Home > Global Privacy Policy
Home

Global Privacy Policy

Effective January 2025 (AS AMENDED)

Morgan, Lewis & Bockius LLP and our affiliates globally (together “Morgan Lewis” or the “Firm”) are committed to safeguarding the privacy and security of Personal Data (as defined below) that we may collect from visitors to our website, clients to whom we provide legal and other services, and other third parties that interact with the Firm or submit information to us, including but not limited to job applicants and alumni (collectively “you”).

This Privacy Policy is applicable to our website users (including mobile and social media sites), clients, alumni, job applicants, and other third-parties (“you” or “your”) and discloses the Personal Data gathering and dissemination practices of Morgan Lewis in connection with our websites (i.e., morganlewis.com) and other digital properties such as our mobile applications, social medial properties, alumni portal, digital communications and other electronic processing (collectively, “Site”). It explains how we use Personal Data that we collect or otherwise receive about you, how you can instruct us if you prefer to limit the use of that information, and the procedures that we have in place to safeguard your privacy.

This Global Privacy Policy ( “Policy”) addresses the basis on which the Firm may collect, use, disclose, or otherwise process Personal Data in accordance with applicable data protection laws (“Data Protection Laws”) when providing legal services, operating our business (such as marketing and business development practices), and managing our websites and other digital properties (such as our alumni portal) that link to this Policy (collectively “Digital Properties”).

Under the Data Protection Laws, the Firm is a data controller of your Personal Data, including Personal Data processed in the course of client representations as merits counsel. This Policy does not apply to any processing by our eData team when engaged for eDiscovery services which are performed as eDiscovery counsel in accordance with instructions from the data controller and pursuant to a data processing agreement.

By interacting with the Firm, using our Digital Properties, submitting information to us, or engaging our services, you understand and accept the terms of this Policy.

This Policy may be updated by the Firm at any time and any amendments or revisions made to this Policy will be published on our website. Under such circumstances, if you continue to use our services and/or our Digital Properties, you will be deemed to have agreed to be bound by the updated Policy.

Some Morgan Lewis offices have policies and/or notices that may contain different or additional requirements. Please scroll down to view the jurisdictional specific policies and notices. Where there are differences between this Policy and a jurisdictional specific policy, the jurisdictional policy will control.

Personal Data” means information that identifies, relates to, describes, or can reasonably be linked, directly or indirectly, to a specific natural person. Depending on your jurisdiction, it may not include information that is anonymized, de-identified, or aggregated. Where applicable, Personal Data includes the terms “personal data,” “personal information,” “personally identifiable information,” and any other equivalent term as defined in the Data Protection Laws.

COLLECTION, USE AND PURPOSES OF PROCESSING

We collect and use Personal Data for the purposes described below.

We note that, where legally permissible, we may use and disclose fully anonymized, de-identified, or aggregated information – which is no longer considered Personal Data in certain jurisdictions - for purposes as permitted by applicable law. Where possible, the Firm will maintain and use de-identified data without attempting to re-identify the data, except as otherwise agreed. 

Functionality of Our Digital Properties:

When visiting our Digital Properties, the Firm may collect your Personal Data. The Firm uses this data to: retrieve the sites you wish to visit; enable access to and display our Digital Properties; operate, enhance and improve our Digital Properties; ensure the security of our Digital Properties (specifically, to prevent unauthorized interference); enable us to exercise our legal rights and obligations regarding any such unauthorized interference; and for data analysis purposes. The types of Personal Data we may collect may include:

  • Interaction Information: Information about your interaction with our Digital Properties, such as the content you view and features you access on our Digital Properties, whether and how you interact with content available on our Digital Properties, the search terms you enter on our Digital Properties, and the events and materials in which you have indicated interest or for which you have registered or requested;
  • Geolocation Information: Information regarding your location, such as your ZIP code, city, state or province, country, or general geographic location as derived from your device data (such as your IP address); and
  • Unique Identifiers: Information that uniquely identifies you or the device through which you interact with our Digital Properties, such as your name, e-mail address, username, IP address, and device identifiers.

If you have registered with a Digital Property, such as our alumni portal, we may also collect your account username and password to enable us to provide you with a unique and secure account.
We and third parties engaged on our behalf may use cookies and similar tracking technologies (collectively “Cookies”) to collect information from and store information on your device when you use, access, or otherwise interact with our Digital Properties. For information about how we use Cookies and the choices you may have, please see our Cookie Policy. We do not currently respond to “Do Not Track” signals.

Legal Services:

We may collect your Personal Data to provide legal services to you or your employer, respond to your inquiries, perform our contractual obligations, and handle other professional and operational matters for you. Depending on the nature of the services, the types of Personal Data that we typically collect includes:

  • Business Contact Information: name, employer, title, postal address, work/personal email address, work/personal phone number; 
  • Government Identifiers: Identification numbers, driver’s license, passport information, Social Security number;
  • Financial Information: Bank account number, transaction records, and information necessary for billings and invoice purposes;
  • Regulatory Compliance Information: Information related to Know-Your-Client and Anti-Money Laundering and market abuse regulations requirements, or as part of our client onboarding process, which may include passport or other identification and due diligence data; and
  • Sensitive Information: Health, sickness and or disability data, criminal record data, religion and philosophical beliefs, sexual orientation.

Recruitment:

We collect your Personal Data when you apply for positions with the Firm to evaluate your application. The Personal Data that the Firm may collect in order to process your job application includes:

  • Contact Information: name, postal address, work/personal email address, work/personal phone number;
  • Resume/CV Information: education, employment references, professional qualifications, certifications, employment history; and
  • Other Job Applicant Information: gender, date of birth, nationality, country and city of birth, disability information.

The Firm generally relies on Personal Data provided by you (or your authorised representative). In order to ensure that your Personal Data is current, complete, and accurate, you must notify the Firm if there are changes to your Personal Data by contacting your local Human Resources representative. The Firm shall take all reasonable efforts to ensure that your Personal Data collected, used, disclosed or otherwise processed is accurate and complete if it is likely to be used to make a decision that affects you or if it is likely to be disclosed to a third party.

Marketing/Business Development:

We collect your Personal Data as part of the Firm’s marketing and business development activities, including in order to: maintain and develop the Firm’s relationship with you; respond to your inquiries; send you newsletters, alerts, legal updates, and other information or materials that may interest you, such as information related to webinars and events; and expand and maintain our list of contacts, including our alumni network. The Personal Data that the Firm may collect as part of its marketing and business development activities include:

  • Business Contact Information: name, employer, title, postal address, work/personal email address, work/personal phone number;
  • Technical Information: data regarding your use of our website, IP address, and device type; and
  • Event Registration Information: name, email, dietary requirements, and other preferences.

Where required by Data Protection Laws, the Firm will only send marketing materials after it has obtained your separate consent to do so. You may withdraw your consent at any time as described in the RIGHT TO OPT OUT/UNSUBSCRIBE section below.

Management and Administration:

We collect your Personal Data for our internal management and administration purposes such as:  billing; audit purposes; to comply with any legal or regulatory obligations; and for operating and expanding our business activities. The Personal Data the Firm may collect as part of its management and administration activities includes:

  • Business Contact Information: name, employer, title, postal address, work/personal email address, work/personal phone number; and
  • Financial Information: Bank account number, transaction records, and information necessary for billings and invoice purposes. 

