‘Personal information’ is defined in the Privacy Act 1988 (Cth) to mean any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
The kinds of personal information we collect and hold
We collect and hold a range of personal information in carrying out our business and functions as a legal services provider. The kinds of personal information that we collect and hold about you will depend upon the nature of our relationship with you.
We typically collect and hold the following kinds of personal information about our clients:
- name, job title, and contact details;
- communications between you and us;
- financial information;
- Health & medical information pertinent to a client’s case (if a patient); and
- other personal information that you provide to us (such as when you respond to an invitation to attend a seminar or function) or that we collect in the course of our relationship with you.
To the extent that it is relevant to the work we are undertaking for a client or our general relationship with a client, we may also collect and hold personal information about clients that is sensitive information under the Privacy Act. For example, we may collect health information about an individual, membership of a professional or trade association, membership of a trade union, religious beliefs or affiliations or criminal records.
Our contractors, service providers, suppliers and job applicants
We typically collect and hold the following kinds of personal information about contractors, service providers, suppliers and job applicants:
- name and contact details;
- information contained in resumes;
- educational details, academic and other transcripts, employment history, skills and background checks;
- references from past employers and referees;
- information collected during the interview or assessment process;
- details of your performance under any contract; and
- personal information required to make payments, such as bank account details.
We may also collect sensitive information contained within the sources set out above, such as membership of a political, professional or trade association or trade union, criminal records and health information.
Website users, online contacts and attendees at seminars and other functions
The amount and type of information we collect from you when you use of our website or contact us online will depend upon your use of the facilities and services available through our website or otherwise available online. However, the only personal information which we collect about you when you use our website or contact us online is what you tell us about yourself, such as when you complete an online subscription form to our publications, alerts and newsletters, when you accept an invitation to attend a seminar or function, or complete one of our online forms, including through our marketing campaigns, or information you provide to us when you send us an email.
The kinds of personal information that we may collect through our website, online or when you register to, or attend a function include:
- your name, contact details, employer and job title; and
- your areas of legal interest or specialisation.
We may also collect and hold the following sensitive information about you:
- health information (i.e. conditions affecting dietary requirements such as diabetes or food allergies);
- information on your religious beliefs or affiliations (i.e. for the purposes of assessing dietary requirements such as Halal or Kosher); and
- membership of a political, professional or trade association or trade union.
We will also collect personal information about you if you provide us with your business card at a function or otherwise provide your personal information to us in person or contact us through social media (such as LinkedIn and Facebook).
In the course of providing our clients with the services they have requested, and carrying out their instructions, we may be required to collect personal information about other individuals including other parties to our clients’ matters, their legal representatives and other service providers or contractors retained by them. The nature of information collected will depend upon the individual circumstances of the matter, but is likely to include name, contact details, job title, and communications with these other individuals. Depending upon the circumstances of the matter, it may also include sensitive information.
If you approach us for information (such as government departments, regulatory authorities or media) we may record your name and contact details and collect additional personal information about you to verify your identity and consider whether to provide you with the information that you have requested.
How we collect personal information
In most instances we will collect personal information directly from the person to whom the information relates, or the organisation of which that personal is an employee, director or principal. However, we may also collect personal information about individuals from the following third parties:
- our clients;
- government agencies;
- law enforcement bodies;
- publicly available records;
- public registries;
- court or tribunal records;
- ratings agencies;
- search agencies;
- regulatory and licensing bodies;
- service providers;
- parties to whom you refer us, including previous employers and referees;
- recruitment agencies;
- online searches; and
- social media (such as LinkedIn and Facebook).
When we obtain personal information from third parties to whom you refer us, we will assume and you must ensure that you have made that third party aware that you have referred us to them and of the purposes involved in the collection, use and disclosure of the relevant personal information.
How we hold personal information
We hold personal information in hardcopy files and in electronic form, and take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.
We store hardcopy files in offices, cupboards and compactuses within an access controlled premises. Under our records managements system, access to files is appropriately limited. We may apply additional security measures limiting access to information about files or store files in locked cupboards or access restricted rooms as necessary or desirable based on our clients’ needs. We also store hardcopy files with an offsite storage provider whose premises is monitored by CCTV and access is strictly controlled.
