Privacy Policy

INTRODUCTION

Hayes McGrath is committed to protecting the personal data of all people we deal with.  This Notice sets out important information about how Hayes McGrath may collect and use your personal data.  Hayes McGrath has a Notice that we follow based on European data protection principles.

 

Hayes McGrath is a national legal business which operates through a regulated legal entity providing legal and/or claims handling services in accordance with the relevant laws of the jurisdiction in which it operates.

 

You should read this Notice carefully and raise any questions you may have with the Data Protection Enquiry Team (outlined below in this Notice).

 

SCOPE

This Notice applies to all persons whose personal data we collect and use (except as set out below).  This includes individuals in the categories below or any individuals who work for any of the following:

 

  • Our clients;
  • Insurers and/or their insureds;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers, coverholders etc.);
  • Claimants/Plaintiffs;
  • Defendants;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and regulatory actions) and/or the provision of related legal advice and/or claims handling services;
  • Individuals who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • People who attend our seminars, receive our legal updates, and/or who visit our website;
  • Service providers (for example recruitment consultants, general office services, library services and/or IT service providers); and/or
  • Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK and the Law Society of Ireland and in relation to our ISO27001, ISO9001 and Cyber Essentials Plus certifications).

This Notice does not apply to:

  • job applicants, as the way we collect and handle their personal data is governed by our Application and Recruitment Candidate Privacy Notice; and
  • our employees, as the way we collect and use their personal data is governed by our Employee Privacy Notice.

 

WHAT PERSONAL DATA DO WE COLLECT?

Personal data means information which identifies you and relates to you as an individual.  Hayes McGrath will collect, store and use your personal data for a variety of reasons in connection with your relationship with us.  We have set out the main categories of personal data which we process on a day to day basis:

  • personal contact information (including your name, home address, personal telephone number(s) and/or personal e-mail address);
  • Policy number/policy inception date;
  • Claim number;
  • Bank Account details;
  • Location identifiers (for example photographs and/or GPS location);
  • Loss details/claim and/or personal circumstances;
  • Vulnerabilities;
  • Online identifiers;
  • date of birth;
  • gender; and/or
  • information gathered through correspondence with us (for example, in relation to parties and/or third parties to a claim).

The personal data that we collect will depend on your relationship with us.

 

The list set out above is not exhaustive and there may be other personal data which Hayes McGrath collects, stores and uses in the context of the relationship.  We will update this Notice from time to time to reflect any notable changes in the categories of data which are processed.

 

The personal data which we process will be collected from a number of sources including (but not limited to) the following:

  • Our clients;
  • Insurers and/or their insureds;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc.);
  • Claimants/Plaintiffs;
  • Defendants;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and regulatory actions) or during the provision of us providing legal advice and/or claims handlings services;
  • People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • individuals who attend our seminars, receive our legal updates, and/or who visit our website;
  • Service providers (for example recruitment consultants, general office services, library services and/or IT service providers); and
  • Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example the Law Society of Ireland)

HOW DO WE USE YOUR PERSONAL DATA?

Hayes McGrath uses your personal data for a variety of purposes in order to provide our services as a legal and/or claims handling services group.

We may use your personal data if:

  • you have provided your consent to such use;
  • it is necessary for the performance of a contract with you; or
  • necessary in connection with a legal and/or regulatory obligation or as otherwise required or authorised by law; or
  • we consider such use of your personal data as not detrimental to you, within your reasonable expectations, having a minimal impact on your privacy, and necessary to fulfil our legitimate interests.

We have set out below the main purposes for which your personal data may be processed which include (but are not limited to):

  • providing our services, such as:
  • managing court or legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions);
  • providing legal advice;
  • providing claims handling services;
  • providing counter-fraud services;
  • advising on and negotiating legal contracts;
  • managing and running checks on our insurance fraud database (which includes information about claimants/plaintiffs, defendants, witnesses, experts, and/or other solicitors and law firms) and sharing information with our insurance clients and other appropriate organisations for the purpose of preventing, detecting or prosecuting insurance fraud;
  • managing and running checks on our internal databases of experts and other providers of services which relate to legal proceedings and/or claims handling services;
  • providing training and legal updates; and
  • marketing (by post, email and/or via our user account area for which you are always able to opt-out/unsubscribe with no detriment), development and/or tendering in relation to our products and services.
  • complying with our legal obligations or making disclosures to government, regulatory or other public bodies where the disclosure is appropriate and/or permitted by law;
  • providing access to our files for audit, review or other quality assurance checks by our clients, regulators, auditors, professional advisors, governmental bodies (for example the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example the Law Society of Ireland);
  • day to day operations of our business. For this we may use third party service providers (for example procurement services, recruitment consultants, general office services, library services and/or IT service providers);
  • sharing information within the Hayes McGrath group (for example where one of our entities is advising or providing services to another entity, or where we are checking for legal or commercial conflicts);
  • the use of cookies by the Hayes McGrath website. Please see our Cookie Policy; and/or
  • providing information to our brokers and insurers.