METHOD OF COLLECTION

The Firm may collect or otherwise receive the Personal Data described above in a variety of ways including:

  • Directly from you: We may collect Personal Data that you choose to provide to us when you engage us for legal representation; contact us; request that we send you newsletters, alerts, or other marketing materials; register for a webinar or event; fill out a form; respond to a survey; or otherwise communicate or interact with us.
  • From other sources: We may receive and collect Personal Data about you from other sources, including publicly available sources; our business partners; our personnel; our clients/entities to which we provide legal services such as your employer; social media platforms; recruiters; and other sources such as other law firms. If you provide information to us about any person other than yourself, such as your employees, you must ensure that they understand how their information will be used and disclosed, and that they have given their permission for you to disclose it to us and for you to allow us, and our service providers, to use and disclose it as set forth in this Policy. Where you require us to obtain Personal Data from third parties, such as target representatives with whom we do not otherwise have a relationship, you are responsible for the associated compliance obligations to ensure that we have the right to process this data. 

PROCESSING – CLOUD SERVICES & ARTIFICIAL INTELLIGENCE

The Firm may process your Personal Data using (i) cloud services, and (2) artificial intelligence (including portable models) in a closed, proprietary environment. Such cloud and artificial intelligence services may be hosted in the United States (US), United Kingdom (UK), and/or other countries, including those that do not provide the same level of data protection as the jurisdiction in which you reside (“Your Jurisdiction”). The Firm will exercise due diligence in its selection of these services and will ensure that adequate technical and organizational security measures are in place to safeguard your Personal Data through use of these services.

GROUNDS FOR PROCESSING

Some jurisdictions require the Firm to have legal grounds for processing Personal Data. Where applicable law requires us to justify our processing activities, we rely on the following legal bases:

  • Performance of a contract: We may collect and use your Personal Data in order to enter into a contract with you or to perform a contract that you have with us. For example, when you engage our legal services, we will use your Personal Data to respond to your requests and provide you with such services.
  • Consent: Where required, we will obtain your consent. For example, some jurisdictions require us to obtain your consent to process your Personal Data for direct marketing. You may withdraw your consent at any time as described in the RIGHT TO OPT OUT/UNSUBSCRIBE section below. 
  • Legitimate interests: We may process your Personal Data for our legitimate interests to provide and improve our services and the content on our Digital Properties as well as for our administrative and business purposes. For example, we may use electronic tools to internally process your Personal Data. 
  • Legal obligation: We may process Personal Data as necessary to comply with our legal obligations.

DISCLOSURE

The Firm does not sell or share your Personal Data. We may disclose your Personal Data as follows: 

  • as provided by our contract with you; 
  • in the event of a sale or business transaction involving the Firm  (e.g., bankruptcy, merger, sale);
  • to protect the rights or property of the Firm; 
  • as we deem reasonably necessary to provide legal services; or 
  • as permitted or required by law or regulation of any jurisdiction that may apply to us.

For more information on disclosures constituting cross-border data transfers, see the INTERNATIONAL TRANSFERS section below. 

The recipients of your Personal Data are limited to the categories listed below for the purposes described in this Policy:

  • Our offices and affiliates;
  • Our third-party service providers, including web-hosting companies,  event hosting services, information technology providers, auditors, and other professional advisors and consultants;
  • Parties involved in the provision of services to the Firm or its clients and prospective clients including barristers, local counsel, experts and other professional advisors;
  • Banks and financial institutions, auditors, insurers and other service providers; 
  • Courts, tribunals, regulatory and governmental authorities, and law enforcement agencies; and
  • Others only with your consent or at your discretion such as with our alumni network portal.

Your Personal Data will only be disclosed on a need-to-know basis. For more information on disclosures to service providers, please see the SERVICE PROVIDER section below.  

Please note that any Personal Data that you post to a profile, comment section, or forum on our Digital Properties may be available to other users of those forums or, in some cases, made publicly available.

We will cooperate with law enforcement authorities around the world and may disclose Personal Data as follows;

  • to comply with law or respond to a compulsory legal process (e.g., subpoenas, search warrant, or court order);
  • to respond to a request for information from a regulator or governmental authority; 
  • in the course of actual or anticipated litigation or otherwise for legal purposes (e.g., to other law firms, courts, or government authorities) to protect our clients’ rights and/or to provide services to our clients; or
  • to comply with other government requirements, including record-keeping and reporting obligations, audits, and cooperating with government inspections and other requests from government or regulatory authorities. 

In these circumstances, we strive to take reasonable efforts to notify you before we disclose information that may reasonably identify you, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.

YOUR RIGHTS AND CHOICES

Depending on your location, you may have rights in addition to those detailed in this Policy. To learn more about your rights and how to exercise them, please review the policy addressing Your Jurisdiction below.

WITHDRAWAL OF CONSENT

Where consent is required, your consent for the collection, use, disclosure, and processing of your Personal Data will remain valid until it is withdrawn by you in writing. You may withdraw your consent and request the Firm to stop using, disclosing, and/or processing your Personal Data for any or all of the purposes listed in this Policy by submitting your request in writing or via email to the Privacy Office as indicated in the CONTACT US section below.

Upon receipt of your written request to withdraw your consent, the Firm may require reasonable time (depending on the complexity of the request and its impact on its relationship with you, or other applicable jurisdictional requirements) for your request to be processed and for the Firm to notify you of the consequences, including any legal consequences that may affect your rights and liabilities to the Firm. In general, the Firm will process your request within thirty (30) days of receipt or within the time period afforded under the applicable Data Protection Law. If you decide to cancel your withdrawal of consent, you must inform the Firm in writing in the same manner as described above.

Once you withdraw your consent, we will no longer process the corresponding Personal Data. However, withdrawing your consent does not affect the Firm’s right to continue to collect, use, disclose, and/or process your Personal Data where such collection, use, disclosure, and processing is permitted without consent or required under applicable laws. Further, your decision to withdraw your consent will not affect our prior processing of your Personal Data based on your previous consent.

RIGHT TO OPT OUT/ UNSUBSCRIBE

Where required under applicable Data Protection Laws, the Firm will not send any promotional materials to you unless you have opted into receiving these communications. Additionally, at any time, you may opt out of having your Personal Data used by the Firm to send promotional correspondence to you by contacting the Privacy Office as indicated in the CONTACT US section below. You may also “unsubscribe” from our email list at any time by clicking the “unsubscribe” button in any communication from the Firm. We will comply with your request as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails from us, we may still send you important administrative communications from which you cannot opt out.

THIRD-PARTY CONTENT

Our Digital Properties may include integrated content or links to content provided by third parties, such as social media sites including X (formerly Twitter), Facebook, and Instagram, which may have privacy policies that differ from this Policy. This Policy does not address the privacy, security, or other practices of the third parties that provide such content. The Firm is not responsible for the activities and practices that take place on these websites. We recommend that you review the privacy policy posted on any external site before disclosing any Personal Data. Please contact those websites directly if you have any questions about their privacy policies.

