INTRODUCTION

DAC Beachcroft is committed to protecting the personal data of all people we deal with.  This privacy policy (the “Notice”) sets out important information about how DAC Beachcroft may collect and use your personal data.  DAC Beachcroft has a global Notice that we follow based on European data protection principles. 

DAC Beachcroft is an international legal business which operates through separately constituted and regulated legal entities providing legal and/or claims handling services in accordance with the relevant laws of the jurisdictions in which the different entities operate. 

The use of words and/or phrases such as "DAC Beachcroft", "we", "us" or "our" is for convenience only and refers to any of the entities listed in our Legal Notice, each of which is a separate data controller in their own right.

You should read this Notice carefully and raise any questions you may have with the Data Protection Enquiry Team (outlined below in this Notice).

 

SCOPE

This Notice applies to all persons whose personal data we collect and use (except as set out below).  This includes individuals in the categories below or any individuals who work for any of the following:

• Our clients;
• Insurers and/or their insureds;
• Intermediaries (for example, loss adjusters, investigators, claims management suppliers, coverholders etc);
• Claimants/Plaintiffs;
• Defendants;
• 3^rd parties;
• Experts;
• Witnesses;
• Counsel;
• 3^rd party solicitors;
• Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and regulatory actions) and/or the provision of related legal advice and/or claims handling services;
• Individuals who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
• Our business contacts;
• People who attend our seminars, receive our legal updates, and/or who visit our website;
• Service providers (for example recruitment consultants, general office services, library services and/or IT service providers); and/or
• Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK and the Law Society of Ireland and in relation to our ISO27001, ISO9001 and Cyber Essentials Plus certifications).

This Notice does not apply to:

• job applicants, as the way we collect and handle their personal data is governed by our Application and Recruitment Privacy Policy; and
• our employees, as the way we collect and use their personal data is governed by our Employee Privacy Policy.

 

WHAT PERSONAL DATA DO WE COLLECT?

Personal data means information which identifies you and relates to you as an individual.  DAC Beachcroft will collect, store and use your personal data for a variety of reasons in connection with your relationship with us.  We have set out the main categories of personal data which we process on a day to day basis:

• Personal contact information (including your name, home address, personal telephone number(s) and/or personal e-mail address);
• Policy number/policy inception date;
• Claim number;
• Bank Account details;
• Location identifiers (for example photographs and/or GPS location);
• Loss details/claim and/or personal circumstances;
• Vulnerabilities;
• Online identifiers;
• Date of birth;
• Gender; and/or
• Information gathered through correspondence with us (for example, in relation to parties and/or third parties to a claim).

The personal data that we collect will depend on your relationship with us.

The list set out above is not exhaustive and there may be other personal data which DAC Beachcroft collects, stores and uses in the context of the relationship.  We will update this Notice from time to time to reflect any notable changes in the categories of data which are processed.

The personal data which we process will be collected from a number of sources including (but not limited to) the following:

• Our clients;
• Insurers and/or their insureds;
• Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc);
• Claimants/Plaintiffs;
• Defendants;
• 3^rd parties;
• Experts;
• Witnesses;
• Counsel;
• 3^rd party solicitors;
• Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and regulatory actions) or during the provision of us providing legal advice and/or claims handlings services;
• People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
• Our business contacts;
• individuals who attend our seminars, receive our legal updates, and/or who visit our website;
• Service providers (for example recruitment consultants, general office services, library services and/or IT service providers); and
• Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK).

 

HOW DO WE USE YOUR PERSONAL DATA?

DAC Beachcroft uses your personal data for a variety of purposes in order to provide our services as an international legal and/or claims handling services group. 

We may use your personal data if:

• you have provided your consent to such use;
• it is necessary for the performance of a contract with you; or
• necessary in connection with a legal and/or regulatory obligation or as otherwise required or authorised by law; or
• we consider such use of your personal data as not detrimental to you, within your reasonable expectations, having a minimal impact on your privacy, and necessary to fulfil our legitimate interests.

