Privacy Notice

Version: June 2, 2025

INTRODUCTION

This Privacy Notice sets out the principles governing how Scanlon Rabinowitz & Davis Legal Group, LLP, dba SRD Legal Group (“SRD Legal Group” “SRD” “we” or “our”) uses personal information that we may obtain about you, how SRD collects, uses, and otherwise processes your personal information as well as the rights that you have in relation to our processing of that information (the “Privacy Notice”).  In this Privacy Notice, “personal information” means information that (either in isolation or in combination with other information held by us) enables you to be identified or recognized.  Unless we state otherwise, we are the controller of the personal information we process under data protection and privacy laws, and we ensure that the systems and processes we use are compliant with such laws.

HOW WE COLLECT PERSONAL INFORMATION

We are required to obtain certain information before we can accept someone as a client and we also obtain personal information in the course of providing legal services to our clients. While most of our prospective clients and current clients are corporate entities, data about these entities is deemed to be personal information. That said we do process personal information of our prospective client’s and client’s employees and representatives that is provided to us, or that they allow us to collect on their behalf, in connection with the legal services. This includes contact information and any other personal information that is relevant to or necessary for us to deliver legal services. We also collect personal information (i) in the course of receiving services from you or your employer, (ii) through information you may provide via our website or that we obtain through your use of our website, (iii) from third parties or from publicly available sources, and (iv) when you contact or request information from us, including regarding potential employment or other recruiting activities.

The types of personal information that we collect includes:

• Identification data, such as name, gender, title, job title, or address;
• Contact information, including your phone number(s), email address and social media account or handle where appropriate;
• Financial data, such as bank account information and invoicing details;
• Job applicant data, such as identification data and contact information, educational, resumé and other data provided by you or obtained as part of our hiring process;
• Registration and Marketing data, such as newsletter requests, event registrations, data about individual participation in events, interests and preferences;
• Audio, electronic and visual data, such as voice and video recordings when you leave us a phone message or participate in a recorded online meeting or event, or otherwise use computers, software, networks, communications devices, and other similar systems that we or our affiliates own or make available to you;
• Legal and regulatory compliance data as required for purposes such as “know your client”, anti-money laundering, and market abuse regulations requirements, or as part of our client onboarding process, which may include passport or other identification data, date of birth, home address, and other due diligence data;
• Other service data, such as personal information relevant to the provision or receipt of services, in relation to any of your employees, customers or vendors, and client feedback;
• Special categories of data, including, in limited circumstances where you have provided us with such information as necessary for a specific service we are providing to you, information such as your religious or other beliefs, racial or ethnic origin, sexual orientation, health, or union membership.

 

HOW WE USE PERSONAL INFORMATION

 

We use personal information where it is in our legitimate interest to do so, including for the following purposes:

 

• to provide you with legal services, if you are or become a client of the firm, and otherwise deal with you, and administer the matters you instruct us on;
• to enter into or carry out contracts of various kinds, including with our employees, independent contractors and service providers;
• to carry out, monitor and analyze our business or website operations, including, using identification information, contact details, financial data, device data, and other service data as necessary to ensure the security and confidentiality of your personal information;
• to conduct our recruiting and selection process, including, using your name, contact information, current and prior job titles, education information, work history, gender identity, and other publicly available information;
• to contact you and respond to your requests and enquiries;
• to comply with applicable laws, regulations, guidance or professional obligations that we may be subject to;
• to  combine with other information, draw inferences, and create a profile about you reflecting your preferences, characteristics, behavior, attitudes, intelligence, abilities and aptitudes (for example, as part of our due diligence with regard to job applicants and new clients);
• to provide relevant marketing; and
• to use alone or with data from other sources in connection with our other legitimate business interests and in accordance with applicable law.

