Privacy Policy

Williams + Hughes (we, our, us) respect your privacy. This Privacy Policy details how we generally collect, hold, use and disclose your  “personal information” and your rights in relation to the personal information that we hold about you. 

The purpose of this Privacy Policy is to explain:

• the application of this Privacy Policy
• the kind of information we collect about you and why we collect it
• the purposes for which we collect information
• how we collect and store that information 
• how we disclose that information
• our use of other online marketing tools, and how you can control or opt out of these tools
• how you can access and correct the information we hold about you
• how you may complain about a breach of the Australian Privacy principles and how we will deal with the complaint. 

Application of this Privacy Policy 
The Privacy Act 1988 (Cth) (Privacy Act), the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) and the Privacy (Credit Reporting) Code 2014 (Privacy Code) regulate how personal information is handled. The Australian Privacy Principles (APPs) contained in the Privacy Act govern the way in which we collect, use, disclose, store, secure and dispose of your personal information.

We are committed to protecting your privacy. We have drafted this privacy policy to comply with the APPs. 

What is personal information, sensitive information and credit related information 
We collect and hold personal information in carrying out our business and functions as a legal services provider.  We collect personal information in many ways, including during our business dealings with you, interviews (including job interviews), correspondence, by telephone and facsimile, by email, via our website [http://www.whlaw.com.au/], from your website, from media and publications, from other publicly available sources, from cookies and from third parties. 

The term “personal information” is defined by the Privacy Act. Personal information is information or an opinion that can be used to identify you. This might include personal details like your name, address, date of birth, other contact information like your email address and phone number and financial information like your credit card number or bank details. 

“Sensitive information” is a type of personal information. Sensitive information can include information like your racial or ethnic origin, health information, political opinions, membership of a political association, professional or trade association or trade union and criminal record. 

The kinds of personal information we collect and hold 
We collect and hold a range of personal information in carrying out our business and functions as a legal services provider. The personal information we collect about you will depend on the way we interact with you. 

Some of the situations where we collect personal information include when:

• we take instructions to provide you with legal services or when you inquire about us providing you legal services; 
• you provide us, or one of our staff members, with your business card; 
• you attend an event that we organise; 
• you subscribe to receive our publications on our website; 
• you apply for a job with us or submit an expression of interest application to our HR team; or 
• you supply goods or services to us.

Generally, the different kinds of personal information we collect and hold include:

• names;
• contact details, including address, phone number and email address;
• signatures;
• dates of birth;
• employment details;
• credit card details;
• bank account details;
• financial details; 
• tax file number;
• opinions about our services, products and staff; and 
• any information sent to us through correspondence.

Specifically, the kinds of personal information that we collect and hold about you will depend upon the nature of our relationship with you. 

Our Clients 

The kind of personal information we collect and hold in any given circumstance is determined by the legal services we are providing. 

We typically collect and hold the following kinds of personal information about our clients:

• name, job title, and contact details;
• communications between you and us;
• financial information;
• information about your areas of legal interest or specialisation; and
• other personal information that you provide to us (such as when you respond to an invitation to attend a seminar or function) or that we collect in the course of our relationship with you.  

Our contractors, service providers, suppliers and job applicants

We typically collect and hold the following kinds of personal information about contractors, service providers, suppliers and job applicants:

• name and contact details;
• information contained in resumes;
• educational details, academic and other transcripts, employment history, skills and background checks;
• references from past employers and referees;
• information collected during the interview or assessment process;
• details of your performance under any contract; and
• personal information required to make payments, such as bank account details. 

Website users, online contacts and attendees at seminars and other functions

The only personal information which we collect about you when you use our website or contact us online is what you tell us about yourself, such as when you complete an online subscription form to our publications, alerts and newsletters, when you accept an invitation to attend a seminar or function, or complete one of our online forms, including through our marketing campaigns, or information you provide to us when you send us an email.

The kinds of personal information that we may collect through our website include:

• your name, contact details, employer and job title; and
• your areas of legal interest or specialisation.

