Privacy Policy

ONLINE PRIVACY STATEMENT

This Privacy Statement (the “Statement”) describes how Sidley Austin LLP, including its affiliated partnerships (collectively, the firm), collects, uses, and discloses Personal Information collected online and offline, and the rights individuals in various jurisdictions may have with respect to their Personal Information. This includes, without limitation, the Personal Information of parties whose data we may collect in connection with the provision of legal services as well as those who visit our offices or participate in conferences or meetings we host. It also applies to the Personal Information collected from individuals who interact with us online, including through our websites and mobile applications (collectively the “Websites”), and our social media pages, or communicate with us via email or video conferencing platforms (collectively, the “Internet Services”). A separate notice applies to our processing of Personal Information through cookies.

This Statement does not apply to our partners, employees, independent contractors, and others whose Personal Information we may collect when they interact with the firm in an employment capacity.

By accessing our Websites or making use of our Internet Services, you agree to our Terms and Conditions, including the collection and use of your Personal Information as described in this Privacy Policy. However, this does not equate to consent for the processing of your Personal Information for purposes of EEA and UK data protection laws.

For purposes of this Privacy Policy, “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. The term does not include aggregated information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual.

For California residents, this Statement serves as our notice at collection as required by the California Consumer Privacy Act, as amended by the California Privacy Rights Act. As applicable, we will provide notice for any additional collection of Personal Information. For information about your privacy rights as a resident of certain states within the United States, please see the Your State Privacy Rights section below.

Personal Information We Collect

We collect the following categories of Personal Information:

Personal identifiers: name, email address, billing address, telephone numbers, account number, IP address, governmental ID, Social Security number and similar identifiers used for tax or billing purposes, signature. We may also collect Personal Information about your next of kin, emergency contact information, or contact details about individuals whom you refer to us for services.

Protected class and other sensitive or special category information: sex/gender or gender identity; financial information; health information; race and ethnicity; military or veteran status; and criminal convictions and offences data.
Commercial and financial information: records of legal services procured from us or other law firms; and payment and banking information.
Internet or other electronic activity information: your device and browser type, your browsing and search history on our Websites, information regarding your interaction with our Websites and our social media posts or Internet Services, and similar data collected automatically or through cookies. For more information about information collected through cookies, see our Cookie Notice.
Professional information: job title, information about your employer, and other work-related details.
Education information: educational institutions attended, degree information, grades or grade information, classes or courses taken, certificates obtained, honors received.
Dietary information, such as information about dietary preferences that we may collect in connection with events.
Marketing data, such as your preferences for receiving our marketing communications and details about your engagement with them.
Audio, electronic, and visual information, such as photographs, video and voice recordings of conversations with you as permitted by law, and security camera and CCTV footage recordings of your activity in our offices.
Third-party sources. We may combine Personal Information we receive from you with Personal Information we obtain from public and private sources, partner organizations, marketing partners, and other sources.
General location data when you authorize the our access to your device’s location.
Other Information You Provide, including any additional information you choose to share with us during your interactions.

Purposes for Collection of Personal Information

Set out below is a description of how we use your Personal Information (referred to as “processing purposes” below), and, for individuals located in the EEA or the UK, we explain which of the legal bases we rely on for each processing activity.

