Annex

ANNEX I

A. LIST OF PARTIES

Data exporter(s): 

1. Name: The Client, as set out in the Agreement.
Address: The address of the Client as set out in the Agreement
Contact person’s name, position and contact details: The person responsible for instructing Cleary in relation to the Services, as set out in the Agreement or the Engagement Letter
Activities relevant to the data transferred under these Clauses: Recipient of Services under the Agreement
Signature and date: This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Controller 

2. …………………………………………………………………………………………………………………..

Data importer(s):

1. Name: Cleary Gottlieb Steen & Hamilton LLP, a New York limited liability partnership;
Address:  One Liberty Plaza
New York, NY 10006, United States of America
Contact person’s name, position and contact details: Sonya Foulds, Chief Risk Officer (email: sfoulds@cgsh.com)
Activities relevant to the data transferred under these Clauses: the provision of Services to Client under the Agreement.
Signature and date:  This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Cleary is primarily a data controller in terms of the provision of its Services, however it is acknowledged that it may at times be a data processor depending on the particulars of the service in question

2. Name: Cleary Gottlieb Steen & Hamilton LLP, an English limited liability partnership;
Address: 2 London Wall Place, London EC2Y 5AU, England
Contact person’s name, position and contact details: Sonya Foulds, Chief Risk Officer (email: sfoulds@cgsh.com)
Activities relevant to the data transferred under these Clauses: the provision of Services to Client under the Agreement.
Signature and date:  This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Cleary is primarily a data controller in terms of the provision of its Services, however it is acknowledged that it may at times be a data processor depending on the particulars of the service in question

3. Name: Cleary Gottlieb Steen & Hamilton Studio Legale, an Italian partnership;
Address: Via San Paolo 7 20121 Milan, Italy
Piazza di Spagna 15 00187 Rome, Italy
Contact person’s name, position and contact details: Sonya Foulds, Chief Risk Officer (email: sfoulds@cgsh.com)
Activities relevant to the data transferred under these Clauses: the provision of Services to Client under the Agreement.
Signature and date:  This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Cleary is primarily a data controller in terms of the provision of its Services, however it is acknowledged that it may at times be a data processor depending on the particulars of the service in question

4. Name: CGS&H Limited Liability Company;
Address: Paveletskaya Square 2/3
Moscow 115054, Russian Federation
Contact person’s name, position and contact details: Sonya Foulds, Chief Risk Officer (email: sfoulds@cgsh.com)
Activities relevant to the data transferred under these Clauses: the provision of Services to Client under the Agreement.
Signature and date:  This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Cleary is primarily a data controller in terms of the provision of its Services, however it is acknowledged that it may at times be a data processor depending on the particulars of the service in question

5. Name: Cleary Gottlieb Steen & Hamilton Consultores em Direito Estrangeiro;
Address: Rua Professor Atilio Innocenti, 165, 14th Floor
São Paulo, SO 04538-000, Brazil
Contact person’s name, position and contact details: Sonya Foulds, Chief Risk Officer (email: sfoulds@cgsh.com)
Activities relevant to the data transferred under these Clauses: the provision of Services to Client under the Agreement.
Signature and date:  This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Cleary is primarily a data controller in terms of the provision of its Services, however it is acknowledged that it may at times be a data processor depending on the particulars of the service in question

6. Name: Cleary Gottlieb Steen & Hamilton (Hong Kong)
Address: Hysan Place, 37th Floor
500 Hennessy Road Causeway Bay Hong Kong
Contact person’s name, position and contact details: Sonya Foulds, Chief Risk Officer (email: sfoulds@cgsh.com)
Activities relevant to the data transferred under these Clauses: the provision of Services to Client under the Agreement.
Signature and date:  This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Cleary is primarily a data controller in terms of the provision of its Services, however it is acknowledged that it may at times be a data processor depending on the particulars of the service in question

7. Name:  CGSH International Legal Services, LLP— Sucursal Argentina;
Address: Carlos Pellegrini 1427 – Floor 9 Argentina
Contact person’s name, position and contact details: Sonya Foulds, Chief Risk Officer (email: sfoulds@cgsh.com)
Activities relevant to the data transferred under these Clauses: the provision of Services to Client under the Agreement.
Signature and date:  This Annex is deemed completed as of the Effective Date.
Role (controller/processor): Cleary is primarily a data controller in terms of the provision of its Services, however it is acknowledged that it may at times be a data processor depending on the particulars of the service in question 

B. DESCRIPTION OF TRANSFER

Categories of data subjects whose personal data is transferred

  • Client (if an individual) and personnel of Client;
  • Parties to disputes, litigations, arbitration, transactions, negotiations or other legal matters involving Client, including personnel of those parties;
  • Personnel of Client’s partners, advisors and other entities with whom it has a relationship, so far as those personnel are relevant to or involved with the Services provided by Cleary;   

Categories of personal data transferred

These vary depending on the nature of the Services but may include:

  • Name and title  of personnel (such as position, seniority, department and description of responsibilities/duties);
  • Contact information (such as address, email address, fax number and phone number);
  • Client communications;
  • Client preferences provided to us (such as mailing lists signed up to for marketing and  events);
  • Client matter information and instructions 
  • “Know your client” information (such as passport details and other identifying documents);
  • Other information such as billing information, signatures, evidential documents supplied by Client in the course the services, tax identifier or VAT number);
  • Data included in emails and  files (including electronic files) provided to Cleary;
  • Technical information (such as username and passwords, IP address, domain, browser type, operating system, click-stream data and system logs); and
  • Other information provided by or obtained on behalf of Client as part of the Services.

Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.

  • Information regarding criminal offences;
  • Health or medical information; and
  •  Other special data provided by or obtained on behalf of Clients as part of the Services

The frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis).

Continuous for the duration of the Services.

Nature of the processing

The provision of the Services to Client as per the Agreement.

Purpose(s) of the data transfer and further processing

The provision of the Services to Client as per the Agreement.

The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period

Cleary will retain data processed as part of Client matters for the duration of the matter, plus a further period for legal purposes (normally six years from matter closure or the last bill to Client)

For transfers to (sub-)processors, also specify subject matter, nature and duration of the processing

The provision of the Services to Client as per the Agreement, on a continuous basis for the duration of the Services.

C. COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies in accordance with Clause 13

For UK exporters, the UK’s Information Commissioner

Where there is a sole EU exporter, – the appropriate Supervisory Authority based on the jurisdiction  of that exporter

Where there are multiple EU exporters, the Supervisory Authority of the jurisdiction set out in Clause 12 of the RTA 

ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA

For CGSH security measures please ask the contact set out at Annex I 


Appendix 1 - Controller to Controller

Appendix 2 - Controller to Processor