Privacy and Cookie Notice



WEBSITE PRIVACY + COOKIE NOTICE

This page sets out the privacy and cookie notice for the Azure Cloud Claim.

Dr Maria Luisa Stasi has chosen to represent the interest of those businesses and organisations that licence Microsoft products for use on cloud computing services run by Microsoft’s competitors.

This Privacy Notice describes how Dr Stasi and her legal team (we, us, our) will protect your personal data when you visit our website, contact us, register for our claim, or supply services to us. Where you interact with us on behalf of an organisation, information you provide will not be classed as personal data, but we will also protect its privacy.

This notice may be updated from time to time, so please check this website for any updates.

THIS WEBSITE

We use cookies to support your use of our website. A cookie is a small file of data that is saved by your browser when you first visit our website. There are two main types of cookie:

‘strictly necessary’ cookies that help the website to work, protect your security, save your preferences; and other ‘not strictly necessary cookies’ that help us to manage our website and the claim.

We need your consent before we save cookies to your browser, unless the cookie is ‘strictly necessary’ and not reused for other purposes. When you first visit our website, we save ‘strictly necessary’ cookies on your browser, and invite you to click ‘Accept’ so that we can save other ‘not strictly necessary’ cookies that help us to manage the website and the claim. If you click ‘Reject’ we will not save these ‘not strictly necessary’ cookies on your browser, but some aspects of our website might not work as intended.

If you click ‘Accept’ to us saving ‘not strictly necessary’ cookies on your browser, we will anonymise data about how you use our website before sharing it with Google Analytics which will give us feedback on how our website is performing. This feedback helps us to fine-tune how our website works. Google Analytics is unable to directly identify you from this data, and details of how it safeguards this data is available at: https://support.google.com/analytics/answer/6004245.

Our website may also include links to other organisations’ websites, but as we have no control over how they deal with your personal data, we recommend that you read the privacy notice of each website you visit.

This website is not directed towards children, but we understand that it may be accessed by visitors aged under 18. If you are aged over 13, 14, 15 , or 16, depending on where you live, you can give consent to saving cookies on your computer just like an adult. Where our website is accessed by a child aged under 13, we assume that consent for placing cookies is provided by their parent or guardian.

We retain cookies only as long as is necessary for us to provide services to you. Cookies processed by Google Analytics are retained for varying periods and may be deleted separately.

Access to cookies is restricted to us, our legal advisors, our website hosting partner, and our specialist advisors. If you would like to know more about the cookies we store, please contact the Data Protection Officer (DPO) using the details below.

You can change your cookie preferences at any time by clearing our cookies from your browser and making your preferences again. Or, you can use a different browser, or an anonymized browser session, to open the website afresh and so change your preferences.

DATA PROTECTION PRINCIPLES

Your ‘personal data’ means data that allows you to be identified, and which relates to you. Where the data is anonymised, and you can no longer be identified from it, it is no longer personal data.

Under data protection laws we are considered the ‘Controller’ of any personal data that you share with us, because we are responsible for deciding why and how it is processed. We are responsible for protecting your personal data from when we first collect it, through to when we delete it as we no longer need to process it. We are also responsible for protecting your personal data when we share it with other organisations.

The principles that will guide how we process your personal data are derived from the General Data Protection Regulation (GDPR), and other associated laws, together with guidance from data protection authorities.

We will always comply with the following principles, which means that your personal data will be:

  • Used lawfully, fairly and in a transparent way;
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
  • Relevant to the purposes we have told you about and limited only to those purposes;
  • Accurate and kept up to date;
  • Kept only as long as necessary for the purposes we have told you about; and
  • Kept securely.

OUR LAWFUL BASIS FOR PROCESSING

We will only process your personal data when we have a lawful basis for doing so.

Most commonly, we will process your personal data when:

  • We need to perform a contract we have entered into with you;
  • We need to comply with a legal obligation; or
  • It is necessary for our legitimate interests, or those of a third party, where our legitimate interests do not override your fundamental rights.

Less commonly, we may also process your personal data when:

  • We need to protect your, or someone else’s, vital interests; or
  • Where it is needed in a particular public interest, or for particular official purposes.

Where other lawful bases do not apply, we may ask for your consent to process particular items of your personal data. Consent will only rarely be used as a lawful basis, and you will be entitled to withdraw consent at any time. We will not process any ‘special categories’ of sensitive personal data.

CHANGES TO OUR LAWFUL BASIS

We will only process your personal data for the original purposes for which it was collected, and any later processing will be compatible with these original purposes. If we need to process your personal data for any purpose that is not compatible with the original purposes, we will inform you about our new lawful basis for doing so before any new processing.

