Gibson Dunn complies with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU to the United States.
Gibson Dunn also adheres to the U.S.-Swiss Safe Harbor for personal data transferred from Switzerland to the United States and adheres to the Safe Harbor privacy principles contained therein.
http://www.privacyshield.gov/. The Federal Trade Commission (FTC) has jurisdiction over Gibson Dunn’s compliance with the Privacy Shield.
For the avoidance of doubt, the Privacy Shield Principles and this policy do not apply to data that is transferred to or within Gibson Dunn on any other legal basis (e.g. otherwise permitted under Art. 26 of Directive EC/95/46) or from any other source.
For the purposes of this Privacy Shield Policy, Personal Data means personal data transferred to or within Gibson Dunn from the EU, EEA or Switzerland under the EU-U.S. Privacy Shield or the U.S.-Swiss Safe Harbor framework.
Gibson Dunn maintains the Personal Data it receives in secure on-line and off-line facilities. Such information is not disclosed unless necessary or advisable to protect the rights, safety or property of Gibson Dunn or others; to conform to legal or regulatory requirements; or as required to protect the legitimate interests of its clients relating to Gibson Dunn's representation of such clients. Such data is not disclosed to third parties unless such disclosure is permitted under applicable law and only if the third party operates in accordance with Gibson Dunn's strict data standards, and for the purposes of Gibson Dunn's representation of its clients.
The Personal Data transferred from the EU, EEA or Switzerland may concern the following categories of persons:
- Opponents, counterparties and prospective opponents and counterparties of clients and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Clients, prospective and former clients of Gibson Dunn and their affiliated entities (including their respective employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Professional and personal contacts of partners, associates and other employees of Gibson Dunn;
- Suppliers (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Advisors, consultants, witnesses, other professionals and professional experts (including their employees, agents, consultants, directors, officers, temporary, casual workers and direct and indirect shareholders, beneficial owners and the person(s) controlling them);
- Other persons involved in litigation, arbitration, investigations or transactional matters;
- Dependents, associates and correspondents of the above persons affected by the data transfer.
Personal data from the EU, EEA or Switzerland is transferred for the following purposes:
- Legal Services (the provision of legal services including advice to, or acting on behalf of, clients and conducting litigation, arbitration, investigations and transactional matters). This includes the provision of legal services to clients in order to establish data rooms relating to transactions or projects, conducting document reviews and any disclosure or related exercise in any litigation or any Government or regulatory exercise or internal investigation conducted by or on behalf of Gibson Dunn and its clients;
- Accounts & Records (including maintenance of accounts related to Gibson Dunn's business activities; deciding whether to accept any person or entity as a client or supplier; keeping records of transactions; making financial or management forecasts);
- Compliance with Gibson Dunn's ethical, professional and legal obligations;
- Compliance with Gibson Dunn's anti-money laundering, risk management and other compliance protocols;
- Marketing of Gibson Dunn's services (including invitations to events and email alerts);
- Storage, backup and administration of client files, HR data, and other data as described above.
The Personal Data transferred may concern the following categories of data:
- Details of client's personal and financial details and their intentions towards third party persons;
- Details of client’s personnel and third parties who are business associates of Gibson Dunn’s clients, and details of those who correspond with those personnel;
- Emails and other communications with third parties;
- Contact details (e-mail address, fax and/or telephone numbers, mobile telephone number, business and/or residential address (in each case, in respect of both business and personal contact details)), billing information, payment history, job functions, details of associates/employees' Personal Assistant/Secretary and internal personnel hierarchy and meeting / telephone attendance notes;
- Evidence or materials that may potentially contain evidence relating to an actual or potential dispute (including emails);
- Due diligence information and information relating to actual or prospective business, company or asset acquisitions.
The Personal Data transferred from the EU, EEA or Switzerland may be disclosed to the following recipients or categories of recipients:
- Gibson Dunn's partners, associates and employees who need to have access to such information;
- Gibson Dunn's data processors (including IT vendors, data center providers, document management and archiving contractors);
- The courts, governmental authorities and third parties where Gibson Dunn is required to disclose such information by law or court, governmental or other authorized order;
- Opponents and counterparties and their affiliated entities (and their counsel, advisers, consultants and other professional experts) where so instructed by its clients or where it is necessary or expedient to do so in order to carry out a client retainer;
- Law enforcement agencies and other governmental authorities where it is necessary to comply with Gibson Dunn's understanding of its ethical and professional duties or to prevent physical harm or financial losses;
- Partners, associates and staff of Gibson Dunn for business development, client relations and marketing purposes.
In addition to such measures, Gibson Dunn maintains confidentiality policies that govern all information that any attorney or other personnel of Gibson Dunn receives in the course of his or her employment or association with Gibson Dunn. All attorneys and personnel are made aware of these policies and Gibson Dunn has in place procedures to train all attorneys and personnel in the implementation of these policies.
Users may at any time review their Personal Data stored by Gibson Dunn and request its correction or deletion. For this purpose and for other questions, comments or inquiries regarding the collection, processing and storage of your personal information by Gibson Dunn, please contact us via e-mail at:
or in writing to:
Gibson Dunn & Crutcher LLP
Attn.: Office of the General Counsel
Martin A. Hewett
1050 Connecticut Ave., NW
Washington, DC 20036
United States of America
The local representatives for our offices in Europe are provided at: http://www.gibsondunn.com/Pages/LegalNotices.aspx
All such requests will be handled in accordance with applicable data protection and privacy laws.
Users are encouraged to contact us should there be a EU-U.S. Privacy Shield or U.S.-Swiss Safe Harbor-related (or general privacy-related) complaint.
For any complaints relating to Personal Data from the EU or Switzerland that cannot be resolved with Gibson Dunn directly, Gibson Dunn has committed to refer unresolved complaints under the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles to an independent dispute resolution body based in the United States, JAMS. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit
https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Finally, under certain conditions, EU individuals may invoke binding arbitration before the Privacy Shield Panel.