Collection, use and disclosure, data quality and security
marshalls+dent+wilmoth respects your privacy and is committed to complying with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth). The purpose of this document is to set out the firm’s policies in relation to the collection, holding, use and disclosure by marshalls+dent+wilmoth of personal information relating to an individual.
Personal information
Personal information is information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.
The types of personal information that marshalls+dent+wilmoth collects includes personal information regarding our clients and their customers, suppliers, consultants, personnel and other persons with whom they have, or propose to have, or may have had dealings, as well as personal information regarding our employees and applicants for employment.
Where the circumstances require, marshalls+dent+wilmoth may also need to collect sensitive information.
Sensitive information
Sensitive information is information or an opinion about an individual’s racial or ethnic origin, genetic information that is not otherwise health information, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record that is also personal information.
The sensitive information marshalls+dent+wilmoth may collect may include health information about an individual.
Health information
Health information is personal information that comprises information or an opinion about: the health or a disability (at any time) of an individual; or an individual’s expressed wishes about the future provision of health services to him or her; or a health service provided or to be provided to an individual. Health information also includes information regarding organ donation or an intended organ donation.
Policy
Whenever an individual provides personal, health and/or sensitive information to us, marshalls+dent+wilmoth will treat that information in accordance with this policy.
1 Openness and transparency
1.1 marshalls+dent+wilmoth has set out in this document our policies on the management of personal information. marshalls+dent+wilmoth will make this document available on our website and to anyone who asks for it free of charge.
1.2 On request by a person for access to, or for correction of, personal information, marshalls+dent+wilmoth will respond to the request within a reasonable period of time.
1.3 marshalls+dent+wilmoth reserves the right to modify this policy in whole or in part from time to time without notice. Amendments will be effective immediately upon posting of the amended policy on our website.
2 Collection
2.1 marshalls+dent+wilmoth will not collect personal information unless the information is necessary for one or more of the primary purposes of:
(a) providing professional services and advice to our clients;
(b) our internal management needs;
(c) and our marketing activities.
2.2 marshalls+dent+wilmoth will collect personal information only by lawful and fair means, and not in an unreasonably intrusive way.
2.3 marshalls+dent+wilmoth may collect personal information about an individual when the individual uses our website, attends our offices, engages our services or provides instructions to us, communicates with us, makes enquiries of us, performs work at our direction, applies for employment with us or otherwise deals with us.
2.4 At or before the time marshalls+dent+wilmoth collects personal information about an individual from the individual (or if that is not practicable, as soon as practicable after collection of the personal information) the firm will take such steps as are reasonably practicable in the circumstances to ensure that the individual is aware of:
(a) the identity of marshalls+dent+wilmoth and how to contact the firm;
(b) the fact that he or she is able to gain access to the information, how to access personal information and seek correction;
(c) the purposes for which the information is collected; (d) organisations (or the types of organisations) to which
(d) marshalls+dent+wilmoth usually discloses information of that kind;
(e) any law or a court or tribunal order that requires the particular information to be collected;
(f) the main consequences (if any) for the individual if all or part of the information is not provided or collected;
(g) how to make a complaint about marshalls+dent+wilmoth’s handling of the individuals personal information and how the firm will deal with the complaint; and
(h) whether marshalls+dent+wilmoth is likely to disclose personal information about the individual to overseas recipients and, if it is practicable, the country such recipients are likely to be located.
2.5 If it is reasonable and practicable to do so, marshalls+dent+wilmoth will collect personal information about an individual only from that individual. The firm may also need to acquire information about an individual from other sources, such as the financier, accountant or other advisers of that individual, from other parties to a matter (or their advisers) or from publicly available records, including social media.
If marshalls+dent+wilmoth collects personal information about an individual from someone else, it will take such steps that are reasonably practicable in the circumstances to ensure that the individual is or has been made aware of the matters listed in sub-clause 2.4, except where a lawful exception applies. marshalls+dent+wilmoth asks that clients obtain the consent of an individual or otherwise comply with any relevant privacy legislation before providing the firm with any personal information about any other individual.
3 Use and disclosure
marshalls+dent+wilmoth may use and disclose the personal information it collects for the primary purpose for which it was collected as set out in clause 2.1 of this policy.
