) clients, other parties involved in client matters or those other parties’ counsel, courts, government agencies, industry regulators, vendors, service providers and consulting experts.
We may also disclose personal data to third parties in the course of administering, managing or developing our business and services, including managing our relationship with you and marketing our services to you.
Additionally, we may share personal data with third parties in the following circumstances:
When we share or transfer your personal data, we do this in accordance with applicable data protection laws and take appropriate safeguards to ensure its integrity and protection.
We transfer personal data to countries or jurisdictions that do not by law provide similar safeguards for personal data as your local jurisdiction. We will ensure that such international transfers are made in accordance with applicable legal requirements and subject to appropriate safeguards for the protection and integrity of the transferred personal data.
For transfers of personal data from the UK or the EEA to third countries, we will use standard contractual clauses adopted by the European Commission or under UK law, or other safeguards recognized by applicable law. If you have any questions about or wish to obtain more information about international transfers of your personal data, please contact us at data.privacy@shearman.com.
It is our policy not to provide your personal data to third parties for those third parties’ direct marketing purposes without your consent, and we do not sell personal data to third parties.
We will delete your personal data when it is no longer reasonably required for the Permitted Uses described above, or, where applicable, if you withdraw your consent, unless we are legally required or otherwise permitted to continue to hold such data. We may retain your personal data for an additional period if deletion would require us to overwrite our automated disaster recovery backup systems, or to the extent we deem it necessary to assert or defend legal claims during any relevant retention period.
You may have certain rights with respect to personal data we have collected about you. Individual rights concerning personal data vary by jurisdiction but may, for example, include rights to access, rectify or delete your personal data.
If you are a resident of California, please see our California Consumer Privacy Notice for information about your rights under the CCPA.
Individuals in the UK, EEA or whose personal data is otherwise subject to the GDPR have the following rights, subject to certain exceptions and conditions:
All requests to exercise rights under applicable data protection law should be addressed to data.privacy@shearman.com.
We will take appropriate technical and organizational measures against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data in accordance with our internal security procedures covering its storage, access and destruction. Personal data may be stored on our own technology systems or those of our vendors, or in paper files.
Shearman & Sterling acts as the controller with respect to personal data for the purposes of the GDPR and may be contacted at:
Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom
Alternatively, you may email us at data.privacy@shearman.com.
You may also contact our German data protection officer with any questions or concerns regarding the processing of personal data in Germany, either at the address above or by emailing data.privacy@shearman.com.
We rely on one or more of the following legal grounds available under GDPR to process your personal data:
Where no other legal ground is available or we are required to, we may seek your consent to process your personal data for specified purposes. If you give consent, you may withdraw it at any time.
We may update this privacy notice from time to time to reflect changes in legal requirements or our processing practices. Any such changes will be posted on this website, with the date at the top of the privacy notice providing the date it was last updated. Changes to this privacy notice will be effective upon posting.
If you have any questions or comments about this privacy notice, or our collection and handling of your personal data, please email us at data.privacy@shearman.com, or you may write to us via postal mail at:
Shearman & Sterling
Attn: Director of Data Privacy
9 Appold Street
London EC2A 2AP
United Kingdom