We have set out below the main purposes for which your personal data may be processed which include (but are not limited to) providing our services, such as:

• managing court or legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions);
• providing legal advice;
• providing legal and/or claims handling services (which may include the provision of management information to our client);
• providing counter-fraud services;
• advising on and negotiating legal contracts;
• managing and running checks against our anti-fraud systems and sharing information with our clients and other appropriate organisations for the purpose of preventing, detecting or prosecuting fraud (which may involve reference to Credit Reference Agencies (please see https://www.transunion.co.uk/crain and https://www.transunion.co.uk/legal-information/bureau-privacy-notice);
• managing and running checks on our internal databases of experts and other providers of services which relate to legal proceedings and/or claims handling services;
• providing training and legal updates; and
• marketing (by post, email and/or via our user account area for which you are always able to opt-out/unsubscribe with no detriment), development and/or tendering in relation to our products and services.
• complying with our legal obligations or making disclosures to government, regulatory or other public bodies where the disclosure is appropriate and/or permitted by law;
• providing access to our files for audit, review or other quality assurance checks by our clients, regulators, auditors, professional advisors, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK);
• day to day operations of our business. For this we may use third party service providers (for example procurement services, recruitment consultants, general office services, library services and/or IT service providers);
• sharing information within the DAC Beachcroft group (for example where one of our entities is advising or providing services to another entity, or where we are checking for legal or commercial conflicts);
• the use of cookies by the DAC Beachcroft website. Please see our Cookie Policy;
• obtaining your feedback on the provision of our services; and/or
• providing information to our brokers and insurers.

In order for us to improve our services, we may also use your personal data to test the improvement of a system(s) or development of a new system(s).  We will only do so in a safe and controlled manner in accordance with our obligations under data protection legislation.

In the event that you object to the use of your personal data as part of our testing only, you are able to object (by emailing: dataprotectionenquiryteam@dacbeachcroft.com) whereby we will add your name to an opt-out list and your personal data will not be used as part of any test.

Again this list is not exhaustive and DAC Beachcroft may undertake additional processing of personal data in line with the purposes set out above.  We will update this Notice from time to time to reflect any notable changes to the purposes for which your personal data is processed.

 

WHAT SPECIAL CATEGORIES OF PERSONAL DATA DO WE PROCESS?

Certain categories of data are considered "special categories of data" and are subject to additional safeguards.  The special categories of personal data which we process may relate to:

• Racial or ethnic origin;
• Political opinions;
• Religious or philosophical beliefs;
• Trade union membership;
• Genetic and/or biometric data;
• Physical and mental health; and/or
• Sex life and/or sexual orientation.

 

WHEN DO WE SHARE PERSONAL DATA?

DAC Beachcroft may share your personal data with other parties in certain circumstances and where it is necessary to achieve the purposes detailed above or to comply with a legal and/or regulatory obligation, or otherwise in pursuit of its legitimate business interests as follows:

• Our clients;
• Insurers and their insureds;
• Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc);
• Claimants/Plaintiffs;
• Defendants;
• 3^rd parties;
• Experts;
• Witnesses;
• Counsel;
• 3^rd party solicitors;
• Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions) or the provision of related legal advice and/or claims handling;
• People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
• Our business contacts;
• People who attend our seminars or receive our legal updates, and/or who visit our website;
• Service providers (for example recruitment consultants, general office services, library services and/or IT service providers); and/or
• Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK and the Law Society of Ireland and in relation to our ISO27001, ISO9001 and Cyber Essentials Plus certifications).

In all cases, your personal data is shared under the terms of a written agreement between DAC Beachcroft and the third party, which includes appropriate security measures to protect the personal data in line with this Notice and also our obligations or as permitted by applicable law and/or regulation.

As we are a global legal services group, your personal information may be transferred outside of the European Economic Area ('EEA').  For example this may be in relation to an international legal claim or transaction, or where we are sharing information with our colleagues or third party service providers who operate outside of the EEA.

