Gibson, Dunn & Crutcher LLP (“Gibson Dunn”) is an international law firm, with clients located throughout the world, including in the European Union (“EU”), the European Economic Area (“EEA”) and in Switzerland. In representing such clients in transactional, litigation, or other matters, it is often necessary for the client to provide to Gibson Dunn information that is subject to data protection laws of the EU, the EEA and Switzerland. This Privacy Shield Policy therefore applies to personal data transferred to the United States from the EU, EEA and Switzerland to protect such data.
Gibson Dunn complies with the EU-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal data transferred from the EU to the United States.
Gibson Dunn also adheres to the U.S.-Swiss Safe Harbor for personal data transferred from Switzerland to the United States and adheres to the Safe Harbor privacy principles contained therein.
Gibson Dunn has certified to the Department of Commerce that it adheres to the Privacy Shield Principles (including without limitation its principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, Recourse, Enforcement, and Liability). If there is any conflict between the policies in this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-U.S. Privacy Shield program, and to view our certification page, please visit http://www.privacyshield.gov/. The Federal Trade Commission (FTC) has jurisdiction over Gibson Dunn’s compliance with the Privacy Shield.
For the avoidance of doubt, the Privacy Shield Principles and this policy do not apply to data that is transferred to or within Gibson Dunn on any other legal basis (e.g. otherwise permitted under Art. 26 of Directive EC/95/46) or from any other source.
For the purposes of this Privacy Shield Policy, Personal Data means personal data transferred to or within Gibson Dunn from the EU, EEA or Switzerland under the EU-U.S. Privacy Shield or the U.S.-Swiss Safe Harbor framework.
Gibson Dunn maintains the Personal Data it receives in secure on-line and off-line facilities. Such information is not disclosed unless necessary or advisable to protect the rights, safety or property of Gibson Dunn or others; to conform to legal or regulatory requirements; or as required to protect the legitimate interests of its clients relating to Gibson Dunn’s representation of such clients. Such data is not disclosed to third parties unless such disclosure is permitted under applicable law and only if the third party operates in accordance with Gibson Dunn’s strict data standards, and for the purposes of Gibson Dunn’s representation of its clients.
Gibson Dunn maintains strict security and confidentiality policies that govern all information any attorney or other personnel receives in the course of his or her employment or association with Gibson Dunn. All attorneys and personnel are made aware of these policies and Gibson Dunn has in place procedures to train all attorneys and personnel in the implementation of these policies. Failure to adhere to the privacy, security and confidentiality policies results in appropriate discipline. Gibson Dunn has in place procedures for periodically conducting objective reviews of compliance with this Privacy Shield Policy.
The Personal Data transferred from the EU, EEA or Switzerland may concern the following categories of persons:
Personal data from the EU, EEA or Switzerland is transferred for the following purposes:
The Personal Data transferred may concern the following categories of data:
The Personal Data transferred from the EU, EEA or Switzerland may be disclosed to the following recipients or categories of recipients:
In cases of onward transfer to third parties of Personal Data of EU individuals received under the EU-US Privacy Shield, Gibson Dunn may potentially be held liable, as set out in the EU-U.S. Privacy Shield Framework.
Verification of Gibson Dunn’s Privacy Shield Policy will be through self-assessment and verified by the Office of the Executive Director of the Firm in a signed statement that will be updated annually and referenced on the Firm’s Internet.
Gibson Dunn’s Privacy Shield Policy concerning personal information received from the EU, EEA and/or Switzerland is accurate, comprehensive, fully implemented and prominently displayed on the Gibson Dunn’s internet website.
The Privacy Shield Policy is available at:
http://www.gibsondunn.com/privacy-shield
Persons to whom the Privacy Shield is applicable may request confirmation regarding whether Gibson Dunn is processing their personal data, request access to their personal data, and/or request that Gibson Dunn correct, amend, or delete their personal data if it is inaccurate or has been processed in violation of the Privacy Shield Principles. Persons who have consented to Gibson Dunn’s collection, storage, transfer, disclosure to a third party, or other use of their personal information (hereinafter “Processing”) may withdraw that consent at any time and “opt out” from any future Processing. To the extent, if any, that Gibson Dunn processes sensitive personal information (i.e., personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, or information specifying the sex life of the individual), Gibson Dunn will obtain your consent (i.e., request that you “opt in”) before Processing such data, except to the extent that such consent is not required under the Privacy Shield Principles.
For the foregoing purposes and for other questions, comments, requests, or inquiries regarding the Processing of your personal information by Gibson Dunn, please contact us via e-mail at:
or in writing to:
Gibson Dunn & Crutcher LLP
Attn.: Office of the General Counsel
Martin A. Hewett
1050 Connecticut Ave., NW
Washington, DC 20036
United States of America
Such questions, comments, requests, or inquiries may also be submitted by email to one of the local representatives for our offices in Europe, which are identified at: http://www.gibsondunn.com/legal-notices
All such requests will be handled in accordance with the Privacy Shield Principles and applicable laws, including applicable data protection and privacy laws. Although Gibson Dunn makes good faith efforts to comply with such requests, there may be circumstances in which Gibson Dunn is unable to provide access to such information, comply with a request to amend, correct, or delete such information, and/or limit the disclosure or use of such information, including but not limited to where complying with the request would: (i) violate a privilege or protection (such as the attorney-client privilege) under applicable law; (ii) compromise confidentiality obligations or the privacy, proprietary, or other legitimate rights of Gibson Dunn, its clients, or other third parties; (iii) involve a burden or expense that would be disproportionate to the risks to the individual’s privacy; or (iv) violate applicable rules of professional responsibility or other applicable laws. If Gibson Dunn determines that any such requests cannot be complied with for such a reason or reasons, Gibson Dunn will endeavor to provide you with an explanation of why that determination was made. To protect your privacy, Gibson Dunn will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.
Users are encouraged to contact us should there be a EU-U.S. Privacy Shield or U.S.-Swiss Safe Harbor-related (or general privacy-related) complaint.
For any complaints relating to Personal Data from the EU or Switzerland that cannot be resolved with Gibson Dunn directly, Gibson Dunn has committed to refer unresolved complaints under the Privacy Shield Principles and the U.S.-Swiss Safe Harbor Principles to an independent dispute resolution body based in the United States, JAMS. If you do not receive timely acknowledgement of your complaint from us, or if we have not resolved your complaint, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Finally, under certain conditions, EU individuals may invoke binding arbitration before the Privacy Shield Panel.
Gibson Dunn’s Privacy Shield Policy may be amended from time to time, consistent with applicable data protection laws, Gibson Dunn’s legal obligations and professional duties and the then applicable Privacy Shield Principles. Gibson Dunn will make available on its website any new version of its Privacy Shield Policy.