3.1 marshalls+dent+wilmoth will not use or disclose personal information about an individual for a purpose (the secondary purpose) other than the primary purpose of collection unless:
(a) both of the following apply:
(i) the secondary purpose is related to the primary purpose of collection and, if the personal information is sensitive information, directly related to the primary purpose of collection; and
(ii) the individual would reasonably expect marshalls+dent+wilmoth to use or disclose the information for the secondary purpose;
(b) the individual has consented to the use or disclosure;
(c) it is unreasonable or impracticable for marshalls+dent+wilmoth to obtain the individuals consent and the firm reasonably believes that the use or disclosure is necessary to lessen or prevent:
(i) a serious threat to an individual’s life, health or safety; or
(ii) a serious threat to public health or public safety;
(d) marshalls+dent+wilmoth has reason to suspect that unlawful activity or misconduct of a serious nature that relates to the firm’s activities or functions has been, is being or may be engaged in, and marshalls+dent+wilmoth uses or discloses the personal information as a necessary part of our investigation of the matter or in reporting our concerns to relevant persons or authorities;
(e) the use or disclosure is required or authorised by or under law or a court or tribunal order;
(f) marshalls+dent+wilmoth reasonably believes that the use or disclosure is reasonably necessary for one or more enforcement activities conducted by, or on behalf of, an enforcement body.
Note 1: If marshalls+dent+wilmoth uses or discloses personal information under this clause 3.1(f), the firm will make a written note of the use or disclosure.
Note 2: With respect to a disclosure made pursuant to this clause 3.1(f), marshalls+dent+wilmoth would ordinarily give prior notice to the individual before making such disclosure, except where the firm is required or compelled by law not to do so.
(g) marshalls+dent+wilmoth reasonably believes that the use or disclosure is reasonably necessary:
(i) to assist an APP entity, body or person to locate a person who has been reported missing;
(ii) for the establishment, exercise of defence of a legal or equitable claim;
(iii) or for the purposes of confidential alternative dispute resolution process;
(h) if the information has been collected from the individual is not sensitive information and the use of the information is for the secondary purpose of direct marketing:
(i) in each direct marketing communication with the individual, marshalls+dent+wilmoth draws to the individual’s attention, or prominently displays a notice, as to how the individual may make a request to not receive any further direct marketing communications;
(ii) each written direct marketing communication by marshalls+dent+wilmoth with the individual (up to and including the communication that involves the use) sets out the firm’s business address and telephone number and, if the communication with the individual is made by fax or other electronic means, a number or address at which the firm can be directly contacted electronically; and
(iii) the individual has not made a request of marshalls+dent+wilmoth to not receive direct marketing communications from the firm;
(i) if the information is health information and the use or disclosure is necessary for research, or the compilation or analysis of statistics, relevant to public health or public safety:
(i) it is impracticable for marshalls+dent+wilmoth to seek the individual’s consent before the use or disclosure;
(ii) the use or disclosure is conducted in accordance with guidelines approved by the Commissioner under section 95A of the Privacy Act for the purposes of this subparagraph; and
(iii) in the case of disclosure, marshalls+dent+wilmoth reasonably believes that the recipient of the health information will not disclose the health information, or personal information derived from the health information.
3.2 By engaging us, our clients consent to the disclosure by us of personal information where this is required in the course of representing them. For example, marshalls+dent+wilmoth may need to disclose information to barristers, courts, tribunals, mediators, governmental agencies, and other relevant persons, including persons with whom our clients have, or are proposing to have, dealings or to the legal or other representatives or financiers of those persons, whether located in Australia or overseas. marshalls+dent+wilmoth may also be required to disclose personal information to our auditors. The firm may also share personal information with other service providers, including those providing archival, administrative, delivery, technology and security services to us.
4 Data quality
4.1 marshalls+dent+wilmoth will take such steps as are reasonable in the circumstances to make sure that the personal information it collects is accurate, complete and up-to-date.
4.2 marshalls+dent+wilmoth will take such steps as are reasonable in the circumstances to make sure that the personal information it uses or discloses is accurate, complete, up-to-date and relevant.
5 Data security
5.1 marshalls+dent+wilmoth will take such steps as are reasonable in the circumstances to protect the personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.
5.2 Subject to any legal requirements on marshalls+dent+wilmoth from time-to-time, including record keeping, or a court or tribunal order, the firm will take such steps as are reasonable in the circumstances to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed under Section 3 above.
6 Access and correction
6.1 If marshalls+dent+wilmoth holds personal information about an individual, it will provide the individual with access to the information on request by the individual, except to the extent that:
(a) marshalls+dent+wilmoth reasonably believes that providing access would pose a serious threat to the life, health or safety of any individual or to public health or safety;
(b) providing access would have an unreasonable impact upon the privacy of other individuals;
(c) the request for access is frivolous or vexatious;
(d) the information relates to existing or anticipated legal proceedings between marshalls+dent+wilmoth or one of its clients and the individual, and the information would not be accessible by the process of discovery in those proceedings or is otherwise protected by legal professional privilege or the duty of confidence owed by the firm to each of its clients;
(e) providing access would reveal the intentions of marshalls+dent+wilmoth in relation to negotiations with the individual (whether such negotiations are conducted by the firm on its own behalf or on behalf of a client) in such a way as to prejudice those negotiations;
(f) providing access would be unlawful;
(g) denying access is required or authorised by or under law or a court or tribunal order. (It should be noted that as marshalls+dent+wilmoth is a law firm, it owes a duty of confidentiality to its clients. The information that the firm holds may also be protected by legal professional privilege. This exception would also apply in circumstances where marshalls+dent+wilmoth’s retainer is terminated by a client and the firm exercises a lien over all documents and securities held on behalf of that client, until all money due for accounts rendered to that client and for any other purpose, have been paid.);
(h) providing access would be likely to prejudice an investigation of possible unlawful activity, or misconduct of a serious nature that relates to the activities or functions of marshalls+dent+wilmoth has been, is being or may be engaged in, and giving access to the personal information would be likely to prejudice our investigation of the matter or in reporting our concerns to relevant persons or authorities; or
(i) providing access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, a law enforcement body.
