Skadden, Arps, Slate, Meagher & Flom LLP and Affiliates (collectively, "Skadden," the "Firm," "we," "us," or "our") is committed to safeguarding the privacy of visitors to our website, contacts for our clients and prospective clients, contacts for suppliers of goods and services to the Firm, candidates for employment or engagement, and any other individuals about whom the Firm obtains personal information (each, "you"). Please read the following statement, which sets out the principles governing the Firm’s use of personal information that we may obtain about you, to understand how the Firm collects, uses, and otherwise processes your personal information as well as the rights that you have in relation to our processing of that information (the “Privacy Statement”). In this Privacy Statement, “personal information” means information that (either in isolation or in combination with other information held by the Firm) enables you to be identified or recognized. With respect to California residents, references to "personal information" in this Privacy Statement means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, subject to certain exceptions set forth in the California Consumer Privacy Act (the "CCPA").
Skadden is the data controller in relation to any personal information that the Firm processes about you and is responsible for ensuring that such processing complies with applicable data protection laws, including the European Union General Data Protection Regulation (the “GDPR”) and the CCPA. Your privacy is important to us. Please be aware that Firm personnel are required to comply with the Firm's data privacy practices as set out in this Privacy Statement and other data privacy-related Firm policies.
Please click on the link below for the contact details of Skadden offices and affiliated entities in your jurisdiction: https://www.skadden.com/locations.
If you have any comments or questions in connection with this Privacy Statement, or for further information on our processing activities and your rights in relation to your personal information, please contact us via email at DataProtection@skadden.com or by post to Data Protection, Skadden, Arps, Slate, Meagher and Flom LLP, One Manhattan West, New York, NY 10001-8602.
Although you are not required to provide any personal information on the public areas of our website, you may choose to do so by completing the job application forms or the newsletter sign-up form. Should you do so, we may, for example, keep a record of your name, email address, and any other information you voluntarily provide to us.
Additionally, we may collect the following categories of personal information from you in the course of business, including through your use of the website, when you contact or request information from us, when we provide services to you or receive services from you:
- Identification data, such as name, gender, title, job title, or address.
- Contact information, including your phone number(s), your email address and social media account or handle where appropriate.
- Financial data, such as bank account information and invoicing details.
- Event registration or mailing list data, such as dietary requirements (which may reveal information about your health or religious beliefs), preferences and interests, subscriptions, downloads, and username/passwords.
- Job applicant data, such as identification data and contact information, resumé and other data provided by you or third parties (e.g. recruiters) on our website, online recruitment portal (where applicable) or offline in connection with job openings, which may be subject to additional local requirements based on the country for which the position is advertised.
- Legal and regulatory compliance data as required for purposes such as know your client, anti-money laundering, and market abuse regulations requirements, or as part of our client onboarding process, which may include passport or other identification data, date of birth, home address, and other due diligence data.
- Other service data, such as personal information relevant to the provision or receipt of services, in relation to any of your employees, customers or vendors, and client feedback.
- Cookie and device data, such as information about your visit of our website, IP address, device identifier, browser type and version, operating system and network, location and time zone setting.
We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our staff or personnel, clients, professional advisers, partners, and agents of Skadden, third parties with whom we interact, and publicly available sources.
We may use your personal information for the following purposes and, for each purpose, based on the following legal grounds:
- Provision of legal services – we use personal information that you voluntarily submit to us on the website or during the course of our engagement, regardless of the media used, such as identification data, contact details, and other service data that we may process in connection with the provision of services. The Firm's work for you may also involve providing such information to third parties, such as expert witnesses and other professional advisers in order to represent your interests most effectively. This processing is necessary for us to perform our contract with you.
- Administration of client and vendor relationships – we use identification data, contact details, financial data, and other service data, including for the processing of invoices, the updating of client records, and the management of our vendor relationships. This processing is necessary to perform our contract with you.
- Addressing client inquiries/feedback – we use identification data, contact details, and other service data for this purpose. This process is necessary to perform our contract with you. It may also be necessary for our legitimate interests to establish or maintain a relationship with you; it is also in your interest to receive a response from us when you contact us.
- Sending relevant marketing messages and inviting you to events/seminars – we use identification data, contact details, cookie and device data, and mailing list data to communicate with you by way of email alerts and post to provide you with information about our events, seminars, or services that may be of interest to you. This processing is necessary for our legitimate interest to send you tailored marketing messages, client newsletters, and invitations to relevant events and seminars.
