1. Purpose and Objective
Slater and Gordon Limited and its controlled entities (collectively “Slater and Gordon”, “the Company”, “we”, “us”) is committed to protecting the privacy of personal information obtained in fulfilling its duties to the court, its clients and shareholders and through the achievement of its strategy and objectives. As a trusted legal advisor, employer and incorporated legal practice we take privacy and security of your personal information very seriously.
This Policy covers the following areas:
- Collection of personal information (including sensitive information)
- Use of personal information
- Security of personal information
- Storage of personal Information outside of Australia
- Disclosure of personal information
- Web site, Marketing and Applications Privacy
- Access to personal Information
- Data Subject Rights (European Economic Area only)
- Our Privacy team contacts
- Effect of Policy
This Policy applies to all of the directors, officers and employees of Slater and Gordon. All such personnel are required to comply with this Policy and associated Company policies when dealing with personal information and must also complete data privacy training as per the Company’s requirements from time to time.
Please read this policy carefully and contact us if you have any questions. Our contact details are included below.
2. Personal Information
Slater and Gordon collects and holds personal information from various sources in the ordinary course of fulfilling our duties to the court, our clients and shareholders and through the achievement of its strategy and objectives. This includes collecting and holding personal information pertaining to:
- Clients and potential clients who contact us
- suppliers and consultants
- applicants for employment
“Personal Information” is defined in the Privacy Act 1988 (Cth) as information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
The main types of personal information we collect may include:
- Names and contact details including phone numbers, postal and/or residential addresses and email addresses;
- Information that can identify you, including date of birth or residence status; drivers licence number, passport details, marital status and photographs;
- any facts or opinions that are connected to an enquiry that we are conducting on behalf of a client or potential client to effectively provide legal services; and
- any other personal information that is provided through a website belonging to Slater and Gordon or as otherwise requested by us or provided by you.
In some cases, you might need to give us personal information about other people – such as when you have an authorised representative. In those situations, we’re relying on you to tell those people that you’re giving us their details, and to let them know about this Policy. In addition, if you provide us with third party personal information then you warrant to us that you have the third party’s consent to do this.
With your permission, sometimes we may also need to collect sensitive information. Sensitive information is a subset of personal information that is given a higher level of protection under the Australian Privacy Principles. Sensitive information includes personal information about an individual's:
- health (including predictive genetic information)
- racial or ethnic origin
- political opinions
- membership of a political association, professional or trade association or trade union
- religious beliefs or affiliations
- philosophical beliefs
- sexual orientation or practices
- criminal record
- biometric information that is to be used for certain purposes
- biometric templates.
The personal information (including sensitive information) collected or held by Slater and Gordon will be referred to in this policy as “personal information”.
3. Method of collection of Personal Information
In most circumstances, we will collect personal information through completed questionnaires and forms that have been provided to us, interviews and telephone conversations.
You may also be asked to voluntarily respond to questionnaires, surveys or market research in order to seek your opinion and feedback.
Where you are a client of Slater and Gordon receiving legal services from us, we often collect your personal information from external professional sources (i.e. health professionals, financial advisors, accountants, other legal parties and their legal advisors). With the exception of personal information obtained from opposing legal parties, this personal information will, in the usual course, be obtained under your express authority or within the scope of the instruction you have provided us and will be securely stored on your file.
Slater and Gordon may also collect personal information about you from other people or organisations, such as referral sources, service providers, agents, advisors, current or former employers or your family members.
We might also collect personal information when you visit our website or use our apps, including things like your location, IP address and your activity on our sites. You can find out more about the kind of personal information we store under the Website, Marketing and Applications Privacy section below.
Sometimes we collect personal information about you that’s publicly available – for example, from social media or public registers e.g. Australian Securities and Investments Commission (ASIC), Australian Business Register (ABR).
If we receive personal information from third parties, we will protect it as set out in this policy.
4. Use of Personal Information
Slater and Gordon will only use your personal information for the purpose for which you have provided it, or otherwise consistently with the APP and Privacy Act. We will not disclose your personal information to third parties, unless you consent or in other circumstances where such disclosure is required or permitted by law.
We collect, hold and use personal information that is reasonably necessary for the purposes of or related to:
- contacting and communicating with you;
- assessing whether we are able to act for an individual or group of individuals (We will not consider acting for any individual who does not properly identify themselves as this could lead to a conflict of interest developing between our clients in the future);
- providing legal services and advice (In some instances, we may also need to collect Information at the initial stage of an enquiry if it is directly relevant to the advice being sought);
- assisting you to apply to a disbursement funder and/or litigation funder for a loan to cover the payment of disbursements incidental to the conduct of your matter;
- conducting the effective management of our business, such as invoicing and account management (including collections), internal record keeping, financial modelling and analysis;
- seeking consent in relation to publications of reviews and testimonials;
- for market research, surveys, business development and marketing, including direct marketing;
- running competitions and offering additional benefits to you;
- sending promotional information about third parties that we think may be of interest to you;
- recruitment and on-boarding;
- the employment of our personnel and providing internal services to our employees;
- compliance with our legal obligations and for establishing, exercising or defending legal proceedings; and
- other purposes related to our business.
