Barry Nilsson (BN) is committed to handling your personal information in a responsible manner in accordance with the Australian Privacy Principles (APP) which are contained in the Privacy Act 1988 (Cth) (Privacy Act).
What is personal information?
‘Personal information’ is information or an opinion relating to an individual that can be used to identify that individual. ‘Sensitive information’ is a subset of personal information and includes information or an opinion about an individual’s race or ethnic origin, political opinions, religious beliefs, sexual preferences, criminal record, health record or professional or trade association memberships.
We do not collect, use or disclose sensitive information about you unless it is allowed by law; is in circumstances where it is required in the course of providing legal services to you; or you consent. If you are younger than 16 years of age you will need the consent of your parent or guardian. Sensitive information will only be used and disclosed for the purpose for which it was provided or a directly related secondary purpose.
What kinds of personal information does BN collect?
We collect and hold information such as (but not limited to) names, addresses, contact details, occupations, and other information which assists us in conducting our business, providing marketing services and complying with our legal obligations. In most cases, if the personal information requested is not provided, we may not be able to supply the relevant service.
About whom does BN collect personal information?
We may collect and hold information about clients, potential clients and business associates and their employees, suppliers and their employees, employees, prospective employees and contractors and others.
How does BN collect personal information?
We will generally collect personal information by way of forms filled out by people, face to face meetings, interviews, business cards, telephone conversations, emails, and from third parties; for example, a report provided by a medical practitioner or an employment reference from another person.
How does BN collect and use information from the website?
If you visit www.bnlaw.com.au to read, browse or download information, our system may record information such as the date and time of your visit to the website, the pages accessed and any information downloaded. This information is anonymous and is used for statistical, reporting and website administration and maintenance purposes only. We may collect information about you through the website when you:
- register or update an online profile which may include personal information such as your name or address
- submit electronic forms requesting us to provide services or take actions
- submit messages or comments
- participate in online surveys
- apply for a job
Like many websites, our website may use ‘cookies’ from time to time. Cookies are small text files that we transfer to your computer’s hard drive through your web browser to enable our systems to recognise your browser. Cookies and the anonymous web usage information referred to above will not be used to identify you as an individual unless required by law, or where the website is accessed via links in an email we have sent which specifically refers to the fact that clicking on links may be tracked.
While we take great care to protect your personal information on our website, no data transmission over the internet can be guaranteed to be secure. Accordingly we cannot warrant the security of any information you send to us or receive from us online. This is particularly true for information you send to us via email. We have no way of guaranteeing that information is protected in transit.
Once we receive your information we make our best effort to ensure its security. From time to time, some sections of the website may protect your personal information by requiring you to use a password. For your own protection, we require you to keep this confidential and to change your password regularly.
Please note that in some emergency or law enforcement situations, government agencies may have the authority to review our web server’s records.
The website contains links to other sites. We are not responsible for the privacy practices or policies of those sites.
How might BN use and disclose your personal information?
In general, we may use and disclose your personal information to conduct our business, to provide and market our services, to communicate with you, to purchase from you, to comply with our legal obligations and to help us manage and improve our services.
We may disclose personal information for the purpose for which it was collected, and also:
- subject to our professional obligations, to any person where necessary or desirable in connection with our provision of legal services, such as to the client, regulatory advisors, or other principals or advisors (whether in Australia or overseas)
- within BN
- on a confidential basis to external service providers so that they can provide financial, administrative or other services in connection with the operation of our business, for example photocopying, auditing, technology and data processing, security and archiving services providers and financial and other professional institutions
- as required by law, subject to our professional obligations, as permitted under the APP
- with your consent (If you are younger than 16 years of age you will need the consent of your parent or guardian)
To whom might BN disclose your personal information?
We may disclose your personal information to other companies or individuals who assist us in providing services or who perform functions on our behalf (such as barristers, medical practitioners, valuers, courts and tribunals) or to any authority or government agency, and anyone else to whom you authorise us to disclose it. We also collect personal information from these organisations and individuals, and deal with that information in accordance with this policy.
We will take all reasonable steps to ensure that any third parties to whom your personal information is disclosed, undertake to comply with the APP so as to protect the personal information disclosed to them.
Will personal information be disclosed to overseas recipients?
We may need to disclose information to persons overseas. We may not always be able to take reasonable steps to ensure that they do not breach the Privacy Act and they may not be subject to the same obligations to protect personal information as applies in Australia by virtue of the Privacy Act. By continuing to acquire our services and/or products you consent to us disclosing information to such persons and agree that you cannot claim relief from us and you may not have any right of action against the overseas recipient of the information.
