DIY By-laws is a division of Bannermans Lawyers (“the Firm”) is a Sydney based legal practice, operated by David Bannerman, specialising in strata and development, construction and construction insurance law. The Firm’s activities (“Activities”) include:
- Provision of legal advice to clients and representation of clients in legal proceedings.
- Promotion of education and law reform within the strata title sector.
This policy sets out how the Firm will collect, hold, use or disclose personal information about an individual. This is governed by the Privacy Act 1988 (“Act”), Privacy Regulation 2013 (“Regulation”), the Australian Privacy Principles (“APP”) under the Act and confidentiality and other ethical obligations under the Legal Profession Act 2004 NSW, the NSW Professional Conduct and Practice Rules 2013 and the general law. The Firm is committed to complying with its obligations under these laws and will only collect, hold, use or disclose personal information as set out in indicated in this policy, with your consent or as otherwise required or authorised by law.
The law and associated technology change constantly and for that reason and others, the Firm reviews its policies from time to time, including this policy. The latest version will be published and available to view on the Firm’s website.
2. What personal information does the Firm collect and hold and for what purposes is it collected and held?
“Personal Information” means information or an opinion about an individual which identifies the individual or from which the individual could reasonably be identified, such as an individual’s name, contact details, employment history and assets/liabilities.
“Sensitive Information” means the Personal Information which is health, genetic or biometric information or which concerns an individual’s race or ethnic origin, political, religious or philosophical beliefs or affiliations, membership of professional or trade associations or trade unions, sexual preferences or criminal record.
Generally, the Firm collects only Personal Information, which is not Sensitive Information. However, it may at times be necessary to collect Sensitive Information about an individual in order to carry out properly our Activities. In those cases, the Firm will only collect sensitive information about an individual where reasonably necessary for the Firm’s Activities and with the individual’s consent.
The Firm may collect Personal Information, reasonably necessary for the Firm’s Activities, relating to:
- The Firm’s own staff.
- The Firm’s clients, if natural persons.
- The Firm’s expert consultants, suppliers and other persons with whom the Firm has dealings, if natural persons.
- If a client, expert consultant, supplier or other person with whom the Firm has dealings is not a natural person, The Firm may collect Personal Information about its officers, members, staff and other individuals with whom it has dealings.
- The Firm acts for many strata owners corporations and for them this would mean Personal Information about executive committee members, lot owners, staff of the owners corporation’s strata managing agent, caretaker or building manager or other persons with whom the owners corporation has dealings.
The kinds of Personal Information collected by the Firm include:
- Names and titles.
- Contact details, such as addresses, e-mail addresses and telephone and fax numbers.
- Position descriptions.
- Relationships with relevant organisations.
- Areas of legal practice and/or events in which the individual may be interested.
- Information about the individual’s dealings with the Firm and/or its clients.
- References, opinions and other reports in relation to an individual.
- When acting for a corporate client in relation to a current or proposed motion, information about any discussion held or votes cast in relation to the motion or any related circumstances.
- When acting for a client seeking to recover an amount allegedly owed by an individual or an organisation with which the individual is related, details of the individual’s financial position, including assets and liabilities and credit history.
- In relation to prospective or current staff of the Firm, details of the individual’s name, gender, contact details, qualifications, educational history, employment history, references, referee details and eligibility to work in Australia. The Firm may collect this information from the individual or from sources such as employment agencies and social media websites such as LinkedIn.
The purposes for which the Firm may collect personal information include:
- in relation to Personal Information relating to individuals who are applicants for employment with the Firm, for the purpose of assessing applications for employment.
- in relation to Personal Information relating to staff members of the Firm, for the purpose of training, performance review and providing reference information, if the Firm is named by the staff member as a referee.
- in relation to Personal Information about current or prospective suppliers of goods and services to the Firm, if a natural person or if not a natural person, personal information about individuals who are officers, members, employees or otherwise associated with the supplier, for the purpose of considering and facilitating such supply to the Firm.
- in relation to Personal Information about an individual who is an officer, member, employee or otherwise associated with an entity, which is a court or tribunal, council or other entity performing functions under any legislation, for the purpose of procuring that the entity exercise its functions and to assist the entity in doing so.
- in relation to Personal Information about an individual who has participated in or expressed interest in participating in a seminar or other event provided or sponsored by the Firm or subscribing to a newsletter or mailing list published by the Firm, for the purpose of confirming satisfaction with the seminar or other event or promoting education and law reform within the strata title sector.