Categories of Personal Information	Processing Purposes	Legal Basis (where you are located in the EEA or the UK or jurisdictions with similar requirements)
Personal identifiers; Internet and other electronic activity information	To provide information concerning the firm and our services: provide our legal services; news about the firm and legal developments, provide information about events and seminars; respond to requests and inquiries; provide notice about changes to our Internet Services	To pursue our legitimate interests to operate our business, and to manage and administer our relationship with you For direct marketing communications: With consent (to the extent required by applicable law)
Personal identifiers; commercial and financial information	Client billing and screening: Billing and payment processing; running required background, conflicts, and AML checks as required under applicable laws	To pursue our legitimate interests to operate our business
Personal identifiers; Internet and other electronic activity information	Personalization: to personalize your visit to our Websites and use of our Internet Services, to assist you while you use those services, to analyze use of and improve our Websites and Internet Services (including testing, troubleshooting, and research)	To pursue our legitimate interests to provide the Websites and Internet Services, and process Personal Information to see if and how our Websites or Internet Services can be improved, so that we can offer you a better user experience in the future.
Personal identifiers; Internet and other electronic activity information; biometric	Network and Information Security: to ensure network and information security, including monitoring users’ access to our Websites for the purpose of preventing cyber-attacks, unauthorized use of our systems and Websites, prevention or detection of crime and protection of Personal Information, and securing access to our offices	To pursue our legitimate interests to ensure our systems / Websites are secure and that individuals are using our systems / Websites correctly and in compliance with our Terms and Conditions
Personal identifiers; Internet and other electronic activity information; professional information; commercial and financial information	Transactions with other businesses: to engage in business transactions with entities we do business with and market to or engage in diligence with those entities	To pursue our legitimate interests to administer the management of our business.
Personal identifiers	Transactions: To enable any due diligence and other appraisals or evaluations for any actual or proposed merger, acquisition, financing transaction or joint ventures	To pursue our legitimate interests to administer the management of our business.
Personal identifiers; Internet and other electronic activity information.	Legal Claims: To defend and enforce our rights including, against legal claims that involve us, and to manage regulatory matters, investigations, data breaches, and/or data subject requests.	To comply with our legal obligations. In such cases, if you do not provide this Personal Information when requested, we may not be able to comply with our legal obligations and we may have to terminate our relationship with you. To pursue our legitimate interests to enforce or defend our rights and interests.

If you do not want to receive publications or details of events or seminars that we consider may be of interest to you, you may opt-out including clicking on the unsubscribe link in electronic marketing communications.

Where Personal Information is necessary for the Firm to carry out its anti-money laundering checks failure to provide such information may result in the Firm not being able to provide the representation.

We have carefully balanced our legitimate interests in our business operations against your data protection rights. If you wish to obtain more information on the balancing exercise we performed, please contact us by using the contact details below.

Retention Periods

We retain the categories of Personal Information we collect for as long as we need to achieve the purposes for which the information was originally collected, for the purposes described in this Statement and our applicable policies, or for another legitimate business purpose or to pursue legal claims. The criteria used to determine the retention periods include: (i) how long the Personal Information is needed to provide the Services and operate the business; (ii) the type of Personal Information collected; and (iii) whether we are subject to a legal, contractual or similar obligation to retain the Personal Information (e.g., mandatory data retention laws, court orders, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).

Sensitive Personal Information

We do not process sensitive Personal Information to create profiles or infer characteristics about you, unless required or permitted by law for compliance and reporting purposes.

No Profiling to Facilitate Decisions with Legal or Other Significant Effects

We do not engage in the automated processing of Personal Information without meaningful human involvement to create profiles about individuals that are used in furtherance of decisions with legal or other similarly significant effects.

Disclosure of Personal Information For Business Purposes

The following chart describes the categories of Personal Information we disclosed to service providers (processors) for business purposes in the 12 months prior to the date of this Privacy Policy:

Categories of Personal Information	Categories of Service Providers to Which We Disclosed Personal Information
Personal identifiers: name, email address, billing address, telephone numbers, account number, IP address, governmental ID, Social Security number and similar identifiers used for tax or billing purposes, signature	Service providers that manage website visitor information, facilitate email communications, provide security services and cloud-based data storage, host our Internet Services and assist with other IT-related functions, market our company, provide analytics information, assist with payment processing, assist in compliance with anti-money laundering laws and similar compliance obligations; operate our video conferencing services, assist with our events
Protected class information: sex/gender; ethnicity; military or veteran status	Service providers that provide security services and cloud-based data storage, host our Internet Services and assist with other IT-related functions,
Internet and other electronic activity information: your device and browser type, your browsing and search history on our Websites, and information regarding your interaction with our Websites and our social media posts	Service providers that manage website visitor information, facilitate email communications, provide security services and cloud-based data storage, host our Websites and assist with other IT-related functions, provide marketing and analytics information
Education information: educational institutions attended, degree information, grades or grade information, classes or courses taken, certificates obtained, honors received	Service providers that provide cloud-based data storage
Visual information: security camera footage	Service providers that store security camera footage

Business Purposes for Such Disclosures

We may disclose the aforementioned categories of Personal Information to the categories of entities identified above for the following purposes: to facilitate email communications; manage contacts; work with vendors and suppliers; manage our Websites, operate our IT systems and secure our systems; and host events; billing, payment processing, and security or background checks; for marketing and analytics; and where we believe it necessary to provide a service which you have requested, or as permitted or required by law, or as otherwise authorized or directed by you.

