Privacy

United States

Privacy Policy

Debevoise & Plimpton LLP is committed to protecting your privacy.

In this privacy policy references to “Debevoise”, “we”, “our” or “us” are to Debevoise & Plimpton LLP, a New York registered limited liability partnership and to each related entity which provides legal services using the name Debevoise & Plimpton.

This privacy policy describes what personal information we collect about you, how we may collect, use and share your personal information, our legal bases for using your personal information, how long we keep your personal information, how we protect your personal information, the countries to which we may transfer your personal information, and your rights regarding your personal information. If you provide personal information to us relating to other individuals, you are responsible for communicating the terms of this privacy policy to them.

Types of personal information we collect about you

The types of personal information we collect about you depends on your relationship with us. They include:

  • Your personal contact details such as name, title, postal addresses, email addresses and telephone numbers.
  • The company you work for or represent and your position.
  • Identification and background information we may collect about you as part of our business acceptance procedures and recruitment procedures, such as a copy of your passport or ID card.
  • Financial information, such as your bank account details.
  • Technical information, such as information from your visits to our website or relating to the event invitations, updates, marketing materials and other communications we send to you electronically.
  • Your communication preferences regarding marketing materials.
  • Any other personal information you provide to us during your relationship with us, such as dietary requirements, any physical disability and your views and comments.

How we collect your personal information

The ways in which we collect personal information about you may include the following:

  • In the course of our business acceptance procedures.
  • In the course of our provision of legal services to you or others, including documents or communications we receive from our clients, other law firms, counterparties, regulatory or law enforcement agencies, or information which is in the public domain, in relation to matters on which we are engaged by our clients.
  • Through your general use of our website. In particular, we collect personal information about you if you complete forms on our website, such as the ‘News & Publications Alerts Sign Up’ and the ‘Events Sign Up’ and if you send emails to firm personnel from the website or log into our Extranet from the website.
  • Through your responses to our emails asking that you confirm and update information we maintain about you, or that you provide your consent for us to communicate with you.
  • Through information you may provide to representatives of our firm at conferences and similar events.
  • Through other law firms or third parties such as other professional services providers with whom we have jointly arranged events such as webinars and presentations and to whom you have provided personal information.
  • Through your application for a job at Debevoise.
  • Publicly available sources such as company registries, registries maintained by financial services or other regulatory authorities, court reports, social media, news and other internet-based resources.

How we use your personal information

We may use your personal information for the following purposes:

  • To manage, administer and improve our provision of legal and other services to clients.
  • To provide information requested by you.
  • To provide, administer, monitor the use of, and improve this website.
  • To promote our services, including by sending to you personalized event invitations, updates and other marketing materials.
  • To follow up with you on a job application.

Our legal bases for using your personal information

We use your personal information on the following bases:

  • To perform a contract, such as engaging with clients to provide legal or other services.
  • To comply with a legal obligation.
  • For our legitimate interests, as summarized above under the heading ‘How we use your personal information’.
  • With your consent for a specific purpose.

Cookies

For information about our use of cookies, please see our cookies policy here.

How we share your personal information

We may share your personal information with others in the following circumstances:

  • Our related Debevoise entities in order to provide to clients legal or other services and in accordance with our business administrative practices.
  • Any new Debevoise entity or other third party if we decide to re-organize or transfer all or any part of our business.
  • Our third party service providers in order to provide us with services, including our professional advisers such as our auditors, our information technology service providers, third parties to whom we outsource support services such as translation, photocopying and document review and third parties whom we instruct in connection with our provision of services to clients such as local counsel.
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws.
  • Our clients, in relation to legal services we provide.
  • Third parties representing our clients in connection with matters on which we are engaged by such clients.
  • Third parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Third parties, such as law firms or other professional services providers, with whom we are jointly running an event such as a webinar or seminar.

We do not sell or otherwise disclose to third parties your personal information without your consent. 

How long we keep your personal information 

We retain your personal information in accordance with our global retention guidelines. Our retention periods are based on the requirements of applicable data protection laws, other legal and regulatory requirements to retain information for a minimum period and limitation periods for taking legal action.

How we protect your personal information

We have in place technical and organizational measures which are designed to protect the personal information we collect about you from unauthorized, improper or unlawful access, use, disclosure, alteration or destruction consistent with applicable data protection laws.

