• AU
Choose your location?
  • Global Global
  • Australian flag Australia
  • French flag France
  • German flag Germany
  • Irish flag Ireland
  • Italian flag Italy
  • Polish flag Poland
  • Qatar flag Qatar
  • Spanish flag Spain
  • UAE flag UAE
  • UK flag UK

Privacy Notice

At DWF we are committed to safeguarding the privacy of all individuals who interact with us and we respect the privacy choices you make. 

This privacy notice explains how we collect, use, share and protect the information we collect through our interaction with you, and your rights in relation to that. 

When we refer to 'DWF', we are referring to the leading global provider of integrated legal and business services comprising DWF Group Limited and all of its subsidiaries and subsidiary undertakings internationally which practice using the name 'DWF' or other trading names such as 'DWF-RCD', 'WT BCA' and 'Resolution Law', and any wider entity names within the DWF group such as Greyfern Law and Whitelaw Twining.  For full details of our group entities across the globe, please see our Legal Notices which, together with the 'Data controllers' section of this privacy notice, provide more information on the DWF group entities that control and process personal information. 

As a global business, we take a consistent approach to protecting privacy across our international group. This privacy notice applies wherever you are located and is based on European Union data protection principles (as contained within the EU's General Data Protection Regulation). In addition to these principles, some jurisdictions in which we operate have additional local privacy requirements. Please click on the link of a specific location in the 'Additional Country-Specific Privacy Information' section which accompanies this privacy notice. The terms of our local privacy notices take priority over the terms of this privacy notice in the event that they conflict. This is because we are committed to ensuring that we are fully compliant with regulations and the best practice in all of the locations in which we operate.

We also have an established framework of policies, procedures, contracts and training addressing data protection, confidentiality and security across our global group, and we regularly review the appropriateness of the measures we have in place to keep the personal information we hold secure.

Please click on the relevant headings below, which will take you to more information on each of the areas described.

We recognise that we have an ongoing responsibility of transparency with data subjects so we keep this privacy notice under regular review and therefore encourage you to check it regularly. We will include a notification on our website's home page if we make any significant changes to this privacy notice.

Last updated: 27 August 2024.

How we obtain your personal information

We collect personal information from you in the course of our relationship with you and also receive information about you from third parties. The following circumstances may apply: 

  • when you, or an entity with which you are connected, engage with us for the performance of our services;
  • where we have arranged for the supply of another firm's services to you or the supply of other specialist advice such as that of barristers and accountants;
  • when you submit information on our website (for example by completing our contact us form);
  • when you provide us with your details in order to receive marketing communications from us;
  • when you apply for a job vacancy with us;
  • when you attend one of our events, functions or when you attend one of our offices;
  • when you supply us with your services; or
  • when you are an opposing party in a transaction we are involved with and we receive your personal information as part of that transaction process.

Please refer to the 'Data controllers' section of this privacy notice for further details on who the data controller of your personal information is and their registration details with the local regulator, where applicable.

What personal information we collect and receive from third parties

As a global provider of integrated legal and business services, we process a range of personal information about you. Personal information we collect about you can include:

  • your full name (including name prefix or title), date of birth, the company you work for and your job title;
  • contact details including your postal, billing and delivery addresses, email address and telephone number (work and personal);
  • your identification information including mandatory information required in order for us to verify your identity to comply with money laundering requirements;
  • your financial information including payment details and your credit status;
  • recruitment information including the information referred to in the 'If you are applying for a job with us' in the 'How we use your personal information section' of this privacy notice;
  • website usage information including your usernames and passwords, your interests, feedback and survey responses;  
  • information you submit to our website to enable us to send marketing communications that could be of interest to you, for example, if you have registered your interest in a particular practice area via our marketing preference centre; 
  • information we collect on the door, reception and/or gated barriers at our offices if you are a visitor to our offices and also on any CCTV at our offices, where those offices utilise CCTV (currently our Manchester and Belfast offices only, please refer to the 'Additional Country-Specific Privacy Information' for the United Kingdom below for further details); and/or
  • any other information relating to you which you provide to us. 

Personal information we receive about you from third parties can include that which we receive:

  • from law firms, accountants, trustees and other professional advisors acting for you where our client is a party in a transaction or resolution of dispute you are involved with e.g. corporate transactions, commercial transactions, property transactions, litigation, mediation and arbitration matters;
  • from banks, building societies and credit reference agencies, where you are a customer, or a debtor and we are acting for such banks and building societies;
  • from your friends, relatives and colleagues who may provide us with personal information about you as part of the work we undertake for them e.g. as a witness in a dispute, as a beneficiary in an estate or trust; 
  • from regulatory bodies and police authorities when we might be required to make enquiries; and/or
  • from your referees, as part of our recruitment process.

If you are a client, depending upon the nature of your instruction to us, personal information submitted by you, on your behalf or which we generate in the course of providing our services to you can also include special categories of information. For example, special categories of personal information for an employment tribunal case, involving a case for race discrimination in the workplace can include information regarding your race and/or trade union membership and an insurance matter involving a car accident can include information regarding your health. 

