SCOTT + SCOTT

WEBSITE PRIVACY + COOKIE NOTICE

This Privacy + Cookie Notice describes how Scott+Scott will protect your personal information.

By Scott+Scott (we, us, our, the Firm), we mean Scott+Scott Attorneys at Law LLP, including its US subsidiaries, Scott+Scott MTL PLLC and Themis Law Firm PLLC, and its Amsterdam subsidiary, along with its UK-based affiliate,  Scott+Scott UK LLP and its Germany-based affiliate, Scott+Scott Germany LLP.

This notice sets out how we will protect your personal information when it is shared with us in any way. We will protect your personal information when you:

  • visit our websites;
  • are directed to our website by an advert on other websites;
  • contact us for any reason;
  • request legal advice;
  • register yourself or your employer for an action;
  • are involved with our litigation in any way; or
  • supply goods or services to us.

This notice also sets out how we will protect your personal information when it is collected from organisations involved in litigation that we bring on behalf of our clients.

In addition to this notice, if you apply to join the Firm we will send you link to a Candidates Privacy Notice, followed by an Employee Privacy Notice if you are successful.

Where you contact us on behalf of an organisation, any information shared with us may not be classed as personal information, but we will also respect its privacy.

In any case, as lawyers, we are obliged to maintain the privacy of all non-public personal information shared with us while we act for our clients, but we extend this obligation to all information shared with us.

This notice was last updated on March 10, 2025, and as it may be updated from time to time, please check this website for any updates.

THIS WEBSITE

DATA PROTECTION PRINCIPLES

THE LEGALITY OF OUR PROCESSING

PERSONAL INFORMATION PROCESSING

PROCESSING SENSITIVE PERSONAL INFORMATION

PROCESSING FOR AI PURPOSES

PROCESSING FOR MARKETING

PROCESSING FOR PROFILING

INFORMATION RETENTION

INFORMATION SHARING

INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION

SECURITY OF YOUR PERSONAL INFORMATION

YOUR RIGHTS OVER YOUR PERSONAL INFORMATION

HOW TO EXERCISE YOUR RIGHTS

 

THIS WEBSITE

We use Google’s ‘reCAPTCHA’ service to protect our websites from automated, malicious access attempts. This service notes your IP address, and your behavior on our websites, to distinguish you from malicious behavior by an online bot. The terms of use of their service are provided by Google at: here and their privacy policy at: here. We have no control over how Google protects your personal information.

We use cookies (and other technologies such as web beacons or pixels) to support the use of our websites. Cookies are small data files that are placed on your browser or device when you visit a website. These are widely used by websites to help the site work properly, remember visitors’ preferences, and, where the visitor gives consent, to gather data for marketing, advertising, or analytics purposes.  There are two main types of cookie:

  • ‘necessary cookies’ help the websites to work properly, to protect your security, and save your preferences, but these are not reused for other purposes; and
  • ‘additional cookies’ that help us to improve our websites.

We need your consent before we save ‘additional cookies’ to your browser. When you first visit our websites we invite you to click ‘Accept All’ on our cookie banner so that we can save ‘additional cookies’ that help us to manage our website. If you click ‘Reject All’ we will save ‘necessary cookies’ but not save ‘additional cookies’ in your browser. As a result, some aspects of our websites might not work as intended.

If you click ‘Accept All’ to us saving ‘additional cookies’ in your browser, we will use them to monitor how you use our website, to make sure that it is operating as expected. We do not share or sell any information about your visit to our websites with any other third parties without your consent. We also do not track your online behavior across other websites or devices.

We also anonymise data about how you use our websites before sharing it with Google Analytics who will give us feedback on how our websites are performing. This feedback helps us to fine-tune our websites, making them easier for visitors to use. Google Analytics is unable to directly identify you from this data, and details of how Google safeguards this data is available at: here.

Our websites are not directed towards children, but we understand that they may be accessed by visitors aged under 18. If you are aged over 13, 14, 15 , or 16, depending on where you live, you can give consent to us saving ‘additional cookies’ on your computer just like an adult. Where our websites are accessed by a child aged under 13, we assume that consent for placing additional cookies’ is provided by their parent or guardian. We will not knowingly collect any other personal information from anyone aged under 18.

We retain data from cookies only as long as is necessary for us to provide services to you. Data from cookies, IP addresses, and devices processed by Google Analytics is retained for varying periods and may be deleted separately.

Access to data from cookies is restricted to us, our specialist advisors, and our website hosting partners. If you would like to know more about the cookies we store, please contact the Data Protection Officer (DPO) at their contact address below.

