General Statement

Gibson, Dunn & Crutcher LLP ("Gibson Dunn") is an international law firm, with clients located throughout the world, including in the European Union (“EU”), the European Economic Area ("EEA") and in Switzerland. In representing such clients in transactional, litigation, or other matters, it is often necessary for the client to provide to Gibson Dunn information that is subject to data protection laws of the EU, the EEA and Switzerland. This Privacy Policy therefore applies to personal data transferred to the United States from the EU, EEA and Switzerland to protect such data.

Gibson Dunn complies with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU to the United States.

Gibson Dunn also adheres to the U.S.-Swiss Safe Harbor for personal data transferred from Switzerland to the United States and adheres to the Safe Harbor privacy principles contained therein.

Gibson Dunn has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (including without limitation its principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement, and Liability). If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. Privacy Shield program, and to view our certification page, please visit http://www.privacyshield.gov/. The Federal Trade Commission (FTC) has jurisdiction over Gibson Dunn’s compliance with the Privacy Shield.

For the avoidance of doubt, the Privacy Shield Principles and this policy do not apply to data that is transferred to or within Gibson Dunn on any other legal basis (e.g. otherwise permitted under Art. 26 of Directive EC/95/46) or from any other source.

Gibson Dunn's Handling Of Personal Data

For the purposes of this Privacy Shield Policy, Personal Data means personal data transferred to or within Gibson Dunn from the EU, EEA or Switzerland under the EU-U.S. Privacy Shield or the U.S.-Swiss Safe Harbor framework.

Gibson Dunn maintains the Personal Data it receives in secure on-line and off-line facilities. Such information is not disclosed unless necessary or advisable to protect the rights, safety or property of Gibson Dunn or others; to conform to legal or regulatory requirements; or as required to protect the legitimate interests of its clients relating to Gibson Dunn's representation of such clients. Such data is not disclosed to third parties unless such disclosure is permitted under applicable law and only if the third party operates in accordance with Gibson Dunn's strict data standards, and for the purposes of Gibson Dunn's representation of its clients.

Gibson Dunn maintains strict security and confidentiality policies that govern all information any attorney or other personnel receives in the course of his or her employment or association with Gibson Dunn. All attorneys and personnel are made aware of these policies and Gibson Dunn has in place procedures to train all attorneys and personnel in the implementation of these policies. Failure to adhere to the privacy, security and confidentiality policies results in appropriate discipline. Gibson Dunn has in place procedures for periodically conducting objective reviews of compliance with this Privacy Policy.

Data Subjects

The Personal Data transferred from the EU, EEA or Switzerland may concern the following categories of persons:

  • Opponents, counterparties and prospective opponents and counterparties of clients and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
  • Clients, prospective and former clients of Gibson Dunn and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
  • Professional and personal contacts of partners, associates and other employees of Gibson Dunn;
  • Suppliers (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
  • Advisors, consultants, witnesses, other professionals and professional experts (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
  • Other persons involved in litigation, arbitration, investigations or transactional matters;
    and
  • Dependents, associates and correspondents of the above persons affected by the data transfer.

Purposes Of Data Transfers

Personal data from the EU, EEA or Switzerland is transferred for the following purposes:

  • Legal Services (the provision of legal services including advice to, or acting on behalf of, clients and conducting litigation, arbitration, investigations and transactional matters). This includes the provision of legal services to clients in order to establish data rooms relating to transactions or projects, conducting document reviews and any disclosure or related exercise in any litigation or any Government or regulatory exercise or internal investigation conducted by or on behalf of Gibson Dunn and its clients;
  • Accounts & Records (including maintenance of accounts related to Gibson Dunn's business activities; deciding whether to accept any person or entity as a client or supplier; keeping records of transactions; making financial or management forecasts);
  • Compliance with Gibson Dunn's ethical, professional and legal obligations;
  • Compliance with Gibson Dunn's anti-money laundering, risk management and other compliance protocols;
  • Marketing of Gibson Dunn's services (including invitations to events and email alerts);
    and
  • Storage, backup and administration of client files, HR data, and other data as described above.

