This privacy policy (the “Privacy Policy”) is issued by SCOTT LEGAL (“SL”), 6 rue de la Rôtisserie, 1204 Geneva, Switzerland. This Privacy Policy explains the lifecycle of Personal Data (as defined below) at SL and the rights of the data subjects in respect of Personal Data processed by SL.
What does the term “Personal Data” comprise?
In this Privacy Policy, the term “Personal Data” means, with respect to a physical person:
- static information, such as the name and the contact information;
- financial information, such as bank account details;
- background information, which SL collects in the course of its client onboarding process; and
- other personal information (i) provided to SL by, or on behalf of, clients of SL or (ii) generated by SL in the course of the provision of services to its clients.
Personal Data may include “sensitive personal data,” such as information pertaining to administrative or criminal proceedings.
Why does SL process Personal Data?
SL processes Personal Data for the following purposes:
- the provision of legal or compliance advice to clients of SL;
- the management of the business relationship with clients of SL (including billing and fee collection); and
- the compliance with legal and regulatory requirements applicable to SL.
A. Lifecycle of Personal Data at SL
The lifecycle of Personal Data at SL is primarily composed of the following three steps:
Step 1 – collection of Personal Data
SL collects Personal Data:
- when SL onboards a client;
- when SL provides legal or compliance advice.
Generally speaking, the clients of SL provide the Personal Data (about themselves or about third parties) to SL. The clients of SL are informed and accept that it is their responsibility to pass on the information contained in this Privacy Policy to any third party whom their provide Personal Data about.
That being said, it should be noted that, in certain circumstances, SL may collect Personal Data from third-party sources, such as public records or third-party service providers.
Step 2 – processing of Personal Data
SL takes technical measures against unauthorized access to, or processing of, Personal Data and accidental loss or destruction of Personal Data.
In principle, SL does not transfer Personal Data outside of Switzerland. However, depending on the circumstances of its mandate, SL may have to transfer Personal Data to third-parties, including third-parties based outside of Switzerland, for example (but not limited to) sub-contractors, other counsel or accountants, as well as third parties involved in client matters. Where SL transfers Personal Data to third-parties, SL does so in accordance with applicable data protection rules and subject to its regulatory obligations. In addition, SL takes appropriate safeguards to ensure the protection of the Personal Data.
Step 3 – retention of Personal Data
SL retains Personal Data for as long as reasonably necessary for SL (i) to fulfill the purposes mentioned above or (ii) until the data subject withdraws his/her consent, provided that SL is not permitted to continue to hold such Personal Data for another reason (e.g., to exercise and/or defend legal claims or for purposes of an investigation).
B. What are the rights of a data subject in connection with his/her Personal Data?
Subject to applicable regulations, the data subject has the right to:
- access and obtain a copy of his/her Personal Data;
- request the rectification of his/her Personal Data when they are inaccurate or incomplete;
- request the erasure of his/her Personal Data, e.g., when they are no longer necessary for the purposes for which they were collected or processed, or when the data subject withdraws the consent necessary for the processing (subject to Step 3 above);
- object on legitimate grounds to the processing of his/her Personal Data;
- request the limitation of the processing of his/her Personal Data;
- receive information on the safeguards which SL may have implemented for transferring Personal Data to jurisdictions which do not ensure an adequate level of data protection (if applicable); and
- lodge a complaint with a competent data protection supervisory authority.
Version: October 2024