Find lawyers by capability, office or title
See all results for ""

Privacy Notice

Back to top

Policies and statements

Privacy notices

Last Updated: November 2024

Davis Polk & Wardwell LLP and its associated entities that are authorized to carry the name Davis Polk (together, “Davis Polk,” “we,” “our,” or “us”) (a list of all Davis Polk entities is available here) are committed to protecting your privacy and handling your personal information in an open and transparent manner.

This Privacy Notice describes our practices in relation to the personal information that we handle in the course of providing our services and operating our business.

Please note that this Privacy Notice does not apply to the personal information that we collect from and about (i) individuals who have applied for a position with Davis Polk (“Applicants”); (ii) individuals who are being considered for a specific position with Davis Polk (“Candidates”); or (iii) Davis Polk personnel, including lawyers, business services professionals, and consultants (“Personnel”). Applicants and Candidates should refer to our Careers Privacy Notice for details regarding our handling of their personal information. Personnel should review the notices and other information provided to them in connection with their role.

This Privacy Notice describes how we use, disclose, and protect the personal information that we collect from and about individuals:

  • through our website, https://www.davispolk.com/, and any other websites and digital properties where this Privacy Notice is posted or linked (collectively, the “Website”) and any of our online interactions with individuals;
  • in connection with our business development and marketing activities;
  • through the legal and other services that we provide to our clients and prospective clients (“Client Services”); and
  • through our other online and offline interactions with individuals, including during in-person interactions in our offices and at events.

Collectively, we refer to the above-listed activities as the “Services.”

This Privacy Notice also describes the choices and legal rights available to you with respect to your personal information and how you can exercise them.

As used in this Privacy Notice, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a specific individual. For clarity, personal information includes any information that constitutes “personal information,” “personal data,” “personally identifiable information,” or any substantially similar term under applicable data protection and privacy legislation in any relevant jurisdiction.

California Residents. If you are a California resident, please review the “Additional information for California residents” section below, which includes additional details about our personal information handling practices and your legal rights under California law.

Please note that the Davis Polk entity responsible for the processing of your personal information will depend on which Davis Polk entity you engage with in relation to the Services. Details regarding the Davis Polk entities through which we practice law in each jurisdiction can be found here.

Please carefully review this Privacy Notice to learn more about our personal information handling and privacy practices. You can also navigate to a particular topic by clicking the following links:

Collection of personal information

Depending on your use of the Services and how you otherwise interact with us, we may collect or obtain your personal information in several ways, including (i) directly from you; (ii) through automated means; and (iii) from third parties and other sources. Additional details regarding the types of personal information we collect and how are included below.

Information collected directly from you

We collect personal information that you voluntarily provide when you engage with us and/or the Services (both online and offline). Details regarding certain contexts in which you may provide us with your personal information and the types of information that you may provide in each context are included below.

