Privacy Policy

INTRODUCTION

Morgan, Lewis & Bockius LLP and its affiliates located in the People’s Republic of China (“PRC” or “China”) and globally (collectively, the “Firm”) are committed to safeguarding the privacy and security of Personal Data (as defined below) that we may collect from visitors to our website, the clients to whom we provide legal and other services, and other third parties that interact with the Firm or submit information to us, including but not limited to job applicants (collectively, “you”).

This Data Protection Policy (this “Policy”) addresses the basis on which the Firm may collect, use, disclose, or otherwise process Personal Data in accordance with applicable data protection laws including, but not limited to, the China Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law and their associated regulations (collectively, the “Data Protection Laws”). This Policy applies to Personal Data in the Firm’s possession or under its control. Under applicable Data Protection Laws, the Firm is acting in its capacity as a data controller.

By interacting with the Firm, using our website, submitting information to us or engaging our services, you agree and consent to the Firm and third parties collecting, using, disclosing and/or processing your Personal Data in the manner set out in this Policy.

Please read the following information carefully to understand our practices regarding your Personal Data and how we treat it.

This Policy may be updated by the Firm at any time and any amendments or revisions made to this Policy will be published on our website. Under such circumstances, if you continue to use our services and/or our website, you will be deemed to have agreed to be bound by the updated Policy.

DEFINITION OF PERSONAL DATA

Personal Data refers to any data, recorded electronically or by other means, related to identified or identifiable natural persons located in China, excluding anonymized information.

COLLECTION, USE, AND PURPOSES OF PROCESSING PERSONAL DATA

The Firm may collect your Personal Data in the course of operating our business and providing our services. We collect your Personal Data for the following primary purposes:

Functionality of Our Website

When visiting our website, your browser will contact our webserver to retrieve the sites you wish to visit. In this context, Personal Data, such as your IP address, is transferred by your browser (i.e., by HTTP/S requests) to us. This connection data is processed by our webserver to enable access to and the display of our website. Our webserver automatically saves a record of the pages you visited (“log files” or “session records”). We use these log files to ensure the security of our website, in particular to prevent unauthorized interference with it, and to enable us to exercise our legal rights and obligations regarding any such unauthorized interference.

For more information about what is collected via our website, please see the Firm’s Cookie Policy.

If you decline to provide your Personal Data as described above, you may not be able to display and visit our website.

Basic Legal Services

We collect your Personal Data to provide legal services to you, respond to your inquiries, perform our contractual obligations, and handle other professional and operational matters for you. Depending on the nature of the services, the types of Personal Data that we typically collect include:

• your contact details, including name, employer, title, postal address, email address and phone number(s); and
• to the extent necessary, (i) your identification information, including the ID number; (ii) financial information, including transaction records; (iii) details regarding health, sickness, and/or disability; and/or (iv) criminal records.

To ensure that we are paid, we may collect and use your financial information such as bank account details.

We also typically collect the name of counterparties/contractual partners in order to comply with our legal and regulatory obligations and/or our contractual obligations to you or your employer for our own legitimate interests, for example, to carry out conflict and Know Your Customer checks.

Please note that we may not be able to provide legal services to you if you decline to provide the Personal Data described above.

Recruitment

For the purpose of recruitment, we may collect and use your curriculum vitae, education and employment history, details of professional memberships and other relevant information that you or your authorized representative provide to us.

Expanded Services – Business Promotion

For marketing purposes, we may collect and use your Personal Data to administer our client relationships; send LawFlashes and other legal updates; invite you to seminars, webinars, and other events hosted or sponsored by the Firm; or for other types of business promotion purposes. We typically collect the following Personal Data:

• technical information, including the information collected from your visits to our website, or other technical services, such as your IP address, device type, etc.;

• other personal information, including your visiting records, your dietary requirements, health information, disability information and other information that we may need to respond to your specific needs or preferences; and
• when you sign up for a seminar or webinar or subscribe to LawFlashes and other legal updates, we will also collect and use the registration or subscription data you provide, such as your name, phone number and email address.

We will not be able to provide business promotion services without collecting the Personal Data as described above. However, declining to provide this information for marketing purposes will not affect the provision of our basic legal services. You may unsubscribe from these marketing communications at any time.

If we collect your sensitive Personal Data, we will inform you of the necessity and the impact on you and seek to obtain consent from you before collecting this data.

The Firm will not use your Personal Data for any additional purposes without your express consent unless we have a lawful ground on which to process your Personal Data under the Data Protection Laws. Any such consent is revocable at any time as described below.

The Firm does not use Personal Data for automated decision making, including profiling.

DISCLOSURE OF PERSONAL DATA

The Firm may disclose your Personal Data as follows:

Entrust to Process

We may entrust certain third parties to process your Personal Data. The third parties include vendors providing payment collection services, information technology support, technical and organizational services in connection with normal operational activities; legal, audit, operational or other advisors; and other service providers for the purposes referred to in this Policy. We will exercise appropriate due diligence in the selection of the third-party vendors and execute agreements with them requiring that such providers maintain adequate technical and organizational security measures to safeguard your Personal Data, and to process your Personal Data only as instructed by us and for no other purposes.

Share

We may share your Personal Data with our offices and affiliates worldwide. Within the Firm, your Personal Data will be shared only with a limited number of relevant individuals on a need-to-know basis in connection with their job responsibilities.

