Skip To The Main Content

Privacy Notice

Simpson Thacher & Bartlett LLP and its affiliated offices practicing under the Simpson Thacher & Bartlett name in other jurisdictions (“Simpson Thacher” or “we” or “our”) are committed to respecting the privacy of all individuals, including job applicants, employees and visitors to our website (www.stblaw.com), as well as of our current and prospective clients.

This Privacy Notice (“Notice”) describes how we handle personal data, and may be updated by us at any time as described in Changes to Our Privacy Notice below.  Any such changes will be effective upon posting unless otherwise indicated. We urge you to review the Notice each time you visit our website or one of our offices. If you do not agree with any provision of the Notice, you should not use our website or visit our offices or otherwise provide us with personal data. This Notice was last updated on June 24, 2024.

This Notice sets out:

  • The types of personal data that Simpson Thacher collects, including from clients, and from individuals visiting our website, applying for employment with us, visiting our offices, and interacting with us in the normal course of our business;
  • The purposes and legal basis for our processing and use of individuals’ personal data;
  • Information regarding our marketing and individuals’ ability to withdraw their consent or otherwise object to marketing;
  • How we may process, disclose or use individuals’ personal data;
  • How we transfer personal data across borders;
  • How long we retain personal data and how we keep it secure; and
  • Individuals’ rights with respect to our processing, use or disclosure of their personal data.

Queries regarding how (1) our policies may apply to your personal data; (2) to exercise your right to question or object to our use of your personal data, in accordance with applicable laws; or (3) to access, correct, or delete your personal data, should be sent to [email protected].

For the purposes of applicable data protection law, Simpson Thacher may be deemed to be a data controller of your personal data, including your personal data processed in the course of client transactions.

This Notice describes Simpson Thacher’s policies and procedures with respect to personal data. Any personal data collected, held, used or processed by Simpson Thacher is also subject to the relevant provisions of applicable local laws and/or Simpson Thacher policies in each jurisdiction where we have an office. We store personal data in the United States and in other countries that may not have data protection laws as protective as those in your location.

Personal Data We Collect

We collect and process the following personal data from you:

  • Identification information: such as name, identification number, date of birth, job title and function.
  • Contact information: including phone number(s), email address, and mailing address.
  • Billing, Financial and Payment Data: including records of services obtained or considered, bank and other financial account information and other information necessary for processing payments, billing and invoicing, as well as fraud prevention.
  • Event registration or mailing list data: such as marketing and communications preferences and interests, subscriptions, downloads, dietary requirements and preferences (which may reveal information about your health and/or religious background).
  • Legal and regulatory compliance data: as required for purposes such as know your client, anti-money laundering, and market abuse regulations requirements, or as part of our client onboarding process, which may include passport or other identification and due diligence data.
  • Technical Information: including information collected during your visits to our website(s), the Internet Protocol (IP) address, browser type and version, device type, time zone setting, browser plug-in types and versions, operating system and platform. To learn more about our use of cookies please refer to the Cookies and Similar Technology section below.
  • Audio, electronic, visual, or similar information: including photographs and CCTV footage.
  • Physical Access Data: relating to details of your visits to our offices.
  • Job applicant data: including identification data, contact information, résumé and other data provided by you or third parties (e.g. recruiters, law school career offices) on our website, online recruitment portal (where applicable) or offline in connection with job openings, which may be subject to additional local requirements based on the country or state for which the position is advertised.
  • Sensitive or regulated personal data: In the course of your relationship with us, we may collect and process certain sensitive or regulated personal data or information that is protected under applicable law relating to you when relevant to providing our legal services (this could include information about racial and ethnic backgrounds, gender, marital status, political opinions, religious beliefs, union membership, physical or mental health, information regarding sexual orientation and background or details of criminal offenses, or biometric data, depending on the specific definition and scope of sensitive or regulated personal data under relevant applicable law). We only process sensitive personal data for necessary purposes and such processing activities will not negatively impact your legitimate interests and/or rights.
  • Any other personal data that you provide to us relevant to the provision or receipt of services, including in relation to any of your employees, customers or vendors.

We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our personnel, clients, advisers, partners, and agents, third parties with whom we interact and publicly available sources.

We collect personal data about:

  • our current and prospective clients and their staff and employees;
  • job applicants;
  • our service providers and business partners and their staff and employees;
  • individuals who attend, or express interest in attending, our events or subscribe to newsletters and other email updates we provide;
  • third parties in connection with client transactions (for example, information about the staff of a company that will be acquired by a client); and
  • visitors to our website and offices.

