- Introduction
1.1. This Privacy Policy applies to the practices and activities of Crisp Law (Crisp Law, Us, We, Our).
1.2. Where required by law, We collect, hold, use and disclose personal information for the purpose of carrying out our Activities and Functions (as defined in clause 5.2), and in accordance with the Privacy Act 1988 (the Act) and the Australian Privacy Principles (APPs).
1.3. Any individual who provides Personal Information or Sensitive Information to Crisp Law consents to Us using, storing, and disclosing that Personal Information in accordance with this Privacy Policy. For the purposes of this Policy, “Personal Information” and “Sensitive Information” have the meaning provided to those terms in the Act.
1.4. This Privacy Policy is freely available on Our website or by contacting Us directly to request a copy free of charge.
1.5. We may revise or update this Privacy Policy from time to time by publishing a revised version on Our website. Revised versions take effect from the time published.
- Collection of information
2.1. The information collected by Crisp Law about a particular person will vary depending on the circumstances of collection.
2.2. Crisp Law may collect Personal Information from a client, prospective client, or any individual who:
-
- has dealings with Our employees or Our office;
- makes an enquiry with Crisp Law regarding a potential matter or potential work they wish to provide Crisp Law;
- enters their Personal Information into, or agrees to having their Personal Information entered into, one of Crisp Law’s online systems;
- contacts Our office;
- submit an enquiry through the Crisp Law website;
- apply for a job or other position with Us, is employed by Us or undertakes work experience with Us;
- is employed by Us;
- registers for or attends Our events or seminars;
- contacts Us;
- subscribes to our newsletters;
- supplies us goods and services; or
- attends our office.
2.3. Personal Information We collect and hold may include an individual’s name, address, email address, occupation, signature, phone number, date of birth, country of residency, proof of identity, mailing address, other contact details, dietary and accessibility requirements, qualifications, accreditations, tax file numbers, bank account details, communication preferences, communication history, employment details, gender, and credit card details.
2.4. Crisp Law may collect and store copies of your driver licence, passport and other forms of identification which may include a government related identifier.
2.5. Crisp Law collects Personal Information to enable Us to provide legal services and otherwise carry out our Activities and Functions.
2.6. In most instances, Crisp Law is unable to provide services or engage with a person who is not prepared or who is otherwise unable to provide their Personal Information.
- How is Personal Information collected?
3.1. We may collect Your Personal Information directly from You through various means including via Our website, in person, email, online and written forms, phone calls, verbal conversations, or other forms of correspondence, writing, or recording.
3.2. We may also collect Personal Information from:
-
- third parties that assist Us in running programs, events, or activities;
- Government agencies such as the Australian Electoral Commission;
- your current or former employer;
- your authorised representative;
- agents, including real estate agents, or other professional service providers, such as accountants, when they refer You to Us;
- publicly available sources; and
- any other government or law enforcement bodies where required by law.
3.3. From time to time We may obtain Personal Information from third parties not disclosed in this Privacy Policy where it is impractical to obtain it directly from You. When We do so, We will take reasonable steps to ensure that We make You aware of the collection of Your Personal Information in accordance with the Act.
3.4. Personal Information may also be collected where Crisp Law is required or permitted to do so by law.
3.5. In some circumstances, Crisp Law may collect, use, disclose and store Personal Information of an individual who has not directly had dealings with Us. This may include for example where We are acting for one party to a transaction, in which case We may collect, use, disclose and store Personal Information of the other party to the transaction which may be provided by our client, the other party’s solicitor, or in some circumstances the individual themselves.
3.6. If we receive unsolicited Personal Information about You, it will be handled in accordance with the Act. We may keep records of unsolicited Personal Information if the Act permits it. If not, Our policy is to destroy or de-identify the Personal Information as soon as practicable, provided it is lawful and reasonable to do so.
- Security and storage of Personal Information
4.1. We take reasonable steps to protect your Personal Information. In the event of a data breach, Crisp Law is committed to complying with the requirements of the Privacy Act to the extent required at law.
