Privacy Policy

1.1 Who are we?

This privacy policy applies to Kobre & Kim L.L.P., a New York limited liability partnership practicing law from offices at 800 Third Avenue, New York, New York, U.S.A., as well as various other locations globally and other affiliated entities, including, but not limited to, Kobre & Kim (UK) LLP, Kobre & Kim (BVI) L.P., Kobre & Kim (Cayman), Kobre & Kim LLC, Kobre & Kim (Israel), Kobre & Kim, Kobre & Kim (Seoul), Kobre & Kim (Shanghai), Kobre & Kim (HK) LLP, Kobre & Kim Sutural Argentina, Kobre & Kim Services de Consultoria Ltda., Kobre & Kim Socidade de Consultores em Direito Estrangeiro – Direito Argentino e Direito Norte Americano, Kobre and Kim Business Advisors (KKBA) in Cyprus, and Dubai International Financial Centre (“DIFC”). Kobre & Kim (UK) LLP is a limited liability partnership, registered in England and Wales with registered number OC 347946. It is authorized and regulated by the Solicitors Regulation Authority, No. 537858. Kobre & Kim (BVI) L.P. is a British Virgin Islands Limited Partnership. Kobre & Kim (Cayman) is a Cayman Islands general Partnership. Kobre & Kim (Israel) is a branch of Kobre & Kim LLC, a New York limited liability company. Kobre & Kim is a registered general partnership and Hong Kong solicitors firm. Kobre & Kim (Seoul) is a Foreign Legal Consultant Office of Kobre & Kim L.L.P., approved by the Ministry of Justice of the Republic of Korea. Kobre & Kim (Shanghai) is a Representative Office (USA) of Kobre & Kim L.L.P. Kobre & Kim Sucursal Argentina is a registered branch of Kobre & Kim L.L.P. Kobre & Kim Serviços de Consultoria Ltda. is a limitada registered in Rio de Janiero, Brazil. Kobre & Kim Socidade de Consultores em Direito Estrangeiro – Direito Argentino e Direito Norte Americano is a foreign legal consultant firm registered in São Paulo.

1.2 Contact Information

Inquiries and concerns relating to our privacy practices can be directed to the following physical and email addresses:

Physical contact address for non-EU residents:

Kobre & Kim
ATTN: Data Privacy
800 Third Avenue
New York, New York 10022

Physical contact address for EU and Switzerland residents:

Kobre & Kim
ATTN: Data Protection Officer
Tower 42
25 Old Broad Street
London, EC2N 1HQ

Email Address: privacypolicy@kobrekim.com

We process personal data for a variety of reasons, depending on our relationship with you. We only process personal data for the purposes for which it was obtained and avoid processing it for other purposes. If we share your data with third parties, they are required to act only on our instructions and only for the purposes that we communicate to them.

In certain situations, Kobre & Kim may be required to disclose personal data in response to lawful requests by public authorities, including those made in accordance with national security or law enforcement requirements. This further includes circumstances in which we believe, in good faith, that disclosure is necessary to protect our rights, safeguard your safety or the safety of others, investigate fraud, or respond to requests made by administrative agencies.

Your personal data will not normally be disclosed to third parties, except as identified below and in connection with the fulfillment of our obligations to you and other purposes identified in this policy. This includes, without limitation, disclosures authorized through the terms of any retainer we may have with you.

We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data. We use this data to supplement the information we already have about you for research and analysis purposes, or in order to perform the legal services for which we have been engaged. We may also use this information to distribute materials to you that may be of interest with respect to your business activities or relationship with the firm.

If you provide us with the personal data of others, or if others provide us with your personal data, we will only use that data for the specific reason for which it was provided to us and in compliance with this privacy policy. You may withdraw your consent for us to use your personal data (i.e., "opt-out") at any time by contacting us at privacypolicy@kobrekim.com and following the instructions in Section 1.5 of this policy. Examples of the types of personal data that may be obtained from public databases, or third parties include your name, title, company, and personal or company activities that are either made public or accessible through third-party resources.

