Cravath, Swaine & Moore LLP and our international office in London (together, “Cravath”, “we”, “us” and “our”) are committed to respecting your privacy. This includes dealing with your personal information responsibly and in accordance with the requirements of applicable data protection laws, and employing appropriate security measures to protect your personal information.
This privacy notice (this “Notice”) describes the ways in which we collect, use and share the personal information you provide to us, or that we otherwise collect or receive in the course of operating our business and our websites, cravath.com and alumni.cravath.com. It also sets out how we store and protect such information, and describes certain rights you may have with respect to the personal information that we hold about you.
“Personal information” is any information in our possession or control that can be used to identify you or that we can link to you. Such personal information may include:
Information that you provide to us. We will process personal information that you give to us, including under the following circumstances:
Signing up for services on our website or otherwise contacting us including through email: When you sign up for newsletters, webinars or events, or when you contact us with queries or respond to our communications, the personal information you provide may include your full name, title, telephone number, email address, the content, date and time of your email or other correspondence, and information about your employer or your business.
Our provision of legal services: If you are a client of Cravath, you will provide us with personal information when you or the organization you represent becomes a client, and as necessary in the course of our providing legal services. If you are not a client, you may provide us with your personal information because you attend meetings at our offices or otherwise are involved in one of our clients’ matters.
Recruitment applications and employment: When you apply for or accept a role with us, you may provide us with your full name, date of birth, nationality, education and qualification details, gender, resume, CV, photograph, passport details, bank account details, marital status, home address, home telephone number, mobile telephone number and other details set out in your application.
Alumni program: When you register for our alumni program, you may provide us with details such as your name, email address, postal address and employment details.
Information we otherwise collect or generate about you. We will collect information about you when you use our services or when we otherwise interact or correspond with you. We use various technologies to collect and store information when you visit our website. We may, for example, collect information about the type of device you use to access our website, your IP address and your geographic location, the operating system and version of your device, your browser type, the content you view and features you access on our website, and the search terms you enter on our website.
Information we obtain from third parties. We may request or otherwise receive your personal information from third parties in certain circumstances, including:
If you apply for a position with us, we may collect personal information relating to your employment history, qualifications and education, opinions from third parties about you, and other details, which will be provided to us by a third party that provides background screening services to us.
In the context of our client acceptance procedures, our provision of legal services, or otherwise in the course of our business, we may receive your personal information from third parties such as your employer, our service providers and business partners, other parties relevant to the services we are providing (e.g., counterparties in transactions), regulators and authorities, and others. That information could include your name, contact details, employment details and other information relevant to the legal services that we are providing.
If you have a relationship with any of our clients or any member of our staff, they may provide us with your personal information, including your name, contact details, marital status and other details.
The personal information that you provide to us or that we collect from you may include sensitive personal information (or “special category” personal information), such as information relating to your nationality.
We may use your personal information in a number of ways, including:
to provide legal services to our clients;
to manage our business and commercial relationships with our clients, suppliers and vendors;
to engage in marketing and business development activities in relation to the services we provide, including sending you newsletters, legal updates, marketing communications and other information that may be of interest to you (you may choose at any time not to receive marketing materials from us by emailing us at firstname.lastname@example.org);
to review and process your job application when you have applied for a position with us;
to comply with our legal and regulatory obligations, or to establish, exercise or defend our legal rights;
to manage and analyse usage and performance of our websites or our other online services;
to improve the services we offer;
to respond to any requests, or investigate any complaints you may have, or to notify you about any changes to our services or our website; and
to prevent and respond to actual or potential fraud or illegal activities.
We rely on one or more of the following legal grounds for using your personal information in these ways:
we have your consent;
we need to in order to take steps to enter into a contract with you or to perform our obligations under a contract with you, including a contract to provide legal services;
we need to in order to comply with our legal and regulatory obligations, or to establish, exercise or defend our legal rights; or
it is required for our legitimate business interests, some examples of which are listed in the ‘Uses of your personal information’ section, above.
We share personal information among our offices, including our offices in New York and London, as well as any office(s) we may open in the future.
We may also share your personal information with third parties outside of Cravath, including:
third party agents or contractors that are subject to confidentiality requirements, in connection with the processing of your personal information for the purposes described in this Notice (this may include, for example, IT and communications service providers, or suppliers or vendors who provide support services to us);
third parties relevant to the legal services that we provide, including counterparties to transactions or litigation, other professional service providers, regulators, authorities, governmental institutions and stock exchanges; and
regulatory authorities, courts, tribunals, government agencies or law enforcement agencies to the extent required by law, regulation or court order (for example, if we are under a duty to disclose your personal information in order to comply with any legal obligation, or where we need to establish, exercise or defend our legal rights).
The information sharing described above may involve a transfer of your personal information from a location within the European Economic Area (the “EEA”) to outside the EEA, or from outside the EEA to a location within the EEA.
Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how we protect your personal data in the EEA:
the country that we send the data to might be approved by the European Commission;
the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme.
We will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. Model contractual clauses are in place between all Cravath offices and you can obtain more details on the transfer of your personal data outside the EEA (including a copy of the model contractual clauses) by contacting us in accordance with the “How to contact us” section below.
How long we retain your personal information will vary depending on a number of factors, including:
the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose;
legal obligations – laws or regulations may set a minimum period for which we have to keep your personal information.
We have put in place various technical and organizational measures intended to protect your personal information from unauthorized access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
Independent auditors, who confirm and certify our operations, review these measures periodically. Accordingly, we operate an Information Security Management System which complies with the requirements of the internationally recognized information technology security standard ISO/IEC 27001:2013, certificate #IS 595233.
If you are a client of Cravath, electronic communications between you and us, including via our website, may be treated as legally privileged, as attorney work product or otherwise confidentially under applicable rules of professional responsibility. Nothing in this notice is intended to affect such protections for existing clients. If you are not a client of Cravath, your communications with us are not eligible for such protections except for certain limited special circumstances.
Subject to the provisions of local laws and regulations from time to time, you have, or may have, certain legal rights in relation to the personal information that we hold about you, which you can exercise (to the extent applicable) by contacting us as set out below.
As such, you may be entitled, in certain circumstances:
to request details regarding our processing of your personal information, and access to the personal information that we hold about you;
to withdraw your consent to our processing of your personal information;
to receive certain personal information (to the extent you have previously provided it to us) in a structured, commonly used and machine-readable format where this is technically feasible;
to request that we correct your personal information if it is inaccurate or incomplete;
to request that we erase your personal information;
to request that we restrict our processing of your personal information;
to stop unauthorized transfers of your personal information to a third party, or to have your personal information transferred to a third party; and
to lodge a complaint with the relevant data protection authority if you think that any of your rights have been infringed by us.
Please note that these rights may not be absolute. For example, if you withdraw your consent to our processing of your personal information, or request that we restrict such processing, we may still be entitled to process your personal information if we have other legal grounds for doing so. We may also be entitled to refuse certain requests for access to copies of personal information, particularly information that is subject to legal privilege, or requests to erase your personal information if we are otherwise legally entitled or required to retain it.
We regularly review this Privacy Notice. Any future changes will be reflected with an updated version of this Privacy Notice which will be available on our website.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information, or would like to discuss your entitlement to, or exercise of, any of the rights listed above, please email us at email@example.com