About this policy
The specific legal obligations of Curwoods when collecting and handling your personal information are outlined in the Privacy Act 1988 and, in particular, in the Australian Privacy Principles found in that Act. We will update our Policy when information handling practices change. Updates will be publicised on our website.
We collect, hold, use, and disclose personal information to carry out the functions and activities associated with a law practice as defined in the relevant Legal Profession Acts of each state.
These functions and activities include:
- Considering whether to take instructions or taking instructions from our clients to act on their behalf in a wide range of legal matters, claims and cases (collectively matters), including rendering advice and representing them before courts and tribunals
- Investigating claims and disputes on behalf of our clients
- Handling enquiries arising from the above activities.
Collection of your personal information
At all times, we try to only collect the information we need for the particular function or activity we are carrying out.
The main way we collect personal information about you is when you provide it to us, or you authorise us to obtain that personal information from a third party identified by you.
Typically, we collect personal information when you contact us to:
- Ask for information about our services, but only if we need it
- Ask us to advise or represent you in matters.
Collecting sensitive information
We may need to collect sensitive information about you, for example, because it is directly relevant to a case in which you are involved. This might include information about your health, racial or ethnic origin, political opinions, memberships, religious beliefs, sexual orientation, criminal history, or genetic or biometric information.
In the course of handling matters, we may collect personal information about you, including sensitive information, indirectly from publicly available sources or from third parties such as:
- Your authorised representative, if you have one
- Our clients
- Lay witnesses and expert witnesses.
We may utilise the services of private investigators in situations where, for example, you are not our client but we represent an insurance company who may be liable to pay out insurance moneys due to a claim you have made.
We may also collect personal information from publicly available sources to enable us to contact persons relevant to our work, such as witnesses.
Where possible, we will allow you to interact with us anonymously or using a pseudonym. For example, if you contact us with a general question, we will not require you to give your name unless we need it to adequately handle your question.
For functions and activities, we will require your name and contact information, and enough information about the particular matter or issue to enable us to fairly and efficiently handle your inquiry, request or complaint.
Collecting through our website
Where our website (www.curwoods.com.au) allows you to make comments or give feedback, we will collect your email address and other contact details. We may use your email address to respond to your feedback. We store this personal information on servers located in Australia.
Analytic, session and cookie tools
The information collected by these tools may include the IP address of the device you are using and information about sites that the IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our website and to enhance your experience when using them.
In relation to Google Analytics, you can opt out of the collection of this information using the Google Analytics Opt-out Browser Add-on.
Social networking sites
We may use social networking sites, such as LinkedIn, to communicate with the public about legal or related services. If you communicate with us using these social networking sites, we may collect your personal information, but we only use it to help us communicate with you and the public. Social networking sites will handle your personal information for their own purposes and have their own privacy policies.
We collect your email and, if you provide it, other contact details when you subscribe to our email lists. We only use this information for the purpose of sending you regular updates on the services we offer and to administer the lists.
Common situations in which we may disclose personal information are detailed below:
On your instructions – you may instruct us to disclose your personal information to other persons, for example, in the course of carrying out your matter.
Where necessarily required as part of your matter – we may disclose information to another person, such as, when we act for you on a transaction where, as a necessary part of that transaction, your name, or other contact details are required, for example, on a contract of sale, a lease or mortgage. We may disclose information as a necessary incidence of conducting a legal case or matter, for example, we may provide the name and address of a witness to a commercial agent for the purpose of serving a subpoena.
Disclosure of personal information by law – we may be required to disclose personal information to a public body, a court or tribunal, for example to:
- The Australian Taxation Office pursuant to the Income Tax Assessment Act 1936 and the Taxation Administration Act 1953
- AUSTRAC under the Anti-Money Laundering and Counter-Terrorism Act 2006
- Australian Securities & Investments Commission under the Australian Securities and Investments Commission Act 2001
- Australian Financial Security Authority under the Bankruptcy Act 1966 and the Personal Property Securities Act 2009.
In such situations, we may be prevented by law from disclosing to you or anyone else that your personal information has been disclosed by us to a regulatory or other authority.
Publication of case notes and other reports
We provide reports on cases, (Curwoods Case Notes) and industry updates for the benefit of our clients and contacts. These may be based on publicly-available court judgments which may contain the names or other details of the parties or witnesses.
Disclosure to the media
We only disclose your personal information relating to a matter or prospective matter to the media if you consent to it being provided.
Disclosure to service providers
To protect the personal information we disclose to third party service providers, we:
- Enter into a contract or Memorandum of Understanding (MOU) which requires the service provider to only use or disclose the information for the purposes of the contract or MOU
- Include special privacy requirements in the contract or MOU, where necessary.
Disclosure of sensitive information
We only disclose your sensitive information for the purposes for which you gave it to us or for directly related purposes you would reasonably expect or if you agree.
Disclosure of personal information overseas
We only disclose personal information overseas so that we can properly handle a matter, for example, if:
- A third party involved in your matter is based overseas
- An Australian-based client is a related body corporate to an overseas company
- Your matter relates to transactions, events and activities that have or are occurring overseas
- We act for an insurer located overseas, and your case involved a policy issued by that insurer.
Web traffic information is disclosed to Google Analytics when you visit our website. Google stores information across multiple countries. For further information see Google Data Centers and Google Locations.
When you communicate with us through a social networking site, such as LinkedIn, this social networking site and its partners may collect and hold your personal information overseas.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date and complete we:
- Record information in a consistent format
- Where necessary, confirm the accuracy of information we collect from a third party or a public source
- Promptly add updated or new personal information to existing records.
We review the quality of personal information before we use or disclose it.
Storage and security of personal information
We take steps to protect the security of the personal information we hold from both internal and external threats by:
- Regularly assessing the risk of misuse, interference, loss and unauthorised access, modification or disclosure of that information
- Taking measures to address those risks, for example, we keep a record (audit trail) of when someone has added, changed or deleted personal information held in our electronic databases and regularly check that staff access those records only when necessary
- Conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures
- Ensuring password protection for accessing our electronic IT system, audit trails of electronic systems and physical access restrictions.
We destroy personal information in a secure manner when we no longer need it. For example, we generally destroy client files after seven years.
Accessing and correcting your personal information
Under the Privacy Act (Australian Privacy Principles 12 and 13), you have the right to request access to personal information that we hold about you and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within a reasonable time.
If requested, we must give you access to your personal information and take reasonable steps to correct it if deemed necessary, unless there is a law that prevents us from doing so. For example, this includes information which has been given to us by another person which is protected by client legal privilege.
We will require verification of your identity prior to giving you access to your personal information. If we refuse access, we must notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you may ask us to attach or link a statement stating that you believe the information is incorrect and why.
How to make a complaint
If you wish to lodge a complaint in relation to our handling of your personal information, this should be in writing, and we will determine what (if any) action should be taken to resolve the complaint.
We will assess and handle complaints using the Privacy Act 1998 and the Australian Privacy Principles and Guidelines issued by the Australian Information Commissioner.
We will acknowledge your complaint and will respond within a timely manner.
How to contact us
You can contact us by sending an email, letter or fax to our Privacy Officer.
Post: GPO Box 5406, Sydney NSW 2001
Facsimile: +61 2 9221 3720