6.2 However, where providing access would reveal evaluative information generated within marshalls+dent+wilmoth in connection with a commercially sensitive decision-making process, the firm may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.
6.3 If marshalls+dent+wilmoth is not required to provide the individual with access to the information because of one or more of paragraphs 6.1(a) to 6.1(i) (inclusive), the firm will take such steps (if any) as are reasonable in the circumstances to give access in a way that meets the needs of the entity and the individual, and may consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
6.4 marshalls+dent+wilmoth intends to charge for providing access to personal information. These charges will be fixed by reference to:
(a) the hourly charge-out rates at which marshalls+dent+wilmoth normally charge out the relevant personnel who are required to identify the personal information sought and to prepare that information for access; and
(b) the costs that marshalls+dent+wilmoth incurs in preparing that information for access. (For example, marshalls+dent+wilmoth charges for providing photocopies at a rate of $0.30 per page).
marshalls+dent+wilmoth consider that these charges are not excessive. No charges will apply to the lodgement with us of a request for access to personal information.
6.5 If marshalls+dent+wilmoth holds personal information about an individual and:
(a) an individual requests the firm to correct the information; or
(b) the firm is satisfied that, having regard to the purpose for which the information is held, the information is not accurate, incomplete, not up-to-date, irrelevant or misleading;
marshalls+dent+wilmoth will take such steps as are reasonably practicable in the circumstances to correct the information so that it is accurate, complete, up-to-date, relevant and not misleading.
6.6 If marshalls+dent+wilmoth disagrees with an individual about whether any personal information that the firm holds is accurate, complete, up-to-date, relevant and not misleading, and the individual asks us to associate with the information a statement claiming that the information is not accurate, incomplete, not up-to-date, irrelevant or misleading, marshalls+dent+wilmoth will take such steps as are reasonably practicable in the circumstances to do so.
6.7 marshalls+dent+wilmoth will provide reasons for denial of access or a refusal to correct personal information, including contact details of the Australian Privacy Commissioner, who will receive and deal with complaints.
7 Identifiers
7.1 marshalls+dent+wilmoth will not adopt as its own identifier of an individual, an identifier of the individual that has been assigned by:
(a) an agency;
(b) an agent of an agency acting in its capacity as agent;
(c) or a contracted service provider for a Commonwealth contract acting in its capacity as contracted service provider for that contract.
7.2 marshalls+dent+wilmoth will not use or disclose an identifier assigned to an individual by an agency, or by an agent or contracted service provider mentioned in sub-clause 7.1, unless:
(a) the use or disclosure is necessary for marshalls+dent+wilmoth to verify the identity of the individual for the purposes of the firm’s activities or functions;
(b) the use or disclosure is necessary for marshalls+dent+wilmoth to fulfil its obligations to the agency or a state or territory authority;
(c) one or more of paragraphs 3.1(c) to 3.1(g) (inclusive) and 3.1(i)(i) apply to the use or disclosure; or
(d) the use or disclosure is by a prescribed organisation of a prescribed identifier in prescribed circumstances.
7.3 In this clause: identifier includes a number assigned by marshalls+dent+wilmoth to an individual to identify uniquely the individual for the purposes of the firm’s operations. However, an individual’s name or ABN (as defined in the A New Tax System (Australian Business Number) Act 1999) is not an identifier.
8 Anonymity and pseudonymity
Wherever it is lawful and practicable, individuals will have the option of not identifying themselves, or to use a pseudonym, when making contact with marshalls+dent+wilmoth. However, marshalls+dent+wilmoth will not act for an individual, nor deal with an individual in the course of acting for a client, unless the individual concerned has been identified to the firm’s reasonable satisfaction.