INTERNATIONAL TRANSFERS

As an international law firm, Morgan Lewis operates globally with offices and affiliates in many jurisdictions. Details regarding our locations may be found here

Your Personal Data may be transferred and/or shared both within and outside of Your Jurisdiction with our offices, affiliates, and third parties to enable us to provide legal services and for the purposes described in this Policy. Your Personal Data may be transferred to, processed and/or accessed in countries whose laws may provide a different level of protection than Your Jurisdiction. For example, our Digital Properties and information technology systems, including email, are hosted on servers located in the US. When you submit Personal Data to us, including via email, you may be conducting a cross-border data transfer.

To provide adequate protection for these transfers in accordance with applicable Data Protection Law, we have taken all necessary and appropriate measures to protect your Personal Data and ensure an adequate level of protection, including but not limited to executing the appropriate data transfer agreements with our affiliates and third-party service providers as required by applicable Data Protection Laws. With respect to transfers originating from the EEA and UK to the US and other non-EEA jurisdictions, we implement standard contractual clauses approved by the European Commission, international data transfer agreements as issued by the UK Information Commissioner, and other appropriate solutions to address cross-border transfers as required or permitted by Articles 46 and 49 of the General Data Protection Regulation or other relevant laws.

Morgan Lewis implements all necessary security and legal precautions to ensure the safety and integrity of Personal Data that is transferred within the Firm. All of our offices adhere to the same procedures with respect to your Personal Data. As a result, your Personal Data will be given the same level of protection regardless of its location within the Firm.

Your Personal Data may also be accessed by the Firm’s service providers who may be located in the US and other jurisdictions. For more information, see section 7, SERVICE PROVIDERS, below.

If you would like more information about the international transfer of your Personal Data, please contact our Privacy Office as indicated in the CONTACT US section below.

SERVICE PROVIDERS/THIRD PARTIES

We will exercise appropriate due diligence with the disclosure of Personal Data to any third parties. The Firm enters into contracts with third parties providing services on behalf of the Firm (“Vendors”) which address the requirements of applicable privacy laws. Vendors will be required to use appropriate security measures to protect Personal Data and will be prohibited from using Personal Data other than as instructed by the Firm.

These Vendors may be located in the US, EEA, the UK or other countries around the world. The Firm will ensure that it complies with any applicable legal requirements for transferring Personal Data to Vendors located outside the jurisdiction in which the data was originally collected.

SECURITY MEASURES

The Firm has implemented administrative, physical, and technical measures to secure your Personal Data against any unauthorized access, modification, or disclosure. As part of these measures, the Firm has developed policies, standards, and procedures to support and enforce preventive and detective operational controls to ensure the confidentiality, integrity, and availability of Personal Data such as up-to-date antivirus protection, encryption, the use of privacy filters, and other physical security measures. We store and back-up the Personal Data we collect in the US or in other countries where we or our service providers have facilities.

While security cannot be guaranteed, the Firm strives to protect the security of your Personal Data and is constantly reviewing and enhancing its administrative, physical, and technical measures. However, no method of transmission via the Internet (including our website or email) or method of electronic storage is completely secure. We are not responsible for the security of information you transmit to us over networks that we do not control, including the Internet and wireless networks. Any transmission is at your own risk. For more private communication, you may contact the Firm by telephone at the phone number indicated in the CONTACT US section below.

RETENTION

The Firm will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected (or otherwise received) in accordance with its data retention policies (including for the purposes of satisfying any legal, accounting, or reporting requirements) or as required or permitted by applicable laws after which the Firm will delete, anonymize, or securely dispose of your Personal Data.

To determine the appropriate retention period for Personal Data, the Firm considers the amount, nature, and sensitivity of the Personal Data; the potential risk of harm from unauthorised use or disclosure of the Personal Data; the purposes for which it processes the Personal Data and whether it can achieve those purposes through other means; and the applicable legal requirements including the statute of limitations periods. For the avoidance of doubt, the Firm may retain Personal Data in situations where its relationship with the data subject (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable the Firm to enforce its rights under any contract).

Please note that our information technology systems are hosted and all data is stored on servers located in the US.

COLLECTION OF PERSONAL DATA FROM CHILDREN

The Firm does not knowingly solicit or collect Personal Data online from children under the age of 14 without prior verifiable parental consent. If we learn that a child under the age of 14 has submitted Personal Data online without parental consent, we will take all reasonable measures to delete such information from our databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any Personal Data the Firm has collected from children under 14, please contact our Privacy Office at MLPrivacyOffice@morganlewis.com.

CHANGES TO THIS PRIVACY POLICY

We may change this Policy and/or any of the jurisdictional specific policies from time to time, including as required to keep current with rules and regulations, new technologies, and security standards. When we do, we will post the change(s) on our website and display an effective date at the top of the applicable policy so that it will be easier for you to know when there has been a change. If we change a policy in a material manner, we will endeavor to provide appropriate notice to you before such changes take effect.

CONTACT US

If you (i) have questions, feedback or concerns about this Policy and/or any of the jurisdictional specific policies or how we collect, use, and disclose your Personal Data, (ii) would like to withdraw your consent to any use of your Personal Data, (iii) would like to make a request related to your rights to your Personal Data, or (iv) would like to report a violation of this Policy and/or any of the jurisdictional specific policies, you can contact the applicable data protection officer for your jurisdiction and/or the firm Privacy Office at the contact information below:

MORGAN LEWIS PRIVACY OFFICE
Email: MLPrivacyOffice@morganlewis.com
Telephone:   +1.215.963.5000
Address: 2222 Market Street
Philadelphia, PA 19103

UNITED ARAB EMIRATES OFFICES DATA PROTECTION OFFICER
Email: MLAbuDhabiDPO@morganlewis.com
Telephone:   +971.4.312.1865
Address: Emirates Towers Offices, Level 10
PO Box 504903, Sheikh Zayed Rd.
Dubai, United Arab Emirates

BRUSSELS OFFICE DATA PROTECTION OFFICER
Email: MLBrusselsDPO@morganlewis.com
Telephone:   +32.2.507.75.00
Address: 7 Rue Guimard B-1040
Brussels, Belgium

GERMAN OFFICES DATA PROTECTION OFFICER
Email: Datenschutz@morganlewis.de
Telephone:   +49.69.714.00.777
Address: Opern Turm Bockenheimer Landstr. 4
60306 Frankfurt am Main

PARIS OFFICE DATA PROTECTION OFFICER
Email: MLParisDPO@morganlewis.com
Telephone:   +33(0)1.53.30.43.00
Address: 68, Rue du Faubourg Saint-Honoré 75008
Paris, France

LONDON OFFICE DATA PROTECTION OFFICER
Email: MLLondonDPO@morganlewis.com
Telephone:   +44.20.3201.5000
Address: Condor house, 5-10 St Paul’s Churchyard
PLondon EC4M 8AL, England

KAZAKHSTAN OFFICE DATA PROTECTION OFFICER
Email: MLKazakhstanDPO@morganlewis.com
Telephone:   +7.727.250.7575
Address: Ken Dala Business Center, 5th Floor
Prospekt Dostyk, 38 Almaty 050010
Republic of Kazakhstan

HONG KONG OFFICE DATA PROTECTION OFFICER
Email: MLHongKongDPO@morganlewis.com
Telephone:   +852.3551.8558
Address: 19/F, Edinburgh Tower, The Landmark
15 Queen’s Road Central, Hong Kong