Other individuals 

In the course of providing our clients with the services they have requested, and carrying out their instructions, we may be required to collect personal information about other individuals including other parties to our clients' matters, their legal representatives and other service providers or contractors retained by them. 

The nature of information collected will depend upon the individual circumstances of the matter, but is likely to include: 

• name;
• contact details; 
• job title; and 
• communications with these other individuals. 

Depending upon the circumstances of the matter, it may also include sensitive information.

Sensitive information 

To the extent that it is relevant to the work we are undertaking for a client or our general relationship with a client, we may also collect and hold personal information about clients that is sensitive information under the Privacy Act. For example, we may collect health information about an individual, membership of a professional or trade association, membership of a trade union, ethnicity, religious beliefs or affiliations or criminal records.

We will only collect sensitive information if the sensitive information is reasonably necessary for us to carry out our functions or activities, or if the APPs otherwise permit such collection.

Purposes for which we collect personal information 

We collect, hold and use personal information for the purposes for which it was collected, related purposes and other purposes including: 

• providing the services that our clients have requested;
• to communicate with you;
• managing and administering your or your organisation's business relationship with us, including processing payments, accounting, auditing, billing and collection, support services;
• complying with our legal and regulatory obligations;
• analysing and improving our services and communications to you;
• for insurance purposes;
• for marketing purposes;
• maintaining, managing and developing our relationship with clients and potential clients;
• developing and managing relationships with our employees, contractors and service providers;
• conducting further searches and enquiries regarding the information you have provided to us or more generally to collect additional personal information about you or your associates for our regulatory or prudential purposes; and 
• otherwise carrying out our functions as professional legal service providers.

How do we collect information about you? 

If we do collect personal information about you we will take reasonable steps to let you know that we have collected your personal information.

Directly from you 

In most instances we will collect personal information directly from the person to whom the information relates, or the organisation of which that person is an employee, director or principal.  

We usually collect your personal information from you directly when we speak to you on the telephone, when we correspond with you over email, when we meet with you in person, if you provide us with documents that contain your personal information or you provide information to us through our website.

Third Parties 

We will only collect personal information from third parties if it is unreasonable or impracticable to collect the information from you directly or if we are required or authorised by an Australian law or court/tribunal order to do so.

We may also collect personal information about individuals from the following third parties:

• our clients;
• government agencies;
• law enforcement bodies;
• publicly available records;
• public registries;
• court or tribunal records;
• ratings agencies;
• search agencies;
• regulatory and licensing bodies;
• service providers;
• parties to whom you refer us, including previous employers and referees;
• recruitment agencies;
• online searches; and
• social media (such as LinkedIn and Facebook).

Information you give us about someone else

If you supply us with the personal information of a third party, such as a spouse, colleague or friend, we accept that information on the condition that you have all the rights required from that third party to provide that personal information to us to use for our functions and activities.

Internet Cookies 

An internet cookie is a data file that is placed on the computer of an internet user during a visit to our website. Cookies are necessary to allow our website and your computer to interact effectively and to enhance security. Cookies can record information about your visit to assist us in better understanding your needs and requirements. Our website uses cookies, tracking pixels and related technologies. Cookies are small data files that are served by our platform and stored on your device. Our site uses cookies dropped by us or third parties for a variety of purposes including to operate and personalise the website. 

If you would like to access our website but do not wish to receive any cookies, you should set your browser settings to refuse to accept cookies. This might mean that you are unable to access our website or parts of it. The following sections of this policy contain further information on how we use cookies. 

Cookies may also be used to track how you use the site to target ads to you on other websites. To opt out of this you can visit the DAA opt-out site www.aboutads.info or the Network Advertising Initiative opt-out site at networkadvertising.org/choices, or for those in Europe, the EDAA opt out site at youronlinechoices.eu

How we store personal information 

We hold personal information in hardcopy files and in electronic form, and take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.

We store hardcopy files in secure facilities. We also store hardcopy files with an offsite storage provider whose premises and access is strictly controlled.