9 Cross-border data flows
9.1 marshalls+dent+wilmoth may transfer personal information about an individual to someone (other than the firm or the individual) who is in a foreign country. marshalls+dent+wilmoth will only do so if:
(a) the firm reasonably believes that the recipient of the information is subject to a law, or binding scheme, which effectively overall upholds principles for protection of the information that are substantially similar to the Australian Privacy Principles, and there are mechanisms that an individual can access to take action to enforce that law or binding scheme;
(b) the firm has taken such steps as are reasonable in the circumstances to ensure that the information which it has transferred will not be held, used or disclosed by the recipient of the information inconsistently with the Australian Privacy Principles; or
(c) the individual has been expressly informed that if they consent to the transfer, paragraph 9.1(a) will not apply, and the individual consents to the transfer.
Note 1: By engaging us, our clients consent to the transfer of information to someone who is in a foreign country, even if paragraph 9.1(a) does not apply, in circumstances where:
(i) we consider that it is necessary for us to do so in order to properly represent that client;
(ii) the transfer is necessary for the performance of a contract between the individual and marshalls+dent+wilmoth, or for the implementation of pre- contractual measures taken in response to the individual’s request;
(iii) the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the individual between marshalls+dent+wilmoth and a third party;
(iv) all of the following apply:
• the transfer is for the benefit of the individual;
• it is impracticable to obtain the consent of the individual to that transfer; and
• if it were practicable to obtain such consent, the individual would be likely to give it.
10 Sensitive information
10.1 marshalls+dent+wilmoth will not collect sensitive information about an individual unless:
(a) the individual has consented and the information is reasonably necessary for one or more of the firm’s activities or functions. (By engaging us, our clients consent to the collection by us of sensitive information concerning their matter.);
(b) the collection is required by law, or a court or tribunal order;
(c) the collection is necessary to prevent or lessen a serious and imminent threat to the life, health or safety of any individual, or public health or safety, where the individual whom the information concerns:
(i) is physically or legally incapable of giving consent to the collection; or
(ii) physically cannot communicate consent to the collection;
(d) the firm has reason to suspect that unlawful activity or misconduct of a serious nature that relates to the firm’s activities or functions has been, is being or may be engaged in, and marshalls+dent+wilmoth uses or discloses the personal information as a necessary part of its investigation of the matter or in reporting its concerns to relevant persons or authorities; or
(e) the firm reasonably believes that the use or disclosure is reasonably necessary:
(i) to assist an APP entity, body or person to locate a person who has been reported missing;
(ii) for the establishment, exercise or defence of a legal or equitable claim; or
(iii) for the purposes of confidential alternative dispute resolution process.
10.2 Despite sub-clause 10.1, marshalls+dent+wilmoth may collect health information about an individual if:
(a) the collection is necessary for any of the following purposes:
(i) research relevant to public health or public safety;
(ii) the compilation or analysis of statistics relevant to public health or public safety; or
(iii) the management, funding or monitoring of a health service; and
(b) that purpose cannot be served by the collection of information that does not identify the individual that is de-identified information;
(c) it is impracticable for marshalls+dent+wilmoth to seek the individual’s consent to the collection; and
(d) the information is collected:
(i) as required by law (other than this Act);
(ii) in accordance with rules established by competent health or medical bodies that deal with obligations of professional confidentiality which bind marshalls+dent+wilmoth; and
(iii) in accordance with guidelines approved by the Commissioner under section 95A of the Privacy Act for the purposes of this subparagraph.
10.3 If marshalls+dent+wilmoth collects health information about an individual in accordance with sub-clause 10.2, the firm will take reasonable steps to permanently de-identify the information before the firm discloses.
11 marshalls+dent+wilmoth’s website
11.1 marshalls+dent+wilmoth’s website may record information collected if an individual visits the site. The information recorded may include the date and time of the individual’s visit to the site, the pages accessed, any information downloaded, and any information and details entered by the individual for the purpose of contacting us for any reason, including to apply for employment with us. marshalls+dent+wilmoth may use information collected via its website for statistical, reporting and website administration and maintenance purposes.
11.2 marshalls+dent+wilmoth’s website may use ‘cookies’ to help personalise an individual’s online experience. The individual has the ability to accept or decline cookies. If the individual chooses to decline cookies, they may not be able to fully experience the features of our website.
11.3 When transmitting personal information from a computer to marshalls+dent+wilmoth’s website, an individual must keep in mind that the transmission of information over the Internet is not completely secure or error-free. In particular, e-mails sent to or from the site may not be secure, and an individual should take special care in deciding what information to send to marshalls+dent+wilmoth via e-mail. Other than liability that cannot lawfully be excluded, marshalls+dent+wilmoth will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.
11.4 marshalls+dent+wilmoth’s website may provide links to other websites directly or indirectly to users of the website. Linked sites are not under marshalls+dent+wilmoth’s control and the firm does not accept any responsibility or liability that may stem from any linked website.
Further information
If you require further information regarding this policy, please contact us as follows:
Privacy Officer
marshalls+dent+wilmoth
Level 21 570 Bourke Street
Melbourne VIC 3000
Telephone
61 3 9670 5000
E-mail:
office@mdlaw.com.au