Privacy
Matters.

Privacy Policy

1. Definitions

  • APPs means the Australian Privacy Principles in the Privacy Act;
  • personal information has the meaning given in the Privacy Act;
  • Policy means this Privacy Policy, as updated from time to time;
  • Privacy Act means the Privacy Act 1988 (Cth);
  • Privacy Officer means Vanessa Smith or Edward Eyers whose contact details are available on our website at www.lawyerbank.com.au; and
  • sensitive information has the meaning given in the Privacy Act.

2. Introduction

  • lawyerbank is a law firm that specialises in providing experienced lawyers as secondees to government.
  • We take the privacy of our clients, employees and contractors seriously and ensure that we collect and hold information in accordance with the Privacy Act and other state and territory legislative requirements.
  • This Policy describes how we collect, manage, use, disclose and protect personal information. This includes handling personal information consistently with the Australian Privacy Principles (APPs) and the rules relating to tax file numbers (Privacy (Tax File Number) Rule 2015).
  • We may update this Policy from time to time. The latest Policy will always be available on our website (www.lawyerbank.com.au) or you can contact us if you would like a printed copy.

3. Understanding the scope of personal information and sensitive information

3.1 Personal information

In general terms, if information can identify you or you are reasonably identifiable from it, the information will be considered personal information. Primary examples include your name, date of birth, and contact details. It can also include information or an opinion about you, whether true or not and whether recorded in a material form or not, so long as you are reasonably identifiable from that material.

3.2 Sensitive information

Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. It may include, but is not limited to, information about a person’s: 

  • racial or ethnic origin; 
  • membership of a professional or political association;
  • health (including information about medical history, disability or injury);
  • criminal history; or 
  • biometrics (including photographs and voice or video recordings). 

4. Personal information that we collect and hold

4.1 Overview 

  • Generally, we seek to minimise the extent and types of personal information that we collect and hold. 
  • The categories of personal and other sensitive information that we may be required to collect and hold will vary depending on the nature of the relationship and what information we need to perform our services and responsibilities. These are summarised below. 

4.2 Client

If you are a client, or engage with us on a client’s behalf (e.g. instructing officer, client employee), we may collect the following kinds of personal information for the purposes of providing legal and related services (e.g. submitting proposals, invoices and reports and various client relationship management activities): 

  • name and contact details (e.g. job title, work address, phone numbers and email address);
  • details of the services you have sought or enquired about, together with any additional information necessary to deliver those services or respond to your enquiries; or 
  • personal information provided by you in professional communications between us (e.g. written instructions, emails, phone calls, video conferences, in-person meetings). 

4.3 Employees and subcontractors 

  • As our acts and practices are treated as those of an organisation for the purposes of the Privacy Act, we are exempt from the Privacy Act in relation to our employee records. However, this exemption does not extend to personal information about unsuccessful prospective employees or matters outside the employment relationship. Therefore, as a matter of practice we handle all such information consistently with the APPs. 
  • We collect personal information about our employees and subcontractors, and prospective employees and subcontractors, for the purposes of: 

    • recruitment;
    • performance management;
    • professional, business and personal development;
    • marketing of our services; and
    • general staff administrative functions such as payroll operations and organising corporate functions (e.g. professional development retreats and networking events). 
  • This personal information may include an individual’s name and contact details (e.g. address, phone numbers and email address), date of birth, gender, qualifications (e.g. law degree, practising certificate currency and conditions, etc), employment history, conduct, terms and conditions of engagement, superannuation and banking details, references and character checks, Australian Government Security Vetting Agency clearances, dietary
    photographs (e.g. professional headshots and images taken at corporate functions) and other information provided in resumes. 
  • Where relevant, we collect and hold some types of sensitive information relating to our employees and subcontractors. This may include personal information about an individual's membership of a professional association, criminal record (e.g. police checks) and tax file number. 

4.4 Other contractors and suppliers 

  • If you are a third party contractor or supplier of goods and services engaged by us, we may collect information about you and your employees, officers and representatives to enable us to assess value for money as part of our procurement processes and manage that engagement. 
  • This personal information may include name, address, contact details, employer, previous projects undertaken, financial background, references, contract details, payment details, security checks and performance assessments. 

