Simpson Thacher & Bartlett LLP and its affiliated offices ("Simpson Thacher" or "we" or "our") are committed to respecting the privacy of all individuals, including job applicants, employees and visitors to our website, as well as of our current and prospective clients (www.stblaw.com).
Your visit to our website is subject to the following Privacy Notice (“Notice”). By visiting our website, you agree to this Notice, which may be updated by us at any time. If we update this Notice, we will post the updated document here. Any such changes will be effective upon posting. We urge you to review the Notice each time you visit our website. If you do not agree with any provision of the Notice, you should not use our website.
For the purposes of applicable data protection law, and in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), Simpson Thacher may be deemed to be a "data controller" or “data processor” of your personal data, including your personal data processed in the course of client transactions.
This Notice sets out:
- The types of personal data that Simpson Thacher collects, including from individuals visiting our website;
- The purposes and legal basis for our processing and use of individuals’ personal data;
- Information regarding our marketing and individuals’ ability to withdraw their consent or otherwise object to marketing;
- How we may disclose or use individuals’ personal data;
- How we transfer personal data outside of the European Union (“EU”); and
- Individuals’ rights with respect to our use or disclosure of their personal data.
Queries regarding how (1) our policies may apply to your personal data; (2) to exercise your right to question or object to our use of your personal data, in accordance with applicable laws; or (3) to access, correct, or delete your personal data, should be sent to Simpson Thacher’s Privacy Officer at DataPrivacy@stblaw.com.
This Notice describes Simpson Thacher’s policies and procedures with respect to personal data. Any personal data collected, held, used or processed by Simpson Thacher is also subject to the relevant provisions of applicable local laws and/or Simpson Thacher policies in each jurisdiction where we have an office.
Personal Data We Collect
We collect personal data about:
- our current and prospective clients and their staff and employees;
- our service providers and business partners and their staff and employees;
- individuals who attend, or express interest in attending, our events;
- third parties in connection with client transactions (for example, information about the staff of a company that will be acquired by a client); and
- visitors to our website.
We also collect personal data in relation to individuals applying for employment with Simpson Thacher. For a copy of our Applicant Privacy Notice, please contact us at DataPrivacy@stblaw.com.
The personal data we collect may include, but is not limited to: name, address, telephone number, date of birth, marital status, passport number, employment history, educational background, tax status, financial information, and details of visits to our website (including traffic data, IP addresses, location data, weblogs and other communication data).
Sources of Personal Data
We obtain the personal data from a number of sources, including through our website, online questionnaires and forms, and other information provided directly to us, including by email or in conversation with our lawyers, legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above. In addition, we obtain personal information from third-party sources, such as our clients, other law firms and service providers.
Information About Other People
If you provide information to us about any person other than yourself, such as your employees, suppliers, shareholders or directors, you must ensure that they understand how their information will be used and disclosed, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use and disclose it as set forth above.
Processing of Personal Data
We process the personal data referred to above for the following purposes:
- To fulfil a contract, or take steps linked to a contract, including:
- verifying your identity;
- accepting payments from you; and
- communicating with you regarding the legal services provided.
- As required to conduct our business and pursue our legitimate interests, in particular:
- providing legal services to our clients, and responding to any comments or complaints they may send us;
- promoting our services to clients and potential clients, advising them of news and industry updates, and hosting or administering events;
- monitoring use of our website, and using personal data to help us improve and protect our services and website, both online and offline;
- investigating any complaints about our website or our services; and
- in connection with legal claims, and for compliance, regulatory and investigative purposes.
- Where you give us consent:
- we may send you direct marketing in relation to our services;
- we will use personal data that you give us solely for the purpose we explain at the time you give us such consent.
- For other purposes to comply with applicable laws, regulations, subpoenas, legal process, governmental investigations or inquiries, including:
- undertaking compliance checks on current and potential clients and other third parties as part of our legal, regulatory and professional obligations (including anti-money laundering obligations); and
- to cooperate with government or law enforcement authorities conducting an investigation.
- In certain circumstances, we will not be able to provide legal services to clients if we are not provided with all relevant personal data.
Marketing Communications and Withdrawing Consent
We may contact you with information about services or events that might be of interest to you. Where necessary in compliance with applicable law, at the time that you provide your personal data to us, you will be given the opportunity to indicate whether or not you agree for us to use your personal data to tell you about such services and events.
You will always be able to withdraw your consent to allowing us to process your personal data, although we may still have other legal grounds for processing your data, such as those set out above. In some cases, we are able to send you marketing materials without your prior consent, where we rely on our legitimate interests, but you have an absolute right to opt-out of receiving future marketing materials at any time. You can do this by following the instructions in the email communication you receive, or by contacting us at DataPrivacy@stblaw.com.
Disclosure of Your Personal Data
We have the right to share your personal data amongst our affiliated offices.
We have the right to share your personal data with trusted third parties including:
- Legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above, and each of their associated businesses;
- Business partners, suppliers and sub-contractors in connection with the performance of any contract we enter into with them or you. We take reasonable steps to ensure that our personnel protect your personal data and are aware of their information security obligations; and
- Analytics and search engine providers that assist us in the improvement and optimization of our website.