Sources of Personal Data

We obtain personal data from a number of sources, including through our website (including website analytics, see Cookies and Similar Technology below), online questionnaires and forms, and other information provided directly to us, including by email or in conversation with our lawyers, legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above, as well as directly from you. In addition, we obtain personal data from third-party sources, such as our clients, other law firms, service providers, and governmental entities.

Information About Other People: If you provide information to us about any person other than yourself, such as your employees, suppliers, shareholders or directors, you must ensure that they understand how their information will be used and disclosed, and that you have lawful grounds to disclose it with us, or that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use and disclose it as set forth above.

Processing of Personal Data

The laws in certain jurisdictions require companies to disclose the legal ground they rely on to use, process or disclose personal data. To the extent those laws apply, our legal grounds are as follows.

We process the personal data referred to above for the following purposes and on the below legal bases:

  • We use identification information, contact information, job applicant data, billing, financial and payment data, and legal and regulatory compliance data to fulfil a contract, or take steps linked to a contract, including:
    • providing legal services to our clients;
    • verifying your identity;
    • processing payments from you; and
    • communicating with you regarding the legal services provided.
  • We use identification information, contact information, billing, financial and payment data, job applicant data, event registration or mailing list data, legal and regulatory compliance data, technical information, physical access data and sensitive or regulated personal data as required to conduct our business and pursue our legitimate interests, in particular:
    • providing legal services to our clients, and responding to any comments, feedback or complaints they may send us;
    • promoting our services to clients and potential clients, advising them of news and industry updates, and hosting or administering events;
    • monitoring use of our website, to help us improve and protect our services and website, both online and offline;
    • protecting the security of and managing access to our physical premises;
    • investigating any complaints about our website or our services; and
    • in connection with legal claims, and for compliance, regulatory and investigative purposes.
  • Where necessary, we use identification information, contact information, job applicant data, event registration or mailing list data and technical information on the basis of your consent:
    • to send you direct marketing in relation to our services;
    • to use cookies and similar technologies in accordance with the information below and the information provided to you as to when those technologies are used; and
    • to use personal data that you give us for the purpose we explain at the time you give us such consent.
  • We use identification information, contact information, billing, financial and payment data, legal and regulatory compliance data, technical information, physical access data and sensitive or regulated personal data for other purposes to comply with applicable laws in the local jurisdictions where we operate, regulations, subpoenas, legal process, governmental investigations or inquiries, including:
    • undertaking compliance checks on current and potential clients and other third parties as part of our legal, regulatory and professional obligations (including anti-money laundering obligations);
    • as necessary or appropriate to protect the rights, property, security, and safety of us, our employees, our consumers, our information systems, and the public; and
    • to cooperate with government or law enforcement authorities conducting an investigation.
  • To the extent permitted under applicable law, we use job applicant data in order to take the necessary steps at the request of the job applicant in the context of recruitment prior to entering into a contract or other employment relationship (and, as necessary to comply with legal, regulatory and corporate governance requirements related to our hiring and personnel):
    • to screen identify and evaluate candidates for positions;
    • record-keeping related to the hiring process;
    • analyzing the hiring process and outcomes; and
    • conducting background checks.

Please note that if you are hired by Simpson Thacher, this data will be transferred to our employee records for the purposes of your employment and subject to our policies with respect to the processing of employee data, which will be provided to you upon the commencement of your employment.

We may also use personal data we collect for other purposes that do not conflict with the purposes listed above, to the extent permitted by applicable law.   

In certain circumstances, we will not be able to provide legal services to clients or continue our relationship with you if we are not provided with all relevant personal data.

Marketing Communications and Withdrawing Consent

We may contact you with information about services or events that might be of interest to you. Where necessary in compliance with applicable law, at the time that you provide your personal data to us, you will be given the opportunity to indicate whether or not you agree for us to use your personal data to tell you about such services and events.

You will always be able to withdraw your consent to allow us to process your personal data, although we may still have other legal grounds for processing your data, such as those set out above. In some cases, we are able to send you marketing materials without your prior consent, where we rely on our legitimate interests, but you have an absolute right to opt-out of receiving future marketing materials at any time. You can do this by following the instructions in the email communication you receive, or by contacting us at [email protected].

