Dillon Eustace Privacy Statement

Dillon Eustace (“Dillon Eustace”, the “Firm”, “we” or “us”) is committed to respecting and protecting your privacy and cares about the way in which your personal information is treated.

In this Privacy Statement we set out:

1. what personal information we collect about you;
2. how we obtain your personal information;
3. how we use your personal information;
4. on what basis we use your personal information;
5. how long we keep your personal information;
6. who we share your personal information with;
7. how we protect your personal information;
8. which countries we transfer your personal information to;
9. your rights regarding your personal information.

When we refer to “Dillon Eustace” we are referring to the Irish law firm Dillon Eustace LLP, to its company secretarial provider Tudor Trust Limited, to its facilities provider DE Facilities Limited, to the Cayman Islands’ law firm, Dillon Eustace and to the Cayman Islands’ corporate services company, DE (Cayman) Limited and to any other partnerships and entities which are authorised to practise using the name ‘Dillon Eustace’ or ‘Tudor Trust’. See ‘Data controllers’ below for more information on the Dillon Eustace entities that control and process personal data.

What personal information do we collect about you?

We may collect personal information from you (and, through you, from your directors, officers, partners, employees, secondees, representatives, agents, contractors and investors) in the course of our business, including through your use of our website, when you contact or request information from us, when you engage our legal or other services or as a result of your relationship with one or more of our staff and clients.

The personal information that we process includes:

1. basic information, such as your name (including name prefix or title), the company you work for, your title or position and your relationship to a person;
2. contact information, such as your postal address, email address, phone number(s), IP address, URL and browser type;
3. financial information, such as payment-related information;
4. technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you electronically;
5. information you provide to us for the purposes of attending meetings and events, including access and dietary requirements;
6. safeguarding the health and safety of our staff, visitors to our offices and of attendees at events hosted or organised by us;
7. identification and background information provided by you or collected as part of our business acceptance processes;
8. personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special categories of data such as, but not limited to, financial information (e.g. if you are a borrower) or medical information (e.g. If you are a plaintiff); and
9. any other information relating to you which you may provide to us.

How we obtain your personal information

We collect information from you as part of our business acceptance / client take on processes and about you and others as necessary in the course of providing legal services or other services. We also collect your personal information while monitoring our technology tools and services, (including our websites and email communications sent to and from Dillon Eustace) and we gather information about you when you provide it to us, or interact with us directly, for instance engaging with our staff, providing a business card or registering on one of our digital platforms or applications. We may also collect or receive information about you from other sources, such as keeping the contact details we already hold for you accurate and up to date using publicly available sources.

How we use your personal information

We collect and process personal information about you in a number of ways, including through your use of our website and in the provision of services by us. We use that information:

1. to provide and improve our services to you and to our clients, including handling the personal information of others on behalf of our clients;
2. to manage and administer our relationship with you and our clients;
3. to provide information requested by you;
4. to fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims;
5. to promote our services, including sending legal updates, publications and details of events;
6. for the purposes of recruitment;
7. to provide and improve our website, including auditing and monitoring its use.

Use of Dillon Eustace website

A number of facilities on our website invite you to provide us with personal information, such as the vacancy application facility in the ‘Careers’ section of our website and our email queries facilities. The purpose of these facilities is apparent at the point that you provide your personal information and we only use that information for those purposes.

Cookies are small text files that are placed on your computer or other devices when you visit a website. We use certain cookies on our website and our marketing email communications. Some cookies are ‘essential’ and are necessary for our website to function. Some are ‘non-essential’ and are used to personalise content and analyse traffic. We specifically obtain your consent before we store cookies on your computer or other devices. You may refuse the use of cookies or withdraw your consent at any time but please note that this may affect your use and experience of our website. Please also see ‘Marketing and other emails’ below.

Our website uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing cookies on your device. The information that the cookies collect, such as the number of visitors to the site, the pages visited and the length of time spent on the site, is aggregated and therefore anonymous.

For more information on the types of cookies we use and how you may manage your cookie preferences, please see our Cookie Policy.

Marketing and other emails

We use personal information to understand whether you read the emails and other materials, such as legal publications, that we send to you, click on the links to the information that we include in them and whether and how you visit our website after you click on that link (immediately and on future visits). We do this by using software that places a cookie on your device which tracks this activity and records it against your email address. Please see ‘Use of Dillon Eustace website’ for more information on cookies and how to manage and remove them.

We may also use a relationship management tool, where permitted by applicable law, to assess the strength of the relationship between individuals in Dillon Eustace and our clients or potential clients based on the frequency of email contact between them. We use that information in order to assess, analyse and improve the services that we provide.

If you receive marketing communications from us and no longer wish to do so, you may unsubscribe at any time by clicking the unsubscribe link at the bottom of all marketing e-mail communications.

Meetings, events and seminars

We also collect and process personal information about you in relation to your attendance at our offices or at an event or seminar organised by Dillon Eustace or its business partners. We will only process and use special categories of personal information about your dietary or access requirements in order to cater for your needs and to meet any other legal or regulatory obligations we may have. We may share your information with IT and other service providers or business partners involved in organising or hosting the relevant event.

