A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
For our Italian Privacy Policy, please click here.INTRODUCTION
DAC Beachcroft is committed to protecting the data of all people we deal with. Our Privacy Policy is divided into separate sections for your ease. Each section sets out important information about how DAC Beachcroft may collect and use your data depending upon the categories of individuals whose data we process (such reference to “data” means all forms of personal data).
This Policy applies to our clients, prospective clients, individuals with whom we direct market to and others who are browsing our website. It applies globally and is based on UK and European data protection principles. We will update this Policy from time to time."
WHO WE ARE
DAC Beachcroft is an international legal business which operates through separately constituted and regulated legal entities providing legal and/or claims handling services in accordance with the relevant laws of the jurisdictions in which the different entities operate.
The use of words and/or phrases such as "DAC Beachcroft", "we", "us" or "our" is for convenience only and refers to any of the entities listed on our Legal and Regulatory page, each of which is a separate data controller in their own right.
WHAT DATA DO WE COLLECT AND WHERE DO WE GET IT FROM?
DAC Beachcroft will collect, use and store your data for a wide variety of reasons in connection with your relationship with us and we collect your data from a range of sources.
The table below sets out the main categories of data that we collect and the sources we collect it from. The table is not exhaustive and there may be other data and other sources which DAC Beachcroft collects, uses and stores in the context of our relationship.
Type of data
Source of data
Contact information including your name, address, telephone number(s), e-mail, your organisation details (including job title, employer, place of work and organisation contact details) and your gender
You, our client and/or our client’s insured, intermediaries, those involved in a matter and/or publically available resources
Regulatory information including your date of birth, identity information, details of whether you are a Politically Exposed Person
Matter information including policy number/policy inception date, claim number, loss details/claim and any information provided to us in relation to the purpose upon which we are acting
Billing information including bank account details and payment/billing instructions
Marketing preferences including marketing communication preferences, legal and industry sector interests
You or your employer (if they are our actual or prospective client)
Device Usage and Browsing information including IP addresses, online identifiers and information automatically generated through your use of our website and digital platforms/media
You and our website / digital platforms
Visitors to our offices including CCTV recordings, building access records, health related information including dietary and access requirements
HOW DO WE USE DATA?
DAC Beachcroft uses your data for a variety of purposes in order to provide our services as an international legal and/or claims handling services provider.
We have set out in the table below the main purposes for which your data may be processed and the ‘lawful basis’ for the processing i.e. the legal reason we are able to process your data. For information regarding how we use cookies and similar technologies in connection with your use of our website and digital platforms or forms of communication, please read our Cookies Policy.
Personal data
What we use data for
Our reasons / lawful basis
Providing legal advice and/or claims handling services (which may include the provision of management information to our client or as requested as a service in its own right to our client directly)
To perform our contract with you
To comply with legal and regulatory obligations
For a legitimate interest
Corresponding with you or to others (electronically and/or physically (e.g. by letter, fax, telephone (including within any recording or transcription), email, secure sharing portal or SMS), which may include the use of third party suppliers (such as electronic signature providers) to assist in delivering the services to you)
Providing you with access to your information via our client portal offering and collecting information about your usage of our portals, which may involve the use of third party suppliers
Part of court or legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions)
Managing and running checks within our anti-fraud systems and sharing information with our clients and other appropriate organisations for the purpose of preventing, detecting or prosecuting fraud (which may involve reference to Credit Reference Agencies (please see https://www.transunion.co.uk/crain and
https://www.transunion.co.uk/legal-information/bureau-privacy-notice)
Conducting client due diligence checks, which may include the use of third party suppliers (such as identity verification providers) and screening for financial, adverse media, political positions and other sanctions
Managing and running checks within our internal databases which relate to legal proceedings and/or claims handling services
Complying with our legal obligations or making disclosures to government, regulatory or other public bodies where the disclosure is appropriate and/or permitted by law
Managing our professional relationships with our clients and third parties