You can change your consent preferences at any time by clicking on the cookie icon at the bottom left corner of our websites, and making your preferences again.

You can also manage cookies through your browser settings. You can find our how to do this on the most popular browsers:

Our websites may also include links to other organisations’ websites, but as we do not have control over how they deal with your personal information, we recommend that you read the privacy notice of every website you visit.

When you click on a link in an advert on a third-party website that directs you to our website, we will treat your personal information exactly as we would if you visited our website directly. We will offer a choice of cookies, and will not process your personal information any differently to how it is described in this notice.

However, we will note the link that directed you to our website in order that we can assess the effectiveness of different types of adverts. However, we do not track your online behavior across other websites or devices. Also, please note that we do not have any control over how the third-party website on which the advert was placed processes your personal information.

 

DATA PROTECTION PRINCIPLES

Where your personal information allows you to be identified, in the US it is classified as ‘Personal Identifiable Information (PII)’. Where personal information allows you to be identified, and which also ‘relates to’ you, in the European Economic Area and the UK it is classified as ‘personal data’. However, where your personal information is anonymised, and you can no longer be identified from it, it is no longer personal information, neither PII nor ‘personal data’.

Under data protection laws we are considered the ‘Controller’ of any personal information that you share with us, because we are responsible for deciding why and how it is processed. We are responsible for protecting your personal information from when we first collect it, through to when we delete it as we no longer need to process it. We are also responsible for protecting your personal information when we share it with other organisations.

All members of staff of the Firm, including all consultants, contractors, and temporary staff are required to always protect personal information and maintain its confidentiality. Training and awareness is provided in security and data protection measures, and specialist staff are on call to provide expertise in data protection issues for all staff.

Where staff are prohibited from accessing information on a particular case due to a potential litigation conflict, information barriers are put in place to prevent access to the relevant information. Where personal information is subject to a legal protective order, data protection and security controls are put in place to comply with the order and protect the information’s confidentiality.

The Firm is audited in how it protects personal information, and remediation plans put in place where control weaknesses are found. The changing legal requirements for data protection mean that the Firm is constantly reviewing, revising, and improving its data protection controls.

The principles that guide how we process your personal information are derived from the EU’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other US Federal and State laws, including the Federal Trade Commission’s (FTC) Fair Information Privacy Practices (FIPPs), together with guidance from data protection authorities across Europe and the US, and Bar Associations across the US, and the respective legal regulators in Europe.

We will always comply with the following principles, which means that your personal information will be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for lawful purposes that we have clearly explained to you;
  • Limited to the lawful purposes that we have told you about;
  • Kept up to date;
  • Kept only as long as necessary for the lawful purposes we have told you about; and
  • Kept securely.

 

THE LEGALITY OF OUR PROCESSING

We will only process your personal information when we have a legal purpose for doing so. We will not sell or trade your personal information to third parties without your consent.

Most commonly, we will process your personal information when:

  • We need to prepare to or perform a contract we have with you;
  • We need to comply with a legal obligation; or
  • It is necessary for the legitimate interests of us or a third party, where the legitimate interests do not override your fundamental rights.

Less commonly, we may also process your personal information when:

  • We need to protect your, or someone else’s, vital interests; or
  • Where it is needed in a particular public interest, or for defined official purposes.

Where we cannot rely on other legal purposes, we may ask for consent to process your personal information. We will rarely need to ask for your consent, and you can withdraw consent at any time.

We will only process your personal information for the original legal purposes for which it was collected, and any later processing will be compatible with these original purposes. If we need to process your personal information for any purpose that is not compatible with the original purposes, we will inform you about our new lawful purpose before any new processing takes place.

PERSONAL INFORMATION PROCESSING

We collect personal information directly from you when:

  1. You click ‘Accept All’ to ‘additional cookies’ on our website;
  2. You are directed to our website from an advert on another website;
  3. You contact us for any reason;
  4. You or your employer request legal advice from us;
  5. You or your employer registers for an action with us or our associated law firms;
  6. You or your employer are involved in any way with litigation in which we or our associated law firms are involved; or
  7. You or your employer provide us a product or service.
  8. When you click ‘Accept All’ to ‘additional cookies’ the personal information we may collect includes:
  • Technical data about your browser, your computer, and your internet services provider; and
  • Information about the times of your visits, the pages you viewed, and any links to third party sites that you clicked.

We have a legitimate interest in processing this information to help us maintain our website.

 

  1. If you are directed to our website by clicking on an advert on another website, we may collect:
  • Details of the website on which the advert was placed;
  • Technical data about your browser, your computer, and your internet services provider; and
  • Information about the times of your visits, the pages you viewed, and any links to third party sites that you clicked.

