Privacy & Data Protection

Privacy Policy

This Privacy Policy explains how Ashford & Sterling Law Group and its affiliated offices (together, “the Firm,” “we,” “us”) collect, use, share, and protect personal information about clients, prospective clients, website visitors, and other individuals.

Last updated: 24 April 2026 ยท Effective: 1 May 2026

1. Scope of this policy

This policy applies to personal information collected through our website, client engagements, recruiting activities, and the operation of our business generally. It does not apply to legal advice we provide to clients, which is governed by the engagement letter and applicable rules of professional conduct.

2. Information we collect

We collect personal information in the following ways:

Information you provide directly

  • Identifying information (name, postal address, email, phone)
  • Professional information (employer, role, regulatory status)
  • Information related to a matter on which you seek our advice
  • Recruiting information (CV, references, work authorization)
  • Communications you send us through our forms or by email

Information collected automatically

  • Device, browser, and operating system metadata
  • IP address and approximate geographic location
  • Pages viewed, referring URL, and aggregate site analytics

Information from third parties

  • Public registries and sanctions lists used in client onboarding
  • Conflict-check and KYC providers
  • Background-check providers (recruiting only, with consent)

3. How we use information

We use personal information to:

  • Establish, perform, and conclude client engagements
  • Comply with anti-money-laundering, sanctions, and conflict-check obligations
  • Operate, secure, and improve our website and services
  • Distribute legal alerts and event invitations to which you have subscribed
  • Evaluate candidates for employment
  • Defend our legal interests and enforce our agreements
  • Comply with applicable law, regulation, and court process

5. Sharing and disclosure

We share personal information with:

  • Our offices and affiliated entities worldwide, on the same protective terms
  • Service providers who host, secure, and operate our systems
  • Co-counsel, experts, courts, and counterparties as necessary to a matter
  • Regulators, law-enforcement authorities, and auditors where required by law
  • Professional advisors and successors in connection with a firm transaction

We do not sell personal information.

6. International transfers

Personal information may be transferred to, and processed in, jurisdictions outside your home country, including the United States, United Kingdom, European Union, Japan, Hong Kong, Singapore, the United Arab Emirates, and other locations in which we maintain offices. Where required, we rely on Standard Contractual Clauses, the UK Addendum, the EU-US Data Privacy Framework, or other lawful transfer mechanisms.

7. Retention

We retain personal information for as long as necessary for the purposes described in this policy, then for the additional period required by professional-conduct rules, statutes of limitations, and applicable law. Client matter files are generally retained for at least seven years following the conclusion of the engagement, and longer where required.

8. Your rights

Depending on where you are located, you may have rights to access, correct, delete, restrict, or object to our processing of your personal information; to receive your data in a portable format; and to withdraw consent. To exercise a right, contact our Privacy Office at the address below. We will verify your request and respond within the timeframe required by applicable law.

A note on legal advice Information held in connection with legal advice is generally subject to legal privilege and professional-conduct duties. Some rights may be limited where fulfilment would compromise privilege, the integrity of an investigation, or the interests of another client.

9. Security

We maintain administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, alteration, disclosure, and loss, including encryption of data in transit and at rest, access controls, network segmentation, employee training, and an incident-response program. No system is perfectly secure.

10. Cookies and similar technologies

Our website uses a small number of strictly necessary cookies and, with your consent, analytics cookies. See our Cookie Policy for the complete list and instructions for changing your preferences.

11. Regional disclosures

California (CCPA/CPRA)

California residents have rights to know, delete, correct, and limit the use of sensitive personal information, and a right to non-discrimination. We do not sell or share personal information for cross-context behavioral advertising.

United Kingdom & European Economic Area

If you are located in the UK or EEA, you may lodge a complaint with your supervisory authority. The UK supervisory authority is the Information Commissioner's Office.

Other jurisdictions

Additional rights may apply under the laws of Brazil (LGPD), Japan (APPI), Singapore (PDPA), the UAE, and other jurisdictions in which we operate.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of the page reflects the most recent revision. Material changes will be announced on this page and, where appropriate, by direct notice.

13. Contact us

For privacy questions or to exercise a right, contact:

Office of the General Counsel โ€” Privacy
Ashford & Sterling Law Group
1 Vesey Tower, 48th Floor, New York, NY 10006, USA
[email protected]

EU/UK representatives are listed on our Legal Notices page.