CHINA OFFICES DATA PROTECTION OFFICER
Email: MLChinaDPO@morganlewis.com
Telephone:   +86.10.5876.3500 (Beijing)
+86.21.8022.8588 (Shanghai)
Address: Units 2802-2810 Tower A
Three ITC, 183 Hongqiao,
Shanghai 200030, China

SINGAPORE OFFICE DATA PROTECTION OFFICER
Email: MLSingaporeDPO@morganlewis.com
Telephone:   +65.6389.3000
Address: Level 27 Ocean Financial Centre 10 Collyer
Quay Singapore 049315

JAPAN OFFICE DATA PROTECTION OFFICER
Email: MLTokyoDPO@morganlewis.com
Telephone:   +81.3.4578.2500
Address: Marunouchi Building 16F 2-4-1
Marunouchi, Chiyoda-ku Tokyo 100-6316, Japan

JURISDICTION SPECIFIC POLICIES

INTRODUCTION

This Data Protection Policy (this “Policy”) addresses the basis on which Morgan, Lewis & Bockius (Hong Kong office) and its affiliated entities and offices (the “Firm”) may collect, use, disclose or otherwise process Personal Data (as defined below) in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) (the “PDPO”) and any other applicable law. This Policy incorporates our Global Privacy Policy herein by reference and applies to Personal Data in the Firm’s possession or under its control.

By interacting with the Firm, using our website, submitting information to us, or engaging our services, you agree and consent to the Firm and Third Parties (as defined below) collecting, using, disclosing and/or processing your Personal Data in the manner set out in this Policy.

This Policy may be updated by the Firm at any time, and any amendments or revisions made to this Policy will be published on our website.

DEFINITION OF PERSONAL DATA

Personal Data refers to any data relating, directly or indirectly, to a living individual from which it is practicable for the individual to be directly or indirectly identified.

DIRECT MARKETING

The Firm may collect, use, disclose or otherwise process your Personal Data to forward relevant marketing materials including legal updates, newsletters, and other communications on legal developments, as well as announcements and invitations to seminars and other events to you. The Firm will only send marketing materials after it has obtained your separate consent to do so. You may withdraw your consent for the Firm to send marketing materials to you at any time by opting out or contacting the Firm as detailed in our Global Privacy Policy.

DATA SUBJECTS’ RIGHTS

Under the PDPO, you have the right to request access to and correct your Personal Data. If you wish to make a request, you may submit your request in writing or via email to the Hong Kong Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

The Firm will respond to your access or correction request as soon as reasonably possible. If the Firm is unable to respond to your request within forty (40) days of receipt, the Firm will inform you, in writing, within this forty (40)-day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the PDPO).

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

Effective: January 2025 (AS AMENDED)

INTRODUCTION

Morgan, Lewis & Bockius LLP and Morgan, Lewis & Bockius Law Offices (Foreign Law Joint Enterprise) (collectively, the “Firm”) are committed to safeguarding the privacy and security of any Personal Information (as defined below) that we may collect from individuals located in Japan who interact with the Firm, use our website, submit information to us, or engage our services (collectively “you” or “your”).

This Data Protection Policy (“Policy”) incorporates our Global Privacy Policy (the “Global Policy”) herein by reference. This Policy and the Global Policy constitute the full privacy policy for data subjects based in Japan. This Policy addresses the basis on which the Firm may collect, use, disclose, transfer retain, or otherwise process Personal Information in accordance with the Act on the Protection of Personal Information (No. 57 of 2003, as amended) of Japan ("APPI") and/or any other applicable law. This Policy pertains to the Personal Information in the Firm’s possession and/or under its control.

By interacting with the Firm, using our website, submitting information to us, or engaging our services, you agree and consent to the Firm and/or Third Parties (as defined below) collecting, using, disclosing and/or processing your Personal Information in the manner set out in this Policy.

DEFINITIONS

Personal Information refers to information about a living individual, such as name, date of birth, or other identifier made by writing, recording, document, drawing, or electronic or magnetic records, which can be used to identify a specific individual. Personal Information also includes any information containing an individual identification code.

Sensitive Personal Information (also known as Special Care-Required Personal Information) refers to Personal Information involving an individual’s race, creed, social status, medical history, criminal record, fact of having suffered damage by a crime, or other descriptions as prescribed by the APPI which require special care so as not to cause unfair discrimination, prejudice, or other disadvantages to the individual.

DISCLOSURE TO THIRD PARTIES

The Firm may disclose your Personal Information to third-party service providers, vendors, agents, consultants and/or others third parties (“Third Parties”) (who may be located outside of Japan) to enable such parties to perform services on our behalf and under our instructions for one or more of the purposes set out above.

We may also disclose your Personal Information to Third Parties where:

  • you consent;
  • the APPI or other laws and regulations authorize or require the disclosure;
  • there is a need to protect the life, wellbeing, or property of an individual, and it is difficult to obtain the consent of the identifiable person;
  • it is necessary to cooperate a national or local Japanese government, or a person entrusted by them, and obtaining your consent would interfere with the performance of those governmental functions.
  • the Third Party that performs services on our behalf is located within Japan.

Before the disclosure of Personal Information to Third Parties, the Firm shall ensure that it has entered into any required agreements with the Third Parties.

DATA SUBJECT RIGHTS

You have the right to make the requests listed below regarding your Personal Information unless an exception under applicable data protection is applicable.

  • Right to be Informed
  • Right to Access
  • Right to Rectification
  • Right to Erasure and/or Deletion
  • Right to Object to Processing/Suspend Use

To exercise any of the above rights, submit your request to MLPrivacyOffice@morganlewis.com. Please note that a reasonable fee may be charged for an access request. If so, the Firm will inform the Data Subject of the fee before processing the request.

Depending on the request made, the Firm may only provide you with (i) access to the Personal Information contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Information that the Firm has on record, where your Personal Information forms a negligible part of the document(s).

INTERNATIONAL DATA TRANSFERS

You acknowledge and agree that your Personal Information may be transferred and/or shared with the Firm’s affiliated offices and Third Parties (which may be located outside of Japan and whose laws may not be adequate under APPI) for the purposes listed in this Policy. The Firm shall ensure that any Personal Information transferred will be adequately protected as set forth in the APPI. Information about affiliates and Third Parties located outside Japan (except those located in the European Economic Area) is attached hereto as Exhibit A).

Effective: January 2025

EXHIBIT A

Information On Third Parties Outside Japan That May Receive Personal Information

1. Countries where affiliated offices and Third Parties are located

The countries listed below are subject to change as affiliates and Third Parties may be added or removed.

  • the United States of America
  • the European Union
  • United Kingdom
  • China
  • Hong Kong
  • Singapore
  • the United Arab Emirates
  • Kazakhstan

2. Information regarding the personal information protection legislation in the above countries, except for the EU countries and U.K.)

Please refer to the following additional materials (that may be updated from time to time) that are published in the Japanese language by Japan’s Personal Information Protection Commission at the following websites and which shall be deemed to be part of this Exhibit A:

USA

China

Hong Kong

Singapore

UAE

* Information for Kazakhstan is not available on the website of Japan’s Personal Information Protection Commission

3. Information regarding the measures to be taken by the Third Parties to protect personal information

The Firm will thoroughly examine the suitability of each Third Party to which personal information is provided in advance, and confirm that appropriate measures have been taken in terms of security and other factors regarding the handling of personal information in such manner as consistent with the privacy principles set forth in the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (i.e., (i) collection limitation principle, (ii) data quality principle, (iii) purpose specification principle, (iv) use limitation principle, (v) security safeguards principle, (vi) openness principle, (vii) individual participation principle, (viii) accountability principle).

