Privacy Policy

Introduction

For our Italian Privacy Policy, please click here.

DAC Beachcroft is an international legal business which operates through separately constituted and regulated legal entities providing legal and/or claims handling services in accordance with the relevant laws of the Jurisdictions in which the different entities operate. 

DAC Beachcroft is committed to protecting the data of all people we deal with.  Our Privacy Policy ("Policy") is divided into separate sections for ease of reference. Each section sets out important information about how DAC Beachcroft may collect and use data depending upon the categories of individuals whose data we process (such reference to “data” means all forms of personal data).

This Policy applies to our clients, prospective clients, individuals with whom we directly market to and others who are browsing our website. It applies globally, and contains jurisdiction-specific provisions detailed in the Appendix. Unless a capitalised term is defined in the body of this Policy or the context requires otherwise, the term has the meaning ascribed to it in the table set out in the Appendix. We will update this Policy from time to time.

The use of words and/or phrases such as "DAC Beachcroft", "we", "us" or "our" is for convenience only and refers to any of the entities listed on our Legal and Regulatory page, each of which is a separate data controller in its own right. 

What Data We Collect And Where We Get It From

DAC Beachcroft will collect, use and store your data for a wide variety of reasons in connection with your relationship with us and we collect your data from a range of sources.

The table below sets out the main categories of data that we collect and the sources we collect it from. The table is not exhaustive.

Type of data Source Of Data
Contact information including your name, address, telephone number(s), e-mail, your organisation details (including job title, employer, place of work and organisation contact details), your gender, etc.  

 You, our client and/or our client's insured, intermediaries, those involved in a matter and/or publicly available resources
Regulatory information including your date of birth, identity information, details of whether you are a Politically Exposed Person, etc. 
Matter information including policy number/policy inception date, claim number, loss details/claim and any information provided to us in relation to the purpose upon which we are acting, etc.
Billing information including bank account details and payment/billing instructions.
 
Marketing preferences including marketing communication preferences, legal and industry sector interests. You or your employer (if they are our actual or prospective client)
You and our website / digital platforms
Device Usage and Browsing information including IP addresses, online identifiers and information automatically generated through your use of our website and digital platforms/media, etc.
Visitors to our offices including any of the above types of data, CCTV recordings, building access records, health related information including dietary and access requirements, etc.  You or your employer (if they are our actual or prospective client) 

HOW WE USE DATA

DAC Beachcroft uses your data for a variety of purposes in order to provide our services as an international legal and/or claims handling services provider.

We have set out in the table below the main purposes for which your data may be processed and the ‘lawful basis’ for the processing i.e. the legal reason we are able to process your data. The list below is non-exhaustive, and is subject to any Applicable Data Protection Legislation in your Jurisdiction. For information regarding how we use cookies and similar technologies in connection with your use of our website and digital platforms or forms of communication, please read our Cookies Policy.

Personal data

What we use data for

Our reasons / lawful basis

Providing legal advice and/or claims handling services (which may include the provision of management information to our client or as requested as a service in its own right to our client directly), etc.

To perform our contract with you

To comply with legal and regulatory obligations

For a legitimate interest

 

 

Corresponding with you or to others (electronically and/or physically (e.g. by letter, fax, telephone (including within any recording or transcription), email, secure sharing portal or SMS), which may include the use of third party suppliers (such as electronic signature providers) to assist in delivering the services to you), etc. 

Providing you with access to your information via our client portal offering and collecting information about your usage of our portals, which may involve the use of third party suppliers, etc. 

Part of court or legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions), etc.

Managing and running checks within our anti-fraud systems and sharing information with our clients and other appropriate organisations for the purpose of preventing, detecting or prosecuting fraud (which may involve reference to Credit Reference Agencies (please see https://www.transunion.co.uk/crain and https://www.transunion.co.uk/legal-information/bureau-privacy-notice

Conducting client due diligence checks, which may include the use of third party suppliers (such as identity verification providers) and screening for financial, adverse media, political positions, other sanctions, etc.

