CCK Lawyers are respectful of your privacy, and committed to keeping your Personal Information private and confidential. This purpose of this policy is to outline how we manage your Personal Information.
What is Personal Information and why do we collect it?
‘Personal Information’ is information that can be used to identify you, or is unique or personal to you. Examples of Personal Information we may hold about you include your name, address, and contact details. In addition, if we have been instructed to act for you, we may hold Personal Information about you which relates to the matter in which we received those instructions.
We collect and use your Personal Information for the primary purpose of providing legal services, providing information to our clients and for the purpose of marketing our services to you. You may unsubscribe from any mailing or marketing lists at any time by contacting us in writing.
We never provide personal information obtained in the course of acting for you (including the fact that we act for you) to any other person without first obtaining your permission to do so, except where to do so is clearly within the scope of our instructions or the information is public knowledge. We never provide confidential information we obtain in the course of acting for you to other persons for the purpose of marketing.
When we collect Personal Information we will, where appropriate and where it is practicable to do so, explain to you why we are collecting the information and how we plan to use it. We set out more information about the personal information we collect from our clients in our terms of engagement.
Sensitive information is defined in the Privacy Act to include information about your racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.
Sensitive information will be used by us only:
for the primary purpose for which it was obtained;
with your consent or where to do so is clearly within the scope of our instructions; or
where required or authorised by law.
Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information about you by third parties. If so, we will take reasonable steps to ensure that you are made aware of the Personal Information about you provided to us by the third party.
Disclosure of Personal Information
Your Personal Information may be disclosed to third parties (including courts, tribunals, regulatory bodies, barristers and other sub-contractors, and other parties involved in your matter) where you consent (expressly or impliedly) to the use or disclosure.
Security of Personal Information
Your Personal Information is stored securely, in a manner that protects it from misuse and loss and from unauthorized access, modification or disclosure. Specifically, we store personal information:
at our offices;
at the premises of certain contractors (such as off-site archiving providers); and
digitally, including through the use of local servers and cloud-based online file management software.
When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy your Personal Information. However, most Personal Information we keep is stored in client files which are kept by us for a minimum of 7 years. Our dealings with your Personal Information are always subject to our obligations, as legal practitioners, to retain certain records which may contain Personal Information for defined periods or indefinitely.
Where your Personal Information has been provided to a third party sub-contractor (such as a barrister), our practice is generally to is provide that Personal Information only in circumstances where:
that third-party contractor is also under an obligation to keep that Personal Information confidential; and
that third-party contractor will return any copies of documents containing that personal information to us, or destroy such documents, after their engagement concludes.
Sometimes, in the course of acting for you, it is necessary to disclose your personal information to third-parties (including Courts, government agencies and other parties involved in your matter) in circumstances where we are not able to ensure its security. In these circumstances, our practice is:
to seek, as far as it reasonably practicable, to negotiate appropriate terms relating to confidentiality with that third-party; and
to make sure you are aware of, and consent to, such disclosure.
In the course of our practice, we make use of cloud-based software which may be hosted outside Australia. Except by making use of this software, we will not send any of your Personal Information overseas without first informing you.
integrity of personal information
Without limitation, we comply with the requirements of Part IIIC of the Privacy Act. That part sets out our obligations in relation to 'eligible data breaches', which include situations where Personal Information has been lost, compromised or inadvertently or inappropriately disclosed.
If we become aware that any personal information we hold has, or may have been:
lost or misplaced (including, without limitation, by a device on which the information is stored being lost or misplaced);
accessed in an unauthorised manner; or
disclosed in an unauthorised manner,
then we follow the procedure set out in paragraph 6.3 of this policy.
The procedure referred to in paragraph 6.2 is as follows:
Step 1: Contain the potential breach by taking immediate steps to limit any further access or distribution of the relevant Personal Information, or the possible compromise of other Personal Information.
Step 2: Assess the severity of the breach to decide whether the breach is likely to result in serious harm, by instigating an appropriate investigation of how the breach occurred, and evaluating the findings of that investigation. Where the breach is not likely to result in serious harm, we take appropriate steps to remedy the breach. In addition, where the breach is likely to result in serious harm, we also follow steps 3 to 4 below
Step 3: Notify the Australian Information Commissioner and any affected individuals of the breach in the manner prescribed by the Privacy Act.
Step 4: If appropriate, report the breach to other law enforcement agencies, such as the police, and (where appropriate) notify the Law Society of South Australia.
Access to your Personal Information
You may obtain a copy of the Personal Information we hold about you and update and, or, correct it. If you wish to access your Personal Information, please contact us in writing.
Maintaining your Personal Information
It is an important to us that any Personal Information we hold is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you are aware that the information we have about you is not up to date or is inaccurate, please advise us as soon as you can.
This Policy may change from time to time and is available on our website.
Questions and Complaints
If you have any questions about this policy, please contact any of our partners. If you wish to make a complaint about the way we have dealt with any Personal Information, or any other matters in relation to your privacy, please contact our Managing Partner at email@example.com, or through the form on our ‘Contact Us’ page.