Steam You Owe Us Logo

Privacy Policy


This policy tells you:

  1. About us
  2. What information we might collect about you
  3. How and why we might use that information
  4. What information of yours we might share with others
  5. What choices you have about the information you give us


This Privacy Policy applies when you visit our website (”our Site”).

Please read this Privacy Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us.


We understand that many children have an interest in this claim. If you are a child under the age of 18, we suggest that you ask a parent or guardian to review this policy and the information contained on our Site together with you. You can only sign up to receive updates on the Steam claim if you are 13 or older.  If you are younger than 13 your parent or legal guardian will need to sign up on your behalf. If, as a parent or guardian, you believe we have collected personal data about your child who is under 13, you may contact us to review the data and request that we cease processing data about your child.

About us

Milberg London LLP (“Milberg”) is the law firm representing Vicki Shotbolt Class Representative Limited (“VSCR Limited”) in this claim. Milberg is a limited liability partnership registered in England and Wales under registered number OC430853. Our registered office is at 3rd Floor Sutton Yard, 65 Goswell Road, London, EC1V 7EN. Milberg is registered with the Information Commissioner’s Office (“ICO”) under registration number ZA777525 and is authorised and regulated by The Solicitors Regulation Authority.

References in this Statement to the “Firm”, “we”, “our”, “Milberg” or “us” are references to Milberg London LLP.  Vicki Shotbolt Class Representative Limited is a special purpose vehicle that has been incorporated for the specific purpose of pursuing the claims against Valve. Generally, we don’t share your personal data with VSCR Limited and only Milberg (on behalf of VSCR Limited), Epiq Systems Limited (the claims administrator) and the Milberg client care team (Milberg Limited) will send you communications concerning the case. However, to the extent VCSR Limited is also deemed to be a data controller, and to the extent it needs access to your personal data in certain circumstances, it may need to use your personal data for one or more of the purposes, and will do so in accordance with the same standard, as set out in this Privacy Policy. VSCR Limited will at all times use personal data in accordance with data protection laws. Please contact Milberg (using the contact details below) for any queries regarding our data processing arrangement with VSCR Limited, this Privacy Policy or to exercise any of your data subject rights.

Contacting us

We are not required to appoint a formal Data Protection Officer under data protection laws. However, our Privacy Manager is James Taylor who can be contacted at:

Email: [email protected]

Post: Milberg London LLP, 3rd Floor, Sutton Yard, 65 Goswell Road, London, EC1V 7EN

Data protection principles

We adhere to the following principles when processing your personal data:

  1. Lawfulness, fairness and transparency – data must be processed lawfully, fairly and in a transparent manner.
  2. Purpose limitation – data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data minimisation – data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accuracy – data must be accurate and, where necessary, kept up to date.
  5. Storage limitation – data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  6. Integrity and confidentiality – data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by using appropriate technical or organisational measures.

What information we might collect about you

Information you provide us

We might ask for your name, age and contact details and email address, for example if you want to sign-up to our update email (“Contact Details”).

You may also provide us with additional information when you correspond with us (for example, if you have a query.) (“Correspondence Details”).

Information we collect from third parties

We collect most of this information from you directly. However, we may also collect information about you:

  1. from publicly accessible sources, e.g. Companies House, Google;
  2. from third party sources of information, e.g. client due diligence providers;
  3. which you have made public on websites associated with you or your company or on social media platforms such as LinkedIn;
  4. from a third party, e.g. a person who has introduced you to us or other professionals (such as accountants) that you may engage.

Information we collect online

We collect, store and use information about your visits to our Site and about your computer, tablet, mobile or other device through which you access our Site. This includes the following:

  1. technical information, including the Internet protocol (IP) address, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location; and
  2. information about your visits and use of our Site, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used,


(referred to together in this Privacy Policy as “Technical and Usage Data”).

Sensitive personal data

We do not generally seek to collect special categories of (or sensitive) personal data. Sensitive personal data is defined by data protection laws to include personal data revealing a person’s racial or ethnic origin, religious or philosophical beliefs, or data concerning health. If we do collect sensitive personal data, unless we require this information for the establishment, exercise or defence of legal claims, we will ask for your explicit consent to our proposed use of that information at the time of collection.