We may also share Personal Data to comply with the law, respond to compulsory legal processes (such as a search warrant or court order), in response to a request for information from a regulator or governmental authority, in the course of actual or anticipated litigation, or otherwise for legal purposes, such as to other law firms, courts, or government authorities to protect your rights, and/or to provide services to you.

Transfer of Control

We will require the data recipients to undertake to protect your Personal Data as required by the Data Protection Laws. We do not transfer control over your Personal Data to any third-party except as follows:

• You expressly consent to the transfer in this Policy or otherwise;
• Pursuant to legal requirements, procedural requirements, litigation, or mandatory requirements of a competent governmental authority; or
• To another business entity in connection with the sale, assignment, merger, or other transfer of all or a portion of the Firm’s business to that business entity.

Publicly Disclose

We will not publicly disclose your Personal Data except for the following instances:

• when you explicitly consent or you voluntarily request us to publicly disclose. Before disclosing your Personal Data, we will notify you of the purpose of such disclosure and the types of Personal Data to be disclosed. If the disclosure involves your sensitive Personal Data, we will notify you of the purpose, type and specific contents of such sensitive Personal Data;
• pursuant to legal requirements, procedural requirements, litigation, or mandatory requirements of a competent governmental authority.

WITHDRAWAL OF CONSENT

Your consent for the collection, use, disclosure, and processing of your Personal Data will remain valid until it is withdrawn by you in writing. You may withdraw consent and request the Firm to stop using, disclosing, and/or processing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to the China Offices Data Protection Officer and/or the Privacy Office at the contact details provided below.

Upon receipt of your written request to withdraw your consent, the Firm may require reasonable time (depending on the complexity of the request and its impact on its relationship with you) for your request to be processed and for the Firm to notify you of the consequences, including any legal consequences that may affect your rights and liabilities to the Firm. In general, the Firm will process your request within thirty (30) days of receipt. If you decide to cancel your withdrawal of consent, you must inform the Firm in writing in the manner described above.

Once you withdraw your consent, we will no longer process the corresponding Personal Data. However, withdrawing your consent does not affect the Firm’s right to continue to collect, use, disclose, and/or process your Personal Data where such collection, use, disclosure and processing is permitted without consent or required under applicable laws. Further, your decision to withdraw the consent will not affect our prior processing of your Personal Data based on your previous consent.

DATA RETENTION

We intend to keep your Personal Data accurate and up to date. The Firm will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected in accordance with our data retention policies (including for the purposes of satisfying any legal, accounting or reporting requirements) or as required or permitted by applicable laws. For visitors to our website, we will retain the Personal Data for up to ten (10) years from the date of our last interaction with you or for longer if we are required to do so according to our regulatory obligations. For service provision to any client, we retain the Personal Data for the duration of the engagement or business relationship and up to ten (10) years following the end of engagement or our business relationship with you or for longer as required by regulatory obligations or applicable law. However, legal documents in connection with the termination of the engagement or business relationship will be retained as long as such termination may be disputed.

At the end of any retention period, the Firm will delete, anonymize, or securely dispose of your Personal Data when retention no longer serves the purposes for which the Personal Data was collected, and is no longer necessary for legal or business purposes.

DATA SUBJECTS’ RIGHTS

You have certain rights in relation to your Personal Data that we hold. You may exercise these rights as follows.

Access and Correction

You have the right to request access to your Personal Data that we hold and information on how we use it and with whom we share it. If you find that your Personal Data is inaccurate, you have the right to request that we update or correct your Personal Data.

Deletion

You may request that we delete or remove your Personal Data. Please note that we may retain your Personal Data if we have valid legal grounds, such as for the defense of legal claims or other legal obligations, and we will advise you accordingly.

If we decide to respond to your deletion request, we will also notify the entities that have obtained your Personal Data from us and request that they to delete it in a timely manner, unless otherwise provided by laws and regulations or these entities obtain your authorization separately.

When the Personal Data is deleted from our servers, we may not be able to delete the corresponding Personal Data in our backup system immediately, but we will delete it when the backup is updated.

Processing Restriction

You have the right at any time to restrict the processing of your Personal Data in accordance with the Data Protection Laws.

Copy

You have the right to obtain a copy of your Personal Data in a structured, commonly used and machine-readable format and to reuse it elsewhere, or to ask us to transfer your Personal Data to a third party. We will accommodate your request where technically feasible. We are not responsible for the security or processing of your Personal Data once it is transferred to the third party. Please note that we may not copy or transfer certain Personal Data if doing so would interfere with the rights of others, such as where providing your Personal Data would reveal information about another person or our trade secrets or intellectual property.

To exercise any of the above rights, submit your request to MLPrivacyOffice@morganlewis.com. We will respond to your request within thirty (30) days. If the Firm is unable to respond to your request within thirty (30) days of receipt, the Firm will inform you, in writing, within this thirty (30) day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the Data Protection Laws).

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

For a reasonable request, we do not charge a fee, but you may be charged a fee for repeated requests. For requests that are unnecessarily repetitive and require excessive technical means (such as a request that requires the development of a new system or a fundamental change in current practice), we may reject your request and provide an alternative way to protect your legitimate rights and interests. If your request poses a risk to the legitimate interests of others or is highly impractical, we may reject your request.