We also obtain information through the use of cookies and from your IP address. Please see our 'How we use your personal information' section below for more information.

We will always store your personal information securely and we will never ask you for any information that we do not need. 

Whilst you are not required to provide any personal information to access the public areas of our website, please see the information regarding the use of IP addresses (which may be considered as personal information) on our website in the 'If you are a website user' section of this privacy notice.

There are some areas of our website that require log-in and/or password input. This security is in place to protect the confidentiality of the information contained there, such as within our online products like DWF Link and Claimsview and our other client portals. These areas may be subject to their own Terms & Conditions and Privacy Policies, so please refer to those when accessing these areas. 

How we use your personal information

We only use your information for the purposes for which we collected it subject to limited exceptions, such as where we reasonably consider that we can use your information for another reason which is compatible with the original purpose for which it was collected. 

Subject to applicable laws, we may also monitor and record your calls, emails, text messages, social media messages and other communications in relation to your dealings with us. We do this for regulatory compliance, self-regulatory and audit reasons, crime prevention and detection, the protection and security of our communications systems and procedures, to check for obscene or profane content, for quality control reasons and for training purposes. We are permitted to do this by our legitimate interests or our legal obligations.  

We may use your information in different ways depending upon the circumstances, these can include the following: 

If you are a client

When you engage DWF for services and at points throughout our relationship, we are sometimes required to process your information to comply with our legal, regulatory and risk management obligations. This can include, for example, the completion of anti-money laundering checks, conflict of interest checks and fraud-related background checks.

Whilst you are a client of DWF, we can collect, maintain and process your personal information whilst we supply our services to you. 

We can also use your contact information for the purposes of collecting payment from you, and to inform you of any changes to the terms of our arrangements. 

If you are a website user

We may use the information you submit to our website, for example, contact details, to respond to your enquiries or complaints.

Like most websites, our website uses cookies to capture certain data about its use and its users to improve the functionality of our website and your experience when using it. Cookies may store preferences and other data about your use of our website and we use this data to improve your experience of our website by making it personalised to you. By using our website and allowing the use of cookies, you are allowing us to collect aggregate and statistical data, which does not identify you, for statistical analysis and strategic development purposes. For full details about the types of cookies we use, what we use them for and how long we use them, please go to our Cookies Policy.

You can manage cookies by changing your browser settings to disable or delete cookies. To find out how, go to http://www.aboutcookies.org.uk/. Please note that if you disable cookies, this can affect the functionality of our website on your device and you might not be able to access certain parts of our website.

When you visit our website, our server will also temporarily record your IP address (similar to a phone number, it is a unique number that allows your computer or device to communicate via the internet). It allows us to identify your country of origin whilst you are navigating our website, so we can direct you to the most suitable regional pages of our website. If you are accessing our website from a business IP address, we also capture details of which organisations have visited our website.

Additonally, for the purpose of detecting and blocking attacks (such as hacking) on our website and its technical infrastructure, we process your IP address, access time, accessed subpage(s), and transmitted data volume. This processing is necessary to fulfil our legal obligation to take protective measures against such attacks. The data is deleted seven (7) days after the end of your visit to our website, unless an attempted attack is detected.  In the event of a detected attempted attack from your point of access, the data will be further processed for technical and, if necessary, legal processing.

Our website contains links to other websites. Please note that we are not responsible for the privacy practices of other websites. When you leave our website please be sure to read the privacy notices and policies of those other websites. We do not endorse the content on any other websites that can be accessed via our website.

If you receive marketing communications

We may use your information so that you can receive marketing communications from us. We will use any information you submit relating to your preferences to develop relevant material to send to you. You will also be able to receive communications such as our newsletters, event invitations, and details of our competitions and prize draws.

Please note that you have a right to withdraw your consent at any time. If you currently receive marketing communications from us and you would prefer not to receive them in the future or if you would like to change your marketing preferences, you can do this at any time by clicking the "unsubscribe" link at the bottom of all our marketing emails.

If you are applying for a job with us

As an international business we are committed to safeguarding the privacy of the individuals that apply for positions at DWF. This section explains how we collect and generate personal  information about you as part of our application process. 

We use your personal information to allow us to process your job application, including the information submitted by you (which may be via the Careers section of our website), by third party recruitment agencies, by your referees and by our own DWF colleagues (as a result of an internal recommendation or referral on your behalf for a role).  

We use your personal information to assess your suitability for the position you have applied for at DWF, to review our equal opportunities legal requirements, and for other human resource administration and reporting purposes.  

As well as the personal information referred to in the 'What information we collect' section of this privacy notice, we can collect additional information if you apply for a job with us. This can include: 

  • nationality, residency, immigration and right to work information;
  • educational background, employer details and employment history, skills and experience information;
  • professional licences, membership and affiliation details;
  • outcome of application and interview notes;
  • where provided, references and photographs;
  • diversity-related information, which will depend on, and will only be collected in accordance with, applicable local laws, which may include information in relation to disabilities, ethnicity, sexuality, religion and social background; and
  • other information you disclose within your CV/resume or during the application process including information that others may provide about you (such as a reference).

