Data Transfer and Privacy Policy
Menu
Data Transfer and Privacy Policy
Kirkland & Ellis LLP, Kirkland & Ellis International LLP, Kirkland & Ellis (Hong Kong), Kirkland & Ellis LLP (Paris), (together "Kirkland" or the "Firm") adhere to international data protection legislation concerning the transfer of personal data from the European Economic Area (the “EEA”) and/or Switzerland, in each case to the United States, Hong Kong and Mainland China.
This Data Transfer and Privacy Policy (the "Policy") outlines Kirkland’s general practices and procedures implementing appropriate standards in relation to (i) the types of personal data the Firm's offices receive from the EEA and/or Switzerland (ii) how that personal data is used; and (iii) the options available to a specific individual in the EEA or Switzerland (also referred to as the “data subject”) in relation to the Firm’s use of, and their ability to correct or request deletion of, the personal data relating to them.
Scope: This Policy applies to all "personal data" that the Firm receives from the EEA and/or Switzerland that pertains to, a specific individual in the EEA or Switzerland, can be linked to that individual, and is recorded in any form.
Notice: If Kirkland obtains personal data directly from individuals in the EEA or Switzerland, Kirkland will inform those individuals about (i) why Kirkland is collecting and using their personal data; (ii) the types of third parties to whom Kirkland may disclose that personal data; (iii) each individual’s rights regarding their data; and (iv) how an individual may contact Kirkland. Kirkland will provide notice of the foregoing in clear and conspicuous language when individuals are first asked to provide personal data to Kirkland, or as soon as practicable thereafter, and in any event before Kirkland uses or discloses the information for a purpose other than that for which it was originally collected. Consent for personal data to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use the Firm's services. Alternatively, we process personal data as may be necessary for the Firm’s legitimate interests in managing its business, delivering legal services to clients and for the fulfilment of its contractual obligations.
Choice: Where acting as a data controller (i.e., the person or entity that determines the purposes for which, and the manner in which, any personal data is processed), Kirkland will offer individuals the opportunity to choose (i.e., opt-out) whether their personal data is (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For special categories of personal data, Kirkland will give individuals the opportunity to affirmatively and explicitly (i.e., opt-in) consent to the disclosure of such personal data to a non-agent third party or the use of such personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. In connection with client engagements and at the direction of the Firm’s clients, Kirkland may process personal data of data subjects with whom the Firm has no direct relationship. Kirkland may disclose personal data to (i) agents as provided herein, and (ii) non-agent third parties for the purposes of, and as directed by, the client in connection with which that personal data was collected. In receiving such personal data from its clients, Kirkland will obtain an affirmation from such clients that all personal data transferred to Kirkland is transferred in accordance with all applicable international data protection legislation.
Onward Transfer: Kirkland will use commercially reasonable efforts to obtain assurances from third parties to whom they transfer data that they will safeguard personal data consistent with this Policy. If Kirkland discovers that an agent is using or disclosing personal data in a manner contrary to this Policy, Kirkland will take commercially reasonable steps to prevent or stop the use or disclosure.
Any transfer of personal data from Kirkland & Ellis International LLP to Kirkland & Ellis LLP (in the United States of America) or to Kirkland & Ellis (Hong Kong) will be made with adequate levels of protection in place.
Security: Kirkland will take commercially reasonable precautions to protect personal data in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Data Integrity: Kirkland will use personal data only in ways that are compatible with the purposes for which Kirkland collected the data or in a manner that the data subject or client subsequently authorized. To the extent necessary, Kirkland will take commercially reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current.
Access: Upon request, Kirkland will provide individuals with information about the personal data that it holds about them in the Firm’s role as data controller. If an individual becomes aware that information the Firm maintains about that individual is inaccurate, or if an individual would like to update, review or erase his or her information, the individual may contact the Firm at dataprivacy@kirkland.com. The individual may need to provide sufficient identifying information to allow the Firm to confirm the individual’s identity.
Enforcement: Kirkland will periodically audit its relevant privacy practices to confirm that the Firm is adhering to this Policy. Any partner or employee who Kirkland determines is violating or has violated this Policy may be subject to disciplinary action up to and including termination.
Dispute Resolution - Human Resource Data: Any questions or concerns regarding the use or disclosure of Kirkland's human resource data should be directed to the Firm's HR Director or the Director of Administration. Kirkland will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the European General Data Protection Regulation Principles and this Policy. For unresolved complaints related to Kirkland's human resources data for partners and employees in the EU offices, Kirkland will cooperate with the European National Supervisory Authorities.
