1.2 We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. This commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way in which personal information must be treated.
1.4 In broad terms, ‘personal information’ is information or opinions relating to a particular identifiable individual. Information or opinions are not personal information where they cannot be linked to a particular individual.
2.1 We manage your personal information we collect by:
(a) implementing procedures in relation to how our team members collect, record and access your personal information;
(b) implementing security measures to keep the personal information we collect safe, including using unique usernames and passwords on systems that can access personal information; and
(c) appointing a designated privacy officer to monitor privacy compliance and who is our contact for any privacy complaints and access or correction requests. Our privacy officer is Sandra Jeremy and can be contacted by phone on (02) 4350 3333 or by email.
2.2 In limited circumstances, it may be possible for you to use a pseudonym or remain anonymous when dealing with us. If you want to use a pseudonym or remain anonymous you should notify us when making first enquiries or providing initial instructions. We will use our best endeavours to deal with you by your pseudonym or anonymity as requested, subject to our professional obligations and ability to perform the legal service without using your name. In most cases, our professional obligations will require you to deal with us using your real name.
2.3 We must comply with our professional obligations (including confidentiality obligations) in dealing with your personal information at all times.
3.1 We are a full-service commercial law firm and hold different information depending on the legal services provided to clients. Generally, the types of information that we collect and hold include:
(a) contact information;
(b) financial information;
(c) business circumstances;
(d) family circumstances;
(e) information about assets and investments;
(f) employment history;
(g) date and place of birth;
(h) insurance history;
(i) banking and credit card details;
(j) expertise and interests;
(k) tax file numbers;
(l) driver’s licence and other photographic information;
(m) video or photographic footage given by clients to us for legal advice;
(n) information otherwise required by law; and
(o) any other personal information required to perform the legal service.
3.2 Where possible, we will only collect the personal information required to provide the legal service to you, or as required by our professional obligations.
4.1 ‘Sensitive information’ is a subset of personal information and includes personal information that could have serious ramifications if used inappropriately.
4.2 The sensitive information that we collect and hold about you will include any information necessary to provide legal services to you. This includes:
(a) health information;
(b) racial or ethnic origins;
(c) political opinions and membership of political associations;
(d) religious beliefs or affiliations;
(e) philosophical beliefs;
(f) membership of professional or trade associations or unions;
(g) sexual preferences or practices;
(h) criminal records;
(i) genetic information;
(j) any sensitive information required to be disclosed by law; and
(k) any other sensitive information required to perform the legal service.
4.3 We will not collect sensitive information without your consent to which the information relates unless permitted under the Privacy Act.
5.1 Where reasonable and practicable, we will collect personal information about you directly from you.
5.2 However, we have a large referral network and also collect personal information from numerous other sources indirectly. It is not possible to provide an exhaustive list of these sources, but they include:
(a) professional advisors or agents for individuals who we act for;
(b) banks and financial institutions;
(c) government bodies;
(d) insurance companies;
(e) businesses about their employees, contractors, customers or suppliers;
(f) barristers and other solicitors;
(g) feedback surveys; and
(h) from paid search providers.
Securing Personal Information
6.1 We hold personal information:
(i) on our premises; and
(ii) in a storage unit in Tuggerah.
(i) through internal servers and websites;
(ii) on electronic storage devices, including DVD and USB; and
(iii) by an off-side data replication provider in Australia.
6.2 We will take all reasonable steps to ensure that all personal information we hold is secure from any unauthorised access, misuse or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.
6.3 Some of the methods we use to store and secure information include:
(a) having designated areas to meet with clients that do not contain personal information;
(b) using unique usernames, passwords and other protections on systems that can access personal information;
(c) using our document retention system (locked storage area with only authorised access) for important documents such as Wills and other original documents; and
(d) using lockable cabinets for storing more sensitive information, other important documents or financial records.
Disclosing Personal Information
7.1 We take reasonable steps to use and disclose personal information only for the primary purpose for which it is collected. The primary purpose for which information is collected varies, depending on the particular service being provided, but is generally to provide legal advice and services to you or your business.
7.2 Personal information can also be used or disclosed by us for secondary purposes which are within your reasonable expectations and related to the primary purpose of collection.
7.3 For example, we may use personal information for the following secondary purposes:
(a) to add your details to our legal alerts list, to inform you of updates and changes to the law that could affect you and to invite you to legal events relevant to your industry (which can be unsubscribed from at any time under section 13 of the Privacy Act);
(b) to provide a referral; or
(c) marketing and statistical purposes (see sections 13 and 14 of this policy).