We store electronic records within our own secure network and through third party data storage providers. Personal information within our network is password protected and access is appropriately limited.
Our third party data storage providers are required to protect personal information in accordance with applicable laws and take appropriate technical and organisation measures against unauthorised or unlawful use of personal information or its accidental loss, destruction or damage.
The purposes for which we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information for the purposes for which it was collected, related purposes, and other purposes including:
- providing the services that our clients have requested;
- contracting out some of our functions to external service providers and suppliers (such as barristers, title and court searches, surveyors, forensic witnesses, accountants, mediators, valuers, printers, carriers, mailing, photocopying, IT, advertising, marketing and campaign managers, market research and recruitment);
- maintaining, managing and developing our relationship with clients and potential clients;
- carrying out research, planning, service development, security and risk management;
- marketing our services, administering and operating our online subscriptions and providing you with information about legal developments and other services that you have requested or that may be of interest to you;
- the organisation of events;
- assessing and considering applications from prospective employees, contractors and service providers;
- developing and managing relationships with our employees, contractors and service providers;
- managing insurance;
- conducting further searches and enquiries regarding the information you have provided to us or more generally to collect additional personal information about you or your associates for our regulatory or prudential purposes;
- complying with our legal and regulatory obligations; and
- to otherwise carry out our functions as professional legal service providers.
If you are a client or have otherwise expressed interest and provided us with your contact details, we may send emails to you with information about medicolegal developments (such as publications, alerts and newsletters) and marketing our services (such as seminar invitations).
We may use an “email management system” to automate the management and dispatch of these emails. The system operates by inserting tracking codes in the emails that we send to you. The tracking code allows us to collect personal information about you, such as whether you received and opened an email, and whether you clicked through to any links to our website. The personal information that the email management system collects and holds about you is used by us to:
- ensure that you only receive correspondence that you have informed us that you wish to receive;
- insert your personal information into our communications with you;
- determine whether the information that we send to you is suitable for your interests, information needs and profile;
- ensure that the email address that you have provided us is still operational;
- determine whether emails that we send to you are received by you;
- update a request that you make to us to unsubscribe from a publication that we send to you;
- review the effectiveness and relevance of our emails to you by collecting other statistical information.
If you do not wish for us to send you such emails, please let us know by contacting our Privacy Officer at the details below. You can also unsubscribe from our email notifications by clicking on the ‘Unsubscribe’ button at the bottom of our email notifications and following the prompts or by emailing us by clicking the ‘Contact Us’ button.
Overseas disclosures of personal information
We may disclose personal information to external service providers located overseas (including England) so that they can provide us with services in connection with the operation of our business, such as marketing services and data storage.
If you apply to us for employment, and have lived or worked overseas, we may disclose your personal information to overseas recipients for the purposes of gathering information to assess your application. If you have previously worked for us, and provide our details to a prospective employer or recruitment agency located overseas, we may disclose your personal information to that entity to assist them to assess your application.
Access to your personal information
You have a right to request access to personal information that we hold about you and request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. You may do so by contacting our Privacy Officer at the details below. We will respond to all requests for access to or correction of personal information within a reasonable period.
In some cases, in accordance with the Privacy Act, we may charge you a fee for access to personal information we hold about you or refuse to give you access to personal information we hold about you.
If you would like to complain about a breach of the Australian Privacy Principles, you may contact our Privacy Officer at the details below.
We will respond to complaints within a reasonable period of time (usually 30 days).
If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or by emailing email@example.com.
If you would like more information about the way we manage personal information, would like to request access to or correction of personal information that we hold about you, or wish to make a complaint, please contact our Privacy Officer by either:
Email – firstname.lastname@example.org;
Post – Attention “Privacy Officer” Suite 30, Level 2 Silverton Place, 101 Wickham Tce, Spring Hill QLD 4000; or
Telephone – (07) 3831 5681 (within Australia).