Introduction
This Privacy and Cookies Policy is applicable to www.scott-scott.com (the “Site”) owned or operated by Scott+Scott Attorneys at Law LLP together with Scott+Scott UK LLP and Scott+Scott Germany LLP (“Scott+Scott”, “we”, “our”, or “us”). This policy sets out the basis on which any personal information we collect from you, or that you provide to us, through the Sites will be processed by Scott+Scott. This policy also sets out the basis on which we process personal information relating to individuals which we obtain indirectly in connection with the lawsuits we bring on behalf of our clients. Please read this policy carefully to understand our views and practices regarding your personal information and how we will treat it. Scott+Scott Attorneys at Law LLP, Scott+Scott UK LLP and Scott+Scott Germany LLP are joint controllers of the personal data we process in connection with this Privacy and Cookies Policy. If you would like further information regarding the joint controller arrangement in place between the parties, including the allocation of responsibilities between the parties for adherence to applicable data protection laws, please contact us using the details set out in the “Contacting Us” section below. This Privacy and Cookies Policy does not apply to our client or employee personal information or candidate recruiting practices. We have separate privacy policies pertaining to those activities. Please let us know if you wish to request further information about our data protection practices in relation to recruitment. Our Client Data Protection Policy is available via our website: www.scott-scott.com. Contacting Us Data Protection Principles Personal information we may collect about you Disclosure of your information Cookies International Transfers Security How Long We Keep Your Personal Information Your Legal Rights Complaints Changes to this policy CT PUBLIC ACT 08-167 and C.G.S. §42-471 Non-Public Personal Information Confidentiality and SecurityContacting Us
If you have any questions about this Privacy and Cookies Policy or your personal information, or to exercise any of your rights as described in this Privacy and Cookies Policy or under data protection laws, you can contact us as follows: Scott+Scott UK LLP St. Bartholomew House 90-94 Fleet Street London EC4Y 1DH t: +44 20 3911 5510 e: dpo@scott-scott.comData Protection Principles
Scott+Scott adheres to the following principles when processing your personal information as data controller:- Lawfulness, fairness and transparency: data must be processed lawfully, fairly and in a transparent manner.
- Purpose limitation: data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation: data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy: data must be accurate and, where necessary, kept up to date.
- Storage limitation: data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal information are processed.
- Integrity and confidentiality: data must be processed in a manner that ensures appropriate security of the personal information, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.
Personal information we may collect about you
Scott+Scott may collect and process the following information about you: Information you provide to us:- You may give us information about you by filling in forms on the Sites or by corresponding with us by phone, e-mail message (or attachment to any e-mail message), or otherwise. You may do this because you want to request additional information about us or ask us to contact you or you may be interested in receiving legal services from us. The categories of personal information you provide may include:
- first and last name;
- job title and company name
- address;
- phone number;
- email address;
- details about your query or instruction; and
- any other identifier that permits Scott+Scott to make contact with you.
- With regard to each of your visits to the Sites, your web browser software may automatically provide to our web server technical information, such as the Internet protocol (IP) address, address of the website you linked from, the identity of your Internet Service Provider, and the type and version of the browser you are using.
- In addition, we collect personal information about third parties which are the subject of or relevant to a case or transaction which we are involved in on behalf of our clients or which we are assessing for prospective clients. For example, we collect information about individuals who directly or indirectly represent the other party in respect of legal proceedings on which we are advising our client. Such personal information may include contact information (such as a name, email address, work address and home address), information about a person’s business role (such as a job title) and all other information which is relevant to the specific matter which we are working on for our clients or prospective clients (for example, the dispute or case).
- our clients, prospective clients, litigation funders and other third parties involved in the lawsuits we assess or bring on behalf of our clients;
- publicly accessible sources, such as company registries and social media platforms.