Unless required in order to comply with any legal or regulatory requirements, or where we have a legitimate interest to do so, we will only use the personal information you provide to us for the purposes of processing and managing your application for a position at DWF and the associated recruitment process.

We will not process any special category information about you without your explicit consent, which is not mandatory. If you do provide your consent, such information is used solely for the purposes of diversity monitoring, and to ensure that any and all reasonable adjustments are made for applicants with disabilities. 

If you are an opposing party to or a person involved with a transaction we are involved with

We may use your personal information in order to perform our services for our clients. Elements of your information contained in matter files may be shared with or disclosed to third parties as part of our work in relation to that matter, in accordance with 'who we share your personal information with' below.

If you attend one of our events, seminars or one of our offices

All visitors to our offices will be required to sign in and out at one of our designated reception points. Depending on the office location, we may collect entry and exit data from the electronic security barriers located in our reception areas and/or on each floor or office area.  This data is collected for auditing and HR purposes and will be stored electronically and for a period of 12 months.

If you are a visitor at one of our offices, we may collect personal data during your visit such as your name, job title, contact information (including address, telephone number and company you work for) payment information (including verification documents from our clients in order to comply with anti-money laundering requirements, such as utility bills, your passport and driving licence) and other information relevant for us to carry out our services.

When you log onto our Wi-Fi when attending our offices as a visitor, either in our UK or international offices, we will provide a direct internet connection for your use. Our Wi-Fi can be accessed via the ClientNet network. This is a separate network from our corporate network. To allow you to use our free Wi-Fi, we will collect details of your MAC address (Media Access Control address, this is a unique code linked to your hardware in order to identify it).  This information will not be stored and will be deleted as soon as your session ends. If you connect to our ClientNet network Wi-Fi as a visitor in one of our international offices, this data routes via our Manchester internet line. We will however collate details of your MAC address within the session. No personal data will be stored and your MAC address will be deleted after these sessions.

If you attend our events, seminars or offices, we may use your personal information to cater for any dietary or accessibility requirements and to analyse any feedback you provide.

Where you also sign up to receive marketing communications from us at an event or seminar, please refer to the 'If you receive marketing communications' section of this privacy notice for further details.  

If you connect with us on social media

In some of our locations worldwide, we collect personal information whilst responding to enquiries directed to our social media networks such as Facebook, X (previously called Twitter), LinkedIn or Xing or during the course of promotional campaigns on our social media platforms. In the course of our recruitment, we are sometimes directed to individuals' LinkedIn profiles by recruitment agencies. We sometimes process personal information that is published on social networks.

Depending on the content of the request, processing will be restricted to the specific purpose of the enquiry. After the fulfilment of the enquiry and any legal obligations related to it, in particular commercial and tax retention requirements, the personal information is deleted.

If you use such social media services, you should review their own privacy policies for more information on how they deal with your personal information.

On what basis do we process your personal information

We will only use and process your personal information where we have a lawful basis for doing so. This can include:

  • providing you, or an entity with which you are connected, with our services;
  • accounting, billing and other internal administrative purposes;
  • developing and facilitating a business relationship with you or an entity with which you are connected;
  • determining your eligibility and suitability for employment with DWF;
  • inviting you to events or functions and providing you with updates and publications; and/or
  • identifying and informing you of services that might be of interest to you.

With regard to the information we collect from you on our website, we will process this on the basis that you have provided your consent or where we have a legitimate interest in processing it.

In addition to you providing your consent to our processing of your personal information, there are other lawful bases for our processing which include processing that: 

  • is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering a contract; 
  • is necessary for compliance with our legal, regulatory and/or professional obligations;
  • is necessary to protect your vital interests or those of another person;
  • is necessary for the purposes of pursuing our legitimate interests; or 
  • is necessary for the establishment, exercise or defence of legal claims. 

We operate on a global model of distributed central services, meaning that certain central functions in our organisation may be undertaken by a global team, including systems architecture and information technology functions. Additionally, certain core processes (such as data entry) may be performed in any one of our operating jurisdictions, depending on operational need. As a consequence, it is necessary that data may be shared globally—subject to key security requirements—to permit that central services team to support our business, and consequently, to provide services to clients and manage our colleague network.

As a leading global provider of integrated legal and business services with a strong culture of collaboration and a digital forward focus, we are also constantly looking at ways of delivering our services to our clients more effectively and in a way that adds value to our client's business and transactions.  Where appropriate, we may utilise legal technologies, such as automation software and machine learning (artificial intelligence), to assist us with the delivery of these goals.  The legal technologies we use present us with the ability to enhance not only the performance of our services to our clients, but their delivery times by accelerating and facilitating our ability to automate and extract value from what we do. The insights we gain in using legal technologies in the performance of our services to our clients also allows us to develop our future service offerings both to our clients and generally, allowing the benefit of the know-how acquired to help us evolve and enhance our use of such technologies. We have agreements in place with our third party legal technology service providers and we require them to operate and conduct themselves in a way that is consistent with our legal and ethical obligations. We also employ technical and organisational measures to protect the confidentiality and security of personal information at all times when making use of these beneficial legal technologies. No decision making process is fully automated, but use of machine learning processes may lead to certain claims being presented to relevant staff members more quickly, or may result in certain information being grouped for review by members of our staff, which may ultimately cause those matters to resolve more quickly.

