Maurice Blackburn Pty Ltd (ACN 105 657 949)
Maurice Blackburn Pty Ltd and its related entities (collectively 'Maurice Blackburn', 'we', 'us', 'our') respect your privacy and aim to avoid interference with your privacy in your dealings with us. We will collect, handle and process your personal data with the utmost care and in accordance with the law.
How we handle and process information about you is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles ('APP') (collectively, the 'Privacy Laws'). Maurice Blackburn is an APP regulated organisation and this statement explains our obligations and how we manage information about you. In some circumstances, European Union ('EU') data protection laws may apply to the processing of your personal data. For the purposes of EU data protection law, including the General Data Protection Regulation (EU 2016/679) ('GDPR'), the data controller is Maurice Blackburn Pty Ltd.
1. Kinds of information we manage
We collect, receive, use, disclose and manage the following types of information:
'Personal data' or 'personal information' which is information or an opinion about an identified natural person or reasonably identifiable natural person, whether true or not and whether it is recorded in a material form or not. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples include an individual's name, date of birth, signature, address and contact details, occupation, employment history, family situations, bank account details, financial and tax information, IP address. Unless specified otherwise, 'personal data' or 'personal information' includes GRI.
'Sensitive information' (also referred to as 'special categories of personal information') is a sub category of personal information and includes information or opinion about an individual's racial or ethnic origin, political opinions and affiliations, religious or philosophical beliefs, membership of professional or trade associations or of a trade union, sexual orientation or practices, criminal record, health information including information about physical and mental health, notes on symptoms, diagnosis, disability and treatment, information about suitability for work and other health related information.
'Government Related Identifiers' ('GRI') are numbers, letters or symbols assigned by a State or Territory authority or agency to identify an individual or verify identity. Examples are Tax File Numbers, Medicare Numbers, Centrelink References, Driver's License Numbers and Passport details. We only collect, receive, use, disclose or manage GRI in accordance with the law.
The words 'information about you' refers to personal and sensitive information (or special categories of information) and GRI managed by us.
2. Why we collect and process information about you
We collect, receive, use, disclose and otherwise process the kinds of personal information set out above only where it is reasonably necessary for us to do so. The general purposes for processing your personal information, the main consequences (if any) if the information is not provided and the legal basis for such processing are set out below:
a) Clients/Prospective Clients
If you are a client or prospective collect we collect, receive, use, generate, disclose and otherwise process information about you that is reasonably necessary for the primary purpose of providing legal services.
Legal basis: where we provide legal services to you, we need to process your personal information in order to perform our contractual obligations to you in relation to such services.
If we are required to process special categories of personal information in order to provide legal services to you (for example, your medical records), we will obtain your consent prior to doing so.
Legal basis: consent.
We also process information about you for the following related purposes:
- determining if we are able to assist you with your legal matter;
- assessing and processing inquiries and requests for legal services;
- securing litigation and/or disbursement funding;
- market research and analysis;
- recovering moneys that you may owe us; and
- to inform you about any relevant legal services provided by us.
Legal basis: it is in our legitimate interest to use your personal information for the above related purposes in order to provide legal services and conduct and manage our legal services business.
We may also use or process your personal information to comply with legal requirements, such as taxation or financial reporting requirements.
Legal basis: we will process your information where necessary to comply with a legal obligation to which we are subject.
We may monitor and record telephone calls from prospective clients for training and security purposes.
You are not obligated to provide the requested information about you. However, if it is not given we will be unable to provide the legal services you require.
b) Careers and Recruitment
If you apply for a job or work placement with us, you may need to provide information to Maurice Blackburn about your education, employment, salary expectations, and other relevant information required to assess your application. In Australia, your application will constitute your consent for our use of this information to assess your application and to allow us to carry out any monitoring requirements under law as an employer. In addition, we may also carry out various screening checks (including reference, eligibility to work, police checks and skills/experience suitability) and consider you for other positions.
For applications made by individuals located in the EU, it is in our legitimate interests to process your personal data for the purpose of reviewing applications and maintain an appropriately skilled workforce. If we are required to carry out any monitoring which involves processing of special categories of personal data, we will obtain your consent prior to doing so.
You are not obligated to provide the requested information about you. However, if it is not given we may not be able to consider your application.
c) Service Providers
We may also collect information about our service providers engaged by us to perform services.
Legal basis: it is in our legitimate interests to engage third party service providers to administer and manage our legal services business.
3. How we collect and hold information about you
a) Clients/Prospective Clients
Most information about you is collected directly from you either verbally, in writing or from documents provided by you. We also collect and receive information about you from the following third parties with your authority:
- material provided under freedom of information, health records and other legislation;
- taxation records from the Australian Taxation Office;
- information from other government agencies;
- medical records and information from treating doctors and other health professionals;
- statements from policing authorities and witnesses, if relevant;
- employment records and information from employers and former employers;
- financial information from accountants and financial advisors;
- claims records and other information from insurers; and
- data from our website and the internet as a result of receiving subscription applications and emails.
b) Careers and Recruitment
Most information about you is collected directly from you in writing or verbally via your application form, resume and covering letter, recruitment agency applications, during face to face and video interviews and phone calls, and from publically available sources such as LinkedIn or other social media sites.
We may also collect information from third parties when we conduct reference, and background and other checks.
We use appropriate technical and organisations measures to ensure appropriate security of personal data we hold about you, either in paper based hard copy files and/or electronically. This includes protecting information about you from unauthorised or unlawful processing, access or disclosure, accidental loss, destruction, damage or modification by providing physical security to the hard copy files and restricted access to electronic records. Sometimes information about you is stored with secure third party storage providers.
We require our employees and service providers to respect the confidentiality of any personal information held by Maurice Blackburn.