This privacy policy covers the following data processing activities:

1. Performing activities relevant to legal services you have requested from us
   1. We process data related to this purpose as part of a contractual or pre-contractual obligation to you. When we perform investigations of others on your behalf, we do so legally and in the public interest or on the basis of our identified legitimate interests. If you object to this processing, we may not be able to provide you with these services.
   2. Due to the nature of our casework, we may process any type of relevant personal data, as long as it is relevant to your request. This can be data provided to us by you, or it may be obtained from publicly available databases or third parties from whom we have purchased data. We use this data to supplement the data we already have about you for research and analysis purposes, in order to perform the legal services for which we have been engaged. If you provide us with the personal data of others, or if others provide us with your personal data, we will only use that data for the specific reason for which it was provided to us and in compliance with this privacy policy.
   3. We may share this data with third party service providers we engage for the purposes of the legal services requested from us. These people may have access to your personal data, but only for the duties outlined in the contractual or pre-contractual obligation. We will share with service providers to fulfill our obligations to you and other express purposes as permitted by you. This includes, without limitation, disclosures authorized through the terms of any retainer we may have with you.
2. Performing legally-obligated activities
   1. 1. We are required by law to conduct certain activities, such as conflict(s) checks, client due diligence, and employee screening. If you object to this processing, we may not be able to work with you.
      2. We may process any type of personal data in order to meet a legal obligation, whether provided to us by you or a third party. However, we will only process the data we are legally obligated to process.
      3. We will only share this data with others if legally obligated to do so.
3. Processing financial data as required or requested
   1. In order to do business with you as part of a contractual or pre-contractual obligation, we will process your financial data so that we can either collect funds owed to us or pay funds owed to others.
   2. The following categories of data are used for this purpose:
      1. Name
      2. Contact data
      3. Products and services rendered
      4. Banking and funds transfer data
   3. We will only share this data if it is necessary to do so for the stated contractual or pre-contractual agreements.
4. Identifying business opportunities and making business referrals
   1. We process data in order to identify business opportunities and provide a high quality of services for our clients as part of a legitimate interest.
   2. The following categories of data are used for this purpose:
      1. Name
      2. Contact data
      3. Professional details, such as company name, position, etc.
      4. Business and personal relationships
      
      
   3. We share this data with a third party that hosts our customer relationship management (CRM) system.
5. Direct marketing
   1. We process data in order to keep our clients, business partners and other interested parties up to date with relevant data and business activities, either with their explicit consent or as part of a legitimate business interest, depending on the relationship. If you would like to discontinue receiving these communications, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us at unsubscribe@kobrekim.com.
   2. The following data is used for this purpose:
      1. Name
      2. Contact data
      3. Marketing preferences selected by the individual
   3. We share this data with a third party that hosts our customer relationship management (CRM) system.
6. Responding to your questions and concerns
   1. We process data in order to satisfy general requests we receive from individuals as part of a legitimate business interest.
   2. We only use the personal data that you supply to us for this purpose.
   3. We do not share this data with third parties without your consent.
7. Considering your suitability for employment

   1. We process data in order to consider you for employment with us as part of a legitimate business interest.

   2. We use the following data for this purpose:
      1. Data that you provide directly to us
      2. Data that you have authorized a third party to share with us
      3. Data that you authorize us to obtain
      4. Publicly available data
      
      
   3. We may share this data with:
      1. Third-party companies who provide candidate interview and assessment services to us
      2. Suppliers who undertake background screening on our behalf (credit checking agencies, criminal record bureaus, etc.)
      3. Academic institutions (universities, colleges, etc.) in validating data you have provided
      4. Other third-party suppliers (or potential suppliers) who provide services on our behalf in connection with our employment process
8. Monitoring for criminal acts and ensuring data security
   1. We process data that we receive directly from you when interacting with our data technology resources and when visiting our offices as part of a legitimate interest to maintain security.
   2. The following categories of data are used for this purpose: electronic identifiers (i.e. Internet Protocol addresses, etc.); metadata associated with your electronic identifier (request, date stamp, etc.); CCTV footage.
   3. We share this data with third parties that monitor our network for suspicious activity and law enforcement if we believe a crime has been committed.
9. Understanding how individuals interact with our website
   1. We process data that is recorded when you visit our website for the purposes of analyzing trends in the aggregate and administering the website so that we can best serve you as part of a legitimate interest. You can control or block the use of cookies at the individual browser level. However, disabling or deleting cookies may limit your use of certain features or functions on our website.
   2. Using a unique identifier (Internet Protocol address or cookie) we process data related to the way you interact with our website, which includes browser type, internet service provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages and graphics), operating system, date/time stamp, and/or clickstream data.
   3. We share this data with various third parties, which can be found in our Cookie Policy.