Who we share your personal information with

As an international business, we sometimes need to pass your personal information to our other group entities or associated firms, for example, so that we can respond to an enquiry you have sent via our website or where some services are to be provided to you from a different DWF international group member, save for when we are precluded from doing so due to specific obligations in respect of confidentiality or due to conflicts of interest.  If that happens, your personal information will be protected, its confidentiality upheld and we will comply with all our obligations under the applicable data protection laws with regard to that data sharing. 

In addition, we sometimes share your information with our trusted third party service providers who perform functions on our behalf together with other bodies who regulate our activities. These third parties can include:

  • our professional advisers and auditors;
  • our regulators;
  • our insurers, including our professional indemnity insurers;
  • suppliers who provide certain support services for example, delivery of our marketing communications, document production, translation, recruitment management, data rooms (such as HighQ) and other online-platforms and e-signature software (such as DocuSign);
  • IT and other service providers to DWF, such as those who administer and maintain our website for us; 
  • third parties who provide us with and support our software and systems, such as our time recording and billing systems and our recruitment systems;
  • third parties we engage for expert services on behalf of our clients such as, barristers, case management providers, counsel, medical experts, private investigators, tracing agents and other specialists;
  • third parties involved in organising our events; and/or
  • third parties whom we engage to support our global recruitment activities including applicant screening, verification of recruitment information provided by applicants and engagement with Referees (where given and as applicable). 

Sometimes, limited amounts of your personal information may be shared with prospective customers or business partners as part of our bid submission activity. This will be limited to identifier information which will permit our business partners to contact you to verify information we have provided. This information will only be provided where it is otherwise consistent with our professional obligations and any wider contractual arrangements we might have with our clients.

We will ensure that we have taken appropriate measures to ensure that your personal information remains protected at all times in accordance with this privacy notice.  We also implement appropriate safeguards with these third parties to ensure that such transfers of your personal information to those third parties are safe, secure and confidential.  

In order to best facilitate our services to and interactions with you, we may store some of your personal information using cloud technologies managed by our third party service providers.  We have agreements in place with those third party service providers and we require them to operate and conduct themselves in a way that is consistent with our legal and ethical obligations.  We also employ technical and organisational measures to protect the confidentiality and security of any personal information shared with our third party service providers.

Further information and details of the third party suppliers DWF uses for the above-mentioned purposes are available upon request, where relevant to you. With regard to access to data rooms and other online-platforms (such as HighQ) and e-signature software (such as DocuSign) provided by third parties: 

  • we facilitate your access to such third party provider services as part of the provision of our services to our clients; 
  • to the extent that DWF might have access to any personal data about you in connection with this access, we will treat that personal data in accordance with this privacy notice at all times; 
  • you are required to review any privacy information, including privacy notices, provided to you in connection with your access of these third party services by such third party providers; and 
  • you must also ensure you read and comply with the relevant terms of use in respect of such third party services.

Where you are a client of DWF or an opposing party to a transaction we are involved with (such as litigation matters), we can also disclose your personal information to: 

  • courts, tribunals, regulatory authorities;
  • the other side to a transaction or litigation; and/or
  • third party experts such as counsel or medical experts;

for the purposes of carrying out that work and only to the extent necessary.

If our business undergoes any re-organisation, we sometimes need to transfer your personal information to a re-organised entity for the same purposes as set out in this privacy notice. Additionally, we are sometimes required to transfer some or all of your personal information to a relevant third party in the re-organisation as part of any due diligence process, for example, or for the purpose of evaluating the proposed re-organisation.  Where we are engaged in merger and acquisition activity, such as adding a new entity to our corporate group, or acquiring a new business, sometimes personal information will be disclosed as part of a business transfer or business merger process for the purposes of identifying conflicts, verifying client relationships or handling employment related matters associated with the merger or acquisition activity. 

