Nicholas O’Donohue & Co. Privacy and Confidentiality Policy

Nicholas O’Donohue & Co. (collectively, Nodco, we or us) as lawyers, acknowledge and respect the privacy and confidentiality of individuals and businesses. We are also bound by and comply with the Australian Privacy Principles derived from the Privacy Act

This policy explains how we collect and use personal and sensitive information (Information) we receive to initiate and conduct our legal services. This policy applies to all Information that we collect.

Type of Information Collected

The type of we collect includes personal information concerning clients, potential clients who contact us as well as suppliers, referrers, consultants, employees and applicants for employment.

Personal Information is information that allows us to identify individuals, such as names, contact details and dates of birth. Personal Information also includes any fact or opinion, provided that is connected to an enquiry.

We may also need to collect sensitive information. Sensitive information is a subset of personal information, such as information or opinion concerning racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a profession or trade association, membership of a trade union, sexual orientation, criminal record or health information.

Purpose of Collection

We will not collect personal or sensitive information unless such Information is reasonably necessary for the primary purposes of:

1. assessing our ability to act for an individual or group of individuals;
2. providing legal services and advice;
3. conducting effective management of our business; and
4. marketing our legal and associated services.

We collect personal information from individuals at the pre-client stage when a legal enquiry is made so we can properly verify identity and assess whether we are able to act on that individual’s behalf. We will not consider acting for any individual who does not properly identify themselves as this could lead to a conflict of interest with other clients.

In some instances, we may also need to collect sensitive information at the initial stage of an enquiry if it is directly relevant to the advice being sought. For our internal business purposes, we retain and safely store the personal and sensitive information provided to us at the pre-client stage as this enables us to respond more efficiently and to inform such persons of our other legal services or developments that may be of interest to them at a later stage.

We also collect Information provided to us by our clients who have commenced instructing us to act in their matter. We collect all information necessary to effectively conduct legal matters. Information is stored on our computer systems or as a paper document in safe custody for the client.

At the conclusion of legal matters, we are required to keep the legal files for a minimum period of 7 years from the closure of a legal file. In some cases, circumstances may require us to retain documents for a longer period of time (e.g. anticipated litigation over a will).

Method of Collection

The Information is collected usually through completed questionnaires and/or forms returned to us, and our notes of an interview or telephone conversation.

To provide our legal services we will also collect Information from external sources (i.e. statutory bodies, health professionals, financial advisors, accountants, other legal parties and their legal advisors). With the exception of Information obtained from related parties to the legal matter, this Information will be obtained under our clients’ express authority and securely stored on their electronic file.

Information Security

All Information is converted to electronic media and stored on our computer system. This Information includes copies of documents held in safe custody, anticipated or existing court exhibits, transaction documents requiring in person signatures. We keep all Information safe by taking all reasonable precautions to protect Information from misuse from unauthorised access, modification, disclosure or loss. Our security measures include: cyber protection protocols that are regularly tested, secured password access, on site security with staff training for client confidentiality awareness and privacy training, anti-virus protection used for our IT and communications. At all times the client must be confident that we have effective control of their Information.

How we handle Client Information

We will not disclose Information to third parties, without your consent, unless it becomes necessary to lessen or prevent a serious and imminent threat to life, health or safety or unless otherwise compelled by law.

Compulsory Disclosure by Law

We may be compelled to disclose Information by law, (for example, under court orders or statutory notices to produce documents under laws relating to social security, taxation, bankruptcy, anti-money laundering, counter terrorism and the management of incorporated entities).

Information accessed by non-legal staff and Service Providers

Information may be accessed by non -egal staff who are bound by the same confidentiality laws and standards that govern the legal profession within Australia and comply with the Australian Privacy Principles.

Effective management of our business to provide legal services will at times require disclosure of Information us to third party professionals and service providers (e.g. barristers, document management providers, IT systems and accounting staff). We have contractual arrangements in place with relevant service providers to protect your Information up to the same standards as if we stored the Information ourselves and to prevent them from using the Information for any purposes other than our own.

Marketing

From time to time we may send out news alerts and information related to the other legal services that we offer. We do however respect the wishes of individuals who wish to ‘opt-out’ from receiving this material by implementing procedures for that purpose. Our Privacy Officer can also address any questions or concerns at client.services@nodco.com.au or on: +61 3 9607 8100.

Improving Client Services

We seek client feedback to ensure we maintain a high standard of service and client care. Our Client Services team will invite clients to participate in client feedback surveys conducted internally or by an external consultant. We first obtain client consent to disclose Information if external consultants are engaged to oversee or analyse any client feedback.

