Application and Recruitment Policy

Applicant and Candidate Privacy Policy

DAC Beachcroft is an international legal business which operates through separately constituted and regulated legal entities providing legal and/or claims handling services in accordance with the relevant laws of the Jurisdictions in which the different entities operate. 

DAC Beachcroft is committed to protecting the data of all people we deal with.  Our Privacy Policy ("Policy") is divided into separate sections for ease of reference. Each section sets out important information about how DAC Beachcroft may collect and use data depending upon the categories of individuals whose data we process (such reference to “data” means all forms of personal data).

This Policy applies if you are applying to join us as an employee, member, contractor, consultant, temporary or agency staff,  trainee solicitor, apprentice, or applying for work experience. It applies globally, and contains jurisdiction-specific provisions detailed in the Appendix. Unless a capitalised term is defined in the body of this Policy or the context requires otherwise, the term has the meaning ascribed to it in the table set out in the Appendix. We will update this Policy from time to time.

The use of words and/or phrases such as "DAC Beachcroft", "we", "us" or "our" is for convenience only and refers to any of the entities listed on our Legal and Regulatory page, each of which is a separate data controller in its own right.

WHAT DATA WE COLLECT AND WHERE DO WE GET IT FROM

DAC Beachcroft will collect, use and store your data for a wide variety of reasons in connection with your relationship with us and we collect your data from a range of sources.

The table below sets out the main categories of data that we collect and the sources we collect it from. The table is not exhaustive.

Type of data Source Of Data
Contact and personal information including your name, home address, personal telephone number(s) and/or personal e-mail address), date of birth and gender You, recruitment agencies and where appropriate existing colleagues
Work history and other relevant experience including information contained in CV, cover letter and/or job application form You, recruitment agencies, former employers, third party referencing and vetting (see further below) and publically available resources such as LinkedIn
Education information including degrees awarded, transcripts and other information provided in support of the job application You, recruitment agencies, third party referencing and vetting (see further below) and publically available resources such as LinkedIn
Reward history You and recruitment agencies
Interviews including information collected during phone screenings/interviews, interviews virtually and/or interviews in person such as details regarding the type of employment sought, desired salary, willingness to relocate, job preferences, other information related to compensation and/or benefits and information related to previous applications to us or previous employment history with us You, our IT and other systems, building access records and CCTV recordings
Reference information and information received from background checks (where applicable) You, former employers, third party referencing and vetting (see further below), official bodies such as regulators or criminal records bureaus
Right to work, documents evidencing your right to work (including information about your immigration status where relevant) You, third party referencing and vetting (see further below) and official bodies such as regulators

Referencing and vetting

As part of our referencing and vetting referred to above, we may contact certain third parties in order to verify your personal information (including personal information that you provide as part of the application and recruitment process). These third parties may include:

  • former employers in order to verify your previous employment history (this may include contacting your current or former accountants where you are or were self-employed or an agency where you were paid through the agency);
  • universities and/or other establishments for higher education that you attended in order to verify your education history;
  • other institutes in order to verify other qualifications (such as CIPD);
  • verification agencies to verify your credit reference, directorships, identification and criminal record checks; and/or
  • professional bodies in order to verify membership.

We will only seek this information in relation to successful candidates that have accepted a conditional offer of employment with us and we will specifically inform such candidates that we will be contacting these third parties in advance of doing so.

Please note that the majority of the data to be provided by you is mandatory in connection with our recruiting activities. Failure to provide mandatory data may affect our ability to accomplish the purposes stated in this Policy, including considering your suitability for employment and/or entering into an employment contract with you.

How we use your Data

DAC Beachcroft uses your data for a variety of purposes in order to take steps necessary to enter into a contract with you, to comply with legal obligations or otherwise in pursuit of our legitimate business interests.

We have set out in the table below the main purposes for which your data may be processed and the ‘lawful basis’ for the processing i.e. the legal reason we are able to process your data. The list below is non-exhaustive, and is subject to any Applicable Data Protection Legislation in your Jurisdiction. For information regarding how we use cookies and similar technologies in connection with your use of our website and digital platforms or forms of communication, please read our Cookies Policy.

