Privacy

United States

Privacy Policy

Last Updated: April 26, 2025

Debevoise & Plimpton LLP is committed to protecting your privacy. In this privacy policy references to “Debevoise”, “we”, “our” or “us” are to Debevoise & Plimpton LLP, a New York registered limited liability partnership and to each related entity which provides legal services using the name Debevoise & Plimpton.

This privacy policy describes what personal information we collect about you, how we may collect, use and disclose your personal information, our legal bases for using your personal information, how long we keep your personal information, how we protect your personal information, the countries to which we may transfer your personal information, and your rights regarding your personal information. If you provide personal information to us relating to other individuals, you are responsible for communicating the terms of this privacy policy to them.

Debevoise provides legal services through a number of different entities. The data controller of your personal information is the Debevoise entity that you interact with, or if we have received your personal information in connection with a client engagement, then the controller is the Debevoise entity which is primarily responsible for such engagement.

Categories of personal information we collect about you

The types of personal information we collect about you depends on your relationship with us. They include:

  • Your personal identifiers such as name, title, physical addresses, telephone numbers, date of birth, email addresses, social security number, and national identification number.
  • Personal records we may collect about you as part of our business acceptance procedures, such as a copy of your passport or ID card, financial information such as bank account number, and photographs.
  • Professional and employment information we may collect during our business relationship, such as the company you work for and your position.
  • Location information, such as the location of your IP address, where you work and records of when you visit our office(s).
  • Health information, such as health insurance information and medical information where relevant to the context of a particular representation.
  • Sensory data such as CCTV footage in our offices, and audio or video recordings of meetings and presentations.
  • Internet and network activity, such as IP addresses when logging into our Webcasts, cookies stored from your visits to our website or blogs, and how you interact with our email and other communications.
  • Your communications with us, such as when you contact us by phone or email, or copies of communications that we receive in the course of a client engagement.
  • Inferences, preferences, or characteristics that we obtain through interactions with you.
  • Other personal information you or others provide to us during the client relationship with us, such as dietary requirements, any physical disability and your views and comments.

Depending on the jurisdiction you reside in, some of the data we collect may be considered sensitive. In some jurisdictions, consent may be required prior to collecting sensitive data. Where consent is required prior to collecting sensitive data, we will obtain your consent.

How we collect your personal information

The ways in which we collect personal information about you may include the following:

  • In the course of our business acceptance procedures, such as running conflicts checks, conducting know your client and anti-money laundering due diligence and setting up payment methods.
  • In the course of our provision of legal services to you or others, including documents or communications we receive from our clients, other law firms, counterparties, regulatory or law enforcement agencies, or information which is in the public domain, in relation to matters on which we are engaged by our clients.
  • Through your general use of our website. In particular, we collect personal information about you if you complete forms on our website, such as the ‘News & Publications Alerts Sign Up’ and the ‘Events Sign Up,’ interact with our emails such as by clicking on hyperlinks, and if you send emails to firm personnel from the website or log into our Extranet from the website.
  • Through your responses to our emails asking that you confirm and update information we maintain about you, or that you provide your consent for us to communicate with you.
  • Through direct interactions, including information you may provide to representatives of our firm at conferences and similar events.
  • Through other law firms or third parties such as other professional services providers with whom we have jointly arranged events such as webinars and presentations and to whom you have provided personal information.
  • Publicly available sources such as company registries, registries maintained by financial services or other regulatory authorities, court reports, social media, news and other internet-based resources.

When we need your personal information to comply with business and/or legal obligations or to perform our contract, failure to provide this data may impact our ability to provide our services.

How we use your personal information

In the last 12 months, we have collected the following categories of personal information for the following purposes:

Category of personal data

Business Purpose and Lawful Basis for Processing)

To Whom We Disclose Personal Information

Identifiers

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.
  • To conduct reviews of our performance, manage business relationships, and arrange for the termination of business relationships.

Necessary for our legitimate interests

  • For our recruiting efforts, including to identify potential job applicants
  • To ensure a healthy and safe office environment for our vendors, personnel, and visitors.
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and assist in the prosecution of those responsible for that activity.
  • To promote our services, including by sending to you personalized event invitations, updates and other marketing materials.

To comply with a legal obligation

  • To conduct “Know Your Client”, anti-money laundering, terrorist financing, and conflict checks, and client due diligence checks.
  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • To preserve knowledge, keep accurate business records, and control access to documents
  • To conduct compliance activities with the use of our network.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Banks, and other payment processing services
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Bar associations and other law-related organizations
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Personal Records

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.

Necessary for our legitimate interests

  • To provide, administer, monitor the use of, and improve this website
  • For our recruiting efforts, including to identify potential job applicants.
  • To ensure a healthy and safe office environment for our vendors, personnel, and visitors.
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and assist in the prosecution of those responsible for that activity.
  • To promote our services, including by sending to you personalized event invitations, updates and other marketing materials.