To comply with legal and regulatory obligations

For a legitimate interest


Managing and running checks within our internal databases which relate to legal proceedings and/or claims handling services.
Complying with our legal obligations or making disclosures to government, regulatory or other public bodies where the disclosure is appropriate and/or permitted by law
Providing access to our files for audit, review or other quality assurance checks by our clients, regulators, auditors, professional advisors, governmental bodies, crime and law enforcement agencies,  and/or Certification Bodies listed in the Appendix
Providing information to our brokers and insurers
Sharing information within the DAC Beachcroft group (for example where one of our entities is advising or providing services to another entity, or where we are checking for legal or commercial conflicts)
Preventing unauthorised access and modifications to systems
Managing our professional relationships with our clients and third parties  For legitimate interest
Ensuring business policies are adhered to, e.g. policies covering security and internet use, etc.
Operational reasons, such as improving efficiency, training and quality control including obtaining your feedback on the provision of our services
Marketing (by post, email and/or via our user account area for which you are always able to opt-out/unsubscribe with no detriment), development and/or tendering in relation to our products and services
Providing training and legal updates
Protecting the security of systems, website pages and data used to provide the services

To comply with legal and regulatory obligations

We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for legitimate interests, i.e. to protect systems, website pages (such as via the use of Google ReCAPTCHA) and data and to prevent and detect criminal activity that could be damaging for you and/or us

Special categories of data

Certain categories of data are considered "special categories of data" and are subject to additional safeguards. The special categories of personal data which we process may relate to:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic and/or biometric data;
  • Physical and mental health; and/or
  • Sex life and/or sexual orientation.

For the special categories of personal data set out above, additional lawful bases apply as set out in the table below. Again the information in the table is not exhaustive and DAC Beachcroft may undertake additional processing of this type of data based on the lawful bases set out below or as set out by the Applicable Data Protection Legislation in your Jurisdiction.

What we use your special category personal data for

Our reasons / lawful basis

Providing legal and/or claims handling services to our client

As necessary for the establishment, exercise or defence of legal claims

As necessary for reasons of substantial public interest


 


Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any court or legal proceedings

Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities or sharing information (on a voluntary basis) with the same

Complying with all relevant legal and regulatory requirements (such as anti-money laundering and client verification checks)

 As necessary for reasons of substantial public interest

Hosting you at our offices

You have given your explicit consent to the processing for your dietary and access requirements

It is necessary to protect somebody’s vital interests or they are incapable of giving consent in case of any accidents and emergencies at our offices

In addition to the above, there may be occasions where we process personal data relating to criminal convictions and offences. We process criminal offence data where necessary in relation to legal claims, to prevent or detect unlawful acts, to comply with regulatory requirements relating to unlawful acts and dishonesty and to prevent fraud / money laundering.

Marketing

Where you receive a marketing email, event invitation or other direct mailing from us, we may collect information about you in the following ways:

  • Opening emails: if you open the email either by downloading images in the email or clicking in a link, we log such activity on our database so we can personalise future emails to you.
  • View as web page: If you click on the "view it as a web page" link, a tracking code is generated so that the web page is personalised in the same way as the email.
  • Links to web pages: If you click on any web link, a tracking code is generated which we use to log such activity on our database.
  • Unsubscribe: If you unsubscribe from any direct marketing, invitation or alert, we will continue to store your data on a "marketing suppression list" so as to record your preference.
  • Event RSVP buttons: In our event invitations and confirmations we provide buttons to allow you to accept, decline, cancel (and register if you are not the original recipient of the invitation) for that event. Clicking on these buttons will generate a tracking code so we can record your choice in our database to help us manage the event.

Improving our services

In order for us to improve our services, we endeavour to use dummy or anonymised data wherever possible. Where that is not possible, we may use personal data to test the improvement of a system(s) or development of a new system(s) in pursuit of our legitimate business interests (but only if these are not overridden by a person’s interests, rights or freedoms). That being said, we will only do so in a safe and controlled manner in accordance with our obligations under data protection legislation.

In the event that you object to the use of your personal data as part of our testing only, you are able to object (by emailing: dataprotectionenquiryteam@dacbeachcroft.com) whereby we will add your name to an opt-out list and your personal data will not be used as part of any test.

