Privacy Notice
Updated: June 5, 2025
In this Notice, “King & Spalding,” “we,” and “us” refers to King & Spalding LLP, a limited liability partnership under the laws of Georgia, U.S., and other affiliated entities.
This Privacy Notice describes the ways in which we process Personal Information. We may amend or update it from time to time. We encourage you to read this Privacy Notice.
King & Spalding is the data controller of the Personal Information we process which originates in various jurisdictions—including, among others, the United States, the European Union (EU), the Abu Dhabi Global Market (ADGM), the Dubai International Finance Centre (DIFC), the United Kingdom (UK), Singapore, the Kingdom of Saudi Arabia, Australia, and Japan, and is therefore responsible for processing Personal Information in compliance with applicable data protection laws.
For additional information about your rights and choices under applicable law, please review “Your Rights.”
For purposes of this Privacy Notice, “Personal Information” means any information that, by itself or in combination with other information, identifies, relates to, describes, references, is capable of being associated with, or can reasonably be linked, directly or indirectly, to an individual, a device, or a household. Personal Information does not include information that is anonymized, or information otherwise excluded from relevant data protection laws. The categories of Personal Information King & Spalding collects may include Contact Information, Applicant Information, Employment Information, Compliance Data, Client Service Data, Marketing Information, Technological Information, Special Categories of Personal Data, other Sensitive Personal Information, and Other Data, all as described in more detail in the table below:
When we process Special Categories of Personal Data or Sensitive Personal Information, our legal basis is compliance with applicable laws and our professional obligations; detection and prevention of crime; establishment, exercise, or defense of legal rights; performance of a contract; or your explicit consent.
We collect Personal Information from many sources. It may come directly from individuals (data subjects), indirectly from individuals (i.e., interactions with the website), or from clients, colleagues, and publicly available sources.
As a law firm, we regularly receive Personal Information in connection with the provision of our services and as part of our professional activities. For example, we may collect Personal Information:
We will process Personal Information only for the purposes set out below, as well as other purposes for which you give your consent. We will not process the Personal Information we collected about you for materially different, unrelated, or incompatible purposes without providing you notice or, where required by law, obtaining your consent.
When processing your Personal Information under the EU General Data Protection Regulation (EU GDPR), we may rely on one or more lawful bases, including, not by way of limitation, our legitimate business interests. Legitimate business interests involves processing activities that are necessary for our business operations and objectives, provided that these activities do not adversely affect your fundamental freedoms and rights. In determining whether legitimate business interests apply, we carefully evaluate and document our rationale.
Specifically, we consider the necessity and proportionality of the processing, and we are transparent in communicating how we use your Personal Information. We also assess whether our interests appropriately balance with your data protection rights and expectations. We will not process your Personal Information under the legitimate business interests ground if our interests are overridden by potential risks to your individual privacy, or if you object to our processing of your Personal Information.
We may disclose Personal Information to the following categories of third parties:
We may also disclose any information, including Personal Information, as we deem necessary, in our sole discretion, to comply with a subpoena, any applicable law, regulation, legal process or governmental request.
King & Spalding has appropriate physical, technical, and administrative safeguards in place designed to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. You should keep in mind, however, that no Internet transmission is ever 100% secure or error-free. In particular, e-mail sent to or from our website may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Please also read our Disclaimer before sending any information to us.
Personal Information will be retained by King & Spalding for as long as the information is required to fulfill our legitimate business needs or the purposes for which the Personal Information was collected, or for as long as is required by law.
King & Spalding is a global firm and a list of our offices, together with relevant contact information, may be found on the Site. Irrespective of how we obtain Personal Information about you, it may be shared among all the offices within King & Spalding for the purposes outlined above.
Our servers are either located in the United States or, if located in other countries, may be accessed from the United States. Please note that in countries outside your own country, standards of data protection might apply which are different from those which apply in your own country.
By sharing Personal Information with King & Spalding, including via our website, you acknowledge and consent that Personal Information about you may be transferred across national borders.