In addition, we will not respond to your request if it is:

• related to the performance of our statutory obligations;
• directly related to national security and national defense;
• directly related to public safety, public health, and significant public interests;
• directly related to a criminal investigation, prosecution, trial, and judgment enforcement, etc.;
• shown with sufficient evidence that the data subjects have subjective malice or are abusing their rights;
• for the purpose of protecting the life, property or other significant legal rights and interests of you or other individuals, and it is difficult to obtain consent from you or other individuals;
• causing or will cause serious damage to the legitimate rights and interests of other data subjects, individuals or organizations; or
• related to trade secrets.

You have the right to raise concerns with the Firm or a supervisory authority about our processing of your Personal Data. If you wish to raise concerns with us, please contact us as described below. The applicable supervisory authorities for the Firm are the Cyberspace Administration of China and its local counterparts.

DATA SECURITY

The Firm understands that storing Personal Data in a secure manner is an essential requirement of the Data Protection Laws and, therefore, we employ reasonable physical, technical, and administrative safeguards to secure Personal Data against foreseeable risks, including unauthorized use, access, disclosure, destruction, or modification. Our information security team has developed policies, standards, and procedures to support and enforce preventive and detective operational controls to ensure the confidentiality, integrity, and availability of Personal Data. We utilize preventive and detective controls, such as up-to-date antivirus protection and encryption, to safeguard your Personal Data. Additionally, all personnel are required to read and attest to the Firm’s code of business conduct and confidentiality and data security policies on an annual basis. They are also required to attend online data privacy and security training.

No method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, the Firm strives to protect the security of your information and is constantly reviewing and enhancing its information security measures. Transmission of your data to our website is at your own risk.

INTERNATIONAL DATA TRANSFER

Due to the Firm’s multinational character, our affiliates, offices, and other third-party recipients listed above may be located in different countries. A list of the Firm’s offices is available here. You understand and agree that, for the purposes stated above, we may transfer your Personal Data to other Firm affiliates and offices as well as third parties outside China.

To the extent that we transfer your Personal Data to recipients located outside China, we will provide an adequate level of protection to the Personal Data, including appropriate technical and organizational security measures. We will also enter into agreements with the data recipients to allocate responsibilities and obligations to protect your Personal Data. The retention period of Personal Data will be the shortest time needed to achieve the purposes of the cross-border transfer unless applicable laws provide otherwise.

CHILDREN’S PRIVACY

Children under 14 years old are not the target audience for our website. To protect their privacy, we prohibit the collection of Personal Data from children. Please contact us if you believe that we have any Personal Data from any children under the age of 14 without their parental/guardian consent — we will promptly investigate (and remove) such Personal Data.

CONTACT INFORMATION

If you (i) have any questions or feedback relating to your Personal Data or this Policy, (ii) would like to withdraw your consent to any use of your Personal Data as set out in this Policy, (iii) would like to make a request related to your rights to your Personal Data, or (iv) would like to report a violation of this Policy, please contact the China Offices Data Protection Officer and/or the Privacy Office at the contact information below.

CHANGES TO THIS POLICY

The Firm may revise this Policy from time to time without any prior notice. Please refer to the date of the Policy to determine when it was last updated. Your continued interaction with the Firm constitutes your acknowledgement and acceptance of such changes.

INTRODUCTION

This Data Protection Policy (this “Policy”) addresses the basis on which Morgan, Lewis & Bockius (Hong Kong office) and its affiliated entities and offices (the “Firm”) may collect, use, disclose or otherwise process Personal Data (as defined below) in accordance with the Personal Data (Privacy) Ordinance (Cap. 486) (the “PDPO”) and any other applicable law. This Policy applies to Personal Data in the Firm’s possession or under its control.

By interacting with the Firm, using our website, submitting information to us, or engaging our services, you agree and consent to the Firm and Third Parties (as defined below) collecting, using, disclosing and/or processing your Personal Data in the manner set out in this Policy.

This Policy may be updated by the Firm at any time, and any amendments or revisions made to this Policy will be published on our website.

DEFINITION OF PERSONAL DATA

Personal Data refers to any data relating, directly or indirectly, to a living individual from which it is practicable for the individual to be directly or indirectly identified.

COLLECTION OF PERSONAL DATA

The Firm may collect and/or track the following Personal Data:

• your e-mail addresses used to communicate with the Firm or its websites via email;
• information you knowingly provide in online forms, registration forms, surveys, via email or otherwise (including name, address, email address and other personal data);
• information as detailed in the Firm’s Cookie Policy; and
• information provided to the Firm in relation to the provision of legal services, which includes performing conflict-of-interest checks and complying with the Firm’s obligations under anti-money laundering regulations.