7.4 We disclose personal information:
(a) to other service providers or referral partners, in order to provide the legal service (for example, other solicitors, barristers, experts, accountants, insurers etc. as the context of the legal service requires);
(b) with your consent;
(c) to third party contractors when we contract out any financial, administrative, information technology or other services.
7.5 Otherwise, we will only disclose personal information to third parties with your consent or if the disclosure is permitted by the Privacy Act.
8.1 We do not disclose personal information to overseas recipients.
9.1 We do not use your personal information to assess your credit eligibility. However, during the course of providing the legal service to you, we collect credit information that is necessary to provide you with the legal service.
9.2 The main kind of credit information we collect is your identification information.
9.3 However, in the course of providing legal services to you, we may be given (and subsequently hold) the following other kinds of credit information:
(a) information about any credit that has been provided to you;
(b) your repayment history;
(c) information about your overdue payments;
(d) if terms and conditions of your credit arrangements are varied;
(e) if any court proceedings are initiated against you in relation to your credit activities;
(f) information about any bankruptcy or debt agreements involving you;
(g) any publicly available information about your credit worthiness; and
(h) any information about you where you have fraudulently or otherwise committed a serious credit infringement.
9.4 We do not collect your credit information from credit reporting bodies, banks or other credit providers unless it is necessary to provide you with the legal service or you have expressly asked us to.
9.5 In most cases, we will only collect credit information about you if you disclose it to us and it is relevant in providing you with the legal service.
9.6 Other sources we collect the credit information from include:
(a) banks and other credit providers;
(b) other individuals and entities via referrals; and
(c) your suppliers and creditors.
9.7 However, in most cases you will be aware that this information is being collected as part of the legal service we are providing to you.
9.8 We store and hold credit information in the same manner as outlined in section 6 of this policy.
9.9 Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to provide you with the legal service.
9.10 We may also collect credit information to process payments.
9.11 We will not disclose your credit information to overseas entities unless you expressly advise us to, apart from the following circumstances:
(a) to the extent that it is necessary or desirable to make such a disclosure to obtain payment of money owed to us.
9.12 You can access and correct your credit information, or complain about a breach of your privacy in the same manner as set out in section 10 of this policy.
Correcting Personal Information and Accessing It
10.1 It is important the information we hold about you is up-to-date. You should contact us if your personal information changes.
10.2 You can request access to the personal information we hold or ask for your personal information to be corrected.
10.3 A request by you to access or correct personal information about you must be made to the following contact officer:
Contact person: Sandra Jeremy
Telephone number: +61 2 4350 3333
Email address: firstname.lastname@example.org
Postal address: P O Box 110 Wyong NSW 2259
10.4 We will grant you access to your personal information as soon as possible, subject to the request circumstances.
10.5 In keeping with our commitment to protect the privacy of personal information, we will not disclose personal information to you without proof of identity.
10.6 We can deny access to personal information if:
(a) the request is impractical or unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person;
(d) providing access would compromise our professional obligations; or
(e) there are other legal grounds to deny the request.
10.7 Where necessary, we charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.
10.8 If you establish that personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
11.1 If you wish to make a complaint about an alleged privacy breach, you must follow the following process:
(a) The complaint must be firstly made to us in writing. We will have a reasonable time to respond to the complaint.
(b) In the unlikely event the privacy issue cannot be resolved, you can take your complaint to the Office of the Australian Information Commissioner.
11.2 A person can complain about a breach of privacy by contacting us using the contact details set out in section 10.3 of this policy.
12.2 This policy was last updated in January 2016. If you have any comments on the policy, please contact our privacy officer on the contact details in section 11 of this policy.
13.1 We comply with Spam Act 2003 (Cth) in regard to the sending of emails. We do not send unsolicited commercial electronic messages with an Australian link. We only send direct marketing communications to users who have given consent (express or inferred).
13.2 We comply with the Spam Act 2003 (Cth) and APP 7 by allowing users to request to unsubscribe (opt-out) from any direct marketing communications. You must use the unsubscribe feature or inform us via mail or telephone before you will stop receiving direct marketing communications. Users will be unsubscribed within 5 business days after the request has been sent.
13.3 All direct marketing communication material has our details and contact information.
14.1 When you visit our website our ISP (Internet Service Provider) makes a record of your visit and takes the following information:
- Your IP (internet address).
- Date and time of visit.
- Web browser;
- Pages visited;
- Documents downloaded;
- Links from other sites that users reach our site from; and
- Other non-identifiable information.
14.2 This type of information is anonymous and is used for the purpose of updating and improving our website continuously.