Privacy policy - DAC Beachcroft
DAC Beachcroft

Privacy policy

INTRODUCTION

DAC Beachcroft is committed to protecting the data of all people we deal with.  This privacy policy (the “Notice”) sets out important information about how DAC Beachcroft may collect and use your data (which for the purpose of this Notice, such reference to “data” means your personal data, special categories of personal data and/or personal data relating to criminal convictions and offences).  DAC Beachcroft has a global Notice that we follow based on UK and European data protection principles. 

DAC Beachcroft is an international legal business which operates through separately constituted and regulated legal entities providing legal and/or claims handling services in accordance with the relevant laws of the jurisdictions in which the different entities operate. 

The use of words and/or phrases such as "DAC Beachcroft", "we", "us" or "our" is for convenience only and refers to any of the entities listed in our Legal Notice, each of which is a separate data controller in their own right.

You should read this Notice carefully and raise any questions you may have with the Data Protection Enquiry Team (outlined below in this Notice).

SCOPE

This Notice applies to all persons whose data we collect and use (except as set out below).  This includes individuals in the categories below or any individuals who work for any of the following:

  • Our clients;
  • Insurers and/or their insureds;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers, coverholders etc);
  • Claimants/Plaintiffs;
  • Defendants;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and regulatory actions) and/or the provision of related legal advice and/or claims handling services;
  • Individuals who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • People who register for or receive our direct marketing and/or attend our seminars, receive our legal updates, and/or who visit our website;
  • Service providers (for example (but not limited to): People Pool consultants, Lawyer Connective consultants, recruitment consultants, general office services, library services and/or IT service providers); and/or
  • Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK and the Law Society of Ireland and in relation to our ISO27001, ISO9001 and Cyber Essentials Plus certifications).

This Notice does not apply to:

  • job applicants, as the way we collect and handle their data is governed by our Application and Recruitment Privacy Policy; and
  • our employees or members, as the way we collect and use their data is governed by our Employee and Member Privacy Policy.

WHAT DATA DO WE COLLECT?

DAC Beachcroft will collect, store and use your data for a variety of reasons in connection with your relationship with us. 

Personal data means information which identifies you and relates to you as an individual.  We have set out the main categories of personal data which we process on a day to day basis:

  • Personal contact information (including your name, home address, personal telephone number(s) and/or personal e-mail/IP address);
  • Policy number/policy inception date;
  • Claim number;
  • Bank Account details;
  • Location identifiers (for example photographs and/or GPS location);
  • Loss details/claim and/or personal circumstances;
  • Vulnerabilities;
  • Online identifiers;
  • Date of birth;
  • Gender;
  • Information gathered through correspondence with us (for example, in relation to parties and/or third parties to a claim);
  • Information gathered through DAC Beachcroft's monitoring of its CCTV recording systems used at our offices; and/or
  • Health related information (e.g. (i) if you are due to attend our office and you have a food allergy; or (ii) if you have shown symptoms of COVID-19).

Certain categories of data are considered "special categories of data" and are subject to additional safeguards.  The special categories of personal data which we process may relate to:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic and/or biometric data;
  • Physical and mental health; and/or
  • Sex life and/or sexual orientation.

In addition to the above, there may be occasion where we process personal data relating to criminal convictions and offences.

The categories of data that we collect will depend on your relationship with us.

The lists set out above are not exhaustive and there may be other data which DAC Beachcroft collects, stores and uses in the context of the relationship.  We will update this Notice from time to time to reflect any notable changes in the categories of data which are processed.

The data which we process will be collected from a number of sources including (but not limited to) the following:

  • Our clients;
  • Insurers and/or their insureds;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc);
  • Claimants/Plaintiffs;
  • Defendants;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and regulatory actions) or during the provision of us providing legal advice and/or claims handlings services;
  • People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • Individuals who register for or receive our direct marketing and/or attend our seminars, offices, receive our legal updates, and/or who visit our website;
  • Service providers (for example (but not limited to): People Pool consultants, Lawyer Connective consultants, recruitment consultants, general office services, library services and/or IT service providers); and
  • Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK).

HOW DO WE USE YOUR DATA?

DAC Beachcroft uses your data for a variety of purposes in order to provide our services as an international legal and/or claims handling services group. 

