Privacy Statement

Skadden, Arps, Slate, Meagher & Flom LLP and Affiliates (collectively, “Skadden,” the “Firm,” “we,” “us,” or “our”) is committed to safeguarding the privacy of visitors to our website, contacts for our clients and prospective clients, contacts for suppliers of goods and services to the Firm, candidates for employment or engagement, and any other individuals about whom the Firm obtains personal information (each, “you”).  Please read the following statement, which sets out the principles governing the Firm’s use of personal information that we may obtain about you, to understand how the Firm collects, uses, and otherwise processes your personal information as well as the rights that you have in relation to our processing of that information (the “Privacy Statement”).  In this Privacy Statement, “personal information” means information that (either in isolation or in combination with other information held by the Firm) enables you to be identified or recognized.  With respect to California residents, references to “personal information” in this Privacy Statement means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, subject to certain exceptions set forth in the California Consumer Privacy Act of 2018 (the CCPA), as amended. 

Skadden is the data controller in relation to any personal information that the Firm processes about you and is responsible for ensuring that such processing complies with applicable data protection laws, including the European Union General Data Protection Regulation (the “GDPR”) and the CCPA. Your privacy is important to us. Please be aware that Firm personnel are required to comply with the Firm’s data privacy practices as set out in this Privacy Statement and other data privacy-related Firm policies.

Please click on the link below for the contact details of Skadden’s offices and affiliated entities in your jurisdiction: https://www.skadden.com/locations.

If you have any comments or questions in connection with this Privacy Statement, or for further information on our processing activities and your rights in relation to your personal information, please contact us via email at DataProtection@skadden.com or by post to Data Protection, Skadden, Arps, Slate, Meagher and Flom LLP, One Manhattan West, New York, NY 10001-8602.

Information Collection

Although you are not required to provide any personal information on the public areas of our website, you may choose to do so by completing the job application forms or the newsletter sign-up form. Should you do so, we may, for example, keep a record of your name, email address, and any other information you voluntarily provide to us.

Additionally, we may collect the following categories of personal information from you in the course of business, including through your use of the website, when you contact or request information from us, when we provide services to you or receive services from you:

  • Identification data, such as name, gender, title, job title, or address.
  • Contact information, including your phone number(s), email address and social media account or handle where appropriate.
  • Financial data, such as bank account information and invoicing details.
  • Event registration or mailing list data, such as dietary requirements (which may reveal information about your health or religious beliefs), preferences and interests, subscriptions, downloads, and usernames/passwords.
  • Job applicant data, such as identification data and contact information, resumé and other data provided by you or third parties (e.g., recruiters) on our website, online recruitment portal (where applicable) or offline in connection with job openings, which may be subject to additional local requirements based on the country for which the position is advertised.
  • Legal and regulatory compliance data as required for purposes such as know your client, anti-money laundering, and market abuse regulations requirements, or as part of our client onboarding process, which may include passport or other identification data, date of birth, home address, and other due diligence data.
  • Other service data, such as personal information relevant to the provision or receipt of services, in relation to any of your employees, customers or vendors, and client feedback.
  • Cookie and device data, such as information about your visit of our website, Internet Protocol address, device identifier, browser type and version, operating system and network, location and time zone setting.

We may supplement the information that you provide to us with information that we receive or obtain from other sources, such as from our staff or personnel, clients, professional advisers, partners, and agents of Skadden, third parties with whom we interact, and publicly available sources.

Sources of Personal Information Collected. We obtain categories of personal information listed below from the following categories of sources:

  • Directly from you, such as when you complete forms.
  • Indirectly from you, such as observing your actions on our website, and from publicly available sources.
  • Third parties.

Information Usage

We may use your personal information for the following purposes and, for each purpose, based on the following legal grounds:

  • Provision of legal services – We use personal information that you voluntarily submit to us on the website or during the course of our engagement, regardless of the media used, such as identification data, contact details, and other service data that we may process in connection with the provision of services. The Firm’s work for you may also involve providing such information to third parties, such as expert witnesses and other professional advisers in order to represent your interests most effectively, as well as the use of software, platforms and other tools that are hosted in the cloud by third party service providers. This processing is necessary for us to perform our contract with you.
  • Administration of client and vendor relationships – We use identification data, contact details, financial data, and other service data, including for the processing of invoices, the updating of client records, and the management of our vendor relationships. This processing is necessary to perform our contract with you.
  • Addressing client inquiries/feedback – We use identification data, contact details, and other service data for this purpose. This process is necessary to perform our contract with you. It may also be necessary for our legitimate interests to establish or maintain a relationship with you; it is also in your interest to receive a response from us when you contact us.
  • Sending relevant marketing messages and inviting you to events/seminars – We use identification data, contact details, cookie and device data, and mailing list data to communicate with you by way of email alerts and post to provide you with information about our events, seminars, or services that may be of interest to you. This processing is necessary for our legitimate interest to send you tailored marketing messages, client newsletters, and invitations to relevant events and seminars.
  • Improving our website – We use cookie and device data to improve the functionality and user-friendliness of our website. This processing is necessary for our legitimate interests to constantly monitor and improve our online presence and services to you.
  • Keeping our website and IT systems and processes safe – We use identification data, contact details, financial data, cookie and device data, and other service data. This processing is necessary to perform our contract with you and to ensure the security and confidentiality of your data. It is also necessary for our legitimate interests to prevent illegal activities, including fraud, which could harm you and us.
  • Complying with legal or regulatory inquiries/requests – We use identification data, contact details, financial data, cookie and device data, and legal and regulatory compliance data (including for anti-money laundering or fraud detection purposes, statutory returns and fulfillment of the Firm’s ethical obligations). This processing is necessary for the purpose of complying with legal requirements that apply to the Firm.
  • Recruitment – Personal information about job applicants is collected and processed for purposes of screening, identifying, and evaluating candidates for positions; record-keeping related to hiring processes; analyzing the hiring process and outcomes; and conducting background checks, where and to the extent permitted by applicable law, which may also be subject to relevant local recruitment privacy policy. If you are hired by the Firm, this data will be transferred to our employee record files for the purpose of your employment. This processing is necessary in order to take steps at the request of the job applicant in the context of recruitment prior to entering into a contract. In addition, job applicant data and legal and regulatory compliance data may be used as necessary to comply with legal, regulatory, and corporate governance requirements.

Information Sharing

We may share your personal information with the following categories of recipients:

  • Other entities within Skadden to provide legal services to you and to administer any service provided to you that the Firm agrees to undertake;
  • Professional advisers, partners, and agents of Skadden to provide you with local legal services, as required, and to administer our relationship with you;
  • Vendors that will process your personal information on our behalf and under our written instructions to carry out their services during the course of our business, such as IT service providers, financial institutions, customer relationship management databases and other platforms, software, tools and solutions that are hosted in the cloud, third party companies providing us with business analytics and statistics to assist with our marketing campaigns, and third party venues in which we may host events and seminars. We contract with such vendors to ensure that they only process your personal information under our instructions and ensure the security and confidentiality of your personal information by implementing the appropriate technical and organizational measures for such processing;
  • Any law enforcement, regulatory, or government agency requesting personal information in connection with any inquiry, subpoena, court order, or other legal or regulatory procedures, with which we would need to comply. We may also share personal information to establish or protect the Firm’s legal rights, property, or safety, or the rights, property, or safety of others, or to defend against legal claims; and
  • Any third party connected with business transfers; we may transfer your personal information to third parties in connection with a reorganization, restructuring, merger, acquisition, or transfer of assets of the Firm, provided that the receiving party agrees to treat your personal information in a manner consistent with this Privacy Statement.

We are not responsible for the data policies or procedures or content of any linked websites. We recommend that you check the privacy and security policies of each website you visit.

Marketing Choices

We may send you direct marketing messages including by way of email alerts and post provided that we have a lawful ground to do so. If you no longer wish to receive our email alerts, to be part of a mailing list, or to receive any marketing communications, you can opt-out of such communications at any time by clicking on the unsubscribe link in the relevant communication or contacting us at Info@skadden.com.