Ensuring business policies are adhered to, e.g. policies covering security and internet use
Operational reasons, such as improving efficiency, training and quality control including obtaining your feedback on the provision of our services
Providing training and legal updates
Sharing information within the DAC Beachcroft group (for example where one of our entities is advising or providing services to another entity, or where we are checking for legal or commercial conflicts)
Preventing unauthorised access and modifications to systems
Protecting the security of systems, website pages and data used to provide the services
We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for legitimate interests, i.e. to protect systems, website pages (such as via the use of Google ReCAPTCHA) and data and to prevent and detect criminal activity that could be damaging for you and/or us
Marketing (by post, email and/or via our user account area for which you are always able to opt-out/unsubscribe with no detriment), development and/or tendering in relation to our products and services
Providing access to our files for audit, review or other quality assurance checks by our clients, regulators, auditors, professional advisors, crime and law enforcement agencies, governmental bodies (for example the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK)
Providing information to our brokers and insurers
Day to day operations of our business. For this we may use third party service providers (for example procurement services, recruitment consultants, general office services, library services, translation services, website service providers and/or IT service providers)
Special categories of data
Certain categories of data are considered "special categories of data" and are subject to additional safeguards. The special categories of personal data which we process may relate to:
For the special categories of personal data set out above, additional lawful bases apply as set out in the table below. Again the information in the table is not exhaustive and DAC Beachcroft may undertake additional processing of data based on the lawful bases set out below.
What we use your special category personal data for
Providing legal and/or claims handling services to our client
As necessary for the establishment, exercise or defence of legal claims
As necessary for reasons of substantial public interest
Obtaining legal advice, establishing, defending and enforcing our legal rights and obligations in connection with, any court or legal proceedings
Complying with all relevant legal and regulatory requirements (such as anti-money laundering and client verification checks)
Responding to binding requests or search warrants or orders from courts, governmental, regulatory and/or enforcement bodies and authorities or sharing information (on a voluntary basis) with the same
Hosting you at our offices
You have given your explicit consent to the processing for your dietary and access requirements
It is necessary to protect somebody’s vital interests or they are incapable of giving consent in case of any accidents and emergencies at our offices
In addition to the above, there may be occasions where we process personal data relating to criminal convictions and offences. We process criminal offence data where necessary in relation to legal claims, to prevent or detect unlawful acts, to comply with regulatory requirements relating to unlawful acts and dishonesty and to prevent fraud / money laundering.
Marketing
Where you receive a marketing email, event invitation or other direct mailing from us, we may collect information about you in the following ways:
Improving our services
In order for us to improve our services, we endeavour to use dummy or anonymised data wherever possible. Where that is not possible, we may use personal data to test the improvement of a system(s) or development of a new system(s) in pursuit of our legitimate business interests (but only if these are not overridden by a person’s interests, rights or freedoms). That being said, we will only do so in a safe and controlled manner in accordance with our obligations under data protection legislation.
In the event that you object to the use of your personal data as part of our testing only, you are able to object (by emailing: dataprotectionenquiryteam@dacbeachcroft.com) whereby we will add your name to an opt-out list and your personal data will not be used as part of any test.
WHEN DO WE SHARE DATA?
DAC Beachcroft may, as follows, share your data with the following main parties in certain circumstances and where it is necessary to achieve the purposes detailed above:
The list above is not exhaustive.
Transferring data out of the United Kingdom (UK) and European Economic Area (EEA)
As we are a global legal services group, data may be transferred outside of the UK and the EEA. For example this may be in relation to an international legal claim or transaction, or where we are sharing information with our colleagues or third party service providers who operate outside of the UK or the EEA.
Where we transfer your personal data outside the UK or the EEA we do so on the basis of an adequacy decision or (where this is not available) legally-approved standard data protection clauses. In the event we cannot or choose not to continue to rely on either of those mechanisms at any time, we will not transfer your data outside the UK or the EEA unless we can do so on the basis of an alternative mechanism or exception provided by applicable data protection law.
HOW DO WE KEEP DATA SECURE?
