Any links from this website to other websites are provided merely for your convenience and do not imply endorsement by us of the content or provider.
The General Data Protection Regulation (GDPR) is intended to strengthen and unify data protection for all EU residents. This notice has been updated to reflect compliance with the regulation, which affects EU residents with whom we interact.
The CCPA is intended to enhance privacy rights and consumer protection for residents of California, United States. The CCPA becomes effective on January 1, 2020. For any other inquiries, please call 888-645-6050 or fill out the contact form here.
The Dubai International Financial Centre (DIFC)’s Data Protection Law applies to the processing of personal data in the DIFC, and it grants you certain rights similar to those granted by the GDPR.
This notice has been updated to reflect compliance with the regulations, which affect EU, Dubai, and California residents with whom we interact.
1.1 Who are we?
1.2 Contact Information
Inquiries and concerns relating to our privacy practices can be directed to the following physical and email addresses:
Physical contact address for non-EU residents:
Kobre & Kim
ATTN: Data Privacy
800 Third Avenue
New York, New York 10022
Physical contact address for EU and Switzerland residents:
Kobre & Kim
ATTN: Data Protection Officer
25 Old Broad Street
London, EC2N 1HQ
Email Address: email@example.com
We process personal data for a variety of reasons, depending on our relationship with you. We only process personal data for the purposes for which it was obtained and avoid processing it for other purposes. If we share your data with third parties, they are required to act only on our instructions and only for the purposes that we communicate to them.
In certain situations, Kobre & Kim may be required to disclose personal data in response to lawful requests by public authorities, including those made in accordance with national security or law enforcement requirements. This further includes circumstances in which we believe, in good faith, that disclosure is necessary to protect our rights, safeguard your safety or the safety of others, investigate fraud, or respond to requests made by administrative agencies.
Your personal data will not normally be disclosed to third parties, except as identified below and in connection with the fulfillment of our obligations to you and other purposes identified in this policy. This includes, without limitation, disclosures authorized through the terms of any retainer we may have with you.
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data. We use this data to supplement the information we already have about you for research and analysis purposes, or in order to perform the legal services for which we have been engaged. We may also use this information to distribute materials to you that may be of interest with respect to your business activities or relationship with the firm.
- Performing activities relevant to legal services you have requested from us
- We process data related to this purpose as part of a contractual or pre-contractual obligation to you. When we perform investigations of others on your behalf, we do so legally and in the public interest or on the basis of our identified legitimate interests. If you object to this processing, we may not be able to provide you with these services.
- We may share this data with third party service providers we engage for the purposes of the legal services requested from us. These people may have access to your personal data, but only for the duties outlined in the contractual or pre-contractual obligation. We will share with service providers to fulfill our obligations to you and other express purposes as permitted by you. This includes, without limitation, disclosures authorized through the terms of any retainer we may have with you.
- Performing legally-obligated activities
- We are required by law to conduct certain activities, such as conflict(s) checks, client due diligence, and employee screening. If you object to this processing, we may not be able to work with you.
- We may process any type of personal data in order to meet a legal obligation, whether provided to us by you or a third party. However, we will only process the data we are legally obligated to process.
- We will only share this data with others if legally obligated to do so.
- Processing financial data as required or requested
- In order to do business with you as part of a contractual or pre-contractual obligation, we will process your financial data so that we can either collect funds owed to us or pay funds owed to others.
- The following categories of data are used for this purpose:
- Contact data
- Products and services rendered
- Banking and funds transfer data
- We will only share this data if it is necessary to do so for the stated contractual or pre-contractual agreements.
- Identifying business opportunities and making business referrals
- We process data in order to identify business opportunities and provide a high quality of services for our clients as part of a legitimate interest.
- The following categories of data are used for this purpose:
2. Contact data
3. Professional details, such as company name, position, etc.
4. Business and personal relationships
- We share this data with a third party that hosts our customer relationship management (CRM) system.
- Direct marketing
- We process data in order to keep our clients, business partners and other interested parties up to date with relevant data and business activities, either with their explicit consent or as part of a legitimate business interest, depending on the relationship. If you would like to discontinue receiving these communications, you may update your email preferences by using the “Unsubscribe” link found in emails we send to you or by contacting us at firstname.lastname@example.org.