We will not disclose your personal information to any third parties not outlined above for any reason unless: 

  • we are required to do so by law; 
  • disclosure is necessary for the purpose of, or in connection with, legal proceedings; 
  • it is to exercise or defend legal rights; or
  • we have your consent to disclose it to them. 
Cross-border transfers of your personal information
In the event of any cross-border transfer of your personal information amongst our group entities, we implement applicable transfer control mechanisms including Standard Contractual Clauses or other alternative measures that are appropriate and where required to address those transfer restrictions in accordance with applicable data protection laws.  For full details of our group entities and associated firms across the globe, please see our Legal Notices

Where we transfer your personal information across borders, whether such transfer is within or outside the European Economic Area, we will always ensure that such transfer is safe and secure by ensuring that adequate safeguards are put in place to protect your personal information. As such, appropriate safeguards will be in place regardless of whether the transfer is to a country that is subject to an adequacy decision or where it is a non-adequate country. Information transferred may include personal information which is contained within client files, personal information which is used to supplement business invoicing or collection activity, or our employee information which is provided to shared central services activities, such as IT and/or HR.
How long we keep your personal information for

We keep your personal information in accordance with our internal retention procedures, which are determined by our legal, regulatory and professional obligations including applicable data protection laws and in accordance with good practice. The retention periods differ depending upon the nature of the data we hold and the reasons why we are holding it, and are subject to change. We only keep your personal information for as long as we need to. When your information is no longer required, we will delete it securely. 

If your personal information relates to an unsuccessful job application, we might use your personal information to contact you where positions or opportunities emerge that we believe you might be suitable for. The retention of your personal information for this purpose will depend on, and only be retained in accordance with, applicable local laws.  Where required, we will obtain your consent as part of the initial application process to retain your personal information in this way and this consent will be apparent at the point of your initial application.  You have the right to withdraw your consent at any time.  Please note that if you withdraw your consent, we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal or regulatory obligations.  Please go to the 'Additional country-specific privacy information' section of this privacy notice for further detail of those jurisdictions where your consent may be required to retain your information in this way.  

Please contact us if you require more details regarding our retention periods.

How we protect your personal information

We are committed to ensuring that your personal information is kept secure. In order to protect the information you input to our website from unauthorised access, improper use or disclosure, unauthorised modification, unlawful destruction or accidental loss, we have put in place appropriate technical, physical and managerial procedures. All our employees and any third parties we engage to process your information are obliged to respect the confidentiality of your personal information.

We take information security seriously and have obtained ISO/IEC 27001:2013 which is an internationally recognised security standard. This means that our IT systems and infrastructure are managed in line with international best practice.

However, the internet is not a secure environment and we cannot therefore guarantee total security of any data transmitted to our website. Whilst we utilise the latest virus protection software, we cannot guarantee our website is free of computer viruses or other harmful applications so such transmission is at your own risk.

Further information about the measures DWF takes to protect your personal information can be provided upon request.

Changes to your personal information

If your personal information changes at any time, please keep us informed so we can ensure your information is accurate, complete and current. If you wish to update your personal information, you can inform us of this via the following means:

  • If you receive marketing communications, you can do this at any time via our marketing preference centre, which you can access by clicking on the link within all our marketing emails;
  • If you are a client then please get in touch with your Client Partner in the usual way or alternatively submit a request as outlined in the 'Complaints and how to contact us' section of this privacy notice;
  • If you are a website user, job applicant, or event attendee and you are allowing us to use your details, you can submit a request as outlined in the 'Complaints and how to contact us' section of this privacy notice.
Access to your personal information and your rights

You are entitled to view the personal information we hold about you and request that we amend it or delete it, subject to some exceptions. You also have the right to request that we restrict our processing of your information or to object to that processing as well as the right to request data portability where we process personal information based on your consent or for the purpose to contract with you. Please email your request to our Data Protection Officer, whose contact details are in the 'Data controllers' section of this privacy notice. 

Where you have provided consent, either for the processing of personal and/or special categories of personal information, you have an absolute right to withdraw consent at any time, free of charge. Advice on how to do so is contained with the 'Complaints and how to contact us' section of this privacy notice.

Please note we sometimes require further information from you in order to verify your identity before disclosing, amending or deleting any of your personal information. 

In most cases, we will deal with your requests free of charge and within one month of receipt of your request. However, there are exceptions that can allow us to charge a reasonable fee to cover our administration costs and/or extend the time period for dealing with your request by up to a further two months from receipt of your request, such as where your request is complex or repetitive. If an exception applies, we will keep you informed. 

We will never charge you to change your marketing preferences or unsubscribe to our marketing communications.

Data controllers

We provide our services through a number of entities across the globe. Full details of each practising DWF entity in each jurisdiction can be found in our Legal Notices. Depending upon the location where our services are provided and with whom you are dealing, and having regard to any local applicable data protection and privacy laws, a DWF group entity other than DWF Law LLP or DWF LLP in the UK, may be the data controller in relation to your personal information. 

Our website, and most of DWF's primary IT systems, are located in the UK and controlled by DWF Law LLP and/or DWF LLP, both UK incorporated legal services businesses.  

Controller: There are a number of entities through which we provide our services. Most of DWF's main IT systems are located in the UK and are controlled by DWF Law LLP (registered with the UK's Information Commissioner's Office, registration number ZA495689), including this website. Depending on the location where our services are provided, a DWF group member may be the data controller of your personal data. For details of all our DWF group members in each jurisdiction, please go to our Legal Notices. Please also refer to our 'Additional country-specific privacy information' below.