Legal and other services

We collect, create, hold and use personal information in the course of and in connection with the services we provide to our clients. We will process identification and background information as part of our business acceptance, finance, administration and marketing processes, including anti-money laundering, conflict, reputational and financial checks. We will also process personal information provided to us by or on behalf of our clients for the purposes of the work we do for them. The information may be disclosed to third parties to the extent reasonably necessary in connection with that work. Please also see ‘Who we share your personal information with’ and ‘Which countries we transfer your personal information to’ below.

On what basis we use your personal information

We use your personal information on the following basis:

1. to perform a contract, such as engaging with an individual to provide legal or other services;
2. for the establishment, exercise or defence of legal claims or proceedings;
3. to comply with legal and regulatory obligations;
4. for legitimate business purposes. Please see ‘How we use your personal information’ for more detail;
5. where you have consented to our use.

How long we keep your personal information

Your personal information will be retained in accordance with our global data retention policy which categorises all of the information held by Dillon Eustace and specifies the appropriate retention period for each category of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and Dillon Eustace’s business purposes.

Who we share your personal information with

We are a law firm with offices in Ireland, New York and Tokyo, with subsidiary company secretarial / corporate services companies in Ireland and the Cayman Islands, a wholly owned law firm in the Cayman Islands and a subsidiary facilities provider company in Ireland. Any Information that you provide to us may be shared with and processed by any entity or offices of Dillon Eustace throughout the globe.

We may also share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:

• our professional advisers and auditors;
• suppliers to whom we outsource certain support services such as document or record retention, word processing, translation, photocopying and document review;
• IT service providers to Dillon Eustace;
• third parties engaged in the course of the services we provide to clients and with their prior consent, such as barristers, local counsel and technology service providers like board portal, data room and case management services;
• third party providers of AML / CTF and similar services;
• third parties involved in hosting or organising events or seminars.

Where necessary, or for the reasons set out in this statement, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.

If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new Dillon Eustace entities or to third parties through which the business of Dillon Eustace will be carried out. We may also use social media sites such as Facebook, LinkedIn and Twitter. If you use these services, you should review their privacy policy for more information on how they deal with your personal information.

We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.

How we protect your personal information

We use a variety of technical and organisational measures to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws. However, although we will do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to us or to our website. Any transmission of personal information is at your own risk.

As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the internet. We have however implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organisation and will continue to update policies and implement additional security features as new technologies become available.

Which countries we transfer your personal information to

In order to provide our services we may need to transfer your personal information to locations outside the jurisdiction in which you provide it or where you are viewing this website for the purposes set out in this privacy policy. This may entail a transfer of your information from a location within the European Economic Area (the “EEA”) to outside the EEA, or from outside the EEA to a location within the EEA. Please see ‘Who we share your personal information with’ for more detail on how the information may be shared with Dillon Eustace offices and third party service providers.

The level of information protection in countries outside the EEA may be less than that offered within the EEA. Where this is the case, we will implement appropriate measures to ensure that your personal information remains protected and secure in accordance with applicable data protection laws.. Where we transfer Personal Data processed by us on your behalf to our offices in the Cayman Islands or the United States or, on prior written notice to you, any other country in which we or our affiliates have operations to store and process Personal Data for the purposes outlined herein, any such transfer shall be effected by us in accordance with the requirements of Article 45, 46 or 47 of Chapter V of the GDPR. Where our third party service providers process personal data outside the EEA in the course of providing services to us, our written agreement with them will include appropriate measures, usually standard contractual clauses.

Your rights regarding your personal information

The European Union’s General Data Protection Regulation and other applicable data protection laws provide certain rights for data subjects. You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have it rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. We will respond to your request in writing, or orally if requested, as soon as practicable and in any event within one month of receipt of your request. We may request proof of identification to verify your request. All requests should be addressed to dataprotection@dilloneustace.ie

You also have the right to lodge a complaint in relation to our processing of your personal information with a local supervisory authority which in Ireland is the Data Protection Commissioner.

If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above (see ‘How we use your personal information’) or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by emailing us at dataprotection@dilloneustace.ie

Data controllers

There are a number of entities through which Dillon Eustace provides legal services, company secretarial and/or corporate services and makes available facilities including Dillon Eustace LLP, Dillon Eustace Cayman, Tudor Trust Limited, DE (Cayman) Limited, Tudor Trust Nominees 1 Limited, Tudor Trust Nominees 2 Limited and DE Facilities Limited. We also use external parties such as Board Vantage to provide you with board portal services.

Most of our main IT systems are located in the European Union and are controlled by Dillon Eustace LLP. Depending on the location where legal or other services are provided, another undertaking or entity listed above may be the data controller in relation to your personal data. Please visit the Contact section of our website for details of the Dillon Eustace entity through which we practice law or provide other services in the relevant jurisdiction(s) and, where necessary having regard to local applicable data protection or privacy laws, a country-specific privacy statement.

Links to other sites

Our website may, from time to time, contain links to and from other websites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal information to those websites.

Changes to this Privacy Statement

We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement. Your continued use of this website after we make changes is deemed to be acceptance of those changes, so please check this Privacy Statement periodically for updates.

Last Updated: 14 July 2023