Updated: March 31, 2023
In this Notice, “King & Spalding” refers to King & Spalding LLP, a limited liability partnership under the laws of Georgia, U.S., and other affiliated limited liability entities, organized under the laws of the United Kingdom, Singapore, and Delaware, U.S.
This Privacy Notice describes the ways in which we collect, manage, store and dispose of data relating to individuals. We may amend or update it from time to time. We encourage you to read this Privacy Notice.
King & Spalding is the data controller of the Personal Information we process which originates in various jurisdictions--including the European Union (EU), the Abu Dhabi Global Market (ADGM), the Dubai International Finance Centre (DIFC), the United Kingdom (UK), and Japan-- and is therefore responsible for ensuring that systems and processes we use are compliant with applicable data protection laws.
For additional information about your rights and choices under applicable law, please review “Your Rights."
For purposes of this Privacy Notice, “Personal Information” means any information that, by itself or in combination with other information, identifies, relates to, describes, references, is capable of being associated with, or can reasonably be linked, directly or indirectly, to an individual, a device, or a household. Personal Information does not include information that is anonymized, publicly available information from government records, deidentified or aggregated data subject information, information excluded from relevant data protection law by preemption by sector-specific privacy laws. The Personal Information King & Spalding collects may include, but is not limited to: Contact Information, Applicant Information, Employment Information, Compliance Data, Client Service Data, Marketing Information, Technological Information, Special Categories of Personal Information, and Other Data.
When we process Special Categories of Personal Information, our legal basis is compliance with applicable law; detection and prevention of crime; establishment, exercise or defense of legal rights; to fulfill a contract; or explicit consent.
We collect Personal Information from many sources. It may come directly from individuals (data subjects), indirectly from individuals (i.e. interactions with the website), or from clients, colleagues and publicly available sources.
As a law firm, we regularly receive Personal Information in connection with the provision of our services and as part of our professional activities. For example, we may collect Personal Information:
We collect Personal Information, among other reasons, for:
King & Spalding will use Personal Information only as set out in this Privacy Notice, as well as other purposes for which you give your consent. King & Spalding will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
This includes, but is not limited to, the following purposes and legal bases for processing Personal Information. We may rely on one or more legal bases for processing Personal Information. When we rely upon our legitimate interests, we will balance any impact on you and your privacy rights and will not use your Personal Information where the impact on you would override our rights, unless we are otherwise permitted by law to process your Personal Information.
King & Spalding is a global firm and a list of our offices, together with relevant contact information, may be found on our website. Irrespective of how we obtain your Personal Information, it may be shared among all the offices within King & Spalding (jurisdictions include the European Economic Area (“EEA”), the ADGM, the DIFC, Japan, and the UK) for the purposes outlined above.
We may retain other companies and individuals to perform functions on our behalf. Such third parties may be provided with access to Personal Information to perform the functions for which they have been retained. Our agreements with these third parties will describe the purpose of the processing, will not permit them to use Personal Information for any purposes other than as is required to perform the function for which they have been retained and will commit them to comply with applicable data privacy standards. We also enter into data processing agreements and model clauses with our vendors and clients whenever required and appropriate.
Third parties may include, but are not limited to:
We may also disclose any information, including Personal Information, as we deem necessary, in our sole discretion, to comply with a subpoena, any applicable law, regulation, legal process or governmental request.
King & Spalding has appropriate physical, technical, and administrative safeguards in place designed to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. You should keep in mind, however, that no Internet transmission is ever 100% secure or error-free. In particular, e-mail sent to or from our website may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Please also read our Disclaimer before sending any information to us. Moreover, where you use passwords, ID numbers, or other special access features to access our website, it is your responsibility to safeguard them.
Personal Information will be retained by King & Spalding for as long as the information is required to fulfill our legitimate business needs or the purposes for which the information was collected, or for as long as is required by law.
Our servers are either located in the United States or, if located in other countries, may be accessed from the United States. Please note that in countries outside your own country, and in particular outside the EU, the EEA, the ADGM, the DIFC, Japan, and the UK standards of data protection might apply which are different from those which apply in your own country.
By sharing Personal Information with King & Spalding, including via our website, you acknowledge and consent that your data may be transferred across national borders.
To govern our transfers of Personal Information from the EU, the EEA, the ADGM, the DIFC, Japan, and the UK to recipients in our offices outside those jurisdictions, we have entered into the standard data protection clauses adopted by the European Commission, the UK, and other applicable jurisdictions (“Data Transfer Agreement”). We are happy to provide you with a copy of our Data Transfer Agreement upon request.
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020, provides California residents with several consumer privacy rights. These rights include:
You can access our “CPRA Notice of Collection” by clicking here.
You can submit your CPRA individual requests by clicking here.
A "cookie" is an element of data that a website can send to your browser, which may then be stored on your system. King & Spalding uses different kinds of cookies on the Site. For detailed information please see our Cookie Notice.
Your browser may allow you to send "do-not-track" requests to websites you visit. If you enable this feature and your browser sends a "do-not-track" request, the Site will respond by deactivating all nonessential cookies set on the Site.
On the Site, King & Spalding uses several services provided by Google:
This Site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Please note that, for the Site, we activated the IP anonymization, i.e., Google will truncate/anonymize the last octet of your IP address to ensure an anonymized collection of IP addresses (IP Anonymization). In exceptional cases only, the full IP address is sent to and shortened by Google servers in the USA.
On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the Site, compiling analytics, demographics and interest reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.
Further information about how Google uses advertising cookies can be found here.
Additionally, because we use visual mapping services on the Site, please be aware that the Google Maps/Earth Terms of Service, including the Google Privacy Notice also applies.
Third Party Sites
Our Site may contain links to other third-party sites. When you click on one of these links you are visiting a website operated by someone other than King & Spalding, and the operator of that website may have a different privacy notice. King & Spalding is not responsible for their individual privacy practices. We encourage you to investigate the privacy notices of these third-party operators.
King & Spalding reserves the right to change this Privacy Notice at our discretion and at any time. Please check this Privacy Notice regularly. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our Website following the posting of changes constitutes your acceptance of such changes.
King & Spalding has a Chief Privacy Officer and an EMEA Data Protection Officer. You may contact them at firstname.lastname@example.org if you want to read more about King & Spalding’s personal data policies or practices.
You can submit your individual requests in the “Submit Your Request” section by clicking here.
The Site is owned and operated by King & Spalding LLP.