We may also disclose Personal Information as required or permitted by law to comply with a subpoena or similar legal process or government request, or when we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property or the rights, property or safety of others, including to law enforcement agencies, and judicial and regulatory authorities. We may also disclose your Personal Information to third parties to help detect and protect against fraud or data security vulnerabilities. We may transfer your Personal Information to a third party in the event of an actual or contemplated sale, merger, reorganization of our entity or other restructuring. We may also disclose Personal Information to organizations or other certifying bodies for the purpose of equal opportunities monitoring.

Confidentiality and Security

We maintain reasonable and appropriate security measures, including physical, electronic and procedural safeguards intended to maintain the confidentiality of Personal Information and protect Personal Information we maintain from loss, misuse, unauthorized access, or destruction. Please note that we cannot guarantee that our safeguards will always work, as not system is able to be fully secure.

International Transfer of Personal Information

As an international firm, we operate systems that may make data related to your matters accessible from our various offices around the world and often transfer client data which may include Personal Information between our offices. We may disclose your Personal Information, for the above listed purposes, to recipients (including affiliated partnerships) in locations that do not have data protection laws equivalent to those in the UK, the EEA, Switzerland or Singapore. In such a case, we will take all necessary steps to ensure the safety of your personal data in accordance with all applicable data protection laws at a standard substantially similar to, or that serves the same purposes as those of the relevant legislation (if applicable). For transfers of personal data within the Firm to offices outside of the UK and EEA we have in place intra-group Data Transfer Agreements with EU Standard Contractual Clauses and UK Addendum. You can request a copy of these agreements by contacting privacy@sidley.com.

Do Not Track Signals

We recognize the Global Privacy Control signal and do so at the browser level. When we are only able to recognize the signal at a browser level, it means we will recognize it for the browser through which the signal is not; the opt-out request will not be recognized for Personal Information we may collect offline or that we may associate only with your name or email address. If you would like more information about opt-out preference signals, including how to use them, the Global Privacy Control website has such information (https://globalprivacycontrol.org).

We do not observe the “Do Not Track” or “DNT” signal. We do not allow any third parties to collect Personal Information about your online activities over time or across websites for their own purposes.

Children

In order to respect the privacy of minors, the Firm does not knowingly collect, maintain or process Personal Information submitted online via our Internet Services by anyone under the age of 18. To the extent the Firm collects Personal Information on minors in the context of one of the purposes mentioned in the Statement, the Firm will only do so with the appropriate consent or as otherwise permitted under applicable laws.

Your Privacy Rights under U.S. State Privacy Laws

This section provides additional information to individuals in certain states in the United States of America with privacy laws that provide residents with rights over their personal information and data. Under U.S. state privacy laws, you may be able to exercise the following rights with respect to the Personal Information we collect, use, disclose, or otherwise process.

This Privacy Statement describes the types of Personal Information we may collect from you, including the categories outlined under California law (Cal. Civ. Code 1798.140) during the 12 months preceding the effective date of this Statement, how we use it, and the parties to whom we disclose the information.

Right to Know - You may request to know whether we are processing your personal information and to access that information, including categories and specific data collected, sources, purposes, and third parties with whom it has been shared. The right to request the following information collected since January 1, 2022: (a) categories of Personal Information we have collected about you; (b) categories of sources from which such Personal Information was collected; (c) categories of Personal Information that the business sold or disclosed for a business purpose about the consumer; (d) categories of third parties to whom the Personal Information was sold or disclosed; (e) the business or commercial purpose for collecting or selling your Personal Information.

Right to Access / Copy - The right to access or request a copy of the Personal Information we have collected about you, subject to certain exceptions.

Right to Delete - The right to request deletion of Personal Information that we have collected about you, and to have such information deleted, subject to certain exceptions.

Right to Correct - The right to request that we correct inaccuracies in your Personal Information, taking into account the nature of personal data and purposes of processing such information.

Right to Know Categories of Third Parties and Third Party Recipients of Personal Information - The right to know the categories of third parties and the identities of third parties to which we have disclosed personal information.

Right to Data Portability - You may request a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.

