William James is committed to providing quality legal services to our clients. As part of our commitment, we ensure compliance with the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act 1988 (Cth) (Privacy Act).
The APPs govern how we collect, use, disclose, hold, secure and dispose of Personal Information. A copy of these principles is available at: https://www.oaic.gov.au/privacy-law/privacy-act/australian-privacy-principles.
What is Personal Information?
Personal Information is defined in the Privacy Act as information or an opinion about a reasonably identifiable individual whether true or not and whether recorded in a material form or not.
Examples of Personal Information include names, addresses, email addresses and contact numbers. This information may be obtained in a variety of ways.
We will only collect Personal Information reasonably necessary for, or directly related to, the functions and activities of our service. We will only collect Personal Information by lawful and fair means.
We collect Personal Information by correspondence with clients, government agencies and third parties. Personal Information is held by us on our internal database or in hardcopy form. The purposes for which we collect, hold, use and disclose Personal Information are those purposes directly and indirectly related to providing legal services.
What is Sensitive Information?
Sensitive Information is defined in the Privacy Act as information or an opinion about certain things relating to an individual. These things are set out in s 6 of the Privacy Act.
Examples of Sensitive Information include an individual’s racial or ethnic origin, political, religious and philosophical beliefs or opinions, membership of a trade union or professional, trade or political association, sexual orientation or practices, criminal record or health information.
We will only collect Sensitive Information reasonably necessary for, or directly related to, the functions and activities of our service with your consent.
We will only collect Sensitive Information from you unless it is unreasonable or impractical to do so.
What if we receive unsolicited Personal Information?
We may receive Personal Information in the usual course of business. In the event we do, we will destroy the information or ensure its de-identification if it is lawful and reasonable to do so.
However, we will not do so if we could have otherwise lawfully collected the information under the APPs.
How will I know if my Personal Information has been collected?
If we collect Personal Information, we will take such steps, if any, as are reasonably necessary in the circumstances to ensure the individual is made aware of certain matters set out in APP 5.
Use and Disclosure of Personal Information
If we collect Personal Information for a particular purpose (primary purpose), we will ensure the information is only used or disclosed for another purpose (secondary purpose) if:
- you have consented to that use or disclosure;
- you would reasonably expect us to use or disclose that information for the secondary purpose; and
- if the information is Sensitive Information, it is directly related to the primary purpose; or;
- if the information is not Sensitive Information, it relates to the primary purpose; or
- the use or disclosure is required or authorised by law; or
- a permitted general situation exists in relation to the use or disclosure of the information.
Disclosure of Personal Information overseas
In the event we are required to disclose Personal Information to a person who is overseas and not employed by William James, we will take such steps as are reasonable in the circumstances to ensure the person does not breach the APPs.
Quality and security of Personal Information
We will take such steps, if any, as are reasonably necessary in the circumstances to ensure that Personal Information we collect, use or disclose is accurate, up to date and complete.
We will take such steps as are reasonably necessary in the circumstances to protect Personal Information we hold from misuse, interference, loss, unauthorised access, modification or disclosure.
If we hold Personal Information no longer needed for any purpose for which it may be used or disclosed under the APPs and we are not required by law to retain the information, we will take such steps as are reasonably necessary to destroy or de-identify the information.
However, most Personal Information will be retained by us for a minimum of 7 years.
Requesting access to Personal Information
If requested by an individual, we will provide access to the Personal Information we hold about them. We may refuse access in certain circumstances set out in APP 12 and we will provide notice of such refusal.
To request access to Personal Information, please send an email to email@example.com or call us on (02) 9925 3222.
Correcting Personal Information
We will take such steps, if any, as are reasonably necessary in the circumstances to correct any Personal Information we hold to ensure it is accurate, up-to-date, complete, relevant and not misleading. If requested by an individual, we will ensure the same with regard to Personal Information disclosed to third parties.
To request the correction of Personal Information, please send an email to firstname.lastname@example.org or call us on (02) 9925 3222.
A data breach is an eligible data breach where a reasonable person would conclude that there is a likely risk of serious harm to any of the affected individuals as a result of the unauthorised access or unauthorised disclosure. In the event of such a breach, we will notify the affected individual and Privacy Commissioner of the breach and its surrounding circumstances and make recommendations about how the affected individual can protect themselves.
If an individual is concerned we have breached the APPs or an APP code, please send an email to email@example.com or call us on (02) 9925 3222. We will consider the complaint and respond as soon as practicable.