We have a legitimate interest in processing this information to help us optimize our advertising.

 

  1. If you contact us, for any reason, we may collect:
  • Your name and contact details, including your email address, telephone number; and
  • The reasons for your contact with us.

We will process this information in order to respond to you, in advance of performing any contract for legal services for you.

 

  1. If you or your employer contacts us requesting legal advice, we may collect:
  • Your name and contact details, including your address, email address, and telephone number;
  • Your employer’s contact details, and your role at your employer;
  • In certain cases, your date of birth and SSN, or EIN, as applicable;
  • Publicly available information about you or your employer that provides background to your request; and
  • Sufficient information from you to allow us to use specialised databases to authenticate you or your employer, and for preventing financial crime.

We will process this information in order to perform a contract for legal services for you.

 

  1. If you have registered to join an action, either on your own behalf, or on behalf of your employer, we may collect:
  • Your name and contact details, including your email address, and telephone number;
  • Your employer’s contact details, and your role at your employer;
  • Details of your, or your employer’s activities relating to the action;
  • Details of communications between you, your employer, and other parties in the action;
  • Details from third parties, public sources, or other parties to any litigation; and
  • Your, or your employer’s banking details for payment of any compensation.

We will process this information in order to perform a contract for legal services for you.

 

  1. Where you or your employer are involved, or potentially involved in litigation related to a claim, we may collect:
  • Your name and contact details, including your email address, telephone number;
  • Your employer’s, or your home address, and any separate correspondence addresses;
  • Details of your employer’s activities, and your role at your employer;
  • Details of communications between you, your employer, and other parties in the action; and
  • Details from third parties, public sources, or other parties to any litigation.

We will process this information in order to perform a contract for legal services for you, your employer, or our client, while also complying with the law, and in our legitimate interests to pursue a legal action to sustain our business model.

 

  1. Where you or your employer provides us goods or services, we may collect:
  • Your name and contact details, including your email address, telephone number;
  • Your employer’s, or your address, and any separate correspondence addresses; and
  • Details of your employer’s goods or services, and your role at your employer;
  • Banking information as may be necessary to provide payment to your employer.

We will process this information in order that you or your employer may perform a contract for services for us, and in our legitimate interests to manage our business.

 

We will also collect personal information about you from other sources, such as:

  • Your employer;
  • Publicly available sources of information; and
  • Specialised databases used to authenticate individuals and for preventing financial crime.

We will process this information in order to perform a contract for services for you, your employer, or our client, while also complying with the law and in the public interest, and in our legitimate interests to pursue a legal action to manage our business, and sustain our business model.

Where we collect your personal information from a third party, we will endeavour to notify you of its processing within a calendar month of its collection. However, there may be circumstances in which  notification is prevented by law, or would involve a disproportionate effort, and so we may not be able to notify you. Where these circumstances apply, we will comply with the law.

If your personal information changes you should tell us without delay so that we can update our records.

PROCESSING SENSITIVE PERSONAL INFORMATION

Where we collect personal information from third parties, we may also collect sensitive personal information, that might also be considered ‘special category’ personal information, or information about protected classification characteristics. We would only collect this type of personal data as part of our legal obligations in a litigation action. This could include Social Security Numbers, credit card numbers, health details, biometric information, or political views.

In specialist actions, we may need to collect and process this type of data in order that we can fulfil our contract with you in pursuing an action. We will attempt to minimise our processing of this information, its sharing with others, and the length of time that we retain it. We will apply strict security measures over this type of information. When we are no longer required to process it, we will delete it.

We never sell or trade this type of biometric or sensitive personal information without your consent.

PROCESSING FOR AI PURPOSES

We may use information about our cases, or others’ cases, to create templates for use by the Firm. We may also use case information to fine-tune bespoke large language models for use as Artificial Intelligence (AI) tools. In all cases, we will remove personal information from the source material so that the resultant templates or AI tools do not pose a privacy risk to any individuals.

In addition, we may use public sources, or those with appropriate Creative Commons rights to develop templates or AI tools, and will always apply fair use or fair dealing principles in reasonable use of others’ intellectual property rights. Each instance will be assessed on its merits.

PROCESSING FOR MARKETING

We will not process your personal information in order to send you marketing communications. In addition, we will not share your personal information with any third party for marketing purposes. If you have registered to join an action that we are involved with, or download an online brochure, we may make you aware of other services we offer, or additional actions in the future that you may also wish to join. We will always do this in a way that is compliant with the law.