INTRODUCTION

介绍

Morgan, Lewis & Bockius LLP and its affiliates located in the People’s Republic of China (“PRC” or “China”) and globally (collectively, the “Firm”) are committed to safeguarding the privacy and security of Personal Data (as defined below) that we may collect from visitors to our website, the clients to whom we provide legal and other services, and other third parties that interact with the Firm or submit information to us, including but not limited to job applicants (collectively, “you”).

摩根路易斯律师事务所及其位于中华人民共和国(“中国”)和全球的代表处(以下统称为摩根路易斯”、“本所”或“我们”)致力于保护本所可能从本所网站访客、本所为其提供法律及其他服务的客户以及与本所互动或向本所提交信息的其他第三方(包括但不限于求职者)(统称 “”)处收集的个人信息(定义见下文)的隐私和安全。

This Data Protection Policy (this “Policy”) incorporates our Global Privacy Policy (“Global Policy”) herein. This Policy and our Global Policy constitute the full privacy notice for data subjects based in China. This Policy addresses the basis on which the Firm may collect, use, disclose, or otherwise process Personal Data in accordance with applicable data protection laws including, but not limited to, the China Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law and their associated regulations (collectively, the “Data Protection Laws”). This Policy applies to Personal Data in the Firm’s possession or under its control. Under applicable Data Protection Laws, the Firm is acting in its capacity as a data handler (also referred to as “data controller” in our general privacy policy). 

本数据保护政策(以下简称 “本政策”)包含本所的全球隐私政策(以下简称 “全球政策”)。本政策和本所的全球政策构成针对中国数据主体的完整隐私声明。本政策阐述了本所根据适用的数据保护法律,包括但不限于《网络安全法》、《数据安全法》、《个人信息保护法》及其相关规定(统称 “数据保护法”)收集、使用、披露或以其他方式处理个人信息的依据。本政策适用于本所拥有或控制的个人信息。根据适用的数据保护法,本所是个人信息处理者(在本所的一般隐私政策中也称为 “数据控制者”)。

By interacting with the Firm, using our website, submitting information to us or engaging our services, you agree and consent to the Firm and third parties collecting, using, disclosing and/or processing your Personal Data in the manner set out in this Policy.

您与本所互动、使用本所网站、向本所提交信息或使用本所服务,即表示您同意本所及第三方以本政策所载明的方式收集、使用、披露及/或处理您的个人信息。

Please read the following information carefully to understand our practices regarding your Personal Data and how we treat it. 

请仔细阅读以下信息,以了解我们对您个人信息的实践做法以及我们如何处理个人信息。

This Policy may be updated by the Firm at any time and any amendments or revisions made to this Policy will be published on our website. Under such circumstances, if you continue to use our services and/or our website, you will be deemed to have agreed to be bound by the updated Policy.

本所可随时更新本政策,任何对本政策的修订或修改均会在本所网站公布。在此情况下,如果您继续使用我们的服务和/或我们的网站,您将被视为同意接受更新后的政策约束。

DEFINITION OF PERSONAL DATA

个人信息的定义

Personal Data refers to any data, recorded electronically or by other means, related to identified or identifiable natural persons located in China, excluding anonymized information.

个人信息是指以电子或其他方式记录的与位于中国境内的已识别或可识别自然人有关的任何数据,不包括匿名信息。

DISCLOSURE OF PERSONAL DATA

个人信息的披露

The Firm may disclose your Personal Data as follows:

本所可能在以下情况下披露您的个人信息:

Entrust to Process

委托处理

We may entrust certain third parties to process your Personal Data. The third parties include vendors providing payment collection services, information technology support, technical and organizational services in connection with normal operational activities; legal, audit, operational or other advisors; and other service providers for the purposes referred to in this Policy. We will exercise appropriate due diligence in the selection of the third-party vendors and execute agreements with them requiring that such providers maintain adequate technical and organizational security measures to safeguard your Personal Data, and to process your Personal Data only as instructed by us and for no other purposes.

我们可能会委托某些第三方处理您的个人信息。第三方包括提供收款服务、信息技术支持、与正常运营活动相关的技术和组织服务的供应商;法律、审计、运营或其他顾问;以及用于本政策所述目的的其他服务提供商。我们在选择第三方供应商时将进行适当的尽职调查,并与他们签订协议,要求这些供应商保持足够的技术和组织安全措施,以保护您的个人信息,并仅按照我们的指示处理您的个人信息,不得用于其他目的。

Share

共享

We may share your Personal Data with our offices and affiliates worldwide. Within the Firm, your Personal Data will be shared only with a limited number of relevant individuals on a need-to-know basis in connection with their job responsibilities.

我们可能会与我们在世界各地的办事处和分支机构共享您的个人信息。在本所内部,您的个人信息只会在有必要知道的情况下,与有限数量的相关人员分享,以履行其工作职责。

We may also share Personal Data to comply with the law, respond to compulsory legal processes (such as a search warrant or court order), in response to a request for information from a regulator or governmental authority, in the course of actual or anticipated litigation, or otherwise for legal purposes, such as to other law firms, courts, or government authorities to protect your rights, and/or to provide services to you.

我们也可能为了遵守法律、回应强制性法律程序(如搜查令或法院命令)、回应监管机构或政府机构的信息提供请求、在实际或预期的诉讼过程中,或出于其他法律目的,如向其他律师事务所、法院或政府机构提供您的个人信息,以保护您的权利,和/或向您提供服务。

Transfer of Control

控制权的转移

We will require the data recipients to undertake to protect your Personal Data as required by the Data Protection Laws. We do not transfer control over your Personal Data to any third-party except as follows:

我们将要求数据接收方承诺按照数据保护法的要求保护您的个人信息。除以下情况外,我们不会将您的个人信息的控制权转移给任何第三方:

  • You expressly consent to the transfer in this Policy or otherwise;

    您在本政策中或以其他方式明确同意转让;

  • Pursuant to legal requirements, procedural requirements, litigation, or mandatory requirements of a competent governmental authority; or

    根据法律要求、程序要求、诉讼或主管政府部门的强制要求;或

  • To another business entity in connection with the sale, assignment, merger, or other transfer of all or a portion of the Firm’s business to that business entity.
    因出售、转让、合并或以其他方式将本所全部或部分业务转让给另一商业实体。

Publicly Disclose

公开披露

We will not publicly disclose your Personal Data except for the following instances:

除以下情况外,我们不会公开披露您的个人信息:

  • when you explicitly consent or you voluntarily request us to publicly disclose. Before disclosing your Personal Data, we will notify you of the purpose of such disclosure and the types of Personal Data to be disclosed. If the disclosure involves your sensitive Personal Data, we will notify you of the purpose, type and specific contents of such sensitive Personal Data;

    当您明确同意或您自愿要求我们公开披露。在披露您的个人信息之前,我们会通知您披露的目的以及披露的个人信息类型。如果披露涉及您的敏感个人信息,我们将通知您此类敏感个人信息的目的、类型和具体内容;

  • pursuant to legal requirements, procedural requirements, litigation, or mandatory requirements of a competent governmental authority.