When we provide certain types of legal services we may receive personal information from third parties about various individuals other than those described explicitly in this Privacy Notice. The personal information we process will depend on the type of matter for which our client has retained us. For example:

• If we are engaged by a client to advise them on selling its business, our client may send us information about its customers and employees as part of the due diligence process with the buyer;
• If we are engaged by a client to advise them on buying a business, we may receive personal information about the target company’s customers and employees in order to conduct a due diligence exercise and determine the risks that exist at the target business; and/or
• If we are engaged by a client to negotiate a contract on its behalf, we may receive personal information about a counter-party’s employees, contractors, and partners to conduct the negotiation and perform diligence in accordance with the client’s policies.

 

ARTIFICIAL INTELLIGENCE

We may use Artificial Intelligence (“AI”) technology to support the processing of personal information for the purposes described above. All such technology is subject to robust, prior screening to ensure that it meets applicable contractual and legal requirements. We do not use AI technology to make decisions affecting individuals (for example, job applicants) by solely automated means.

 

HOW WE SHARE PERSONAL INFORMATION

We do not disclose any personal information to unrelated parties outside of the firm except in limited circumstances. Such circumstances include disclosures for business or commercial reasons to our vendors, data processors or other contractors acting on our behalf and at our direction, all of whom are subject to appropriate confidentiality, privacy and information security commitments, or where we believe it necessary to provide a requested client service, or as permitted or required by law, or as otherwise authorized or directed by you. Consistent with our professional and legal obligations, we may provide personal information to regulatory authorities and law enforcement officials in accordance with applicable law or when we otherwise believe in good faith that the provision of such information is required or permitted by law, such as in connection with the investigation or assertion of our legal defenses or for our compliance matters.

 

As a law firm with attorneys located throughout the globe, we operate systems that may make data related to you or your matters, which may include personal information, accessible to our attorneys worldwide. Our staff accesses our systems in a secure, cloud based environment and access is provided on a strictly need to know basis.  Our website and all our technology systems are hosted on servers in the United States. We employ encryption at rest and in transit for all our data.  Our email is also encrypted and scanned to ensure integrity.  We transfer personal information to jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of data protection as your home country.  If you are located in a non-US jurisdiction, the transfer of personal information is necessary to provide you with the requested information and/or to perform any requested transaction, and when you submit personal information to us you are transferring your data across borders.

 

With respect to transfers originating from the European Economic Area and Switzerland (together "EEA") to the United States and other non-EEA jurisdictions, we use standard contractual clauses approved by the European Commission, and other appropriate solutions to address our data protection obligations relating to cross-border transfers as required or permitted by relevant laws.

 

MARKETING CHOICES

We do not sell or share your personal information with third-party companies for their direct marketing purposes without your consent. You have the right to decide whether we may use your personal information for direct marketing. In certain jurisdictions, you will need to expressly consent before receiving marketing, and the location you select when you submit your contact details may impact the rules that apply. In all jurisdictions, you can choose not to receive such communications at any time. At any time, if you no longer wish to receive any marketing communications, remain on a mailing list to which you previously subscribed, or receive any other marketing communication, you can do so either by clicking on the “Unsubscribe” link in any marketing email communications you receive or by sending us your request using the “How to Contact Us” section below.

 

DO NOT TRACK SIGNALS

 

“Do Not Track” signals are options available on your browser to tell operators of websites that you do not wish to have your online activity tracked. Please note that given the lack of standard technology practices by companies that offer browsers, we do not support “Do Not Track” browser settings at this time.

 

CHILDREN

 

We do not knowingly collect, maintain or process personal information of anyone under the age of 18. To the extent that we collect personal information on minors in the context of one of the purposes mentioned above, we will only do so with the appropriate consent of a parent or legal guardian or as otherwise permitted under applicable laws.

 

YOUR CALIFORNIA PRIVACY RIGHTS

 

Under California Civil Code Section 1798.100 (California Consumer Privacy Act), California residents have certain data protection rights regarding their personal information. These rights, which may be subject to limitations and/or restrictions include: (i) the rights to disclosure, deletion, modification and access, (ii) the right not to be discriminated against based on requests made vis a vis your personal information; and (iii) the right to opt out of having your personal information shared or sold. To exercise your rights under the California Consumer Privacy Act, please send your request to us as per the “How to Contact Us” section below.  Individuals who submit requests for access, correction, or erasure to or of their personal information will be required to verify their identity by answering certain questions. We will not disclose or delete any information until identity is verified.

