Home » Privacy Policy
Privacy Policy
Introduction
1. Piper Alderman (referred to as “we”, “our” or “us”) has a commitment to privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act). We are bound by the Privacy Act and the Australian Privacy Principles contained in the Privacy Act. We only collect personal information as required or authorised by law and where reasonably necessary for our functions and activities.
This Privacy Policy is provided to make you aware of how we collect, use, hold and manage personal information and how you can access and seek correction of your personal information.
Where you (or your organisation) has engaged us to provide legal services to you, you should read this policy in conjunction with our terms and conditions of engagement and our credit reporting policy.
2. We view the privacy of personal information as an important issue.
What is personal information? What personal information do we collect and hold?
3. For the purposes of this policy, “personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, regardless of whether that information or opinion is true or not, and regardless of whether the information or opinion is recorded in a material form or not.
4. The type of personal information we collect includes, but may not be limited to:
4.1 your contact details, such as your name, telephone number(s), address(es) and email address(es);
4.2 other personal information that you provide to us in response to our request;
4.3 information that we may collect in the course of your access to and use of our web site, such as your IP address, your browser type and device information, your domain name, e mail address, and information on what pages you access;
4.4 information that may be provided to us by a credit reporting body and information relating to payment of our accounts and invoices;
4.5 details of applications such as contact information, covering letter, CV and resumes, history of your employment and any volunteer work you have undertaken (including details of your previous employers and organisations for which you volunteered), academic results and any other information you provide to us as part of an application for employment; and
4.6 information we collect in the course of acting for clients and in the course of our provision of legal services.
5. Without limiting the foregoing, where we provide (or propose to provide) services that are ‘designated services’ under AML/CTF laws, information collected for customer due diligence and related compliance activities (including because we are a ‘reporting entity’ for those designated services). This may include:
5.1 identity and contact details (such as name, date of birth and residential address);
5.2 identification and verification information (for example, document numbers and expiry dates);
5.3 details about the capacity in which a person acts (for example, as an agent);
5.4 information about beneficial owners and other persons associated with a client;
5.5 information relevant to sanctions or politically exposed person screening; and
5.6 information about instructions and transactions to enable ongoing monitoring, reporting and record-keeping.
6. We may also collect “sensitive information” about you. Sensitive information is a subset of personal information that is accorded greater protection under the Privacy Act. It includes personal information about an individual’s racial or ethnic origin, their political opinions, their membership of a political association, their religious beliefs or affiliations, their philosophical beliefs, their membership of a professional or trade association, their membership of a trade union, their sexual orientation or practices, or information about their criminal records, as well as health information about an individual.
7. We may additionally collect and hold certain personal information regarding the credit worthiness of individuals or organisations, and to manage non-payment of our invoices (including to initiate and pursue debt recovery actions in relation to unpaid or overdue invoices). Please refer to our Credit Reporting Policy, accessible here.
How do we collect personal information about you?
8. Regardless of the means of collection, we only use lawful and fair means to collect personal information about you, in accordance with our statutory obligations.
9. We may collect personal information about you through a variety of means, including:
9.1 when you make an inquiry about us or about the services we provide or may provide to you or to an entity with which you are associated;
9.2 when you meet with us (including face-to-face meetings and remote or online meetings), when you communicate with us via email or over the phone, or when you otherwise engage with us or with any of our staff;
9.3 when you or the organisation or entity with which you are associated engage us to provide legal services;
9.4 when you have business dealings with us, including when you (or your organisation or entity with which you are associated) are engaged by us to provide goods and/or services to us;
9.5 when you subscribe to any of our publications, or when you register to attend any of our webinars or seminars, or access our website or other online platforms;
9.6 when you attend an event, webinar or seminar conducted by us or on our behalf;
9.7 when you apply for employment with us.
10. We use our reasonable endeavours to collect personal information about you directly from you. However, in some circumstances, this may not be reasonably practicable. We may collect personal information about you from third party sources (which may include publicly available sources of information).
Anonymity and pseudonymity
11. In accordance with our statutory obligations, we provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us in relation to a particular matter.