To comply with a legal obligation

  • To conduct “Know Your Client”, anti-money laundering, terrorist financing, and conflict checks, and client due diligence checks.
  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • To preserve knowledge, keep accurate business records, and control access to documents.
  • Our related Debevoise entities
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Banks, and other payment processing services
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Professional and Employment-Related Information

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.
  • To conduct reviews of our performance, manage business relationships, and arrange for the termination of business relationships.

Necessary for our legitimate interests

  • For our recruiting efforts, including to identify potential job applicants.
  • To promote our services, including by sending to you personalized event invitations, updates and other marketing materials.

To comply with a legal obligation

  • To conduct “Know Your Client”, anti-money laundering, terrorist financing, and conflict checks, and client due diligence checks.
  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • To preserve knowledge, keep accurate business records, and control access to documents.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Bar associations and other law-related organizations
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Location Information

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.

Necessary for our legitimate interests

  • To provide, administer, monitor the use of, and improve this website.
  • For our recruiting efforts, including to identify potential job applicants.
  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and assist in the prosecution of those responsible for that activity
  • To promote our services, including by sending to you personalized event invitations, updates and other marketing materials.

To comply with a legal obligation

  • To conduct “Know Your Client”, anti-money laundering, terrorist financing, and conflict checks, and client due diligence checks.
  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • To conduct compliance activities with the use of our network.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Banks, and other payment processing services
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Bar associations and other law-related organizations
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Sensory Data

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.

Necessary for our legitimate interests

  • For our recruiting efforts, including to identify potential job applicants.
  • To ensure a healthy and safe office environment for our vendors, personnel, and visitors.

To comply with a legal obligation

  • To preserve knowledge, keep accurate business records, and control access to documents.
  • To conduct compliance activities with the use of our network.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Bar associations and other law-related organizations
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Internet or other electronic network activity

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal and other services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.

Necessary for our legitimate interests

  • To detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and assist in the prosecution of those responsible for that activity.

To comply with a legal obligation

  • To conduct “Know Your Client”, anti-money laundering, terrorist financing, and conflict checks, and client due diligence checks.
  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • Our related Debevoise entities
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Health Information

To provide a requested service/carry out a contract

  • To provide information or services requested by you, or reasonably expected by you given our business relationship.

Necessary for our legitimate interests

  • To ensure a healthy and safe office environment for our vendors, personnel, and visitors.

To comply with a legal obligation

  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Communications

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.
  • To conduct reviews of our performance, manage business relationships, and arrange for the termination of business relationships.

To comply with a legal obligation

  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • To preserve knowledge, keep accurate business records, and control access to documents.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Inferences

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.
  • To conduct reviews of our performance, manage business relationships, and arrange for the termination of business relationships.

Necessary for our legitimate interests

  • For our recruiting efforts, including to identify potential job applicants
  • To promote our services, including by sending to you personalized event invitations, updates and other marketing materials.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you

Work Product

To provide a requested service/carry out a contract

  • To manage, administer and improve our provision of legal services to and contractual obligations to clients.
  • To provide information or services requested by you, or reasonably expected by you given our business relationship.
  • To conduct reviews of our performance, manage business relationships, and arrange for the termination of business relationships.

To comply with a legal obligation

  • To meet relevant regulatory requirements and professional obligations, respond to subpoenas or other government requests, and manage legal disputes.
  • To preserve knowledge, keep accurate business records, and control access to documents.
  • Our related Debevoise entities
  • Our clients, in relation to legal services we provide.
  • Third parties providing services to our clients in connection with matters on which we are engaged by such clients.
  • Parties, such as law firms or other professional advisors, representing counterparties or other relevant parties in connection with matters on which we are engaged by clients.
  • Government or regulatory authorities, courts, tribunals or other third parties if we consider it necessary or appropriate under applicable laws
  • Courts, counsel, arbitrators, mediators, and other personnel relevant to a legal dispute, in response to court orders, subpoenas, government inquiries, other legal processes, to defend against claims and allegations, or to protect property, personnel, or members of the public.
  • Auditors, insurers, lawyers, accountants and other professional advisers
  • Vendors who provide services to us, including technology, web and security vendors
  • Parties designated by you


We do not sell or share your personal information

We do not sell or share for cross-contextual behavioral advertising purposes your personal information. We do not knowingly sell nor share for cross-contextual behavioral advertising purposes personal information of individuals under the age of 16.

How long we keep your personal information

We retain your personal information for as long as reasonably necessary and proportionate to achieve the purposes and uses set out in this Privacy Policy, as authorized by law, and to meet legal, taxation, accounting, risk management or business requirements. Different retention periods apply to different types of records and data, and, where information is used for more than one purpose, we will retain it until the purpose with the latest period expires. The criteria used to determine our retention periods include: (i) the length of time we have an ongoing relationship with you; (ii) whether there is a legal obligation that applies to us; and (iii) whether we determine we need to retain the information due to our legal position, including, but not limited to relevant statutes of limitations, litigation, or regulatory investigations.

