Legal notices

Privacy policy

A&O Shearman values your privacy and cares about the way in which your personal information is treated. 

Green Create logo
Privacy policy
Privacy policy

A&O Shearman values your privacy and cares about the way in which your personal information is treated. This privacy policy (“Policy”) describes:

Where necessary, having regard to local applicable data protection or privacy laws, country-specific privacy information is also provided below.

Please click on the relevant heading below for more information on each of these areas.

A&O Shearman (“we”, “us”, or “our”) refers to Allen Overy Shearman Sterling LLP and its subsidiaries and affiliates, and the other partnerships, corporations, and undertakings which are authorized to practice using a name which includes “Allen Overy Shearman Sterling” or “A&O Shearman”. See “Data controllers” below for more information on the entities that control and process personal information in A&O Shearman.

What personal information do we collect about you?

We may collect personal information from you in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal or other services, or as a result of your relationship with one or more of our staff and clients.

The personal information that we process includes:

  • Basic information, such as your name (including name prefix or title), the company you work for, your title or position, and your relationship to a person
  • Contact information, such as your postal address, email address, and phone number(s)
  • Professional information, including your photograph, from LinkedIn or the website of the organization you work for
  • Financial information, such as payment-related information
  • Technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically, collected through cookies and other tracking technologies
  • Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements, or generated by us in connection with your attendance at one of our offices, such as CCTV and access records
  • Identification, background, and financial verification information provided by you or collected as part of our business acceptance and ongoing monitoring processes
  • Personal information provided to us by or on behalf of our clients or generated by us in the course of providing services to them, which may include data relating to criminal convictions or offences or special categories of data (which is data relating to race or ethnic origin, political opinions,religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation, genetic data, or biometric data used for identification purposes
  • Any other information relating to you which you may provide to us

How we obtain your personal information

  • We collect information directly from you as part of our business acceptance processes and about you and others as necessary in the course of providing legal services
  • We collect your personal information while monitoring and analyzing our technology tools and services, including our website, email, and other communications sent to and from A&O Shearman
  • Your personal information may be provided to us or collected by us in connection with the procurement or provision of technology, goods, or services
  • We gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff or registering on one of our digital platforms, applications, or training courses   
  • We may collect or receive information about you from other sources, such as keeping the contact details and professional information we already hold for you accurate and up to date using publicly available sources, including LinkedIn, or collecting information from third-party sources as part of our business acceptance or supplier onboarding procedures

How, and on what basis, we use your personal information

Under EU and UK data protection law, the use of personal information must be justified under one of a number of legal grounds. The principal legal grounds that justify our use of your personal information are:

  • Consent: where you have explicitly consented to the use of your personal information where required by law
  • Contract performance: where we need to use your information for the performance of a contract to which you are a party, for example, if we engage with you as an individual to provide or receive legal or other services
  • Legal obligation: where we need to use your information to comply with our legal and regulatory obligations
  • Legitimate interests: where we use your information for our, or a third party’s, legitimate business purposes and where those interests are not overridden by your rights, interests, or freedoms
  • Legal claims: where we need to use certain categories of personal information to establish, exercise, or defend legal claims or proceedings
  • Substantial public interest: where we need to use certain categories of personal information for reasons of substantial public interest

We have set out below the principal purposes for which we use your personal information and the principal legal grounds under EU and UK data protection law that we rely on to do so.

