CG Law (Trading) Pty Ltd ACN 143 426 028 trading as Clifford Gouldson Lawyers ABN 89 143 426 028, its subsidiaries and affiliates in Australia (together as “CGLaw”, “we” or “us”) are committed to protecting and managing your personal information in accordance with the Australian Privacy Principles (APPs) established under the Privacy Act 1988 (Cth) (Privacy Act).
Broadly speaking, when we are referring to personal information, we are referring to information or an opinion about you, or information that is reasonably recognisable as you. This may include information or an opinion about you that may or may not be accurate, and whether the information or opinion is recorded in a hardcopy form or not.
Additionally, when we refer to sensitive information, we are referring to certain personal information that is more sensitive and may include health information or details of memberships of professional associations. Sensitive information is afforded a higher level of privacy protection and requires us to obtain your consent before collecting this type of information.
When we refer to health information, we are referring to certain information or opinions about a person’s physical, mental or psychological health or disability, that is also personal information – whether in writing or not. This includes information or opinion about a person’s health status and medical history, immunisation status and allergies, as well as counselling records.
CGLaw is Australian based and offers a range of services in the legal industry. CGLaw offers services such as the provision of legal advice and information as well as purchasable legal documents through an online platform.
What information we collect
We only collect personal information (and sensitive information) that is necessary for, or related to, conducting our business, assessing and managing our customers and business needs or for one or more of our functions or activities.
The types of information that we collect will vary depending on the circumstances of collection and the kind of service that you request from us, and may likely include:
- Contact Information & Personal Data: your name, date of birth, age, gender, address, email address, telephone details and tax file numbers.
- Payment Details: your credit card, bank account details, and billing information to complete purchases.
- Health Information: if you intend to use our services or become a client of ours and where your health status and information may require to be considered;
- Financial Details: your financial details and occupation, which may include budget information, wages/salary information, and general expenditure.
- Identification Documents: your driver’s licence, passport or other photographic identification documents.
- Photographs & Videos: any pictures, videos, sound recordings and other audio-visual recordings that we take of you.
- Employer & Profession: your professional details and information about your employer or an organisation that you represent.
- Social Media Handles: your social media handles and other personal websites and profiles.
- Geo-Location & Locality Information: when you use our services, then we may collect your current or last known location which is used in the determination of your locality from other individuals. We may achieve this through various methods, including collecting your Wi-fi, Guidance Positioning System (GPS), Cellular or other technology in your electronic device or web browser.
- Cookies & Other Device Information: your session cookies and persistent cookies when you visit our website, your device type, browser type, Internet Protocol (IP) address, your URL information, the date and time (including time zone) of your visit, the pages you have accessed on our websites and third party websites, your software and hardware information concerning your mobile device or computer. You can choose to accept or decline cookies. Most web browsers automatically accept cookies but you can usually modify your browser settings to decline cookies if you prefer. This may, however, prevent you from taking full advantage of the Website.
- Interaction & Behavioural Information: your interactions, use, habits, behaviours when dealing with us, our website, other platforms (whether embedded in our website or otherwise) and other applications.
- Employment Information: if you apply for employment with us, then your previous employment history, memberships or affiliations with associations, education history, details of your next of kin and referee details.
- Other Information: any other administrative and additional information that you provide to us or authorise us to collect.
How we collect your information
We collect personal information from you in many different ways. For example, we may collect your personal information through our website or mobile sites, when you visit one of our offices or venues when you contact us or visit one of our social media sites (such as Facebook, Twitter or Instagram). We may receive information about you that we have taken no active step to collect. If this occurs, then we may keep records of this information or choose to destroy or de-identify the information.
There are other ways in which we are likely to collect personal information, and these may include:
- enquiring with us or signing up to our mailing list or marketing material.
- if we take a photograph, video or other audio-visual recordings of you.
- by entering into a competition or promotional event or activity.