Personal Data

What we use data for

Our reasons / lawful basis

Corresponding with you or to others (electronically and/or physically (e.g. by letter, fax, telephone (including within any recording or transcription), email, secure sharing portal or SMS), which may include the use of third party suppliers (such as electronic signature providers))

For legitimate interest

Verifying candidate information and carrying out employment, background and reference checks, where applicable and in order to prevent fraud

For a legitimate interest

To identify and evaluate job applicants, including assessing skills, qualifications and experience

For a legitimate interest

Communicating with you about the recruitment process and your application

For a legitimate interest

To comply with our legal, regulatory, or other corporate governance requirements

For a legitimate interest

For the purposes of conducting data analytics to review and better understand the operation of our recruitment processes

For a legitimate interest

To consider you for other roles that may be appropriate for you

For a legitimate interest

Special catergories of data

Certain categories of data are considered "special categories of personal data" and are subject to additional safeguards. DAC Beachcroft limits the special categories of data which it processes as follows:

  • Health Information

We may process information about a candidate's physical or mental health in compliance with our obligations owed to disabled employees.

We will always treat information about health as confidential and it will only be shared internally where there is a specific and legitimate purpose to do so. We have implemented appropriate physical, technical, and organisational security measures designed to secure your data against accidental loss and unauthorised access, use, alteration, or disclosure.

If a candidate is successful, any health information processed as part of the recruitment process that is relevant to DAC Beachcroft's compliance with its obligations in connection with employment will be retained and processed in accordance with the Employee and Member Privacy Policy.

If a candidate is unsuccessful, any health information obtained as part of recruitment process will be deleted with the rest of the candidate's data within 15 months of their rejection subject to any exceptional circumstances and/or to comply with particular jurisdictional laws and/or regulations and/or business continuity purposes.

  • Criminal Record Information

Given the nature of our business, we ask successful candidates who have accepted a conditional offer of employment to disclose their criminal record history and we carry out criminal record checks as part of our background vetting process and in compliance with our obligations in connection with employment.

We will always treat criminal record history as confidential and it will only be shared internally where there is a specific and legitimate purpose to do so. We have implemented appropriate physical, technical, and organisational security measures designed to secure your data against accidental loss and unauthorised access, use, alteration, or disclosure.

Criminal record information will be deleted once the recruitment process has been completed, subject to any exceptional circumstances and/or to comply with particular laws or regulations. Criminal record information will be retained in accordance with our information retention and destruction policy, although the outcome of any check will remain on the employee's record. Criminal record information will typically be retained for a maximum of 15 months, although the outcome of any check will remain on the employee's record.

  • Equal Opportunities Monitoring

DAC Beachcroft is committed to providing equal opportunities for employment and progression to all of its employees and from time to time it will process information relating to ethnic origin, race, nationality, sexual orientation and disability, alongside information relating to gender and age, for the purposes of equal opportunities monitoring.

We have implemented appropriate physical, technical, and organisational security measures designed to secure your data against accidental loss and unauthorised access, use, alteration, or disclosure. In addition, this monitoring will always take place in accordance with appropriate safeguards as required under applicable law, including:

  • the provision of information relating to ethnic origin, race, nationality, sexual orientation and disability for the purposes of monitoring will be voluntary and processed for this purpose only with your consent;
  • wherever possible, the monitoring will be conducted on the basis of using anonymised data so individual candidates cannot be identified; and/or
  • the information processed for monitoring purposes will be maintained separately from general management and HR records.

When we share data

DAC Beachcroft may, as follows, share your data with the following main parties in certain circumstances and where it is necessary to achieve the purposes detailed above:

  • Recruitment agencies;
  • Referencing & vetting specialists;
  • Occupational health providers;
  • HMRC (in the UK), Revenue (in Ireland) and/or any other applicable government body;
  • Criminal records bureaus;
  • Accountants, lawyers and other professional advisers; and/or
  • Our regulators.

