Mahoneys (we, us or our) values your privacy. We are committed to meeting or exceeding our obligations under the Australia Privacy Principles, the Privacy Act 1988 (Cth) (Privacy Act) and Spam Act 2003 (Cth).
Who we are?
We are a law firm that provides legal services to Australians and those doing business in Australia.
If you have any questions about our use of your personal information, please use the following contact details:
Address: Level 18/167 Eagle Street, Brisbane Qld 4000
Phone: (07) 3007 3777
Fax: (07) 3007 3778
Personal information & why we collect it?
Personal information is any information or an opinion about an identifiable individual, or an individual who is reasonably identifiable.
We may collect personal information that you choose to provide us or from interactions that you have with us. This may include your name, job title, address, contact number, email address or other identification details (for example, your drivers’ licence, tax file number, or passport number) and other information provided in communications with us.
We collect personal information for a range of purposes, including to:
- respond to queries you have;
- confirm who you are;
- supply legal services;
- facilitate payment for our services;
- arrange for services to be supplied to clients by third parties where appropriate (for example, searches, filings, lodgements and related services);
- analyse client needs; and
- meet legal and regulatory requirements.
We will also process your personal information for particular purposes that you consent to.
We will not collect sensitive information about you (for example, racial origin, religious beliefs or health information) unless this is necessary for, or directly related to, one of our functions or activities and you have consented to that collection, or we are otherwise able to by law.
How we collect your personal information?
Much of the personal information that we hold is collected when you contact us via our website or complete documentation required for you to become our client. We may also collect personal information in other ways, for example:
- if you contact us with a query (whether in person, or by phone or email);
- when you provide us with your business card at a meeting or event;
- from other law firms who may represent you;
- from related service providers, contractors or government bodies; or
- from publicly available sources.
As part of instructions from some of our clients, we may also process personal information relating to, but not limited to, our client’s workers, opponents or vendors.
How long will we keep your personal information?
Whenever we collect or process your personal information, we’ll only keep it for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements.
If we determine that personal information has been obtained that we did not solicit, and that information is not contained in a Commonwealth record, we will as soon as practicable and where reasonably able to, destroy the information or ensure it is de-identified.
Third party collection of information
Sometimes, we may collect your personal information from third parties, for example where we have arranged for third parties to supply you with products and services and those third parties provide us with information about the products or services that you have obtained from them. Other third parties that we may collect personal information from include:
- Court or tribunal records;
- Law enforcement and government bodies;
- Search agencies;
- Public registries;
- Referrers or recruitment agencies; and
- Online searches and social media.
When do we disclose personal information to third parties?
We may disclose personal information to third parties in the course of providing legal services to you. In particular, your personal information may be disclosed to:
- IT service providers;
- various professional experts, including accountants and tax advisers;
- document management services;
- regulators or tax authorities;
- other external service providers and organisations that provide us with services; or
- other law enforcement and government bodies.
We may also disclose personal information to third parties where required or authorised by law to do so or with your consent.
Website and cookies
Some of the information that is collected on our website is not personal information, because it does not reveal your identity. For example, we may record your server address, domain name, the date and time of your visit to this site and the pages that you viewed. This information is used by us in an anonymous, aggregated form and only for statistical and web site development purposes.
A cookie is a small data file that a web site transfers to your internet browser for identification purposes. The cookies that we use do not identify you individually. Instead, they identify your internet browser.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can however limit the functionality of our website.
We may also receive technical data if you visit other websites employing our cookies including, analytics providers such as Google, advertising networks, and search information providers. We consider that the collection of this information is necessary to pursue our legitimate interests in a way which might reasonably be expected (for example, to analyse how our clients use our services, to develop our services and grow our business) and which does not materially impact your rights, freedom or interests.
Newsletters, reminders and direct marketing
From time to time, we may use your personal information to send you newsletters relating to legal issues that may be of interest to you and information about our services. If you do not wish to receive commercial electronic messages from us, please use the unsubscribe facility or contact us.
We may use cloud storage to store the personal information we hold about you. The cloud storage and the IT servers may be located outside Australia. We or our affiliates may disclose your personal information to overseas entities in countries including the United States and the United Kingdom.
If we collect government identifiers, such as your tax file number, we will not use or disclose this information other than as required or authorised by law.
We take precautions to protect your personal information that we hold from misuse, loss, unauthorised access, modification or disclosure.
Some of the ways that we protect personal information include:
- external and internal premises security;
- restricted access to personal information to staff who need it to perform their day to day functions;
- maintaining technology products to prevent unauthorised computer access, including identifiers and passwords; and
- maintaining physical security over paper records.
What if you don’t provide your personal information to us?
Given the nature of our business and the services we provide we are unable to use pseudonymity in relation to information that you provide. If we are unable to collect personal information from or about you, it may be difficult, or we may not be able to, do business with you or your organisation.
Updating personal information and security
We rely on the personal information we hold in conducting our business. We take reasonable steps to ensure that the personal information we hold is accurate, complete and up-to-date. Please keep us informed if any of the personal information you have provided us changes during your relationship with us.
Access to your personal information
We will provide you with access to the personal information we hold about you (unless we are entitled to rely on an exemption under relevant legislation). Depending on the amount of information requested, we may charge an access fee to cover the cost of retrieving the information and supplying it to you. Depending on the type of request that you make, we may respond to your request immediately. Otherwise, we will usually respond to you within seven days of receiving your request. If we deny or restrict your access, we will explain why. Similarly, in some limited circumstances we may not make requested corrections to personal information, in which case we will provide you with reasons for this decision.
If any of the personal information we hold about you is incorrect, inaccurate or out of date, you may request that we correct the information. If appropriate, we will correct the personal information at the time of the request. Otherwise, we will usually provide an initial response to you within seven days of receiving your request. Usually we will provide you with details about whether we have corrected the personal information within 30 days.
We may need to consult with other entities to respond to your request. If we refuse to correct your personal information, we will provide you with our reasons for not correcting the information.
Job applicants and employees
Any personal information provided to us in connection with job applications may be used to consider the applicant for current and future employment and may be disclosed to our third party advisors to assist us in the selection and recruitment process. We will not process any sensitive or special personal information unless we are able to do so by law or with your express consent.
If you have any concerns about the way your personal information is managed by us, or you have a complaint about our compliance with the Privacy Act, please contact us on the details at the start of this policy. We will usually acknowledge your complaint within seven days, and provide you with a substantive response to your complaint within 30 days. If you are dissatisfied with our response you may make a complaint to the Privacy Commissioner who can be contacted via the Office of the Australian Information Commissioner website (www.oaic.gov.au) or on 1300 363 992.
We are committed to keeping your information secure. In the event of any notifiable data breach, we will notify you of the breach in accordance with the Australian notifiable data breaches scheme.