- by submitting feedback or participating in a survey, market research or other promotional activity that we (or an agent of ours) conducts.
- through submitting any enquiry or application for employment.
- via mobile device applications, widgets and other interactive features used or owned by us (together “App”).
- through using surveillance and security cameras that capture your image.
We may collect personal information about you from other sources, and these may include:
- an authorised person acting on your behalf.
- our affiliated and related companies.
- third-party agents, suppliers and contractors who assist us in operating our business.
- recruitment service providers and any referees provided on employment applications.
- payment and debit service providers processing and managing the transaction on our behalf.
- your friends through a marketing or promotional activity that we conduct.
- marketing research service providers that we engage.
- through our social media platforms and from people that you are connected with on these platforms.
You can always decline to give us your personal information, but that may mean that we cannot provide you with some or all of the products and services you have requested.
Why we collect your information
The purposes for which we collect and use your personal information depends on the nature of your interaction with us but may include the following circumstances:
- responding to requests for information, feedback and other general enquiries;
- communicating with you and confirming your identity;
- providing you with our services or the purpose requested;
- processing your purchases, orders, transactions or sales, including the processing of payments, arranging shipping and providing you with tax invoices or order confirmations;
- informing you about our business and service offerings, news, updates, direct marketing material and event invitations (including through our social media platforms for our convenience);
- for data and marketing research and developing and improving our product and service offering;
- processing our recruitment and employment processes (including for volunteers, internships and work experience);
- administering activities, events, contests or promotions;
- for any other purposes (including secondary purposes) that you would reasonably expect; and
- to enable us to comply with our obligations under the law.
Disclosing your information
During the conduct of our business, we may disclose your personal information in a variety of circumstances, including to the following parties:
- our affiliates, subsidiaries and related entities;
- our engaged third party contractors, agents, suppliers who provide or perform different products and services for us;
- commercial partners under an agreed information sharing arrangement;
- payment and debit service providers and processors, including credit reporting agencies;
- our marketing research service providers and digital marketing agents;
- third party website service providers and website plugin or widget service providers;
- our third-party e-commerce platform service providers engaged in offering our range of products and services to you for purchase;
- our professional advisors, such as our lawyers, accountants and financial advisers;
- the relevant courts, tribunals or regulatory authorities and law enforcement bodies;
- anyone else to whom you authorise us to disclose your information or that would be reasonably expected; and
- any other company or individual that it is necessary to disclose your personal information to enable us to provide you with the products or services that you have requested.
By providing us with personal information, you consent to this disclosure.
We also use Google Analytics to help us understand how our customers and clients use our platforms, products and services. You can read more about how Google uses your Personal Information via https://www.google.com/intl/en/policies/privacy/. You may also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
If there is a change of control of our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser. We would seek to only disclose information in good faith and where we have sought to maintain confidentiality.
Do we disclose information to overseas recipients?
Your personal information may be transferred abroad or stored overseas for a variety of reasons. It is not possible to identify each country to which your personal information may be sent. If your personal information is sent to a recipient in a country with data protection laws that are at least substantially similar to the APPs, and where there are mechanisms available to you to enforce protection of your personal information under that overseas law, we will not be liable for a breach of the APPs if your personal information is mishandled in that jurisdiction. If your personal information is transferred to a jurisdiction that does not have data protection laws as comprehensive as Australia’s, we will take reasonable steps to secure a contractual commitment from the recipient to handle your information following the APPs.
Protection, storage and how we hold your personal information
CGLaw takes reasonable steps to protect your personal information from unauthorised access, use, or disclosure. For example, we maintain computer and network security, i.e. we use firewalls (security measures for the internet) and other security systems such as identifiers and passwords to control access to our computer systems.
With that in mind, there is no method of transmission over the internet or through electronic storage through our engaged providers that is fully secure. We cannot guarantee the security of your personal information. If we are required by law to inform you of any unauthorised access, use, or disclosure of your personal information, then we will notify you electronically, in writing or by telephone (if required and permitted to do so by law).