PURPOSES FOR PROCESSING PERSONAL DATA

The Personal Data collected from you may be used, disclosed and/or processed for various purposes, including but not limited to:

• performing the Firm’s contractual obligations;
• providing and improving the Firm’s legal services to its clients;
• responding to enquiries, requests or feedback;
• evaluative purposes, such as determining whether the Firm’s legal services are appropriate for, or of interest to, you;
• maintaining and developing the Firm’s relationships with you, its clients and prospective clients, users of our website, suppliers and other third parties;
• verifying your identity, checking for conflicts of interest, processing payments and otherwise managing the Firm’s administrative and business operations and administering our client relationships;
• complying with applicable laws and regulations, codes of practice, guidelines, policies and other regulatory requirements issued by the relevant authorities;
• organising events, seminars and other marketing or promotional activities;
• forwarding administrative or other notifications;
• maintaining and improving the security and functionality of our website and information technology systems and tracking traffic and usage on our website;
• protecting, establishing, exercising or defending the Firm’s legal rights;
• processing, storing, monitoring, hosting, and backing up Personal Data, whether within or outside of Hong Kong;
• protecting any of the Firm’s legitimate interests; and
• any other purpose incidental to any of the above.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

The Firm may disclose the Personal Data collected by it to the following parties (“Third Parties”), which may be located outside of Hong Kong:

• the Firm’s offices and affiliates;
• third parties involved in the provision of services to the Firm or its clients and prospective clients including, but not limited to, barristers, local counsel, experts and other professional advisors;
• professional advisors, banks and financial institutions, auditors, insurers and other third-party service providers; and
• courts, tribunals, regulatory and governmental authorities, and law enforcement agencies.

DIRECT MARKETING

The Firm may collect, use, disclose or otherwise process your Personal Data to forward relevant marketing materials including legal updates, newsletters, and other communications on legal developments, as well as announcements and invitations to seminars and other events to you. The Firm will only send marketing materials after it has obtained your separate consent to do so. You may withdraw your consent for the Firm to send marketing materials to you at any time by opting out or contacting the Firm as detailed below.

WITHDRAWAL OF CONSENT

You may withdraw consent and request the Firm to stop using, disclosing, and/or processing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to the Hong Kong Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

Upon receipt of your written request to withdraw your consent, the Firm may require reasonable time (depending on the complexity of the request and its impact on its relationship with you) for your request to be processed and for the Firm to notify you of the consequences, including any legal consequences that may affect your rights and liabilities to the Firm. In general, the Firm will process your request as required by law. If you decide to cancel your withdrawal of consent, you must inform the Firm in writing in the manner described above. Withdrawing your consent does not affect the Firm’s right to continue to collect, use, disclose and/or process your Personal Data where such collection, use, disclosure and processing is permitted without consent or required under applicable laws.

DATA RETENTION

The Firm will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected in accordance with its data retention policies (including for the purposes of satisfying any legal, accounting, or reporting requirements) or as required or permitted by applicable laws. To determine the appropriate retention period for Personal Data, the Firm considers the amount, nature, and sensitivity of the Personal Data; the potential risk of harm from unauthorised use or disclosure of the Personal Data; the purposes for which it processes the Personal Data and whether it can achieve those purposes through other means; and the applicable legal requirements including the statute of limitations periods. For the avoidance of doubt, the Firm may retain Personal Data in situations where its relationship with the data subject (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable the Firm to enforce its rights under any contract).

The Firm will delete, anonymise, or securely dispose of your Personal Data when retention no longer serves the purposes for which the Personal Data was collected, and it is no longer necessary for legal or business purposes.

DATA SUBJECTS’ RIGHTS

Under the PDPO, you have the right to request access to and correct your Personal Data. If you wish to make a request, you may submit your request in writing or via email to the Hong Kong Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, the Firm will inform you of the fee before processing your request.

The Firm will respond to your access or correction request as soon as reasonably possible. If the Firm is unable to respond to your request within forty (40) days of receipt, the Firm will inform you, in writing, within this forty (40)-day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the PDPO).

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

DATA SECURITY

The Firm will take reasonable care to protect your Personal Data from unauthorised access, modification, or disclosure. To safeguard your Personal Data, the Firm implements appropriate administrative, physical and technical measures (such as up-to-date antivirus protection, encryption and the use of privacy filters/screen protectors) to secure the storage and transmission of Personal Data by the Firm.

However, no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, the Firm strives to protect the security of your information and is constantly reviewing and enhancing its information security measures. Transmission of your data to our website is at your own risk.

INTERNATIONAL DATA TRANSFERS

Your Personal Data may be transferred and/or shared both within and outside of Hong Kong to the Firm’s offices, business partners and third-party service providers for data storage, administration and other purposes. The Firm will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPO. You acknowledge and agree, however, that in some cases your Personal Data may be exported to, processed and accessed in countries whose laws may provide a different level of protection that may not necessarily be comparable to that provided under the PDPO. Specifically, our websites and information technology systems are hosted on servers located in the United States.

Except as stated above, the Firm will not generally disclose your Personal Data to Third Parties unless you consent or the disclosure is authorised or required by law.

CONTACT INFORMATION

If you (i) have any questions or feedback relating to your Personal Data or this Policy, (ii) would like to withdraw your consent to any use of your Personal Data as set out in this Policy, (iii) would like to obtain access or make corrections to your Personal Data, or (iv) would like to report a violation of this Policy, please contact the Hong Kong Office Data Protection Officer and/or the Privacy Office at the contact information below.

CHANGES TO THIS POLICY

The Firm may revise this Policy from time to time without any prior notice. Please refer to the date of the Policy to determine when it was last updated. Your continued interaction with the Firm constitutes your acknowledgement and acceptance of such changes.

INTRODUCTION

This Data Protection Policy (“Policy”) addresses the basis on which Morgan, Lewis & Bockius Gaikokuho Jimu Bengoshi Jimusho, and Morgan Lewis Bockius Bengoshi Kimusho (Foreign Law Joint Enterprise (Gaikokuho Kyodo Jigyo Jimusho)) (the “Firm”) may collect, use, disclose or otherwise process Personal Information (as defined below) in accordance with the Act on the Protection of Personal Information and other relevant laws and regulations ("PIPA").

