What is personal information?
We are required to comply with the Australian Privacy Principles (APPs) in the Privacy Act. The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal. We are also required to comply with more specific privacy legislation in some circumstances, such as:
- applicable State and Territory health privacy legislation (including the Victorian Health Records Act) when we collect and handle health information in the relevant jurisdiction; and the Spam Act and the Do Not Call Register Act.
- the Spam Act and the Do Not Call Register Act.
What we collect
The type of personal information that we collect about you depends on the type of dealings you have with us. For example, if you:
- are a client of the firm, we will collect your name, job title, address, contact details, information about our dealings with you, the legal areas that are of interest to you and information about any events or seminars which we host that you have attended;
- are involved in a matter that we are working on, we may collect your name, contact details and information about the relevant matter;
- ask to be placed on one of our mailing lists, we will collect your name, address and contact details;
- supply goods or services to us, we will collect your name, address, contact details and financial details for payment purposes;
- send us an enquiry or provide us with feedback, we will collect your name, contact details and details of your enquiry or feedback;
- apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports;
- are involved in a dispute with our client, we will collect your name, address, contact details and relevant file numbers held by our client.
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. It includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record and some types of biometric information.
We only collect sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented; or
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
For example, we may collect health information or other sensitive information in the course of providing our services (for example, when advising on injury or discrimination claims) and we may collect information about your professional memberships for client relationship purposes.
Collection of information other than personal information
When you visit our website, or contact us in person, by phone or by email, some of the information that is collected about your contact with us is not personal information, as it does not reveal your identity.
Site visit information
For example, we may record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used.
We may use analytics software and disclose this information in anonymous, aggregated form only for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users, although they do identify the user’s internet browser.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.
What if you don’t provide us with your personal information?
How we collect personal information
Methods of collection
In the course of providing legal services, we collect personal information in a number of ways, including:
- in person (for example, at a meeting or function);
- through one of our websites;
- over the telephone (including through voice mail messages left on our telephone system);
- through written correspondence (such as emails, letters and faxes);
- on hard copy forms (for example, event feedback forms);
- through surveillance cameras; from third parties, including: credit reporting bodies and credit providers;
- regulatory authorities; and/or
- from public registers (for example, by conducting searches of the ASIC database or from other publicly available sources).
Why we collect personal information
- provide our clients with legal services;
- assess credit-worthiness;
- send you information if you are on one of our mailing lists;
- obtain goods and services;
- perform research and statistical analysis, including for customer satisfaction and service improvement purposes;
- protect the security of our offices, staff, clients and the property held on our premises;
- answer queries and resolve complaints; and
- recruit staff and contractors.
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are:
- required or authorised by or under law (including, without limitation, privacy legislation); or
- for which you have provided your consent.
We may use your personal information to send you information about our products and services, including legal updates and invitations to seminars and functions and relevant products and services of third parties either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS, telephone or social media campaigns.
Where you have consented to receiving these communications from us, that consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
- contacting our office; or
- using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMS) to opt out of receiving those messages.
Who we may share your personal information with
We may share your personal information with third parties where appropriate for the purposes set out under heading 4, including:
- financial institutions for payment processing;
- barristers, experts or other relevant third parties in relation to your matter;
- overseas law firms where required to seek advice on foreign laws;
- external lawyers who we contract to assist us in providing legal services to you;
- our related bodies corporate;
- credit reporting bodies and credit providers;
- government regulators (for example to update ASIC records or where required under anti-money laundering and counter-terrorism laws);
- referees whose details are provided to us by job applicants;
- our contracted service providers, including: business and litigation support service providers; information and communication technology providers;
- data storage and archive service providers;
- printers and mail houses;
- function and event organisers;
- marketing and communications agencies;
- research and statistical analysis providers;
- delivery and shipping providers; and/or
- business advisers (such as recruitment advisors, accountants, auditors and lawyers).
In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
Cross border disclosure of personal information
We may disclose personal information to third parties located overseas in the following situations:
- to third party providers of business support services (including litigation support), which are based in countries including India and New Zealand; and
- where we engage an overseas law firm to provide advice on foreign laws or where we are required or authorised to disclose personal information to a third party located overseas in the context of a particular matter (in which case the country will depend on the particular matter).
In each case, we will comply with the requirements of the Privacy Act that apply to cross border disclosures of personal information.
Data quality and security
We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.
You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number.
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security, staff training and workplace policies.
Online credit card payment security
We process payments using EFTPOS and online technologies. We may also use third parties to facilitate and process payments on our behalf. All transactions processed by us meet industry security standards to ensure payment details are protected.
While we strive to protect the personal information and privacy of users of our websites, we cannot guarantee the security of any information that you disclose online and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post.
Third party websites
Access and Correction
Timeframe for access and correction requests
If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (details below), who will endeavor in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.
If your complaint can’t be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which asks you to explain the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved.
We will endeavor to acknowledge receipt of the Privacy Complaint Form within 5 business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.
In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner or the Australian Communications and Media Authority.
Our contact details
If you have any queries about the personal information that we hold about you or the way we handle that personal information, please contact our Privacy Officer.
Mail: Cruz Legal Privacy Officer, Level 11, 456 Lonsdale Street, Melbourne VIC 3000
Telephone: 03 9070 9817.
Further general information about privacy is available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au or by calling the OAIC’s enquiry line at 1300 363 992.
Changes to this Policy
Version dated 1 January 2021.