The Rouse Lawyers Privacy Policy Effective from 19 June 2014
1. Introduction
Rouse Lawyers (ABN 83 352 813 372) and Rouse Pty Ltd (“Rouse Lawyers Services”) (together we, us or our) has adopted this Privacy Policy, in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (APPs), to outline how we deal with “personal information”, which is information about an individual whose identity is apparent, or can reasonably be ascertained, from that information (Personal Information).
Most of the Personal Information that we collect is collected in conjunction with the legal services that Rouse Lawyers provides to its clients (Services).
2. The kinds of Personal Information that we collect and hold
For the purpose of conducting our business and providing the Services, we may collect the following categories of Personal Information about individuals:
(a) (Identity Information) name, signature, location, website address, date of birth, nationality, license & registration details, bank account details, family details, employment details, educational qualifications and third-party usernames;
(b) (Contact Information) email address, social media profiles, telephone & fax number, third-party usernames, residential, business and postal addresses;
(c) (Finance Information) information and records about individuals’ finances;
(d) (Internet Data) Internet Protocol or “IP address”, referring web site addresses, browser type, operating system, domain name, access times and other data typically collected by analytics services like Google Analytics; and
(e) (Business Information) information about individuals’ business or projects, including information on professional affiliations or services offered.
The APPs categorize certain types of Personal Information as “sensitive information” (Sensitive Information). Included in this category is health information. We may collect and share between us sensitive information from individuals about their health, health services or wishes regarding health care. It is sometimes necessary for us to collect this information for the purposes of estate planning.
If an individual engages Rouse Lawyers to provide estate planning legal services, they consent to our collection, use and disclosure of this health information for the purpose of providing our legal services, in accordance with this Privacy Policy.
3. How we collect Personal Information
We collect Personal Information in three main ways:
(a) from the individual to whom the information relates;
(b) from third parties; and
(c) via automated electronic means.
We collect Personal Information about individuals when an individual:
(d) (Contact) contacts us via any medium, including telephone, fax or email;
(e) (Services) provides information to use in the course of seeking our legal services, or in the course of our providing those services.
We collect Personal Information about individuals from other entities when:
(a) (Referrals) a third party refers us business;
(b) (Client documents) we obtain access to client documents containing Personal Information, such as emails, customer databases and contracts.
We collect Personal Information via the following automated processes:
(c) (Logs) when you visit our webpage, our server may log details about your visit such as your IP address, the time and duration of your visit, the link from which you visited, and information about your browser and operating system;
(d) (Cookies) our webpage will likely place a cookie on your hard drive when you visit our website.
Rouse Lawyers and Rouse Lawyers Services share personal information so that Rouse Lawyers services can obtain administrative, secretarial and data processing services to facilitate the provision of the Services.
4. How we hold Personal Information
We hold and store Personal Information using:
(a) (Storage Services) third party data storage services, which are businesses that professionally manage information technology infrastructure;
(b) (Software Services) third party application providers, where we use an application for the purposes of our business and store data in association with that application on infrastructure provided by those third party application providers;
(c) (Business Devices) devices operated by employees, contractors or agents of our business including computers and thumb drives; and
(d) (Paper Files) printed paper and archival storage services.
We may combine or link Personal Information about you that we collect on one occasion, with Personal Information about you that we collect on other occasions.
We and our employees, contractors and other authorised representatives will take all reasonable precautions to protect Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
We secure Personal Information that we collect by:
(e) (Credentials) using authentication credentials for each portion of the data storage infrastructure that we control in accordance with industry or accepted practice;
(f) (Passwords) using software to generate passwords that are less vulnerable to “brute force” attacks;
(g) (Session Expiry) Forcing time-out of authentication sessions and requiring re-authentication to minimise risk associated with idle connections;
(h) (Firewalls) Using both server and network firewalls to control access points in and out of the data storage infrastructure; and
(i) (Reputable Vendors) ensuring that the third party providers holding data and information on our behalf are reputable vendors taking reasonable steps to secure the information.