- The following data is used for this purpose:
- Contact data
- Marketing preferences selected by the individual
- We share this data with a third party that hosts our customer relationship management (CRM) system.
- Responding to your questions and concerns
- We process data in order to satisfy general requests we receive from individuals as part of a legitimate business interest.
- We only use the personal data that you supply to us for this purpose.
- We do not share this data with third parties without your consent.
- Considering your suitability for employment
We process data in order to consider you for employment with us as part of a legitimate business interest.
- We use the following data for this purpose:
1. Data that you provide directly to us
2. Data that you have authorized a third party to share with us
3. Data that you authorize us to obtain
4. Publicly available data
- We may share this data with:
1. Third-party companies who provide candidate interview and assessment services to us
2. Suppliers who undertake background screening on our behalf (credit checking agencies, criminal record bureaus, etc.)
3. Academic institutions (universities, colleges, etc.) in validating data you have provided
4. Other third-party suppliers (or potential suppliers) who provide services on our behalf in connection with our employment process
- Monitoring for criminal acts and ensuring data security
- We process data that we receive directly from you when interacting with our data technology resources and when visiting our offices as part of a legitimate interest to maintain security.
- The following categories of data are used for this purpose: electronic identifiers (i.e. Internet Protocol addresses, etc.); metadata associated with your electronic identifier (request, date stamp, etc.); CCTV footage.
- We share this data with third parties that monitor our network for suspicious activity and law enforcement if we believe a crime has been committed.
- Understanding how individuals interact with our website
- Using a unique identifier (Internet Protocol address or cookie) we process data related to the way you interact with our website, which includes browser type, internet service provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages and graphics), operating system, date/time stamp, and/or clickstream data.
1.3 How do we handle your data?
We will not sell, resell, lease, or license your personal data to any third parties. However, we may, if required for the purpose(s) for which your personal data was collected and processed, share it with our service providers, for the specific scope of their provision of services on our behalf to help with our business activities. These companies are authorized to use your personal data only as instructed by us in a manner that is necessary to provide these services to us.
1.4 Data retention and data security
We only retain data for as long as necessary in light of the following circumstances:
- If we are legally or contractually obligated to do so
- If it is required to provide you with a service that you have requested
- If there is business value and the interests of the business do not outweigh the interests of the individual
- If there is historical value of public interest
The security of your personal data is important to us. We follow generally accepted standards to protect the data submitted to us, both during transmission and once it is received. Kobre & Kim has policies and technical measures in place designed to protect your personal data against unauthorized access, accidental loss, and improper use and disclosure. If you have any questions about the security of your personal data, you may contact us at email@example.com.
Our data security standards are compliant to the standard necessary for each of our operating client regions.
1.5 Your rights
Kobre & Kim endeavor to act on all requests we receive from individuals in relation to our data processing activities, irrespective of where they reside. An individual can access, correct or request the deletion of their personal data via the email address at the end of this section.
However, EU and Switzerland, Dubai, and California residents have certain rights afforded to them as data subjects under the General Data Protection Regulation (GDPR), the DIFC Data Protection Law, and the California Consumer Protection Act (CCPA), respectively. Kobre & Kim’s compliance with the GDPR is overseen by the UK Information Commissioner’s Office, while its compliance with the CCPA is overseen by the California Office of the Attorney General. The DIFC Commissioner of Data Protection oversees Kobre & Kim’s compliance with the DIFC Data Protection Law. Data subject rights include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right to make a complaint to the Supervisory Authority (Information Commissioner’s Office or, for Dubai residents, the Commissioner of Data Protection)
- The right to non-discrimination
If you would like more information on these rights, refer to the guidance found on the Information Commissioner’s website, which can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/, or the California Office of the Attorney General’s website, which can be found here: https://oag.ca.gov/privacy/ccpa
- Your full name, address and any other details you wish to give to help identify you and the information you want
- The nature of your request (i.e. access, rectification, etc.), and depending on the nature of it, which time period the request pertains to (date from, date to)
We will respond to all data subject requests within 30 days. If the request requires more than 30 days to investigate, we will notify you why we need more time. It may take us up to 3 months to respond to complex requests. You will not be charged a fee for exercising your rights.