Dispute Resolution - Client Data: Any questions or concerns regarding the use or disclosure of client-related personal data should be directed to the Firm at dataprivacy@kirkland.com. Kirkland will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the GDPR and this Policy.
Limitations of the GDPR and this Policy: Kirkland’s adherence to the GDPR and this Policy will be limited as permitted by the GDPR: (i) to the extent necessary to meet national security, public interest, or law enforcement requirements, (ii) by statute, government regulation, or case law that creates conflicting obligations or authorizations, provided that, in exercising any such authorization, the Firm’s non-adherence is limited to the extent necessary to meet the overriding legitimate interests the Firm furthers, or (iii) if the effect of the EU Regulation on Data Protection (the "GDPR"), EU Member State law, or the Swiss Federal Act on Data Protection (the “FADP”) is to allow exceptions or derogations, provided the Firm applies such exceptions or derogations in comparable contexts. Further, because Kirkland is a law firm providing legal advice, adherence to certain of the GDPR (including Notice, Choice and Access), is limited with respect to personal data that the Firm processes and uses in certain respects, including, but not limited to, the establishment of a legal claim or defense or the representation of a client's interests and rights in an acquisition, merger, joint venture or other transaction. Personal data may also be subject to ethical duties of confidentiality or privilege.
The Firm's U.S. offices do not disclose personal data to third parties except in accordance with the GDPR and this Policy.
INTERNET PRIVACY
Kirkland considers the internet and the use of other technologies to be valuable tools to communicate and interact with clients, employees, agents, business associates, and others. Kirkland recognizes the importance of maintaining the privacy of information collected online and has created a specific Website Privacy Policy governing the treatment of personal data collected through web sites that it operates. With respect to personal data that is transferred from the EEA and Switzerland to the U.S., the Website Privacy Policy is subordinate to this Policy. However, the Website Privacy Policy may reflect additional legal requirements with respect to internet privacy. Kirkland's Website Privacy Policy can be found at www.kirkland.com.
Contacts for Questions and Concerns
Questions and concerns regarding this Policy should be directed to the Firm at dataprivacy@kirkland.com.
CHANGES TO THIS DATA TRANSFER AND PRIVACY POLICY
This Policy may be amended from time to time.
Last Updated: October 1, 2019
Kirkland & Ellis LLP, Kirkland & Ellis International LLP, Kirkland & Ellis (Hong Kong), Kirkland & Ellis LLP (Paris), (together "Kirkland" or the "Firm") adhere to international data protection legislation concerning the transfer of personal data from the European Economic Area (the “EEA”) and/or Switzerland, in each case to the United States, Hong Kong and Mainland China.
This Data Transfer and Privacy Policy (the "Policy") outlines Kirkland’s general practices and procedures implementing appropriate standards in relation to (i) the types of personal data the Firm's offices receive from the EEA and/or Switzerland (ii) how that personal data is used; and (iii) the options available to a specific individual in the EEA or Switzerland (also referred to as the “data subject”) in relation to the Firm’s use of, and their ability to correct or request deletion of, the personal data relating to them.
Scope: This Policy applies to all "personal data" that the Firm receives from the EEA and/or Switzerland that pertains to, a specific individual in the EEA or Switzerland, can be linked to that individual, and is recorded in any form.
Notice: If Kirkland obtains personal data directly from individuals in the EEA or Switzerland, Kirkland will inform those individuals about (i) why Kirkland is collecting and using their personal data; (ii) the types of third parties to whom Kirkland may disclose that personal data; (iii) each individual’s rights regarding their data; and (iv) how an individual may contact Kirkland. Kirkland will provide notice of the foregoing in clear and conspicuous language when individuals are first asked to provide personal data to Kirkland, or as soon as practicable thereafter, and in any event before Kirkland uses or discloses the information for a purpose other than that for which it was originally collected. Consent for personal data to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use the Firm's services. Alternatively, we process personal data as may be necessary for the Firm’s legitimate interests in managing its business, delivering legal services to clients and for the fulfilment of its contractual obligations.
Choice: Where acting as a data controller (i.e., the person or entity that determines the purposes for which, and the manner in which, any personal data is processed), Kirkland will offer individuals the opportunity to choose (i.e., opt-out) whether their personal data is (i) to be disclosed to a non-agent third party, or (ii) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For special categories of personal data, Kirkland will give individuals the opportunity to affirmatively and explicitly (i.e., opt-in) consent to the disclosure of such personal data to a non-agent third party or the use of such personal data for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. In connection with client engagements and at the direction of the Firm’s clients, Kirkland may process personal data of data subjects with whom the Firm has no direct relationship. Kirkland may disclose personal data to (i) agents as provided herein, and (ii) non-agent third parties for the purposes of, and as directed by, the client in connection with which that personal data was collected. In receiving such personal data from its clients, Kirkland will obtain an affirmation from such clients that all personal data transferred to Kirkland is transferred in accordance with all applicable international data protection legislation.