Under our document management system, access to files is appropriately limited. Personal information within our network is password protected and access is appropriately limited.

We store electronic records within our own secure network and through third party data storage providers. Our third party data storage providers are required to protect personal information in accordance with applicable laws and take appropriate technical and organisation measures against unauthorised or unlawful use of personal information or its accidental loss, destruction or damage.

How we disclose personal information  

We may disclose personal information to third parties including:

• our clients, your professional advisers and your employers or place of business;
• third parties involved in the provisions of services to clients including barristers, local counsel and other professional advisers;
• third party service providers to whom we outsource services, for example archival, auditing, IT support and insurance;
• our affiliates (such as our affiliates in the Meritas Global Alliance); and 
• regulatory authorities, courts, tribunals, government agencies, law enforcement agencies and other third parties. 

In some circumstances we are permitted or authorised by or under an Australian law or a court/tribunal order to use or disclose your personal and sensitive information. For example, if our disclosure of your information will reduce or prevent a serious threat to life, health or safety or our disclosure is in response to any unlawful activity.

Overseas disclosure of personal information 

We may disclose personal information to external service providers located overseas so that they can provide us with services in connection with the operation of our business, such as marketing services and data storage. 

We are generally not likely to disclose personal information to overseas recipients. However, in the course of acting for some clients it may become necessary or desirable to disclose personal information to overseas recipients. 

Direct marketing 

We may use your personal information to send marketing materials to you if the marketing material is related to the purpose for which we collected that information. 

We will ask for your consent before we use your personal information for marketing purposes if we have not collected that personal information directly from you or where sensitive information is involved.

If you do not wish for us to send you such emails, please let us know by contacting our Privacy Officer. 

You can also unsubscribe from our email notificatons using the contact form at the bottom of this page.

Destroying personal information 

We will generally destroy, or take steps to de-identify, personal information when this is no longer required by us. We otherwise destroy information after 7 years. 

Applying for and employment with us

If you submit an application or register interest for employment with us, we will collect personal information from you. If your application for employment with us is unsuccessful, we may retain this personal information to assess your suitability for another role with us. If you do not want us to retain personal information about you, please contact our Privacy Officer. 

Access and correction of personal information 

We will take reasonable steps to ensure that the personal information we collect, use and disclose is accurate, up-to-date and complete. We will also take reasonable steps to protect personal information that we hold from misuse, interference, loss, unauthorised access, modification or disclosure. 

You have the right to request access to personal information that is held by us about you. You also have the right to request correction of any of your personal information that we hold. We will take reasonable steps to make appropriate corrections to your personal information so that it is accurate, complete and up to date. 

If you would like to access, or correct, your personal information please write to our Privacy Officer using the contact details set out below. Please make sure you clearly identify the information or correction requested. In order to protect your personal information we will require identification from you before releasing the requested information.

In some cases, we may refuse to provide you with access to your personal information. We will only do this if an exception in the Privacy Act applies. If access is refused, we will write to you and explain why. 

In some cases, we may charge you a fee for access to personal information. 

Complaints 

If you have any questions or complaints about the way we have handled your personal information you can contact our Privacy Officer on the details below. 

The Privacy Officer will review your complaint, consider our conduct in relation to the complaint and the requirements of the APPs, and will consider appropriate action. We will respond to complaints within a reasonable period of time (usually 30 days). 

If you are dissatisfied with our response to your complaint, you can make a complaint to the Office of the Australian Information Commissioner (OAIC). You can find more details about making a complaint to the OAIC here

Privacy Officer 

You can contact our Privacy Officer via the contact form at at the bottom of this page.

Updates to this Privacy Policy

We will review and update this Privacy Policy from time to time. If we make any changes to this Privacy Policy, we will upload them to our website. 

This Privacy Policy will be available to anyone on request, whether at our office or on our website. If you would like a hard copy, please contact our Privacy Officer. 

For more information about privacy issues, and to obtain copy a of the National Privacy Principles you can visit the OAIC website at http://www.oaic.gov.au

Policy last updated February 2019