We have appropriate technical and organisational measures in place to protect data. We limit access to data to those who have a genuine business need to access it. Those processing data will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and are ISO 27001 and Cyber Essentials PLUS certified, which means we follow industry standards for information security.
We also have procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
HOW LONG WILL WE KEEP DATA?
DAC Beachcroft's policy is to retain data only for as long as needed to fulfil the purpose(s) for which it was collected, or otherwise as required under applicable jurisdictional laws and/or regulations and/or business continuity purposes. Under some circumstances we may anonymise your data so that it can no longer be associated with you. We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.
DAC Beachcroft will typically retain data for periods set out below subject to any exceptional circumstances and/or to comply with particular jurisdictional laws or regulations and/or business continuity purposes:
Subject to the exceptions below, and unless there is any other valid legal, regulatory, client or business reason to retain it beyond that timescale, all matter files will usually be destroyed at approximately 7 years after the matter has been closed.
Claims Files
Retention Period
i) Claimant/Plaintiff/pursuer is a child
Once the child reaches 28 years of ages
ii) Claimant/Plaintiff/pursuer is under a disability
50 years from data of final order (reviewed every 10 years)
iii) Claimant/Plaintiff/pursuer has a provisional damages and/or periodic payments award
Whichever of timescales at i) and ii) is applicable given terms of final order
Real Estate/Construction Files
Property purchase
15 years from file closure
Files relating to deeds
Files relating to leases
2 years longer than term of lease (maximum of 27 years)
Files relating to construction
Where client is a mortgagee
2 years longer than term of loan
Client Due Diligence
Client Due Diligence Material
5 years after the business relationship ends or the occasional transaction is completed.
WHAT ARE YOUR RIGHTS IN RELATION TO YOUR DATA?
DAC Beachcroft will always seek to process your data in accordance with our obligations, our rights and your rights.
You will not be subject to decisions based solely on automated data processing without your prior consent.
In certain circumstances, you have the right to seek the erasure or correction of your data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your data. You also have the right to request the transfer of your data to another party in a commonly used format.
You have a separate right of access to your data processed by DAC Beachcroft. You may be asked for information to confirm your identity and/or assist DAC Beachcroft to locate the data you are seeking as part of DAC Beachcroft's response to your request. If you wish to exercise your right of access, please contact our Data Protection Enquiry Team (outlined below).
You have the right to raise any concerns or complain about how your data is being processed with:
Location
Data Protection Supervisory Authority
Contact details
UK
Information Commissioner's Office (ICO)
ICO's website: https://ico.org.uk/concerns/ or +44 (0) 303 123 1113 or casework@ico.org
France
Commission nationale de l'informatique et des libertés (CNIL)
CNIL’s website: https://www.cnil.fr/ or +33 (0) 1 53 73 22 22
Ireland
Data Protection Commissioner (DPC)
DPC's website: https://dataprotection.ie/docs/complaints/1592.htm or +353 1800437 737 or info@dataprotection.ie
Italy
Garante per la Protezione dei Dati Personali (GPDP)
GPDP’s website: https://www.garanteprivacy.it/web/garante-privacy-en or +39 06 696771
Spain
Spanish Data Protection Agency/Agencia Española de Protección de Datos (AEPD)
AEPD's website: https://www.agpd.es/portalwebAGPD/index-iden-idphp.php or +34 901 100 099 / +34 91 266 35 17
We have elected the DPC as our Lead Supervisory Authority within the EU.
WHERE CAN YOU GET FURTHER INFORMATION?
If you have any questions about this Policy, want to exercise any of your rights in relation to your data as set out above or want to raise any concerns or complain about how your data is being processed, please use our contact details below in the first instance:
Email: dataprotectionenquiryteam@dacbeachcroft.com
Post: Data Protection Enquiry Team DAC Beachcroft St Paul's House 23 Park Square South Leeds United Kingdom LS1 2ND
DO YOU NEED EXTRA HELP?
If you would like this Policy in another format (for example audio or large print), please contact us (see ‘Where can you get further information’ above).
Last updated: March 2023