Disclosure of Your Personal Data

We have the right to disclose your personal data with trusted third parties including:

  • Legal or other advisers, consultants and other professional experts, complainants, correspondents and enquirers, and suppliers and service providers of any of the above, and each of their associated businesses;
  • Business partners, suppliers and sub-contractors in connection with the performance of any contract we enter into with them or you. We take reasonable steps to ensure that our personnel protect your personal data and are aware of their information security obligations; and
  • Analytics and search engine providers that assist us in the improvement and optimization of our website.

We may also disclose or transfer your personal data to third parties:

  • If we sell or buy any businesses or assets or merge any business into or with that of another person, in which case we may disclose your personal data to the prospective counterparty in such transaction and such data may be one of the assets transferred in such transaction;
  • To comply with applicable laws, regulations, subpoenas, legal process, governmental investigations or inquiries, to cooperate with law enforcement, to assert or defend legal claims, and to protect our and others’ rights, property, or safety, in which case we may disclose data to the appropriate law enforcement, regulatory or government agency or other third party; and
  • For the purposes of crime and fraud prevention and remediation, in which case we may disclose data to law enforcement, regulatory or government agencies, independent regulatory bodies and/or other third party.

We do not disclose any personal data to any person other than as described above.

We do not use or disclose sensitive personal data for purposes other than those listed above.

To learn more about the specifics of our disclosure of personal data with third parties under applicable law, please contact us at [email protected] to request such information.

Transfers of Personal Data

Simpson Thacher is an international law firm with multiple offices and affiliated entities across a number of global jurisdictions. As such, personal data may be transferred to a country which may not provide the same protections for personal data as the country in which you reside. In particular, personal data will be transferred to, and processed in or disclosed across computer networks or otherwise with our offices in the United States and, in certain instances, where necessary to provide our services or conduct operations in a given instance, it may be accessed by individuals in our other offices as necessary.

To provide adequate protection for these transfers in accordance with applicable data protection laws, Simpson Thacher has taken all necessary and appropriate measures to protect your personal data and ensure an adequate/equivalent level of protection, including but not limited to executing the appropriate contractual clauses based on and conforming to the European Commission approved standard contractual clauses and the UK Information Commissioner’s International Data Transfer Addendum. To obtain further information on the mechanisms that we have put in place to safeguard the transfer of your personal data, please contact us at [email protected].

See below for additional information on transfers of personal data from the People’s Republic of China.

Your Rights

Depending on where you live, you have various rights with respect to our use, processing and sharing of your personal data. Please note that there are exceptions to some of these rights, so that requests may be denied if, for example, making the information available to you would reveal personal data about another person, or if we are legally prevented from disclosing such information.

  • Access: You may have the right to request a copy of the personal data that we hold about you. You may be entitled to see the personal data held about you.
  • Accuracy: We aim to keep your personal data accurate, current, and complete, but you may have the right to ask that we update any inaccurate information about you. We encourage you to contact us to let us know if any of your personal data is not accurate or changes.
  • Objecting/Deletion: You may also have the right to object to processing of your personal data and to ask us to block, delete or restrict your personal data subject to certain exceptions. If this right applies, once we receive your request and verify your identity, we will delete (and direct our service providers to delete) your personal data from our records and/or where appropriate limit our processing of your personal data as relevant, unless an exception applies under applicable law.
  • Portability: You may have the right to request that your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
  • Withdrawal of Consent: You may have the right to withdraw your consent at any time when consent is relied upon as the legal basis for our processing of your personal data. In some cases, you may also have the right to request that we delete personal data collected on the basis of your previous consent. We note, however, that such withdrawal of consent will not impact the lawfulness of any processing before such withdrawal (please see “Marketing Communications and Withdrawing Consent”, above).
  • Confirmation: You may have the right to request confirmation from us as to whether or not we are processing your personal data.
  • Disclosure: You may have the right to request information about public and private entities to whom we disclose your personal data, where applicable.

To exercise any of the rights described above, please submit a request to us by emailing us at [email protected].

Please note that there may be exceptions to these rights under applicable law.

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal data. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal data or an authorized representative of such person.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We may be unable to comply with your request or provide you with personal data if you do not take the foregoing actions. Making a request does not require you to create an account with us. We will use personal data provided in a request only to verify your identity or authority to make the request.

If you believe that your data protection rights may have been breached, you may have the right to lodge a complaint with the applicable supervisory or regulatory authority. If you believe that we have not complied with applicable data protection laws, you also have the right to lodge a complaint with the local data protection authority. Please click here for a list of the data protection authorities in the European Union (“EU”) member states. If you are in Switzerland, please click here for information on how to contact the Federal Data Protection and Information Commissioner. If you are in the United Kingdom (“UK”), please click here for information on how to contact the Information Commissioner's Office if you would like to lodge a complaint. If you are in Brazil, please click here for information on how to contact the ANPD if you would like to lodge a complaint.