This Policy applies to individuals who interact with the Firm, use our website, submit information to us, or engage our services.

DEFINITION OF PERSONAL INFORMATION

Personal Information means any information relating to a living individual located in Japan from which the individual may be directly or indirectly identified or which contains an individual identification code of the individual.

COLLECTION AND USE OF PERSONAL INFORMATION

The Firm may collect and/or track the following Personal Information.

• your e-mail addresses used to communicate with the Firm or its websites;
• information you knowingly provide in online forms, registration forms, surveys, via email or otherwise (including name, work or home address, phone/facsimile number and e-mail address, tile, section, gender, date of birth and other personal information);
• information as detailed in the Firm’s Cookie Policy; and
• information provided to the Firm in relation to the provision of legal services.

PURPOSES FOR PROCESSING PERSONAL INFORMATION

The Personal Information collected from you may be used, disclosed, and/or processed for various purposes, including, but not limited to:

• providing legal services to you;
• complying with applicable laws and regulations, codes of practices, guidelines, policies and other regulatory requirements issued by the relevant authorities;
• verifying your identity, checking for conflicts of interest, processing payments and otherwise managing our administrative and business operations and administering our client relationships;
• evaluative purposes such as determining whether our legal services are appropriate for, or of interest, to you;
• processing applications for seminars or events held by the Firm ;
• responding to questions, requests and feedback;
• providing information concerning employment and acceptance of applications or inquiries concerning employment;
• providing relevant marketing materials, such as updates, newsletters, greeting letters and other communications on legal developments or on the Firm;
• organizing and forwarding invitations for events, seminars and other marketing or promotional activities;
• forwarding administrative or other notifications;
• processing, storing, monitoring, hosting, and backing up Personal Information whether within or outside of Japan;
• maintaining and improving the security and functionality of our website and information technology systems and tracking traffic and usage on our website; and
• any other purpose incidental to any of the above .

DISCLOSURE TO SERVICE PROVIDERS

The Firm may disclose your Personal Information to third party service providers, vendors, agents, consultants and/or other parties to enable such parties to perform services on our behalf and under our instructions for one or more of the purposes set out above. Such services include: office administration services, mailing services, translation/interpreter services, data storage and other IT services, tax, accounting, legal and other professional services, payment services, and conferences and events services.

We may disclose Personal Information to third parties where:

• prior consent has been obtained from you;
• the PIPA or other laws and regulations authorize or require the disclosure;
• the provision of Personal Information is necessary for the protection of the life, body, or property of a person and it is difficult to obtain the consent of the individual;
• the provision of Personal Information is necessary for improving public health or promoting the sound growth of children and it is difficult to obtain the consent of the individual; and
• it is necessary to cooperate with a national government’s organization, a local government, or a person entrusted by them to perform affairs prescribed by laws and regulations, and obtaining the consent of the individual would interfere with the performance of said affairs

JOINT USE OF PERSONAL INFORMATION

The Firm may jointly use Personal Information with its affiliated offices and entities which may be located outside of Japan. A list of affiliated offices and entities is provided here. Personal Information to be jointly used is as descried in COLLECTION AND USE OF PERSONAL INFORMATION above and the purpose for the joint use is as set forth in PURPOSES FOR PROCESSING PERSONAL INFORMATION.

Morgan, Lewis & Bockius LLP, headquartered at 1701 Market Street, Philadelphia, Pennsylvania, under its Chair, will be responsible for the joint use of your Personal Information.

Personal Information to be Jointly Used is strictly subject to Privacy Policies applicable to our affiliated offices and entities. For more detail, please see our website at https://www.morganlewis.com/privacy-policy.

DATA RETENTION

The Firm will only retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected in accordance with its data retention policies (including for the purposes of satisfying any legal, accounting or reporting requirements) or as required or permitted by applicable laws. To determine the appropriate retention period for Personal Information, the Firm considers the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. The Firm will delete, anonymize or securely dispose of your Personal Information when retention no longer serves the purposes for which the Personal Information was collected, and is no longer necessary for legal or business purposes.

DATA SUBJECTS’ RIGHTS

You have the right to make the requests listed below regarding your Personal Information.

• Access to Personal Information
• Correction, Addition, or Deletion of Contents of Personal Information
• Suspension of Use or Elimination of Personal Information
• Suspension of Provision of Personal Information to Third Parties

If you wish to make a request, you may submit your request in writing or via email to the Tokyo Office Data Protection Officer and/or the Privacy Office at the contact details provided below. Please note that a reasonable fee may be charged for an access request. If so, the Firm will inform you of the fee before processing your request.

Depending on the request made, the Firm may only provide you with (i) access to the Personal Information contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Information that the Firm has on record, where your Personal Information forms a negligible part of the document(s).

DATA SECURITY

The Firm will take reasonable care to protect your Personal Information from unauthorised access, modification, or disclosure. To safeguard your Personal Information, the Firm implements appropriate administrative, physical, and technical measures (such as up-to-date antivirus protection, encryption, and the use of privacy filters/screen protectors) to secure the storage and transmission of Personal Information by the Firm.

