Updated: April 1, 2024

Introduction

In this Notice, “King & Spalding” refers to King & Spalding LLP, a limited liability partnership under the laws of Georgia, U.S., and other affiliated limited liability entities, organized under the laws of the United Kingdom, Singapore, and Delaware, U.S.

This Privacy Notice describes the ways in which we collect, manage, store, and dispose of data relating to individuals. We may amend or update it from time to time. We encourage you to read this Privacy Notice.

King & Spalding is the data controller of the Personal Information we process which originates in various jurisdictions--including the European Union (EU), the Abu Dhabi Global Market (ADGM), the Dubai International Finance Centre (DIFC), the United Kingdom (UK), and Japan-- and is therefore responsible for ensuring that systems and processes we use are compliant with applicable data protection laws.

For additional information about your rights and choices under applicable law, please review “Your Rights.”

What Personal Information We Collect

For purposes of this Privacy Notice, “Personal Information” means any information that, by itself or in combination with other information, identifies, relates to, describes, references, is capable of being associated with, or can reasonably be linked, directly or indirectly, to an individual, a device, or a household. Personal Information does not include information that is anonymized, publicly available information from government records, deidentified or aggregated data subject information, information excluded from relevant data protection law by preemption by sector-specific privacy laws. The Personal Information King & Spalding collects may include, but is not limited to: Contact Information, Applicant Information, Employment Information, Compliance Data, Client Service Data, Marketing Information, Technological Information, Special Categories of Personal Data, other Sensitive Personal Information, and Other Data.

When we process Special Categories of Personal Data or Sensitive Personal Information, our legal basis is compliance with applicable law; detection and prevention of crime; establishment, exercise, or defense of legal rights; to fulfill a contract; or explicit consent.

How and Why We Collect Personal Information

We collect Personal Information from many sources. It may come directly from individuals (data subjects), indirectly from individuals (i.e., interactions with the website), or from clients, colleagues, and publicly available sources.

As a law firm, we regularly receive Personal Information in connection with the provision of our services and as part of our professional activities. For example, we may collect Personal Information:

• As part of our business intake procedures;
• When processing employee human resources Personal Information;
• When clients and prospective clients seek legal advice;
• When providing legal services to our clients (in connection with which we provide our clients in various jurisdictions, including the EU, the UK, the ADGM, the DIFC, and Japan, with additional information about how we process Personal Information);
• That is publicly available (e.g., social media);
• When it is required for the provision of services from our vendors;
• When individuals browse or interact with our website or use any of our online services, including registration details when you use, or register to use, any of our Sites, Apps, or services;
• From third parties who provide it to us;
• In carrying out our business, including records of interactions or correspondence with the Firm, including your attendance and participation at events or meetings we hold (including when we record such events or meetings, of which you will be provided notification, where applicable);
• In connection with any application for employment or interviews if you apply for a role with us and take part in an interview or selection process; and
• When individuals email us or provide Personal Information to us in other circumstances, such as requesting details about or attending and participating in a firm sponsored event or engaging with the alumni or careers portal.

We collect Personal Information, among other reasons, for:

1. Providing legal services and responding to requests for legal services;
2. Managing our business relationships, including billing, accounting, collection, and support services;
3. Providing information relating to our services either in response to specific requests or generally to develop our business;
4. Processing employment applications;
5. Invoicing for our services and obtaining payment;
6. Responding to complaints;
7. Meeting our legal and regulatory obligations;
8. Making appropriate business development plans to better support our clients’ needs for legal services;
9. Preventing, detecting, and responding to fraud or potential fraud or other illegal activities;
10. Improving the functionality of our website and other IT services;
11. Leveraging communications data from our Exchange server, including Outlook, to maintain a repository of business contacts and run analytics on metadata which advance our business development initiatives; and
12. Processing employee data.
    
    

How We Use Personal Information

King & Spalding will use Personal Information only as set out in this Privacy Notice, as well as other purposes for which you give your consent. King & Spalding will not collect additional categories of Personal Information or use the Personal Information we collected for materially different, unrelated, or incompatible purposes without providing you notice. 

This includes, but is not limited to, the following purposes and legal bases for processing Personal Information. We may rely on one or more legal bases for processing Personal Information. When we rely upon our legitimate interests, we will balance any impact on you and your privacy rights and will not use your Personal Information where the impact on you would override our rights, unless we are otherwise permitted by law to process your Personal Information.

Internal Personal Information Sharing

King & Spalding is a global firm and a list of our offices, together with relevant contact information, may be found on our website. Irrespective of how we obtain your Personal Information, it may be shared among all the offices within King & Spalding (jurisdictions include the European Economic Area (“EEA”), the ADGM, the DIFC, Japan, and the UK) for the purposes outlined above.

Whom We Disclose Personal Information To

We may retain other companies and individuals to perform functions on our behalf. Such third parties may be provided with access to Personal Information to perform the functions for which they have been retained. Our agreements with these third parties will describe the purpose of the processing, will not permit them to use Personal Information for any purposes other than as is required to perform the function for which they have been retained and will commit them to comply with applicable data privacy standards. We also enter into data processing agreements and model clauses with our vendors and clients whenever required and appropriate. 