The list above is not exhaustive.

International Transfers of Data

As a leading international law business, DAC Beachcroft may transfer data to recipients located outside the jurisdiction where services are being provided or received. For example, this may be in relation to cross-jurisdictional legal advice, or where we are sharing information with our colleagues within the DAC Beachcroft Group, our global network and/or third party service providers.

Each Jurisdiction (where members of the DAC Beachcroft Group operate) has its own data protection laws and regulations. To ensure consistency and compliance with applicable laws and regulations, all DAC Beachcroft Group entities have entered into our Intra-Group Data Processing and Transfer Agreement, which incorporates the most up to date EU Standard Contractual Clauses ("SCCs") and the UK International Data Transfer Addendum to those EU SCCs.

Where we transfer data internationally (and, in the case of transfers to a country where an adequacy decision is not available), we ensure the relevant contractual measures are in place as required by the applicable legislation in that Jurisdiction.

As a leading international legal practice, we have robust IT security systems and policies in place to ensure appropriate protection of your data. This is underpinned by our ISO 27001 and Cyber Essentials Plus accreditations, which are certified by independent auditors.

How we keep data secure

We have appropriate technical and organisational measures in place to protect data. We limit access to data to those who have a genuine business need to access it. Those processing data will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and are ISO 27001 (UK and Ireland offices only) and Cyber Essentials PLUS certified (all offices), which means we follow industry standards for information security.

We also have procedures to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How long we keep data

DAC Beachcroft's policy is to retain data only for as long as needed to fulfil the purpose(s) for which it was collected, or otherwise as required under Applicable Data Protection Legislation and/or regulations and/or business continuity purposes. Under some circumstances we may anonymise your data so that it can no longer be associated with you. We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

DAC Beachcroft will typically retain data for periods set out below subject to any exceptional circumstances and/or to comply with any Applicable Data Protection Legislation in your Jurisdiction or regulations and/or business continuity purposes:

For unsuccessful candidates:

  • We will typically retain data collected during the recruitment process for a maximum period of 15 months from the end of the process subject to any exceptional circumstances and/or to comply with particular jurisdictional laws and/or regulations and/or business continuity purposes.
  • We may retain select data relating to particular candidates on file for a longer period than 15 months in order to follow up with the candidates in relation to future vacancies; if you do not wish for your data to be maintained on file for this purpose, please inform us.

For successful candidates:

  • If you are offered and accept employment with us, the data we collected during the application and recruitment process will become part of your employment record and we may use it in connection with your employment in accordance with our Employee and Member Privacy Policy available internally.

Your rights in relation to your data

DAC Beachcroft will always seek to process your data in accordance with our obligations, our rights and your rights.

You will not be subject to decisions based solely on automated data processing without your prior consent.

In certain circumstances, you have the right to seek the erasure or correction of your data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your data. You also have the right to request the transfer of your data to another party in a commonly used format.

You have a separate right of access to your data processed by DAC Beachcroft. You may be asked for information to confirm your identity and/or assist DAC Beachcroft to locate the data you are seeking as part of DAC Beachcroft's response to your request. If you wish to exercise your right of access, please contact our Office of the General Counsel (outlined below).

You have the right to raise any concerns or complain to the relevant Data Protection Supervisory Authority (as detailed in the Appendix) about how your data is being processed. We have elected the DPC as our Lead Supervisory Authority within the EU.

WHERE TO GET FURTHER INFORMATION

If you have any questions about this Policy, want to exercise any of your rights in relation to your data as set out above or want to raise any concerns or complain about how your data is being processed, please use our contact details below in the first instance:

Emailogc@dacbeachcroft.com

Post: Office of the General Counsel
DAC Beachcroft
St Paul's House
23 Park Square South
Leeds
United Kingdom
LS1 2ND

DO YOU NEED EXTRA HELP?

If you would like this Policy in another format (for example audio or large print), please contact us (see ‘Where can you get further information’ above).