To govern our transfers of Personal Information between our offices and affiliated entities, and transfers of Personal Information to our service providers, we have entered into the standard data protection clauses adopted by the European Commission, the UK, and other applicable jurisdictions (“Data Transfer Agreement”).
The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020, provides California residents with several consumer privacy rights. These rights include:
You can access our “CPRA Privacy Policy” by clicking here.
You can access our “Job Applicant, Employee, and Contractor Privacy Policy” by clicking here.
You can access our “CPRA Notice of Collection” by clicking here.
You can submit your CPRA individual requests by clicking here.
Depending on the country or U.S. state in which you reside, you may have various rights relating to Personal Information about you. These rights include:
Residents of certain jurisdictions and their authorized agents can submit requests to exercise their rights described above for our review.
We may request additional information to verify the authenticity of your request, including confirming Personal Information that you have already provided to us, or potentially requesting additional Personal Information. We will provide you with confirmation of our receipt of your request within 10 business days. We will work diligently to satisfy your request without undue delay, but no later than 45 calendar days. We may request up to an additional 45 calendar days to honor your request, depending on its complexity. For residents of the European Economic Area and the United Kingdom, we will respond within 30 calendar days except where the request is particularly complex, in which case the period may be extended. Consumers intending to exercise their rights described above should submit a verifiable request to us by either: Calling us toll-free at 1-833-795-0354; or by Clicking here, or via e-mail at dataprivacy@kslaw.com.
If we deny any of your rights granted under privacy laws, you may have the right to appeal the decision with us. If you would like to appeal a prior decision, please e-mail us and include ‘Appeal’ in the subject line, along with the prior request and related communications. We will notify you in writing of any action taken or not taken in response to your appeal not later than the 60th day after receiving your appeal. We will include a written explanation of the reason or reasons for our decision. You can send your appeal to us following the instructions located below, in the “Contacting Us” section. Additionally, you may contact the Attorney General or the supervisory authority of the state or country in which you reside if you have concerns about the results of the appeal.
You may file a complaint with an EU/EEA data protection authority for your country or region where you reside or where an alleged infringement of applicable data protection law occurs, or with the UK Information Commissioner's Office (where you are based or where an alleged infringement of applicable data protection law took place in the United Kingdom). A list of EU/ EEA data protection authorities is available at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080. Details for the UK Information Commissioner's Office are available online at https://ico.org.uk/make-a-complaint/.
Cookies
A "cookie" is an element of data that a website can send to your browser, which may then be stored on your system. King & Spalding uses different kinds of cookies on the Site. For detailed information please see our Cookie Notice.
Do-Not-Track Signals
Your browser may allow you to send "do-not-track" requests to websites you visit. If you enable this feature and your browser sends a "do-not-track" request, the Site will respond by deactivating all nonessential cookies set on the Site.
Google Services
On the Site, King & Spalding uses several services provided by Google:
Google Analytics
This Site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).
Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Please note that, for the Site, we activated the IP anonymization, i.e., Google will truncate/anonymize the last octet of your IP address to ensure an anonymized collection of IP addresses (IP Anonymization). In exceptional cases only, the full IP address is sent to and shortened by Google servers in the USA.
On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the Site, compiling analytics, demographics, and interest reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.
You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here.
Further information about how Google uses advertising cookies can be found here.
Google Maps
Additionally, because we use visual mapping services on the Site, please be aware that the Google Maps/Earth Terms of Service, including the Google Privacy Notice also applies.
Third-Party Sites
Our Site may contain links to other third-party sites. When you click on one of these links you are visiting a website operated by someone other than King & Spalding, and the operator of that website may have a different privacy notice. King & Spalding is not responsible for their individual privacy practices. We encourage you to investigate the privacy notices of these third-party operators.
King & Spalding reserves the right to change this Privacy Notice at our discretion and at any time. Please check this Privacy Notice regularly. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.
King & Spalding has a Chief Privacy Officer and an EMEA Data Protection Officer. You may contact them at dataprivacy@kslaw.com. You can submit your individual requests in the “Submit Your Request” section by clicking here. You can download the Privacy Notice by clicking here.
The Site is owned and operated by King & Spalding LLP.