Address: 1 Scott Place, 2 Hardman Street, Manchester, United Kingdom, M3 3AA

Telephone (toll free): +44 (0)333 320 2220

Email: You can get in touch with us in respect of any of the members of the DWF group globally, and in relation to any data protection queries, by emailing GDPR.enquiries@dwf.law.  Please mark the subject heading of your email "For the attention of the Data Protection Officer"

Data Protection Officer: Data Protection Manager

Please note that emails sent to and from DWF can be monitored (we currently use MimeCast) to ensure compliance with internal policies and procedures and to protect our business.

Data processors

Where you are a client and Data Contoller ("Controller" or "you") and a member of the DWF Group acts as a Data Processor in respect of your Personal Data ("Processor", "we", "our"), as Processor, in addition to the obligations set out in this privacy notice, we will:

  1. process personal data only on documented instructions from you, unless required to do so by applicable law to which we are subject. In this case, we will inform you of that legal requirement before processing, unless the law prohibits this. Subsequent instructions may also be given by you throughout the duration of the processing of personal data. These instructions shall always be documented;
  2. we will immediately inform you if, in our opinion, instructions given you breach applicable data protection provisions;
  3. we will process the personal data only for the specific purpose(s) of the processing encompassed in its instructions, unless we receive further instructions from you;
  4. processing by us will only take place for the duration specified in the agreement between us, where applicable;
  5. if the processing involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions and offences (“special category data”), we will apply specific restrictions and/or additional safeguards to the processing of that special category data;
  6. taking into account the nature of the processing, we will implement appropriate technical and organisational measures:
    1. in a manner that ensures the processing meets the requirements of applicable data protection laws and the protection of the rights of data subjects;
    2. to keep the personal data secure and to protect against the risk of personal data breaches; and
    3. to assist with your compliance with your obligations under applicable data protection laws to respond to requests for exercising the rights of data subjects under applicable data protection laws;
  7. we will deal promptly and adequately with inquiries from you about the processing of data in accordance with these terms.
  8. subject to applicable law, we will make available to you all information necessary to demonstrate compliance with the obligations that are set out this section of our privacy notice and, at your request, we will also permit and contribute to audits of these processing activities, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or an audit, you may take into account relevant certifications held by us;
  9. you may choose to conduct the audit by yourself or mandate an independent auditor. Audits may also include inspections at our premises or physical facilities where the personal data is processed and shall, where appropriate, be carried out with reasonable notice to us;
  10. subject to any applicable law to the contrary, the information referred to in this section of our privacy notice, including the results of any audits, shall be made available to the competent supervisory authority/ies on request;
  11. save for where otherwise provided for in any contracts between us or as otherwise set out in this privacy notice we will not subcontract any of our processing operations performed on your behalf to a sub-processor, without your prior written authorisation;
  12. where we engage a sub-processor for carrying out specific processing activities on your behalf we shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on us as Processor in accordance with this privacy notice and applicable law and we shall ensure that the sub-processor complies with those obligations;
  13. at your request, we will provide you with a copy of any sub-processor agreement and any subsequent amendments. To the extent necessary to protect business secret or other confidential information, including personal data, we may redact the text of the agreement prior to sharing the copy;
  14. any transfer of data to a third country or an international organisation by us shall be done only on the basis of documented instructions from you and shall be subject to standard contractual clauses applicable by statute or other statutorily compliant means of permitting their data transfer;
  15. we will promptly notify you of any request we receive from the data subject. We shall not respond to the request itself, unless authorised to do so by you as the Controller;
  16. we will assist you in fulfilling your obligations to respond to data subjects’ requests to exercise their rights, taking into account the nature of the processing;
  17. in addition to our obligation to assist you, we shall furthermore assist you in ensuring compliance with the following obligations, taking into account the nature of the data processing and the information available to us:
    1. the obligation to carry out an assessment of the impact of the envisaged processing operations on the protection of personal data (a ‘data protection impact assessment’) where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons;
    2. the obligation to consult the competent supervisory authority/ies prior to processing where a data protection impact assessment indicates that the processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk; and
    3. the obligation to ensure that personal data is accurate and up to date, by informing you without delay if we become aware that the personal data we are processing is inaccurate or has become outdated;
  18. without prejudice to any provisions of GDPR or other applicable law, in the event that we are in breach of our obligations under this privacy notice or applicable law, you may instruct us to suspend the processing of personal data until we comply or the separate contract between us is terminated. We will promptly inform you in case we are unable to comply with these obligations, for whatever reason; and
  19. subject to the provision of any applicable law to the contrary, following termination of any separate contract between us, we will, at your choice, delete all personal data processed on your behalf as Controller and certify to you that it has done so, or, return all the personal data to you and delete existing copies to the extent possible and subject at all times to any legal, regulatory or professional right we have to retain copies.
Complaints and how to contact us

If you have any questions regarding this privacy notice, including any of the additional country-specific privacy information, if you require access to your personal information or if you have a complaint in connection with this privacy notice, please contact our central Data Protection Officer, whose details appear in the 'Data Controllers' section above.