Appendix - Jurisdictions

This Appendix contains jurisdiction-specific information for every applicable DAC Beachcroft entity.

Further details on the DAC Beachcroft Group can be found on the page of our website.

  

Asia Pacific

DAC Beachcroft Singapore

Jurisdiction Singapore
Data Protection Officer  Summer Montague
Data Protection Regulatory Authority

Personal Data Protection Commission (PDPC)

Contact details:

PDPC's website: https://www.pdpc.gov.sg/ or +65 6377 3131
Certification Bodies Legal Services Regulatory Authority
Application Data Protection Legislation

The General Data Protection Regulation and The Personal Data Protection Act 2012.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

Europe

DAC Beachcroft Dublin

Jurisdiction Ireland
Data Protection Officer Aidan Healy
Data Protection Regulatory Authority

Data Protection Commission (DPC)

Contact details:

DPC's website: https://dataprotection.ie/ga or +353 1800437 737 or info@dataprotection.ie

Certification Bodies Legal Services Regulatory Authority (LSRA)
Application Data Protection Legislation

The Data Protection Acts 1988 to 2018 (each as amended, updated or re-enacted from time to time).

The European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011 (S.I.No.336/2011)

Regulation (EU) 2016/679 and any legislation implementing the same in Ireland.

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

DAC Beachcroft France AARPI

Jurisdiction France
Data Protection Officer Christophe Wucher-North
Data Protection Regulatory Authority

Commission nationale de l'informatique et des libertés (CNIL)

Contact details:

CNIL’s website: https://www.cnil.fr/ or +33 (0) 1 53 73 22 22

Certification Bodies

Conseil National des Barreaux

Barreau de Paris

Application Data Protection Legislation

Act No. 2018-493 of 20 June 2018, incorporating the General Data Protection Regulation into French Law into Act No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties.

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

DAC Beachcroft Italia S.t.A.r.l

Jurisdiction Italy
Data Protection Officer Anthony Perotto
Data Protection Regulatory Authority

Garante per la Protezione dei Dati Personali (GPDP)

Contact details:

GPDP’s website: https://www.garanteprivacy.it/ or +39 06 696771

Certification Bodies

The Italian National Bar Council ("Consiglio Nazionale Forense")

The Milan Bar Association ("Ordine degli Avvocati di Milano")

Application Data Protection Legislation

Legislative Decree no. 101 of 10 August 2018 implementing the GDPR.

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

DAC Beachcroft Sociedad Limitada Profesional Unipersonal (SLPU)

Jurisdiction Spain
Data Protection Officer Igor Pinedo Garcia
Data Protection Regulatory Authority

Spanish Data Protection Agency ("Agencia Española de Protección de Datos (AEPD)")

Contact details:

AEDP's website: https://www.aepd.es/or + 34 900 293 183

Certification Bodies

The Illustrious Bar Association of Madrid ("Ilustre Colegio de la Abogacía de Madrid (ICAM)")

The General Council of Spanish Lawyers ("Consejo General de la Abogacía Española")

Application Data Protection Legislation

Ley Orgánica 3/2018 de Protección de Datos Personales

Any applicable guidance or codes of practice issues by Working Party 29, the European Data Protection board or any applicable data protection regulator from time to time.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

Latin America

DAC Beachcroft Chile Limitada

Jurisdiction Chile
Data Protection Officer Guillermo Amunátegui
Data Protection Regulatory Authority

The Council for Transparency ("Consejo para la Transparencia") is the body responsible for ensuring compliance with Law 20,285/2008. Nevertheless, the Consejo does not have powers to impose fines.

Contact details:

Consejo's website: https://www.consejotransparencia.cl/ or +569 39289757

The National Consumer Service ("Servicio Nacional del Consumidor (SERNAC)") has the competency to monitor compliance with the provisions of the data protection law in consumer matters.