    根据法律要求、程序要求、诉讼或主管政府部门的强制性要求。

DATA SUBJECTS’ RIGHTS

数据主体的权利

You have certain rights in relation to your Personal Data that we hold. You may exercise these rights as follows.

对于我们所持有的您的个人信息,您享有某些权利。您可以行使以下权利。

Access and Correction

查阅和更正

You have the right to request access to your Personal Data that we hold and information on how we use it and with whom we share it. If you find that your Personal Data is inaccurate, you have the right to request that we update or correct your Personal Data.

您有权要求查阅我们所持有的您的个人信息,并了解我们如何使用这些信息以及与谁共享这些信息。如果您发现您的个人信息不准确,您有权要求我们更新或更正您的个人信息。

Deletion

删除

You may request that we delete or remove your Personal Data. Please note that we may retain your Personal Data if we have valid legal grounds, such as for the defense of legal claims or other legal obligations, and we will advise you accordingly.

您可以要求我们删除或移除您的个人信息。请注意,如果我们有正当的法律依据,例如为法律主张辩护或履行其他法律义务,我们可能会保留您的个人信息,并且我们会相应地通知您。

If we decide to respond to your deletion request, we will also notify the entities that have obtained your Personal Data from us and request that they delete it in a timely manner, unless otherwise provided by laws and regulations or these entities obtain your authorization separately.

如果我们决定回应您的删除请求,我们也会通知从我们这里获得您个人信息的实体,并要求他们及时删除,除非法律法规另有规定或这些实体单独获得您的授权。

When the Personal Data is deleted from our servers, we may not be able to delete the corresponding Personal Data in our backup system immediately, but we will delete it when the backup is updated.

当个人信息从我们的服务器中删除时,我们可能无法立即删除备份系统中相应的个人信息,但我们会在更新备份时删除。

Processing Restriction

处理限制

You have the right at any time to restrict the processing of your Personal Data in accordance with the Data Protection Laws.

根据数据保护法,您有权随时限制对您个人信息的处理。

Copy

复制

You have the right to obtain a copy of your Personal Data in a structured, commonly used and machine-readable format and to reuse it elsewhere, or to ask us to transfer your Personal Data to a third party. We will accommodate your request where technically feasible. We are not responsible for the security or processing of your Personal Data once it is transferred to the third party. Please note that we may not copy or transfer certain Personal Data if doing so would interfere with the rights of others, such as where providing your Personal Data would reveal information about another person or our trade secrets or intellectual property.

您有权以结构化、常用和机器可读的格式获得一份您的个人信息副本,并在其他地方重复使用,或要求我们将您的个人信息转给第三方。我们将在技术可行的情况下满足您的要求。一旦您的个人信息被转移给第三方,我们对其安全性或处理不承担任何责任。请注意,如果复制或转移某些个人信息会妨碍他人的权利,例如提供您的个人信息会泄露他人的信息或我们的商业秘密或知识产权,则我们不会复制或转移这些数据。

To exercise any of the above rights, submit your request to MLPrivacyOffice@morganlewis.com. We will respond to your request within thirty (30) days. If the Firm is unable to respond to your request within thirty (30) days of receipt, the Firm will inform you, in writing, within this thirty (30) day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the Data Protection Laws).

如需行使上述任何权利,请将您的请求发送至 MLPrivacyOffice@morganlewis.com。我们将在三十(30)日内对您的请求作出回应。如本所未能在收到您的请求后三十(30)日内作出回应,本所将在这三十(30)日内以书面形式通知您。如本所未能向您提供任何个人信息或作出所要求的更正,本所将通知您未能这样做的原因(除非根据数据保护法,本所无须这样做)。

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

根据所提出的请求,本所可能只向您提供(i)查阅所要求的文件所载的个人信息(而非文件的全部),及(ii)在适当情况下,确认本所记录在案的个人信息(如您的个人信息在文件中只占微不足道的部分)。

For a reasonable request, we do not charge a fee, but you may be charged a fee for repeated requests. For requests that are unnecessarily repetitive and require excessive technical means (such as a request that requires the development of a new system or a fundamental change in current practice), we may reject your request and provide an alternative way to protect your legitimate rights and interests. If your request poses a risk to the legitimate interests of others or is highly impractical, we may reject your request. 

对于合理的请求,我们不会收取费用,但对于重复的请求,我们可能会向您收取费用。对于不必要的重复请求和需要过多技术手段的请求(例如需要开发新系统或从根本上改变当前做法的请求),我们可能会拒绝您的请求,并提供其他方式来保护您的合法权益。如果您的请求对他人的合法权益构成风险或非常不切实际,我们可能会拒绝您的请求。

In addition, we will not respond to your request if it is:

此外,如果您的请求属于以下情况,我们将不予响应:

  • related to the performance of our statutory obligations;

    与履行我们的法定义务有关;

  • directly related to national security and national defense;

    与国家安全和国防直接相关;

  • directly related to public safety, public health, and significant public interests;

    与公共安全、公共卫生和重大公共利益直接相关;

  • directly related to a criminal investigation, prosecution, trial, and judgment enforcement, etc.;

    与刑事调查、起诉、审判和判决执行等直接相关;

  • shown with sufficient evidence that the data subjects have subjective malice or are abusing their rights;

    有充分证据表明数据主体有主观恶意或滥用权利;

  • for the purpose of protecting the life, property or other significant legal rights and interests of you or other individuals, and it is difficult to obtain consent from you or other individuals;

    为保护您或其他人的生命、财产或其他重大合法权益,且难以征得您或其他人同意的;

  • causing or will cause serious damage to the legitimate rights and interests of other data subjects, individuals or organizations; or
    对其他数据主体、个人或组织的合法权益造成或将会造成严重损害的;或
  • related to trade secrets.
    涉及商业秘密的。

You have the right to raise concerns with the Firm or a supervisory authority about our processing of your Personal Data. If you wish to raise concerns with us, please contact us as described below.

您有权就本所对您个人信息的处理向本所或监管机构提出疑虑。如果您希望向我们提出疑虑,请按下文方式联系我们。

INTERNATIONAL DATA TRANSFER

国际数据传输

Due to the Firm’s multinational character, our affiliates, offices, and other third-party recipients listed above may be located in different countries. A list of the Firm’s offices is available here. You understand and agree that, for the purposes stated above, we may transfer your Personal Data to other Firm affiliates and offices as well as third parties outside China. 

由于本所的跨国性质,我们的关联方、代表处和上述其他第三方接收者可能位于不同的国家。本所的代表处名单可在查阅。您了解并同意,出于上述目的,我们可能会将您的个人信息传输本所中国境外的其他关联方和代表处以及第三方。

To the extent that we transfer your Personal Data to recipients located outside China, we will provide an adequate level of protection to the Personal Data, including appropriate technical and organizational security measures. We will also enter into agreements with the data recipients to allocate responsibilities and obligations to protect your Personal Data if required by Data Protection Law. The retention period of Personal Data will be the shortest time needed to achieve the purposes of the cross-border transfer unless applicable laws provide otherwise.