How Long We Keep Your Personal Data

We retain personal data for as long as necessary to provide legal services, conduct operations and in accordance with applicable law, unless we have deleted personal data in response to a request to delete. We may also retain personal data in a de-identified or aggregated form so that it can no longer be associated with an individual person. To determine the appropriate retention period for personal data, we consider various factors such as the amount, nature, and sensitivity of the data, the potential risk of unauthorized access, use or disclosure, the purposes for which we process personal data and applicable legal requirements.

When we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of your request so that we can respect it in future.

Security of Your Personal Data

We protect all personal data we process by implementing appropriate technical and organizational measures to safeguard such information against unauthorized and unlawful processing or accidental loss, destruction or damage. Among other measures, we store personal data in our possession in a secure operating environment or in physical files whose access is restricted to authorized persons only.

Although we adopt security measures in all areas compatible with the nature of the personal data that we process and in line with the best practices available in the market, no electronic data processing is entirely safe from technical failures or possible malicious actions by third parties. We constantly evaluate our security measures and update them as necessary in order to keep in line with best practices.

Cookies and Similar Technologies

What are they?

Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page. Other tracking technologies are also used which are similar to cookies. This can include pixel tags and tracking URLs.

All these technologies are together referred to in this Policy as “Cookies”. Please note that if you delete or disable Cookies from us, you may not be able to access certain areas or features of our website.

How do we use Cookies?

The types of Cookie that we use on our website, and the purposes for which they are used, are set out below:

  • Strictly necessary Cookies: These Cookies are essential to enable you to move around our website and use its features, such as accessing secure areas. Without these Cookies, any services on our website you wish to access cannot be provided.
  • Analytical/performance Cookies: These Cookies collect information about how you and other visitors use our website, for instance, which pages you go to most often, and if you get error messages from web pages. We use data from these Cookies to help test designs and to ensure that a consistent look and feel is maintained on your visit to the website. All information these Cookies collect is aggregated and is used only to improve how a website works.
    • We use Google Analytics, a web analytics service provided by Google, Inc. (“Google”), to track our website usage and activity anonymously. Google Analytics uses Cookies, and the information generated by such Cookies about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information on our behalf for the purpose of evaluating your use of our website, compiling reports on website activity and providing to us other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of Cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (Cookies and IP address) by downloading and installing the browser plug-in available under: https://tools.google.com/dlpage/gaoptout?hl=en-GBM
    • Further information concerning the terms and conditions of use and data privacy can be found at:
      http://www.google.com/analytics/terms/gb.html
      https://www.google.de/intl/en_uk/policies/
  • Functionality Cookies: These Cookies allow our website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These Cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customize. They may also be used to provide services you have asked for, such as watching a video. Additionally, these Cookies can be used to allow an optional service to function. The information these Cookies collect may be anonymized and these Cookies cannot track your browsing activity on other websites.
  • Pixel tags: These are also known as a clear GIF or web beacon. These are invisible tags placed on certain pages of our website but not on your computer. When you access these pages, pixel tags generate a generic notice of that visit. They usually work in conjunction with Cookies, registering when a particular device visits a particular page. If you turn off Cookies, the pixel tag will simply detect an anonymous website visit.
  • Tracking URLs: These are used to determine from which referring website our website is accessed.

What cookies do we use?

The specific Cookies used on our website are as follows:

Category

Cookie Name

Retention period

Provider

 

 

Analytical

_ga_*

1 years

Google

 

 

Analytical

_gat_UA*

Session

Google

 

 

Analytical

_gid

1 day

Google

 

 

Functional

klaro

1 year

Google

 

 

Analytical

nmstat

2 years 9 months

Siteimprove

 

 

Analytical

vuid

2 years

Vimeo

 

 

Functional

__cf_bm

30 minutes

Vimeo

 

 

Functional

lastTeamFilter

Session

STB

 

 

Functional

Functional

Functional

ShoppingCartCode

Lastpagesizeteam

sf_timezoneoffset

6 months

Session

Session

STB

STB

STB

 

 

Strictly necessary

ai_session

30 minutes

Microsoft

 

 

Strictly necessary

ai_user

1 year

Microsoft

 

 

Strictly necessary

ARRAffinity

Session

Microsoft

 

 

Strictly necessary

ARRAffinitySameSite

Session

Microsoft

 

 

Strictly necessary

ASP.NET_SessionId

Session

Microsoft

 

 

 

If you do not want to accept any non-essential Cookies, or only want to allow the use of certain Cookies, you can update your cookie settings at any time by refreshing your browser history and rejecting the placement of Cookies on our website. You can also use your browser settings to withdraw your consent to our use of Cookies at any time and delete Cookies that have already been set.