Your Rights

If you are in the European Economic Area (the “EEA”) or the United Kingdom (the “UK”), you have the following rights:

  • Access. You have the right to request a copy of the personal information that we are processing about you. If you require additional copies, we may need to charge a reasonable fee;
  • Rectification. You have the right to require the correction of any mistake in the personal information, whether incomplete or inaccurate, that we hold about you;
  • Deletion. You have the right to require the erasure of personal information concerning you in certain situations, such as where we no longer need it or if you withdraw your consent (where applicable);
  • Portability. You have the right to receive the personal information concerning you that you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit that data to a third party in certain situations;
  • Objection. You have the right to (i) object at any time to the processing of your personal information for direct marketing purposes and (ii) object to our processing of your personal information where the legal ground of such processing is necessary for legitimate interests pursued by us or by a third party. We will then abide by your request unless we can demonstrate compelling legal grounds for the processing;
  • Restriction. You have the right to request that we restrict our processing of your personal information in certain circumstances, such as when you contest the accuracy of that personal information; and
  • Withdrawal of consent. If we rely on your consent (or explicit consent) as our legal basis for processing your personal information, you have the right to withdraw that consent at any time. “Explicit consent” would be required if the Firm relies on consent as the condition to lawfully process “special categories of personal data,” as defined in the GDPR.

If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority, such as la Commission Nationale de l’Informatique et des Libertés (“CNIL”) in France, if you believe that we have not complied with applicable data protection laws, including the GDPR. Please click here for a list of local data protection authorities in EEA countries. If you are in the UK, you have the right to lodge a complaint with the Information Commissioner’s Office, who can be contacted here.

Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the personal information or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.

If you are in the EEA or the UK and would like to exercise any of those rights, please:

  • Email us at DataProtection@skadden.com;
  • Provide enough information to identify yourself (e.g., name, email address, etc.);
  • Provide proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill); and
  • Provide the information to which your request relates.

If you are a California resident, you have the following rights, subject to certain exceptions as set forth in the CCPA:

  • Right to Know. You have the right to receive information from us regarding (i) the categories of personal information we have collected about you, (ii) the categories of sources from which we have collected your personal information, (iii) the business or commercial purposes for which we have collected, shared, or sold your personal information, (iv) the categories of third parties to whom we disclose your personal information, and (v) the specific pieces of personal information we collected about you, in each case, in the 12 months preceding your “right to know” request.
  • Right to Delete. You have the right to request the deletion of the personal information that you provided to us. Please note that in certain instances we may not be able to process your request, such as (i) due to the existence of a legal obligation, (ii) to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities, (iii) in order to complete a transaction for which your personal information was collected, or (iv) to enable solely internal uses that are reasonably aligned with your expectations and context.
  • Right to Correct. You have the right to request correction of inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information.
  • Right to Non-Discrimination. You have the right to be free from discrimination by us as a result of you exercising your privacy rights conferred under the CCPA including an employee’s, job applicant’s, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights.

If you wish to exercise these rights, you must submit a request by emailing CCPA_Requests@skadden.com or by calling our toll-free number +1 (833) 524-0418 (during normal business hours, Monday through Friday, except public holidays).  The CCPA requires us to verify requests we receive when one is seeking to exercise certain of the rights listed above.  We may ask you to provide certain information as proof of your identity such as a copy of your driver’s license or passport and a recent utility or credit card bill in order for us to verify your request.  If you are a Skadden employee or otherwise have a relationship with us, we verify you by directly confirming with you, otherwise we verify through a service provider that uses information about you to ask questions the answers to which will help us determine if you are who you say you are.  If you have an authorized agent submit a request, the Firm may require you to (i) provide the authorized agent signed permission to do so, (ii) verify your own identity directly with the Firm, and (iii) directly confirm with the Firm that you provided the authorized agent permission to submit the request.

Skadden has collected the following types of personal information about California residents in the preceding 12 months:

  • Identifiers. Includes your real name, any previous names or preferred name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
  • Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Includes your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.
  • Protected classification characteristics under California or federal law. Includes your age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, and genetic information (including familial genetic information).
  • Internet or other electronic network activity. Includes browsing history, search history, information on your interaction with a website application, or advertisement. Please see the Policy on Computer Communications Resources and Social Media Usage for related information.
  • Professional or employment-related information. Includes your professional or employment-related information, including your resume, interview records, identity documents for work eligibility verification in the United States, Bar information, offer letter, employment dates, position, salary, bonuses, benefits information, attendance records, performance evaluations and employee relations information (e.g., disciplinary records).

Disclosures for a Business or Commercial Purpose In the preceding 12 months, Skadden has disclosed the categories of personal information listed above to its service providers for specific, limited business purposes, including for conducting background checks for job applicants, processing payroll, detecting data security incidents and troubleshooting software use, among other purposes listed in the Information Usage section of this Privacy Statement, which can be found above.