If you do not provide us with the personal information we request, we may not be able to fulfil the applicable purpose of collection, such as to supply products or services to you.
If we collect, hold or use personal information in ways other than as stated in this policy, we will ensure we do so pursuant to the requirements of the Privacy Act.
The handling of employee records by a private sector employer is not generally subject to the Privacy Act and, therefore, this Policy does not apply to the handling of information pertaining to employees of Slater and Gordon.
Slater and Gordon retains and safely stores personal information that is provided to us, including such information obtained at a pre-client stage, as this enables us to respond more efficiently and to inform such persons of our other legal services or developments that may be of interest to them at a later stage.
Personal information is stored on our computer systems and within paper based files as appropriate.
Slater and Gordon retains personal information for as long as it is necessary to fulfil the purposes outlined above and as otherwise specified in applicable record retention policies and procedures. At the conclusion of legal matters, we are required to keep legal files for a minimum period of 7 years from the closure of a legal file unless we are instructed to the contrary. In some cases, we may be required to retain documents for a longer period of time (e.g. documents that inform the making of a Will). We will also retain personal information for the purposes of ongoing legal and regulatory compliance as well as for establishing, exercising or defending legal proceedings.
We strive to provide the highest standard of service and keep our stakeholders informed. In addition, we hope to have an on-going professional relationship with our pre-client and existing client base. As a result, we may from time to time send out marketing, promotional and other information related to our business using your personal information, including after the conclusion of your matter. We do, however, respect the wishes of individuals who do not want to receive such material from us in the future and have implemented simple ‘opt-out’ procedures that can be activated within the promotional e-mails and other commercial electronic messages that we may send you from time to time.
5. Security of Personal Information
We endeavour to keep all personal information safe by taking all reasonable precautions to protect personal information from misuse, loss, unauthorised access, modification or disclosure.
It is essential that all personal information is kept confidential. We will not disclose personal information to third parties, other than as set out in this Policy or without your consent, unless it becomes necessary to lessen or prevent a serious and imminent threat to life, health or safety or unless we are otherwise compelled by law.
6. Storage of Personal Information Outside of Australia
We do not generally transfer personal information to overseas parties unless required by law or enforcement activity or unless working with international service providers. There may be times when we store personal information with vendors who have been contracted to provide customer relationship systems and technological solutions. For example, we utilise international cloud computing services for e-mail storage and to store personal information that we collect. Countries in which such data may be stored may include (but are not limited to) the United Kingdom, Japan, Netherlands and the United States. Because the security of personal information about our clients and pre-clients (i.e. individuals who have made an enquiry but did not instruct us to act on their behalf) is of a paramount concern to us, we seek confirmation that such service providers comply with the Australian Privacy Principles or are subject to a binding law or scheme that offers substantially similar protection. Although information is encrypted where possible and efforts are made to protect your personal information, when you agree to this Policy you acknowledge that we will not be responsible for the overseas third party.
Any such disclosure or transfer of information does not change any of our commitments to safeguard your privacy and the information remains subject to existing confidentiality obligations
7. Disclosure of Personal Information
We may disclose personal information:
- for the purpose of providing information, products, services or marketing to you;
- to suppliers and service providers to enable such parties to perform functions on our behalf and under our instructions in order to carry out the purposes identified above;
- for the purpose of assisting you to obtain products or services from third parties in connection with the conduct of your matter, including disbursement funders and litigation funders;
- to financial institutions in connection with receipts, invoicing and payments;
- to collections agencies, credit reporting agencies and courts, tribunals and regulatory authorities where you fail to pay for goods or services provided by us to you; and
- to third parties, including agents, suppliers or sub-contractors, who assist us in conducting market research, including surveys, or in providing information, products, services, or direct mail or digital marketing to you. This may include parties located, or that store data, outside of Australia
We may also be compelled to disclose personal information by law, for example, under court orders or statutory notices to produce documents under laws relating to social security, taxation, bankruptcy, anti-money laundering, counterterrorism and the management of incorporated entities. Where we disclose your personal information to third parties for these purposes, we will request that the third party follow this Policy in relation to their handling of your personal information.
If there is a change of control of our business, transition of service to another provider or a sale, transfer or securitisation of any of our business assets, we reserve the right to transfer or disclose (as the case requires and to the extent permissible by law) any relevant user databases together with all applicable personal information. This information may be disclosed to a potential purchaser, lender or alternative service provider during the due diligence investigations and on a confidential basis. We would only seek to disclose information in good faith.
