About A&M

A&M Privacy Notice

A&M Privacy Notice 

Alvarez & Marsal Holdings, LLC ('A&M', we”, “our”, “us”) is strongly committed to complying with all applicable data protection laws and regulations within every jurisdiction in which A&M operates.

This privacy notice describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy notice or as otherwise stated at the point of collection. Personal data is any information relating to an identified or identifiable living person. A&M processes personal data for numerous purposes, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ.  

A&M does not process, transfer, disclose or distribute personal data other than as described in this notice without consent from individuals to do so, unless required by law or regulation. To find out more about our specific processing activities, please go to the relevant sections of this notice.

Our Processing Activities

To find out more please go to the relevant sections of this notice. 

Business contacts    
A&M’s clients (and individuals associated with our clients)
Insolvency Services
Individuals who use our applications
Others who contact us
Our personnel
Recruitment applicants
Vendors and suppliers (including subcontractors and individuals associated with our vendors and suppliers)
Recruitment and placement services
Visitors to our website
Contacts in our customer relationship management, email marketing and events management (CRM) systems
Information from Third Party Licensors
Security
Sensitive personal information
When and how we share personal data and locations of processing
Data retention
Terms and conditions for use of the Website 

Changes to this privacy notice

A&M regularly reviews this privacy notice and reserves the right to modify or amend it at any time.

Data controller and contact information

The data controller is Alvarez & Marsal Holdings, LLC, with its registration address at 600 Madison Avenue, 8th Floor, New York, New York, 10022, and other A&M affiliates as applicable (such as other A&M affiliates that are contracting parties for the purposes of providing or receiving services).

If you have any questions about this privacy notice or how and why we process personal data, please contact us at:

Data Protection Office
Alvarez & Marsal Holdings, LLC
600 Madison Avenue 
8th Floor 
New York, New York, 10022
Phone: +1 212 759 4433
Data Subject Access Request form

If your inquiry relates to a business or personnel matter, including tenders/proposals; bankruptcy, restructuring or insolvency matters, including claims you may have against or accounts you may have with a company where A&M has been appointed as administrator, liquidator, receiver, monitor, trustee, referee, or otherwise by the court; billing/invoicing inquires; employment verification; resume/CV submission; service of legal process; or, any other non-privacy matter, please reach out directly to your A&M business contact, call us by telephone at one of the general office telephone numbers listed on our website, or submit a written inquiry through our Contact Us form.

Individuals’ rights 

You have rights in relation to the personal data we hold about you. We set out below an outline of those rights which, depending on the laws and regulations applicable to your circumstances, may exist in your case and how to exercise those rights. Please note that we will require you to verify your identity before responding to any requests to exercise your rights. To exercise any of your rights, please complete the Data Subject Access Request form

Please note that for each of the rights below we may have valid legal reasons to refuse your request. In any such instance we will let you know if that is the case. 

  • Access: You have the right to know whether we process personal data about you, and if we do, to access data we hold about you, and certain information about how we use it and with whom we share it.  
  • Portability: You have the right to receive a reasonable subset of the personal data you provide us if we process it on the basis of our contract with you, or with your consent. You also have the right to request that we transfer such personal data to another party. If you request we transfer the personal data to another party, please ensure you provide details of that party, and note that we can only do so where it is technically feasible. We are not responsible for the security of the personal data or its processing once received by the third party. 
  • Correction: You have the right to require us to correct any personal data held about you that is inaccurate, and to have incomplete data completed. 
  • Erasure: You may request that we erase the personal data we hold about you in the following circumstances: where you believe it is no longer necessary for us to hold the personal data; we are processing the personal data on the basis of your consent and you wish to withdraw your consent; we are processing your data on the basis of our legitimate interest and you object to such processing; you no longer wish us to use your data to send you marketing material / information; or you believe we are unlawfully processing your data. Please provide as much detail as possible on your reasons for the request to assist us in determining whether you have a valid basis for erasure. 
  • Restriction of Processing to Storage Only: You have a right to restrict us from processing the personal data we hold about you, other than for storage purposes, in the following circumstances: 
    • you believe the personal data is not accurate. In such a case, for the period it takes us to verify the accuracy of the data, processing will cease, unless you consent to processing, or if processing is required for legal purposes; 
    • the processing is unlawful, but you do not want the erasure of personal data, and instead request the restriction of the use of that data; 
    • we no longer need the personal data for the purposes of processing but you require us to retain the data for the establishment, exercise or defence of legal claims; and 
    • you have objected to us processing personal data we hold about you on the basis of our legitimate interest and you wish us to stop processing the personal data while we determine whether there is an overriding interest in us retaining such personal data.
  • Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with details as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or whether we need to process it in relation to legal claims.