4.2. Information may be stored in hard copy or electronic format in secure facilities that We own and operate, or that are owned and operated by Our service providers.
4.3. Our electronic databases are secured by a firewall and anti-virus software to ensure, so far as practicable, that it is not accessed by unauthorised parties. Our website has security measures designed to protect against loss, misuse, or alteration to Your Personal Information under Our control.
4.4. We use EFTPOS and online technologies to process payments to ensure that all transactions meet industry security standards to ensure payment details are protected. Any payment information we store is encrypted, masked and de-identified.
4.5. Crisp Law takes steps to destroy information relating to a client’s matter at a date after seven (7) years since the conclusion of their matter with the firm. The exception to this is where we are required to store a client’s matter for a longer period of time, or provided us with documents to store on their behalf, such as a will or power of attorney.
- Why do We collect Personal Information?
5.1. The Personal Information You provide Us lets us contact You and enables Us to efficiently carry out Our business functions and activities. Some Personal Information is collected so we can meet our health and safety obligations.
5.2. We may collect, hold, and use Personal Information of individuals to enable Us to perform our core functions, provide various services, and facilitate events and programs which include:
-
- providing services;
- administering, managing and providing access to the Crisp Law website and any other Crisp Law resources;
- keeping Our clients and interested parties informed of news and information relating to legal services and offerings via various mediums;
- providing information to those that engage with Us;
- facilitating events and programs including sending invitations;
- administration of Your interactions and transactions with Us;
- complying with Our corporate governance and reporting obligations; and
- communicating offerings from us, and third-party offerings (referred to as Activities and Functions)
5.3. We try at all times to only collect the Personal Information We require to enable Us to perform the particular function or activity We are carrying out.
- Use of Personal Information
6.1. We will make You aware at the time of collection of Your Personal Information, how We intend to use and disclose that Personal Information and may also use and disclose Your Personal Information to enable us to perform and undertake Our Activities and Functions.
6.2. We may also make secondary use or disclosure of Your Personal Information, in addition to Our Activities and Functions, where:
(a) you would reasonably expect Us to for a related purpose; or
(b) it is authorised or required by the Act, or any other Australian law or court/tribunal order.
6.3. We do not sell Your Personal Information to third parties, but it may be disclosed to third parties from time to time to facilitate and administer our Activities and Functions.
- Disclosure of Personal Information
7.1. We do not disclose Personal Information to other organisations unless:
-
- it is reasonably necessary to conduct Our Activities and Functions; or
- You give Your consent; or
- it is required or authorised by law including in emergency situations or to assist law enforcement, in accordance with the Act.
7.2. We may disclose Your Personal Information in order to:
-
- manage and administer the services We provide;
- enable third parties engaged by Us to provide services on Our behalf, for example deliver events You have registered for;
- assist You with enquiries;
- charge You for the services We provide and collect any amounts You may owe to Us, including any debt recovery action;
- ensure that Our internal business operations are running smoothly including any governance or legal requirements required; and
- otherwise to conduct Our Activities and Functions.
7.3. We will not disclose any Sensitive Information about You, unless You have provided express consent for Us to do so, or We are required by Law.
7.4. We may disclose Your Personal Information to third party service providers who are contracted by Us to carry out advisory, administrative, analytical or technical functions for Us. Where We do so, We will require those third parties to comply with the Act.
7.5. In the case of these contracted service providers, We may disclose Personal Information to the service provider and the service provider may in turn provide Us with Personal Information collected from You in the course of providing the relevant products or services.
7.6. We may disclose Personal Information to overseas parties, in the following situations:
-
- using secured cloud services from time to time, the location of which is not reasonably available;
- providing Your details to an overseas direct mail provider to send marketing material to You.
7.7. If We disclose Personal Information overseas, We will take reasonable steps to ensure that any overseas recipient does not breach the Act.
- Website
8.1. We may collect the following information through Our website, either ourselves or through Google Analytics (which is hosted by a third party):
-
- Your computer or device’s IP address (collected and stored in an anonymised format);
- device screen size;
- device type, operating system and browser information;
- geographic location (country only);
- referring domain and out link if applicable;
- search terms and pages visited (clickstream data); and
- date and time when website pages were accessed.