如果我们将您的个人信息传输给中国境外的接收方,我们将为个人信息提供足够的保护,包括适当的技术和组织安全措施。如数据保护法要求,我们还将与数据接收方签订协议,分配保护您个人信息的责任和义务。除非适用法律另有规定,否则个人信息的保留期限将是实现跨境传输目的所需的最短时间。 

CONTACT INFORMATION

联系信息

If you (i) have any questions or feedback relating to your Personal Data or this Policy, (ii) would like to withdraw your consent to any use of your Personal Data as set out in this Policy, (iii) would like to make a request related to your rights to your Personal Data, or (iv) would like to report a violation of this Policy, please contact the China Offices Data Protection Officer and/or the Privacy Office at the contact information below.

如果您 (i) 对您的个人信息或本政策有任何疑问或反馈,(ii) 希望撤回您对本政策中所述的使用您的个人信息的同意,(iii) 希望提出与您的个人信息权利有关的请求,或 (iv) 希望报告违反本政策的行为,请通过以下联系方式联系中国代表处数据保护官和/或隐私办公室。

CHINA OFFICES DATA PROTECTION OFFICER

中国代表处数据保护官
Email 邮箱:: MLChinaDPO@morganlewis.com
Telephone 电话:   +86.10.5876.3500 (Beijing北京)
+86.21.8022.8588
Addresses 地址: Suite 823, 8th Floor
Beijing Kerry Centre South Tower, 
No. 1 Guang Hua Road
Chaoyang District, Beijing
北京市朝阳区光华路 1 号嘉里中心南楼8 层 823 室

and和

Units 2802-2810, Tower A, Three ITC, No. 183 Hongqiao Road, Shanghai
200030 China
上海市徐汇区虹桥路183号徐家汇中心三期A座2802-10
200030 中国

MORGAN LEWIS PRIVACY OFFICE

摩根路易斯隐私办公室
Email 邮箱: MLPrivacyOffice@morganlewis.com
Telephone 电话: +1.215.963.5000
Address 地址: 2222 Market Street
Philadelphia, PA 19103
Effective: January 2025 (AS AMENDED)

INTRODUCTION

This Data Protection Policy (this “Policy”) addresses the basis on which Morgan Lewis Stamford LLC and its affiliated entities and offices (the “Firm”) may collect, use, disclose, or otherwise process Personal Data (as defined below) in accordance with the Personal Data Protection Act (No. 26 of 2012) of Singapore (“PDPA”) and any other applicable law. This Policy incorporates our Global Privacy Policy herein by reference and applies to Personal Data in the Firm’s possession or under its control.

By interacting with the Firm, using our website, submitting information to us or engaging our services, you agree and consent to the Firm and third-parties collecting, using, disclosing and/or processing your Personal Data in the manner set out in this Policy.

This Policy may be updated by the Firm at any time, and any amendments or revisions made to this Policy will be published on our website.

DEFINITION OF PERSONAL DATA

Personal Data means any data, whether true or not, about an individual who can be identified (i) from that data or (ii) from that data and other information to which the Firm has or is likely to have access.

Personal Data does not include (i) information regarding an individual acting on a personal or domestic basis (related to home or family), (ii) information about an individual acting in the course of his or her employment with an organisation, or (iii) business contact information, such as name, title, business telephone number, business address, business email address or business fax number or any other similar information about the individual not provided by the individual solely for his or her personal purpose.

DATA SUBJECTS’ RIGHTS

You have the right to request access to your Personal Data and the purposes for which your Personal Data has been collected, used, or disclosed by the Firm in the last year unless an exception under applicable data protection laws is applicable. You also have the right to request that the Personal Data that the Firm holds is corrected or updated unless there is an exception under the applicable data protection laws. If you wish to make a request, you may submit your request in writing or via email to the Singapore Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, the Firm will inform you of the fee before processing your request.

The Firm will respond to your access or correction request as soon as reasonably possible. If the Firm is unable to respond to your request within thirty (30) days of receipt, the Firm will inform you, in writing, within this thirty (30) day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the PDPA).

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

INTERNATIONAL DATA TRANSFERS

Your Personal Data may be transferred and/or shared both within and outside of Singapore to the Firm’s offices, business partners and third-party service providers for data storage, administration and other purposes. The Firm will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. You acknowledge and agree, however, that in some cases your Personal Data may be exported to, processed and accessed in countries whose laws may provide a different level of protection that may not necessarily be comparable to that provided under the PDPA. Specifically, our websites and information technology systems are hosted on servers located in the United States.

Except as stated above, the Firm will not generally disclose your Personal Data to third-parties unless you consent or the disclosure is authorised or required by law. 

Effective: January 2025 (AS AMENDED)

INTRODUCTION

This Data Protection Policy (this “Policy”) addresses the basis on which Morgan Lewis Stamford LLC and its affiliated entities and offices (the “Firm”) may collect, use, disclose or otherwise process the Personal Data (as defined below) of job applicants in accordance with the Personal Data Protection Act (No. 26 of 2012) of Singapore (“PDPA”) and any other applicable law.

This Policy incorporates our Global Privacy Policy herein by reference and pertains to Personal Data in the Firm’s possession or under its control, including Personal Data in the possession of third-party service providers that the Firm has engaged to process Personal Data on its behalf.

This Policy applies to the Personal Data of all persons who have applied for a position with the Firm (“job applicants”). By applying for a position with the Firm, you have agreed and given your consent to the Firm to collect, use, disclose and otherwise process your Personal Data in the manner set forth in this Policy.

This Policy may be amended by the Firm at any time.

DEFINITION OF PERSONAL DATA

Personal Data means data, whether true or not, about a job applicant who can be identified (i) from that data or (ii) from that data in combination with other information to which the Firm has or is likely to have access.

Personal Data does not include (i) information regarding an individual acting on a personal or domestic basis (related to home or family), (ii) information about an individual acting in the course of his or her employment with an organisation, or (iii) business contact information, such as name, title, business telephone number, business address, business email address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purpose.

Other terms used in this Policy shall have the meaning given to them in the PDPA.

DATA SUBJECTS’ RIGHTS

You have the right to request access to your Personal Data and the purposes for which your Personal Data has been collected, used, or disclosed by the Firm in the last year unless an exception under applicable data protection laws is applicable. You also have the right to request that the Personal Data that the Firm holds is corrected or updated, unless an exception under applicable data protection laws is applicable. If you wish to make a request, you may submit your request in writing or via email to the Singapore Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, the Firm will inform you of the fee before processing your request.

The Firm will respond to your access or correction request as soon as reasonably possible. If the Firm is unable to respond to your request within thirty (30) days of receipt, the Firm will inform you, in writing, within this thirty (30)-day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the PDPA).

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

INTERNATIONAL DATA TRANSFER

Your Personal Data may be transferred and/or shared within and outside of Singapore to the Firm’s offices, business partners and third-party service providers for data storage, administration and other purposes. The Firm will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. You acknowledge and agree, however, that in some cases your Personal Data may be exported to, processed and accessed in countries whose laws may provide a different level of protection that may not necessarily be comparable to that provided under the PDPA. 

Effective: January 2025 (AS AMENDED)

INTRODUCTION

Protecting your privacy is important to Morgan, Lewis & Bockius LLP (the “Firm”). This US State-Specific Privacy Policy (“Policy”) describes how the Firm may collect, use, disclose and safeguard the personal information you provide when you communicate or interact with the Firm, including as a client, as well as information you provide on the Firm’s websites and through or in connection with our mobile apps (the “Apps”) or other software- and Internet-enabled programs and services sponsored by the Firm (the “Site”). This Policy reflects our compliance with applicable state consumer privacy laws, including the California Consumer Privacy Act. Please see our Global Privacy Policy, incorporated herein by reference, for more information. This Policy and our general privacy policy constitute the full privacy policy for data subjects based in the US.