Exercising your rights 

Your rights, as described above, may be exercised by completing the Data Subject Access Request form.

If your inquiry relates to a business or personnel matter, including tenders/proposals; bankruptcy, restructuring or insolvency matters, including claims you may have against or accounts you may have with a company where A&M has been appointed as administrator, liquidator, receiver, monitor, trustee, referee, or otherwise by the court; billing/invoicing inquires; employment verification; resume/CV submission; service of legal process; or, any other non-privacy matter, please reach out directly to your A&M business contact, call us by telephone at one of the general office telephone numbers listed on our website, or submit a written inquiry through our Contact Us form.

Access to personal data 
To access personal data held by us as a data controller, please complete the Data Subject Access Request form. We may charge a reasonable fee for a request for access of personal data in accordance with applicable law. Responses to any requests for information will be provided within legally required time limits.

Amendment of personal data
To update personal data submitted to us, please complete the Data Subject Access Request form. Alternatively, and where appropriate, please contact us via the relevant website registration page, or by amending the personal details held on relevant applications with which you registered.

When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.

Withdrawal of consent
Where we process personal data based on consent, you have a right to withdraw consent at any time. We do not generally process personal data based on consent (because we can usually rely on another legal basis). To withdraw consent to our processing of your personal data, please complete the Data Subject Access Request form. To stop receiving an email from an A&M marketing list, please click on the unsubscribe link in the relevant email received from us.  

Objection to Marketing 
At any time, you have the right to object to our processing of data about you in order to send you marketing information, including where we build profiles for such purposes, and we will stop processing the data for that purpose.

Complaints

We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please submit a written inquiry through our Contact Us form. We will look into and respond to any and all complaints we receive.

You also have the right to lodge a complaint with the supervisory body of the European Union country within which you reside, work, or where the alleged infringement of your personal data protection rights took place.

Our Processing Activities

Business contacts

Collection of personal data

A&M processes personal data about contacts (existing and potential A&M clients and/or individuals associated with them) using a customer relationship management system (the “A&M CRM”).
A&M does not sell or otherwise release personal data contained in the A&M CRM to third parties for the purpose of allowing them to market their products and services without consent from individuals to do so.

The collection of personal data about contacts and the addition of that personal data to the A&M CRM is initiated by A&M personnel and will include name, employer name, contact title, phone, email and other business contact details.   In addition, the A&M CRM may collect data from A&M email (sender name, recipient name, date and time) and calendar (organiser name, participant name, date and time of event) systems concerning interactions between A&M personnel and contacts or third parties.  

Use of personal data

Personal data relating to business contacts may be processed by A&M personnel to learn more about an account, client or opportunity they have an interest in, for the following purposes:

  • Administering, managing and developing our businesses and services;
  • Providing information about us and our range of services;
  • Making contact information available to other A&M personnel;
  • Identifying clients/contacts with similar needs;
  • Describing the nature of a contact’s relationship with A&M; and
  • Performing analytics, including producing metrics for A&M leadership, such as on trends, relationship maps, sales intelligence and progress against account business goals

In addition, the A&M CRM evaluates the strength of interactions between an A&M user and a contact.  This ranking is primarily based on interaction frequency, duration, how recent the contact was and response time.   

A&M’s clients (and individuals associated with our clients)

Collection of personal data

Where we need to process personal data to provide professional services, our clients are responsible for providing the necessary information to the data subjects regarding its use.  This includes, where a client engagement involves the transfer of personal data outside the European Union, that the relevant clients are responsible (where required) for providing appropriate notice to or obtaining appropriate consent from, the individuals whose data may be transferred. 

Our clients may use relevant sections of this privacy notice or refer data subjects to this privacy notice if they consider it appropriate to do so.

Given the diversity of the services we provide to clients, we process many categories of personal data, including:

  • Contact details;
  • Business activities;
  • Information about management and employees;
  • Payroll and other financial-related details; and
  • Investments and other financial interests.