  • Signing up for our marketing-related communications and materials
    If you sign up to receive marketing-related communications or materials (e.g., client updates, newsletters, event invitations, etc.) from us, we will request personal information necessary to send you the communications and materials that you request, which may include your name, company name, job title/position, business contact details (e.g., email address and postal address), demographic information (e.g., gender), interests, and contact preferences. If you are interested in subscribing to receive updates from us based on your interests, please click here. Details on how to exercise your choices with respect to marketing-related communications and materials from us can be found in the “Your choices and legal rights” section below.
  • Registering for an event
    When you register for an event (e.g., a meeting, seminar, or webinar) organized, hosted, or sponsored by us and/or our business partners, we will request personal information necessary to complete your registration, which may include your name and business contact details (e.g., email address and telephone number). If you register for a program that offers CLE credit, we will also request your Bar number and other information required for CLE credit and reporting purposes. Moreover, depending on the type of event, we may request certain voluntary information (e.g., dietary preferences/restrictions, physical accessibility requirements/special accommodations requests, and other event-related requests). 
  • In connection with our provision of Client Services
    We will collect personal information that you provide during your interaction(s) with us as a current or prospective client (or as an employee/representative of a current or prospective client). For example, in addition to your name and business contact details, we may request information as required by applicable anti-money laundering or similar regulations and as part of our business acceptance processes. We may also collect financial details and payment information (e.g., payment card information or bank account number) from you to bill you for Client Services. 
  • In connection with our other online and offline interactions with you
    We will collect personal information that you choose to provide to us, including information that you provide when you contact us with an inquiry or request and otherwise engage with us through any communication channel (e.g., phone calls, emails, in-person interactions, etc.). Depending on the nature of our interaction, the information that you provide may include your name, company name and other professional/employment-related information (e.g., job title/position), business contact details, and contact preferences. Additionally, we may collect certain audio and visual information from you (e.g., CCTV images/footage, photographs, voice recordings, etc.) if, for example, you visit our offices, attend an event, or leave us a voicemail. 
  • Browser and device information, including the Internet Protocol (IP) address and/or other unique identifier(s) assigned to your device; the location of your device; and other information about your browser, device, and operating system.
  • Activity and usage information, including information about your interaction(s) with the Website (e.g., the date and time of your visit(s); the area(s) or page(s) that you visit; the amount of time you spend on the page(s) or using the Website; the domain name from which you accessed the Website; and other clickstream or usage information).

If you sign up to receive marketing-related communications or materials (e.g., client updates, newsletters, event invitations, etc.) from us, we will request personal information necessary to send you the communications and materials that you request, which may include your name, company name, job title/position, business contact details (e.g., email address and postal address), demographic information (e.g., gender), interests, and contact preferences. If you are interested in subscribing to receive updates from us based on your interests, please click here. Details on how to exercise your choices with respect to marketing-related communications and materials from us can be found in the “Your choices and legal rights” section below.

When you register for an event (e.g., a meeting, seminar, or webinar) organized, hosted, or sponsored by us and/or our business partners, we will request personal information necessary to complete your registration, which may include your name and business contact details (e.g., email address and telephone number). If you register for a program that offers CLE credit, we will also request your Bar number and other information required for CLE credit and reporting purposes. Moreover, depending on the type of event, we may request certain voluntary information (e.g., dietary preferences/restrictions, physical accessibility requirements/special accommodations requests, and other event-related requests).

We will collect personal information that you provide during your interaction(s) with us as a current or prospective client (or as an employee/representative of a current or prospective client). For example, in addition to your name and business contact details, we may request information as required by applicable anti-money laundering or similar regulations and as part of our business acceptance processes. We may also collect financial details and payment information (e.g., payment card information or bank account number) from you to bill you for Client Services.

We will collect personal information that you choose to provide to us, including information that you provide when you contact us with an inquiry or request and otherwise engage with us through any communication channel (e.g., phone calls, emails, in-person interactions, etc.). Depending on the nature of our interaction, the information that you provide may include your name, company name and other professional/employment-related information (e.g., job title/position), business contact details, and contact preferences. Additionally, we may collect certain audio and visual information from you (e.g., CCTV images/footage, photographs, voice recordings, etc.) if, for example, you visit our offices, attend an event, or leave us a voicemail.

We generally do not seek personal information that is considered “sensitive” or “special category” under applicable data protection and privacy legislation (e.g., government-issued identification numbers and information revealing or related to individuals’ racial or ethnic origin, political opinions, religious or philosophical beliefs, health, or sex life/sexual orientation) (“sensitive personal information”). However, certain information that you voluntarily share with us may constitute sensitive personal information (e.g., dietary preferences/restrictions that reveal information about your religious beliefs or health). Additionally, we may require certain sensitive personal information in connection with our provision of Client Services (e.g., government-issued identification numbers/documents).

Where we require sensitive personal information, we will inform you of the purpose for collecting your information and seek your consent, in accordance with applicable law. We will also handle your sensitive personal information in accordance with this Privacy Notice and/or in the ways described to you at the point where we request the information.