- in relation to Personal Information about clients who are natural persons or where a client is not a natural person, Personal Information about individuals who are officers, members, employees or otherwise associated with the client, for the purpose of identifying those persons and providing the services requested by the client.
- for the purpose of managing and enhancing relationships with clients, suppliers and other parties with whom the Firm has dealings.
- for the purpose of assessing satisfaction with and improving the services provided by the Firm to clients.
- for the purpose of promoting education and law reform within the strata title sector, including advising organisations and individuals with whom the Firm has dealings of legal developments and events which may be of interest to them.
- for the purpose of ensuring the Firm’s compliance with the legal and ethical obligations.
- for the purpose of handling complaints handling.
- for the purpose of data analysis.
The Firm will not collect Personal Information which it does not need, but if the Firm were unable to collect Personal Information which it does need, the Firm may be unable to undertake its Activities or to satisfy its obligations, including:
- the provision of legal services to clients, where the requested information relates to the provision of those services.
- the assessment of employment applications, where the requested information relates to such an application.
- engagement of third parties to supply goods and services to the Firm, where the requested information relates to such a supply.
Wherever lawful and practical for the Firm to do so, the Firm will allow individuals to deal with the Firm on an anonymous basis or using a pseudonym. This may be the case when individuals make general enquiries about the Firm’s legal services or participate in online surveys. However, the Firm will generally being required to identify individuals or individual representatives of organisations proposing to contract with the Firm or engage the Firm to provide legal representation and may be unable to contract or accept engagement to provide legal representation if such individuals are not identified.
3. How does the Firm collect and hold personal information?
The Firm may collect Personal Information about an individual when:
- the individual applies for employment with the Firm or as an employee of the firm engages in employment related activities, such as providing services to clients and training.
- the individual or an organisation of which the individual is an officer, member, employee or otherwise associated engages or proposes to engage the firm to provide legal representation and/or advice.
- the individual or an organisation of which the individual is an officer, member, employee or otherwise associated provides or proposes to provide goods and/or services to the Firm.
- an organisation, which is a court or tribunal, Council or other entity performing functions under any legislation, of which the individual is an officer, member, employee or otherwise associated engages in dealings with the Firm.
- the individual or an organisation of which the individual is an officer, member, employee or otherwise associated, on behalf of the individual, participates in or expresses interest in participating in a seminar or other event provided or sponsored by the Firm or subscribing to a newsletter or mailing list.
Generally, the Firm will only collect personal information about an individual where:
- reasonably necessary for the Firm’s Activities.
- by lawful and fair means.
- from the individual, unless required or authorised by law to collect the information from someone else or where it is unreasonable or impractical to collect it from the individual.
- if Sensitive Information is involved, with the individual’s consent.
However, there will be situations which it is in unreasonable or impractical to collect Personal Information from the relevant individual, in which case we may obtain it from a third party, such as a spouse or partner, an organisation with which the individual has a relationship or a court, tribunal, council or other entity performing functions under any legislation. This may include situations in which, in order to confirm satisfaction with a seminar or other event provided or sponsored by the Firm or to promote education or reform within the strata title sector, the Firm considers it appropriate to collect names and contact details for individuals who may be participants in such seminars or events or stakeholders in the strata title sector.
In these cases, the Firm will take reasonable steps to ensure that the individual is aware that the information has been collected and the basis on which the information will be held, used and disclosed, including the option of requesting that no further communications be sent to the individual.
The Firm will deal with unsolicited personal information and personal information which is no longer required in accordance with the requirements of the act, including where required and lawful, by destroying or de-identifying the information. However, the Firm is obliged by law and ethical obligations to retain most records for a period of time specified by law.
4. How does the Firm maintain and secure Personal Information?
The Firm takes reasonable steps to ensure that:
- the Personal Information collected by the Firm is accurate, up-to-date and complete.
- the Personal Information used or disclosed by the Firm is accurate, up-to-date, complete and relevant.
However, the Firm can only update Personal Information in light of circumstances of which the Firm is aware and depends on individuals in relation to whom the Firm holds Personal Information to advise the firm of any change in their circumstances warranting amendment of the Personal Information held by the Firm.
The Firm takes reasonable steps to protect Personal Information which it holds from misuse, interference, loss, unauthorised access, modification or disclosure. This includes:
- Staff being subject to confidentiality obligations.
