This is Swaab’s policy about the management of personal information for the purpose of the Privacy Act 1988 (Cth). In this policy “personal information” has the meaning in the Privacy Act. “We”, “our” and “us” refer to Swaab, and “you” and “your” refer to the individual that the personal information is about. This policy applies only to our personal information management practices to the extent they are regulated by the Privacy Act and is a statement of our policy only. We may have contracts (such as client engagement terms) and professional standards obligations that also affect our personal information management practices – this policy does not state legally binding obligations and is subject to such other obligations.
The policy covers:
- The kinds of personal information that we collect and hold
- How we collect and hold personal information
- The purposes for which we collect, hold, use and disclose personal information
- Whether we are likely to disclose personal information to overseas recipients and, if so, the countries involved (where practicable)
- How you may access personal information about you that we hold and seek the correction of such information
- How you may complain about a breach of the Australian Privacy Principles and how we will deal with a complaint
- Changes to this policy
The kinds of personal information that we collect and hold
Legal services: In relation to our legal services, the kind of personal information we collect and hold in any given circumstance is determined by the legal services we are providing. It will generally include your name, addresses and telephone numbers (if you are our client, our client’s nominated contact person or another party in a matter involving our client) and billing and payment information and drivers licence number if you are our client. It may also extend to your date of birth, sex, marital status, passport details (and therefore nationality), Medicare number, birth certificate details, marriage certificate details, previous name and other information which is collected in the course of providing our legal services (particularly to comply with the law for conveyancing matters). Depending on the matter, we may also collect and hold personal information that is referred to in the Privacy Act as ‘sensitive information’, such as information about an individual’s ethnic origin and health.
Marketing our legal services: In relation to marketing our legal services, the kind of personal information we collect and hold is the name, address, email address, telephone number, marketing preferences, marketing events previously attended, employer name, position title and Swaab contacts of an individual and other information which is appropriate for client-relationship management.
You have the option of not identifying yourself, or of using a pseudonym, when dealing with Swaab in relation to a particular matter but not if you become a client or it would be impractical or unlawful for us to permit you to do so.
- Job applicants: We will collect and hold personal information in relation to job applications. Such information includes name, address, telephone numbers and any CVs submitted by job applicants;
- Employee information: We will collect and hold personal information of the type described as an ‘employee record’ within the meaning of the Privacy Act 1988. Such information includes but is not limited to, health information about the employee and information which includes their contact details, employment contract, employment record including any disciplinary proceedings, taxation, banking and superannuation affairs.
How we collect and hold personal information
Legal services: In relation to our legal services, how we collect personal information in any given circumstance is determined by the legal services we are providing. This may be directly from you (if you are our client) or from another person who has an interest in providing us with the information for their matter (for example, from our client if you are party to a matter involving our client), from public agencies, referrers and experts involved in a matter or (for matters such as conveyancing) from you via our authorised identity agents.
Marketing our legal services: For marketing our legal services, we collect personal information from you directly or from those we consider have a legitimate interest in providing your personal information to us (for example, the information may be provided to us by a client company of which you are a nominated contact).
- Job applicants: For those persons who apply for positions at Swaab, we collect personal information from you directly. We also may collect personal information from your referees. Personal information from unsuccessful job applicants may be destroyed or returned to you after consideration of the application. If it is proposed to be kept on file we will advise you accordingly and will keep it on file unless you require its return or destruction.
- Employee information: In conducting the Firm’s operations we may collect and hold personal information of the type described as an ‘employee record’ within the meaning of the Privacy Act 1988. Such information will be used by us for purposes associated with employee matters.
We hold personal information in our physical and electronic files at our principal place of business and offsite storage facilities. Personal information may be held in these ways directly by us or by third party contractors on our behalf. In either case, it is our policy to take such steps as are reasonable in the circumstances to protect the information from misuse, interference and loss and from unauthorised access, modification or disclosure.
The purposes for which we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information in connection with providing our legal services. We also collect, hold, use and disclose personal information other than sensitive information in connection with responding to enquiries (such as those via our website) and marketing our legal services and those of our affiliates (such as our affiliates in the Meritas Global Alliance).
These activities are subject to any legal obligations by which we are bound — for example, confidentiality, contractual and legal professional obligations. There may also be circumstances where we are required by law to collect, hold, use and disclose personal information — for example, to comply with legally enforceable information disclosure requirements of a court or regulator or to comply with legal obligations to identify our clients.
Whether we are likely to disclose personal information to overseas recipients and, if so, the countries involved (where practicable)
We may allow your personal information to be shared with those who are in countries other than Australia. We do this:
- where we have made a business decision to store our data with a trusted service provider who is in the business of providing data storage and processing services – for example, a service provider who stores and processes our email and mobile application data. These services commonly involve diverse geographic locations which change from time to time for reasons which include data protection and processing efficiency. Where these services are used by us, it is not practical for us to notify you of which country your personal information may be located in;
- when you are in a different country location than us;
- when our legal services necessarily involve overseas disclosures
It is our policy only to allow personal information to be shared overseas in a way which requires observance of strict privacy and security standards, both during transit and at the overseas destination.
How you may access personal information about you that we hold and seek the correction of such information
You may access the personal information we hold about you and ask to correct it by contacting our Privacy Compliance Officer (see below). We may first need to verify your identity so that we do not provide your personal information to anyone who is not entitled to it. Your rights to access and correct your personal information are subject to any legal obligations which bind us — for example, confidentiality, contractual and legal professional obligations.
