1. Purpose of policy
Burke and Associates Lawyers collects personal information from you in a number of different ways. We may collect personal information directly from you or in the course of our dealings with you, for example when you:
- provide personal information to us;
- apply for a position of employment with us;
- use our website or services (including via cookies); and
- contact and correspond with us, for example to ask for information.
We may also, if you consent, collect personal information about you from another Burke and Associates Lawyers group entity, from publicly available sources of information, or in some cases, from third parties including recruitment agencies, previous employers, government departments (e.g. Department of Immigration and Border Protection) and third party service providers which provide criminal, bankruptcy and other checks.
The personal information we collect about you may include (but may not be limited to) your name, date and place of birth, contact details, Internet Protocol (IP) address, occupation and education/work history, employer, legal and industry areas of interest, passport details and information relating to your dealings with Burke and Associates Lawyers and our clients.
We may also collect sensitive information about you, including health information and criminal background checks.
The purposes for which we collect your information may include:
- verifying your identity;
- contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner);
- providing you with legal services or legal information;
- undertaking conflict searches for our own purposes and the purpose of determining if we can represent a client or potential client;
- acting for a client when it acquires a business with employees;
- acting for a client in litigation against an individual;
- acting for a client in a matter against an individual (eg an employment matter); and
- developing and improving our services and obtaining feedback.
If we are not able to collect personal information about you we may not be able to provide you with products, services and assistance to the extent that they require us to collect, use or disclose personal information.
3. Processing information we collect about you
We may use and process personal information provided by you. We may use this information in the following ways:
- Providing legal advice or other services or things you may have requested, including on-line or legal technology services or solutions as instructed or requested by you or your organisation;
- Managing and administering your or your organisation's business relationship with Burke & Associates Lawyers, including processing payments, accounting, auditing, billing and collection, support services;
- Compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations (e.g. under antitrust laws, export laws, trade sanction and embargo laws, for anti-money laundering, financial and credit check and fraud and crime prevention and detection purposes), which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes;
- To analyse and improve our services and communications to you;
- Protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- For insurance purposes;
- For monitoring and assessing compliance with our policies and standards;
- To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- To comply with court orders and exercises and/or defend our legal rights; and
- For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
- Communicating with you through the channels you have approved to keep you up to date on the latest legal developments, announcements, and other information about Burke & Associates Lawyers services, products and technologies (including client briefings, newsletters and other information) as well as Burke & Associates events and projects;
- Customer surveys, marketing campaigns, market analysis, sweepstakes, contests or other promotional activities or events; or
With regard to marketing-related communication, we will - where legally required - provide you the opportunity to opt out anytime if you do not want to receive further marketing-related communication from us. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
Depending on for which of the above Permitted Purposes we use your personal data, we may process your personal data on one or more of the following legal grounds:
- Because processing is necessary for the performance of a client instruction or other contract with you or your organisation;
- To comply with our legal obligations (e.g. to keep pension records or records for tax purposes); or
- Because processing is necessary for purposes of our legitimate interest or those of any third-party recipients that receive your personal data, provided that such interests are not overridden by your interests or fundamental rights and freedoms.
In addition, the processing may be based on your consent where you have expressly given that to us.
4. Use and disclosure
Burke and Associates Lawyers may use or disclose your personal information for the purpose for which it was collected. We will also use and disclose your personal information for a secondary purpose that is related to a purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that secondary purpose. If we need to process your information for a reason other than that for which you provided it, we will notify you beforehand.
Other instances when we may use and disclose your personal information include:
- where you have expressly or impliedly consented to the use or disclosure;
- in confidence, to our advisers and insurers;
- in confidence, to third parties to improve our services and obtain feedback; and
- where the use or disclosure is authorised or required by or under an Australian law or court/tribunal order.
We may also disclose your personal information to third parties, including:
- share your personal information amongst other Burke and Associates Lawyers group entities, which comprise Burke and Associates Lawyers’ directors and shareholders from time to time;
- share your personal information with our advisors and consultants; and
- with third party service providers we use in conducting our business, subject to confidentiality provisions as we deem appropriate (including, without limitation, insurance brokers, banks, external photocopying providers, document production, legal outsourcing providers, litigation support providers, billing or data storage services, email filtering, virus scanning and other technology services providers, and archival services providers).