12. However, this does not apply if, in relation to that matter, we are required or authorised by or under an Australian law, or an order from a court or tribunal, to deal with individuals who have identified themselves.
13. It also does not apply if it is impracticable for us to deal with individuals who have not identified themselves or have used a pseudonym. For example, in most circumstances, it will not be practicable for us to provide legal services to an individual who has not identified themselves to us, or an individual who wishes to use a pseudonym when dealing with us.
How do we handle personal information received on an unsolicited basis?
14. Generally, we only collect personal information when we specifically request the provision of that information or when we take active steps to collect it.
However, from time to time, we might receive personal information about an individual on an unsolicited basis. For example, we might receive additional information that we did not request, or we may receive unsolicited applications for employment that contain personal information about the applicant.
15. When we receive personal information on such a basis, we will promptly determine whether we could lawfully have collected such personal information had we requested it or otherwise taken steps to collect it.
16. If we determine that we could not lawfully have collected the personal information had we requested it or taken steps to collect it, then we will take reasonable steps to destroy or de-identify the information as soon as practicable, unless we are required or authorised by law or an order of a court or tribunal to retain such information.
The purposes for which we collect personal information
17. In accordance with our statutory obligations, we only collect personal information where it is reasonably necessary for us to fulfil one or more of the functions and activities associated with the operations of our law firm and associated entities.
18. Accordingly, we will only use your personal information for one or more of the following purposes:
18.1 providing and marketing our services to you (including assessing your credit worthiness);
18.2 conducting our business of a legal services provider;
18.3 providing legal services to our clients;
18.4 engaging barristers, experts and other parties relevant to any matter in which you (or the organisation or entity with which you are associated) is a party;
18.5 liaising with and appearing before courts, tribunals, government or official regulators or authorities, and the like organisations and entities, in the course of our provision of legal services to clients;
18.6 requesting that you participate in and complete questionnaires and surveys, administering those questionnaires and surveys you have agreed to complete, and gathering information and feedback about the quality of the services that we provide and areas for improvement;
18.7 assessing your eligibility for the provision of legal services on a pro bono or discounted basis;
18.8 considering making offers of employment;
18.9 receiving goods and/or services you provide or which are provided by an organisation or entity with which you are associated, and for receiving goods and/or services provided by any third party that is relevant to our provision of legal services to clients (including where we have engaged external service providers to provide litigation support, information technology services and software and data storage services);
18.10 maintaining a safe working environment for our partners, principals and staff, contractors, students and volunteers;
18.11 defending claims made or threatened against us, and enforcing our legal, statutory or contractual rights against any individual, entity or organisation;
18.12 for record keeping and administrative purposes;
18.13 for fraud, loss and other crime prevention purposes;
18.14 assisting in investigation of suspected illegal or wrongful activity, protecting and defending our rights and properties, and the rights and safety of third parties;
18.15 recovering unpaid fees and collecting debts owed to us;
18.16 sending you publications and inviting you to seminars and functions which we think may be of interest to you, unless you have consented to us using your personal information for other purposes or its use for another purpose is required or permitted by law (such as to comply with obligations under the Privacy Act in relation to mandatory data breach notification); and
18.17 complying with AML/CTF laws where we are a reporting entity (including conducting customer due diligence such as identification and verification, screening and ongoing monitoring, keeping required records, and making reports (including to AUSTRAC) where required or authorised by law) as well as other statutory obligations that apply to us.
19. Without collecting personal information we may be unable to provide our services to you, including because we may be required to collect and verify certain information before providing a service (for example, where AML/CTF laws apply). If you do not provide the information we request, we may be unable to act for you or to continue to provide services. If you do not wish us to use your personal information in any of the ways described in this Privacy Policy, please contact us (see contact details under the paragraph entitled “Accessing your personal information”).
Use of computer programs and artificial intelligence
20. We do not arrange or use a computer program to use personal information to make decisions that could reasonably be expected to significantly affect the rights or interests of any individual.
21. However, notwithstanding the foregoing, we may utilise automated processes that could have legal or significant effects on individuals, including in relation to verification of identification, assessment of risk or the classification of documents and records. Such processes are at all times subject to human review and oversight.