PROCESSING FOR PROFILING

We will not use your personal information to profile you except where this is needed to perform a contract with you, or comply with the law. In addition, we will not make important decisions about you based solely on automated processing of your personal information.

INFORMATION RETENTION

Where your personal information has been collected as part of an action, we will retain this information until any litigation is concluded, and then only for as long as the law requires or allows.

We will only retain your personal information for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period, we consider:

  • The amount, nature and sensitivity of the information;
  • The potential risk of harm from unauthorised use or disclosure of the information;
  • The purposes for which we process the information and whether we can achieve those purposes through other means; and
  • The applicable legal requirements.

At the end of the retention period, we will delete your personal information, in accordance with our Retention Policy, and all applicable laws and regulations. We will only retain this information for longer that this period to defend legal claims against us, and only if this is allowed by law. Any personal information retained after the end of the retention period will be stored in archives with restricted access.

INFORMATION SHARING

We may share your personal information with third parties that provide us specialist support services Each third party will be contractually obliged to protect your personal information to the same level as we provide. They must process your personal information only on our instructions, and cannot process it for any other purpose. We may also share your personal information with the courts or government agencies in order to comply with the law.

We may also share your personal information with third partes that also act as controllers of your personal information. These third parties will be responsible for protecting your personal information in compliance with the law. We do not sell or trade your personal information to third parties without your consent..

If you would like to know with whom we have shared your personal information, please contact the DPO.

 

INTERNATIONAL TRANSFERS OF YOUR PERSONAL INFORMATION

We may also share your personal information with specialist third parties that also operate outside Europe where the protections of the General Data Protection Regulation (GDPR) do not directly apply. When these third parties operate from countries that are considered in law to have the equivalent protections to that of the GDPR, such as Canada or Japan, your personal information is protected as if it were in Europe. Where the law considers the country not to have equivalent protections, such as in the US, the Firm protects your personal information through Standard Contractual Clauses (SCCs) authorised by the European Commission and the UK Government.

The Firm also shares personal information between its offices, in Europe and the US. We therefore have SCCs in place in order to protect any personal information of Europeans shared with the US. The level of protections over personal information the Firm has designed in the US are equivalent to those in Europe.

 

SECURITY OF YOUR PERSONAL INFORMATION

We use appropriate technical and organizational security measures to protect personal information from accidental or unauthorized disclosure, loss, alteration, or destruction. We protect personal information throughout its lifecycle; from the point of collection to the point of destruction.

Where information processing is carried out on our behalf by a third party, we ensure that they have appropriate security measures in place to protect personal information. We ensure that these protections are documented in legally binding contracts.

Despite these protections, information transferred over the internet is inherently insecure. It is therefore not possible to guarantee the security of your personal information transferred over the internet.

YOUR RIGHTS OVER YOUR PERSONAL INFORMATION

You have rights over how we use your personal information and you can exercise these rights at any time. You can do this easily by contacting our DPO by email, or in writing to the address at the end of this notice.

Once you ask us to exercise these rights we may need to request specific information from you, to help us confirm your identity and to clarify which rights you wish to exercise. Your rights vary by your resident country or state, so we will take into account these particular rights before responding to you.

We will acknowledge your request without delay, and will try to respond to all requests within one month. If we believe that it may take longer, we will inform you about this in advance. It is only if your request is considered to be clearly unfounded, repetitive or excessive, we may by law be able to refuse your request, or charge you a fee. Where the law prevents us completing your request in full, we will also explain this to you.

You have the right to:

  • Be informed about how we process your personal information;
  • Have a copy of your personal information;
  • Rectify it when inaccurate;
  • Object to its processing;
  • Restrict its processing;
  • Have it erased (the right to be forgotten); and
  • Object to automated decision-making; and
  • Withdraw consent given previously, for example to processing of cookies.

HOW TO EXERCISE YOUR RIGHTS

If you have any questions about how we handle your personal information, or wish to complain about this, or wish to exercise any of your data protection rights please email the Firm’s Data Protection Officer at [email protected], or by writing to:

Data Protection Officer

Scott+Scott (UK) LLP

1 Chancery Lane

London WC2A 1LF

UK

 

If you are not satisfied with how we handle your complaint, you can also make a complaint to your local data protection authority. This is:

In the UK:

The Information Commissioner’s Office (ICO)

In the Netherlands:

The Autoriteit Persoonsgegevens (Dutch Data Protection Authority)

In Berlin:

The Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information)

In other German Bundesländer:

The local Bundesländer data protection authority.

In California:

The California Privacy Protection Agency (CPPA)

In other US States:

Usually your State Attorney General’s office.