If we receive unsolicited information about you that we are not lawfully entitled to, it will be destroyed or de-identified as soon as practicable if lawful and reasonable to do so.
Website and Cookies
We also collect information about you from our website or social networking service and we use that information and feedback to improve our services and web content.
Legal basis: it is in our legitimate interests to use your personal data which may be collected or generated on our website to improve our services and enhance the user experience on our website. We also use third parties to analyse web browsing and traffic on our website, which may involve the use of software, such as cookies, to collect information.
4. Usual use or disclosure of information about you
We disclose information about you to the following third parties or entities outside of Maurice Blackburn where it is reasonably necessary for the purposes set out in Section 2 above:
- courts, tribunals, ombudsmen, commissions and regulatory authorities (information provided to courts and tribunals may be made available to other parties to the litigation and will be on the public record);
- other parties involved in your matter and their solicitors (for example, counter parties to litigation or a transaction);
- third parties or entities who assist us in providing legal services or who provide services to you, or who provide services to us including recruitment services, data storage, distribution and mailing services, direct marketing, technology support services, and business development services;
- litigation and disbursement funders;
- market researchers and analysts;
- any entity or person with your authority.
We have contractual arrangements with our service providers which require them to protect your personal information in accordance with the Privacy Laws, including that they only use it for the purpose for which it is disclosed.
5. Additional uses of information about you
We may also use information about you to inform you of matters that may be of interest to you, such as direct marketing information to inform you of improvements or expansion of services we provide, changes to the law or potential legal claims that you may have. Your name and address may be provided to a mailing house for those purposes. If you do not want us to use information about you in this way, please advise the lawyer handling your matter or our Privacy Officer on 03 9605 2700 or by emailing email@example.com.
We will only process your information in this way if you have provided consent and have not unsubscribed from our email marketing service.
Legal basis: we will only process your data in this way if you have provided consent and have not unsubscribed from our email marketing service.
We may also use information about you within Maurice Blackburn or provide it to a related body corporate to help enhance the quality of legal services we offer to other clients or to the wider community.
6. Disclosure to overseas recipients from Australia
We do not generally transfer personal information from Australia to overseas parties, unless working with international service providers or required by law.
a) Clients/Prospective Clients
There may be situations where we consult overseas-based experts and/or law practices regarding your claim or your matter may be funded by an overseas-based litigation funder. We may also engage overseas-based services providers. In those circumstances, we will disclose information about you to entities outside Australia. At this time and to the best of our knowledge the overseas recipients could be located in either Canada, Ireland, the Netherlands, Singapore, the United Kingdom or the United States.
b) Careers and Recruitment
Some of our recruitment technology service providers may have data centres located outside of Australia. At this time and to the best of our knowledge the overseas data centre could be located in the United States, Singapore and in other countries.
We have contractual arrangements with those service providers with overseas-based data centres which require them to protect your personal information against unauthorised disclosure and to only use it for the purpose for which it is disclosed.
7. Disclosure from the EU/EEA to recipients outside the EU/EEA
If EU data protection law applies to processing of your personal data by Maurice Blackburn, the following section applies:
8. Your rights (Australian privacy principles)
Access and Corrections of Information about you (in Australia)
You have the right to access and/or request corrections of information about you held by us in accordance with the APP. A request can be made by contacting our Privacy Officer on 03 9605 2700, by emailing firstname.lastname@example.org or sending correspondence to P.O. Box 523, Melbourne VIC 3001.
Complaints (in Australia)
If you are dissatisfied with how we have managed information about you or if you believe that we have breached the APP, you may make a written complaint to us. Please address any privacy complaint to our Privacy Officer, by emailing email@example.com or by sending correspondence to P.O. Box 523, Melbourne VIC 3001. We will respond as soon as reasonably possible. If your concerns have not been resolved by that time, you may refer the matter to the Office of the Australian Information Commissioner on 1300 363 992 or firstname.lastname@example.org.
9. Your rights (GDPR)
In some cases, EU data protection law (including the GDPR) will apply to processing of personal information by Maurice Blackburn.
If EU data protection law does apply, you may have the right to:
- Access. You have the right to request a copy of the personal information we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable administration fee.
- Rectification. You have the right to have incomplete or inaccurate personal information that we process about you corrected.
- Deletion. You have the right to request that we delete personal information that we process about you, except we are not obligated to do so if we need to retain such information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal information where you believe such information to be inaccurate, our processing is unlawful or that we no longer need to process such information for a particular purpose, but where we are not able to delete the information due to a legal or other obligation or because you do not wish for us to delete it.
- Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such information to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that information on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the information for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time, free of charge. This includes cases where you wish to opt out from marketing messages that you receive from us (see Section 5 above).
You can make any of these requests in relation to your personal data by sending the request to our Privacy Officer by email at email@example.com or by mail to P.O. Box 523, Melbourne VIC 3001.
You also have the right to lodge a complaint with the local data protection authority if you believe that we have not complied with applicable data protection laws. For a list of local data protection authorities in the other EEA countries go to https://edpb.europa.eu/about-edpb/board/members_en.
For the purposes of EU data protection law, Maurice Blackburn is the data controller. Our authorised representative in the EU is Claims Funding International Plc, Hamilton House, 28 Fitzwilliam Place, Dublin 2, D02 P283, Ireland.
10. Destruction, de-identification and putting beyond use
Once we are no longer legally obligated or contractually obliged to retain information about you for any lawful purpose we will either destroy or de-identify it. If you are a client, we are required by law to retain information collected to progress your legal matter for seven (7) years once your case is closed. In some cases we may be required to retain documents for a longer period of time (for example, the making of a Will).
Where information about you is held electronically and it is not possible to irretrievably destroy or de-identify without compromising other information that we are entitled or obliged at law to retain we will restrict access or put the information about you beyond use.