Our websites do not necessarily use encryption or other technologies to ensure the secure transmission of information via the internet. Anyone using our website is encouraged to exercise care in sending Personal Information via the internet.
We hold and store your personal information in any of the following ways:
- paper-based files; or
- electronic record keeping methods; and
- trusted third party storage providers based in Australia and overseas, including cloud-based storage providers.
Your personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed). We take reasonable steps to protect your personal information from misuse, interference and loss and unauthorised access, modification or disclosure.
Your personal information is generally usually collected in electronic form for use or storage with the third-party storage provider that we engage.
Your personal information is generally usually collected in electronic form for use or storage with the third-party storage provider that we engage.
The choices that you can make about your personal information
You can request your Personal Information to:
- be destroyed; or
- be de-identified; or
- be accessed; or
- be provided to you as a copy,
at any time by request to our Privacy Officer using the contact details provided below. We may not be able to entertain your request if it is unlawful to do so or is otherwise impractical or unreasonable to do so. We provide more information below:
Deleting your personal information
Your personal information is kept in our records until you request us to delete this information or as long as necessary to provide our products and services to you and for legitimate and essential business purposes, such as complying with our legal obligations or settling disputes. This means that your personal information can be held for some time.
Remaining Anonymous & De-Identification
We require you to provide specific details and information to provide our products and services to you. We provide everyone with the opportunity of staying anonymous or using a pseudonym in their dealings with us where it is lawful and practicable (for example, when making a general enquiry). Generally, it is not possible for us to deal with you anonymously or pseudonymously on an ongoing basis. If we do not collect your personal information, you may not be able to utilise the products or services, participate in our events, programs or activities we manage or deliver.
Accessing or correcting your personal information?
You can access or request a copy of your Personal Information held by us by sending us a request. You will not be charged for requests to access your Personal Information, but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
On occasions, we may decline your request to access or correct your Personal Information in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your Personal Information about the requested correction.
Updating your personal information
You are responsible for ensuring that your Personal Information with us is accurate and updated regularly. We will take reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, complete and up to date. You can help us to do this by letting us know if you notice errors, inaccuracies or discrepancies in the information we hold about you and letting us know if your details change.
Direct Marketing Material – Unsubscribing and Opting-out
We may use or disclose your personal information to inform you about our services, upcoming promotions and events, or other opportunities that may interest you. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below.
If you opt-out of receiving marketing material from us, then we may still contact you concerning our ongoing relationship with you.
General data protection regulation – GDPR Compliance
GDPR stands for the General Data Protection Regulation and is effective as of 25 May 2018. GDPR replaces national privacy and security laws that previously existed within the European Union (the EU) with a single, comprehensive EU-wide law that governs the use, sharing, transferring and processing of any personal data that originates from the EU.
In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our website does not explicitly target customers located in the European Union, and we do not monitor the behaviour of individuals in the European Union, and accordingly, the GDPR does not apply.
Making a complaint
Complaint handling process:
The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps that can be taken to resolve the complaint. We will contact you within thirty (30) days of the date we receive the written details of your complaint to acknowledge that we have received it. We may ask you to provide further information about your complaint and the outcome you are seeking.
Our Privacy Officer will review the way we dealt with your Personal Information, conduct an internal investigation (if necessary) into the complaint and will respond to you within thirty (3) days of the date we acknowledged receipt of your complaint. If the matter is complicated or our investigation may take longer, we will let you know.
If you are not satisfied with the outcome of your complaint you may refer the matter to the Office of the Australian Information Commissioner (OAIC). Telephone: 1300 363 992.
OAIC email address: firstname.lastname@example.org
OAIC complaints page: http://www.oaic.gov.au/privacy/privacy-complaints
Please contact our Privacy Officer at the following:
Attention: Privacy Officer