1.3 How do we handle your data?

Kobre & Kim will take all reasonable steps necessary to ensure that your personal data is accurate and kept up to date and that any personal data that is transferred to others will be processed securely and in accordance with this privacy policy. In order to provide you with requested services or data, we may need to transfer your personal data to firm locations and/or service providers based in various countries. This does not diminish your rights.

Kobre & Kim only transfers personal data to third parties when appropriate legal considerations and agreements have been put into place before the personal data is transferred.

We will not sell, resell, lease, or license your personal data to any third parties. However, we may, if required for the purpose(s) for which your personal data was collected and processed, share it with our service providers, for the specific scope of their provision of services on our behalf to help with our business activities. These companies are authorized to use your personal data only as instructed by us in a manner that is necessary to provide these services to us.

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

We reserve the right to transfer any data we have about you in the event that we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to ensure that the transferee use the personal data you have provided through the website in a manner that is consistent with this privacy policy.

1.4 Data retention and data security

We only retain data for as long as necessary in light of the following circumstances:

1. If we are legally or contractually obligated to do so
2. If it is required to provide you with a service that you have requested
3. If there is business value and the interests of the business do not outweigh the interests of the individual
4. If there is historical value of public interest

The security of your personal data is important to us. We follow generally accepted standards to protect the data submitted to us, both during transmission and once it is received. Kobre & Kim has policies and technical measures in place designed to protect your personal data against unauthorized access, accidental loss, and improper use and disclosure. If you have any questions about the security of your personal data, you may contact us at privacypolicy@kobrekim.com.

Our data security standards are compliant to the standard necessary for each of our operating client regions.

1.5 Your rights

Kobre & Kim endeavor to act on all requests we receive from individuals in relation to our data processing activities, irrespective of where they reside. An individual can access, correct or request the deletion of their personal data via the email address at the end of this section.

However, EU and Switzerland, Dubai, and California residents have certain rights afforded to them as data subjects under the General Data Protection Regulation (GDPR), the DIFC Data Protection Law, and the California Consumer Protection Act (CCPA), respectively. Kobre & Kim’s compliance with the GDPR is overseen by the UK Information Commissioner’s Office, while its compliance with the CCPA is overseen by the California Office of the Attorney General. The DIFC Commissioner of Data Protection oversees Kobre & Kim’s compliance with the DIFC Data Protection Law. Data subject rights include:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. The right to make a complaint to the Supervisory Authority (Information Commissioner’s Office or, for Dubai residents, the Commissioner of Data Protection)
9. The right to non-discrimination 

If you would like more information on these rights, refer to the guidance found on the Information Commissioner’s website, which can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/, or the California Office of the Attorney General’s website, which can be found here: https://oag.ca.gov/privacy/ccpa

Individuals may submit a request to exercise these rights by sending the request to our Data Protection Officer via one of the contact methods identified at the beginning of this privacy policy. Such request should, at a minimum, contain:

1. Your full name, address and any other details you wish to give to help identify you and the information you want
2. The nature of your request (i.e. access, rectification, etc.), and depending on the nature of it, which time period the request pertains to (date from, date to)

We will respond to all data subject requests within 30 days. If the request requires more than 30 days to investigate, we will notify you why we need more time. It may take us up to 3 months to respond to complex requests. You will not be charged a fee for exercising your rights.

We may deny a request under the following circumstances:

1. If the request is not legal
2. If the identity of the requester cannot be verified
3. If we have an overriding legitimate interest

If you would like to make a complaint to the Information Commissioner’s Office, you may do so via:

Website: https://ico.org.uk/concerns/

Phone: +44 303 123 1113

If you would like to make a complaint to the DIFC Commissioner of Data Protection, you may do so via:

The Commissioner of Data Protection

Mail:      Dubai International Financial Centre Authority

Level 14, The Gate

P.O. Box 74777

Dubai

United Arab Emirates

Website: commissioner@dp.difc.ae

Phone: +971 4 362 2222

Access

Kobre & Kim will respond to any inquiries regarding whether we hold any of your personal data. You may access, correct, or request the deletion of your personal data by contacting us at privacypolicy@kobrekim.com. In certain circumstances, we may retain your personal data in order to continue providing necessary services or to comply with legal requirements. We will respond to these requests within a reasonable timeframe.