However, no method of transmission over the Internet (including via our website or email) or method of electronic storage is completely secure. While security cannot be guaranteed, the Firm strives to protect the security of your information and is constantly reviewing and enhancing its information security measures. Transmission of your data to our website is at your own risk.

For more private communication, you may contact the Firm by telephone at the numbers provided below and on our website.

INTERNATIONAL DATA TRANSFERS

Your Personal Information may be transferred and/or shared both within and outside of Japan to the Firm’s offices, business partners and third-party service providers for data storage, administration and other purposes described above including when you engage us to perform work in an overseas jurisdiction. The Firm will take steps to ensure that your Personal Information continues to receive a standard of protection that is at least comparable to that provided under the PIPA. You acknowledge and agree, however, that in some cases, your Personal Information may be exported to, processed and accessed in countries whose laws may provide a different level of protection, which may not necessarily be comparable to that provided under the PIPA. Specifically, our websites and information technology systems are hosted on servers located in the United States. Upon request to the Tokyo Office DPO or the Privacy Office, at the contact information below, we will provide you with additional information about such transfers.

Except as stated above, the Firm will not generally disclose your Personal Information to third parties, unless you consent, or the disclosure is permitted or required by applicable law.

CONTACT INFORMATION

If you, (i) have any questions or feedback relating to your personal information or our Policy; (ii) would like to make a request regarding as described above; or (iii) send the Firm any questions, concerns, feedback or comments on this Policy or how we use, disclose and/or process your personal information, please contact the Privacy Office at the contact information below.

CHANGES TO THIS POLICY

The Firm may revise this Policy from time to time without any prior notice. Please refer to the date of the Policy to determine when it was last updated. Your continued interaction with the Firm constitutes your acknowledgement and acceptance of such changes.

This Data Protection Policy (this “Policy”) addresses the basis on which Morgan Lewis Stamford LLC and its affiliated entities and offices (the “Firm”) 'may collect, use, disclose, or otherwise process Personal Data (as defined below) in accordance with the Personal Data Protection Act (No. 26 of 2012) of Singapore (“PDPA”) and any other applicable law. This Policy applies to Personal Data in the Firm’s possession or under its control.

By interacting with the Firm, using our website, submitting information to us or engaging our services, you agree and consent to the Firm and third-parties collecting, using, disclosing and/or processing your Personal Data in the manner set out in this Policy.

This Policy may be updated by the Firm at any time, and any amendments or revisions made to this Policy will be published on our website.

DEFINITION OF PERSONAL DATA

Personal Data means any data, whether true or not, about an individual who can be identified (i) from that data or (ii) from that data and other information to which the Firm has or is likely to have access.

Personal Data does not include (i) information regarding an individual acting on a personal or domestic basis (related to home or family), (ii) information about an individual acting in the course of his or her employment with an organisation, or (iii) business contact information, such as name, title, business telephone number, business address, business email address or business fax number or any other similar information about the individual not provided by the individual solely for his or her personal purpose.

COLLECTION, USE, AND DISCLOSURE OF PERSONAL DATA

The Firm may collect and/or track the following Personal Data:

• your email addresses used to communicate with the Firm or its websites via email;
• information you knowingly provide in online forms, registration forms, surveys, via email or otherwise (including name, address, email address and other personal data);
• information as detailed in the Firm’s Cookie Policy; and
• information provided to the Firm in relation to the provision of legal services.

PURPOSES FOR PROCESSING PERSONAL DATA

The Personal Data collected from you may be used, disclosed, and/or processed for various purposes, including but not limited to:

• providing legal services to you;
• complying with applicable laws and regulations, codes of practice, guidelines, policies and other regulatory requirements issued by the relevant authorities;
• verifying your identity, checking for conflicts of interest, processing payments and otherwise managing our business operations and administering our client relationships;
• determining whether our legal services are appropriate for, or of interest to, you and other evaluative purposes;
• responding to questions, requests and feedback;
• providing relevant marketing materials, such as updates, newsletters and other communications on legal developments;
• organizing events, seminars and other marketing or promotional activities;
• forwarding administrative or other notifications;
• processing, storing, monitoring, hosting and backing up your Personal Data, both within and outside of Singapore;
• maintaining and improving the security and functionality of our website and information technology systems and tracking traffic and usage on our website; and
• any other purpose incidental to any of the above.

WITHDRAWAL OF CONSENT

Your consent for the collection, use, disclosure, and processing of your Personal Data will remain valid until such time that it is withdrawn by you in writing. You may withdraw consent and request the Firm to stop using, disclosing and/processing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to the Singapore Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

Upon receipt of your written request to withdraw your consent, the Firm may require reasonable time (depending on the complexity of the request and its impact on its relationship with you) for your request to be processed and for the Firm to notify you of the consequences, including any legal consequences that may affect your rights and liabilities to the Firm. In general, the Firm will process your request within thirty (30) days of receipt. If you decide to cancel your withdrawal of consent, you must inform the Firm in writing in the manner described above. Withdrawing your consent does not affect the Firm’s right to continue to collect, use, disclose and/or process your Personal Data where such collection, use, disclosure and processing is permitted without consent or required under applicable laws.