Debevoise maintains an Information Security Management System that is aligned and certified to the ISO 27001:2013 standard framework. The system is inclusive of policies, procedures and technical controls and is audited by a certified third party ISO assessor on an annual basis.

Countries to which we transfer your personal information

We may need to transfer your personal information to locations outside the jurisdiction in which you provide it, or from where you are viewing this website, in order to use it on the bases set out above. Where personal information which we process is subject to either Regulation (EU) 2016/679 (the “GDPR”), any law implementing or supplementing the GDPR, or the UK GDPR (as defined in the UK Data Protection Act 2018) (collectively, “European Data Protection Laws”) we will transfer your personal information outside the EEA or the UK (as applicable) in accordance with the European Data Protection Laws. To facilitate this we have in place standard contractual clauses between the relevant Debevoise entities. Where personal information which we process is subject to data privacy laws in the People’s Republic of China (“PRC Data Protection Laws”), we will transfer your personal information outside the PRC in accordance with the PRC Data Protection Laws.

Your rights regarding your personal information

Where our processing of your personal information is subject to European Data Protection Laws or the PRC Data Protection Laws you may have the following rights: 

  • To request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • To correct any incomplete or inaccurate personal information that we hold about you.
  • To request us to delete or remove from our systems your personal information where there is no legal basis for us continuing to process it.
  • To request us to suspend processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it.
  • To request the transfer of your personal information to a third party.
  • To withdraw any consent that you have provided to us for processing your personal information.
  • To make a complaint to a local supervisory authority about how we are processing your personal information.

If you reside in the PRC (Mainland), you may have the following additional right:

  • To request us to further explain our rules on personal data processing.

If you reside in California, you may have the following rights under the California Consumer Privacy Act (CCPA):

  • To request access to certain personal information collected by us in the 12 months before you make the request. Specifically, you may have the right to ask that we disclose: (i) the categories of personal information we collected; (ii) the categories of sources from which we collect personal information; (iii) the business or commercial purpose for which we collect personal information; (iv) the categories of third parties with whom we share personal information; (iv) the specific pieces of personal information we hold and (vi) if we disclosed your personal information for a business purpose, a list of the categories of personal information we disclosed in the prior 12 months.
  • To request us to delete your personal information. We will not delete your personal information if we need it in order to provide a service you requested, to protect the security or functionality of our operations, to comply with a legal or regulatory obligation or for certain other reasons.

If you would like to exercise any of your rights relating to your personal information, please contact us at privacy@debevoise.com. If you are a California resident you may also call our toll free number (888) 914-9661, PIN 751668.

Only you or a person authorized by you may submit a request to exercise your rights regarding your personal information. In connection with such a request, we will undertake steps to verify the requester’s identity. We may ask the requester to provide information that we have on file about the requester, or if the request is submitted in writing or online, we may contact the requester to verify the requester’s identity. In particular, we may ask the requester to provide us with their name, organization, contact details (including physical address, telephone number and email address) and identity documents. We will only use personal information provided in a request to verify the requester’s identity and authority to make the request, and we will maintain a record of access and deletion requests as required by law.

We will not deny services, charge different prices, offer a different quality of service or otherwise discriminate against you for exercising your rights under any applicable laws.

You may also have rights under other applicable laws in connection with your personal information, including if you reside in a jurisdiction outside California or our processing of your personal information is not subject to European Data Protection Laws.

Please advise us of any changes to your personal information by contacting us at privacy@debevoise.com.

Data controller

Debevoise provides legal services through a number of different entities. For the purposes of European Data Protection Laws, the data controller of your personal information is the Debevoise entity in the EU that you engage with, or if we have received your personal information in connection with a client engagement in circumstances in which European Data Protection Laws apply, the Debevoise entity which is primarily responsible for such engagement.

Updates to this policy

We may change this privacy policy from time to time by updating this page. Please check this policy regularly to ensure that you are familiar with its content.

Contact information

If you have any questions about this privacy policy or you would like to exercise any of your rights relating to your personal information, please contact us at privacy@debevoise.com.
You may contact the data protection officer for Debevoise in Frankfurt at DPOFrankfurt@debevoise.com.