By using any part of the Services, individuals acknowledge that the security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Individuals provide information, including Personal Information, to us via the Services at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
By using any part of the Services, individuals acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose or transfer Personal Information to in accordance with the Privacy Policy or any applicable laws). The collection and use of Personal Information by such third parties may be subject to separate privacy and security policies. Individuals acknowledge also that neither of us is responsible for the privacy or security practices of the other.
5. The purposes for which we collect, hold, use and disclose Personal Information
We collect, hold and use Personal Information for the purpose of providing the Services to individuals, since the Services often involve dealing in Personal Information. This includes holding and using the Personal Information so that we can:
(a) (Identify)identify individuals for the purpose of providing the Services;
(b) (Communicate) communicate with individuals for the purpose of providing the Services, including communications about our goods and services; marketing and promotions; and competitions, surveys and questionnaires; and
(c) (Transact) transact with individuals for the purpose of providing the Services.
We tend not to use information collected via automated means to identify specific individuals. Rather, it is generally used for data analysis. For example, we may use cookies and log information to ascertain the number of unique visitors to our website, whether or not those visitors are repeat visitors, and the source of the visits.
6. Sharing Personal Information
We share, use and disclose Personal Information so that we can represent our client’s interests in litigation, and in commercial dealings. For example, our clients’ personal information would be included on court documents, pleadings, on contracts and in formal and informal legal correspondence.
We use third party hosted platforms including Trello (www.trello.com), Slack (slack.com/privacy-policy), CodePact (www.codepact.com) and Outlook email to manage our practice. It is not usual for these organisations to access information we manage on their platforms. The web servers for these apps are located overseas.
We also disclose Personal Information to companies that we work with to provide us with administration, secretarial and data processing services, such as ActionStep. Such processing is designed to make our Services more efficient. For information on disclosures to overseas recipients, see below.
7. How an individual may access and correct Personal Information
Individuals have a right to:
(a) request access to the Personal Information that we hold about them; and
(b) correct Personal Information that we hold about them.
If an individual wishes to access the Personal Information that we are holding about them, or correct Personal Information that we are holding about them, they can contact us using the following details:
Position Title: | Administration |
Telephone: | (07) 3667 9696 |
Email: | [email protected] |
Postal Address: | Locked Bag 22, Fortitude Valley BC QLD 4006 |
We reserve the right to refuse access where there are reasonable grounds for doing so, for example if
(c) the request is frivolous; or
(d) providing access would be unlawful or would compromise the privacy of another person.
8. How an individual may complain about an APP breach, and how it will be handled
(a) If an individual has a complaint relating to an alleged breach of the APPs, he or she should contact us in writing using the details listed in the previous section of this Privacy Policy.
(b) When an individual notifies us of a complaint about our handling of his or her Personal Information, we will deal with the complaint by responding to it in writing within 14 days.
(c) We will endeavour to work with the individual complaining to resolve the complaint entirely within 30 days, although that period may be longer if it is reasonable.
(d) If an individual is unsatisfied with our response, the individual may refer the complaint to the Office of the Australian Information Commissioner (http://www.oaic.gov.au/).
9. Disclosure of Personal Information to overseas recipients
(a) We disclose Personal Information to overseas contractors in the Philippines and United States for the purposes of administration, secretarial services and data-processing services.
(b) Individuals who disclose personal information to us for the purpose of obtaining the Services consent to the disclosure of their personal information to such contractors, for those purposes.
(c) Overseas recipients are not bound by the APPs. The privacy protection in their countries may not meet Australian standards.
(d) If you consent to this overseas disclosure:
(i) you will not be able to rely on the avenues provided by the APPs to protect and enforce your privacy in relation to anything that overseas recipient does with your personal information; and
(ii) we will not be accountable for the overseas recipient’s use of your personal information.
(e) In any event, we take reasonable steps to ensure that the Personal Information that we transfer to overseas recipients will not be held, used or disclosed by the recipient of the information inconsistently with the APPs.