WHEN WE SHARE DATA

DAC Beachcroft may, as follows, share your data with the following main parties in certain circumstances and where it is necessary to achieve the purposes detailed above:

  • Our client and our client’s insured;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc);
  • Claimants/Plaintiffs;
  • Defendants/Respondents;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions) or the provision of related legal advice and/or claims handling;
  • People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • People who attend our seminars or receive our legal updates, and/or who visit our website;
  • Service providers (for example (but not limited to): People Pool consultants, Lawyer Connective consultants, recruitment consultants, general office services, library services, translation services, website service providers and/or IT service providers); and/or
  • Our regulators, insurers, auditors, professional advisers; and
  • Crime and law enforcement agencies, governmental bodies and/or Certification Bodies (as detailed in the Appendix).

The list above is not exhaustive.

INTERNATIONAL TRANSFERS OF DATA

As a leading international law business, DAC Beachcroft may transfer data to recipients located outside the jurisdiction where services are being provided or received. For example, this may be in relation to cross-jurisdictional legal advice, or where we are sharing information with our colleagues within the DAC Beachcroft Group, our global network and/or third party service providers.

Each jurisdiction where members of the DAC Beachcroft Group operate has its own data protection laws and regulations. To ensure consistency and compliance with applicable laws and regulations, all DAC Beachcroft Group entities have entered into our Intra-Group Data Processing and Transfer Agreement, which incorporates the 2021 EU Standard Contractual Clauses ("SCCs") and the UK International Data Transfer Addendum to those EU SCCs.

Where we transfer data internationally (and, in the case of transfers to a country where an adequacy decision is not available), we ensure the relevant contractual measures are in place as required by the applicable legislation in that Jurisdiction.

As a leading international legal practice, we have robust IT security systems and policies in place to ensure appropriate protection of your data. This is underpinned by our ISO 27001 and Cyber Essentials Plus accreditations, which are certified by independent auditors.

HOW WE KEEP DATA SECURE

We have appropriate technical and organisational measures in place to protect data. We limit access to data to those who have a genuine business need to access it. Those processing data will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and are ISO 27001 (UK and Ireland offices only) and Cyber Essentials PLUS certified (all offices), which means we follow industry standards for information security.

We also have procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

HOW LONG WE KEEP DATA

DAC Beachcroft's policy is to retain data only for as long as needed to fulfil the purpose(s) for which it was collected, or otherwise as required under Applicable Data Protection Legislation and/or regulations and/or business continuity purposes. Under some circumstances we may anonymise your data so that it can no longer be associated with you. We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

DAC Beachcroft will typically retain data for periods set out below subject to any exceptional circumstances and/or to comply with any Applicable Data Protection Legislation in your Jurisdiction or regulations and/or business continuity purposes:

Subject to the exceptions below, and unless there is any other valid legal, regulatory, client or business reason to retain it beyond that timescale, all matter files will usually be destroyed at approximately 7 years after the matter has been closed.

Claims Files

Retention Period

i) Claimant/Plaintiff/pursuer is a child

Once the child reaches 28 years of ages

ii) Claimant/Plaintiff/pursuer is under a disability

50 years from data of final order (reviewed every 10 years)

iii) Claimant/Plaintiff/pursuer has a provisional damages and/or periodic payments award

Whichever of timescales at i) and ii) is applicable given terms of final order

Real Estate/Construction Files

Retention Period

Property purchase

15 years from file closure

Files relating to deeds

15 years from file closure

Files relating to leases

2 years longer than term of lease (maximum of 27 years)

Files relating to construction

15 years from file closure

Where client is a mortgagee

2 years longer than term of loan

Client Due Diligence

Client Due Diligence Material

5 years after the business relationship ends or the occasional transaction is completed.

YOUR RIGHTS IN RELATION TO YOUR DATA

DAC Beachcroft will always seek to process your data in accordance with our obligations, our rights and your rights.

You will not be subject to decisions based solely on automated data processing without your prior consent.

In certain circumstances, you have the right to seek the erasure or correction of your data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your data. You also have the right to request the transfer of your data to another party in a commonly used format.

You have a separate right of access to your data processed by DAC Beachcroft. You may be asked for information to confirm your identity and/or assist DAC Beachcroft to locate the data you are seeking as part of DAC Beachcroft's response to your request. If you wish to exercise your right of access, please contact our Data Protection Enquiry Team (outlined below).