DATA RETENTION

The Firm will only retain your Personal Data for as long as necessary to fulfill the purposes for which it was collected in accordance with its data retention policies (including for the purposes of satisfying any legal, accounting or reporting requirements) or as required or permitted by applicable laws. The Firm will delete, anonymize, or securely dispose of your Personal Data when retention no longer serves the purposes for which the Personal Data was collected and is no longer necessary for legal or business purposes.

DATA SUBJECTS’ RIGHTS

You have the right to request access to your Personal Data and the purposes for which your Personal Data has been collected, used, or disclosed by the Firm in the last year unless an exception under applicable data protection laws is applicable. You also have the right to request that the Personal Data that the Firm holds is corrected or updated unless there is an exception under the applicable data protection laws. If you wish to make a request, you may submit your request in writing or via email to the Singapore Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, the Firm will inform you of the fee before processing your request.

The Firm will respond to your access or correction request as soon as reasonably possible. If the Firm is unable to respond to your request within thirty (30) days of receipt, the Firm will inform you, in writing, within this thirty (30) day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the PDPA).

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

DATA SECURITY

The Firm will take reasonable care to protect your Personal Data from unauthorised access, modification, or disclosure. To safeguard your Personal Data, the Firm implements appropriate administrative, physical and technical measures (such as up-to-date antivirus protection, encryption and the use of privacy filters/screen protectors) to secure the storage and transmission of Personal Data by the Firm.

However, no method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, the Firm strives to protect the security of your information and is constantly reviewing and enhancing its information security measures. Transmission of your data to our website is at your own risk.

INTERNATIONAL DATA TRANSFERS

Your Personal Data may be transferred and/or shared both within and outside of Singapore to the Firm’s offices, business partners and third-party service providers for data storage, administration and other purposes. The Firm will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. You acknowledge and agree, however, that in some cases your Personal Data may be exported to, processed and accessed in countries whose laws may provide a different level of protection that may not necessarily be comparable to that provided under the PDPA. Specifically, our websites and information technology systems are hosted on servers located in the United States.

Except as stated above, the Firm will not generally disclose your Personal Data to third-parties unless you consent or the disclosure is authorised or required by law.

CONTACT INFORMATION

If you (i) have any questions or feedback relating to your Personal Data or this Policy, (ii) would like to withdraw your consent to any use of your Personal Data as set out in this Policy, (iii) would like to obtain access or make corrections to your Personal Data, or (iv) would like to report a violation of this Policy, please contact the Singapore Office Data Protection Officer and/or the Privacy Office at the contact information below.

CHANGES TO THIS POLICY

The Firm may revise this Policy from time to time without any prior notice. Please refer to the date of the Policy to determine when it was last updated. Your continued interaction with the Firm constitutes your acknowledgement and acceptance of such changes.

INTRODUCTION

This Data Protection Policy (this “Policy”) addresses the basis on which Morgan Lewis Stamford LLC and its affiliated entities and offices (the “Firm”) may collect, use, disclose or otherwise process the Personal Data (as defined below) of job applicants in accordance with the Personal Data Protection Act (No. 26 of 2012) of Singapore (“PDPA”) and any other applicable law.

This Policy pertains to Personal Data in the Firm’s possession or under its control, including Personal Data in the possession of third-party service providers that the Firm has engaged to process Personal Data on its behalf.

This Policy applies to the Personal Data of all persons who have applied for a position with the Firm (“job applicants”). By applying for a position with the Firm, you have agreed and given your consent to the Firm to collect, use, disclose and otherwise process your Personal Data in the manner set forth in this Policy.

This Policy may be amended by the Firm at any time.

DEFINITION OF PERSONAL DATA

Personal Data means data, whether true or not, about a job applicant who can be identified (i) from that data or (ii) from that data in combination with other information to which the Firm has or is likely to have access.

Personal Data does not include (i) information regarding an individual acting on a personal or domestic basis (related to home or family), (ii) information about an individual acting in the course of his or her employment with an organisation, or (iii) business contact information, such as name, title, business telephone number, business address, business email address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purpose.

Other terms used in this Policy shall have the meaning given to them in the PDPA.

COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

The Personal Data that the Firm may collect in the context of your job application includes, but is not limited to, your:

• name or alias, gender, date of birth, nationality, and country and city of birth;
• mailing address, telephone numbers, email address and other contact details;
• résumé, educational qualifications, and employment references;
• professional qualifications, certifications, and related information;
• employment and training history;
• work-related health issues and disabilities;
• photographs;
• any information collected by the Firm’s human resources department for administrative purposes to ensure compliance with the Firm’s internal compliance policies, recordkeeping and compliance with law; and
• any additional information provided by you to the Firm as a job applicant (whether through the submission of your job application or otherwise).

The Firm generally collects Personal Data:

• that you knowingly and voluntarily provide in the course of or in connection with your job application, or via a third party who has been duly authorised by you to disclose your Personal Data to the Firm (your “authorised representative”, which may include your job placement agent), after:
• you (or your authorised representative) have been notified of the purposes for which the data is collected by way of this Policy or otherwise, and
• you (or your authorised representative) have provided written consent to the collection and usage of your Personal Data for those purposes. In this regard, by applying for any position with the Firm, you have agreed and given your consent to the Firm to collect, use, and disclose your Personal Data in the manner set forth in this Policy, or
• where collection and use of Personal Data without consent is permitted or required by the PDPA or other applicable laws.

