Simpson Thacher & Bartlett LLP and its affiliated offices ("Simpson Thacher" or "we" or "our") are committed to respecting the privacy of all individuals, including job applicants, employees and visitors to our website, as well as of our current and prospective clients (www.stblaw.com).
For the purposes of applicable data protection law, and in particular, the General Data Protection Regulation (EU) 2016/679 (the “GDPR”), Simpson Thacher may be deemed to be a "data controller" or “data processor” of your personal data, including your personal data processed in the course of client transactions.
This Privacy Notice ("Notice") sets out:
- The types of personal data that Simpson Thacher collects, including from individuals visiting our website;
- The purposes and legal basis for our use of individuals’ personal data;
- Information regarding our marketing and individuals’ ability to withdraw their consent or otherwise object to marketing;
- How we may disclose individuals’ personal data;
- How we transfer personal data outside of the European Union (“EU”); and
- Individuals’ rights with respect to our use of their personal data.
Queries regarding how (1) our policies may apply to your personal data; (2) to exercise your right to question or object to our use of your personal data, in accordance with applicable laws; or (3) to access, correct, or delete your personal data, should be sent to Simpson Thacher’s Privacy Officer at DataPrivacy@stblaw.com.
This notice describes Simpson Thacher’s policies and procedures with respect to personal data, and in particular the personal data of individuals to which the GDPR applies. Any personal data collected, held or processed by Simpson Thacher is also subject to the relevant provisions of applicable local laws and/or Simpson Thacher policies in each jurisdiction where we have an office. For personal data outside the scope of GDPR, our policies and procedures may vary.
Personal Data We Collect
We collect personal data about:
- our current and prospective clients and their staff;
- our service providers and business partners and their staff;
- individuals who attend, or express interest in attending, our events;
- third parties who are the subject of, or otherwise related to, client transactions (for example, information about the staff of a company that will be acquired by a client); and
- visitors to our website.
We also collect personal data in relation to individuals applying for employment with Simpson Thacher. For a copy of our Applicant Privacy Notice, please contact us at DataPrivacy@stblaw.com.
The personal data we collect may include, but is not limited to: name, address, telephone number, date of birth, marital status, passport number, employment history, educational background, tax status, financial information, and details of visits to our website (including traffic data, IP addresses, location data, weblogs and other communication data).
Sources of Personal Data
We obtain the personal data from a number of sources, including through our website, online questionnaires and forms, and other information provided directly to us, including by email or in conversation with our lawyers, legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above. In addition, we obtain personal information from third-party sources, such as our clients and other law firms.
Information About Other People
If you provide information to us about any person other than yourself, such as your employees, suppliers, shareholders or directors, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
Processing of Personal Data
We process the personal data referred to above for the following purposes:
- To fulfil a contract, or take steps linked to a contract, including:
- verifying your identity;
- accepting payments from you; and
- communicating with you regarding the legal services provided.
- As required to conduct our business and pursue our legitimate interests, in particular:
- providing legal services to our clients, and responding to any comments or complaints they may send us;
- promoting our services to clients and potential clients, advising them of news and industry updates, and hosting or administering events;
- monitoring use of our website, and using personal data to help us improve and protect our services and website, both online and offline;
- investigating any complaints about our website or our services; and
- in connection with legal claims, and for compliance, regulatory and investigative purposes.
- Where you give us consent:
- we may send you direct marketing in relation to our services;
- we will use personal data that you give us solely for the purpose we explain at the time you give us such consent.
- For other purposes which are required by law, including:
- undertaking compliance checks on current and potential clients and other third parties as part of our legal, regulatory and professional obligations (including anti-money laundering obligations); and
- in response to requests by government or law enforcement authorities conducting an investigation.
In certain circumstances, we will not be able to provide legal services to clients if we are not provided with all relevant personal data.
Marketing Communications and Withdrawing Consent
We may contact you with information about services or events that might be of interest to you. Where necessary, at the time that you provide your personal data to us, you will be given the opportunity to indicate whether or not you agree for us to use your personal data to tell you about such services and events.
You will always be able to withdraw your consent to allowing us to process your personal data, although we may still have other legal grounds for processing your data, such as those set out above. In some cases, we are able to send you marketing materials without your prior consent, where we rely on our legitimate interests, but you have an absolute right to opt-out of receiving future marketing materials at any time. You can do this by following the instructions in the email communication you receive, or by contacting us at DataPrivacy@stblaw.com.
Disclosure of Your Personal Data
We have the right to share your personal data amongst our affiliated offices.
We have the right to share your personal data with trusted third parties including:
- Legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above, and each of their associated businesses;
- Business partners, suppliers and sub-contractors only for the purposes of performance of any contract we enter into with them or you. We take reasonable steps to ensure that our personnel protect your personal data and are aware of their information security obligations; and
- Analytics and search engine providers that assist us in the improvement and optimisation of our website.