Third parties may include, but are not limited to: 

• Providers of data services such as website hosting, data hosting, and SaaS tools;
• Outsourced IT and Data Quality service providers;
• Financial institutions;
• Benefits and Human Resources service providers;
• Professional services providers;
• Building and facilities services;
• Shipping or direct mail organization;
• Event partners and sponsors;
• Paper-based service providers (i.e., storage, shredding, courier, printer, etc.);
• Parties assisting us in recruitment and staffing, including contractors;
• Our auditors and professional advisers;
• Our professional indemnity insurers;
• Travel service providers;
• Our clients, as it relates to our professional services offering;
• Other people in your organization; and
• Regulators and public bodies, including in connection with tax and VAT payments, compliance with obligations relating to the prevention and reporting of financial crime and compliance with other applicable laws.

We may also disclose any information, including Personal Information, as we deem necessary, in our sole discretion, to comply with a subpoena, any applicable law, regulation, legal process or governmental request.

How We Protect Personal Information

King & Spalding has appropriate physical, technical, and administrative safeguards in place designed to protect your Personal Information from loss, misuse, unauthorized access, disclosure, alteration, or destruction. You should keep in mind, however, that no Internet transmission is ever 100% secure or error-free. In particular, e-mail sent to or from our website may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Please also read our Disclaimer before sending any information to us. Moreover, where you use passwords, ID numbers, or other special access features to access our website, it is your responsibility to safeguard them.

How Long We Retain Personal Information

Personal Information will be retained by King & Spalding for as long as the information is required to fulfill our legitimate business needs or the purposes for which the information was collected, or for as long as is required by law.

International Data Transfers

Our servers are either located in the United States or, if located in other countries, may be accessed from the United States. Please note that in countries outside your own country, and in particular outside the EU, the EEA, the ADGM, the DIFC, Japan, and the UK standards of data protection might apply which are different from those which apply in your own country.

By sharing Personal Information with King & Spalding, including via our website, you acknowledge and consent that your data may be transferred across national borders.

To govern our transfers of Personal Information from the EU, the EEA, the ADGM, the DIFC, Japan, and the UK to recipients in our offices outside those jurisdictions, we have entered into the standard data protection clauses adopted by the European Commission, the UK, and other applicable jurisdictions (“Data Transfer Agreement”). We are happy to provide you with a copy of our Data Transfer Agreement upon request.

California Residents

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (CPRA) of 2020, provides California residents with several consumer privacy rights. These rights include:

• Right to Access
• Right to Correct
• Right to Delete
• Right to Opt-Out of Automated Decision-Making (certain industries)
• Right to Opt-Out of the Selling or Sharing of Personal Information
• Right to Limit the Use of your Sensitive Personal Information
• Right to Non-Discrimination

You can access our “CPRA Privacy Policy” by clicking here.
You can access our “Job Applicant, Employee, and Contractor  Privacy Policy” by clicking here.
You can access our “CPRA Notice of Collection” by clicking here. 
You can submit your CPRA individual requests by clicking here.

Texas Residents

The Texas Data Privacy and Security Act of 2023, provides Texas residents with several consumer privacy rights. These rights include:

• Right to Access
• Right to Correct
• Right to Delete
• Right to Data Portability
• Right to Opt-Out of the Processing of Personal Data for the purposes of:
• Targeted Advertising
• Selling (for both monetary and other valuable considerations)
• Use of Automated Decision-making, to include Profiling (“In the furtherance of a decision that produces a legal or similarly significant effect”)

You can access our “TDPSA Privacy Notice” by clicking here.
You can submit your TDPSA individual requests by clicking here. 

Web Tracking

Cookies

A "cookie" is an element of data that a website can send to your browser, which may then be stored on your system. King & Spalding uses different kinds of cookies on the Site. For detailed information please see our Cookie Notice.

Do-Not-Track Signals

Your browser may allow you to send "do-not-track" requests to websites you visit. If you enable this feature and your browser sends a "do-not-track" request, the Site will respond by deactivating all nonessential cookies set on the Site.

Google Services

On the Site, King & Spalding uses several services provided by Google:

Google Analytics

This Site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”).

Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Please note that, for the Site, we activated the IP anonymization, i.e., Google will truncate/anonymize the last octet of your IP address to ensure an anonymized collection of IP addresses (IP Anonymization). In exceptional cases only, the full IP address is sent to and shortened by Google servers in the USA.

On behalf of the website provider, Google will use this information for the purpose of evaluating your use of the Site, compiling analytics, demographics, and interest reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore, you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available here.

Further information about how Google uses advertising cookies can be found here.

Google Maps

Additionally, because we use visual mapping services on the Site, please be aware that the Google Maps/Earth Terms of Service, including the Google Privacy Notice also applies.

Third Party Sites

Our Site may contain links to other third-party sites. When you click on one of these links you are visiting a website operated by someone other than King & Spalding, and the operator of that website may have a different privacy notice. King & Spalding is not responsible for their individual privacy practices. We encourage you to investigate the privacy notices of these third-party operators.

Revisions to This Privacy Notice

King & Spalding reserves the right to change this Privacy Notice at our discretion and at any time. Please check this Privacy Notice regularly. When we make changes to this privacy notice, we will post the updated notice on the Website and update the notice’s effective date. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

Contact

King & Spalding has a Chief Privacy Officer and an EMEA Data Protection Officer. You may contact them at dataprivacy@kslaw.com if you want to read more about King & Spalding’s personal data policies or practices.

You can submit your individual requests in the “Submit Your Request” section by clicking here.

The Site is owned and operated by King & Spalding LLP.