Onward Transfer: Kirkland will use commercially reasonable efforts to obtain assurances from third parties to whom they transfer data that they will safeguard personal data consistent with this Policy. If Kirkland discovers that an agent is using or disclosing personal data in a manner contrary to this Policy, Kirkland will take commercially reasonable steps to prevent or stop the use or disclosure.
Any transfer of personal data from Kirkland & Ellis International LLP to Kirkland & Ellis LLP (in the United States of America) or to Kirkland & Ellis (Hong Kong) will be made with adequate levels of protection in place.
Security: Kirkland will take commercially reasonable precautions to protect personal data in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
Data Integrity: Kirkland will use personal data only in ways that are compatible with the purposes for which Kirkland collected the data or in a manner that the data subject or client subsequently authorized. To the extent necessary, Kirkland will take commercially reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current.
Access: Upon request, Kirkland will provide individuals with information about the personal data that it holds about them in the Firm’s role as data controller. If an individual becomes aware that information the Firm maintains about that individual is inaccurate, or if an individual would like to update, review or erase his or her information, the individual may contact the Firm at dataprivacy@kirkland.com. The individual may need to provide sufficient identifying information to allow the Firm to confirm the individual’s identity.
Enforcement: Kirkland will periodically audit its relevant privacy practices to confirm that the Firm is adhering to this Policy. Any partner or employee who Kirkland determines is violating or has violated this Policy may be subject to disciplinary action up to and including termination.
Dispute Resolution - Human Resource Data: Any questions or concerns regarding the use or disclosure of Kirkland's human resource data should be directed to the Firm's HR Director or the Director of Administration. Kirkland will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the European General Data Protection Regulation Principles and this Policy. For unresolved complaints related to Kirkland's human resources data for partners and employees in the EU offices, Kirkland will cooperate with the European National Supervisory Authorities.
Dispute Resolution - Client Data: Any questions or concerns regarding the use or disclosure of client-related personal data should be directed to the Firm at dataprivacy@kirkland.com. Kirkland will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the GDPR and this Policy.
Limitations of the GDPR and this Policy: Kirkland’s adherence to the GDPR and this Policy will be limited as permitted by the GDPR: (i) to the extent necessary to meet national security, public interest, or law enforcement requirements, (ii) by statute, government regulation, or case law that creates conflicting obligations or authorizations, provided that, in exercising any such authorization, the Firm’s non-adherence is limited to the extent necessary to meet the overriding legitimate interests the Firm furthers, or (iii) if the effect of the EU Regulation on Data Protection (the "GDPR"), EU Member State law, or the Swiss Federal Act on Data Protection (the “FADP”) is to allow exceptions or derogations, provided the Firm applies such exceptions or derogations in comparable contexts. Further, because Kirkland is a law firm providing legal advice, adherence to certain of the GDPR (including Notice, Choice and Access), is limited with respect to personal data that the Firm processes and uses in certain respects, including, but not limited to, the establishment of a legal claim or defense or the representation of a client's interests and rights in an acquisition, merger, joint venture or other transaction. Personal data may also be subject to ethical duties of confidentiality or privilege.
The Firm's U.S. offices do not disclose personal data to third parties except in accordance with the GDPR and this Policy.
INTERNET PRIVACY
Kirkland considers the internet and the use of other technologies to be valuable tools to communicate and interact with clients, employees, agents, business associates, and others. Kirkland recognizes the importance of maintaining the privacy of information collected online and has created a specific Website Privacy Policy governing the treatment of personal data collected through web sites that it operates. With respect to personal data that is transferred from the EEA and Switzerland to the U.S., the Website Privacy Policy is subordinate to this Policy. However, the Website Privacy Policy may reflect additional legal requirements with respect to internet privacy. Kirkland's Website Privacy Policy can be found at www.kirkland.com.
Contacts for Questions and Concerns
Questions and concerns regarding this Policy should be directed to the Firm at dataprivacy@kirkland.com.
CHANGES TO THIS DATA TRANSFER AND PRIVACY POLICY
This Policy may be amended from time to time.
Last Updated: October 1, 2019