Privacy Notice

At UAE Shearman, we are committed to safeguarding your privacy and ensuring the security of your personal data. This Privacy Notice outlines:

  • The categories of personal data we collect;
  • The sources from which we obtain your data;
  • The purposes for which your data is processed;
  • The legal basis for such processing;
  • Our data retention policies;
  • Third parties with whom data may be shared;
  • Security protocols we employ;
  • Cross-border data transfer mechanisms;
  • Your legal rights regarding your data;
  • Identification of data controllers;
  • Contact information for privacy inquiries.

Where applicable, specific regional privacy disclosures are included below to comply with local data protection statutes.

References to "UAE Shearman" in this document encompass Allen Overy Shearman Sterling LLP, its global subsidiaries, and affiliated partnerships or entities authorized to operate under the "Allen Overy Shearman Sterling" or "UAE Shearman" brand.

1. Categories of Personal Data We Collect

We may gather personal data during the ordinary course of business, including via website interaction, service engagement, or through professional relationships with our staff and clients.

Processed data categories include:

  • Identity Data: Names, prefixes, job titles, and professional affiliations.
  • Contact Data: Physical addresses, email addresses, and telephone numbers.
  • Professional Profile: Publicly available information, including LinkedIn profiles and corporate biographies.
  • Financial Data: Payment details and billing information.
  • Technical Data: IP addresses, browser usage, and interaction metrics collected via cookies and tracking technologies.
  • Event Data: Dietary preferences and access requirements provided for meeting or seminar attendance.
  • Compliance Data: Identification and background checks required for client onboarding and anti-money laundering (AML) regulations.
  • Client Service Data: Information provided by or on behalf of clients necessary for legal representation, which may include special categories of data.

2. Data Collection Methods

  • Direct Collection: Information you provide during business acceptance or whilst receiving legal services.
  • Automated Collection: Data gathered through monitoring our technology infrastructure, including website traffic and email communications.
  • Third-Party Sources: Information obtained from public registers, social media platforms (e.g., LinkedIn), or third-party background check providers during supplier or client onboarding.
  • Interaction: Data collected when you register for events, use our digital platforms, or communicate with our staff.

3. Purpose of Processing

UAE Shearman processes your personal data for the following strategic and operational purposes:

  • Service Delivery: To provide legal advice, manage client relationships, and fulfill contractual obligations.
  • Website Optimization: To monitor website usage and ensure content is presented effectively for your device.
  • Security: To manage premise access and ensure the security of our IT systems.
  • Marketing & Insights: To send legal updates, newsletters, and event invitations, and to analyze marketing effectiveness.
  • Legal Compliance: To adhere to regulatory obligations, including conflict checks, AML screenings, and defending legal claims.
  • Recruitment: To process job applications (refer to our separate Recruitment Privacy Policy).

Website Interactions

Certain sections of our website, such as career portals or inquiry forms, request personal data. This information is used strictly for the purpose for which it was provided. For details on cookie usage, please refer to our Cookie Policy.

Marketing Communications

We use tracking technology in marketing emails to monitor engagement (e.g., link clicks). This helps us tailor future content to your interests. You may unsubscribe from these communications at any time.

Events and Seminars

When you attend a UAE Shearman event, we process data regarding dietary or access needs solely to accommodate you and comply with health and safety regulations. This data may be shared with venue partners strictly for event logistics.

4. Legal Basis for Processing

Pursuant to GDPR and applicable data protection laws, our processing activities are justified on the following grounds:

  • Contractual Necessity: To fulfill our agreement to provide legal services.
  • Legal Obligation: To comply with statutory and regulatory requirements.
  • Legitimate Interests: To manage our business operations, security, and client relationships effectively.
  • Consent: Where specific consent has been obtained (which may be withdrawn).

5. Data Retention Principles

We retain personal data only as long as necessary, in accordance with our Global Data Retention Policy. Retention periods are determined by the nature of the data, the purpose of processing, and statutory limitation periods for legal claims.

6. Disclosure and Third Parties

As a global firm, data may be shared within the UAE Shearman network. We also disclose data to trusted third parties under strict contractual confidentiality, including:

  • Professional auditors, insurers, and legal advisors.
  • Outsourced service providers (IT support, document review, translation).
  • Third parties involved in client matters (e.g., opposing counsel, arbitrators, data rooms) with client consent.

We may disclose data to law enforcement or regulatory bodies if legally mandated. We do not sell personal data.

7. Security Measures

We employ robust technical and organizational protocols to defend your data against unauthorized access, loss, or alteration. Our information security management systems are certified to the ISO/IEC 27001 standard, ensuring alignment with international best practices.

8. Cross-Border Data Transfers

To provide global services, data may be transferred to jurisdictions outside the European Economic Area (EEA). In such cases, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs), to ensure your data remains protected in accordance with applicable laws.

9. Your Legal Rights

Under GDPR and similar laws, you have the right to:

  • Request access to your personal data.
  • Request correction or deletion of your data.
  • Object to or restrict processing.
  • Request data portability.
  • Withdraw consent where applicable.

To exercise these rights, please contact our privacy team. Note that legal privilege or regulatory obligations may limit certain rights.

10. Policy Updates

We review this notice regularly. Any changes will be posted on this page. Last updated: June 2026.

11. Data Controllers

The specific UAE Shearman entity acting as the data controller depends on the jurisdiction where services are rendered. For a full list of our global entities and controllers, please contact our compliance office.