 

The following are categories of personal information defined under the Act we may collect, receive, or maintain in the course of administering firm business or receive from a client in the course of providing legal services: Identifiers, Personal information described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)), Protected classification characteristics under California or federal law, Commercial information, Biometric information, Internet or other electronic network activity, Geolocation data, Sensory data, Professional or employment-related information, Non-public education information, and inferences drawn from other personal information.

If you are making a request for access, we may not be able to provide specific pieces of personal information if the disclosure creates a substantial, articulable, and unreasonable risk to the security of your personal information or our systems or network, or the systems or networks of our clients, or violates any law.

If you are an employee or contractor of SRD, we may not be able to limit the sharing of your personal information with our service providers and clients; by providing personal information to us, you acknowledge this limitation and agree to such sharing as necessary to conduct our business.

YOUR EUROPEAN UNION (EU) AND UNITED KINGDOM (UK) DATA PROTECTION RIGHTS

 

Under EU and UK data protection laws (UK GDPR/2018 Data Protection Act and EU GDPR), individuals located in the EEA and UK, as applicable have certain data protection rights which may be subject to limitations and/or restrictions and which includes: (i) the right to request access to and, rectification or erasure of your personal information; (ii) the right to ask us to restrict the processing of your personal information under certain conditions; (iii) the right to “portability”  (meaning that you may request that we transfer any personal information you have provided to us to another controller who is processing that information either based on your consent or in order to perform our obligations to you, such as providing legal services); (iv) the right to object to our processing of your personal information because of your particular situation, which request we will honor unless we have compelling legitimate grounds that  overrides your right to object, or where we need to continue to process your data in order to establish, exercise or defend a legal claim; and (v) the right to withdraw your consent to our processing your personal information at any time. To exercise your rights under this Privacy Notice, please send us your request using the “How to Contact Us” section below. Individuals also have a right to lodge a complaint about the processing of their personal information with their local data protection authority.

 

SALE OF PERSONAL INFORMATION

We do not sell any personal information.

INFORMATION RETENTION

Your personal information is only stored and retained for as long as necessary for the purposes set out in this Privacy Statement and any other agreement we may have with you or your organization.  In determining the appropriate retention period, we consider the nature and duration of our relationship with you or your organization, the type of services provided, the terms of other relevant agreements (if any), all relevant laws, and the impact on our services if certain information is deleted.  In all cases, we may retain personal information for additional time if required by applicable law; to establish, exercise or defend our legal rights; or, for other legitimate business purposes, including archiving and historical purposes.  We will maintain such information in an anonymized form where practical.

SECURITY

We have implemented technical and organizational security measures in an effort to safeguard the personal information in our custody and control. Such measures include, for example, limiting access to personal information only to staff and authorized service providers on a need-to-know basis for the purposes described in this Privacy Notice, as well as other administrative, technical, and physical safeguards, including, employing encryption at rest and in transit for all our data as well as encrypting and scanning all of our email.

We endeavor to take all reasonable steps to protect our systems, sites, operations, and information, from unauthorized access, use, modification and disclosure, but due to the inherent nature of the Internet and other risk factors, we cannot guarantee the security of any information during transmission or while stored in our systems. Please note that email is not a secure medium and should not be used to send confidential or sensitive information. By providing information online, you accept the inherent security risks of providing information over the Internet and will not hold us responsible for any breach of security.  If you prefer to avoid disclosing your personal information online or have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “How To Contact Us” section below.

UPDATES TO THIS PRIVACY POLICY

SRD may change its Privacy Notice from time to time to comply with changes to laws or for other reasons, at SRD's sole discretion. SRD encourages you to check this page regularly for any changes to this Privacy Notice.

HOW TO CONTACT US

If you have any questions or concerns about this Privacy Notice or our personal information handling practices, please contact us at support@srdlegalgroup.com.