Please note that you may use the Website without providing us with your personal information. However, as noted in the following subsection, we may still collect certain personal information from you automatically.

Information collected through automated means

When you visit and interact with the Website, we (and our service providers and partners) may use cookies and other similar technologies to automatically collect certain information about your browser, device, and/or activity.

The specific types of information we (and our service providers and partners) may collect include:

  • Browser and device information, including the Internet Protocol (IP) address and/or other unique identifier(s) assigned to your device; the location of your device; and other information about your browser, device, and operating system.
  • Activity and usage information, including information about your interaction(s) with the Website (e.g., the date and time of your visit(s); the area(s) or page(s) that you visit; the amount of time you spend on the page(s) or using the Website; the domain name from which you accessed the Website; and other clickstream or usage information).

We (and our service providers and partners) may also use cookies and other similar technologies to collect information about the actions that you take upon receipt of an email from us (e.g., whether you opened the email, clicked the link(s) contained in the email, forwarded the email, etc.).

Additionally, we use third-party analytics and tracking tools and services to better understand who is using the Website, how the Website is used, and how to improve the effectiveness of the Website and related content. For example, we use Google Analytics to better understand how users engage with the Website. For information on Google Analytics’ information handling practices and how you can control the use of information sent to Google, please click here. If you wish to prevent your information from being used by Google Analytics, Google has developed the Google Analytics opt-out browser add-on, which you can download and install for your browser here.

For additional information about our use of cookies and other similar technologies and how to exercise your choices, please review our Cookie Policy.

Information received from third parties and other sources

We may collect or receive your personal information from third parties (e.g., our current and prospective clients (or parties acting on their instructions), service providers, business partners, professional advisers, etc.) and other third-party sources (e.g., social media platforms, public records/publicly available databases, etc.).

The personal information that we receive from these sources may include your name, company name and other professional/employment-related information (e.g., job title/position), business contact details, and demographic information. If you are employed by or otherwise associated with one of our current or prospective clients, they may provide us with additional types of personal information relating to you as part of our business acceptance processes and as necessary or appropriate in the course of us providing Client Services. Additionally, if you interact with us on a social media platform (e.g., LinkedIn), we may receive information about you from the platform (in accordance with your privacy settings on the platform).

Please note that we may combine personal information that we collect or receive from various sources and use, disclose, and protect the combined personal information as described in this Privacy Notice. Additionally, we may use personal information that we collect or receive to draw inferences about you (e.g., your gender).

Use of personal information

We use the personal information that we collect for the purposes described below.

  • To provide the Services. We use personal information to provide and manage the Services. For example, we use personal information to provide Client Services and manage our relationships with our current and prospective clients. Additionally, we use personal information to administer, maintain the functionality of, and improve the Website.
  • To communicate with you. We use personal information as necessary to communicate with you, including to contact you for administrative purposes (e.g., to respond to your inquiries, requests, and other communications) or to send you important updates and correspondence.
  • To send you marketing-related communications and materials. We use personal information to send you marketing-related communications and materials regarding Davis Polk and our offices, Client Services, and upcoming events and other communications (e.g., client updates and newsletters) that we think may interest you, subject to your consent, where required by applicable law. Details on how to exercise your choices with respect to marketing-related communications and materials from us can be found in the “Your choices and legal rights” section below.
  • To conduct research and analytics. We use personal information to carry out research and analytics as necessary to evaluate and improve the Services and, where applicable, to develop new services and features. For example, we use information collected about interactions with the Website to understand how the Website is used so that we can make it more user-friendly.
  • To maintain security and prevent fraud. We use personal information as necessary or appropriate to monitor and maintain the security of our systems and networks and to detect, prevent, investigate, and protect you, our business, and others from fraud and other unlawful or unsafe activity.
  • To satisfy our legal, regulatory, and professional obligations. We use personal information to comply with our legal, regulatory, and professional obligations, including to respond to requests from competent legal or regulatory authorities and legal process (e.g., court orders, subpoenas, or warrants).
  • To support our business operations and business transactions. We use personal information as necessary to manage our business and related activities (e.g., internal administration, billing, internal audits, etc.) and to carry out sales and other business transactions.
  • As otherwise permitted, necessary, or appropriate. We use personal information as described to you at the point of collection or at your direction/with your consent. We also use personal information as we believe necessary or appropriate to enforce the terms and conditions that govern the Services and protect our rights, privacy, safety, property, and/or those of others.