Use of personal data

We use personal data for the following purposes:

  • Providing professional services. Our services often require us to process personal data in order to provide advice and deliverables;
  • Administering, managing and developing our businesses and services;
  • In order to operate our business, including:
    • managing our relationship with clients;
    • developing our businesses and services;
    • maintaining and using IT systems;
    • hosting or facilitating the hosting of events; and
  • Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails.  We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threat;
  • We monitor the services provided to clients for quality purposes, which may involve processing personal data stored on the relevant client file;  
  • We collect and hold personal data as part of our client engagement and acceptance procedures.  As part of those procedures we carry out searches using publicly available sources (such as internet searches and sanctions lists) to identify politically exposed persons and heightened risk individuals and organisations and check that there are no issues that would prevent us from working with a particular client;  
  • Unless we are asked not to, we use client business contact details to provide information that we think will be of interest about us and our services.  Examples include industry updates and insights, information on other services that may be relevant, and invitations to events; and   
  • As a professional services firm, we and our personnel are subject to legal, regulatory and professional obligations.  We maintain certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Insolvency Services

Collection of personal data.

Once a company undergoes an insolvency, one or more A&M insolvency practitioners (i.e., administrators and/or liquidators) could be appointed to manage the company’s affairs, business and property. Similarly, when a debtor is subject to insolvency or a restructuring regime, one or more A&M insolvency practitioners could be appointed to manage the debtor’s affairs, business and property. 

In this section:

  • Office holder refers to the A&M insolvency practitioners.
  • Company refers to the insolvent entity for which the office holders have been appointed.
  • Debtor refers to the individual who is subject to an insolvency or restructuring regime.
  • “You” refers to the data subjects concerned by the insolvency procedure of the company or debtor.

In providing insolvency services, A&M processes your personal data for the legitimate interests of assisting the office holders in the performance of their legal and regulatory obligations with regard to the insolvency procedures; although please note on occasion A&M acts as a data processor for its office holders (and on occasion relevant companies). For clarity the company or debtor remains data controller of your personal data processed for purposes that are not related to the legal and regulatory obligations of the office holders.

Most of the personal data we process is obtained from you directly, but we also indirectly obtain personal data about you.

Use of personal data. 

Your personal data may be processed for the following (non-exhaustive) purposes:

  • Communicating with the company or debtor’s creditors and individual creditors: specific information essential in order to carry out statutory duties (this information is to be used to assess, for example, an entitlement to any dividend should one be payable)
  • Provision of references or reports to government departments, regulatory authorities and appropriate bodies in connection with the holding of public office or responding to requests
  • Provision of statutory returns
  • Case administration purposes, including the realisation of assets, agreement of claims and payment of distributions
  • Processing for personal purposes of employees in accordance with the law and the company’s own policies
  • Administration of payroll, raising invoices, credit control and other data relating to the company’s finances
  • The reasonable and lawful provision of information to interested parties
  • The prevention and detection of crime or fraud
  • Establishing, exercising or defending legal rights, taking legal advice, taking or defending legal proceedings [our lawful basis here is legal obligation and/or legitimate interests of our clients]
  • Complying with legal obligations to which the company or debtor is subject
  • Quality and risk management purposes

The types of personal data processed for the above purposes include (but are not limited to) name, address, identifying information, payroll information, as well as any information with your dealings with the company or debtor that are necessary for the performance of the office holders’ statutory obligations during the insolvency procedure.

You have certain rights in relation to your personal data. If you have a query or wish to exercise your rights, please make a written request to the party responsible for your personal data (the company, debtor or the office holder) using the contact details provided in communications about the insolvency.  A&M should only be contacted direct if your enquiry is specifically in relation to A&M processing your data as a data controller.

Individuals who use our applications

We provide external users with access to various applications used by A&M. Such applications will contain their own privacy statements explaining why and how personal data is collected and processed by those applications.  

Others who contact us

We collect personal data when an individual gets in touch with us with a question, comment or feedback (such as name, contact details and contents of the communication). In these cases, we will only use the data for the purpose of responding to the communication.

Our personnel

We collect personal data concerning our own employees, partners, managers, directors, officers and agents as part of the administration, management and operation of our business activities.

Recruitment applicants

When applying for a role at A&M, applicants should refer to the information made available for details about why and how personal data is collected and processed. For more detail about our recruitment processes, please go to our Recruitment Policy.

Vendors and suppliers (including subcontractors and individuals associated with our vendors and suppliers)

Collection of personal data

We collect and process personal data about our vendors and suppliers (including subcontractors and individuals associated with them) in order to manage the relationship, enter into a contract, receive services from our suppliers and, where relevant, provide professional services to our clients.

