Morrissey Legal Pty Ltd trading as Morrissey Law & Advisory ABN: 49 620 515 433 (we, us, our) is an Australian law firm committed to protecting the privacy of our contracts, customers and employees and complying with the Australian Privacy Principles set out in the Privacy Act 1989 (Cth) (Privacy Act), the Privacy Amendment (Notifiable Data Breaches) Act 2017, the General Data Protection Regulation (EU) (GDPR) and where applicable, State or Territory legislation in relation to health information.
Personal information- means information or opinion about an identified individual, or an individual who is reasonably identifiable.
Sensitive information – includes information about an individual’s health, genetics, race, political opinion or membership, religion, philosophical beliefs, union memberships, sexual preference and criminal record.
Service – we provide legal services for a range of clients including owners, developers, contractors, individuals and businesses. This includes, but is not limited to:
- Providing legal advice;
- Representation of clients;
- Reviewing documents; and
- Drafting letters and court documents.
How we collect personal information
We collect personal information by various means including, but not limited to, when:
- You contact us with a question, inquiry or request a Service;
- You visit our website;
- Directly from the individual;
- From a third party the individual has authorised to provide the information;
- From a client or a third party when it is unreasonable or impractical to collect it from the individual, such as your employer or other organisation with which you have contact or dealing;
- In the course of legal proceedings such as from parties and witnesses;
- To send correspondence and generally to undertake work in relation to services we have been engaged to provide; and
- Internal accounting and administration.
What kind of personal information we collect
The kind of personal information that we collect include contact details including phone numbers, postal and/or residential addresses and email addresses, date of birth, photographs, financial records, employment records, investigation reports, expert evidence report and contracts. We may also collect a wide range of sensitive information in association with legal matters.
We may collect and hold personal information from our service providers, job applicants, website users, online contacts and attendees at seminars and other functions held by us. The information may include information such as name and contact details, information contained in resumes, references from past employers, personal information required to make payment such as bank account details and your employer and job title. We will also collect personal information about you if you provided us with your business card at a function or event, or if you have provided your personal information through social media such as Linkedin and Facebook.
Use and disclosure of personal information
How do we use and disclose personal information:
- To provide legal services including advice and representation in legal matters, including to the client we are representation in legal matters, including to the client we are representing in the matter, counsel, expert advisers and those assisting us;
- To contact clients, business contacts and individuals associated with legal matters or business dealings with the firm;
- To market our legal services;
- To improve our services and to notify you or opportunities that we think you might be interested in;
- To credit reporting agencies and courts, tribunals, regulatory authorities where clients have failed to pay for services provided by us to them; and
- To the relevant third party or parties, with our client’s consent and approval if the matter involves the third party.
In providing Morrissey Law & Advisory your personal information, you consent to this disclosure.
Protecting your information
We will hold your personal information and sensitive information in either our electronic databases or in our physical fires. We will use a range of IT and physical security systems to protect your personal information.
A data breach will occur when the personal information held by us is lost or subjected to authorised access or disclosure.
If there is a breach, our first response will be to contain a suspected or known breach where possible. This will include taking immediate steps to limit any further instances of access or distribution to the personal information.
If the breach may result in a serious harm, then we will conduct an assessment process, this will include whether remedial action is possible. The assessment process will include:
- Initiate – to plan the assessment and assign a team or person;
- Investigate – to gather the relevant information about the incident and determine what has occurred; and
- Evaluate – make an evidence-based decision about whether it is likely that the breach will result in a serious harm.
This will be documented and the assessment will be conducted within 30 days.
If the breach will likely result in serious harm, under the Notifiable Data Breaches Scheme you will be notified and it will include recommendations about the steps you may take in response to the breach. We will also notify the Australian Information Commissioner.
Accessing your information
You may request access to your information we hold about you or request that we make corrections to that information. However, we may refuse to allow you access to information in certain circumstances including where the information is subject to legal professional privilege.
We note that we are exempt from the application of the Australian Privacy Principles as to disclosing certain personal information we hold which is subject to our own, or our clients’ existing or anticipated legal dispute proceedings, which may prejudice negotiations, or which would be unlawful to disclose.
In the event that we refuse access, we will provide reasons for our refusal.
Sending personal information overseas
We will not disclose your personal information to an oversea recipient, except where required for the purposes of providing legal services or representation of a client. In those circumstances your personal information may be sent overseas for that particular matter. All personal information collected by Morrissey Law & Advisory that may affect a European Union citizen will be in compliance with the GDPR.
If you are a client or have otherwise expressed interest and provided us with your contact details, we may send you emails to you with information about legal developments such as publications, alerts and newsletters and marketing our services such as seminar invitations. In relation to direct marketing via electronic means, we comply with the Spam Act 2003.
If you do not wish for us to send you such emails, please let us know by contacting our Office Manager at firstname.lastname@example.org.
Our policy was last updated in June 2018.