We may also share your personal data with third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- If we or any part of our operations merges with or is acquired by a third party, in which case personal data held by it about its users, suppliers, or customers will be one of the transferred assets;
- If we are under a duty to disclose or share your personal data to comply with any applicable law, or to protect the rights, property, or safety of our users, clients, or others; and
- For the purposes of crime and fraud prevention and remediation.
Transfers of Personal Data Outside the EU
In some cases, disclosure of personal data to the affiliates and third parties referred to above will involve transferring personal data from a country in the EU to a country which has been held not to provide a level of protection to personal data equivalent to that provided in the EU. In particular, data from the EU may be transferred to, and processed in, our offices in the United States.
To provide adequate protection for these transfers in accordance with EU data protection law, Simpson Thacher has a Data Transfer Agreement in place, which includes appropriate contractual clauses based on and conforming to the European Commission approved standard contractual clauses. To obtain a copy of these clauses, please contact us at DataPrivacy@stblaw.com.
You have various rights with respect to our use of your personal data:
- Access: You have the right to request a copy of the personal data that we hold about you. Please note that there are exceptions to this right, so that access may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information. You are entitled to see the personal data held about you. If you wish to do this, please contact us at DataPrivacy@stblaw.com.
- Accuracy: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us at DataPrivacy@stblaw.com to let us know if any of your personal data is not accurate or changes.
- Objecting: In certain circumstances, you also have the right to object to processing of your personal data and to ask us to block, erase and restrict your personal data. If you would like us to stop using your personal data, please contact us at DataPrivacy@stblaw.com.
- Porting: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
- Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority.
Please note that there are exceptions to these rights, if, for example, we are under a legal obligation to continue to process your personal data.
How Long We Keep Your Personal Data
When we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
Where we process personal data in connection with the provision of legal services, we keep the data for 10 years from the date the matter is closed.
Where we process personal data to comply with our legal obligations (for example, "know-your-client" information processed for anti-money laundering purposes), we will retain this for as long as the client has open matters, and for 10 years from the date the last matter is closed.
Changes to our Privacy Notice
Any changes we may make to our Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail.
Cookies and Similar Technologies
What are they?
Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies are also used which are similar to cookies. This can include pixel tags and tracking URLs.
All these technologies are together referred to in this Policy as “Cookies”. Please note that if you delete or disable Cookies from us, you may not be able to access certain areas or features of our website.
The types of Cookies that we use on our website, and the purposes for which they are used, are set out below:
- Strictly necessary Cookies: These Cookies are essential to enable you to move around our website and use its features, such as accessing secure areas. Without these Cookies, any services on our website you wish to access cannot be provided.
- Analytical/performance Cookies: These Cookies collect information about how you and other visitors use our website, for instance, which pages you go to most often, and if you get error messages from web pages. We use data from these Cookies to help test designs and to ensure that a consistent look and feel is maintained on your visit to the website. All information these Cookies collect is aggregated and is used only to improve how a website works.
- Functionality Cookies: These Cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video. Additionally, these Cookies can be used to allow an optional service to function. The information these Cookies collect may be anonymised and these Cookies cannot track your browsing activity on other websites.
- Pixel tags: These are also known as a clear GIF or web beacon. These are invisible tags placed on certain pages of our website but not on your computer. When you access these pages, pixel tags generate a generic notice of that visit. They usually work in conjunction with Cookies, registering when a particular device visits a particular page. If you turn off Cookies, the pixel tag will simply detect an anonymous website visit.
- Tracking URLs: These are used to determine from which referring website our website is accessed.
To find out more about Cookies please visit: www.allaboutcookies.org or see www.youronlinechoices.eu which contains further information about behavioural advertising and online privacy.
Do Not Track
We do not track visitors of the site over time and/or across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (“DNT”) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser allows you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. You should consult the help pages of your browser to learn how to set your preferences so that websites do not track you.
California’s Shine the Light Law
California Civil Code Section 1798.83, known as the “Shine The Light” law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Requests may be made only once a year and are free of charge. Under Section 1798.83, we currently do not share any personal information with third parties for their direct marketing purposes.
Governing Law and Forum
The laws of the State of New York govern this Notice. Any dispute relating to this Notice or your use of our website shall be resolved solely in the state or federal courts located in New York City. You consent and submit to the personal jurisdiction of such courts for the purposes of any such dispute or action and agree to waive trial by jury in any such dispute or action. If any provision of this Notice is held to be unenforceable, such provision will be reformed only to the extent necessary to make it enforceable.
If you have any questions or comments about this Notice, you can email us at DataPrivacy@stblaw.com or write to us at Chief Information Officer, Simpson Thacher & Bartlett LLP, 425 Lexington Avenue, New York, New York 10017.
Last updated: May 2018.