No Sharing/Selling of Personal Information with Third Parties. The Firm does not “sell” or “share” any of your personal information that is collected (as such terms are defined by the CCPA). The Firm therefore does not have actual knowledge that it sells or shares the personal information of consumers under 16 years of age.

Compliance with Section 7027(m). Skadden does not use or disclose sensitive personal information for purposes other than those specified in Section 7027(m) of the implementing regulations of the CCPA.

California “Shine the Light” Notice

If you are a California resident, you may request information about our compliance with the Shine the Light law by contacting us in the following ways: emailing CCPA_Requests@skadden.com or by calling our toll-free number +1 (833) 524-0418. Please note that the CCPA and Shine the Light are different laws offering different rights and requests must be made separately.

Security

We have implemented technical and organizational security measures in an effort to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to staff and authorized service providers on a need-to-know basis for the purposes described in this Privacy Statement, as well as other administrative, technical, and physical safeguards.

We endeavor to take all reasonable steps to protect your personal information, but cannot guarantee the security of any data you disclose online. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security, unless it is due to our negligence or willful default.

Data Transfer

Skadden is an international law firm comprised of multiple offices and affiliated entities in numerous jurisdictions. Details regarding our offices and affiliated entities can be found at https://www.skadden.com/locations. Your personal information may be transferred to or shared across our integrated computer networks with one or more of Skadden’s offices and our affiliated offices in the United States and other countries that may not be subject to data protection laws similar to those prevailing in the jurisdiction in which such information is provided to or received by us. However, all of our offices adhere to the same procedures with respect to your personal information, including this Privacy Statement.

It is necessary to transfer personal information from the United Kingdom or the EEA to a country outside the EEA (or to an international organization) in order to provide our attorneys with access to clients’ personal information to enable them to provide legal services, wherever they are located, and for related purposes as set out in this Privacy Statement, including updates and enhancements to our records, analysis to help us manage our practice, statutory returns, legal and regulatory compliance, the administration and management of the Firm’s global IT systems, and our other legitimate business interests.

While our offices in Belgium, France and Germany are in the EEA, not all of our offices are in countries that have the same data protection laws as the EEA. That said, with regard to our office in the UK, the UK has incorporated the wording of the GDPR with the UK GDPR and the Data Protection Act 2018 and following Brexit, the European Commission has issued an adequacy decision that allows data flows between the EEA and the UK to continue and remain safe.  When we transfer personal information (i) from within the EEA to countries located outside the EEA that have not received an adequacy decision from the European Commission, or (ii) from the UK to countries that are not recognized as offering an adequate level of protection by the Information Commissioner’s Office, including within Skadden offices and affiliated entities and with our service providers, we have implemented adequate safeguards to appropriately protect such transfer of personal information, including on the terms of a valid data transfer agreement incorporating the European Commission’s standard contractual clauses or as permitted under applicable data protection laws.  These safeguards are designed to protect your privacy rights and provide you with remedies in the unlikely event that your personal information is misused.  You may ask for further information on the safeguards that we have put in place to safeguard the transfer of your personal information to countries outside of the EEA or the UK by contacting us at DataProtection@skadden.com.

Cookies

Our website uses certain tags, log files, web beacons, and similar tracking technologies from third parties (collectively, “cookies”), of which you should be aware. Please see our Cookie Policy to find out more about the cookies we use and how to manage and delete cookies.

Do Not Track

Please note that we do not support “Do Not Track” browser settings at this time.

Information Retention

Your personal information is only stored and retained for as long as necessary for the purposes set out in this Privacy Statement.  In determining the appropriate retention period, we consider the nature and duration of our relationship with you, the type of services provided, and the impact on our services if certain information is deleted.  In all cases, the Firm may retain personal information for additional time as required by applicable law; to establish, exercise or defend our legal rights; or, for other legitimate business purposes, including archiving and historical purposes.  We will maintain such data in an anonymized form where practical. 

Notification of Changes

We may occasionally update this Privacy Statement as our services and privacy practices change, or as required by applicable legal or regulatory requirements. Where it is practicable, we will notify you by email of any significant changes. However, the last update date is posted below, and we encourage you to review this Privacy Statement periodically to be informed of how we use your personal information.

Last Updated: May 22, 2024

BACK TO TOP