Please refer below to the location which is relevant to you for further local privacy information.
Please note that the following country-specific privacy information applies only to data processing involving the relevant country listed, and does not necessarily involve any other DWF group members. In this context, other DWF group members includes (without limitation) DWF Law LLP and DWF LLP.
This additional privacy information explains how DWF Law Australia Pty Ltd ABN 48 630 454 134, DWF Adjusting (Australia) Pty Ltd ACN 630 30 438 229, DWF Connected Services Australia Pty Limited ACN 647 283 145 and DWF Claims (Australia) Pty Ltd ACN 115 743 961 collect, hold, use, and disclose your personal information.
In handling your personal information, our Australian offices will comply with the Privacy Act 1988 (Cth) (Privacy Act) and with the 13 Australian Privacy Principles (APP) in the Privacy Act. Our offices in the EU, including our head office in the UK, are subject to the GDPR, a form of privacy law substantially similar to the APPs in protecting your personal information, within the meaning of APP 8.2(a)(i). Our offices in the DIFC are subject to a form of privacy law also substantially similar to the APPs in protecting your personal information, within the meaning of APP 8.2(a)(i) In respect of our offices in other jurisdictions, in some circumstances neither the APP nor GDPR will apply. We require our group entities to consent to treating your personal information in accordance with the Australian Privacy Principles, however by providing information to us in accordance with this privacy notice, you:
- acknowledge that it may be disclosed to DWF group entities in jurisdictions not subject to the Privacy Act 1988;
- that by consenting to that disclosure, your information may be disclosed to entities not required to comply with the Australian Privacy Principles and subclause 8.1 of the Australian Privacy Principles may not apply;
- acknowledge that information disclosed may be subject to foreign law, and required to be shared with third parties in accordance with that law; and
- consent, despite the above facts, to the disclosure of personal information to those entities for the purposes of our providing you with services.
In addition to processing your personal information in the circumstances described in the 'On what basis do we process your personal information' section of this privacy notice we can
also process your personal information further to any other legal requirements we have, including any requirements prescribed by the relevant legal profession legislation in the state or territory in which you reside (or in which the majority of our services will be performed, in the case of overseas persons).
Please contact our central Data Protection Officer, whose details appear in the 'Data controllers' section of this privacy notice. Where required, we will ensure that your query is dealt with appropriately by our Data Protection Officer in Australia.
If we have been unable to resolve a complaint you have made to us, you can refer the complaint to the Office of the Australian Information Commissioner via firstname.lastname@example.org or as set out on www.oaic.gov.au.
Additional privacy terms apply in relation to DWF Germany Rechtsanwaltsgesellschaft mbH. Please click https://dwfgroup.com/de-de/notices/misc/germany-impressum for further details.
If you apply for a job with DWF Germany Rechtsanwaltsgesellschaft mbH and you are unsuccessful, we will only ever retain your personal information for the purposes of considering you for future opportunities if you provide your express consent to us to do so.
For the purposes of the German law on professional secrecy, information will only be passed to our group entities where it is lawful to do so, and where it is necessary in the course of providing professional services to you, and is held on a strictly confidential basis in line with those obligations.
Please note that DWF Germany Rechtsanwaltsgesellschaft mbH does not process special categories of information identified in the 'What personal information we collect' section of this privacy notice.
If you would like further information regarding the terms used in this privacy notice then please see the website of the Federal Data Protection Officer, available at https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html (German language only).
Kingdom of Saudi Arabia
Our operations in the Kingdom of Saudi Arabia operate in accordance with the applicable provisions of the Personal Data Protection Law (PDPL).
For the purposes of the PDPL, the types of Personal Data we collect may include any of the types listed within this privacy notice. Our purpose for collecting that data is the pursuit of our legitimate interests in Saudi Arabia. This includes:
- managing the internal administration of our Saudi Arabian businesses (including accounts, filing and records); and
- providing advice to Saudi clients in relation to business affairs and process management, where we are licensed to do so.
We may share necessary personal data with governmental entities for specific purposes, or with other processors based on a legal basis.
Appropriate security controls are applied when sharing your information, to ensure a secure and reliable environment, according to the relevant laws, regulations, and policies.
Where deemed applicable, we may take additional steps to protect your information through signing a formal Data Sharing Agreement between the two parties, in obedience to specific terms and conditions that are compatible with data sharing principles. Between DWF Group members, our data sharing principles are contained in an existing global Data Sharing Agreement, the IGTA. This includes reference to the PDPL and our Saudi Arabian obligations.
