Privacy policy - DAC Beachcroft

Privacy policy

INTRODUCTION

DAC Beachcroft is committed to protecting the data of all people we deal with.  Our Privacy Policy is divided into separate sections for your ease. Each section sets out important information about how DAC Beachcroft may collect and use your data depending upon the categories of individuals whose data we process (such reference to “data” means all forms of personal data).

This Policy applies to our clients, prospective clients, individuals with whom we direct market to and others who are browsing our website. It applies globally and is based on UK and European data protection principles. We will update this Policy from time to time.

WHO WE ARE

DAC Beachcroft is an international legal business which operates through separately constituted and regulated legal entities providing legal and/or claims handling services in accordance with the relevant laws of the jurisdictions in which the different entities operate. 

The use of words and/or phrases such as "DAC Beachcroft", "we", "us" or "our" is for convenience only and refers to any of the entities listed on our Legal and Regulatory page, each of which is a separate data controller in their own right.

WHAT DATA DO WE COLLECT AND WHERE DO WE GET IT FROM?

DAC Beachcroft will collect, use and store your data for a wide variety of reasons in connection with your relationship with us and we collect your data from a range of sources.

The table below sets out the main categories of data that we collect and the sources we collect it from. The table is not exhaustive and there may be other data and other sources which DAC Beachcroft collects, uses and stores in the context of our relationship.

Type of data

Source of data

Contact information including your name, address, telephone number(s), e-mail, your organisation details (including job title, employer, place of work and organisation contact details) and your gender

You, our client and/or our client’s insured, intermediaries, those involved in a matter and/or publically available resources

Regulatory information including your date of birth, identity information, details of whether you are a Politically Exposed Person

You, our client and/or our client’s insured, intermediaries, those involved in a matter and/or publically available resources

Matter information including policy number/policy inception date, claim number, loss details/claim and any information provided to us in relation to the purpose upon which we are acting

 

You, our client and/or our client’s insured, intermediaries, those involved in a matter and/or publically available resources

Billing information including bank account details and payment/billing instructions

You, our client and/or our client’s insured, intermediaries, those involved in a matter and/or publically available resources

Marketing preferences including marketing communication preferences, legal and industry sector interests

You or your employer (if they are our actual or prospective client)

Device Usage and Browsing information including IP addresses, online identifiers and information automatically generated through your use of our website and digital platforms/media

You and our website / digital platforms

Visitors to our offices including CCTV recordings, building access records, health related information including dietary and access requirements

You or your employer (if they are our actual or prospective client)

HOW DO WE USE DATA?

DAC Beachcroft uses your data for a variety of purposes in order to provide our services as an international legal and/or claims handling services provider.

We have set out in the table below the main purposes for which your data may be processed and the ‘lawful basis’ for the processing i.e. the legal reason we are able to process your data. For information regarding how we use cookies and similar technologies in connection with your use of our website and digital platforms or forms of communication, please read our Cookies Policy.

Personal data

What we use data for

Our reasons / lawful basis

Providing legal advice and/or claims handling services (which may include the provision of management information to our client or as requested as a service in its own right to our client directly)

 

To perform our contract with you

To comply with legal and regulatory obligations

For a legitimate interest

Corresponding with you or to others (electronically and/or physically (e.g. by letter, fax, telephone (including within any recording or transcription), email, secure sharing portal or SMS), which may include the use of third party suppliers (such as electronic signature providers) to assist in delivering the services to you)

To perform our contract with you

To comply with legal and regulatory obligations

For a legitimate interest

Part of court or legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions)

To perform our contract with you

To comply with legal and regulatory obligations

For a legitimate interest

Managing and running checks within our anti-fraud systems and sharing information with our clients and other appropriate organisations for the purpose of preventing, detecting or prosecuting fraud (which may involve reference to Credit Reference Agencies (please see https://www.transunion.co.uk/crain and 

https://www.transunion.co.uk/legal-information/bureau-privacy-notice)

 

To comply with legal and regulatory obligations

For a legitimate interest

Conducting client due diligence checks, which may include the use of third party suppliers (such as identity verification providers) and screening for financial, adverse media, political positions and other sanctions

To comply with legal and regulatory obligations

For a legitimate interest

Managing and running checks within our internal databases which relate to legal proceedings and/or claims handling services

To comply with legal and regulatory obligations

For a legitimate interest

Complying with our legal obligations or making disclosures to government, regulatory or other public bodies where the disclosure is appropriate and/or permitted by law

To comply with legal and regulatory obligations

For a legitimate interest

Managing our professional relationships with our clients and third parties

For a legitimate interest

Ensuring business policies are adhered to, e.g. policies covering security and internet use

