Privacy Statement

View in Arabic.

Last Updated: December 2024

Gibson, Dunn & Crutcher LLP, a Delaware limited liability partnership having its registered office at 333 South Grand Avenue, Los Angeles, CA 90071-3197, United States, together with its international branch offices and affiliates (individually and collectively referred to hereinafter as “Gibson Dunn”, “we”, “us”, “our”, or the “Firm”), is a global law firm with offices located around the world. We are committed to safeguarding the privacy of our clients, business partners, contacts, job applicants, website visitors, and subscribers (collectively, “you”), and to protecting the Personal Information (as defined herein below) we process.

This Privacy Statement applies to the processing of Personal Information by Gibson Dunn, acting as a controller with respect to your Personal Information, in connection with:

  • your use of our website https://www.gibsondunn.com, our extranet https://extranet.gibsondunn.com/ (including, without limitation, any sub-sites thereof that are used for client or other third-party collaboration, interaction with our alumni, or for our marketing purposes), and any online services offered through any of the foregoing (individually and collectively, the “Site”);
  • the services offered by Gibson Dunn to its clients and business partners;
  • recruitment and hiring; and
  • communications with you, including to respond to your inquiries, inform you about our services and events, and to send you our newsletters (including blogs, client alerts, invitations to webcasts, or other materials).

This Privacy Statement explains our privacy practices, including the types of Personal Information collected by Gibson Dunn, and how such information may be collected, used, processed, utilized, maintained, or shared.

Collection of Personal Information

“Personal Information” generally is any information that is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, back to a natural person or device, including personal identifiers, such as your name, email address, physical address, phone number, IP address, or device identifier, subject to definitions and exceptions under applicable law. Personal Information includes information that you provide to us, that we collect automatically, and that we obtain from third parties. As further detailed below, Gibson Dunn processes Personal Information regarding (i) our clients’ representatives when using any of our legal services, (ii) anyone who sends us an inquiry, registers for one of our events, subscribes to our newsletters, or attends any of our Internet-based continuing legal education courses, (iii) users of our Site, as well as (iv) job applicants.

Some of the Personal Information we process may also fall under the sub-category of “special categories of personal data”, “sensitive data”, “sensitive personal information”, or a similar term, as defined by applicable data protection laws (“Sensitive Personal Information”). Such Sensitive Personal Information may include, depending on your jurisdiction, information such as your Social Security Number, driver’s license number, national or state identification card number, passport number, financial account and credit card information in combination with any required security or access code, geolocation data, and racial and/or ethnic information. We only collect and use Sensitive Personal Information in accordance with applicable data protection laws, upon your consent where required and as necessary to fulfill business purposes. We do not use such information to infer characteristics about you.

We will process your Personal Information only when we have a legal basis to do so (see the following section How We Use Your Personal Information). This information may include the following:

Personal Information we collect to provide legal services:

  • Contact information, including first name, last name, work and personal email addresses, physical address, work and personal telephone numbers, and other similar identifiers.
  • Payment information, including banking details or other transactional data, needed to provide you with legal services, including billing information.
  • Professional or employment-related information, including title, company, and business phone number.
  • Other information as reasonably necessary for Gibson Dunn to provide legal services.

We will also collect Personal Information about you indirectly from other sources, namely from our clients and interested third parties in relation to our legal services. Such Personal Information could include contact details and any other categories of Personal Information provided to us and relevant to the matter at stake.

Personal Information we collect to respond to your inquiry, to inform you about our services and events, to send you our newsletters, or to make available to you Internet-based continuing legal education courses and send you certificates of completion for such courses:

  • Contact information, including first name, last name, work and personal email addresses, physical address, work and personal telephone numbers, and similar identifiers, and your areas of interest.
  • Professional or employment-related information, including job title, company name, and business phone number.
  • Other information as reasonably necessary for Gibson Dunn to respond to your inquiry, inform you about our services and events, send you our newsletters, or to make available to you Internet-based continuing legal education courses and send you certificates of completion for such courses.