Legal basis for processing personal information

Applicable law in certain jurisdictions requires us to set out the “legal basis” that we rely on to collect and further process your personal information.

Where applicable, the legal bases that we rely on are described below.

  • Compliance with a legal obligation. We are subject to various legal requirements in the jurisdictions in which we operate. Accordingly, we will process your personal information as necessary for us to comply with a legal obligation arising under any applicable law.
  • Consent. We may process your personal information on the basis of the consent that you provide at the point of information collection or disclosure. Where required by law, we will rely on your consent for direct marketing purposes and to place cookies and other similar technologies on your device.
  • Contractual necessity. We may process certain personal information where it is either necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract with you. This may include personal information collected and used to provide you with the Services.
  • Legitimate interests. We may process your personal information to the extent necessary to carry out our legitimate interests (or those of a third party), provided that such interests do not outweigh your interests or fundamental rights and freedoms.

The table below identifies the lawful basis that we rely on for each of the purposes described in the “Use of personal information” section above.

Processing purposeLawful basis
To provide the Services
  • Contract
  • Legitimate interests
To communicate with you
  • Legitimate interests
To send you marketing-related communications and materials
  • Consent
  • Legitimate interests (where consent is not required by applicable law)
To conduct research and analytics
  • Legitimate interests
To maintain security and prevent fraud
  • Legitimate interests
To satisfy our legal, regulatory, and professional obligations
  • Compliance with a legal obligation
  • Legitimate interests
To support our business operations and business transactions
  • Legitimate interests
As otherwise permitted, necessary, or appropriate
  • Consent
  • Legitimate interests


If you have any questions about our legal basis for processing your personal information, please contact us at privacy.team@davispolk.com.

Disclosure of personal information

In connection with our fulfillment of the purposes described in the “Use of personal information” section above, we may disclose personal information to the categories of third parties described below.

  • Our affiliates. We will disclose your personal information to our Davis Polk offices and entities around the world as necessary for administrative purposes and to otherwise fulfill the purposes described in this Privacy Notice.
  • Our service providers. We will disclose your personal information to third parties that provide business, professional, and technical support services to us and/or administer activities on our behalf (subject to appropriate contractual obligations and restrictions), including providers of website hosting, information technology, email delivery, analytics, event hosting, word processing, translation, photocopying, and document review services.
  • Our professional advisers. We will disclose your personal information to our professional advisers (e.g., lawyers, accountants, consultants, auditors, etc.) as necessary in the course of the professional services that they provide to us (subject to appropriate contractual obligations and restrictions).
  • Our analytics providers. As described in the “Collection of personal information” section above, we use third-party analytics and tracking tools and services. In connection with our use of these tools and services, we may disclose your personal information to parties that assist us in performing analytics and help us measure the effectiveness of the Services (subject to appropriate contractual obligations and restrictions).
  • Our business partners. We will disclose your personal information to other organizations that we partner with as necessary to provide the Services and carry out other related activities. If, for example, you register for an event that we are co-hosting/sponsoring, we will disclose your personal information to the event’s other hosts/sponsors.
  • Our clients and other third parties in connection with the provision of Client Services. We will disclose your personal information to our clients and other third parties, such as vendors and advisers engaged by our clients, barristers and local counsel, and legal support vendors (e.g., data room providers and case management service providers), as necessary in the course of the provision of Client Services. We may also disclose your personal information to opposing parties and their lawyers, where necessary or appropriate to respond to them in connection with legal matters for which we have been engaged by our clients.
  • Governmental authorities and law enforcement. We may disclose your personal information as required or permitted by applicable laws and regulations in any jurisdiction to governmental authorities, including regulatory authorities, courts and tribunals, government agencies, and law enforcement agencies (such as the police).
  • Relevant third parties in connection with a business transaction. We may disclose or otherwise transfer your personal information to relevant third parties in connection with any actual or potential merger, acquisition, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business or assets, including in connection with any bankruptcy, reorganization, or similar proceedings.
  • Other third parties. We may disclose your personal information to other parties as we believe necessary or appropriate either to (i) comply with applicable law; (ii) protect our operations and/or those of our affiliates; (iii) investigate and prevent against fraud and other illegal activity; (iv) enforce the terms and conditions that govern the Services and protect our rights, privacy, safety, property, and/or those of others; or (v) allow us to pursue available remedies or limit damages that we may sustain.