The Firm shall seek your consent before collecting any additional Personal Data not listed above and before using your Personal Data for a purpose about which you have not been notified whether in this Policy or otherwise (except where permitted or authorised by law).

PURPOSES FOR PROCESSING PERSONAL DATA

The purposes for which the Firm processes and discloses Personal Data include, but are not limited to, (i) assessing and evaluating your suitability for employment in any current or prospective position within the Firm, (ii) verifying your identity and the accuracy of your personal details and other information provided, (iii) for other business and administrative purposes, and/or (iv) any other purpose related to the foregoing purposes.

The purposes listed above may continue to apply for a reasonable period after your relationship with the Firm has been terminated or altered in any way.

WITHDRAWAL OF CONSENT

Your consent for the collection, use, disclosure and processing of your Personal Data will remain valid until such time that it is withdrawn by you in writing. You may withdraw consent and request the Firm to stop using, disclosing and/or processing your Personal Data for any or all of the purposes listed above by submitting your request in writing or via email to the Singapore Office Data Protection Officer and/or the Firm’s Privacy Office at the contact details provided below.

Upon receipt of your written request to withdraw your consent, the Firm may require reasonable time (depending on the complexity of the request and its impact on its relationship with you) for your request to be processed and for the Firm to notify you of the consequences, including any legal consequences that may affect your rights and liabilities to the Firm. In general, the Firm will process your request within thirty (30) days of receipt.

Depending on the nature and extent of your request, the Firm may not be in a position to process your job application. The Firm shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, you must inform the Firm in writing in the manner described above.

Withdrawing your consent does not affect the Firm’s right to continue to collect, use, disclose and/or process your Personal Data where such collection, use, disclosure and processing is permitted without consent or required under applicable laws.

ACCURACY OF PERSONAL DATA

The Firm generally relies on Personal Data provided by you (or your authorised representative). In order to ensure that your Personal Data is current, complete and accurate, you must notify the Firm if there are changes to your Personal Data by contacting the Firm’s human resources department in writing or via email at the contact details provided below.

The Firm shall take all reasonable efforts to ensure that your Personal Data collected, used, disclosed or otherwise processed is accurate and complete if it is likely to be used to make a decision that affects you or if it is likely to be disclosed to a third party.

DATA RETENTION

The Firm may retain your Personal Data for as long as it is necessary to fulfil the purposes for which the data was collected, or as required or permitted by applicable laws. The Firm will delete, anonymise or securely dispose of your Personal Data when retention no longer serves the purposes for which the Personal Data was collected and is no longer necessary for legal or business purposes.

DATA SUBJECTS’ RIGHTS

You have the right to request access to your Personal Data and the purposes for which your Personal Data has been collected, used, or disclosed by the Firm in the last year unless an exception under applicable data protection laws is applicable. You also have the right to request that the Personal Data that the Firm holds is corrected or updated, unless an exception under applicable data protection laws is applicable. If you wish to make a request, you may submit your request in writing or via email to the Singapore Office Data Protection Officer and/or the Privacy Office at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, the Firm will inform you of the fee before processing your request.

The Firm will respond to your access or correction request as soon as reasonably possible. If the Firm is unable to respond to your request within thirty (30) days of receipt, the Firm will inform you, in writing, within this thirty (30)-day period. If the Firm is unable to provide you with any Personal Data or to make a requested correction, the Firm will inform you of the reason(s) why it is unable to do so (except where the Firm is not required to do so under the PDPA).

Depending on the request made, the Firm may only provide you with (i) access to the Personal Data contained in the documents requested (not to the documents in their entirety), and (ii) where appropriate, confirmation of the Personal Data that the Firm has on record where your Personal Data forms a negligible part of the document(s).

DATA SECURITY

To safeguard your Personal Data from unauthorised access, disclosure, modification, disposal or similar risks, the Firm:

• implements appropriate administrative, physical and technical measures (such as up-to-date antivirus protection, encryption and the use of privacy filters/screen protectors) to secure the storage and transmission of Personal Data by the Firm; and
• discloses Personal Data both internally and to its authorised third-party service providers and agents on a need-to-know basis.

No method of transmission over the internet or method of electronic storage is completely secure. While security cannot be guaranteed, the Firm strives to protect the security of your information and is constantly reviewing and enhancing its information security measures.

INTERNATIONAL DATA TRANSFER

Your Personal Data may be transferred and/or shared within and outside of Singapore to the Firm’s offices, business partners and third-party service providers for data storage, administration and other purposes. The Firm will take steps to ensure that your Personal Data continues to receive a standard of protection that is at least comparable to that provided under the PDPA. You acknowledge and agree, however, that in some cases your Personal Data may be exported to, processed and accessed in countries whose laws may provide a different level of protection that may not necessarily be comparable to that provided under the PDPA.

CONTACT INFORMATION

If you (i) have any questions or feedback relating to your Personal Data or this Policy, (ii) would like to withdraw your consent to any use of your Personal Data as set out in this Policy, (iii) would like to obtain access and make corrections to your Personal Data, or (iv) would like to report a violation of this Policy, please contact the Singapore Office Data Protection Officer and/or the Privacy Office:

CHANGES TO THIS POLICY

The Firm may revise this Policy from time to time without any prior notice. Please refer to the date of the policy to determine when it was last updated. Your continued participation in our recruitment process constitutes your acknowledgement and acceptance of such changes.