Personal Information we collect when you use the Site:

  • Device and Usage information, such as IP address, access dates and times, information about your browser or mobile device, other device identifiers, and referring and exiting URLs. We may use cookies and similar technologies to help us understand your activity on our Site, as well as for email communications. For more information on how to manage your cookie preferences, please see our Cookie Notice.
  • Account and Profile information, such as username, password, contact information, and employment-related information, when you access and use areas of the Site that require entry of log-in credentials and/or the creation of a user profile.

Personal Information we collect in connection with your application for employment with the Firm:

  • Contact information, including first name, email address, physical address, work and personal telephone numbers, employee identification number, employee credentials and related passcode, emergency contacts, and dependents’ names.
  • Professional or employment-related information, including job title, employment history, and educational background, as well as information collected from the recruitment, hiring, and termination processes (for example, interview information, CV or resume, cover letters, references, reference letters, reviews, disciplinary procedure information, attendance records, transcripts, pre-hire interactions, letters of reference, publicly available social media, letters of offer and acceptance, hire, start and end dates, resignation date, and reasons).
  • Education and Certification information, including work experience, certifications, registrations, professional license numbers, training, and language abilities, as well as acknowledgements relating to receipt of or agreement to Gibson Dunn policies, and survey or feedback information.
  • Identity information, including national or state identification number (Social Security Number, National Insurance number, social insurance number, EID number, residency number, citizen identification number, identity card number, or similar), taxpayer identification information, driver’s license number, as well as residency, citizenship, or work authorization status, visa number, military status, sponsorship requirement, nationality, and passport information.
  • Characteristics of protected classifications under California or U.S. federal law, including sex, gender, marital status, ethnic origin, date of birth, age, sexual orientation, veteran status, and physical limitations and special accommodations, as needed or as voluntarily disclosed by you, and in all cases in accordance with applicable data protection laws and with your consent where required.
  • Background check information, including, where permitted by law and as applicable, and with informed consent where required, the results of (i) criminal background checks, (ii) drug testing, (iii) a general background search on the highest level of education obtained and employment history, (iv) SSN tracing, (v) a national sex offender registry search, and (vi) a driving record search.
  • Other information linked to the Personal Information above as reasonably necessary for Gibson Dunn’s business purposes.

How We Use Your Personal Information

To provide our legal services

Gibson Dunn processes Personal Information for the performance of the contract with you or to take precontractual steps at your request to:

  • provide you with our legal services;
  • manage our relationship with you and carry out any related administration; and
  • send you communications related to our legal services.

In addition, where permitted by applicable data protection laws, Gibson Dunn processes Personal Information based on its legitimate interests, which consist of:

  • providing our legal services to our clients, including to the company for which you are working, and managing our relationship with such clients, including seeking payment for our services;
  • complying with applicable laws, as relevant, responding to requests from, and other communications with, competent public, governmental, judicial, or other regulatory authorities, and responding to valid legal process, investigating or participating in civil discovery, litigation, or other legal proceedings;
  • meeting our corporate and social responsibility commitments; and
  • protecting or defending your rights, property, or security, or ours.

If you wish to obtain further details regarding our legitimate interests, where relevant under applicable data protection laws, please contact us by sending a request using the contact details specified at the end of this Privacy Statement.

Finally, Gibson Dunn processes Personal Information to comply with the legal obligations to which it is subject, including anti-money laundering or anti-bribery checks.

To provide you with online services and improve our Site

Gibson Dunn processes Personal Information for the performance of the contract with you to provide you with our services through the Site.

We process Personal Information to store cookies on your device(s), including upon your consent where required, as described in our Cookie Notice.

In addition, Gibson Dunn processes this Personal Information based on its legitimate interests, which consist of:

  • complying with applicable laws, as relevant, responding to requests from, and other communications with, competent public, governmental, judicial, or other regulatory authorities and responding to valid legal process, investigating, or participating in civil discovery, litigation, or other legal proceedings; and
  • protecting or defending your rights, property or security or ours, including by investigating potential violations of or enforcing our terms of use.