8. Access to Personal Information
Information may be accessed by personnel within Slater and Gordon. All personnel within Slater and Gordon are bound by confidentiality laws and standards that govern the legal profession within Australia and to comply with the Australian Privacy Principles.
In the course of providing legal services and conducting the effective management of our business, disclosure to third party professionals and service providers may occur (e.g. barristers, document reproduction service providers, disbursement funders and debt recovery agents). Third party service providers may also come into contact with personal information when we outsource certain functions, such as: bulk mailing, direct mail or digital marketing, client experience research, company audits and information technology support. We have contractual arrangements in place with all of our third party professionals and service providers to protect personal information from unauthorised use or disclosure.
If you wish to access your personal information, you should make a request in writing to the Privacy Officer.
9. Website, Marketing and Applications Privacy
This Policy also applies to any personal information we collect via our website, including www.slaterandgordon.com.au and applications including mobile applications, in addition to personal information you provide directly – such as where you make a request or enter information into a registration form.
We may also use web beacons on Slater and Gordon’s websites from time to time. Web beacons or clear .gifs are small pieces of code placed on a web page to monitor the visitors’ behaviour and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page.
We do not use this technology to access your personal information.
If you have registered an account with us, you will be identified by a user name and password when you log into our website or applications. The information we collect about registered users’ use of our websites may be used for measuring use and performance and in assisting to resolve any technical difficulties.
Because we want your user experience to be as informative and helpful as possible, websites belonging to Slater and Gordon may contain links to other websites of interest. We do not have any control over those third party websites. We are not responsible for or liable for the protection and privacy of any information which you provide whilst visiting such third party websites, and such third party websites are not governed by this policy.
10. Correction to Personal Information
From time to time, we may take steps to verify information by collecting information from publicly available resources, for example, telephone directories or electoral rolls to improve the integrity of the information that we hold.
We provide a transparent system of allowing individuals to access their information and seek corrections to any inaccuracies. Requests for access and correction to information for pre-clients should be made by contacting our Privacy Officer using the contact details at the end of this policy.
In certain circumstances, we are permitted to deny the request for access, or limit the access that we provide.
If you believe that information we hold about you is incorrect or out of date, or if you have concerns about how we are handling your personal information, please contact us and we will try to resolve those concerns.
If you wish to have your personal information deleted, please let us know and we will take reasonable steps to delete it (unless we need to keep it for legal or internal risk management reasons, or compliance with our professional obligations).
If we become aware of any concerns or problems concerning our privacy practices, we will take these issues seriously and work to address any concerns. If you have any further queries relating to this policy, or you have a problem or complaint, please contact our Privacy Officer.
Slater and Gordon operates a transparent Privacy Complaints Handling Policy that sets out our approach to resolving any privacy complaints in a fair and expeditious manner.
If you are not satisfied with our handling of your problem or complaint you may make a complaint to the Australian Information Commissioner.
11. Data Subject Rights (European Economic Area only)
If you are in the European Economic Area (EEA) you have the following rights in relation to your personal data (as that term is defined in the General Data Protection Regulation):
- Access. Subject to certain exceptions, you have the right to request a copy of the personal data we are processing about you, which we will provide to you in electronic form. At our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal data, we may charge a reasonable administration fee.
- Rectification. You have the right to require that any incomplete or inaccurate personal data that we process about you is amended.
- Deletion. You have the right to request that we delete personal data that we process about you, unless we are required to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to request that we restrict our processing of your personal data where:
- you believe such data to be inaccurate;
- our processing is unlawful; or
- we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.
- Portability. You have the right to request that we transmit the personal data we hold in respect of you to another data controller, where this is:
- personal information which you have provided to us; and
- we are processing that data on the basis of your consent or in order to perform our obligations under contract to you (such as to provide legal services).
- Objection. Where the legal justification for our processing of your personal data is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us.
If you are in the EEA, you also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws.
This Policy may be amended, including with changes, additions and deletions, from time to time in our sole discretion and any such amendments will be notified to you by posting an updated version of the Policy on our website. If at any point we decide to use personal information in a manner materially different from that stated at the time it was collected we will notify relevant persons by email or via a prominent notice on our website, and where necessary, we will seek the prior consent of the relevant persons.
13. Our Privacy Team Contacts
For privacy related matters please contact our Privacy Officer by email at firstname.lastname@example.org or by telephone on +61 3 9602 6918 between 8:30am and 5:30pm AEST Monday to Friday.
14. Adoption of Policy and future updates
This policy was last updated on 30 October 2019 (Revision 3.0).
The date of approval of any subsequent versions is to be recorded in the following table:
Chief Executive Officer
16 November 2018
Chief Executive Officer
24 April 2019
Chief Executive Officer
30 October 2019