We may disclose your personal information to other third parties to fulfill the purposes described in this Privacy Notice, and we will inform you of such disclosures at the point of information collection or prior to disclosing your information. Additionally, we will disclose your personal information to other third parties when you direct us to do so (e.g., to other Davis Polk alumni if you are an alumna or alumnus and join the Davis Polk Alumni Network).

Where required by applicable law, we will provide you with additional details regarding the potential third-party recipients of your personal information and obtain your consent prior to disclosing your information to such parties.

We will not sell, rent, distribute, or otherwise make your personal information commercially available to any third party except with your prior permission.

Please note that we may de-identify, anonymize, or aggregate information such that it no longer constitutes personal information and use and disclose to third parties such information for various purposes, as permitted by law.

International transfers of personal information

As an international law firm headquartered in the United States, we may transfer your personal information outside of the country or region in which you are located to fulfill the purposes described in the “Use of personal information” section above. This includes countries where our offices, data centers, service providers, clients, and professional advisers are located.

As a result, your personal information may be transferred to and stored in the United States and other jurisdictions with data protection and privacy laws and regulations that differ from those in your country of residence. Additionally, your personal information may be subject to lawful requests by the courts or law enforcement authorities in those jurisdictions.

Where we transfer your personal information internationally (including to other Davis Polk entities), we do so in accordance with applicable law, which may entail us providing you with additional details regarding the envisaged transfer and obtaining your consent.

If you are located in the European Economic Area (“EEA”), Switzerland, or the United Kingdom (“UK”), please note that whenever we transfer your personal information to countries or regions that have not been recognized by the European Commission, Switzerland’s Federal Council, and/or the UK Government as providing an adequate level of protection for personal information, we ensure that appropriate or suitable safeguards are in place to protect your information. In particular, we may use government-approved contracts (e.g., EU Standard Contractual Clauses) that provide appropriate safeguards for personal information that is transferred to jurisdictions that have not been recognized as providing an adequate level of protection. You can obtain a copy of the EU Standard Contractual Clauses here.

In accordance with applicable law, we carry out a risk assessment to understand and assess the risks associated with an envisaged transfer of personal information internationally. Moreover, where appropriate, we identify and adopt supplementary measures to increase the level of protection of the personal information transferred to the standard needed to protect the information being transferred. If we find that we cannot provide the required level of protection even with the use of supplementary measures, we will not proceed with the transfer.

Protection of personal information

We use reasonable technical, administrative, and organizational measures to help protect personal information under our control from unauthorized access, use, disclosure, alteration, or destruction.

We maintain an ISO/IEC 27001 certification for our document management and email systems and the supporting infrastructure for our offices globally. This is an independently verified certification that information security is managed in line with international best practices and principles.

Because no information system can be 100% secure, we cannot guarantee the absolute security of any information that you transmit to us electronically, including via the Website. Thus, we recommend exercising caution when transmitting any personal information to us.