Where provided by applicable data protection laws, if you wish to obtain further details regarding our legitimate interests, please contact us by sending a request using the contact details specified at the end of this Privacy Statement.

To respond to your inquiry, to inform you about our services and events, to send you our newsletters, and/or to make available to you Internet-based continuing legal education courses and send you certificates of completion for such courses

Gibson Dunn processes Personal Information based on its legitimate interests, which consist of:

  • responding to your inquiries, including those sent to the contact details provided on the contact page of the Site; and
  • where consent is not required, sending you marketing communications regarding our services and events.

In addition, individuals who have consented, including through a subscription or registration form on the Site, may receive our newsletters (client alerts, invitations to webcasts and events, or other materials or activities) and, in the case of Gibson Dunn alumni, register to take online continuing legal education courses and receive over email certificates of completion for such courses. Individuals who have consented may subsequently opt out of receiving our direct marketing communications at any time by clicking on the opt-out link included in the marketing communications or sending a request using the contact details specified at the end of this Privacy Statement.

To evaluate and process your application for employment with our firm

Gibson Dunn processes Personal Information to take precontractual steps at your request for processing your application for employment, association, or partnership with Gibson Dunn, including to evaluate your candidacy.

To comply with applicable legal obligations

Gibson Dunn also processes Personal Information to comply with applicable legal obligations to which it is subject, including employment law.

Disclosure of Personal Information

For the purposes described in this Privacy Statement, we may need to share certain Personal Information with certain recipients. Such recipients will either act as another independent controller or as a processor acting on our behalf and upon our instructions.

We may disclose your Personal Information in the following limited circumstances:

  • Our Affiliates and Other Offices: We may disclose your Personal Information between or among our affiliates and offices acting upon our instructions or for their own purposes (for example, for Firm administration or direct marketing purposes).
  • Authorized Third Parties and Service Providers: We may disclose your Personal Information to processors that provide us with the services necessary for the achievement of the purposes described above, i.e., external auditors and our third-party service providers that provide various types of services, including IT services, and companies that provide web analytics, advertising, email distribution, and other services. These third parties are permitted to use your Personal Information to the extent necessary to enable them to provide their services to us. They are required to follow our instructions, comply with applicable law, and maintain appropriate security measures to protect your Personal Information.
  • Other Parties When Required by Law or as Necessary: We may disclose your Personal Information to other entities acting as independent controllers. For example, we may disclose your Personal Information to legal or government authorities or third parties to comply with legal or regulatory requirements; to respond to lawful requests and legal process; to protect our rights and property and those of our agents, clients and others, including to enforce our agreements, policies and terms included in this Privacy Statement; to prevent fraud; and to protect the personal safety of any person.
  • Other Parties upon Your Request or Your Consent: We may disclosure your Personal Information to other persons with whom you have requested that we share information or when you expressly consent to such sharing.
  • Other Parties in Connection with a Transfer of Assets: If we make a sale or transfer of assets, or are otherwise involved in a merger or transfer, we may transfer your Personal Information to one or more third parties as part of that transaction in a manner consistent with this Privacy Statement.

We do not sell your Personal Information to any third parties or share your Personal Information with any third parties for cross-context behavioral or targeted advertising purposes (as defined by applicable laws).

International Transfers

As you know, Gibson Dunn is an international law firm, with clients, affiliates and offices located throughout the world. As we are headquartered in the United States, your Personal Information needs to be transferred to the United States for the purposes described in this Privacy Statement.

In addition, when we share your Personal Information with the third parties, including our affiliates, mentioned above in the Disclosure of Personal Information section, it may require transfers of your Personal Information overseas. This may include transfers to countries outside of the country of collection (including, without limitation, outside of the EEA or the UK) whose laws provide levels of protection for Personal Information that are not always equivalent to the level of protection that may be provided in your own country.

