1. Purpose of policy

This Privacy Policy applies to the collection, use, disclosure and handling of personal information by Corrs Chambers Westgarth and its associated entities (collectively “Corrs”, “we” or “us”), including personal information collected via our www.corrs.com.au website (the “Website”).

Corrs is committed to protecting the privacy of individuals and is bound by the Australian Privacy Principles set out in the Privacy Act 1988 (Commonwealth) (the “Act”). We will only collect, use or disclose personal information in accordance with the Act and this Privacy Policy.

Your use of the Website is also subject to the Corrs Website Terms of Use.

2. Collection

Corrs collects personal information from you in a number of different ways. We may collect personal information directly from you or in the course of our dealings with you, for example when you:

  • provide personal information to us;
  • apply for a position of employment with us;
  • use our website or services (including via cookies); and
  • contact and correspond with us, for example to ask for information.

We may also, if you consent, collect personal information about you from another Corrs group entity, from publicly available sources of information, or in some cases, from third parties including recruitment agencies, previous employers, government departments (eg Department of Immigration and Border Protection) and third party service providers which provide criminal, bankruptcy and other checks.

The personal information we collect about you may include (but may not be limited to) your name, date and place of birth, contact details, Internet Protocol (IP) address, occupation and education/work history, employer, legal and industry areas of interest, passport details and information relating to your dealings with Corrs and our clients.

We may also collect sensitive information about you, including health information and criminal background checks.

The purposes for which we collect your information may include:

  • verifying your identity;
  • contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner);
  • providing you with legal services or legal information;
  • undertaking conflict searches for our own purposes and the purpose of determining if we can represent a client or potential client;
  • acting for a client when it acquires a business with employees;
  • acting for a client in litigation against an individual;
  • acting for a client in a matter against an individual (eg an employment matter); and
  • developing and improving our services and obtaining feedback.

If we are not able to collect personal information about you we may not be able to provide you with products, services and assistance to the extent that they require us to collect, use or disclose personal information.

3. Use and disclosure

Corrs may use or disclose your personal information for the purpose for which it was collected. We will also use and disclose your personal information for a secondary purpose that is related to a purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that secondary purpose.

Other instances when we may use and disclose your personal information include:

  • where you have expressly or impliedly consented to the use or disclosure;
  • in confidence, to our advisers and insurers;
  • in confidence, to third parties to improve our services and obtain feedback; and
  • where the use or disclosure is authorised or required by or under an Australian law or court/tribunal order.

We may also disclose your personal information to third parties, including:

  • share your personal information amongst other Corrs group entities, which comprise Corrs Holdings Pty Ltd, Corrs Nominee Holdings Pty Ltd, Corrs Support Services Pty Ltd and Corrs Enterprises Pty Ltd;
  • share your personal information with our advisors and consultants; and
  • with third party service providers we use in conducting our business, subject to confidentiality provisions as we deem appropriate (including, without limitation, insurance brokers, banks, external photocopying providers, document production, legal outsourcing providers, billing or data storage services, email filtering, virus scanning and other technology services providers, and archival services providers).

Some of the third parties to whom we disclose your personal information may be located outside Australia.

For example, we may disclose your personal information to external national or overseas facilities in the course of conducting information and data processing, back up and scanning or for the purposes of obtaining other services from third parties.

The countries in which these third parties are located will depend on the circumstances. However, in the course of our ordinary business operations we commonly disclose personal information to third parties located in the following countries:

  • the United States of America;
  • selected European Union countries; and
  • the United Kingdom.

4. Information about events, the Website and our services

We may contact you via email, SMS or other means in order to provide you with updated information about the Website, in relation to events or to provide you with other information about our services. If you do not wish to receive any such information, please contact us as set out below.

5. The information we keep about you

You have a right to request access to or correction of your personal information held by us. If you wish to access, correct or update any personal information we may hold about you, please contact us as set out below. However, we may charge for providing access to this information and we may refuse access where the Act allows us to do so.

6. Notifiable Data Breaches Scheme

In the event of any loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, Corrs will investigate and notify you and the Australian Information Commissioner as soon as practicable, in accordance with the Privacy Act 1988.

7. Complaints process

If you have any questions or concerns about our collection, use or disclosure of personal information, or if you believe that we have not complied with this Privacy Policy or the Act, please contact us as set out below. The Privacy Officer will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. When contacting us, please provide as much detail as possible in relation to the query, issue or complaint.

We will take any privacy complaint seriously. We will aim to resolve any such complaint in a timely and efficient manner, and our target response time is 30 days. We request that you cooperate with us during this process and provide us with relevant information we may require.

We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Office of the Australian Information Commissioner (which is the regulator responsible for privacy in Australia):

Office of the Australian Information Commissioner (OAIC)

Complaints must be made in writing

Phone

1300 363 992

Mail

Director of Compliance

Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 2001

Website

www.oaic.gov.au

8. Storage and security of your personal information

Corrs will take reasonable steps to keep any personal information we hold about you secure. However, except to the extent liability cannot be excluded due to the operation of statute, Corrs excludes all liability (including in negligence) for the consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.

We may store your files in hard copy or electronically in our ordinary IT systems. These may include Australian-based cloud servers or the servers of third parties within Australia.

When we have disclosed your personal information to third parties, as described in section 3 of this Privacy Policy, your files may be stored by or transferred to entities located outside of Australia. The storage or transfer of your personal information by these third parties will be subject to confidentiality provisions as we deem appropriate.

We implement a range of physical and electronic security measures to protect the personal information that we hold, including:

  • key card-restricted access to all offices;
  • mandatory password protection on all computers (users are required to change their passwords at regular intervals);
  • hardware encryption on desktops, laptops and portable storage devices;
  • secure hard copy document, electronic storage media and hardware disposal procedures;
  • firewall and antivirus/malware software; and
  • systems and application access controls implemented to restrict access to information (on a need to know basis).

Staff receive periodic bulletins on security issues, to foster a security aware culture. We also have a regular review program to test the security measures in place and identify where changes may be necessary or desirable.

9. Changes to this Privacy Policy

The date of this Privacy Policy is set out below. We may change this Privacy Policy at our discretion. By continuing to use the Website, or otherwise continuing to deal with us, you accept this Privacy Policy as it applies from time to time.

10. Contact us

Please direct any privacy issues or queries to Corrs’ Privacy Officer on +61 2 9210 6243 or at [email protected].