Use of personal data

We use personal data for the following purposes:

  • We process personal data in relation to our suppliers and their personnel as necessary to receive the services; 
  • Where a supplier is helping us to deliver professional services to our clients, we process personal data about the individuals involved in providing the services in order to administer and manage our relationship with the supplier and the relevant individuals (for example, where our supplier is working with us as part of an A&M team providing professional services to our clients);
  • In order to operate our business, including:
    • managing our relationship with suppliers;
    • developing our businesses and services;
    • maintaining and using IT systems;
    • hosting or facilitating the hosting of events; and
    • administering and managing our website and systems and applications;
  • Personal data may be processed as part of the security monitoring that we undertake; for example, automated scans to identify harmful emails. We have security measures in place to protect our and our clients’ information (including personal data), which involve detecting, investigating and resolving security threats; 
  • We collect and hold personal data as part of our supplier contracting procedures. We monitor the services provided for quality purposes, which may involve processing personal data;
  • Unless we are asked not to, we use business contact details to provide information that we think will be of interest about us and our services. Examples include industry updates and insights, information on other services that may be relevant, and invitations to events;
  • As a professional services firm, we and our personnel are subject to legal, regulatory and professional obligations. We maintain certain records to demonstrate that our services are provided in compliance with those obligations and those records may contain personal data.

Recruitment and placement services

A&M’s services include global recruitment and placement services for three market verticals: professional services, alternative investments, and portfolio companies. This section sets out additional information about how A&M processes personal data in connection with its services. In this section our actual or potential hiring customers are referred to as 'Clients'. 

Collection of personal data

We collect and process personal data about individuals to manage and maintain the relationship, provide recruitment and placement services, and conduct market research and surveys.

The categories of personal data we process include the following:

  • Name 
  • Address 
  • Email and other contact details 
  • Date of birth 
  • Remuneration details 
  • Work history (including information relating to placements) 
  • Educational history, qualifications & skills 
  • Visa and other right to work or identity information 
  • Passport 
  • National insurance details 
  • Contact details of referees 
  • Information contained in references and pre-employment checks from third parties 
  • References and links to your professional profiles available in the public domain such as LinkedIn, Twitter or corporate website 
  • Other sensitive personal information such as or criminal record checks (see ‘Sensitive Personal Data’ section below). 
  • Your marketing preferences 

Use of personal data

We use personal data for the following purposes:

  • Managing and maintaining our relationship with you to perform administration of operational functions; 
  • Provide you with recruitment and placement services, which may include career guidance and notifying you of potential roles or opportunities; 
  • Assessing and reviewing your suitability for job roles; 
  • Introducing and/or supplying you to actual or potential Clients; 
  • Managing and maintaining our relationship with you to perform administration of operational functions;
  • Engaging you for a role with us or with our Clients;  
  • Conduct market research and satisfaction surveys; 
  • Collating market or sector specific information and providing the same to our Clients; and 
  • Responding to your queries.  

We may obtain your personal data from the following sources (please note that this list is not exhaustive): 

  • Directly from you (e.g. a Curriculum Vitae, application or registering an interest in job seeking, response to a survey, information provided at events, registering an interesting in our mailing list); 
  • By reference or word or mouth, for instance, from time to time we may also receive personal information about you from hiring organisations, colleagues and former employers, or from persons for whom you have provided services or been otherwise engaged; 
  • Job boards on which you have registered your details; 
  • Online Curriculum vitae libraries;  
  • The public domain e.g., corporate websites;  
  • Social Media. Part of our business activity involves researching information relating to individuals for the purposes of filling job roles. This may include obtaining personal data from online sources, for example we may obtain information from social media sites such as LinkedIn and job boards, some information being publicly available but others being from sites or providers to which we subscribe.
  • Conversations on the telephone or video conferencing (which may be recorded); 
  • Notes following a conversation or meeting; and
  • Our website contact forms and software applications. 

We may process your personal data on the basis of our legitimate interests, to take steps to enter into or perform a contract with you, to comply with our legal obligations or with your consent. Where we rely on legitimate interests, these include to effectively administer our recruitment and placement services, communicate with you about roles and suitability and collate market information and analysis on trends. You may withdraw your consent or otherwise unsubscribe from receiving marketing communications at any time by using the details

You have certain rights in relation to your personal data. If you have a query or wish to exercise your rights, please contact us by completing the Data Subject Access Request form. 

Visitors to our website

Collection of personal data

Visitors to our websites are generally in control of the personal data shared with us. We may capture limited personal data automatically via the use of cookies on our website. Please see the section on ‘cookies’ below for more information.