To find out more about Cookies please visit: www.thenai.org,  www.allaboutcookies.org or www.youronlinechoices.eu, which contain further information about these technologies and online privacy.

Do Not Track

We do not track visitors of the website over time and/or across third party websites to provide targeted advertising and therefore do not respond to Do Not Track (“DNT”) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites, your browser allows you to set the DNT signal so that third parties (particularly advertisers) know you do not want to be tracked. You should consult the help pages of your browser to learn how to set your preferences so that websites do not track you.

ADDITIONAL INFORMATION FOR CALIFORNIA CONSUMERS

The California Consumer Privacy Act or “CCPA,” as amended (Cal. Civ. Code § 1798.100 et seq.) provides consumers who reside in California with certain rights with respect to their personal information (referred to elsewhere in this policy as “personal data”). This subsection concerning the CCPA applies solely to individuals who are residents of the State of California. Any terms defined within the CCPA have the same meaning when utilized within this subsection.

  • Categories of Personal Information Collected: In the past 12 months, we have collected the following categories of personal information: identifiers, characteristics of protected classifications under California or U.S. federal law, professional and employment-related information, education information, commercial information, internet and electronic network activity, inferences, sensitive personal information, and other categories of personal information that relate to or are reasonably capable of being associated with you. For additional details about the personal information we collect, please see “Personal Data We Collect” above.
  • Business or Commercial Purpose for Collecting and Using Personal Information: We collect and use personal information for the purposes described in the “Processing of Personal Data” section above.
  • Categories of Sources of Personal Information: We collect personal information directly from you and from the sources described in the “Sources of Personal Data” section above.
  • Categories of Personal Information Disclosed and Categories of Third-Party Recipients: In the past 12 months, we have disclosed identifiers, employment data, commercial information, and internet and electronic network activity to the following categories of recipients: clients, cloud service providers, consultants, data analytics providers, bar associations, internet service providers, data storage providers, and operating systems and platforms. We also disclosed professional and employment-related information, education information and certain sensitive personal information to clients, cloud service providers and consultants. For additional information on how we disclose personal information, see “Disclosure of Your Personal Data” section above.
  • Sharing and Sales of Personal Information: We do not sell or share your personal information (as “sell” and “share” are defined in the CCPA), though we do disclose personal information to our affiliates, service providers and other vendors as described above. We also do not have actual knowledge that we have sold or shared personal information of minors under age 16.
  • Uses and Disclosures of Sensitive Personal Information: We do not use or disclose your sensitive personal information for purposes that, with limited exceptions, are not necessary in order to provide our products and services as are reasonably expected by an average consumer requesting those goods and services.
  • Retention of Personal Information: Please see “How Long We Keep Your Personal Data” above.

Your Consumer Rights as a California Consumer

Subject to certain limitations, California consumers have the right to (1) request to know more about the categories and pieces of personal information we collect, use, and disclose, (2) request deletion of your personal information, (3) request correction of your personal information, and (4) not to be discriminated against for exercising these rights, including an applicant’s right not to be retaliated against for the exercise of their CCPA rights. California consumers or their authorized agents may make such a request by calling +1 (833) 490-0071 or by emailing us at [email protected]. We will verify your request by asking you to provide information sufficient to confirm your identity, such as your name, email address, and information about your interactions with us. If you would like to use an authorized agent to exercise your rights, we may request evidence that you have provided such agent with power of attorney, or that the agent otherwise has valid signed authority to submit requests on your behalf, and ask that you verify your identity directly with us.

We may not be able to respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

Additionally, you will need to describe your request with sufficient detail to allow us to review, understand, assess, and respond. We will not use the personal information we collect from an individual to determine a verifiable request for any other purpose, except as required or permitted by law.

We will endeavor to respond to a verifiable consumer request within forty-five (45) calendar days of receipt, but we may require an extension of up to forty-five (45) additional calendar days to respond and we will notify you of the need for the extension. 