Purposes for which we will process the information | Legal Basis for the processing |
To provide you with the information and services that you request from us. | It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate and develop business. We consider this use to be proportionate and will not be prejudicial or detrimental to you. |
To provide you with information about other services Scott+Scott offers that are similar or related to those that you have enquired about. | It is in our legitimate interests to develop our services and grow our business. We consider this use to be proportionate and will not be prejudicial or detrimental to you. |
To:
|
For all these categories, it is in our legitimate interests to continually monitor and improve our services and your experience of the website and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you. |
To carry out investigations to assess the viability of claims prior to commencing formal legal proceedings. | It is necessary in our and our clients’ legitimate interests to assess the viability of claims to ensure we only engage in legal proceedings where it is appropriate to do so. |
Use of information about third parties which are the subject of or relevant to a case or transaction which we are involved in on behalf of our clients. We will use such personal information in order to seek, and fulfil, our clients’ instructions. | To do this, it is necessary in order to pursue our legitimate interests in carrying out our clients’ instructions and acting in the best interests of our clients. |
Disclosure of your information
As joint controllers, the personal information referred to in this policy is shared between the Scott+Scott group members referred to above. Please see the “International Transfers” section below for further details on this. Scott+Scott may disclose your personal information:- to its professional advisers including auditors and insurers;
- in the event that Scott+Scott sells or buys any business or assets, in which case Scott+Scott may disclose your personal information to the prospective seller or buyer of such business or assets;
- if Scott+Scott is acquired by a third party, in which case personal information held by Scott+Scott about its clients and contacts will be one of the transferred assets;
- to third parties involved in the legal proceedings we bring on behalf of our clients, such as the other side in such disputes, barristers, third party experts, courts and other judicial bodies and claims administrators; and
- if Scott+Scott is under a duty to disclose or share your personal information in order to comply with any legal obligation.
Cookies
A “cookie” is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic device) when you use the Site. We use cookies on the Site to help us recognise you and your device and store some information about your preferences or past actions. For example, we may monitor how many times you visit this Website, which pages you go to, traffic data, location data and the originating domain name of a user's internet service provider. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually. You can set your browser not to accept cookies and the website referred to below tells you how to remove cookies from your browser. However, some of the features on the Site may not function as a result. The cookies we use: The table below provides more information about the cookies we use and why:The cookies we use | Name | What they do |
Google Analytics | _ga | Used to identify unique users. Expires after 2 years. |
_gat | Used to throttle the request rate. Expires after 1 minute. | |
_gid | Tracks users as they navigate the website and help improve the website's usability. | |
Scott & Scott | _privacy_embeds | This cookie registers that you have given consent to the cookies on the Site. The cookie expires after 30 days during which time you will not be asked to provide consent again. |
International Transfers
As joint controllers, your personal information may be shared between any of the Scott+Scott group members referred to above, including in the USA. As such, your personal information may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) or UK. Your information may also be transferred or accessed internationally in the context of a litigation matter which you are involved. Where personal information is transferred to and stored in a country outside the EEA which is not determined by the European Commission as providing adequate levels of protection for personal information (such as the US), we take steps to provide appropriate safeguards to protect your personal information, including entering into standard contractual clauses approved by the European Commission. Scott+Scott UK LLP, Scott+Scott Attorneys at Law LLP and Scott+Scott Germany LLP are parties to a Data Transfer Agreement which incorporates the standard contractual clauses.Security
We use appropriate technical and organizational security measures to protect personal information both online and offline from unauthorized use, loss, alteration or destruction. We use physical and procedural security measures to protect information from the point of collection to the point of destruction. Where data processing is carried out on our behalf by a third party, we take steps to ensure that appropriate security measures are in place to prevent unauthorized disclosure of personal information. Despite these precautions, however, the transmission of information via the internet is not completely secure. Although Scott+Scott will do its best to protect your personal information, we cannot guarantee the security of your information transmitted to the Sites and any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.How Long We Keep Your Personal Information
We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means and the applicable legal requirements.Your Legal Rights
Subject to certain limitations, you have rights under data protection laws in relation to your personal information. These rights include the rights to:- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Note that we may refuse to comply with a request for access if the request is manifestly unfounded, excessive or repetitive in nature.
- Request correction of your personal information. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Note that we may refuse to comply with a request for correction if the request is manifestly unfounded, excessive or repetitive in nature.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note that we may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defense of legal claims.
- Request restriction of processing your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data, even if we no longer require it, as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it. Note that we may refuse to comply with a request for restriction if the request is manifestly unfounded, excessive or repetitive in nature.
- Request transfer of your personal information. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies where your personal information is processed by us with your consent or for the performance of a contract, and when processing is carried out by automated means.
- Right to withdraw consent. You can withdraw your consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
- Right to object to direct marketing. You have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
Complaints
If you have any questions or concerns regarding our Privacy Policy or practices, please contact us as provided in “Contacting Us” above. If you are located in the EEA, you also have the right to complain to your local data protection authority. In the UK, this is the Information Commissioner’s Office (https://ico.org.uk/). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. If you are in the EEA, you find your local supervisory authority here.Changes to this policy
Scott+Scott reserves the right to change this policy from time to time. Any changes will be posted on this page with an updated revision date.- Updated and Effective as of 1 January 2020