We may need to disclose information to persons overseas. We may not always be able to take reasonable steps to ensure that they do not breach the Privacy Act 1988 (Privacy Act) and they may not be subject to the same obligations to protect personal information as applies in Australia by virtue of the Privacy Act.
When responding to requests for information from foreign governments, regulators, law enforcement agencies or third parties, the firm will act in accordance with the Australian Privacy Principals, Chapter 8, Cross-border disclosure of personal information.
When disclosing personal information to an overseas recipient as required or authorised by law, the firm may disclose personal information to an overseas recipient without complying with APP 8.1 where the disclosure is authorised by or under an Australian law or a court/tribunal order’ (APP 8.2(c)).
The firm cannot rely on a requirement or authorisation in an overseas jurisdiction.
The following are examples of where a law or order may require or authorise disclosure of personal information to an overseas recipient:
- The firm is required to disclose personal information to the government of a foreign country under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
- The firm is required to disclose personal information to an overseas recipient under the Australian Federal Police Act 1979 (Cth) or the Mutual Assistance in Criminal Matters Act 1987 (Cth)
By continuing to acquire our services and/or products you consent to us disclosing information to such persons and agree that you cannot claim relief from us and you may not have any right of action against the overseas recipient of the information.
How does BN keep your personal information secure?
The APP require us to take all reasonable steps to protect your personal information from misuse and loss and from unauthorised access, modification or disclosure for example by use of restricted access to electronic records and by physical security.
BN employees are required to respect the confidentiality of personal information and the privacy of individuals. We provide all employees with training in relation to their obligations under the APP and the Privacy Act.
We do not adopt an identifier that has been assigned to you by a Commonwealth Government agency (eg. your tax file number) as a means of identifying you.
Where we no longer require your personal information for a permitted purpose under the APP we will take reasonable steps to destroy it in a secure manner or to de-identify it if that is appropriate.
This policy is incorporated into the firm’s policy manual and the firm has a Privacy Officer to oversee continued compliance with the APP.
Notifiable Data Breaches Scheme
BN is committed to protecting personal data through the implementation of our Data Breach Policy in accordance with the Notifiable Data Breaches Scheme (included in the Privacy Act in 2017). The policy provides guidelines for any data breach incident; including initial alerting procedures, a response and assessment workflow for the Cyber Security Breach Team, including internal and public notification processes.
Should an eligible data breach event occur which is likely to result in serious harm to any person, all affected parties will be contacted as soon as practicable, and advised of the confirmed breach. BN has up to 30 days to complete an inquiry into any incident, and are dedicated to maintaining open communication during this time to assist others to take precautionary activities. Clients will liaise with the relevant Principal for ongoing updates and information regarding remedial actions during the assessment. On completion, a full summary of the findings will be available with any public notification statement that may be required.
You have the right to:
- be forgotten;
- access your personal information;
- request an update to or correction of your personal information;
- request your personal information be erased;
- request the processing of your personal information be restricted;
- data portability.
How can you access your personal information?
Subject to the exceptions set out in the Privacy Act, you may seek access to the personal information which we hold about you by contacting our Privacy Officer. We will respond to your request within 30 days and will require you to verify your identity and to specify what information you require. We may charge you a fee for providing access depending upon the time taken to locate, collate and provide the information requested by you. You will be advised of the cost, if any, in advance. In certain circumstances we may not be required by law to provide access to or to correct personal information. If that is the case, we will give you our reasons for that decision.
This policy will be reviewed as necessary to ensure compliance with new laws, to take account of changes in technology, changes to our operation and practices and the general business environment. The most current version of this policy is on our website at www.bnlaw.com.au.
Should you not be satisfied with how any member of the firm has dealt with your personal information, you may request in writing that the matter be considered by the BN Internal Disputes Resolution Committee. This Committee is comprised of BN Partners.
If you remain dissatisfied with our decision after you have received a written response from the BN Internal Disputes Resolution Committee, you may progress the matter to the Queensland Law Society.
Barry Nilsson agrees to accept the determination of the Queensland Law Society as final.
You can contact the Queensland Law Society by writing to:
The Queensland Law Society
Law Society House
179 Ann Street
BRISBANE QLD 4000
or by telephoning (07) 3842 5888.
Naturally, nothing of course denies your statutory rights to make a complaint about interference with your privacy directly to the Privacy Commissioner in accordance with The Private Sector Act.
How to Contact Us
If you have any enquiries about privacy related issues please contact our Privacy Officer on 07 3231 6300.