PERSONAL DATA PROCESSING

We collect personal data directly from you when you visit our website, contact us directly, register for our claim, are involved with any litigation related to this claim, or provide us a product or service. We may also collect your personal data through your employer if it has registered to join our claim, is involved with any litigation, or it provides goods or services to us.

When you visit our website, we may process this personal data:

  • Details of your visit to our website if you ‘Accept’ the use of additional cookies;
  • Details of your visit to our website if you register to join our claim;

When you register to join our claim, we may process this personal data:

  • Your name and contact details, including your email address, and telephone number;
  • Your employer’s or your home address, and any separate correspondence address;
  • Your employer, function, and details of your role in purchasing Microsoft licencing for operating on competing cloud products;
  • Details of your employer’s purchase of Microsoft licencing for operating on competing cloud products;
  • Details of communications between you, your employer, and other parties in relation to the purchase of Microsoft licencing for operating on competing cloud products;
  • Details from third parties, public sources, or other parties to any litigation;
  • Records of how you have contacted us; and

If Microsoft settles the claim, we may process this personal data:

  • Your or your employer’s banking details for payment of any compensation.

If your personal data changes you should tell us without delay so that we can update our records.

DATA RETENTION

Where your personal data has been collected as part of a registration with our claim, we will retain your personal data until any litigation related to this claim is completed, and then only for an additional retention period to comply with the law.

At the end of the retention period, we will delete your personal data, in accordance with our Data Protection Policy, Records Retention Policy, and applicable laws and regulations, unless we are permitted to retain it to defend legal claims against us. Any personal data retained after the end of the retention period will be stored in archives.

We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider:

  • The amount, nature and sensitivity of the personal data;
  • The potential risk of harm from unauthorised use or disclosure of your personal data;
  • The purposes for which we process your personal data and whether we can achieve those purposes through other means; and
  • The applicable legal requirements.

DATA SHARING

We may share your personal data with third parties that provide us specialist support services, or with government agencies in order to comply with the law. Each third party will be contractually obliged to provide protections for your personal data to the same level as we provide. They must process your personal data only on our instructions, and cannot process your personal data for any other purpose.

If you would like to know with whom we have shared your personal data, please contact the DPO.

TRANSFERS OF PERSONAL DATA OUTSIDE EUROPE

Where your personal data is processed in the European Economic Area (EEA) (the EU plus Norway, Iceland, and Liechtenstein) or the UK, it is protected through the GDPR. However, in order to manage our claim, some organisations may need to process your personal data outside Europe.

Some organisations operate outside the UK or EEA, but do so from countries that the UK or EEA recognises has equivalent protections over personal data as under the GDPR (including Switzerland, Israel, Japan, and New Zealand).

However, organisations based in other countries that do not provide equivalent protections to the GDPR, such as the United States, can only process your personal data following an assessment of the potential risks to your personal data, and with strict controls written into contracts. Some processing of your personal data by the legal team on the claim, Scott+Scott UK LLP, may be carried out in the United States, but this processing is protected by using standard contractual clauses authorised by the UK Government and the European Commission.

YOUR RIGHTS OVER YOUR PERSONAL DATA

You have rights over how we use your personal data and you can exercise these rights at any time. You can do this easily by contacting the DPO by email, phone, or in writing.

Once you ask us to exercise your data protection rights we may need to request specific data from you, to help us confirm your identity and to clarify which rights you wish to exercise.

We try to respond to all requests within one month but, if we believe that it may take longer, we will inform you about this in advance. If your request is considered to be clearly unfounded, repetitive or excessive, we may by law be able to refuse your request. Where the law prevents us completing your request in full, we will also explain this to you.

You will not have to pay a fee to exercise your data protection rights, but under certain circumstances we may need to charge a reasonable fee. You have the right to:

  • Be informed about processing
  • Access to your personal data
  • Object to processing of your personal data
  • Restrict processing of your personal data
  • Have your personal data deleted (the right to be forgotten)
  • Obtain a copy of your personal data, and
  • Object to automated decision-making.

HOW TO EXERCISE YOUR RIGHTS

If you have any questions about how we handle your personal data, or wish to exercise any of your data protection rights, please email the claims’ Data Protection Officer at dpo@scott-scott.com, or by writing to:

Scott+Scott (UK) LLP
1 Chancery Lane
London WC2A 1LF

You can also make a complaint to your local data protection authority: the Information Commissioner’s Office (ICO) at https://ico.org.uk/global/contact-us/contact-us-public/ or by writing to:

The Information Commissioner’s Office
Wycliffe House
Water Ln, Wilmslow SK9 5AF