Categories Of Data

The Personal Data transferred may concern the following categories of data:

  • Details of client's personal and financial details and their intentions towards third party persons;
  • Details of client’s personnel and third parties who are business associates of Gibson Dunn’s clients, and details of those who correspond with those personnel;
  • Emails and other communications with third parties;
  • Contact details (e-mail address, fax and/or telephone numbers, mobile telephone number, business and/or residential address (in each case, in respect of both business and personal contact details)), billing information, payment history, job functions, details of associates/employees' Personal Assistant/Secretary and internal personnel hierarchy and meeting / telephone attendance notes;
  • Evidence or materials that may potentially contain evidence relating to an actual or potential dispute (including emails);
    and
  • Due diligence information and information relating to actual or prospective business, company or asset acquisitions.

Recipients

The Personal Data transferred from the EU, EEA or Switzerland may be disclosed to the following recipients or categories of recipients:

  • Gibson Dunn's partners, associates and employees who need to have access to such information;
  • Gibson Dunn's data processors (including IT vendors, data center providers, document management and archiving contractors);
  • The courts, governmental authorities and third parties where Gibson Dunn is required to disclose such information by law or court, governmental or other authorized order;
  • Opponents and counterparties and their affiliated entities (and their counsel, advisers, consultants and other professional experts) where so instructed by its clients or where it is necessary or expedient to do so in order to carry out a client retainer;
  • Law enforcement agencies and other governmental authorities where it is necessary to comply with Gibson Dunn's understanding of its ethical and professional duties or to prevent physical harm or financial losses;
    and
  • Partners, associates and staff of Gibson Dunn for business development, client relations and marketing purposes.

In addition to such measures, Gibson Dunn maintains confidentiality policies that govern all information that any attorney or other personnel of Gibson Dunn receives in the course of his or her employment or association with Gibson Dunn. All attorneys and personnel are made aware of these policies and Gibson Dunn has in place procedures to train all attorneys and personnel in the implementation of these policies.

Verification Mechanism And Enforcement

Verification of Gibson Dunn's privacy policy will be through self-assessment and verified by the Office of the Executive Director of the Firm in a signed statement that will be updated annually and referenced on the Firm's Internet.

Gibson Dunn's privacy policy concerning personal information received from the EU, EEA and/or Switzerland is accurate, comprehensive, fully implemented and prominently displayed on the Gibson Dunn’s internet website.

The Privacy Policy is available at:
        http://www.gibsondunn.com/pages/privacy.aspx

Users' Rights and Contact

Users may at any time review their Personal Data stored by Gibson Dunn and request its correction or deletion. For this purpose and for other questions, comments or inquiries regarding the collection, processing and storage of your personal information by Gibson Dunn, please contact us via e-mail at:

privacy@gibsondunn.com.

or in writing to:

Gibson Dunn & Crutcher LLP
Attn.: Office of the General Counsel
Martin A. Hewett
1050 Connecticut Ave., NW
Washington, DC 20036
United States of America

The local representatives for our offices in Europe are provided at:  http://www.gibsondunn.com/Pages/LegalNotices.aspx 

All such requests will be handled in accordance with applicable data protection and privacy laws.

Dispute Resolution

Users are encouraged to contact us should there be a EU-U.S. Privacy Shield or U.S.-Swiss Safe Harbor-related (or general privacy-related) complaint.

For any complaints relating to Personal Data from the EU or Switzerland that cannot be resolved with Gibson Dunn directly, Gibson Dunn has committed to refer unresolved complaints under the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles to an independent dispute resolution body based in the United States, JAMS. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.

Finally, under certain conditions, EU individuals may invoke binding arbitration before the Privacy Shield Panel.

Changes To The Privacy Policy

Gibson Dunn’s Privacy Policy may be amended from time to time, consistent with applicable data protection laws, Gibson Dunn’s legal obligations and professional duties and the then applicable Privacy Shield Principles. Gibson Dunn will make available on its website any new version of its Privacy Policy.