PurposePrincipal legal grounds
To provide and improve this website, including auditing and monitoring its use, and ensure content is provided in the most effective way for you and the devices you are using
  • Legitimate interests, such as ensuring the security and functionality of the website and promoting and improving our business
  • Consent, for example in relation to our use of cookies
To provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients
  • Legitimate interests in meeting our obligations under the agreements we enter into for the provision of legal and other services
  • Legal obligation, such as our legal regulatory obligations globally
  • Contract performance, for example where our client is an individual
  • Legal claims in relation to special categories of personal information or data relating to criminal convictions or offences
To manage, administer, and improve our business and our relationships with you and our clients and other third parties, such as suppliers, barristers, and local counsel
  • Legitimate interests in appropriately managing, administering, and improving our business and related relationships
  • Legal obligation, such as our legal regulatory obligations and anti-money laundering, sanctions, and anti-bribery laws and regulations
  • Contract performance
  • Legal claims in relation to special categories of personal information or data relating to criminal convictions or offences
To monitor compliance with our policies and standards
  • Legitimate interests, for example keeping data secure and managing information in compliance with applicable law
  • Legal obligation, such as our legal regulatory obligations globally
To better understand our clients’ or potential clients’ requirements and to promote and develop our services and offerings, including sharing legal and business updates, publications, and event details
  • Legitimate interests in promoting and developing our business and serving our clients
  • Legal obligation, where we need to use special categories of data to organize and host events, including compliance with health and safety requirements and equality laws
  • Consent, for example in relation to our use of cookies
To provide information requested by you
  • Legitimate interests in administrating, managing, and conducting our relationship with you
  • Contract performance
To manage access to our premises and for security and other purposes
  • Legitimate interests in ensuring our premises are secure and safeguarding our staff and visitors
  • Legal obligation, including compliance with health and safety requirements and equality laws
To fulfill our legal, regulatory, and risk management obligations, including establishing, exercising, or defending legal claims, complying with the rules of professional bodies of which we are a member, preventing crime or fraud, and protecting the rights of third parties
  • Legitimate interests in appropriately managing risk in our organization, establishing, taking, or defending actual and potential claims, and cooperating with law enforcement and regulatory authorities
  • Legal obligation, for instance as part of our client onboarding procedure designed to comply with anti-money laundering, sanctions, and anti-bribery laws and regulations and our regulatory obligation to manage conflicts
  • Legal claims in relation to special categories of personal information or data relating to criminal convictions or offences
  • Substantial public interest, such as the prevention or detection of unlawful acts, in relation to special categories of personal information or data relating to criminal convictions or offences

Use of A&O Shearman website

A number of facilities on our website invite you to provide us with personal information, such as the vacancy application facility in the “Careers” section of our website and our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal information, and we only use that information for those purposes.

We use cookies on our website. To learn more about the cookies we use and how to disable them, please view our Cookie policy.

Marketing and other emails

To ensure that we provide content that is of interest, we use technology in our marketing emails and on our websites that logs whether you click on the links in our emails and, if you follow a link to one of our websites, the time and date you access the websites and how long you spend on the website. We may use this information to determine what future marketing is likely to be of interest to you. If you would prefer that we don’t record this information, please don’t click on the links.

We will log your response to our marketing emails and may use this to determine what future marketing is likely to be of interest to you and what future marketing we send you. For example, if you accept an invitation to a seminar, we will record this and may send you marketing emails relevant to that seminar and the topics it covers in the future.

We may also use a relationship management tool, where permitted by applicable local law, to assess the strength of the relationship between individuals in A&O Shearman and our clients or potential clients based on the frequency of email contact between them. We use that information in order to assess, analyze, and improve the services that we provide.

If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by sending an email to epublications@aoshearman.com.

Meetings, events, and seminars

We will collect and process personal information about you in relation to your attendance at our offices or at an event, training, or a seminar organized by A&O Shearman or its business partners. We will only process and use special categories of personal information about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your personal information with IT and other service providers or business partners involved in organizing or hosting the relevant event.

Legal, technology, and other services

We collect, create, hold, and use personal information in the course of and in connection with the services we provide to our clients. We will process identification and background information as part of our business acceptance, finance, administration, and marketing processes, including anti-money laundering, conflict, reputational, and financial checks.

In the course of our business, we will process personal information using a range of technologies, including cloud-based systems and artificial intelligence. We will also process personal information provided to us by or on behalf of our clients or generated by us for the purposes of the work we do for them. The information may be disclosed to third parties to the extent reasonably necessary in connection with that work. Please also see “Who we share your personal information with” and “Which countries we transfer your personal information to” below.

How long we keep your personal information for

Your personal information will be retained in accordance with our global data retention policy which categorizes all of the information held by A&O Shearman and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice, and A&O Shearman’s business purposes.