COLLECTION, USE & DISCLOSURE

The following table sets forth the categories of personal information we have collected in the preceding 12 months, the source of that personal information, and how we have used and shared such personal information for business purposes in the preceding 12 months.

Category of Personal Information Collected

Source of Information

Purpose for Collection

Categories of Recipients

Identifiers: your real name, postal address, email address, telephone numbers, or other similar identifiers

 

From you

To communicate with you and to administer a relationship with you

 

Our service providers, if applicable and necessary to administer the engagement or relationship with you

Payment information: name, routing and bank account number, billing address and records of payments

From you

To accept payment for services provided to you or to provide reimbursements where appropriate

Our bank and other service providers who process payments for us and who are contractually required to comply with laws and requirements applicable to payment processing

Information you provide about a third party: if you send someone else a communication from the Site, we may collect information, such as that person's name and email

From you

To deliver to or communicate with the person at the address that you have requested

Our service providers as necessary and appropriate, for example, in furtherance of our engagement with you

Communications: communications we have with you including any documents or other information you may provide to us in the course of an engagement

From you

To handle your legal matters or otherwise in the course of an engagement

To handle website requests

To contact you when necessary or requested

Our service providers to the extent permitted, and for firm clients, under our confidentiality obligations and/or applicable privileges

Preference information: your marketing preferences, your account settings (including any default preferences), any preferences you have indicated, the types of services/information materials that interest you, the areas of our Site that you have visited or ways that you interact with our Site

From you, from our website technology interaction with your browser/devices and cookies and other similar technologies tracking the pages you visit, the marketing messages you open and the links you follow

To enhance your online experience, including as a way to recognize you and welcome you to the Site or App, to provide you with customized Site or App content

 

 

Our third party vendors and service providers that perform website analytic services for us or enable the customization of content to you to improve your experiences on our Site, an App or elsewhere

Voluntary information: any voluntary information you provide us with, such as responses to surveys and social media account details

From you and your social media account provider

To know you better, make our communications with you more personal, learn and improve from your survey feedback and organize events

Our service providers

Personalization: inferences drawn from your interactions online, how you use our Site and App, and whether and when you open our marketing emails to create a profile reflecting your preferences, characteristics, and behavior

From you, from our Site or App technology’s interaction with your browser or devices and cookies tracking the pages you visit

To improve our Site, services, online experience

 

 

Our third party vendors and service providers that perform website analytic services for us or enable the customization of offers to you to improve your website experience for our Site, Apps or elsewhere

Internet or other electronic network activity information: IP address, geolocation data, internet provider, operating system and browser used, type of device (such as laptop or smart phone), search history, device cookie settings and other device details

FFrom you and from our website or app technology’s interaction with your browser or devices

To make sure our website and app technology works properly with your device and you can see and use our intended website and apps on the device, and for analytical and demographic purposes

To protect the security and integrity of the Site and our business, such as by protecting against and preventing fraud, unauthorized transactions, and managing risk exposure, including by identifying potential hackers and other unauthorized users

Our service providers who help us with fraud protection, and third party vendors and service providers that perform website analytic services for us or enable more relevant offers to you on our Site, an App or elsewhere

Information automatically collected from your browser: when you use the Site, some data is automatically transferred from your browser to our server, including your browser type, operating system type or mobile device model, viewed webpages, links that are clicked, IP address, mobile device identifier or other unique identifier, sites or apps visited before coming to our Site or App, the amount of time you spend viewing or using the Site or App, the number of times you return, or other click-stream or site usage data, emails we send that you open, forward, or click through to our Site or App

From you and from our website or app technology’s interaction with your browser or devices

In an aggregated non-specific format for analytical and demographic purposes

To protect the security or integrity of the Site and our business, such as by protecting against and preventing fraud, unauthorized transactions, and managing risk exposure, including by identifying potential hackers and other unauthorized users

 

Our third party vendors and service providers that perform website analytic services for us or enable the customization of offers to you to improve your website experience

 

DO NOT TRACK

Do Not Track (DNT) is a privacy preference that users can set in some web browsers, allowing users to opt out of tracking by websites and online services. At the present time, the World Wide Web Consortium (W3C) has not yet established universal standards for recognizable DNT signals and therefore, the Firm and the Site do not recognize DNT.

OPT-OUT PREFERENCE SIGNALS

As noted below, we do not “share” personal information for targeted or cross-context behavioral advertising purposes. Accordingly, opt-out preference signals sent from a browser are not required and are not processed.

YOUR US STATE-SPECIFIC PRIVACY RIGHTS

If you are a resident of California, Colorado, Connecticut, Delaware, Iowa, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, or Virginia, the law in your state may provide you with certain rights with respect to your personal information. Where applicable, those rights may include:

  • The right to know what personal information we have collected, used, disclosed and sold about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the Firm discloses personal information, and the specific pieces of personal information the Firm has collected about you. To submit a request to know, you may call us at 844-977-1101, visit www.morganlewis.com, or email MLPrivacyOffice@morganlewis.com.
  • The right to request that we delete any personal information we have collected about you. To submit a request for deletion, you may call us at 844-977-1101, visit www.morganlewis.com, or email MLPrivacyOffice@morganlewis.com.
  • The right to request that we delete any personal information we have collected about you.To submit a request for deletion, you may call us at 844-977-1101, visit www.morganlewis.com, or email MLPrivacyOffice@morganlewis.com.
  • The right to obtain a copy of personal information we have obtained about you in a portable and, to the extent technically feasible, readily usable format. To submit such a request, you may call us at 844-977-1101, visit www.morganlewis.com, or email MLPrivacyOffice@morganlewis.com.
  • If we deny your request, the right to appeal our decision.
  • The right not to receive discriminatory treatment for the exercise of privacy rights conferred by your state’s privacy law.

You also may designate an authorized agent to make a request for access on your behalf on our website at visit www.morganlewis.com, or email MLPrivacyOffice@morganlewis.com.

When you exercise these rights and submit a request to us, we will verify your identity by calling your phone number on file and asking for your email address and the date of your last interaction with us. We also may use a third-party verification provider to verify your identity. Your exercise of these rights will have no adverse effect on the price and quality of our services.

The Firm does not sell or share (i.e., engage in cross-context behavioral or targeted advertising) personal information about you to third parties. The Firm does not use or disclose sensitive personal information for any purposes other than those permitted by applicable law.

If you are a California resident, you may request information about our disclosure of personal information to third parties or affiliated companies for their direct marketing purposes. To make such request, please contact us as set forth above. Please allow up to 30 days for us to process your request. You may submit such a request once per year.

RECORD RETENTION

We may retain your personal information for as long as necessary to fulfill the purpose for which it was collected or to comply with legal or regulatory requirements. We strive to retain your personal information no longer than is reasonably necessary to carry out the purposes listed in this Notice or as required by law. We generally retain your personal information for up to seven (7) years.

CONTACT US

If you have any questions about this Privacy Notice or to request this Privacy Notice in another form, please contact us at 844-977-1101 or MLPrivacyOffice@morganlewis.com.

 

Effective: January 2025