Website

We collect statistical information on website activity e.g. number of website visitors, the timing of visits, pages viewed and location. We may also use web beacons on our website from time to time. Web beacons or clear .gifs are small pieces of code placed on a web page to monitor the visitors’ behaviour and collect data about the visitors viewing a web page. For example, web beacons can be used to count the users who visit a web page or to deliver a cookie to the browser of a visitor viewing that page. This information is then used for analysis and improvement of our website. We do not use this technology to access your personal information.

If you have registered an account with us, you will be identified by a user name and password when you log into our website or applications. The information we collect about registered users’ use of our websites may be used for measuring use and performance and in assisting to resolve any technical difficulties.

Because we want your user experience to be as informative and helpful as possible, our website may contain links to other websites of interest. We do not have any control over those third-party websites. We are not responsible for or liable for the protection and privacy of any information which you provide whilst visiting such third-party websites, and such third party websites are not governed by this policy.

Information Quality, Access and Correction Processes

At times we will take steps to update or verify personal information by collecting personal information from publicly available resources, for example: telephone or website directories or electoral rolls to improve the integrity of the personal information that we hold.

Individuals may access their personal Information and seek corrections to any inaccuracies.

Clients should contact their primary Nodco contact to access and correct their personal information. Potential clients (i.e. people who made an enquiry but have not instructed us to act for them) and clients dissatisfied with the response from their lawyer can request access and correction to their personal Information by contacting our Privacy Officer at client.services@nodco.com.au or on 9607 8100 9.00am-5.00pm Monday to Friday.

In certain circumstances, we are permitted to deny the request for access, or limit the access that we provide. For example, we are entitled to withhold a legal file unless and until a satisfactory arrangement has been agreed concerning the payment of outstanding legal costs.

Contact us about Privacy

Our Privacy Complaints Handling Policy sets out our approach to resolve any privacy complaint in a fair and expeditious manner. For an existing client, we recommend your privacy related complaint is made directly to your Nodco Contact person – often a telephone call is all that is needed to resolve concerns. For all other complaints see our Privacy Complaints Handling Policy below.

Privacy Complaints Handling Policy

Australian Privacy Principles

Nicholas O’Donohue & Co. complies with the Australian Privacy Principles in the Privacy Act. Our Privacy and Confidentiality Policy is available on our website, or you can obtain a copy by contacting 03 9607 8100. The Privacy Complaints Handling Policy is to be read in conjunction with the Privacy and Confidentiality Policy.

Purpose

This policy sets out our approach to resolving complaints from individuals about the way we have dealt with their personal information and outlines what people can expect when they make a complaint.

Management of privacy complaints

Privacy complaints are managed by the Privacy Officer.
The Privacy Officer will:

• receive and acknowledge the complaint;
• seek further information from the complainant if necessary;
• thoroughly investigate the complaint;
• respond to the complainant with the outcome of the investigation; and
• provide feedback to the relevant internal stakeholders.

Complaint process

1. Complaint Receipt

Privacy complaints must be made in writing. The Privacy Officer may exercise discretion to receive an oral complaint if they consider that making a written complaint would be impracticable or unreasonably onerous for the complainant.

The written complainant should include:

• sufficient contact details to enable us to identify them;
• a clear and succinct statement of the nature of the complaint;
• sufficient information for the Privacy Officer to understand the complaint;
• details such as what happened, when they became aware of it, and who was involved;
• the relevant Australian Privacy Principle(s) breached (if known);
• impact statement on the complainant from the event; and
• details of what you would like to see happen to resolve the complaint.

The complaint can be emailed to client.services@nodco.com.au or posted to:

The Privacy Officer, Nicholas O’Donohue & Co. Level 36, 140 William Street MELBOURNE VIC 3000

We can only accept complaints from the individual client, or their authorised representative. If the Complainant is acting on behalf of another person, they must provide evidence of their authority to do so.

2. Complaint Acknowledgement

The Privacy Officer will acknowledge the complaint within five working days of receiving it.

3. Complaint Investigation

The Privacy Officer will investigate the concerns raised by the complainant. This may involve obtaining further information from the complainant, speaking with the relevant staff members, reviewing relevant documents or client files, and obtaining technical or legal advice.
In most cases the investigation will not take longer than 20 working days. If the investigation is likely to take longer than 20 days, the Privacy Officer will notify the complainant.

4. Complaint Outcome

The Privacy Officer will write to the complainant to inform them of the outcome of the investigation.
If the complainant remains dissatisfied with the response provided, they may wish to contact the Office of the Australian Information Commissioner (The Privacy Commissioner) at http://www.oaic.gov.au.

5. Internal Feedback

The Privacy Officer will usually provide feedback, including recommending process improvements, to the relevant internal stakeholders to ensure continued compliance with the Australian Privacy Principles.

Whether you have a big challenge, a major issue or a simple query, we are here to help.