Where your Personal Information is transferred outside the country of collection, Gibson Dunn has procedures in place to transfer, process, and store Personal Information with appropriate safeguards and in accordance with lawful transfer mechanism(s) under applicable data protection laws. As applicable, such appropriate safeguards may include obtaining government approvals and if necessary, applying at least a comparable standard of protection to your Personal Information or adopting standard contractual clauses issued by the European Commission (as amended by the UK Addendum issued by the UK Information Commissioner, where relevant) and we will provide you with details on the applicable safeguards and transfers upon request to the Firm’s contact details specified at the end of this Privacy Statement.

Security Procedures

Gibson Dunn maintains appropriate technical and organizational security procedures to protect your Personal Information from loss, misuse, unauthorized access, disclosure, or alteration, in accordance with applicable data protection laws.

In addition to such measures, Gibson Dunn maintains confidentiality policies that govern all information that any attorney or other personnel of Gibson Dunn receives in the course of their employment, association, or partnership with Gibson Dunn. All attorneys and personnel are made aware of these policies and Gibson Dunn has in place procedures to train all attorneys and personnel to implement these policies. You should take adequate precautions to protect your Personal Information.

Retention of Personal Information

General principles

Gibson Dunn will retain your Personal Information for no longer than is necessary for the purposes identified under this Privacy Statement, and as permitted by applicable law.

Accordingly, please note that the data retention period actually applied by Gibson Dunn may vary, depending on the relevant purpose as described herein and/or if you request the erasure or deletion of your Personal Information in accordance with applicable data protection laws. As such, Gibson Dunn may keep your Personal Information for a longer time than those described below as part of its legal obligations. In such case, we will keep your Personal Information for the duration of such legal obligations.

On the expiration of the applicable data retention periods, Gibson Dunn will securely destroy or delete, de-identify (where permitted by applicable laws) or anonymize the relevant Personal Information.

For legal services

Gibson Dunn will keep your Personal Information for the whole duration of our legal services, extended by the applicable limitation period or as long as may be required by applicable statutory or professional retention obligations.

For online services and our Site improvements

With respect to the services provided to you through our Site, Gibson Dunn will keep your Personal Information during the period of our contractual relationship, extended by any applicable statutory period.

For responding to your inquiries, informing you about our services and events, sending you our newsletters, and/or making available to you Internet-based continuing legal education courses and sending you certificates of completion for such courses

Gibson Dunn will keep your Personal Information for communication purposes until you withdraw your consent or, if you are in the EEA or the UK, for five (5) years after the last contact with you.

For your recruitment and employment

For the applicants who are hired, Gibson Dunn will keep your Personal Information in accordance with the employee notice applicable to you.

If you are in the EEA or the UK, if you do not receive an offer of employment, association, or partnership with our firm, Gibson Dunn will ask you if you want us to keep your information to give you the opportunity to apply for future positions. If you are in any other country outside of the EEA or the UK, information collected from applicants who do not receive an offer of employment, association, or partnership with our firm will be deleted unless required by applicable law, or unless the candidate has requested that Gibson Dunn keep their application on file for consideration for future positions.

Specific provisions applicable to individuals in the United States:

If you are in United States, you have various rights in relation to the processing of your Personal Information. Depending on the jurisdiction in which you are a resident, you may have the following rights subject to the exceptions allowed by law in your respective state:

  • Right to Know / Data Portability: the right to know or be provided with the categories and specific pieces of Personal Information Gibson Dunn has collected about you, the categories of sources from which the Personal Information is collected, the business purpose for collecting the Personal Information, and the categories of third parties to whom Gibson Dunn has disclosed that Personal Information.
  • Correction: the right to correct inaccurate or obsolete Personal Information that Gibson Dunn may maintain about you.
  • Deletion: the right to delete the Personal Information Gibson Dunn maintains about you under certain circumstances.
  • Non-discrimination: the right not to be discriminated against on the basis of your exercising any of these rights.
  • Limitation regarding the use and disclosure of Sensitive Personal Information: the right to limit the use and disclosure of Sensitive Personal Information. Gibson Dunn does not use your Sensitive Personal Information in any matter that requires the right to limit because Gibson Dunn does not use or disclose Sensitive Personal Information for purposes of inferring characteristics about you, or in any way that would require us to provide a right to limit under applicable law.
  • Opt out: the right to opt out of the sale or sharing for purposes of cross-context behavioral advertising, or targeted advertising of Personal Information. Gibson Dunn does not sell, share, or engage in targeted advertising with respect to your Personal Information, including Sensitive Personal Information, as defined under applicable laws, and therefore does not provide this right. We may collect information through cookies for analytics purposes. You may turn off such cookies via the cookies preference center (Manage Cookies) and can learn more about our use of cookies by visiting our Cookie Notice.