Some of the third parties to whom we disclose your personal information may be located outside Australia.
For example, we may disclose your personal information to external national or overseas facilities in the course of conducting information and data processing, back up and scanning or for the purposes of obtaining other services from third parties.
The countries in which these third parties are located will depend on the circumstances. Some or all of the countries we share information with may not be on the European Commission’s list of adequate data protection. In the course of our ordinary business operations we commonly disclose personal information to third parties located in the following countries:
- the United States of America; and
5. Information about events, the Website and our services
We may contact you via email, SMS or other means in order to provide you with updated information about the Website, in relation to events or to provide you with other information about our services. If you do not wish to receive any such information, please contact us as set out below.
6.The information we keep about you
You have a right to request access to or correction of your personal information held by us. If you wish to access, correct or update any personal information we may hold about you, please contact us as set out below.
7. Notifiable Data Breaches Scheme
In the event of any loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, Burke and Associates Lawyers will investigate and notify you and the Australian Information Commissioner as soon as practicable, in accordance with the Privacy Act 1988.
8. Your rights
Your rights as a data subject are:
- The right of access: you have the right to access your personal data that we hold. This is called a “subject access” request. We must respond to your request within one month, To request access to your data, please contact the Privacy Officer listed below.
- The right to rectification: If you think the data we hold about you is incorrect, contact us using the details below so we can correct it.
- The right to erasure: You have the right to ask us to delete your data. We will do so unless there is a compelling reason for us to keep it. To request that your data be deleted, please contact us using the details below.
- The right to restrict processing: You can change your communication processes and restrict how we communicate with you. To change your communication preferences contact the Privacy Officer using the details below.
- The right to data portability: You can obtain and reuse your personal data for your own purposes. To request your personal data, contact the Privacy Officer.
- The right to object to marketing: You can opt out of receiving marketing communications from us by choosing the ‘unsubscribe’ option at the bottom of the communication or by contacting the Privacy Officer.
- Rights in relation to automated decision making and profiling: Burke & Associates Lawyers do not currently use any automated systems. If this changes, this policy will be updated accordingly.
9. Complaints process
We will take any privacy complaint seriously. We will aim to resolve any such complaint in a timely and efficient manner, and our target response time is 30 days. We request that you cooperate with us during this process and provide us with relevant information we may require.
We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Office of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia):
Office of the Australian Information Commissioner (OAIC)
Complaints must be made in writing
1300 363 992
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
10. Storage and security of your personal information
Burke and Associates Lawyers will take reasonable steps to keep any personal information we hold about you secure. However, except to the extent liability cannot be excluded due to the operation of statute, Burke and Associates Lawyers excludes all liability (including in negligence) for the consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.
We may store your files in hard copy or electronically in our ordinary IT systems. These may include Australian-based cloud servers or the servers of third parties within Australia.
We implement a range of physical and electronic security measures to protect the personal information that we hold, including:
- key card-restricted access to all offices;
- mandatory password protection on all computers (users are required to change their passwords at regular intervals);
- hardware encryption on desktops, laptops and portable storage devices;
- secure hard copy document, electronic storage media and hardware disposal procedures;
- firewall and antivirus/malware software; and
systems and application access controls implemented to restrict access to information (on a need to know basis).
Staff receive bulletins and training on security issues, to foster a security aware culture. We also have a regular review program to test the security measures in place and identify where changes may be necessary or desirable.
The length of time we retain your information will depend on any legal obligation we have, the nature of the documents, any contracts we have in place with you, the existence of your consent or our legitimate interests as a business.
12. Contact us
The Burke & Associates Lawyers’ Privacy Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws.
Please direct any privacy issues or queries to the Privacy Officer’ on +61 3 9822 8588 or at firstname.lastname@example.org
Unless notified otherwise, the Privacy Officer is the General Manager of Burke and Associates Lawyers. Date of last review: 23 October 2019