For a legitimate interest

Operational reasons, such as improving efficiency, training and quality control including obtaining your feedback on the provision of our services

For a legitimate interest

Providing training and legal updates

For a legitimate interest

Sharing information within the DAC Beachcroft group (for example where one of our entities is advising or providing services to another entity, or where we are checking for legal or commercial conflicts)

To comply with legal and regulatory obligations

For a legitimate interest

Preventing unauthorised access and modifications to systems

To comply with legal and regulatory obligations

For a legitimate interest

Protecting the security of systems and data used to provide the services

To comply with legal and regulatory obligations

We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us

Marketing (by post, email and/or via our user account area for which you are always able to opt-out/unsubscribe with no detriment), development and/or tendering in relation to our products and services

For a legitimate interest

Providing access to our files for audit, review or other quality assurance checks by our clients, regulators, auditors, professional advisors, crime and law enforcement agencies, governmental bodies (for example the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK)

To comply with legal and regulatory obligations

For a legitimate interest

Providing information to our brokers and insurers

To comply with legal and regulatory obligations

For a legitimate interest

Day to day operations of our business. For this we may use third party service providers (for example procurement services, recruitment consultants, general office services, library services, translation services, website service providers and/or IT service providers)

For a legitimate interest

Special categories of data

Certain categories of data are considered "special categories of data" and are subject to additional safeguards. The special categories of personal data which we process may relate to:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic and/or biometric data;
  • Physical and mental health; and/or
  • Sex life and/or sexual orientation.

For the special categories of personal data set out above, additional lawful bases apply as set out in the table below. Again the information in the table is not exhaustive and DAC Beachcroft may undertake additional processing of data based on the lawful bases set out below.

What we use your special category personal data for

Our reasons / lawful basis

Providing legal and/or claims handling services to our client

As necessary for the establishment, exercise or defence of legal claims

As necessary for reasons of substantial public interest

Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any court or legal proceedings

As necessary for the establishment, exercise or defence of legal claims

As necessary for reasons of substantial public interest

Complying with all relevant legal and regulatory requirements (such as anti-money laundering and client verification checks)

As necessary for reasons of substantial public interest

Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities or sharing information (on a voluntary basis) with the same

As necessary for the establishment, exercise or defence of legal claims

As necessary for reasons of substantial public interest

Hosting you at our offices

You have given your explicit consent to the processing for your dietary and access requirements

It is necessary to protect somebody’s vital interests or they are incapable of giving consent in case of any accidents and emergencies at our offices

In addition to the above, there may be occasions where we process personal data relating to criminal convictions and offences. We process criminal offence data where necessary in relation to legal claims, to prevent or detect unlawful acts, to comply with regulatory requirements relating to unlawful acts and dishonesty and to prevent fraud / money laundering.

Marketing

Where you receive a marketing email, event invitation or other direct mailing from us, we may collect information about you in the following ways:

  • Opening emails: if you open the email either by downloading images in the email or clicking in a link, we log such activity on our database so we can personalise future emails to you.
  • View as web page: If you click on the "view it as a web page" link, a tracking code is generated so that the web page is personalised in the same way as the email.
  • Links to web pages: If you click on any web link, a tracking code is generated which we use to log such activity on our database.
  • Unsubscribe: If you unsubscribe from any direct marketing, invitation or alert, we will continue to store your data on a "marketing suppression list" so as to record your preference.
  • Event RSVP buttons: In our event invitations and confirmations we provide buttons to allow you to accept, decline, cancel (and register if you are not the original recipient of the invitation) for that event. Clicking on these buttons will generate a tracking code so we can record your choice in our database to help us manage the event.

Improving our services

In order for us to improve our services, we endeavour to use dummy or anonymised data wherever possible. Where that is not possible, we may use personal data to test the improvement of a system(s) or development of a new system(s) in pursuit of our legitimate business interests (but only if these are not overridden by a person’s interests, rights or freedoms). That being said, we will only do so in a safe and controlled manner in accordance with our obligations under data protection legislation.

In the event that you object to the use of your personal data as part of our testing only, you are able to object (by emailing: dataprotectionenquiryteam@dacbeachcroft.com) whereby we will add your name to an opt-out list and your personal data will not be used as part of any test.

WHEN DO WE SHARE DATA?

DAC Beachcroft may, as follows, share your data with the following main parties in certain circumstances and where it is necessary to achieve the purposes detailed above:

  • Our client and our client’s insured;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc);
  • Claimants/Plaintiffs;
  • Defendants/Respondents;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions) or the provision of related legal advice and/or claims handling;
  • People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • People who attend our seminars or receive our legal updates, and/or who visit our website;
  • Service providers (for example (but not limited to): People Pool consultants, Lawyer Connective consultants, recruitment consultants, general office services, library services, translation services, website service providers and/or IT service providers); and/or
  • Our regulators, insurers, auditors, professional advisers, crime and law enforcement agencies, governmental bodies (for example the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK and in relation to our ISO27001, ISO9001 and Cyber Essentials Plus certifications).