We hope that you won’t ever need to, but if you do need to complain about our use of your personal information we will ensure at all times that your complaint:

  • will be treated seriously;
  • will be dealt with promptly;
  • will be dealt with in a confidential manner; and
  • will not affect your existing obligations or affect our commercial arrangements.

If you do decide to submit a request to access your personal information or otherwise exercise your privacy rights, this will not affect the level of service you can expect from us. We treat our clients equally, regardless of whether or not they have exercised their privacy rights.

You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU.  

International queries

If your query is specific to a DWF location outside of the UK, please contact our central Data Protection Officer detailed above who will ensure that your query is dealt with or referred appropriately according to the relevant location.

 
Additional country-specific privacy information

Please refer below to the location which is relevant to you for further local privacy information.

Please note that the following country-specific privacy information applies only to data processing involving the relevant country listed, and does not necessarily involve any other DWF group members. In this context, other DWF group members includes (without limitation) DWF Law LLP and DWF LLP.

Australia

This additional privacy information explains how DWF Law Australia Pty Ltd ABN 48 630 454 134, DWF Adjusting (Australia) Pty Ltd ACN 630 30 438 229, DWF Connected Services Australia Pty Limited ACN 647 283 145  and DWF Claims (Australia) Pty Ltd ACN 115 743 961 collect, hold, use, and disclose your personal information.

In handling your personal information, our Australian offices will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the 13 Australian Privacy Principles (APP) in the Privacy Act. Our offices in the EU, including our head office in the UK, are subject to the GDPR, a form of privacy law substantially similar to the APPs in protecting your personal information, within the meaning of APP 8.2(a)(i). Our offices in the DIFC are subject to a form of privacy law also substantially similar to the APPs in protecting your personal information, within the meaning of APP 8.2(a)(i) In respect of our offices in other jurisdictions, in some circumstances neither the APP nor GDPR will apply. We require our group entities to consent to treating your personal information in accordance with the Australian Privacy Principles, however by providing information to us in accordance with this privacy notice, you:

  • acknowledge that it may be disclosed to DWF group entities in jurisdictions not subject to the Privacy Act 1988;
  • that by consenting to that disclosure, your information may be disclosed to entities not required to comply with the Australian Privacy Principles and subclause 8.1 of the Australian Privacy Principles may not apply;
  • acknowledge that information disclosed may be subject to foreign law, and required to be shared with third parties in accordance with that law; and
  • consent, despite the above facts, to the disclosure of personal information to those entities for the purposes of our providing you with services.

In addition to processing your personal information in the circumstances described in the 'On what basis do we process your personal information' section of this privacy notice we can

also process your personal information further to any other legal requirements we have, including any requirements prescribed by the relevant legal profession legislation in the state or territory in which you reside (or in which the majority of our services will be performed, in the case of overseas persons).

Please contact our central Data Protection Officer, whose details appear in the 'Data controllers' section of this privacy notice. Where required, we will ensure that your query is dealt with appropriately by our Data Protection Officer in Australia. 

If we have been unable to resolve a complaint you have made to us, you can refer the complaint to the Office of the Australian Information Commissioner via enquiries@oaic.gov.au or as set out on www.oaic.gov.au. 

Germany

Additional privacy terms apply in relation to DWF Germany Rechtsanwaltsgesellschaft mbH. Please click https://dwfgroup.com/de-de/notices/misc/germany-impressum for further details.

If you apply for a job with DWF Germany Rechtsanwaltsgesellschaft mbH and you are unsuccessful, we will only ever retain your personal information for the purposes of considering you for future opportunities if you provide your express consent to us to do so.

For the purposes of the German law on professional secrecy, information will only be passed to our group entities where it is lawful to do so, and where it is necessary in the course of providing professional services to you, and is held on a strictly confidential basis in line with those obligations.

Please note that DWF Germany Rechtsanwaltsgesellschaft mbH does not process special categories of information identified in the 'What personal information we collect' section of this privacy notice.

If you would like further information regarding the terms used in this privacy notice then please see the website of the Federal Data Protection Officer, available at https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html (German language only). 

Kingdom of Saudi Arabia

Our operations in the Kingdom of Saudi Arabia operate in accordance with the applicable provisions of the Personal Data Protection Law (PDPL). 

For the purposes of the PDPL, the types of Personal Data we collect may include any of the types listed within this privacy notice. Our purpose for collecting that data is the pursuit of our legitimate interests in Saudi Arabia. This includes:

  • managing the internal administration of our Saudi Arabian businesses (including accounts, filing and records); and
  • providing advice to Saudi clients in relation to business affairs and process management, where we are licensed to do so.

We may share necessary personal data with governmental entities for specific purposes, or with other processors based on a legal basis.

Appropriate security controls are applied when sharing your information, to ensure a secure and reliable environment, according to the relevant laws, regulations, and policies.