These retention periods may be extended where circumstances so require or until a particular query, investigation or dispute is fully resolved.

How we protect your personal information

We have in place technical and organizational measures which are designed to protect the personal information we collect about you from unauthorized, improper or unlawful access, use, disclosure, alteration or destruction consistent with applicable data protection laws.

Debevoise maintains an Information Security Management System that is aligned and certified to the ISO 27001 standard framework. The system is inclusive of policies, procedures and technical controls and is audited by a certified ISO assessor on an annual basis.

Countries to which we transfer your personal information

We may need to transfer your personal information to locations outside the jurisdiction in which you provide it, or from where you are viewing this website, in order to use it on the bases set out above. Where personal information which we process is subject to either Regulation (EU) 2016/679 (the “GDPR”), any law implementing or supplementing the GDPR, or the UK Data Protection Act 2018, which implements the “UK GDPR” (as defined in the UK Data Protection Act 2018) (collectively, “European Data Protection Laws”) we will transfer your personal information outside the EEA or the UK (as applicable) in accordance with the European Data Protection Laws. To facilitate this, we have in place Standard Contractual Clauses between the relevant Debevoise entities.

Where personal information which we process is subject to data privacy laws in the People’s Republic of China (“PRC Data Protection Laws”), we will transfer your personal information outside the PRC in accordance with the PRC Data Protection Laws.

Your rights regarding your personal information

Where our processing of your personal information is subject to European Data Protection Laws or the PRC Data Protection Laws you may have the following rights:

  • To request access to your personal information. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • To correct any incomplete or inaccurate personal information that we hold about you.
  • To request us to delete or remove from our systems your personal information where there is no legal basis for us continuing to process it.
  • To request us to suspend processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it.
  • To request the transfer of your personal information to a third party.
  • To withdraw any consent that you have provided to us for processing your personal information.
  • To make a complaint to a local supervisory authority about how we are processing your personal information.

If you reside in the PRC (Mainland), you may have the following additional right:

  • To request us to further explain our rules on personal data processing.

If you reside in California, you may have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: Request access to certain personal information collected by us in the 12 months before you make the request. Specifically, you may have the right to ask that we disclose: (i) the categories of personal information we collected; (ii) the categories of sources from which we collect personal information; (iii) the business or commercial purpose for which we collect personal information; (iv) the specific pieces of personal information we hold; and (v) if we disclosed your personal information for a business purpose, a list of the categories of personal information we disclosed in the prior 12 months.
  • Right to Delete: Request us to delete your personal information. We will not delete your personal information if we need it in order to provide a service you requested, to protect the security or functionality of our operations, to comply with a legal or regulatory obligation or for certain other reasons.
  • Right to correct: Request us to correct any incomplete or inaccurate personal information that we hold about you.
  • Right to non-discrimination: You have the right to non-retaliation following the exercise of your rights, and will not be discriminated against following the exercise of these rights.

We do not use sensitive personal information to infer characteristics under the CCPA.

Process we will use to verify data subject requests

To exercise your rights, please submit a verifiable data subject request that (1) provides sufficient information, such as a physical address, email or phone number, in addition to a government ID, that allows us to reasonably verify you are the person about whom we collected personal information or are an authorized representative, and (2) describes your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

You may appoint a representative to exercise these rights on your behalf, but we may require steps to verify the request is legitimate, such as a signed permission evidencing you have authorized the representative to make a request on your behalf.

In all jurisdictions, you can submit your request via email by contacting us at privacy@debevoise.com. In California, your request also can be submitted over the phone at our toll-free number (888) 914-9661, PIN 751668. And in Germany, you can make a request by sending an email to DPOFrankfurt@debevoise.com. Please note that we must be able to verify your identity to respond to your request, and we will only use the personal information you provide in your request for the purpose of confirming your identity.

We will not charge a fee for your request unless it is excessive, repetitive, or manifestly unfounded. We will deliver our written response electronically. We endeavor to respond to a verifiable request within the time periods provided by relevant law. If we require more time, we will inform you or your authorized agent in writing of the reason and the extension period.

You may also have rights under other applicable laws in connection with your personal information.

Please advise us of any changes to your personal information by contacting us at privacy@debevoise.com.

Updates to this policy

We may amend this privacy policy from time to time by updating this page. Please check this policy regularly to ensure that you are familiar with its content.

Contact information

If you have any questions about this privacy policy or you would like to exercise any of your rights relating to your personal information, please contact us at privacy@debevoise.com.

You may contact the data protection officer for Debevoise in Frankfurt at DPOFrankfurt@debevoise.com.