The list above is not exhaustive.

Transferring data out of the United Kingdom (UK) and European Economic Area (EEA)

As we are a global legal services group, data may be transferred outside of the UK and the EEA. For example this may be in relation to an international legal claim or transaction, or where we are sharing information with our colleagues or third party service providers who operate outside of the UK or the EEA.

Where we transfer your personal data outside the UK or the EEA we do so on the basis of an adequacy decision or (where this is not available) legally-approved standard data protection clauses. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your data outside the UK or the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law.

HOW DO WE KEEP DATA SECURE?

We have appropriate technical and organisational measures in place to protect data. We limit access to data to those who have a genuine business need to access it. Those processing data will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and are ISO 27001 and Cyber Essentials PLUS certified, which means we follow industry standards for information security.

We also have procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

HOW LONG WILL WE KEEP DATA?

DAC Beachcroft's policy is to retain data only for as long as needed to fulfil the purpose(s) for which it was collected, or otherwise as required under applicable jurisdictional laws and/or regulations and/or business continuity purposes. Under some circumstances we may anonymise your data so that it can no longer be associated with you. We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

DAC Beachcroft will typically retain data for periods set out below subject to any exceptional circumstances and/or to comply with particular jurisdictional laws or regulations and/or business continuity purposes:

Subject to the exceptions below, and unless there is any other valid legal, regulatory, client or business reason to retain it beyond that timescale, all matter files will usually be destroyed at approximately 7 years after the matter has been closed.

Claims Files

Retention Period

i)              Claimant/Plaintiff/pursuer is a child

Once the child reaches 28 years of ages

ii)             Claimant/Plaintiff/pursuer is under a disability

50 years from data of final order (reviewed every 10 years)

iii)            Claimant/Plaintiff/pursuer has a provisional damages and/or periodic payments award

Whichever of timescales at i) and ii) is applicable given terms of final order

Real Estate/Construction Files

Retention Period

Property purchase

15 years from file closure

Files relating to deeds

15 years from file closure

Files relating to leases

2 years longer than term of lease (maximum of 27 years)

Files relating to construction

15 years from file closure

Where client is a mortgagee

2 years longer than term of loan

WHAT ARE YOUR RIGHTS IN RELATION TO YOUR DATA?

DAC Beachcroft will always seek to process your data in accordance with our obligations, our rights and your rights.

You will not be subject to decisions based solely on automated data processing without your prior consent.

In certain circumstances, you have the right to seek the erasure or correction of your data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your data. You also have the right to request the transfer of your data to another party in a commonly used format.

You have a separate right of access to your data processed by DAC Beachcroft. You may be asked for information to confirm your identity and/or assist DAC Beachcroft to locate the data you are seeking as part of DAC Beachcroft's response to your request. If you wish to exercise your right of access, please contact our Data Protection Enquiry Team (outlined below).

You have the right to raise any concerns or complain about how your data is being processed with:

Location

Data Protection Supervisory Authority

Contact details

UK

Information Commissioner's Office (ICO)

ICO's website: https://ico.org.uk/concerns/ or contact the ICO on 0303 123 1113 or casework@ico.org

Ireland

Data Protection Commissioner (DPC)

DPC's website: https://dataprotection.ie/docs/complaints/1592.htm or contact the DPC on 1890 25 22 31 or info@dataprotection.ie

Spain

Spanish Data Protection Agency/Agencia Española de Protección de Datos (AEPD)

AEPD's website: https://www.agpd.es/portalwebAGPD/index-iden-idphp.php or contact the AEPD on 901 100 099 – 912 663 517

France

Commission nationale de l'informatique et des libertés (CNIL)

CNIL’s website: https://www.cnil.fr/ or contact CNIL on +33 (0) 1 53 73 22 22

We have elected the DPC as our Lead Supervisory Authority within the EU.

WHERE CAN YOU GET FURTHER INFORMATION?

If you have any questions about this Policy, want to exercise any of your rights in relation to your data as set out above or want to raise any concerns or complain about how your data is being processed, please use our contact details below in the first instance:

Emaildataprotectionenquiryteam@dacbeachcroft.com

Post: Data Protection Enquiry Team
DAC Beachcroft
St Paul's House
23 Park Square South
Leeds
United Kingdom
LS1 2ND

DO YOU NEED EXTRA HELP?

If you would like this Policy in another format (for example audio or large print), please contact us (see ‘Where can you get further information’ above).

Last updated: May 2022