Where deemed applicable, we may take additional steps to protect your information through signing a formal Data Sharing Agreement between the two parties, in obedience to specific terms and conditions that are compatible with data sharing principles. Between DWF Group members, our data sharing principles are contained in an existing global Data Sharing Agreement, the IGTA. This includes reference to the PDPL and our Saudi Arabian obligations.

In accordance with the applicable laws, where possible your personal data will be stored and processed securely within the geographical borders of the Kingdom of Saudi Arabia, aiming to ensure the preservation of the national digital sovereignty of the data.

However, there may be several cases as described in Article 29 of the PDPL, where your data may be transferred or processed outside the geographical borders of the Kingdom.
 
Securing your personal data and ensuring this data is handled properly is a key priority for us, we make sure that personal data is only made available to those who have a need to see it, one of the methods we follow to achieve this goal is by implementing technical and organisational measures, including, but not limited to, the following:
  • Controlling access to systems and networks.
  • Providing employees with appropriate data protection training.
  • Implementing appropriate data security controls such as encryption.
  • Deleting & disposing personal data when it is no longer needed in accordance with applicable laws and regulations (in compliance with Article 18 of the PDPL).
  • Implementing a secure physical environment for your hard copy printed personal data records.
In accordance with the provisions of the PDPL, personal data subjects have the following rights:
  • The right to be informed, by notifying by us of the legal basis for collecting their personal data, and the purpose thereof, and that their data will not be processed later in a manner inconsistent with the purpose for which it is collected for, or in cases other than those stipulated in Article 10 of the PDPL.
  • The right to access personal data of the subject in our possession to view it and obtain a copy thereof in a format that is clear and identical to the content of the records, free of charge, as determined by the regulations, without prejudice to the stipulations of Article 9 of the PDPL.
  • The right to request correction, completion or updating of available personal data in our possession.
  • The right to request the destruction of available personal data in our possession which is no longer needed, without prejudice to the provisions of Article 18 of the PDPL.
It is important to understand that these rights may be subject to certain exemptions set by the law and will be assessed on a case-by-case basis to ensure they are valid.

Poland

If you apply for a job with DWF Poland Jamka Sp. k. and your candidacy is not progressed in relation to that job application, we will only retain your personal data for the purposes of considering you for future opportunities if you provide your express consent for the processing of your personal data for that purpose.

We will never demand from a candidate for work any data that is not necessary for their application.  In particular, data that is not related to the purpose of hiring an employee, for example, data on marital status, religion, religious beliefs or sexual orientation (i.e. special categories of personal data as defined in the 'What personal information we collect' section of this privacy notice) is considered to be beyond the scope specified in the labour law. You can however choose to voluntarily provide us with such data with your express consent for us to process that data – e.g. you enclose or include that data in your application documents. However, we never expect this data from you.

We will not collect information about you with regard to your candidacy for employment from your previous employers, schools and universities that you have graduated from, if you do not expressly consent for us to do that.

In Poland, the Polish Data Protection Authority (Polski Urząd Ochrony Danych Osobowych, i.e. PUODO) is Polish data protection regulator/supervisory authority. For further information on your rights and how to complain to PUODO, please go to the PUODO website.

Qatar

Where local laws in Qatar place a higher obligation on the Qatar Branch of DWF LLP in processing special categories of personal data, the Qatar Branch of DWF LLP is committed to and complying with those higher obligations including those detailed in Qatar Law No. 13 of 2016 on the Protection of the Privacy of Personal Data and the QFC Data Protection Regulations 2005 (the Qatari Data Laws). Where any international branch of DWF processes data which is subject to the Qatari Data Laws, they will maintain those higher standards required by the Qatari Data Laws, if applicable.

United Kingdom

If you are a visitor at our offices located in Manchester or Belfast, we utilise CCTV at these offices.  The central location for storing and holding CCTV data is 1 Scott Place, 2 Hardman Street, Manchester M3 3AA. The images and/or recordings captured on our CCTV are securely stored and the data is overwritten after 30 days.

In the United Kingdom, the Information Commissioner's Office (ICO) is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please go to the ICO website.

United States of America 

This additional privacy notice applies to the handling personal information by Mindcrest Inc., doing business as DWF Mindcrest and DWF (Claims) USA (DWF) in the USA. Some states, for example California, give you privacy rights extending beyond that of the EU's General Data Protection Regulation.

Unlike the EU's General Data Protection Regulation, the California Consumer Privacy Act 2018 defines personal information. DWF will therefore treat information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household as personal information. From 1 January 2022 the California Privacy Rights Act will govern the management of data relating to data subjects in California.

India

Where we handle sensitive personal data in India, it may be held subject to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).

Where sensitive personal data held in India is transferred to any person in India or abroad, the minimum applicable standard to all DWF Group entities has been assessed as at least equivalent to those mandated by the SPDI rules. Where, however, any receiving entity is not subject to the SPDI Rules, that entity has agreed by the terms of our group data agreements to meet the standard of the SPDI Rules.

Please see the section 'Complaints and how to contact us' in our privacy notice to find out more about how you can exercise your privacy rights.