Retention of personal information

To determine the appropriate retention period for personal information, we will consider, as appropriate (i) the amount, nature, and sensitivity of the personal information; (ii) the potential risk of harm from unauthorized use or disclosure of the personal information; (iii) the purpose(s) for which we process the personal information and whether we can achieve the purpose(s) through other means; (iv) our contractual obligations; and (v) the applicable legal and regulatory requirements (including minimum information retention requirements as prescribed by laws, regulations, or regulatory bodies).

Once personal information has reached its retention period, we may de-identify it such that it no longer constitutes personal information. If we de-identify information, we will maintain and use the information in de-identified form and not attempt to re-identify the information except as required or permitted by law.

Third-party services

The Website may include links to other websites and online platforms whose practices may be different than ours. These third-party services are not governed by this Privacy Notice, and we are not responsible for their information handling and privacy practices. We strongly recommend that you review every service’s privacy notice prior to providing any personal information to ensure that you understand how your information will be handled and protected.

Your choices and legal rights

Your choices

We respect your privacy and provide you with the ability to make certain choices about how we use your personal information, as described below.

Opt out of marketing-related communications and materials. As noted above, we may send periodic marketing-related communications and materials to you, and, where required by law, we will obtain your consent to do so. You may opt out of receiving marketing-related communications and materials from us at any time by following the opt-out instructions included in any email that you receive from us or by e-mailing us at client.communications@davispolk.com. Please note that even if you opt out of receiving marketing-related communications and materials from us, you will still receive non-marketing communications from us, such as those relating to ongoing business matters and administrative messages. 

Manage cookies. As noted above, we (and our service providers and partners) use cookies for various purposes, including to perform analytics. To learn more about our use of cookies and the choices that you have regarding our use of cookies, please review our Cookie Policy.

Your legal rights

Depending on applicable law, you may be entitled to exercise certain rights with respect to your personal information, including the right to:

  • request confirmation as to whether we are processing your personal information and, if so, to request access to your personal information and details regarding our processing of such information (including the disclosure of such information to third parties);
  • request correction or rectification of any inaccurate, incomplete, or out-of-date personal information that we hold about you;
  • request deletion (or anonymization) of your personal information under certain circumstances (subject to applicable exceptions);
  • object to the processing of your personal information under certain circumstances;
  • request that we restrict our processing of your personal information in certain circumstances;
  • request that we provide your personal information in an appropriate format and transmit your personal information to a third party (where technically feasible);
  • refuse to provide your consent, in which case we will inform you of the consequences of your refusal; and
  • withdraw the consent that you have provided us to process your personal information (without affecting the lawfulness of any processing carried out before you withdrew your consent).

Applicable law may also grant you the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects concerning you. We do not, however, engage in such automated processing.

If you are interested in exercising any of the above-listed rights, you (or a third party acting on your behalf) can do so by emailing us at privacy.team@davispolk.com with the subject line “Privacy Rights Request.”

To confirm that you are entitled to exercise the above-listed rights and protect your privacy, we may need to request specific information to help us confirm your identity (and/or confirm that a third party is authorized to act on your behalf). Where applicable, we will use the requested information for verification purposes only. Please note that we may deny your request if we are unable to verify your identity and/or a third party’s authority to act on your behalf.

In addition to the rights outlined above, you may have the right to lodge a complaint with the relevant authority if, for example, you are dissatisfied with our response to any query or request that you have raised to us or our handling of your personal information. The contact details for the data protection authorities in the EEA member states are available here, and instructions on how to submit a complaint to the UK’s data protection authority are available here.  

If you are a California resident, please review the “Additional information for California residents” section below to learn about your legal rights under California law.

Children’s privacy

The Services are not intended for or directed to individuals under the age of 18, and we do not knowingly collect personal information from individuals under the age of 18.

Changes to this Privacy Notice

We will change or modify this Privacy Notice from time to time to reflect changes in our personal information handling and privacy practices and/or changes in applicable law.