How and why we use your personal information

We have to have a valid reason to use your personal information. It’s called the “lawful basis for processing”. Sometimes we might ask for your permission to do things, like when you subscribe to our email updates, or we may otherwise have a legitimate interest to use your personal information. The purpose for which we use and process your information (excluding sensitive personal data) and the legal basis on which we carry out each type of processing is explained below.

Category of information

Purposes for which we will process the information

Lawful Basis for the processing

Contact Details

Correspondence Details

To provide you with information and services that you request from us.

It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.


Contact Details

To send you alerts, newsletters, bulletins, announcements, and other communications concerning the claim and/or Milberg London LLP, legal developments or notifications we believe may be of interest to you.

We may also use Contact Details and/or Technical and Usage Data to monitor engagement with those communications.

We will send these communications to you if you have given us your consent to do so, unless consent is not required under applicable law, in which case it is in our legitimate interests to market our services and keep you up to date about the claim. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

You can always opt-out of receiving direct marketing-related email communications or email communications providing regular updates by following the unsubscribe link or by providing written instructions to us.

Contact Details

To send you information regarding changes to our policies, other terms and conditions and other administrative information.

It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.


Technical and Usage Data

To administer our Site including troubleshooting, data analysis, testing, research, statistical and survey purposes.

To improve our Site to ensure that content is presented in the most effective manner for you and your computer, mobile device or other item of hardware through which you access our Site; and

To keep our Site safe and secure.

For all these categories, it is in our legitimate interests to monitor and improve our services and your experience of our Site and to ensure network security. We consider this use to be necessary for our legitimate interests and will not be prejudicial or detrimental to you.

If you do not wish to provide us with your personal data and processing such information is necessary for the performance of a contract with you or to provide you with a service, we may not be able to perform our obligations under the contract between us (or provide you with that service).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another purpose and that purpose is compatible with the original purpose. If we need to use your personal data for an unrelated reason, we will notify or update you in a timely and appropriate manner.

Email marketing

We will only send you marketing email messages where you have given your consent, unless consent is not required under applicable law . Where you provide consent to be kept up to date with claim developments, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.

Our update emails may contain certain tracking technologies (such as whether an email has been opened and how many times links in an email have been clicked) in order to track subscriber engagement.

In any case, you have the right to opt out of receiving email marketing communications from us at any time by:

  1. contacting our Privacy Manager using the contact details set out above; or
  2. using the “unsubscribe” link at the bottom of the emails.

What information of yours we might share with others

We may share your information with the following third parties:

  1. with partners, staff and consultants of Milberg;
  2. VSCR Limited;
  3. with third-party service providers and / or professional advisors engaged to assist with the claim;
  4. where appropriate, with other affiliated firms which are part of the Milberg brand (including in the USA and our offices in Europe);
  5. suppliers providing marketing services to us, or with whom we are conducting joint marketing exercises;
  6. with our third-party data processors and service providers who assist with the running of our Site and our office services including our IT platform and support services, client reception and telephone answering services and data storage/back up services; and
  7. if we, acting in good faith, consider disclosure to be required by law or the rules of any applicable governmental, regulatory or professional body.

Our third-party processors and service providers are subject to security and confidentiality obligations and are only permitted to process your personal data for specified purposes and in accordance with our instructions.

In addition, we may disclose information about you in the following circumstances:

  1. in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
  2. if all or substantially all of our assets are acquired by a third party, in which case personal data held by us will be one of the transferred assets;
  3. if necessary, to protect the vital interests of a person; and
  4. to enforce or apply our terms and conditions or to establish, exercise or defend the rights of Milberg, VSCR Limited, our staff, customers or others.

International transfers

To deliver services, it is sometimes necessary for us to transfer and store your personal data for processing outside of the UK and the European Economic Area (“EEA”) as follows:

  1. to affiliated firms which are part of the Milberg brand (including in the USA);
  2. to our service providers located outside the UK and EEA;
  3. if you are based outside the UK or EEA; and
  4. where there is an international aspect to the claim.