Who we share your personal information with

We are an international business and any information that you provide to us may be shared with and processed by any entity in the worldwide network of A&O Shearman and our associated firms. You can see a list of our offices by clicking here.

We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:

  • Our professional advisors and auditors
  • Our insurers and insurance brokers
  • Suppliers to whom we outsource certain support services such as word processing, translation, photocopying, and document review
  • IT and other service providers to A&O Shearman
  • Third parties engaged in the course of the services we provide to clients and with their prior consent, such as barristers, local counsel and technology service providers like data room and case management services
  • Third parties involved in hosting or organizing events or seminars

Where necessary, or for the reasons set out in this Policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies, and law enforcement agencies. While it is unlikely, we may be required to disclose your personal information to comply with legal or regulatory requirements. We will use reasonable endeavors to notify you before we do this, unless we are legally restricted from doing so.

We do not sell or rent personal information or otherwise share it with a third party in return for monetary compensation, except with your prior permission. If in the future we re-organize or transfer all or part of our business, we may need to transfer your personal information to new A&O Shearman entities or to third parties through which the business of A&O Shearman will be carried out.

A&O Shearman may use social media sites such as Facebook, LinkedIn, and X (formerly Twitter). If you use these services, you should review their privacy policy for more information on how they deal with your personal information.

How we protect your personal information

We use a variety of technical and organizational measures to help protect your personal information from unauthorized access, use, disclosure, alteration, or destruction consistent with applicable data protection laws.

This includes the use of data loss protection tools in order to protect A&O Shearman, our employees, clients, and suppliers from cyber threats and the loss of sensitive information.

A&O Shearman’s document management and email systems are certified to the internationally recognized ISO/IEC 27001 security standard. This is an independently verified certification that information security is managed in line with international best practice.

When we engage a third-party service provider to collect or otherwise process personal information on our behalf, the third party is selected carefully and will be required to have appropriate security measures in place.

Which countries we transfer your personal information to

In order to provide our services, we may need to transfer your personal information to locations outside the jurisdiction in which you provide it or where you are viewing this website for the purposes set out in this Policy. This may entail a transfer of your personal information from a location within the European Economic Area (the “EEA”) to outside the EEA, or from outside the EEA to a location within the EEA. Please see “Who we share your personal information with” for more detail on how the information may be shared with A&O Shearman offices and third-party service providers.

The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws. EU standard contractual clauses are in place between all A&O Shearman entities that share and process personal information. Where our third-party service providers process personal information outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses.

Please contact us using the details at the end of this Policy if you would like to see a copy of the safeguards applied to the export of your personal information.

Your rights regarding your personal information

The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects.

You are entitled to request a copy of the information we hold about you and information on how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorized transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organization. You may also have the right to lodge a complaint in relation to A&O Shearman’s processing of your personal information with a local supervisory authority.

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.

Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see “How, and on what basis, we use your personal information”) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by email to epublications@aoshearman.com.

Country-specific privacy information

Please click on the headings below for additional country-specific privacy information

Changes to our Privacy Policy

We will update this Policy from time to time to reflect changes to the way in which we use your personal information. Please check our website regularly for any updates.

This privacy policy was last updated in April 2026.

Data controllers

There are a number of entities through which A&O Shearman provides legal and other services. The identity of the relevant data controller will depend on the location where legal or other services are provided. Please click here for details of which A&O Shearman entity will be the data controller in each country.

In certain circumstances, Allen Overy Shearman Sterling LLP, Allen Overy Shearman Sterling US LLP, or another A&O Shearman entity may also be a data controller of your personal information, for example certain personal information processed using, or accessible via, global systems.

Get in touch

If you need further information or have any questions or complaints about our Policy or practices, please contact:

Chief Privacy Officer
A&O Shearman
68 Donegall Quay
Belfast
Northern Ireland
BT1 3NL 
Email: DataPrivacy@aoshearman.com

Explore our careers privacy policies

Experienced hire and support pre-hire privacy policy
Peerpoint privacy policy
Student and graduate pre-hire privacy policy