In accordance with the applicable laws, where possible your personal data will be stored and processed securely within the geographical borders of the Kingdom of Saudi Arabia, aiming to ensure the preservation of the national digital sovereignty of the data.
However, there may be several cases as described in Article 29 of the PDPL, where your data may be transferred or processed outside the geographical borders of the Kingdom.
Securing your personal data and ensuring this data is handled properly is a key priority for us, we make sure that personal data is only made available to those who have a need to see it, one of the methods we follow to achieve this goal is by implementing technical and organisational measures, including, but not limited to, the following:
- Controlling access to systems and networks.
- Providing employees with appropriate data protection training.
- Implementing appropriate data security controls such as encryption.
- Deleting & disposing personal data when it is no longer needed in accordance with applicable laws and regulations (in compliance with Article 18 of the PDPL).
- Implementing a secure physical environment for your hard copy printed personal data records.
In accordance with the provisions of the PDPL, personal data subjects have the following rights:
- The right to be informed, by notifying by us of the legal basis for collecting their personal data, and the purpose thereof, and that their data will not be processed later in a manner inconsistent with the purpose for which it is collected for, or in cases other than those stipulated in Article 10 of the PDPL.
- The right to access personal data of the subject in our possession to view it and obtain a copy thereof in a format that is clear and identical to the content of the records, free of charge, as determined by the regulations, without prejudice to the stipulations of Article 9 of the PDPL.
- The right to request correction, completion or updating of available personal data in our possession.
- The right to request the destruction of available personal data in our possession which is no longer needed, without prejudice to the provisions of Article 18 of the PDPL.
It is important to understand that these rights may be subject to certain exemptions set by the law and will be assessed on a case-by-case basis to ensure they are valid.
If you apply for a job with DWF Poland Jamka Sp. k. and your candidacy is not progressed in relation to that job application, we will only retain your personal data for the purposes of considering you for future opportunities if you provide your express consent for the processing of your personal data for that purpose.
We will never demand from a candidate for work any data that is not necessary for their application. In particular, data that is not related to the purpose of hiring an employee, for example, data on marital status, religion, religious beliefs or sexual orientation (i.e. special categories of personal data as defined in the 'What personal information we collect' section of this privacy notice) is considered to be beyond the scope specified in the labour law. You can however choose to voluntarily provide us with such data with your express consent for us to process that data – e.g. you enclose or include that data in your application documents. However, we never expect this data from you.
We will not collect information about you with regard to your candidacy for employment from your previous employers, schools and universities that you have graduated from, if you do not expressly consent for us to do that.
In Poland, the Polish Data Protection Authority (Polski Urząd Ochrony Danych Osobowych, i.e. PUODO) is Polish data protection regulator/supervisory authority. For further information on your rights and how to complain to PUODO, please go to the PUODO website.
Where local laws in Qatar place a higher obligation on the Qatar Branch of DWF LLP in processing special categories of personal data, the Qatar Branch of DWF LLP is committed to and complying with those higher obligations including those detailed in Qatar Law No. 13 of 2016 on the Protection of the Privacy of Personal Data and the QFC Data Protection Regulations 2005 (the Qatari Data Laws). Where any international branch of DWF processes data which is subject to the Qatari Data Laws, they will maintain those higher standards required by the Qatari Data Laws, if applicable.
If you are a visitor at our offices located in Manchester or Belfast, we utilise CCTV at these offices. The central location for storing and holding CCTV data is 1 Scott Place, 2 Hardman Street, Manchester M3 3AA. The images and/or recordings captured on our CCTV are securely stored and the data is overwritten after 30 days.
In the United Kingdom, the Information Commissioner's Office (ICO) is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please go to the ICO website.
United States of America
This additional privacy notice applies to the handling personal information by Mindcrest Inc., doing business as DWF Mindcrest and DWF (Claims) USA (DWF) in the USA. Some states, for example California, give you privacy rights extending beyond that of the EU's General Data Protection Regulation.
Unlike the EU's General Data Protection Regulation, the California Consumer Privacy Act 2018 defines personal information. DWF will therefore treat information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household as personal information. From 1 January 2022 the California Privacy Rights Act will govern the management of data relating to data subjects in California.
Where we handle sensitive personal data in India, it may be held subject to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).
Where sensitive personal data held in India is transferred to any person in India or abroad, the minimum applicable standard to all DWF Group entities has been assessed as at least equivalent to those mandated by the SPDI rules. Where, however, any receiving entity is not subject to the SPDI Rules, that entity has agreed by the terms of our group data agreements to meet the standard of the SPDI Rules.
Please see the section 'Complaints and how to contact us' in our privacy notice to find out more about how you can exercise your privacy rights.