We may use your data if:

  • you have provided your consent to such use.
  • it is necessary for the performance of a contract with you.
  • necessary in connection with a legal and/or regulatory obligation or as otherwise required or authorised by law.
  • we consider such use of your personal data as not detrimental to you, within your reasonable expectations, having a minimal impact on your privacy, and necessary to fulfil our legitimate interests.

We have set out below the main purposes for which your data may be processed which include (but are not limited to) providing our services, such as:

  • corresponding with you or to others (electronically and/or physically (e.g. by letter, fax, telephone, email, secure sharing portal or SMS), which may include the use of third party suppliers (such as electronic signature providers) to assist in delivering the services to you);
  • part of court or legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions);
  • providing legal advice;
  • providing legal and/or claims handling services (which may include the provision of management information to our client or as requested as a service in its own right to our client directly);
  • providing counter-fraud services;
  • advising on and negotiating legal contracts;
  • conducting client due diligence checks, which may include the use of third party suppliers (such as identity verification providers);
  • managing and running checks against our anti-fraud systems and sharing information with our clients and other appropriate organisations for the purpose of preventing, detecting or prosecuting fraud (which may involve reference to Credit Reference Agencies (please see https://www.transunion.co.uk/crain and https://www.transunion.co.uk/legal-information/bureau-privacy-notice);
  • managing and running checks on our internal databases of experts and other providers of services which relate to legal proceedings and/or claims handling services;
  • providing training and legal updates; and
  • marketing (by post, email and/or via our user account area for which you are always able to opt-out/unsubscribe with no detriment), development and/or tendering in relation to our products and services.
  • complying with our legal obligations or making disclosures to government, regulatory or other public bodies where the disclosure is appropriate and/or permitted by law;
  • providing access to our files for audit, review or other quality assurance checks by our clients, regulators, auditors, professional advisors, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK);
  • day to day operations of our business including for Management Information and data analytics. For this we may use third party service providers (for example procurement services, recruitment consultants, general office services, library services and/or IT service providers);
  • sharing information within the DAC Beachcroft group (for example where one of our entities is advising or providing services to another entity, or where we are checking for legal or commercial conflicts);
  • the use of cookies by the DAC Beachcroft website. Please see our Cookie Policy;
  • obtaining your feedback on the provision of our services; and/or
  • providing information to our brokers and insurers.

Where you receive a marketing email, event invitation or other direct mailing from us, we may collect information about you in the following ways:

  • Opening emails: if you open the email either by downloading images in the email or clicking in a link, we log such activity on our database.
  • View as web page: If you click on the "view it as a web page" link, a tracking code is passed in the link so that the web page is personalised in the same way as the email.
  • Links to web pages: If you click on any web link, we pass a tracking code in the link to the web page which we use to log such activity on our database.
  • Unsubscribe: If you click unsubscribe, we will automatically log this information on our database. If you unsubscribe from any email invitation or alert, we will continue to store your personal data on a "marketing suppression list" so as to record your preference.
  • Event RSVP buttons: In our event invitations and confirmations we provide buttons to allow you to accept, decline, cancel (and register if you are not the original recipient of the invitation) for that event. Clicking on these buttons will pass a tracking code so we can record your choice in our database to help us manage the event.

In order for us to improve our services, we will always endeavour to use dummy or anonymised data wherever possible.  Where that is not possible, we may use personal data to test the improvement of a system(s) or development of a new system(s) in pursuit of our legitimate business interests (but only if these are not overridden by a person’s interests, rights or freedoms).  That being said, we will only do so in a safe and controlled manner in accordance with our obligations under data protection legislation.

In the event that you object to the use of your personal data as part of our testing only, you are able to object (by emailing: dataprotectionenquiryteam@dacbeachcroft.com) whereby we will add your name to an opt-out list and your personal data will not be used as part of any test.

Again the lists above are not exhaustive and DAC Beachcroft may undertake additional processing of data in line with the purposes set out above.  We will update this Notice from time to time to reflect any notable changes to the purposes for which your data is processed.

WHEN DO WE SHARE DATA?

DAC Beachcroft may, as follows, share your data with other parties in certain circumstances and where it is necessary to achieve the purposes detailed above:

  • Our clients;
  • Insurers and their insureds;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc);
  • Claimants/Plaintiffs;
  • Defendants;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions) or the provision of related legal advice and/or claims handling;
  • People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • People who attend our seminars or receive our legal updates, and/or who visit our website;
  • Service providers (for example (but not limited to): People Pool consultants, Lawyer Connective consultants, recruitment consultants, general office services, library services and/or IT service providers); and/or
  • Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK and the Law Society of Ireland and in relation to our ISO27001, ISO9001 and Cyber Essentials Plus certifications).