Contact details:

SERNAC's website: https://www.sernac.cl/portal/617/w3-channel.html or +569 800 700 100

Certification Bodies

The Chilean Bar Association ("Colegio de Abogados de Chile")

Application Data Protection Legislation

Law 19,628/1999 on the Protection of Private Life (“DPL”)

Law 20,575/2012 establishing the 'purpose principle' for the processing of personal data of an economic, financial, banking or commercial nature.

Law 19,223/1993 regulating computer crimes.

Law 20,584/2012 regulating privacy within the healthcare sector.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

DAC Beachcroft Colombia Abogados SAS

Jurisdiction Colombia
Data Protection Officer Osmar Alba
Data Protection Regulatory Authority

Superintendency of Industry and Commerce ("Superintendecia Industria y Comercio (SIC)")

Contact details:

SIC's website: https://www.sic.gov.co/content/data-protection-0 or +571 5870000 ext.1275 or 1277

Certification Bodies

Judicial Branch – the Superior Council of the Judiciary ("Rama Judicial – Consejo Superior de la Judicatura").

Application Data Protection Legislation

Article 15 of the Colombian Political Constitution.

Law 1581 of 2012, which issues the General Provisions for the Protection of Personal Data

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time. 

 

DAC Beachcroft Sociedad Civil

Jurisdiction Mexico
Data Protection Officer Miguel de la Fuente
Data Protection Regulatory Authority

The National Institute for Transparency, Access to Information and Personal Data Protection ("Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI)")

Contact details:

INAI's website: https://home.inai.org.mx/ or +52 55 5004 2400

Certification Bodies

The Illustrious and National Bar Association of Mexico ("El Ilustre y Nacional Colegio de Abogados de México")

Application Data Protection Legislation

Federal Law on the Protection of Personal Data in the Possession of Private Parties ("Ley Federal de Protección de Datos Personales en Posesión de los Particulares").

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

United Kingdom

DAC Beachcroft LLP, DAC Beachcroft Claims Limited, DAC Beachcroft Services Limited, DAC Beachcroft (International) Limited

Jurisdiction England & Wales
Data Protection Officer Mathew McGee
Data Protection Regulatory Authority

Information Commissioner's Office (ICO)

Contact details

ICO's website: https://ico.org.uk/ or +44 (0) 303 123 1113 or casework@ico.org

Certification Bodies

Solicitors Regulatory Authority

International Organisation for Standardization (ISO)

Application Data Protection Legislation

The Data Protection Act 2018.

The UK General Data Protection Regulation. 

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

DAC Beachcroft (N.Ireland) LLP

Jurisdiction Northern Ireland
Data Protection Officer Amanda McClimond
Data Protection Regulatory Authority

Information Commissioner's Office (ICO)

Contact details

ICO's website:https://ico.org.uk/or +44 (0) 303 123 1113 or casework@ico.org

Certification Bodies

Law Society Northern Ireland

International Organisation for Standardization (ISO)

Application Data Protection Legislation

The Data Protection Act 2018.

The UK General Data Protection Regulation.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

 

DAC Beachcroft Claims Scotland LLP, DAC Beachcroft Scotland LLP

Jurisdiction Scotland
Data Protection Officer Alan Taylor (DAC Beachcroft Claims Scotland LLP)
Mathew McGee (DAC Beachcroft Scotland LLP)
Data Protection Regulatory Authority

Information Commissioner's Office (ICO)

Contact details

ICO's website:https://ico.org.uk/or +44 (0) 303 123 1113 or casework@ico.org

Certification Bodies

Law Society of Scotland

International Organisation for Standardization (ISO)

Application Data Protection Legislation

The Data Protection Act 2018.

The UK General Data Protection Regulation.

The above list is non-exhaustive. The laws cited are applicable as amended, updated or re-enacted from time to time.

Who we are

Why choose DAC Beachcroft?

We’re a broad-based commercial firm serving a wide range of sectors with a strong heritage in insurance,
health and real estate. We combine excellent legal skills and cutting-edge delivery expertise to design
solutions that fit the needs of our clients – often involving clever uses of technology.