22. Further we may utilise artificial intelligence (AI) tools and technology to:
22.1 support, assist or enhance our provision of legal services; and
22.2 facilitate and support the engagement of our clients and third parties.
23. We may use AI tools and technology to assist us with document review, legal research, verification of identity and administrative automation.
24. We may also engage third party service providers from time to time to provide such automated processes and AI tools and technology. To the extent we disclose personal information to such third party service providers, we use our reasonable endeavours to ensure that such service providers use the personal information received from us in accordance with this Privacy Policy and the APPs. Without limiting the foregoing, we ensure that appropriate safeguards are implemented to protect the privacy of your personal information.
Accuracy and completeness of personal information
25. While we will endeavour to ensure that the personal information collected from you is up to date and complete, we will assume that any personal information provided by you is free from errors and omissions, is not misleading or deceptive and complies with all relevant laws.
26. We rely on the personal information provided by you. We will not check or verify the accuracy of any personal information we obtain from you or other persons.
27. You should provide us with details of any changes to your personal information as soon as reasonably practicable following such change.
Disclosure of your personal information
28. We do not permit the personal information we hold to be disclosed to third parties unless:
28.1 we consider it necessary to be disclosed in order that services we provide to you can be properly carried out; or
28.2 you have consented (expressly or impliedly) or requested your personal information to be provided to a third party; or
28.3 we are required or permitted by law to provide information to a third party (including disclosures required or authorised under AML/CTF laws and other applicable laws).
29. Third parties to whom we may disclose personal information include:
29.1 courts, tribunals, regulatory authorities and government departments;
29.2 other lawyers and the parties in the course of conducting matters on your behalf or on behalf of the organisation or entity with which you are associated;
29.3 AUSTRAC and other parties where disclosure is required or authorised under AML/CTF laws (for example, for reporting obligations and responding to lawful notices);
29.4 our related bodies corporate for any of the purposes described in this Policy;
29.5 third parties we have engaged to assist us in the recovery of unpaid legal fees and debts owed to us;
29.6 any industry body, tribunal, court, regulator or otherwise in connection with any complaint, inquiry or investigation made by you about us;
29.7 any person who proposes to provide or has provided us with a guarantee to secure your payment obligations (or the payment obligations of an entity related to you) to us;
29.8 certain credit reporting bodies (for further information, please refer to our Credit Reporting Policy);
29.9 any referees that you have provided in the course of a credit application, a job application or the assessment of a potential contract between us and you (or an associated organisation or entity);
29.10 any organisation that we engage from time to time to verify your identity;
29.11 third parties engaged to assist us in connection with providing services to you such as barristers, external lawyers, consultants, experts and agents;
29.12 our insurers and service providers such as in relation to IT, document production and archiving services, talent management and applications for employment; and
29.13 parties and their representatives with whom we are required to engage in relation to your matters.
30. We may disclose some or all of your personal information to comply with applicable laws and regulations, to respond to a lawful request for information that we receive, or as otherwise pursuant, authorised or required by law (including under the Privacy Act 1988 (Cth)).
31. We may also use and disclose personal information to establish or exercise our legal rights, to enforce our contracts with you or third parties, to assert and defend against legal claims made or threatened against us, or if we believe such disclosure is necessary to investigate, prevent or take other action regarding actual or suspected illegal or fraudulent activities or potential threats to the physical safety or wellbeing of any individual.
32. In the course of fulfilling the purpose(s) for which we collected your personal information, we may disclose some or all of your personal information to recipients that are neither us nor you (or your authorised representative or agent). Personal information disclosed in this way may be disclosed to recipients located outside Australia, including recipients located in the United Kingdom, countries within the European Union, Ireland, the Philippines and the United States of America.
33. Where we disclose personal information to an overseas recipient, we will take reasonable steps to ensure the overseas recipient handles the information in a manner consistent with the Australian Privacy Principles, unless an exception applies under the Privacy Act (including where the disclosure is required or authorised by or under an Australian law, such as AML/CTF laws). In some circumstances, we may not be able to provide details about certain disclosures if doing so would be inconsistent with our obligations under AML/CTF laws (including prohibitions on ‘tipping off’).
