- Key terms used in our privacy statement
We use a number of key terms in our privacy statement including “collect”, “consent”, “personal information” and “sensitive information”. You will find the meanings of these terms in section 14 below.
- Why do we collect your personal information?
We will only collect personal information if it is reasonably necessary to pursue at least one of our functions and activities in the course of providing legal services. In support of our provision of legal services we also carry out the following related functions and activities:
(a) marketing activities;
(b) human resource activities;
(c) corporate administration;
(d) property management; and
(e) public relations activities.
- What personal information do we collect about you?
The personal information we collect about you will depend on the way we interact with you. Some of the situations where we collect personal information include when:
(a) we take instructions to provide you with legal services or when you inquire about us providing you legal services;
(b) you provide us, or one of our staff members, with your business card;
(c) you attend an event that we organise;
(d) you subscribe to receive our publications on our website;
(e) you apply for a job with us or submit an expression of interest application to our HR team; or
(f) you supply goods or services to us.
Some examples of personal information that we collection include your contact details like your address, telephone number and email address. We may also collect details such as your date of birth, your title and employer or organisation.
From time to time, we may also be required to collect sensitive information about you in order to provide our services, for example information about your health or your ethnicity. We will only collect sensitive information if you consent to its collection and if the sensitive information is reasonably necessary for us to carry out at least one of our functions or activities, or if the APPs otherwise permit such collection.
- How do we collect information about you?
If we do collect personal information about you we will take reasonable steps to let you know that we have collected your personal information.
Directly from you: We usually collect your personal information from you directly when we speak to you on the telephone, when we correspond with you over email, when we meet with you in person, if you provide us with documents that contain your personal information or you provide information to us through our website. When we collect personal information from you we will do it in a lawful, fair and non-intrusive way.
From third parties: Sometimes we will collect your personal information from a third party. We will only do this if it is unreasonable or impracticable to collect the information from you directly or if we are required or authorised by an Australian law or court/tribunal order to do so.
Information you give us about someone else: If you supply us with the personal information of a third party, such as a spouse, colleague or friend, we accept that information on the condition that you have all the rights required from that third party to provide that personal information to us to use for our functions and activities.
Cookies: Our website uses ‘cookies’ (a Google Analytics service) which are small text files placed on your computer to help our website analyse how it is used. The information generated by the cookie about your use of our website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google uses this information to evaluate website use, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.
Dealing with us anonymously: You can choose to deal with us without giving us any of your personal information, but if you do so we might not be able to provide you with the assistance that you need.
- How do we store and protect your personal information?
We take reasonable steps to protect your personal information from misuse, interference, loss, unlawful access, modification and disclosure.
We store hardcopy documents containing your personal information in secure facilities.
Electronic documents are stored with security measures implemented to ensure the security and confidentiality of the documents and the personal information contained in them.
- What do we do with your personal information?
Generally, we will only use or disclose your personal information for the purpose that we collected it for.
However, we may use or disclose your personal information for secondary purposes that relate to our functions and activities if we have your consent do so or without your consent if the APPs permit us to do so, for example if you would reasonably expect us to use your information for the secondary purpose.
We will only use your personal information for a secondary purpose if it is related to the reason why we collected your personal information.
We will only use your sensitive information you for a secondary purpose if it is directly related to the reason why we collected the sensitive information about you.
In some circumstances we are permitted or authorised by or under an Australian law or a court/tribunal order to use or disclose your personal and sensitive information. For example, if our disclosure of your information will reduce or prevent a serious threat to life, health or safety or our disclosure is in response to any unlawful activity.
- Direct marketing
We may, from time to time, use or disclose your personal information (other than sensitive information) for the purpose of direct marketing if:
(a) we collected the information from you; and
(b) you have consented to us using or disclosing your personal information for direct marketing, or you would reasonably expect us to use or disclose the your personal information for direct marketing purposes.
If we do use or disclose your personal information for direct marketing we will provide you with a simple way to unsubscribe from receiving our direct marketing communications. If you follow our process for unsubscribing, we will no longer send you these communications.
We will not use or disclose sensitive information about you for direct marketing purposes unless we have your consent to do so.
We will also act in accordance with the Do Not Call Register Act 2006 and the Spam Act 2003.
- Receipt of unsolicited personal information
If we receive personal information that we did not take any active steps to collect, we will determine whether we would have been permitted to collect that information as part of pursuing our functions and activities.
We will destroy or de-identify unsolicited personal information that we would not collect as part of our functions and activities if it is lawful to do so and in accordance with our document destruction policy. If the information is of the type that we would collect to pursue our functions and activities it will be protected by our privacy policies and procedures.
- Quality of personal information
We will endeavour to take reasonable steps to ensure that the personal information that we collect is accurate, up-to-date and complete by, for example conducting annual audits of the personal information that we hold.
If you think that the personal information we hold about you might be out of date and needs to be corrected please contact us.
- Disclosure to overseas recipients
We store the personal information that we collect in Western Australia. However, from time to time our IT suppliers and service providers may be required to access our server and the personal information that we hold on our server for assisting with resolving issues and maintenance. Our IT suppliers and service providers are located in Australia.
Our arrangements with our IT suppliers and service providers:
(a) ensure that at all time we maintain control of the information stored on our server; and
(b) prohibit our IT suppliers and service providers from using or disclosing personal information for purposes other than providing services to us.
- Access to personal information
If you would like to access the personal information that we hold about you, please write to our Practice Manager at our contact details set out below.
We will respond to your request within a reasonable time. There are some situations set out in the APPs where we will not be able to give you access to personal information. For example if giving you access would breach someone else’s privacy rights.
Generally, we will not charge fees for giving access to personal information. However, we reserve the right to charge reasonable fees where requests for personal information contain complications or are resource intensive.
- Correction of personal information
If you would like to correct personal information that we hold about you, you can write to our Practice Manager at our contact details listed below.
If you believe that we have failed to meet our privacy obligations or breached your privacy rights, you may make a written complaint to our Practice Manager. Our contact details are set out below.
The Practice Manager will review your complaint, consider our conduct in relation to the complaint and the requirements of the APPs, and will consider appropriate action. The Practice Manager will inform you of their decision within 30 days of receiving the complaint.
If you are unhappy following the determination of the Practice Manager, you may appeal the determination of the Practice Manager to our Managing Partner. If you are unhappy with the outcome of an appeal to our Managing Partner, you may make to the Office of the Australian Information Commissioner.
- Our contact details
You can contact our Practice Manager by email at firstname.lastname@example.org or by post at Borrello Graham, P O Box 7990, Cloisters Square, Perth WA 6850.
If you would like to speak to our Practice Manager please call us on +61 8 9404 9100 and ask to speak to the Practice Manager.
- Definitions of key terms
Personal information, including sensitive information, will be ‘collected’ if it is included in a record or a generally available publication.
You can give consent either:
(a) expressly – express consent is given explicitly either in writing or orally; or
(b) impliedly – your consent will be implied where your consent can be inferred from your conduct and our conduct.
Personal information is defined in the Privacy Act. In summary, personal information is information or an opinion about an identifiable person, or a reasonably identifiable person no matter whether:
(c) the information or opinion is true or false; and
(d) the information or opinion recorded in a material form or not.
Some examples of personal information include a person’s name, address and date of birth.
Certain types of personal information are listed in the Privacy Act as being ‘sensitive information’.
Some examples of sensitive information are information or an opinion about a person’s racial or ethnic origin or membership of a trade union, and information or opinions about a person’s health or health services provided to that person.