Where personal data is transferred to and stored outside the UK and EEA, we take steps to provide appropriate safeguards to protect your personal data, including:

  1. transferring your personal data to a country, territory, sector or international organisation which the UK or the European Commission has determined ensures an adequate level of protection, as permitted under Article 45 of the UK and/or EU GDPR (as applicable); or
  2. entering into standard contractual clauses approved by the UK or the European Commission, obliging recipients to protect your personal data as permitted under Article 46 of the UK and/or EU GDPR (as applicable).
  3. In the absence of an adequacy decision or of appropriate safeguards as referenced in above, we will only transfer personal data to a third country where one of the following applies (as permitted under Article 49 of the UK and/or EU GDPR (as applicable)):
  1. the transfer is necessary for the performance of our contractual engagement with you;
  2. the transfer is necessary for the establishment, exercise or defence of legal claims;
  3. you have provided explicit consent to the transfer; or
  4. the transfer is otherwise legitimate under Article 49.


If you would like further information on the specific mechanism used by us when transferring your personal data out of the UK and EEA, please contact our Privacy Manager using the details set out above.

Security of your information

We store your information in in electronic format. We use industry standard technical and organisational measures to protect information from the point of collection to the point of destruction. We will only transfer personal data to a third party if it puts in place adequate measures itself.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the internet or that unauthorized persons will not obtain access to personal data. In the event of a data breach, we have put in place procedures to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so under applicable data protection laws.

How long we keep your personal data

Your personal data will not be kept for longer than is necessary for the purposes for which it was collected and processed. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, as well as the applicable legal, regulatory, tax, accounting or other requirements.

Access to and updating your personal data

You have the right to access information which we hold about you (“data subject access request”). If you so request, we shall provide you with a copy of your personal data which we are processing.

You may also have the right to receive personal data which you have provided to us in a structured and commonly used format so that it can be transferred to another data controller (“data portability”). The right to data portability only applies where your personal data is processed by us with your consent or for the performance of a contract and when processing is carried out by automated means.

We want to make sure that your personal data is accurate and up to date. You have the right to have inaccurate personal data rectified or completed if it is incomplete (“data rectification”). You can update your details or change your privacy preferences by contacting us as set out above.

Right to object

You have the right to object at any time to our processing of your personal data for direct marketing purposes (for further details, see the section above in this Privacy Policy relating to marketing)

You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Your other rights

In certain circumstances, you have the right to:

  1. request your personal data is erased (known as “the right to be forgotten”); and
  2. restrict the processing of your personal data to processing in certain circumstances (known as the “right to restriction”).

Exercising your rights

You can exercise any of your rights as described in this Privacy Policy and under data protection laws by contacting us as set out above.

Please note that these rights are not absolute and we may be entitled to refuse requests, wholly or partly, where exceptions under the applicable law apply. We may refuse a request for erasure, for example, where the processing is necessary to comply with a legal obligation or necessary for the establishment, exercise or defence of legal claims. We may also, for example, refuse to comply with a data subject access request if the request is manifestly unfounded or excessive or repetitive in nature or to the extent it relates to information in respect of which legal professional privilege applies or in respect of which we owe a duty of confidentiality to our client. We will try to respond to all legitimate requests within one month but in certain situations, such as when there are multiple or complex requests, it may take longer.

Save as described in this Privacy Policy or provided under data protection laws, there is no charge for the exercise of your legal rights. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or (b) refuse to act on the request.

Where we have reasonable doubts concerning the identity of the person making the request, we may request additional information necessary to confirm your identity.


Please note our Site may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Cookies and similar technologies

Our Site may use cookies and similar technologies to distinguish you from other users. Please refer to our Cookies Policy for more information as to the way in which we use such technologies on our Site.

Email monitoring

Emails which you send to us or which we send to you may be monitored by Milberg to ensure compliance with professional standards and our internal compliance policies. Monitoring is not continuous or routine, but may be undertaken on the instruction of a partner where there are reasonable grounds for doing so. Occasional spot checks or audits may also be undertaken on the instruction or with the authority of a partner.


If you have any questions or complaints regarding our Privacy Policy or data privacy practices, please contact us using the contact details provided in the “Contacting us” section above.

You have the right to make a complaint with the relevant data protection supervisory authority. The supervisory authority in the UK is the ICO who can be contacted by visiting or telephone on 0303 123 1113. 

Changes to this Privacy Policy

From time to time, we may update this Privacy Policy as appropriate. The current version of this Privacy Policy will always be available by us on our Site.