Protecting your personal information
34. We are committed to ensuring the security of your personal information. We store information in either hard copy or electronic form. We take reasonable steps (including through the implementation of technical and organisational security measures) to protect your personal information from misuse, loss, unauthorised access, modification and disclosure including through restricted access and secure off-site storage. Given the nature of information collected for AML/CTF compliance, we also apply security controls designed to reduce the risk of unauthorised access or disclosure.
35. We retain personal information only for as long as it is required for the purposes described in this Privacy Policy or as required or authorised by law. Where AML/CTF laws apply, we may be required to keep certain records for prescribed periods (for example, generally for 7 years after the end of a business relationship or after an occasional transaction).
36. We take reasonable steps to destroy or de-identify personal information that we no longer need for any purpose permitted under the Privacy Act, unless we are required by or under an Australian law (including AML/CTF laws) or a court/tribunal order to retain it.
37. Where we collect copies of identification documents to verify identity, we take reasonable steps to limit retention of those copies to what is required or reasonably necessary. In particular, we may retain a record of the relevant details from an identification document (such as name, date of birth, residential address, document type, document number and expiry date) and information about the verification process and outcome, rather than retaining a full copy of the identification document, except where retaining a copy is required or authorised by law or reasonably necessary for another permitted purpose.
Cookies
38. A cookie is a data file that a website transfers to your hard drive. This enables the website to track the pages you have visited. A cookie only contains information you supply. It cannot read data on your hard drive. Our website uses cookies. You can set your browser to refuse cookies, however, this may mean you are unable to take full advantage of our website. We also collect data relating to the number and frequency of clicks on links and pages of our website.
Access to and correction of your personal information
39. If you wish to
39.1 access your personal information held by us, or
39.2 seek correction of such information, or complain about possible breaches of this policy, the Privacy Act or the Australian Privacy Principles, you should direct your enquiry to:
Managing Partner, Piper Alderman
E-mail: [email protected]
40. We will generally provide access to, and correct, personal information in accordance with the Privacy Act. However, in some circumstances we may be required or authorised to refuse access or limit what we provide (and/or limit the reasons we can give) where doing so would be inconsistent with our legal obligations, including obligations under AML/CTF laws (for example, prohibitions on ‘tipping off’ or restrictions relating to AUSTRAC information).
41. We may also refuse access in any of the following situations:
41.1 where the access to the information would pose a serious threat to the life or health or safety of the individual, or to public health or public safety;
41.2 where the request is frivolous or vexatious;
41.3 where the request relates to existing or anticipated legal proceedings or to current negotiations between you and us;
41.4 the request is unlawful, or would impede or prejudice any investigation of unlawful activity; or
41.5 where we are required or authorised by or under any Australian law or a court or tribunal order to not comply with the access request.
42. Where we do not provide you with access to your personal information that we hold about you in response to your access request, we will provide an explanation to you and information on our complaints process.
43. While we do not charge a fee for making an access request, we are permitted under the Privacy Act to charge a reasonable fee to cover our costs incurred in providing you with access to your personal information. We reserve the right to charge such fee to you in order to cover our costs incurred in providing you with access to the personal information we hold about you.
44. We may request from you information to verify your identity and your connection to the individual about whom you request personal information (if required) before we grant access to the personal information we hold about that individual. ). Further, in addition to our capacity to refuse access to or correction of the personal information we hold about you (where required or authorised by law, including the Privacy Act), we reserve the right to redact information included in the personal information to which we grant you access, in order to protect the privacy of other individuals.
45. Where appropriate, we will take reasonable steps to correct personal information we hold for AML/CTF purposes (for example, Know Your Customer information).
46. If your enquiry relates specifically to how we handle personal information for AML/CTF compliance, you may also address it to our AML Compliance Officer via the contact details below:
E-mail: [email protected]
47. We will deal with your inquiry or complaint in accordance with the Privacy Act. You can also contact the Office of the Australian Information Commissioner by visiting oaic.gov.au/privacy/privacy complaints.
Variation of privacy policy
48. We may vary the terms of this Privacy Policy from time to time.