Again, this list is not exhaustive and Hayes McGrath may undertake additional processing of personal data in line with the purposes set out above.  We will update this Notice from time to time to reflect any notable changes to the purposes for which your personal data is processed.

 

WHAT SPECIAL CATEGORIES OF PERSONAL DATA DO WE PROCESS?

Certain categories of data are considered “special categories of data” and are subject to additional safeguards.  The special categories of personal data which we process may relate to:

  • Racial or ethnic origin;
  • Political opinions;
  • Religious or philosophical beliefs;
  • Trade union membership;
  • Genetic and/or biometric data;
  • Physical and mental health; and/or
  • Sex life and/or sexual orientation.

WHEN DO WE SHARE PERSONAL DATA?

Hayes McGrath may share your personal data with other parties in certain circumstances and where it is necessary to achieve the purposes detailed above or to comply with a legal and/or regulatory obligation, or otherwise in pursuit of its legitimate business interests as follows:

  • Our clients;
  • Insurers and their insureds;
  • Intermediaries (for example, loss adjusters, investigators, claims management suppliers and/or coverholders etc);
  • Claimants/Plaintiffs;
  • Defendants;
  • 3rd parties;
  • Experts;
  • Witnesses;
  • Counsel;
  • 3rd party solicitors;
  • Individuals who are involved in court or other legal proceedings (including legal claims, criminal actions, inquests, tribunals, arbitrations, mediations and/or regulatory actions) or the provision of related legal advice and/or claims handling;
  • People who are involved in contracts and transactions we are working on (for example other businesses/individuals our clients are contracting or working with);
  • Our business contacts;
  • People who attend our seminars or receive our legal updates, and/or who visit our website;
  • Service providers (for example recruitment consultants, general office services, library services and/or IT service providers); and/or
  • Our regulators, insurers, auditors, professional advisers, governmental bodies (for example the National Crime Agency in the UK and the Garda National Bureau of Criminal Investigation/An Garda Siochana in Ireland) and/or certification bodies (for example The Solicitors Regulation Authority in the UK and the Law Society of Ireland and in relation to our ISO27001, ISO9001 and Cyber Essentials Plus certifications).

In all cases, your personal data is shared under the terms of a written agreement between Hayes McGrath and the third party, which includes appropriate security measures to protect the personal data in line with this Notice and also our obligations or as permitted by applicable law and/or regulation.

 

 FOR HOW LONG WILL MY PERSONAL DATA BE RETAINED?

Hayes McGrath’s policy is to retain personal data only for as long as is needed to fulfil the purpose(s) for which it was collected, or otherwise required under applicable jurisdictional laws and/or regulations and/or business continuity purposes.  Under some circumstances we may anonymise your personal data so that it can no longer be associated with you.  We reserve the right to retain and use such anonymous data for any legitimate business purpose without further notice to you.

 

Hayes McGrath will typically retain data for periods subject to any exceptional circumstances and/or to comply with particular jurisdictional laws or regulations and/for business continuity purposes: unless there is any other valid legal, regulatory, client or business reason to retain it beyond that timescale, all matter files will usually be destroyed at approximately 7 years after the matter has been closed.

 

WHAT ARE MY RIGHTS IN RELATION TO MY PERSONAL DATA?

Hayes McGrath will always seek to process your personal data in accordance with our obligations, our rights and your rights.

 

You will not be subject to decisions based solely on automated data processing without your prior consent.

 

In certain circumstances, you have the right to seek the erasure or correction of your personal data, to object to particular aspects of how your data is processed, and otherwise to seek the restriction of the processing of your personal data.  You also have the right to request the transfer of your personal data to another party in a commonly used format. If you have any questions about these rights, please contact our Data Protection Enquiry Team (outlined below in the Notice).

 

You have a separate right of access to your personal data processed by Hayes McGrath.  You may be asked for information to confirm your identity and/or assist Hayes McGrath to locate the data you are seeking as part of Hayes McGrath’s response to your request.  If you wish to exercise your right of access, please contact our Data Protection Enquiry Team (outlined below in the Notice).

 

Given the location of our European offices, if you are an individual located in the EU you have the right to raise any concerns about how your personal data is being processed with:

 

WHERE CAN I GET FURTHER INFORMATION?

If you have any questions about this Notice, want to exercise your right to see a copy of the information that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact us by email on dataprotectionenquiryteam@hayesmcgrath.ie or by post to:

 

Data Protection Enquiry Team

Hayes McGrath

91 Lr Baggott Street

Dublin 2