- Electronic personal information being stored in databases requiring logins and passwords for access and restricted to staff requiring access.
- The Firm maintains appropriate anti-virus and backup regime is for the purpose of securing electronic Personal Information.
- Physical files currently in use are stored at the Firm’s premises, which are secured by pass card only entry, accessible only by staff and access to our premises by clients and other third parties is subject to staff supervision.
- The Firm does not store files off site and generally destroys client files seven years after the date on which the relevant matter was finalised, after the physical file is scanned and retained as an electronic record.
5. How does the Firm use and disclose Personal Information?
The Firm uses and discloses Personal Information only for the business purposes for which it was collected.
The Firm may use and/or disclose Personal Information, including Sensitive Information, as follows:
- for the purpose for which it was collected;
- as required or authorised by law; or
- with the consent of the individual to whom the information relates and any client or other person to whom confidentiality obligations are owed in relation to the information.
In the case of Personal Information being used for the purpose of reporting on Bannermans Lawyers activities, promoting education and law reform within the strata title sector or advising clients and others with whom the Firm has dealings of legal developments and events which may be of interest to them, this will generally be in the form of a newsletter, e-mail or message by other communication technology, with an option to request no further communications. To make that request, an individual should send an e-mail message to that effect to the Firm’s privacy officer, contact details for whom are set out at the end of this policy.
It is unlikely that the Firm would disclose Personal Information to an overseas recipient. However, this can occur where:
- the personal information relates to an individual who is an officer or employee of or otherwise related to a client, which is an overseas entity or related to an overseas entity and where disclosure of the information to the overseas entity is required for the purpose of providing legal services to the client.
- the Firm stores data on the server of an external service provider, which stores that data on an external server. The Firm currently stores all data on its own server at its own premises, but may enter into such arrangements at a future date.
6. How can individuals access and seek correction of personal information held by the Firm?
Individuals, in relation to whom the Firm holds Personal Information, have the following rights under the Act:
- access to that Personal Information, subject to exceptions set out in APP 12.
- correction of that Personal Information, if it is inaccurate, not up-to-date, incomplete, irrelevant or misleading.
If you wish to exercise one of those rights, please contact the Firm’s privacy officer, using the contact details set out at the end of this policy. The Firm’s privacy officer will consider and respond to your request within a reasonable time.
If your request relates to access to Personal Information about you held by the Firm, the Firm’s privacy officer will advise you:
- whether the Firm agrees to provide access to the relevant Personal Information in the manner requested by you.
- whether the Firm does not agree to provide access to the relevant Personal Information on one of the grounds set out in APP 12 and if so the grounds for that decision and the mechanisms available to you to complain about that decision.
- if the Firm does not agree to provide access to on one of the grounds set out in APP 12 or to provide access in the manner requested by you, whether there are steps which the Firm could take to give access, which are reasonable in the circumstances and which would meet the needs of the Firm and you.
Given the extent and complexity of the records kept by the Firm, as well as the confidentiality and other obligations owed by the Firm in relation to those records:
- the only reasonable and practical method of providing you with access to Personal Information about you may be to provide you with a scanned or printed copy of such information.
- the Firm may impose a charge for providing such access, if the Firm is put to any substantial time cost or expense in complying with your request, e.g. retrieving closed files from storage or reconstructing the relevant Personal Information from a data backup.
7. How can an individual complain about a breach of the Australian Privacy Principles and how will the Firm deal with such a complaint?
If you wish to make a complaint about how the Firm has collected, held, used or disclosed Personal Information about you, please contact the Firm’s privacy officer, by post or e-mail, using the contact details set out at the end of this policy. You should at that time provide all information which the Firm’s privacy officer might require in order to consider your complaint.
The Firm’s privacy officer will consider and respond to your complaint within a reasonable time. Generally, provided that the Firm’s privacy officer has received all information required in order to consider your complaint, that response would be made within 28 days of receiving your complaint. The Firm’s privacy officer will let you know if further information is required and if so the timeframe within which he or she expects to respond to your complaint.
8. How can an individual contact us or request further information?
Further information about the Act and APP can be obtained from the Office of the Australian Information Commissioner (“OAIC”):
Further information about how the Firm collects, holds, uses or discloses Personal Information can be obtained by contacting the Firm’s privacy officer, using the following contact details:
The Privacy Officer
L7/2 Elizabeth Plaza
North Sydney NSW 2061