We may deny a request under the following circumstances:
- If the request is not legal
- If the identity of the requester cannot be verified
- If we have an overriding legitimate interest
If you would like to make a complaint to the Information Commissioner’s Office, you may do so via:
Phone: +44 303 123 1113
If you would like to make a complaint to the DIFC Commissioner of Data Protection, you may do so via:
The Commissioner of Data Protection
Mail: Dubai International Financial Centre Authority
Level 14, The Gate
P.O. Box 74777
United Arab Emirates
Phone: +971 4 362 2222
For all other Countries:
Kobre & Kim will respond to any inquiries regarding whether we hold any of your personal data. You may access, correct, or request the deletion of your personal data by contacting us at firstname.lastname@example.org. In certain circumstances, we may retain your personal data in order to continue providing necessary services or to comply with legal requirements. We will respond to these requests within a reasonable timeframe.
If you have an unresolved privacy or data-use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
We operate and provide services in different regions around the globe. For all international transfers of personal data, we adhere to the principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability.
When there are international transfers of your personal information, we will ensure that an adequate level of protection is provided for the information by using one or more of the following approaches:
- We may enter into written agreements, such as standard contractual clauses, with recipients that require them to provide the same level of protection for the data.
- We may rely on other transfer mechanisms approved by authorities in the country from which the data are transferred.
Your personal information could be transferred, stored and processed in the United States using appropriate transfer mechanisms as required by applicable law. Please note, however, that the data protection laws in the United States may not be as comprehensive as those in your country of residence. Pursuant to the laws of the United States, we may be required to disclose personal information in response to requests by public authorities, including to meet national security or law enforcement requirements. To the best of our knowledge our systems are not subject to routine access by government authorities without warrants or appropriate accountability via established legal process.
2.1 Data Privacy Framework
Kobre & Kim participates in and has certified its compliance with the EU-U.S. Data Privacy Framework, the UK extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework (together, the Frameworks). Kobre & Kim is committed to subjecting all personal data received from the EU member countries and United Kingdom;
and Switzerland, respectively, in reliance on each Framework, to the Frameworks’ applicable principles.
To learn more about the Frameworks, and to view our certification, visit the Data Privacy Framework List maintained by the U.S. Department of Commerce at
Kobre & Kim takes responsibility for the processing of personal data received under each Framework, including with respect to any transfers to a third party acting as an agent on its behalf. Kobre & Kim complies with the Frameworks’ principles for all onward transfers of personal data from the EU, the United Kingdom;, and Switzerland, including the onward-transfer liability provisions.
With respect to personal data received or transferred pursuant to the Frameworks, Kobre & Kim is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Kobre & Kim commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe Dispute Resolution, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. These dispute resolution services are provided at no cost to you.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Kobre & Kim commits to cooperate and comply with the advice of the panel established by the EU data protection authorities DPAs, the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.
Under certain conditions, more fully described on the Data Privacy Framework website, https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Users can view the types of cookies that we use, why we use them, and control how we use any cookies that are not strictly necessary for the functioning of our website using the “Cookie Settings” link on the cookie banner at the bottom of our website, or by clicking here.
At any time, users can withdraw or change your consent to the cookies on our domain, either by indicating specific consent for specific categories of cookies or by rescinding consent to all except cookies strictly necessary for site function, by accessing the settings in your web browser. Instructions for how to do this are included in the section below.
2.2 Asia-Pacific Economic Cooperation (APEC) Cross-border Privacy Rules (CBPR) System
Kobre & Kim's privacy practices comply with the APEC Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal data transferred among participating APEC economies. More information about the APEC framework can be found here [PDF] https://cbprs.blob.core.windows.net/files/2015%20APEC%20Privacy%20Framework.pdf.
As is true of most websites, this website gathers certain information automatically. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our website (e.g., HTML pages and graphics), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the website.
Advertising and Social Networking Services
Please note you will continue to receive generic ads.