To exercise your rights, please send a request using the Firm’s contact details specified at the end of this Privacy Statement, or call us at 1-800-266-0943.

We will first acknowledge receipt of your request and then provide a substantive response within the required timeline. If we require more time, we will inform you of the reason and extension period in writing. If you are a resident of a state that allows for appeals, and we deny your request, you may appeal our decision by emailing us at [email protected] or calling us at 1-800-266-0943. Within 45 calendar days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision. If the appeal is denied, we will also provide you with an online mechanism, if available, or other method through which you may submit a complaint.

To respond to your requests, we must verify your identity.

  • How to Authorize an Agent: You may designate an authorized agent to submit your verified consumer request on your behalf, but only if the authorized agent has your written permission to do so and you have taken steps to verify your identity directly with us.
  • How We Verify Your RequestWe will only use the Personal Information provided in the context of your request to verify your identity or the authority of your authorized agent to make the request. Depending on how you interact with us, we may require that you provide at least two pieces of Personal Information, such as your name, email address, client number, or other information that we already have in our possession. We will verify your request by comparing the information you provide to information already in our possession to minimize the risk of fraud.

Specific provisions applicable to individuals in the EEA or the UK:

You have various rights in relation to the processing of your Personal Information, depending on the relevant situation. These include the following rights:

  • Right of Access: the right to request confirmation as to whether or not your Personal Information is being processed by Gibson Dunn and, if so, the right to receive a copy of it;
  • Right to rectification: the right to request the rectification of your Personal Information if you find that it is inaccurate and the right to have incomplete Personal Information completed;
  • Right to erasure: the right to request the erasure or deletion of your Personal Information depending on the circumstances. For example, this right does not apply if the processing is necessary to establish, exercise, or defend legal claims;
  • Right to restriction: the right to request the restriction of processing of your Personal Information, depending on the circumstances;
  • Right to data portability: where the processing is carried out by automated means and on the basis of your consent or the contractual relationship between Gibson Dunn and you, the right to request a copy of your Personal Information provided to us, in a structured, commonly used, and machine-readable format; and
  • Right to object: the right to object, on grounds relating to your particular situation, to the processing of your Personal Information. For example, you can object at any time to the processing of your Personal Information for direct marketing communications.

To exercise any of your rights, or if you have any other questions about our use of your Personal Information, please send a request using the contact details specified at the end of this Privacy Statement. We will first acknowledge receipt of your request and then provide a substantive response within the required timeline. If we require more time, we will inform you of the reason and extension period in writing. We may ask you for more information in case of reasonable doubts concerning your identity

In any case, you also have the right to lodge a complaint with the competent data protection authority, in particular in the country of your habitual residence, place of work, or place of an alleged infringement if you consider that the processing of your Personal Information carried out by us infringes any applicable data protection laws.

Specific provisions applicable to individuals in the Kingdom of Saudi Arabia:

You, as the data subject, retain the following rights in relation to the processing of your Personal Information:

  • Right to be Informed: which shall include the right to possess certain information about the controller and how we intend on using your Personal Information, the period for which it will be stored, and the process of withdrawal of consent.
  • The Right of access: exercising the right to access your Personal Information at your request via channel provided by the controller.
  • Right to Request Access: whereby you shall have the right to request a copy of your Personal Information in a readable and clear format.
  • Right to Request Correction: you shall have the right to obtain a processing restriction when the accuracy of the Personal Information is contested. You shall then be able to update the information provided sufficient evidence and supporting documents are provided.
  • Right to Request Destruction: you shall retain the right to request the destruction of your Personal Information.
  • Right to Claim Compensation: you shall retain the right to claim compensation before a competent court for material or moral damage if you suffer harm due to a violation of the Kingdom’s Personal Data Protection Law (“PDPL”).