The “Last Updated” date at the top of this page indicates when this Privacy Notice was last revised. If we make changes, we will revise the date at the top of this Privacy Notice, and in the case of material changes to this Privacy Notice, we will provide you with additional notice (in accordance with applicable law).

Unless otherwise stated, the current version of this Privacy Notice applies to all personal information under our control. We encourage you to review this Privacy Notice periodically to remain informed about our practices.

Contact us

If you have any questions, comments, or concerns regarding this Privacy Notice or our handling of your personal information, please contact us at privacy.team@davispolk.com.

Additional information for California residents

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 and implementing regulations (collectively, the “CCPA”), provides California residents with certain rights with respect to their “personal information” (as defined in the CCPA). Pursuant to the CCPA, this section provides details regarding the categories of personal information we collect, use, and disclose for a “business purpose” (as defined in the CCPA). This section also describes the legal rights available to California residents in relation to their personal information and how they can exercise their rights. If you are a California resident, please review this section.

Personal information collection and disclosure

The following table details which categories of personal information we have collected from and about California residents in the past twelve (12) months, the categories of sources from which we have collected each category of personal information, and the categories of third parties to whom we have disclosed each category of information for a business purpose. Please note that the first column in the table lists by category the types of information described in the “Collection of personal information” of this Privacy Notice, as required by the CCPA.

Category of personal informationCategories of sourcesDisclosures of personal information for a business purpose

Identifiers, including names, postal addresses, email addresses, online/device identifiers, Internet Protocol addresses, and other similar identifiers

NOTE: Some personal information in this category may overlap with other categories

We have collected this category of information from the following sources:

  • Directly from individuals
  • Through automated means
  • Third parties and other sources (including our clients)

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers
  • Our professional advisers
  • Our analytics providers
  • Our business partners
  • Our clients and other third parties in connection with the provision of Client Services

Personal information categories listed in the California Customer Records statute, including names, postal addresses, telephone numbers, driver’s license/state identification card numbers, passport numbers, employment-related information, and financial information (e.g., payment card information or bank account numbers)

NOTE: Some personal information in this category may overlap with other categories

We have collected this category of information from the following sources:

  • Directly from individuals
  • Third parties and other sources (including our clients)

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers
  • Our professional advisers
  • Our business partners
  • Our clients and other third parties in connection with the provision of Client Services
Protected classification characteristics under California law or federal law, including gender

We have collected this category of information from the following sources:

  • Directly from individuals
  • Third parties and other sources

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers
  • Our business partners
Commercial information, including information regarding the provision of Client Services (e.g., billing information) and records of services purchased, obtained, or considered

We have collected this category of information from the following sources:

  • Directly from individuals
  • Third parties and other sources

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers
  • Our professional advisers
  • Our business partners
  • Our clients and other third parties in connection with the provision of Client Services
Internet or other electronic network activity information, including internet browsing history, search history, and information regarding interactions with the Website

We have collected this category of information from the following sources:

  • Through automated means
  • Third parties and other sources (including analytics providers)

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers
  • Our analytics providers
Geolocation data, such as IP location

We have collected this category of information from the following sources:

  • Through automated means

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers
  • Our analytics providers
Audio, electronic, visual, or similar information, such as phone call/meeting/event recordings (where permitted by law) and CCTV footage collected from individuals in a Davis Polk office

We have collected this category of information from the following sources:

  • Directly from individuals
  • Through automated means

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers

Professional or employment-related information, including job titles/positions, employer names, and business contact details

NOTE: Some personal information in this category may overlap with other categories

We have collected this category of information from the following sources:

  • Directly from individuals
  • Third parties and other sources (including our clients)

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers
  • Our professional advisers
  • Our business partners
  • Our clients and other third parties in connection with the provision of Client Services
Inferences, meaning inferences drawn from any of the information in the above-listed categories to create profiles reflecting individuals’ preferences or characteristics

We have collected this category of information from the following sources:

  • Third parties and other sources

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers

Sensitive personal information, including information that reveals driver’s license/state identification card numbers and passport numbers

NOTE: Some personal information in this category may overlap with other categories

We have collected this category of information from the following sources:

  • Directly from individuals
  • Third parties and other sources (including our clients)

We have disclosed this category of information for a business purpose in the past twelve (12) months to the following categories of third parties:

  • Our affiliates
  • Our service providers

Purposes for collecting personal information

As described in more detail in the “Use of personal information” section above, we collect the above-listed categories of personal information to provide the Services and as otherwise necessary or appropriate to manage our business and related activities and fulfill other legitimate business or commercial purposes.