You have the right to raise any concerns or complain to the relevant Data Protection Supervisory Authority (as detailed in the Appendix) about how your data is being processed. We have elected the DPC as our Lead Supervisory Authority within the EU.

WHERE TO GET FURTHER INFORMATION

If you have any questions about this Policy, want to exercise any of your rights in relation to your data as set out above or want to raise any concerns or complain about how your data is being processed, please use our contact details below in the first instance:

Emaildataprotectionenquiryteam@dacbeachcroft.com

Post: Data Protection Enquiry Team

DAC Beachcroft
St Paul's House
23 Park Square South
Leeds
United Kingdom
LS1 2ND

DO YOU NEED EXTRA HELP?

If you would like this Policy in another format (for example audio or large print), please contact us (see ‘Where can you get further information’ above).

Last updated: October 2023

Appendix

Asia Pacific

DAC Beachcroft Singapore
 Jurisdiction  Singapore
 Data Protection Officer  Summer Montague
 Data Protection Regulatory Authority  

Personal Data Protection Commission (PDPC)

Contact details:

PDPC's website: https://www.pdpc.gov.sg/ or +65 6377 3131
 Certification Bodies  Legal Services Regulatory Authority
 Application Data Protection Legislation  

The General Data Protection Regulation and The Personal Data Protection Act 2012.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

Europe

DAC Beachcroft Dublin
Jurisdiction Ireland
Data Protection Officer Aidan Healy
Data Protection Regulatory Authority

Data Protection Commission (DPC)

Contact details:

DPC's website: https://dataprotection.ie/ga or +353 1800437 737 or info@dataprotection.ie

Certification Bodies Legal Services Regulatory Authority (LSRA)
Application Data Protection Legislation

The Data Protection Acts 1988 to 2018 (each as amended, updated or re-enacted from time to time).

The European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I.No.336/2011)

Regulation (EU) 2016/679 and any legislation implementing the same in Ireland.

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 
DAC Beachcroft France AARPI
Jurisdiction France
Data Protection Officer Christophe Wucher-North
Data Protection Regulatory Authority

Commission nationale de l'informatique et des libertés (CNIL)

Contact details:

CNIL’s website: https://www.cnil.fr/ or +33 (0) 1 53 73 22 22

Certification Bodies

Conseil National des Barreaux

Barreau de Paris

Application Data Protection Legislation

Act No. 2018-493 of 20 June 2018, incorporating the General Data Protection Regulation into French Law into Act No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties.

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 
DAC Beachcroft Italia S.t.A.r.l
Jurisdiction Italy
Data Protection Officer Anthony Perotto
Data Protection Regulatory Authority

Garante per la Protezione dei Dati Personali (GPDP)

Contact details:

GPDP’s website: https://www.garanteprivacy.it/ or +39 06 696771

Certification Bodies

The Italian National Bar Council ("Consiglio Nazionale Forense")

The Milan Bar Association ("Ordine degli Avvocati di Milano")

Application Data Protection Legislation

Legislative Decree no. 101 of 10 August 2018 implementing the GDPR.

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

DAC Beachcroft Sociedad Limitada Profesional Unipersonal (SLPU)
Jurisdiction Spain
Data Protection Officer Igor Pinedo Garcia
Data Protection Regulatory Authority

Spanish Data Protection Agency ("Agencia Española de Protección de Datos (AEPD)")

Contact details:

AEDP's website: https://www.aepd.es/or + 34 900 293 183

Certification Bodies

The Illustrious Bar Association of Madrid ("Ilustre Colegio de la Abogacía de Madrid (ICAM)")

The General Council of Spanish Lawyers ("Consejo General de la Abogacía Española")

Application Data Protection Legislation

Ley Orgánica 3/2018 de Protección de Datos Personales

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

Latin America

DAC Beachcroft Chile Limitada
Jurisdiction Chile
Data Protection Officer Guillermo Amunátegui
Data Protection Regulatory Authority

The Council for Transparency ("Consejo para la Transparencia") is the body responsible for ensuring compliance with Law 20,285/2008. Nevertheless, the Consejo does not have powers to impose fines.