- Improving our website – we use cookie and device data to improve the functionality and user-friendliness of our website. This processing is necessary for our legitimate interests to constantly monitor and improve our online presence and services to you.
- Keeping our website and IT systems and processes safe – we use identification data, contact details, financial data, cookie and device data, and other service data. This processing is necessary to perform our contract with you and to ensure the security and confidentiality of your data. It is also necessary for our legitimate interests to prevent illegal activities, including fraud, which could harm you and us.
- Complying with legal or regulatory inquiries/requests – we use identification data, contact details, financial data, cookie and device data, and legal and regulatory compliance data (including for anti-money laundering or fraud detection purposes, statutory returns and fulfillment of the Firm's ethical obligations). This processing is necessary for the purpose of complying with legal requirements that apply to the Firm.
We may share your personal information with the following categories of recipients:
- other entities within Skadden to provide legal services to you and to administer any service provided to you that the Firm agrees to undertake;
- professional advisers, partners, and agents of Skadden to provide you with local legal services, as required, and to administer our relationship with you;
- vendors that will process your personal information on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, financial institutions, customer relationship management databases and other cloud-based solutions, third party companies providing us with business analytics and statistics to assist with our marketing campaigns, and third party venues in which we may host events and seminars. We contract with such vendors to ensure that they only process your personal information under our instructions and ensure the security and confidentiality of your personal information by implementing the appropriate technical and organizational measures for such processing;
- any law enforcement, regulatory, or government agency requesting personal information in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures, with which we would need to comply. We may also share personal information to establish or protect the Firm's legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims;
- any third party connected with business transfers; we may transfer your personal information to third parties in connection with a reorganization, restructuring, merger, acquisition, or transfer of assets of the Firm, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Statement.
We may send you direct marketing messages including by way of email alerts and post provided that we have a lawful ground to do so. If you no longer wish to receive our email alerts, to be part of a mailing list, or to receive any marketing communications, you can opt-out of such communications at any time by clicking on the unsubscribe link in the relevant communication or contacting us at email@example.com.
If you are in the European Economic Area (the “EEA”) or the United Kingdom (the "UK"), you have the following rights:
- Access. You have the right to request a copy of the personal information that we are processing about you. If you require additional copies, we may need to charge a reasonable fee;
- Rectification. You have the right to require the correction of any mistake in the personal information, whether incomplete or inaccurate, that we hold about you;
- Deletion. You have the right to require the erasure of personal information concerning you in certain situations, such as where we no longer need it or if you withdraw your consent (where applicable);
- Portability. You have the right to receive the personal information concerning you that you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
- Objection. You have the right to (i) object at any time to the processing of your personal information for direct marketing purposes and (ii) object to our processing of your personal information where the legal ground of such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for the processing;
- Restriction. You have the right to request that we restrict our processing of your personal information in certain circumstances, such as when you contest the accuracy of that personal information;
- Withdrawal of consent. If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. "Explicit consent" would be required if the Firm relies on consent as the condition to lawfully process "special categories of personal data," as defined in the GDPR.
If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority, such as la Commission Nationale de l'Informatique et des Libertés ("CNIL") in France, if you believe that we have not complied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authorities in the EEA countries. If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office, who can be contacted here.
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
If you are in the EEA or the UK and would like to exercise any of those rights, please:
- Email us at DataProtection@skadden.com;
- Provide enough information to identify yourself (e.g., name, email address, etc.);
- Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
- Provide the information to which your request relates.
If you are a California resident, you have the following rights, subject to certain exceptions as set forth in the CCPA:
- Right to access Personal Information. You have the right to receive the specific pieces of your Personal Information we have collected about you in the 12 months preceding your request.
- Right to data portability. You have the right to receive a copy of your electronic personal information in a readily-usable format.
- Right to Know. You have the right to receive information from us regarding the categories of personal information we collected, the sources from which we collect personal information, the purposes for which we collected and shared personal information, the categories of any personal information we sold as well as the categories of third parties to whom such personal information was sold, and the categories of personal information that we disclosed for a business purpose in the 12 months preceding your "right to know" request.