8.2. We will treat any Personal Information collected through Our website in the same way as other Personal Information we collect.
- Cookies
9.1. A cookie is a piece of data sent from a website and stored in a user’s web browser. Crisp Law may collect cookies to understand how online services are used.
9.2. We may use Cookies for several reasons, including utilising cookies to remember your log-in status and viewing preferences from a previous use of an online service.
9.3. Our website may also transfer cookies on computers and devices that access Our website for record-keeping purposes. You may be able to change Your browser preferences to reject all cookies before accessing Our website.
- Links to other websites
10.1. Our website contains links or references to other websites or organisations. We are not responsible for the privacy practices or content of the linked web sites and other pages hosted by Us on behalf of non-Crisp Law organisations.
10.2. Third party websites may have their own privacy and security policies, which we encourage You to read before supplying any Personal Information to them.
10.3. Links to third party websites are provided for information, and do not indicate Our endorsement of that business or any assurances about the content on that site.
- Social Media and networking
11.1 We use social media networks, including Facebook, LinkedIn, Instagram and Twitter, to communicate with the public. When You communicate with Our social media platforms, We may collect Your Personal Information, for the purpose of using it to communication with You and the public. The social media webpages may also collect, use and hold Your Personal Information, for its own purpose. We recommend You consider the Privacy Policies of these social media websites prior to using the same.
11.2. These social media websites may store Your Personal Information overseas.
- Access to Personal Information
12.1. You can contact Us if you would like to access the Personal Information we hold about You. We will request that You verify Your identity, before We provide You with access to Your Personal Information.
12.2. We will provide You with access to Your Personal Information, within a reasonable period after the request, and in a way that is reasonable in the circumstances, unless exempted by the Act.
12.3. We may refuse to provide You with access to Your Personal Information, or to provide access in the manner You have requested in circumstances where an exception to access applies under APP 12.
12.4. If We refuse to provide You access to Your Personal Information, We will provide You with written notice that sets out Our reasons (other than to the extent it would be unreasonable to do so) and inform You of the how to complain about the refusal.
12.5. We may charge a reasonable fee for providing You with access to Your Personal Information, which will be confirmed at the relevant time.
- Correction
13.1. You can contact Us if you would like to correct the Personal Information that We hold about You. We may ask You to verify Your identity before processing any correction requests, to ensure that the Personal Information we hold is properly protected.
13.2. If We correct Your Personal Information after We have disclosed it to a third party who is also subject to the Act, We will only inform that third party of the corrected details at Your request. If You do request that We inform that third party of the correction, We will take reasonable steps to do so at no cost, unless this would be unreasonable, impracticable, or unlawful.
13.3. If We refuse to correct Your Personal Information, We will provide You with written notice that sets out Our reasons (other than to the extent it would be unreasonable to do so) and inform You of the how to complain about the refusal; and
13.4. If we refuse to correct Your Personal Information, you may request that We make a record of Your claim that the Personal Information is inaccurate, out-of-date, incomplete, irrelevant, or misleading. We will take reasonable steps to associate the record in such a way that will make it apparent to users of the Personal Information.
- Complaints
14.1. Any issues or complaints in relation to Your Personal Information should be made to Us directly, via the contact details provided below.
14.2. We will respond to Your complaint within a reasonable period, and in the first instance Our Privacy Officer will endeavour to take any steps necessary to resolve the matter.
14.3. If We are unable to resolve Your complaint or You are unhappy with the outcome, You may lodge a complaint with the Office of Australian Information Commissioner via its enquiries line on 1300 363 992, or via its website at http://www.oaic.gov.au.
14.4. If You lodge a complaint with the Office of the Australian Information Commissioner, or another regulatory body, we may use and disclose Your Personal Information to assist in any resulting investigation or proceeding.
- Contact Details
Any requests regarding the terms of this Privacy Policy can be directed to the Practice Director