5. How we collect personal information

5.1 Overview 

In accordance with the APPs, we only collect personal information (including sensitive information) that is reasonably necessary for our functions and activities, including the provision of legal services, legal advice, recruitment of staff and other related business activities (e.g. invoicing, reporting, tendering, marketing etc). 

5.2 Personal information

  • Wherever possible, we will collect personal information directly from you, although we may collect personal information from third parties in the following circumstances: 

    • with your consent, or 
    • where it is unreasonable or impractical to collect the information from you. 
  • For example:

    • if you are a prospective employee, we may need to collect information about you from your past employers and referees, security agencies, and publicly available records (e.g. professional registration boards);
    • if you are an employee or associate of a client, we may need to obtain information about you from the client’s instructing officer for the particular legal matter; or
    • if you are an individual associated with a particular legal matter, we may need to obtain employment or other details to provide professional legal advice. 
  • Depending on the circumstances, we will take reasonable steps to ensure that the individual concerned is, or has been, made aware of the matters required under APP 5. 

  • When collecting personal information directly from you, we may collect in a variety of ways including:

    • during conversations (in-person, or via video conference or phone) or correspondence (e.g. email, mail) between you and our representatives when you engage us or enquire about our services; 
    • through your attendance at a lawyerbank event or exhibition stand;
    • when you use our website; when you apply for or accept employment with us;
    • when you apply for or accept employment with us; or
    • or when you provide or offer services to us. 

5.3 Sensitive information 

  • We will only collect sensitive information where reasonably necessary for one or more of our functions or activities and we will usually collect such information with your consent. 

  • However, in limited circumstances authorised under APP 3, we may collect sensitive information without your consent. For example, where: 

    • collection is required or authorised by, or under, law or court/tribunal order;
    • it is unreasonable or impracticable to obtain your consent and the collection is necessary to lessen or prevent a serious threat to the life, health or safety of an individual or to public health or safety;
    • it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim;
    • it is reasonably necessary for the purposes of a confidential alternative dispute resolution process; or
    • we have reason to suspect that unlawful activity, or misconduct of a serious nature, which relates to our functions or activities has been engaged in and we reasonably believe it is necessary for us to take appropriate action. 
  • If you choose not to provide us with the personal information that we request, it could mean that we are unable, in the case of an employee or subcontractor, to employ or engage you or, in the case of clients, contractors and suppliers, to provide you with our services to the same standard or at all. 

6. Purposes for collecting personal information

  • We collect personal information so that we can perform our business activities and functions. 

  • This includes the following purposes, as applicable: 

    • provision of legal and other services to our clients; 
    • answering enquiries and providing information or advice about our services; 
    • recruitment of staff and subcontractors; 
    • human resources and finance management.
    • to procure goods and services of suppliers and manage those engagements; 
    • for our administrative functions, planning, service development, quality control, and marketing; and 
    • to comply with all applicable laws. 

7. Using and disclosing personal information

7.1 Primary purpose 

  • We will ordinarily use and / or disclose the personal information we collect for the purposes set out under section 6 above (i.e. the primary purpose for collection). 

  • For example, we may disclose your personal information to:

    • our employees and subcontracted lawyers who assist us in providing legal services; 
    • courts, tribunals and regulatory authorities;
    • law enforcement agencies, where appropriate;
    • contractors or agents who provide services to us, for example, function and event organisers, marketing and communications agencies, delivery and shipping providers, travel service providers, accommodation providers, etc. 
    • our accountants and financial institutions for payment processing; and 
    • to comply with all applicable laws. 

7.2 Related secondary purpose 

  • In some cases we may use and / or disclose personal information for a related secondary purpose or, in the case of sensitive information, a directly related secondary purpose. 

  • Such use or disclosure will only occur where you consent or a permitted exception under the Privacy Act applies, including:

    • where you would reasonably expect us to use or disclose your personal information for the secondary purpose, and that purpose is related (or, in the case of sensitive information, directly related) to the primary purpose of collection;
    • the secondary use or disclosure is required or authorised by or under law or under a court /tribunal order; 
    • it is unreasonable or impracticable to obtain your consent and the secondary use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of an individual or to public health or safety; 
    • the secondary use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; 
    • the secondary use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process; 
    • we have reason to suspect that unlawful activity, or misconduct of a serious nature, which relates to our functions or activities has been engaged in, and we reasonably believe that the secondary use or disclosure is necessary for us to take appropriate action; or 
    • we reasonably believe that the secondary use or disclosure is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body. 