We receive personal data, such as name, title, company address, email address, and telephone numbers, from website visitors; for example, when an individual subscribes to updates from us.
Visitors are also able to send an email to us through the website. Their messages will contain the user’s name and email address, as well as any additional information the user may wish to include in the message.

We ask that you do not provide sensitive information (such as race or ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; physical or mental health; genetic data; biometric data; sexual life or sexual orientation; and criminal records) to us when using our website.

Cookies and website navigational information

We use small text files called ‘cookies’ which are placed on your hard drives to assist in personalising and enriching your browsing experience by displaying content that is more likely to be relevant and of interest to you. The use of cookies is now standard operating procedure for most websites. However, if you are uncomfortable with the use of cookies, most browsers now permit users to opt-out of receiving them. You need to accept cookies in order register on our website. You may find other functionality in the website impaired if you disable cookies. After termination of the visit to our site, you can always delete the cookie from your system if you wish. Please see the sections below for further details.

Website navigational information

As you navigate through our websites, we automatically collect technical information including Internet Protocol (“IP”) addresses through Web server logs, and other information through 'cookies' and Web beacons. 

An IP Address is a number that identifies your computer or other device whenever you access the Internet, allowing computers and servers to recognize and communicate with each other over a network. A&M collects technical information, including the IP address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; to aggregate non-personal information for analysis and trending.  
 
A Uniform Resource Locator (‘URL’) is the address of a specific website or file on the Internet. We collect information about your visit, including the full URL clickstream to, through and from our site (including date and time); items you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page; and any phone number used to call our customer service number.   

Cookies are small text files placed on your hard drive that allow the site to remember who you are. As an example, A&M uses cookies to compile aggregate statistics to enhance the overall website experience. On our web site, a notification ‘cookie’ banner will appear requiring your explicit consent to place and collect cookies. If you do not provide consent, target/advertising cookies will not be placed on your browser and your computer will not be identified. When you accept, your selection will be valid for a period of one year. Performance and Functionality cookies may still be required for necessary operation of our site. Such cookies will not be blocked through the use of this notification banner. If you wish to revoke your selection, you may do so by clearing your browser's cookies (often found in your browser's Tools or Preferences menu). Read more about how A&M uses cookies in our Cookies Policy.

Web Beacons are small image files on a Web page that may be used, for example, to count users that have accessed a page, or to gather other related website statistics. By disabling browser cookies, unique information associated with web beacons will also be disabled.

Use of personal data

When a visitor provides personal data to us, we will use it for the purposes for which it was provided to us as stated at the point of collection (or as obvious from the context of the collection).  
Typically, personal data is collected to:

  • register for certain areas of the site;
  • subscribe to updates;  
  • enquire for further information;
  • distribute requested reference materials;
  • submit bios / curriculum vitae (CVs);
  • monitor and enforce compliance with our terms and conditions for use of our website;
  • administer and manage our website, including confirming and authenticating identity and preventing unauthorised access to restricted areas, premium content or other services limited to registered users; and
  • aggregate data for website analytics and improvements.

Unless we are asked not to, we may also use your data to contact you with information about A&M’s business, services and events, and other information which may be of interest to you. Should visitors subsequently choose to unsubscribe from mailing lists or any registrations, we will provide instructions on the appropriate webpage or in our communication to the individual.

Our websites do not collect or compile personal data for the dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.  If there is an instance where such information may be shared with a party that is not an A&M affiliate, the visitor will be asked for their consent beforehand.

Links to other sites

A&M’s website may contain links to other sites that are not governed by this privacy notice but by other privacy statements that may be different. We recommend that users review the privacy notice of each website visited before disclosing any personal data.

Public forums (bulletin boards, blogs, chat rooms, etc.)

A&M may provide links to social media platforms maintained on separate servers by individuals or organizations over which A&M has no control. A&M makes no representations or warranties regarding the accuracy of information located on such servers. In addition, A&M cannot be held responsible if you share Personal Data on social media platforms that is subsequently used, misused or otherwise appropriated by another user. We recommend reviewing the privacy notice of any third-party site that may be linked from our website to determine their use of your Personal Data.

Contacts in our customer relationship management, email marketing and events management (CRM) systems

We process personal data in our CRM systems about: current and former clients and prospects, including individuals employed by or associated with these businesses; individuals who subscribe to A&M Bulletins and other email marketing materials; individuals who attend A&M sponsored or co-sponsored events; A&M alumni; and other contacts whose information we obtain from licensors, other third parties, and the public domain.

Our CRM systems typically include name, job title, address, email address, country, and phone number; name of company, employer, or organization; marketing preferences; invitation responses; and other information pertinent to our business relationship with you.