How you may complain about a breach of the Australian Privacy Principles and how we will deal with a complaint
We have a fair and responsible system for responding to queries concerning the collection, accuracy or disclosure of personal information. You may complain about any breach of the Australian Privacy Principles by contacting our Privacy Compliance Officer (see below). If you are not happy with the way your privacy complaint is being handled, you may also ask the Privacy Compliance Officer to escalate the matter to our Managing Partner.
Our Privacy Compliance Officer’s contact details are:
Attention: Privacy Compliance Officer
Privacy Compliance Officer
Level 4, 20 Hunter Street
Sydney NSW 2001
+61 2 9233 5544
If you believe that we have not adequately handled your complaint, or for further information about privacy generally, you may contact the Office of the Australian Information Commissioner:
GPO Box 5218
Sydney NSW 2001
1300 363 992
Changes to this policy
We may modify this policy from time to time. We will give 2 weeks’ notice of the change via swaab.com.au (unless the law requires the change to be made sooner).
When you visit our website, a record is made of your visit. We log the following information for the purpose of analysing and evaluating the performance and operation of our website: your IP address, the date and time of your visit to the site, the pages you accessed and documents downloaded, any previous site which referred you to our site, and the type of browser you are using.
“Cookies” are small text files which are placed on your computer by a webpage server. The purpose of a cookie is to help analyse web traffic and to let the website know when you visit a particular page. Cookies allow a web application to respond to you as an individual. They can record information about your visit to the site, allowing it to remember you next time you visit and provide any relevant information to you. Cookies are also used to enhance the secure use of websites.
Cookies can be stored in your hard drive (persistent cookies) or in memory (session cookies). A persistent cookie is a cookie which will enable a continuing record to be kept of your visits to the website. A session cookie is a cookie which is a transient cookie and tracks your visits for a website session only.
Swaab uses session cookies to identify which pages of our website are being used for a website session only. Upon closing your browser, the session cookie set by our website is destroyed and no personal information is retained. Swaab does not make any attempt to identify users or their general browsing activities.
Links to third party websites
For your convenience, our website may contain links to other third party websites. If you do choose to use or follow a link to a third party website, please be aware that those websites have their own privacy policies and we cannot accept any responsibility for their use of any information you may provide to them.
Credit reporting policy
Our credit reporting policy (CRP) has been developed in accordance with the Privacy Act 1988 (Privacy Act) and the Credit Reporting Code (CRC). The CRP details how we generally manage your credit-related information.
Collection, use and disclosure of your credit-related information
Types of credit-related information
We collect and hold various types of credit-related information, including:
- your current and prior names and addresses, age, occupation and your driver’s licence number;
- your repayment history;
- payments owed to us in connection with credit provided to you or in relation to which you are a guarantor, overdue for more than 60 days (and, if you subsequently repay any such overdue payment, the fact of that repayment);
- whether you have entered into arrangements with us or other credit providers in connection with credit provided to you;
- court proceedings information, personal insolvency information and credit-related publicly available information;
- certain administrative information relating to credit, such as account and customer numbers.
Collection of credit information
Credit information may be collected by us in a number of ways including:
- provided by you directly to us or by persons acting on your behalf (such as on applications or other forms);
- in the public domain;
- information derived by us from your usage and (where applicable) repayment of any account held with us.
Holding credit information
We may hold your credit information in physical form or in electronic form on our systems.
Our procedures are designed to prevent your credit information being accessed by unauthorised personnel, lost or misused. If you reasonably believe that there has been unauthorised use or disclosure of your credit information please contact our Privacy Officer (details above).
Purposes of collection, use and disclosure of credit information
We will only collect personal information, to use and/or disclose your credit information as reasonably necessary for our business purposes and as permitted by law.
These purposes may include:
- to form decisions as to whether to provide you, or an entity associated with you, with credit or to accept you as a guarantor;
- to assist you to avoid defaulting on your credit-related obligations;
- to undertake debt recovery and enforcement activities, including in relation to guarantors, and to deal with serious credit infringements;
- to deal with complaints and meet legal and regulatory requirements.
(Some credit information may only be used or disclosed under the Privacy Act for some of these purposes or in some circumstances).
Disclosure of credit information to Credit Reporting Bureaus
We may disclose your credit information to credit reporting bureaus (CRB) for purposes such as those described above where the Privacy Act permits us to do so.
We will give you at least 14 days written notice of our intention to disclose your information to a CRB.
We commit to advising our CRB of payment information within a reasonable timeframe once the amount reported has been paid.
Disclosures of credit information to third parties
We may (if permitted by law) disclose your credit information with third parties. In some circumstances we may require your consent before being able to make such disclosures.
We will not disclose your credit information to overseas entities unless you expressly advise us to, apart from where it is contained in emails which are filtered by our email filtering host in the United Kingdom.
Correcting your credit information
If you believe that any credit information held by us about you is incorrect you have the right under the Privacy Act to request that we correct that information. If you would like to do so please contact our Privacy Officer (details above).
We will attempt to resolve your correction requests in a timely manner. If we need more time to resolve your request we will notify you in writing as to the delay and seek your agreement to a longer period.
If we do not agree with a request to correct credit information we hold about you we will give you notice in writing as to our reasons and the mechanisms available to you to complain about our decision.
There is no cost involved for you to make a correction request or for the correction of your information.