- Right to Request Deletion. You have the right to request the deletion of the personal information that you provided to us. Please note that in certain instances we may not be able to process your request, such as (i) due to the existence of a legal obligation, (ii) to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, or (iii) in order to complete a transaction for which your personal information was collected.
- Right to Non-Discrimination. You have the right to be free from discrimination by us as a result of you exercising your rights under the CCPA.
If you wish to exercise these rights, you must submit a request by emailing CCPA_Requests@skadden.com or by calling our toll-free number +1 (833) 524-0418. The CCPA requires us to verify requests we receive when one is seeking to exercise certain of the rights listed above. We may ask you to provide certain information in order for us to verify your request.
Note that certain of the rights set forth above do not apply until January 1, 2022 for job applicants, employees, partners, and contractors, and when personal information is transmitted in business-to-business written or verbal communications or transactions relating to due diligence, or providing or receiving a product or service to or from another business, and the personal information concerns an employee, owner, director, officer or contractor of that business.
Skadden has collected the following types of personal information about California residents in the last 12 months:
Sources of Personal Information Collected. We obtain the categories of personal information listed above from the following categories of sources: directly from you, such as when you complete forms, indirectly from you, such as observing your actions on our website, and from publicly available sources.
Disclosures for a Business or Commercial Purpose. In the preceding 12 months, Skadden has disclosed the types of personal information listed above to its service providers for business purposes.
We have implemented technical and organizational security measures in an effort to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to staff and authorized service providers on a need-to-know basis for the purposes described in this Privacy Statement, as well as other administrative, technical, and physical safeguards.
We endeavor to take all reasonable steps to protect your personal information, but cannot guarantee the security of any data you disclose online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default.
Skadden is an international law firm comprised of multiple offices and affiliated entities in numerous jurisdictions. Details regarding our offices and affiliated entities can be found at https://www.skadden.com/locations. Your personal information may be transferred to or shared across our integrated computer networks with one or more of Skadden offices and our affiliated offices in the United States and other countries that may not be subject to data protection laws similar to those prevailing in the jurisdiction in which such information is provided to or received by us. However, all of our offices adhere to the same procedures with respect to your personal information, including this Privacy Statement.
It is necessary to transfer personal information from the United Kingdom or the EEA to a country outside the EEA (or to an international organization) in order to provide our attorneys with access to clients' personal information to enable them to provide legal services, wherever they are located, and for related purposes as set out in this Privacy Statement, including updates and enhancements to our records, analysis to help us manage our practice, statutory returns, legal and regulatory compliance, the administration and management of the Firm's global IT systems, and our other legitimate business interests.
While our offices in Belgium, France and Germany are in the EEA, not all of our offices are in countries that have the same data protection laws as the EEA. That said, with regard to our office in the UK, the UK has incorporated the wording of the GDPR with the UK GDPR and the Data Protection Act 2018 and following Brexit, the European Commission has issued a draft adequacy decision in relation to the UK. It is expected that this will soon be ratified. In any event, data flows between the EEA and the UK continue and remain safe thanks to a conditional interim regime that was agreed in the EU-UK Trade and Cooperation Agreement until 30 June 2021. When we transfer personal information (a) from within the EEA to countries located outside the EEA that have not received an adequacy decision from the European Commission, or (b) from the UK to countries that are not recognized as offering an adequate level of protection by the Information Commissioner's Office, including within Skadden offices and affiliated entities and with our service providers, we have implemented adequate safeguards to appropriately protect such transfer of personal information, including on the terms of a valid data transfer agreement incorporating the European Commission's standard contractual clauses or as permitted under applicable data protection laws. These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused. You may ask for further information on the safeguards that we have put in place to safeguard the transfer of your personal information to countries outside of the EEA or the UK by contacting us at DataProtection@skadden.com.
Please note that we do not support "Do Not Track" browser settings at this time.
Information RetentionWe will only retain your personal information for as long as necessary for the purposes for which that information was collected as set out in this Privacy Statement or for longer as required under any applicable legal, regulatory, accounting, or reporting requirements. Should you opt out or no longer wish to receive marketing messages from us, we will securely delete your personal information from the relevant mailing list(s).
Notification of Changes
We may occasionally update this Privacy Statement as our services and privacy practices change, or as required by applicable legal or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, the last update date is posted below, and we encourage you to review this Privacy Statement periodically to be informed of how we use your personal information.
Last updated: March 2021