We do not intentionally collect sensitive data unless you provide us with such data (e.g., dietary or other special requirements that reveal your religion or food allergies) when you register for one of our events.

We use personal data in our CRM systems to communicate with you via email, telephone and/or postal mail in order to send you newsletters, initiations to events, firm announcements and other A&M offerings. Depending on your jurisdiction, we may process your personal data on the basis of your consent, our legitimate interests, or other lawful basis. You may withdraw your consent or otherwise unsubscribe from receiving marketing communications at any time.

Information from Third Party Licensors

A&M obtains contact details and other personal information regarding media contacts and influencers from a variety of sources including Cision. If you wish to know more about how such information is collected and used, please refer to Cision’s privacy notice at www.cision.com/us/legal/privacy-policy/. 
 

Security

We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security. We regularly review the appropriateness of the measures we have in place to keep the data we hold secure. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Sensitive Personal Data

Sensitive personal data includes any information which reveals details about your physical or mental health, political, religious or philosophical beliefs, sexual orientation and race or ethnic origin. It can also include information relating to a criminal offence. 

If you provide us with sensitive information, as well as seeking to ensure that one of the grounds for processing mentioned above applies, we will endeavour to make sure that one or more of the grounds for processing sensitive personal data applies. In outline, these include: 

  • Where you have explicitly consented to the processing; 
  • For the purpose of our assessment of your suitability for job roles or working capacity;
  • Where processing is necessary for the purpose of obligations or rights under employment, social security or social protection law; 
  • To maintain records of our dealings to address any later dispute, including but not limited to the establishment, exercise or defence of any legal claims. 

When and how we share personal data and locations of processing

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

We are a global professional services firm and sometimes use third parties located in other countries to assist us with business activities. As a result, personal data may be transferred outside the countries where our clients are located. This includes countries outside the European Union ("EU") and to countries that do not have laws that provide specific protection for personal data. We have taken steps to ensure all personal data is provided adequate protection, and that all transfers of personal data outside the EU and United Kingdom (“UK”) are done lawfully. When we transfer personal data outside of the EU and UK to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU (such as the European Commission approved standard contractual clauses).

In addition, one subsidiary of A&M, Alvarez & Marsal Disputes and Investigations, LLC (“A&M DI”), is certified under the EU-U.S. Data Privacy Framework and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information that is transferred from the EU, EE, Switzerland and/or UK to that entity, within the scope of its certification. Further details can be found in our Data Protection Framework Privacy Notice here.

Personal data held by us may be transferred to:

Other A&M affiliate entities

For details of A&M’s locations, please click here. We may share personal data with other A&M affiliates where necessary for administrative purposes and to provide professional services to our clients (e.g. when providing services involving advice from A&M affiliates in different territories). Our business contacts are visible to and used by A&M personnel from A&M affiliates to learn more about a contact, client or opportunity they have an interest in (please see the Business Contacts section of this privacy notice for more information about our processing of this type of data).

Third party organisations that provide applications / functionality, data processing or IT services to us

We use third parties to support us in providing our services and to help provide, run and manage our internal information technology (IT) systems. Examples include providers of IT, cloud based “software as a service”, identity management, website hosting and management, data analysis, data back-up, security and storage services. The servers powering and facilitating cloud infrastructure are located in secure data centres around the world, and personal data may be stored in any one of them.

Third party organisations or advisers that otherwise assist us in our operations

We use third parties to assist us in our operations, e.g. auditors and other professional advisers.  

Law enforcement or other government and regulatory agencies or to other third parties as required by, and in accordance with, applicable law or regulation

Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data. Examples may include checking that we are complying with applicable law and regulation; or to investigate an alleged crime, or establish, exercise or defend legal rights. We will only fulfil requests for personal data in accordance with applicable law or regulation.

We will also disclose personal data where reasonably necessary to:

  • enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address security, fraud or technical issues; 
  • protect the rights, property or safety of us, our personnel, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection); or 
  • in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets;

Data retention

We retain the personal data processed by us in accordance with our policies or otherwise for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation). Personal data may be held for longer periods where extended retention periods are required in order to establish, exercise or defend our legal rights.

 

Last updated: July 1, 2024

CONTACT US TODAY
SUBSCRIBE TO OUR BULLETIN
Download PDF version
FOLLOW & CONNECT WITH A&M


Your browser version isn’t supported. For optimal browsing experience, please use Chrome, Firefox, Safari, or Edge. Thank you.