In all cases, where personal data is transferred to a country which is deemed not to have the same level of protection for personal data as the home country in the EEA, DAC Beachcroft has put in place written transfer agreements to protect the personal data.  In the case of a transfer of personal data from a country within the EEA to a country outside of the EEA, these transfer agreements: (1) are in accordance with our intra-group data sharing agreement; or (2) incorporate the standard contractual clauses approved by the European Commission. 

 

FOR HOW LONG WILL MY PERSONAL DATA BE RETAINED?

DAC Beachcroft's policy is to retain personal data only for as long as is needed to fulfil the purpose(s) for which it was collected, or otherwise required under applicable jurisdictional laws and/or regulations and/or business continuity purposes.  Under some circumstances we may anonymise your personal data so that it can no longer be associated with you.  We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

DAC Beachcroft will typically retain data for periods set out below subject to any exceptional circumstances and/or to comply with particular jurisdictional laws or regulations and/for business continuity purposes:

Subject to the exceptions below, and unless there is any other valid legal, regulatory, client or business reason to retain it beyond that timescale, all matter files will usually be destroyed at approximately 7 years after the matter has been closed.
Claims Files	Retention Period
i)              Claimant/Plaintiff/pursuer is a child	Once the child reaches 28 years of ages
ii)             Claimant/Plaintiff/pursuer is under a disability	50 years from data of final order (reviewed every 10 years)
iii)            Claimant/Plaintiff/pursuer has a provisional damages and/or periodic payments award	Whichever of timescales at i) and ii) is applicable given terms of final order
Real Estate/Construction Files	Retention Period
Property purchase	15 years from file closure
Files relating to deeds	15 years from file closure
Files relating to leases	2 years longer than term of lease (maximum of 27 years)
Files relating to construction	15 years from file closure
Where client is a mortgagee	2 years longer than term of loan

 

WHAT ARE MY RIGHTS IN RELATION TO MY PERSONAL DATA?

DAC Beachcroft will always seek to process your personal data in accordance with our obligations, our rights and your rights.

You will not be subject to decisions based solely on automated data processing without your prior consent.

In certain circumstances, you have the right to seek the erasure or correction of your personal data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your personal data.  You also have the right to request the transfer of your personal data to another party in a commonly used format. If you have any questions about these rights, please contact our Data Protection Enquiry Team (outlined below in the Notice).

You have a separate right of access to your personal data processed by DAC Beachcroft.  You may be asked for information to confirm your identity and/or assist DAC Beachcroft to locate the data you are seeking as part of DAC Beachcroft's response to your request.  If you wish to exercise your right of access, please contact our Data Protection Enquiry Team (outlined below in the Notice).

You have the right to raise any concerns about how your personal data is being processed with:

1. UK: the Information Commissioner's Office (ICO) by going to the ICO's website: https://ico.org.uk/concerns/ or contacting the ICO on 0303 123 1113 or casework@ico.org; or
2. Ireland: the Data Protection Commissioner (DPC) by going to the DPC's website: https://dataprotection.ie/docs/complaints/1592.htm or by contacting the DPC on 1890 25 22 31 or info@dataprotection.ie.
3. Spain: Spanish Data Protection Agency/Agencia Española de Protección de Datos ("AEPD") by going to the AEPD's website: https://www.agpd.es/portalwebAGPD/index-iden-idphp.php or by contacting the AEPD on 901 100 099 – 912 663 517.
4. France: The Commission nationale de l'informatique et des libertés (CNIL) by going to CNIL’s website: https://www.cnil.fr/ or by contacting CNIL on +33 (0) 1 53 73 22 22.

The ICO are our Lead Supervisory Authority within the UK and we have elected the DPC as our Lead Supervisory Authority within the EU.

In addition to our designated Lead DPO for the UK, we have appointed a Lead DPO for the EU. 

 

WHERE CAN I GET FURTHER INFORMATION?

If you have any questions about this Notice, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact us by email on dataprotectionenquiryteam@dacbeachcroft.com or by post to:

Data Protection Enquiry Team

DAC Beachcroft

St Paul's House

23 Park Square South

Leeds

United Kingdom

LS1 2ND

 

Last updated: February 2020