Disclosure of personal information

As described in more detail in the “Disclosure of personal information” section above, we disclose the above-listed categories of personal information to provide the Services and as otherwise necessary or appropriate to manage our business and related activities and fulfill other legitimate business or commercial purposes. We also disclose certain categories of personal information to third parties at individuals’ direction. Finally, we disclose personal information to governmental authorities, law enforcement, and other third parties as necessary or appropriate, including when we have a legal, regulatory, or professional obligation to do so.

Sale and sharing of personal information

We do not “sell” or “share” (as such terms are defined in the CCPA) personal information (including personal information of individuals that we know to be under the age of 16), and we have not “sold” or “shared” personal information in the past twelve (12) months.

Use and disclosure of sensitive personal information

As detailed in the table above, we collect certain “sensitive personal information” (as defined in the CCPA). However, we do not use or disclose sensitive personal information for any purpose outside of the limited permissible purposes set forth in the regulations implementing the CCPA. Such purposes including providing Client Services and other purposes that do not involve inferring characteristics about individuals.

Retention of personal information

As explained in the “Retention of personal information” section above, we consider several factors when determining the appropriate retention period for personal information, including (i) the amount, nature, and sensitivity of the personal information; (ii) the potential risk of harm from unauthorized use or disclosure of the personal information; (iii) the purpose(s) for which we process the personal information and whether we can achieve the purpose(s) through other means; (iv) our contractual obligations; and (v) the applicable legal and regulatory requirements (including minimum information retention requirements as prescribed by laws, regulations, or regulatory bodies).

Your legal rights

As a California resident, you have the right to request that we:

  • Disclose to you the following information covering the twelve (12) months preceding your request:
    • the categories of personal information we have collected about you;
    • the categories of sources from which we collected such personal information;
    • the business or commercial purpose for collecting, selling, or sharing your personal information (as applicable);
    • the categories of third parties to whom we disclosed your personal information;
    • if we sold, shared, or disclosed your personal information for a business purpose, two separate lists detailing the following (i) sales and shares, identifying the personal information categories that each category of recipient received; and (ii) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained; and
    • the specific pieces of personal information we have collected about you.
  • Correct inaccurate personal information that we maintain about you, taking into account the nature of the information and the purpose(s) of the processing.
  • Delete the personal information that we have collected from you, subject to certain exceptions.

You also have the right not to receive discriminatory treatment for the exercise of any of the above-listed rights.

If you are a California resident and are interested in exercising any of the above-listed rights, you can do so by:

  • emailing us at privacy.team@davispolk.com with the subject line “California Privacy Rights Request;” or
  • calling us at 1-800-274-3125 (toll free) and asking to exercise your California privacy rights.

Exercising your rights does not require you to create an account with us. However, to protect your privacy, we will require the matching of up to three (3) pieces of personal information provided with your request with information we maintain to verify that it is you making the request. Where applicable, we will use the requested information for verification purposes only. Please note that we may decline a request where we are unable to verify your identity and confirm that the personal information that we maintain relates to you.

You may authorize another natural person or a business entity to submit a privacy rights requests on your behalf (an “authorized agent”). An authorized agent will need to demonstrate that you have authorized them to act on your behalf unless you have provided the agent with power of attorney pursuant to applicable probate law. Depending on the evidence provided, we may also contact you to verify your identity with us or request confirmation from you that the agent is authorized to submit the request on your behalf.