California’s Shine the Light Law

California Civil Code Section 1798.83, known as the “Shine The Light” law, permits our customers who are California residents to request and obtain from us a list of what personal information (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year and the names and addresses of those third parties. Under Section 1798.83, we currently do not, and have not in the preceding calendar year, disclosed any personal information with third parties for their direct marketing purposes.

ADDITIONAL INFORMATION FOR DATA SUBJECTS IN JAPAN

Simpson Thacher complies with Japanese laws and regulations, including the Act on the Protection of Personal Information of Japan (“APPI”).  This subsection applies to Simpson Thacher’s handling of “personal information” as defined in the APPI in precedence to the other portions of this Notice.

  • Sensitive Personal Information: Notwithstanding the “Processing of Personal Data” section above, we do not collect “sensitive personal information” as defined in the APPI without obtaining your prior consent, unless otherwise permitted under the APPI.
  • Marketing Communications: Notwithstanding the “Marketing Communications and Withdrawing Consent” section above, we only send you marketing communications and materials in accordance with the applicable laws and with your opt-in consent unless otherwise permitted under the applicable laws.
  • Disclosure of Your Personal Information: Notwithstanding the “Disclosure of Your Personal Data” section above, unless otherwise permitted under the APPI (such as when providing information to a service provider or sharing information under a joint-use structure), we do not disclose, sell, provide, share, or transfer your personal information to/with any third party without your prior consent. Simpson Thacher & Bartlett LLP may share your personal information, as referenced in the “Personal Data We Collect” section above, with our affiliated offices in the framework of joint-use for the purposes referred to in the “Processing of Personal Data” section above.In such case, Simpson Thacher & Bartlett LLP is primarily responsible for managing the personal information that is jointly used.

ADDITIONAL INFORMATION FOR DATA SUBJECTS IN HONG KONG

If you are a resident of Hong Kong, you may have certain rights under the Personal Data (Privacy) Ordinance (PDPO). You may write to us at [email protected] to request access to, or correction of, personal information we hold on you.

ADDITIONAL INFORMATION ON TRANSFERS OF PERSONAL DATA FROM THE PEOPLE’S REPUBLIC OF CHINA (“PRC”)

Simpson Thacher is an international law firm with an office in PRC. For the purposes of this notice, PRC does not include the Hong Kong Special Administrative Region (“SAR”), Macao SAR or Taiwan.

Due to the global nature of our operations, we transfer and process personal data outside of the PRC. Where necessary in order to manage client relationships and matters, we transfer the following personal data of our client contacts from our Beijing office to offices in other jurisdictions:

  • Basic personal profile: name, e-mail address, phone number.
  • Personal education and work information: company name.

The overseas recipient of the personal data (the “Overseas Recipient”) is Simpson Thacher & Bartlett LLP, a limited liability partnership registered in New York, USA (registration number 2910754), whose contact address is 425 Lexington Avenue, New York, NY 10017. The Overseas Recipient may use servers in other jurisdictions to process the personal data.

Where viable, we take reasonable precautions to ensure that personal data transferred out of the PRC receives an adequate level of protection and is treated consistently with PRC data protection laws. In addition, we take necessary measures required by PRC data protection laws. The Overseas Recipient will only retain your personal data for the minimum necessary retention period, unless otherwise required by applicable laws.

If your data is transferred out of the PRC, you may have certain rights (please see the section (Your Rights) above). Under our Standard Contract for Cross-border Transfer of Personal Data, you may also be considered a third-party beneficiary and, if you do not expressly refuse within 30 days of your acceptance of this Notice, be entitled to exercise certain third-party beneficiary rights. To exercise these rights, please email [email protected].

Changes to our Privacy Notice

Any changes we may make to our Notice in the future will be posted on this page and/or, where required by law or regulation, notified to you by e-mail.

Governing Law and Forum

To the extent required by applicable data protection laws, this Notice shall be governed by the laws of the applicable jurisdiction and any dispute relating to this Notice shall be resolved in the applicable courts. In all other cases, the laws of the State of New York govern this Notice and any dispute relating to this Notice shall be resolved in the state or federal court with competent jurisdiction in New York County, New York. If any provision of this Notice is held to be unenforceable, such provision will be reformed only to the extent necessary to make it enforceable.

If you have any questions or comments about this Notice, you can email us at [email protected] or write to us at Simpson Thacher & Bartlett LLP, Attn: Office of the General Counsel, 425 Lexington Avenue, New York, New York 10017.