As we are a global legal services group, data may be transferred outside of the UK and the European Economic Area ('EEA').  For example this may be in relation to an international legal claim or transaction, or where we are sharing information with our colleagues or third party service providers who operate outside of the UK or the EEA.

In all cases, your data is shared where appropriate technical and organisational measures are in place to protect that data in line with this Notice and also our obligations or as permitted by applicable law and/or regulation.

FOR HOW LONG WILL MY DATA BE RETAINED?

DAC Beachcroft's policy is to retain data only for as long as is needed to fulfil the purpose(s) for which it was collected, or otherwise required under applicable jurisdictional laws and/or regulations and/or business continuity purposes.  Under some circumstances we may anonymise your data so that it can no longer be associated with you.  We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

DAC Beachcroft will typically retain data for periods set out below subject to any exceptional circumstances and/or to comply with particular jurisdictional laws or regulations and/for business continuity purposes:

Subject to the exceptions below, and unless there is any other valid legal, regulatory, client or business reason to retain it beyond that timescale, all matter files will usually be destroyed at approximately 7 years after the matter has been closed.

Claims Files

Retention Period

i)              Claimant/Plaintiff/pursuer is a child

Once the child reaches 28 years of ages

ii)             Claimant/Plaintiff/pursuer is under a disability

50 years from data of final order (reviewed every 10 years)

iii)            Claimant/Plaintiff/pursuer has a provisional damages and/or periodic payments award

Whichever of timescales at i) and ii) is applicable given terms of final order

Real Estate/Construction Files

Retention Period

Property purchase

15 years from file closure

Files relating to deeds

15 years from file closure

Files relating to leases

2 years longer than term of lease (maximum of 27 years)

Files relating to construction

15 years from file closure

Where client is a mortgagee

2 years longer than term of loan


WHAT ARE MY RIGHTS IN RELATION TO MY DATA?

DAC Beachcroft will always seek to process your data in accordance with our obligations, our rights and your rights.

You will not be subject to decisions based solely on automated data processing without your prior consent.

In certain circumstances, you have the right to seek the erasure or correction of your data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your data.  You also have the right to request the transfer of your data to another party in a commonly used format. If you have any questions about these rights, please contact our Data Protection Enquiry Team (outlined below in the Notice).

You have a separate right of access to your data processed by DAC Beachcroft.  You may be asked for information to confirm your identity and/or assist DAC Beachcroft to locate the data you are seeking as part of DAC Beachcroft's response to your request.  If you wish to exercise your right of access, please contact our Data Protection Enquiry Team (outlined below in the Notice).

You have the right to raise any concerns about how your data is being processed with:

  1. UK: the Information Commissioner's Office (ICO) by going to the ICO's website: https://ico.org.uk/concerns/ or contacting the ICO on 0303 123 1113 or casework@ico.org; or
  2. Ireland: the Data Protection Commissioner (DPC) by going to the DPC's website: https://dataprotection.ie/docs/complaints/1592.htm or by contacting the DPC on 1890 25 22 31 or info@dataprotection.ie.
  3. Spain: Spanish Data Protection Agency/Agencia Española de Protección de Datos ("AEPD") by going to the AEPD's website: https://www.agpd.es/portalwebAGPD/index-iden-idphp.php or by contacting the AEPD on 901 100 099 – 912 663 517.
  4. France: The Commission nationale de l'informatique et des libertés (CNIL) by going to CNIL’s website: https://www.cnil.fr/ or by contacting CNIL on +33 (0) 1 53 73 22 22.

We have elected the DPC as our Lead Supervisory Authority within the EU.

WHERE CAN I GET FURTHER INFORMATION?

If you have any questions about this Notice, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact us by email on dataprotectionenquiryteam@dacbeachcroft.com or by post to:

Data Protection Enquiry Team
DAC Beachcroft
St Paul's House
23 Park Square South
Leeds
United Kingdom
LS1 2ND

Last updated: April 2021

About

This website uses cookies so that we can improve your experience. By continuing to use the site you are agreeing to our use of cookies. For more details please view our Cookies Policy.
DAC Beachcroft