8. Disclosure outside of Australia

We do not disclose personal information to overseas recipients and do not store any personal information overseas. Rather, we have set up our information technology arrangements so that our data stays onshore and is subject to the protection of Australian privacy law. 

9. Direct marketing

  • We may send you information about our services and events that we consider may be of interest to you. These communications may be sent in various forms, including mail and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth).
  • If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. 
  • At any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list. 
  • We do not disclose your personal information to other entities for the purposes of direct marketing. 

10. Securing personal information

  • At lawyerbank we take the security of our systems and data seriously. 
  • We ensure that personal information is protected from misuse and loss and from unauthorised access, modification or disclosure in accordance with the Privacy Act. 
  • We do this by: 

    • ensuring that personal information is only accessible to our employees or service providers whose duties require access;
    • maximising the physical security of our premises where any hard copy records are kept; 
    • implementing multiple levels of security for our IT systems and devices, for all electronic records; and 
    • regularly training our personnel on data management, confidentiality, privacy and security (including cyber security). 
  • We retain personal information in accordance with our legislative record keeping obligations. Personal information is destroyed or de-identified when it is no longer needed by us or required to be retained by law. 

11. Dealing with us under a pseudonym or anonymousl

  • The nature of the provision of our services does not easily accommodate individuals engaging with us anonymously or under a pseudonym. However, whenever we are providing general assistance (e.g. responding to a request for basic information or on issues such as the range of services we offer) anonymity or pseudonymity may be used. 
  • We will inform you if you are not able to remain anonymous or use a pseudonym when dealing with us. For example, if you are an employee, or other contractor engaged by us, it is unlikely for us to deal with you anonymously or under a pseudonym. 

12. Accessing and correcting your personal information

  • You may request access to any personal information we hold about you at any time. To make a request please contact our Privacy Officer using the contact information on our website, provide proof of your identity, and specify the information sought. 
  • While we endeavour to ensure that personal information sought and held by us is accurate, up-to-date, complete, relevant and not misleading, if you believe that personal information we hold about you does not meet these criteria, then you may request us to amend it. We will consider if the information requires amendment. 
  • There may be instances where we cannot correct or grant you access to the personal information we hold. For example, we may need to refuse your request if we disagree with your grounds for amendment or if granting access would interfere with the privacy of others. If that happens, we will give you written reasons for any refusal. We will also add a note to the personal information stating that you disagree with it. 
  • Any request for the correction of or access to personal information should be addressed to our Privacy Officer using the contact information on our website. 

13. Making a complaint

  • If you believe that your privacy has been breached, please contact our Privacy Officer using the contact information on our website and provide details of the incident so that we can investigate it. We request that complaints or concerns about breaches of privacy be made in writing, so we can be sure about the details of the incident. 
  • On receiving a formal complaint, the Privacy Officer will contact you to discuss the incident. We will attempt to confirm as appropriate and necessary with you the precise nature of your complaint. We will aim to ensure that your complaint is resolved in a timely and appropriate manner. 
  • After we have completed our enquiries we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you we will assess it and advise if we have changed our view. 
  • If you are unsatisfied with the outcome of our investigation, you may take your complaint to the Office of the Australian Information Commissioner (OAIC). Further information about the OAIC can be found on their website: www.oaic.gov.au

14. Contacting us

  • If you have any questions about this Policy, any concerns regarding the treatment of your personal, or other sensitive information or a possible breach of your privacy, please contact our Privacy Officer using the contact details on our website. 
  • We will treat your requests or concerns confidentially. Our representative will contact you within a reasonable time after receipt of your concern to discuss the matter and outline options regarding how it may be resolved 

15. Review

This Policy will be reviewed every three years, or earlier as required.

Take a moment,
get in touch.

We’d love to hear from you.
Need a lawyer you can bank on?
Want to join our team?
We’d love to hear from you.
Contact us