Our business is bound by the Privacy Act 1988 (the Act) and the Australian Privacy Principles (APP). Our business is an APP entity as defined in s 6(1) of the Act.
We collect and hold personal information relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of business. Such personal information may include, but is not limited to, names, tax file numbers, addresses, telephone numbers, social media details, email addresses, occupations, wage records, bank account details, asset and investment details, financial planning records, taxation records, medical records and relationship details.
Personal information is collected from our clients in the following ways:
- by providing it to us directly;
- by authorising third parties to provide it to us;
- by other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our client’s behalf.
All data processed by the business is done on a lawful basis. The purposes for which we collect, hold, use and disclose personal information are:
- to offer our products and services to our clients. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments and individuals. Unless compelled by law, we will never disclose personal information without the client’s knowledge and consent;
- to facilitate our internal and external administrative processes including financial and business operations and reporting requirements;
- to obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; and
- to comply with applicable laws.
Clients may access their personal information and seek correction of it at any time by applying to our office in person or in writing.
Clients will be formally identified before releasing or amending any personal information.
In particular, original documents which are in our safe custody, such as title documents, Wills or powers of attorney, will not be released without proper written authorisation and satisfying our office that the person seeking that original document has proper authority to remove that document from our safe custody or is the client/owner.
At present we do not have any agreements with any third-parties that we are aware of that would hold your personal information in an overseas location.
Where necessary, and upon your instruction, we will disclose personal information to overseas recipients, including a related body corporate.
We use a number of mechanisms to protect the security and integrity of your personal information however no data transmission over the internet can be guaranteed as completely secure and we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.
Once any personal information comes into our possession, we will take reasonable steps to protect that information from misuse and loss and from unauthorised access, modification or disclosure.
- our office; and/or
- the Office of the Australian Privacy Commissioner.
All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the our office if you become aware of them. We will advise you as required under part IIIC the Act if we become aware of any eligible data breach which may have affected your personal information.
An eligible data breach, defined in s 26WE(2) of the Act, is when:
- both of the following conditions are satisfied:
- there is unauthorised access to, or unauthorised disclosure of, the information;
- a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
- the information is lost in circumstances where:
- unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
- assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;…
If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days.
If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:
- the business’s details;
- a description of the breach;
- the kind or kinds of information concerned; and
- recommendations about the steps that we will take in response to it.
If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.
The statement will be submitted to the Privacy Commissioner.
Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.
We collect or obtain your information through our website when you provide it to us (e.g. by contacting us through our web forms).
Our domain and website host may automatically collect or obtain your information from your use of our website via cookies when you visit our site (such as the type of browser you are using, the type of operating system you are using, and the domain name of your Internet service provider).
We do not collect personally identifiable information about you during your access to our website unless you choose to fill out a form, found on many of the pages of the site or to email us directly.
The personal information that we process includes:
- basic information, such as your name (including name prefix or title), the company you work for, your title or position and your relationship to a person;
- contact information, such as your postal address, email address and phone number;
- Financial information, such as payment-related information;
- Identification and background information provided by you or collected as part of our business acceptance processes; and
- Any other information relating to you which you may provide to us.
We use non-personally identifiable information to analyse site usage (such as aggregated information on the pages visited by our users), which allows us to improve the design and content of our site.
We may do the following with your personal information:
- to respond to your inquiry or form you have completed on various sections of our Website;
- use it to provide legal services;
- use it to engage in marketing and business development activity in relation to our legal services. This may include sending you newsletters, legal updates, marketing communications and other information that may be of interest to you;
- to comply with legal and regulatory obligations that we have to discharge; and
- use it for our legitimate business interests, such as undertaking business research and analysis, managing the operation of our websites and our business.
We rely on the following legal grounds to process your personal information, namely:
- Consent– we may (but usually do not) need you consent to use your personal information. You can withdraw your consent by contacting us (see below).
- Performance of a contract– we may need to collect and use your personal information to enter into a contract with you or to perform our obligations under a contract with you.
- Legitimate interest– we may use your personal information for our legitimate interests, some examples of which are given above.
- Compliance with law or regulation– we may use your personal information as necessary to comply with applicable law/regulation.
We do not sell or rent your personal information to third-parties.
We may share your personal information with third parties, only to the extent necessary to run our business, provide a service to you, comply with the law, enforce our legal rights or because you have provided consent.
This may include the following.
- Third party agents/suppliers or contractors, in connection with the processing of your personal information for the purposes described in this Policy. This may include, but is not limited to, website hosting, IT and communications service providers.
- Third parties relevant to the services that we provide.
- To the extent required by law, regulation or court order, for example, if we are under a duty to disclose your personal information in order to comply with any legal obligation.
- Where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Any forms which are available on our website are powered by Jotforms also bound by the EU General Data Protection Regulations.
When you fill out a form, the data that you submit will be forwarded to Jotforms and will be collated into an email and sent to us.
The data that you submit via the form will not be stored within this website’s own database or in any of our internal computer systems.
Your data will remain within Jotform’s secure database in the EU for as long as we continue to use Jotform’s services or until you specifically request removal by emailing us.
We consider JotForm to be a third party data processor.
For more information, please see https://www.jotform.com/privacy/
If you are aged 16 or under‚ please get your parent/guardian’s permission before you contact us and provide us with personal information.
How long we hold your personal information for will vary and will depend principally on:
- the purpose for which we are using your personal information – we will need to keep the information for as long as is necessary for the relevant purpose, and
- legal obligations – laws or regulation may set a minimum period for which we have to keep your personal information.
We will ensure that the personal information that we hold is subject to appropriate security measures.
A cookie is a piece of data stored on a user’s hard drive containing information about the user. The information below explains the cookies we use on our website and why we use them:
- Google Analytics cookies: we use these cookies to collect information about how visitors use our website, including details of the site where the visitor has come from and the total number of times a visitor has been to our website. We use the information to improve our website and enhance the experience of its visitors.
You can enable or disable cookies by modifying the settings in your browser. You can find out how to do this, and find more information on cookies, at: www.allaboutcookies.org.
You have a number of legal rights in relation to the personal information that we hold about you and you can exercise your rights by contacting us using the details set out below.
These rights include:
- Obtaining information regarding the processing of your personal information and access to the personal information which we hold about you. Please note that there may be circumstances in which we are entitled to refuse requests for access to copies of personal information. In particular, information that is subject to legal professional privilege will not be disclosed other than to our client and as authorised by our client.
- Requesting that we correct your personal information if it is inaccurate or incomplete.
- Requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it.
- Objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request.
- In some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit those information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us.
- Withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so.
- Lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us. We can, on request, tell you which data protection authority is relevant to the processing of your personal information.
If you would like further information on the collection, use, disclosure, transfer or processing of your personal information or the exercise of any of the rights listed above, please contact us. You can do this by writing to us at email@example.com.