It is stated under Article 34 of the PDPL that a data subject may submit a complaint to the competent authority. The complaint shall be submitted in accordance with the conditions and requirements set forth in Article 37 of the Implementing Regulation to the PDPL.

In addition to the above-mentioned rights, you shall also retain the right to submit a complaint before the competent authority, subject to the following:

  • A data subject shall be permitted to submit a complaint within a period not exceeding ninety (90) days from the data of the incident, or upon being aware of the incident. The competent authority may, at its sole discretion, determine the admissibility of any complaints that have been submitted beyond the aforementioned window.
  • The complaint shall include the following information: (a) the time and place the incident took place; (b) the complainant’s name, identification details, address, and contact number; (c) information relating to the accused entity; (d) clear description of the incident, along with any supplementary information or evidence; and (e) any other requirements and/or information that may be requested by the competent authority.
  • The competent authority shall examine and study the submitted complaints and the supporting documentation. In the event additional information is required at this stage of the complaints process, the competent authority shall contact you with their respective requests.

The competent authority shall then inform you regarding the outcome of the complaint. The competent authority shall retain a record of the submitted complaints in a register specifically created for this purpose.

Specific provisions applicable to individuals in other regions:

Although we process Personal Information in the same manner across our offices, our global presence means that we are subject to a variety of data protection laws across the world. In certain circumstances, subject to certain exceptions and applicable law, you may have various rights which allow you to exercise control over your Personal Information and how we handle it. For example, if we process your Personal information in Hong Kong, Singapore, or China, the applicable data protection laws give you rights to request access to, and to request correction of, your Personal Information, and to withdraw your consent.

To exercise any such rights, or if you have any other questions about our use of your Personal Information, please send a request using the contact details specified at the end of this Privacy Statement. Please note that we may ask you to provide us with additional information to verify your identity and we may be entitled to charge a reasonable fee for responding to a data access request.

Use of Cookies

Gibson Dunn uses “cookies” (small data files) on the Site. For detailed information about “cookies” and how they are used on the Site, please refer to the Cookie Notice.

The Site may contain hyperlinks to websites of third parties. This Privacy Statement does not apply to such third-party content or websites. If individuals decide to follow such links, they must be aware that Gibson Dunn does not take any responsibility for the third-party content or compliance of the third-party website with applicable data protection laws. Individuals are encouraged to make themselves aware of applicable privacy policies before they submit Personal Information to third-party websites.

Children’s Privacy

Our services are not directed to individuals under the age of eighteen (18). If we discover we have received any Personal Information from a child under the age of thirteen (13) in violation of this Privacy Statement, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone under the age of thirteen (13), please contact us at [email protected].

We do not sell or share the Personal Information of any individuals and, therefore, necessarily do not sell or share the information of children of any age.

Revisions to this Privacy Statement

Gibson Dunn reserves the right to change or update this Privacy Statement at any time. The applicable version of this Privacy Statement is available on the Site. If such change is material or substantive, this will be brought to your attention, and we will seek your consent where required by applicable law, including before using your Sensitive Personal Information (as defined by applicable law) for a new or secondary purpose not already disclosed, if required under applicable law.

Contact

For any requests, questions or comments about this Privacy Statement or the collection, processing, or storage of your Personal Information by Gibson Dunn, please contact us via e-mail at: [email protected].

or in writing to:

Gibson Dunn & Crutcher LLP
Attn.: Office of the General Counsel
1700 M Street, N.W.
Washington, DC 20036-4504
United States of America

The contact details for our offices in Europe and the United Kingdom are provided at: https://www.gibsondunn.com/legal-notices/.