We may also share your personal data with (or transfer your personal data to) third parties:
- If we sell or buy any businesses or assets or merge any business into or with that of another person, in which case we may disclose your personal data to the prospective counterparty in such transaction and such data may be one of the assets transferred in such transaction;
- To comply with applicable laws, regulations, subpoenas, legal process, governmental investigations or inquiries, to cooperate with law enforcement, to assert or defend legal claims, and to protect our and others rights, property, or safety; and
- For the purposes of crime and fraud prevention and remediation.
We will not otherwise sell any personal data to any other person.
Transfers of Personal Data Outside the EU
In some cases, disclosure of personal data to other persons will involve transferring personal data from a country in the EU to a country which has been held not to provide a level of protection to personal data equivalent to that provided in the EU. In particular, personal data from the EU may be transferred to, and processed in, our offices in the United States.
To provide adequate protection for these transfers in accordance with EU data protection law, Simpson Thacher has a Data Transfer Agreement in place, which includes appropriate contractual clauses based on and conforming to the European Commission approved standard contractual clauses. To obtain a copy of these clauses, please contact us at DataPrivacy@stblaw.com.
You have various rights with respect to our use, processing and sharing of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. Please note that there are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us at DataPrivacy@stblaw.com.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us at DataPrivacy@stblaw.com to let us know if any of your personal data is not accurate or changes.
- Objecting/Deletion: You also have the right to object to processing of your personal data and to ask us to block, delete or restrict your personal data subject to certain exceptions. Once we receive your request and verify your identity, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies under applicable law.
- Portability: You have the right to request that your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. Once we receive your request and verify your identity, we will disclose to you:
- The categories of personal information we collected about you.
- The sources for the personal information we collected about you.
- Our business or commercial purpose for collecting that personal information.
- The categories of third parties with whom we share that personal information, if applicable.
- The specific pieces of personal information we collected about you.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority.
To exercise the access, accuracy, data portability, objection and deletion rights described above, please submit a request to us by either:
Please note that there may be exceptions to these rights under applicable law.
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative of such person.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if you do not take the foregoing actions. Making a request does not require you to create an account with us. We will use personal information provided in a request only to verify your identity or authority to make the request.
How Long We Keep Your Personal Data
When we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
Where we process personal data in connection with the provision of legal services, we keep the data for 10 years from the date the matter is closed.
Where we process personal data to comply with our legal obligations (for example, "know-your-client" information processed for anti-money laundering purposes), we will retain the data for as long as the client has open matters, and for 10 years from the date the last matter is closed.
Changes to our Privacy Notice
Any changes we may make to our Notice in the future will be posted on this page and/or, where required by law or regulation, notified to you by e-mail.
Cookies and Similar Technologies
What are they?
Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies are also used which are similar to cookies. This can include pixel tags and tracking URLs.
All these technologies are together referred to in this Policy as “Cookies”. Please note that if you delete or disable Cookies from us, you may not be able to access certain areas or features of our website.
The types of Cookies that we use on our website, and the purposes for which they are used, are set out below:
- Strictly necessary Cookies: These Cookies are essential to enable you to move around our website and use its features, such as accessing secure areas. Without these Cookies, any services on our website you wish to access cannot be provided.
- Analytical/performance Cookies: These Cookies collect information about how you and other visitors use our website, for instance, which pages you go to most often, and if you get error messages from web pages. We use data from these Cookies to help test designs and to ensure that a consistent look and feel is maintained on your visit to the website. All information these Cookies collect is aggregated and is used only to improve how a website works.
- Further information concerning the terms and conditions of use and data privacy can be found at:
- Functionality Cookies: These Cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for such as watching a video. Additionally, these Cookies can be used to allow an optional service to function. The information these Cookies collect may be anonymized and these Cookies cannot track your browsing activity on other websites.
- Pixel tags: These are also known as a clear GIF or web beacon. These are invisible tags placed on certain pages of our website but not on your computer. When you access these pages, pixel tags generate a generic notice of that visit. They usually work in conjunction with Cookies, registering when a particular device visits a particular page. If you turn off Cookies, the pixel tag will simply detect an anonymous website visit.
- Tracking URLs: These are used to determine from which referring website our website is accessed.
To find out more about Cookies please visit: www.allaboutcookies.org or see www.youronlinechoices.eu which contains further information about behavioral advertising and online privacy.
Do Not Track
We do not track visitors of the site over time and/or across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (“DNT”) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser allows you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. You should consult the help pages of your browser to learn how to set your preferences so that websites do not track you.
California’s Shine the Light Law
California Civil Code Section 1798.83, known as the “Shine The Light” law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any personal information with third parties for their direct marketing purposes.
Governing Law and Forum
The laws of the State of New York govern this Notice. Any dispute relating to this Notice or your use of our website shall be resolved solely in the state or federal courts located in New York City. If any provision of this Notice is held to be unenforceable, such provision will be reformed only to the extent necessary to make it enforceable.
If you have any questions or comments about this Notice, you can email us at DataPrivacy@stblaw.com or write to us at Chief Information Officer, Simpson Thacher & Bartlett LLP, 425 Lexington Avenue, New York, New York 10017.
Last updated: December 2019