If you have an unresolved privacy or data-use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

We operate and provide services in different regions around the globe.  For all international transfers of personal data, we adhere to the principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability.

When there are international transfers of your personal information, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:

• We may enter into written agreements, such as standard contractual clauses, with recipients that require them to provide the same level of protection for the data.
• We may rely on other transfer mechanisms approved by authorities in the country from which the data are transferred.

Your personal information could be transferred, stored and processed in the United States using appropriate transfer mechanisms as required by applicable law.  Please note, however, that the data protection laws in the United States may not be as comprehensive as those in your country of residence.  Pursuant to the laws of the United States, we may be required to disclose personal information in response to requests by public authorities, including to meet national security or law enforcement requirements.  To the best of our knowledge our systems are not subject to routine access by government authorities without warrants or appropriate accountability via established legal process.  

2.1 Data Privacy Framework

Kobre & Kim follows the principles contained in the EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, the Frameworks). Kobre & Kim is committed to subjecting all personal data received from the EU member countries and United Kingdom;
https://www.dataprivacyframework.gov/s/article/FAQs-UK-Extension-to-the-EU-U-S-Data-Privacy-Framework-UK-Extension-to-the-EU-U-S-DPF-dpf?tabset-35584=2
and Switzerland, respectively, in reliance on each Framework, to the Frameworks’ applicable principles. We are renewing our certification to the Frameworks. During this renewal period, we will continue to apply the Frameworks’ principles to the personal data we received under such Frameworks for as long as we store, use or disclose such data.

To learn more about the Frameworks visit the Data Privacy Framework List maintained by the U.S. Department of Commerce at
https://www.dataprivacyframework.gov/s/participant-search.

Users can view the types of cookies that we use, why we use them, and control how we use any cookies that are not strictly necessary for the functioning of our website using the “Cookie Settings” link on the cookie banner at the bottom of our website, or by clicking here.

When users first access our website, we provide you the opportunity to actively consent or not consent to cookies used on our site before any, other than those that are strictly necessary, cookies are downloaded to your device. Consent is obtained via a pop-up window whereby clicking ‘I Accept,’ indicates that you consent to our use of cookies.

At any time, users can withdraw or change your consent to the cookies on our domain, either by indicating specific consent for specific categories of cookies or by rescinding consent to all except cookies strictly necessary for site function, by accessing the settings in your web browser. Instructions for how to do this are included in the section below.

However, please note that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences and some of our pages might not display properly. It is highly recommended that for the most secure and efficient user experience when visiting our site that you accept our use of cookies.

2.2 Asia-Pacific Economic Cooperation (APEC) Cross-border Privacy Rules (CBPR) System

Kobre & Kim's privacy practices comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the APEC framework can be found here [PDF] https://cbprs.blob.core.windows.net/files/2015%20APEC%20Privacy%20Framework.pdf.

Passive Collection

As is true of most websites, this website gathers certain information automatically. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages and graphics), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the website.

Tracking Technologies

Our website uses cookies and similar technologies. Additionally, we utilize third-party services, including Google Analytics and LinkedIn, which also set cookies. These features allow us to analyze trends and track movement to better understand how individual users experience our website as a whole. You can control or block the use of cookies at the individual browser level. However, disabling or deleting cookies may limit your use of certain features or functions on our website.  To learn more about how we use tracking technologies, please read our Cookie Policy.

Advertising and Social Networking Services

We partner with third parties that use tracking technology to track advertising across various sites external to Kobre & Kim. Our third party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising, click here. https://www.youronlinechoices.com/

Please note you will continue to receive generic ads.

Our website includes social media features, such as Facebook, Twitter, YouTube and LinkedIn sharing buttons as well as other social media integrations. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. In some instances, such as sharing content with your network, you must login to your social media account to do so. Your interactions with these features are governed by the privacy policy of the company providing it.