In addition to the strong professional obligations Anisimoff Legal has to its clients as a law firm (including our obligations of confidentiality by virtue of legal professional privilege), we are committed to protecting your personal information in accordance with our obligations both under 1) the Privacy Act 1988 (Cth) (“the Act”) (as amended) and the guiding policies referenced therein and, to the extent applicable, 2) the European Union (EU) General Data Protection Regulation 2016/679 (“GDPR”), where we process personal data relating to identifiable UK or EU residents. We are a data controller for the Sites and in respect of the services we provide.
Collecting personal information
When you visit our Sites or request a service from us, we may collect personal information directly from you, such as your name, title or position, qualifications, contact details, and any other information which you knowingly provide to us either directly or indirectly through emails, forms, meetings, websites, business cards and our social media channels. Personal data does not include data where your identity is not known or has been removed (i.e. anonymous data).
In some cases, we may also collect ‘sensitive information’ such as information about criminal record where necessary to provide our services.
We collect personal information about our clients, business associates, potential clients and their personnel, as well as other individuals in the course of servicing our clients (including for example, clients of our clients who engage us on their behalf, or personal information that clients provide to us to undertake our services, such as details of entrants to or winners of trade promotions). We also collect personal information about our suppliers and their employees, as well as our prospective employees.
We may collect personal information about you from third parties, including from your employer, your authorised representatives or your other professional advisors, where we are legally permitted to do so, or with your consent.
In most cases, you will be required to identify yourself when you deal with us. If you do not provide your personal information to us, we may not be able to accept you (or your associated company, employer, client or other entity) as a client or provide our services to you. We may also be unable to provide you with publications, brochures or newsletters that may interest you or tailor the content of our Sites to your preferences.
We may also collect data that relates to your use of and interaction with our Sites, which may include details of other websites you visited before arriving at our Sites, websites you may go to next, how long you remain on our Sites, and so forth. We may use this information for research or to improve our services and performance. We may analyse the data for certain trends and statistics, such as which parts of the Sites users are visiting most and how long they spend there, so that we may improve or adjust our Sites. This information does not identify you personally. This information is compiled and analysed on an aggregated basis.
Use and disclosure of personal information
We will use your personal information to:
- fulfil the purpose for which it was collected as stated or reasonably apparent at the time of collection;
- conduct our business;
- provide you with a service you have requested;
- promote goods or services we believe will be of interest to you;
- provide legal updates, publications, news or brochures that we believe will be of interest to you;
- implement the Terms and Conditions of Use governing our Sites;
- manage, develop and enhance our services, including our Sites;
- consider the suitability of prospective employees;
- comply with our legal obligations;
- do anything that is in our legitimate interests;
- protect our rights or property, any user of our Sites or any member of the public; or
- lessen or prevent a serious threat to a person’s life, health or safety.
We may also use and / or disclose your personal information for other purposes which you consent to or which are required or permitted by law. This may include for a secondary purpose that is related to a purpose for which we collected it, and for which you would reasonably expect us to use or disclose your personal information.
We may disclose your personal information to:
- our employees, related entities, contractors or third parties who perform services for us, including but not limited to, mailing houses or IT suppliers, couriers, cloud based service providers and debt collectors;
- any third parties that we engage on your behalf or which you engage directly in connection with the services we are providing to you including other specialist law firms and third party experts;
- our insurers and professional advisors, including our accountants, business advisors and consultants;
- regulatory bodies or government authorities in some cases;
- if we have your express consent to share the information; or
- if we are required or authorised by law to disclose the information.
We do not sell your personal information to other organisations or companies.
Occasionally we may use your personal information to send you details of our services and legal updates. Unless you were already part of our database legitimately collected or obtained prior to the commencement of the GDPR, we will obtain your consent to use your personal information for direct marketing activities. You will be given the option to provide your consent and you can withdraw your consent or opt-out at any time that you request by emailing us at firstname.lastname@example.org and put “unsubscribe” in the subject line. Our email marketing communications will also include an “unsubscribe” link.
Personal information which we collect and hold is stored within our locally housed data servers in Australia. We utilise some cloud based service providers for specific functions such as email and accounts, who may store certain information on our behalf on servers based in the United States. These service providers are engaged pursuant to terms of service requiring stringent privacy compliance in respect of this data.
Some of the third parties with whom we share personal information may be located outside Australia. While such third parties will often be subject to privacy and confidentiality obligations, you accept that where lawful, such obligations may differ from and be less stringent than the requirements of the privacy laws of Australia.
For UK and EU residents, this means that your data will almost certainly be transferred outside of the European Economic Area (“EEA”) when it is provided to us as we are based in Australia. Where your personal data is transferred by us to anyone else, we will ensure that this is only done with appropriate safeguards in place to protect personal data in compliance with applicable data protection legislation. Such measures may include (without limitation) transferring the data (i) to a third party in a country that has been identified as providing adequate protection for EEA data, or (ii) to a third party which has entered into standard contractual clauses adopted or approved by the European Commission, or (iii) to a third party in the US which is Privacy Shield certified.
Grounds for use and disclosure (UK and EU residents)
UK and EU residents, we may process your personal data as follows:
- where it is in our legitimate interests in carrying on our business (and these are not overridden by your rights), for example, identifying opportunities to improve our services to you and performing administrative and operational tasks;
- where it is necessary for the performance of a contract, for example, to verify your identity in a transaction;
- where we are under a legal obligation to do so;
- with your consent.
How long do we keep your information
We will only keep your information for as long as we require it. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.
We are required to keep some of your information for certain periods of time under applicable law, for example for 7 years or otherwise for the provision of legal services. We may also need to retain certain personal information after we cease providing our services to enforce our terms, for audit or insurance purposes, to identify or resolve legal claims and/or for proper record keeping.
We will take all reasonable steps to keep any information we hold about you secure, accurate and up to date. Our employees are required to respect the confidentiality of personal information and the privacy of individuals. Your information is generally stored on secure servers that are protected in controlled facilities. However, no guarantee can be given that information sent over the Internet is always 100% secure. Sending and receiving information over the Internet is at the user’s own risk, and we do not accept responsibility for any consequences of unauthorised access to your information.
How to access or update your information, or make any complaints
If at any time you want to know exactly what personal information we may hold about you, you may request details of that information by e-mailing us at email@example.com or firstname.lastname@example.org as applicable. We will endeavour to provide you with the information within seven days. If a fee will apply to compile your information we will let you know this in advance.
If we are unable to satisfactorily resolve your concerns or complaint, you can contact the Office of the Australian Information Commissioner (see website at www.oaic.gov.au), or the local regulator in your jurisdiction in Europe, as applicable.
Rights of UK/EU residents
UK and EU residents also have the following additional rights under the GDPR:
- the right to request that we erase their personal data (right to be forgotten);
- the right to obtain a copy of their personal data on request (as above);
- the right to transfer their personal data to another person or entity (right of data portability);
- the right to restrict or object to processing, or withdraw consent to processing; and
- the right to lodge a complaint with a supervisory authority (see above).
Please contact us as set out below, if you have enquiries in relation to the above.
Our contact details
Anisimoff Legal / SimplyCo
PO Box 3685
Erina NSW 2250
Tel: (02) 4331 0400