No Sale or Sharing of Personal Information

We do not sell Personal Information and we do not share Personal Information for cross-context behavioral advertising.

California Shine the Light

With reference to California Civil Code Section 1798.83, also known as the “Shine the Light” law, we do not provide personal information to third parties for their direct marketing purposes.

Exercising Your Rights and How We Will Respond

To exercise rights to know, access/copy, delete, correct, or know third parties to whom Personal Information is disclosed, or to ask a question, contact us at privacy@sidley.com, or by mail at:

Sidley Austin LLP
ATTN: Chief Privacy Officer
1501 K Street NW, Washington D.C. 20005

You are entitled to make such requests free of charge once (or in Texas, twice) in a 12-month period; excessive or unfounded requests may incur a reasonable administrative fee.

Appeals and Additional Information

In some cases, we may deny your request if we cannot verify your identity, if the request is unfounded, excessive, or repetitive, if disclosure involves sensitive or legally protected information, or if fulfilling it would conflict with legal obligations or exemptions under applicable laws. If we decline to act on your request, you may appeal by emailing privacy@sidley.com. We will respond to appeals within 60 days with an explanation of the decision. If your appeal is denied, you may contact the appropriate state authority.

Verification of Identity – Access, Deletion or Correction Requests

We will ask you for identifying information and attempt to match it to information that we maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to your request. We will notify you to explain the basis of the denial.

Exercising Your Rights Using Authorized Agents

You may designate an agent to submit data subject requests on their behalf. If you use an agent to submit data subject requests (e.g., to access, delete, correct, or obtain a copy of Personal Information), the agent will need to provide us with your signed permission indicating the agent has been authorized to submit the request on your behalf. You will also be required to verify your identity directly with us or confirm with us that you provided the agent with permission to submit the request. Agents can submit requests on behalf of residents by emailing privacy@sidley.com.

Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with state law pertaining to powers of attorney.

Our Commitment to Allowing You to Exercise Your Rights – Non-Discrimination

If you exercise any of the rights explained in this Privacy Policy, we will continue to treat you fairly.

Your European Union (EU) and United Kingdom (UK) Data Protection Rights

Under EU, UK and Swiss data protection laws (UK GDPR/2018 Data Protection Act EU GDPR, and FADP), individuals may have certain data protection rights which may be subject to limitations and/or restrictions and which includes (but are not limited to): (i) the right to request access to and, rectification or erasure of your Personal Information; and (ii) the right to ask us to restrict the processing of your Personal Information; and (iii) the right to portability of your data. You may also have a right to object to processing of your Personal Information where carried out for our legitimate interest or direct marketing, or to withdraw consent to the processing of your Personal Information where this is the legal basis we relied upon. To exercise your rights under this Privacy Policy, please send us your request using the “Contact Us” section below.

Individuals may also have a right to lodge a complaint about the processing of their Personal Information with a competent data protection authority.

The Firm’s data protection officer, dealing with EU, UK and Swiss matters, can be contacted at, privacy@sidley.com or by writing to Data Protection Officer,

Sidley Austin LLP, 70 St Mary Axe, London, EC3A 8BE, United Kingdom, if you have any questions in this regard.

Your Singapore, People’s Republic of China (PRC), Hong Kong and Dubai International Financial Centre (DIFC) Data Protection Rights

Our processing of your personal information within the scope of the following legislation may afford you certain specific rights:

Singapore’s Personal Data Protection Act 2012 (the “PDPA”)
Hong Kong’s Personal Data (Privacy) Ordinance (the “PDPO”)
Mainland China’s Personal Information Protection Law (the “PIPL”)
The DIFC’s Data Protection Law DIFC Law No. 5 of 2020

The Firm’s Data Protection Officer, dealing with these matters, can be contacted at privacy@sidley.com or by writing to Data Protection Officer, Sidley Austin LLP, 70 St Mary Axe, London, EC3 8BE, United Kingdom, if you have any questions in this regard.

Changes

We reserve the right to change this Statement at any time. If we make material changes to the way we use or disclose Personal Information, we will notify you by posting a notice on our Websites.

Contact Us

If you have any questions relating to our use of your Personal Information please contact the Chief Privacy Officer at privacy@sidley.com, or by mail at:

Sidley Austin LLP
ATTN: Chief Privacy Officer
1501 K Street NW, Washington D.C. 20005