Contact details:

Consejo's website: https://www.consejotransparencia.cl/ or +569 39289757

The National Consumer Service ("Servicio Nacional del Consumidor (SERNAC)") has the competency to monitor compliance with the provisions of the data protection law in consumer matters.

Contact details:

SERNAC's website: https://www.sernac.cl/portal/617/w3-channel.html or +569 800 700 100

Certification Bodies

The Chilean Bar Association ("Colegio de Abogados de Chile")

Application Data Protection Legislation

Law 19,628/1999 on the Protection of Private Life (“DPL”)

Law 20,575/2012 establishing the 'purpose principle' for the processing of personal data of an economic, financial, banking or commercial nature.

Law 19,223/1993 regulating computer crimes.

Law 20,584/2012 regulating privacy within the healthcare sector.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

DAC Beachcroft Colombia Abogados SAS
Jurisdiction Colombia
Data Protection Officer Osmar Alba
Data Protection Regulatory Authority

Superintendency of Industry and Commerce ("Superintendecia Industria y Comercio (SIC)")

Contact details:

SIC's website: https://www.sic.gov.co/content/data-protection-0 or +571 5870000 ext.1275 or 1277

Certification Bodies

Judicial Branch – the Superior Council of the Judiciary ("Rama Judicial – Consejo Superior de la Judicatura").

Application Data Protection Legislation

Article 15 of the Colombian Political Constitution.

Law 1581 of 2012, which issues the General Provisions for the Protection of Personal Data

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time. 

DAC Beachcroft Sociedad Civil
Jurisdiction Mexico
Data Protection Officer Miguel de la Fuente
Data Protection Regulatory Authority

The National Institute for Transparency, Access to Information and Personal Data Protection ("Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)")

Contact details:

INAI's website: https://home.inai.org.mx/ or +52 55 5004 2400

Certification Bodies

The Illustrious and National Bar Association of Mexico ("El Ilustre y Nacional Colegio de Abogados de México")

Application Data Protection Legislation

Federal Law on the Protection of Personal Data in the Possession of Private Parties ("Ley Federal de Protección de Datos Personales en Posesión de los Particulares").

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

United Kingdom

DAC Beachcroft LLP and DAC Beachcroft Claims Limited further details
Jurisdiction England & Wales
Data Protection Officer Mathew McGee
Data Protection Regulatory Authority

Information Commissioner's Office (ICO)

Contact details

ICO's website: https://ico.org.uk/ or +44 (0) 303 123 1113 or casework@ico.org

Certification Bodies

Solicitors Regulatory Authority

International Organisation for Standardization (ISO)

Application Data Protection Legislation

The Data Protection Act 2018.

The UK General Data Protection Regulation. 

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

DAC Beachcroft (N.Ireland) LLP
Jurisdiction Northern Ireland
Data Protection Officer Amanda McClimond
Data Protection Regulatory Authority

Information Commissioner's Office (ICO)

Contact details

ICO's website:https://ico.org.uk/or +44 (0) 303 123 1113 or casework@ico.org

Certification Bodies

Law Society Northern Ireland

International Organisation for Standardization (ISO)

Application Data Protection Legislation

The Data Protection Act 2018.

The UK General Data Protection Regulation.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

DAC Beachcroft Scotland LLP
Jurisdiction Scotland
Data Protection Officer Alan Taylor
Data Protection Regulatory Authority

Information Commissioner's Office (ICO)

Contact details

ICO's website:https://ico.org.uk/or +44 (0) 303 123 1113 or casework@ico.org

Certification Bodies

Law Society of Scotland

International Organisation for Standardization (ISO)

Application Data Protection Legislation

The Data Protection Act 2018.

The UK General Data Protection Regulation.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

Cyber Essential Certified Plus  NQA ISO 27001  NQA ISO 9001

 

 

Who we are

Why choose DAC Beachcroft?

We’re a broad-based commercial firm serving a wide range of sectors with a strong heritage in insurance,
health and real estate. We combine excellent legal skills and cutting-edge delivery expertise to design
solutions that fit the needs of our clients – often involving clever uses of technology.