The legal content on this website has been provided for general interest only. It does not constitute legal advice. People seeking legal advice are advised to contact a qualified professional directly. Our solicitors will be able to advise you. Although we make every effort to keep the legal information on our website accurate and up-to-date, we do not guarantee this. If you make use of the information on this site, it is at your own risk.
Our website contains links to other websites. These links have been established on the basis that they may be of use to people visiting our site for legal information. Cornwalls has no control over the information contained on these other websites. We disclaim any liability in respect of the information contained on these other websites.
We accept no liability for any loss, damage or cost incurred by you as a result of our website being infected by a computer virus or other defect.
Social Media Disclaimer
The information provided through our social media accounts is general information and should not be relied upon without first consulting us and obtaining specific advice.
Email communications (including any attachments) that contain legally privileged or confidential information are intended only for the addressee. Email messages and any attachments are confidential and may be privileged, in which case neither is intended to be waived. If you are not the intended recipient, then any storing, dissemination, distribution or copying of this communication is strictly prohibited. You may not deal with or rely on this information in any way.
When addressed to our clients, any opinions or advice contained in the communication are subject to the terms and conditions expressed in our retainer. If you have received an email in error, please notify us immediately by return email and delete the original email, destroy any printed copy and do not disclose or use the information in it. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation to the contents of such information is strictly prohibited and may be unlawful.
Beware of Cyber Crime
Cornwalls will not notify you of Bank Account details or changes to Bank Account details by email. If you receive any communications suggesting that our Bank Account details have changed, you should contact us by phone immediately. Please be aware that phishing emails can also contain fraudulent phone numbers. Never call or click a link that appears suspicious. We will not take responsibility for any monies transferred by you to a wrong account.
Cornwalls respects people’s privacy. All our staff are required to read this policy and understand their responsibilities when dealing with personal information. In this policy, “you” refers to our clients who are individuals and to other individuals about whom we collect personal information.
In this policy:
- personal information refers to any information or any opinion, about an identified individual or an individual who is reasonably identifiable whether the information or opinion is true or not and whether recorded in a material form or not; and
- sensitive information refers to information about a person’s racial or ethnic origin, political opinions or associations, religious beliefs or affiliations, philosophical beliefs, trade and professional memberships, sexual orientation or practices, criminal record or health, genetic or biometric information.
Our Privacy Principles
We are bound by the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Act). The APPs came into effect on 12 March 2014, when they replaced the National Privacy Principles, which applied previously under the Act. We have adopted internal policies and procedures to ensure that the personal information we collect, store, use and disclose is dealt with in accordance with the APPs. You can see the full text of the APPs online at http://www.oaic.gov.au/privacy/privacy-act/australian-privacy-principles.
Collecting personal information
We may need to collect personal information about you including names, addresses, phone numbers and other contact details, as well as details regarding directorships, shareholdings, employment history, bank account details, credit card information and tax file numbers. We may also collect details of your age, sex, hobbies and other personal information about you.
We may need to collect personal information so we can:
- identify our clients, potential clients and their representatives;
- identify parties with whom our clients have dealings or who are in some way involved in proceedings involving our clients;
- identify any actual or potential conflicts of interest in acting for particular clients;
- give referrals to, or obtain them from, other law firms in the Cornwalls group;
- inform you of any initiatives we think may be of interest to you;
- inform you of developments in the law and relevant business markets;
- provide or offer you or others services or other benefits;
- conduct our business and provide our services in a professional and efficient manner; and
- develop and implement initiatives to improve our services.
If you do not provide us with all the personal information we request, we may be unable to act for or do business with you or others.
Unless it is unreasonable or impractical, we will collect personal information directly from the individual concerned. However, an individual’s representatives may hold personal information (e.g. financial or bank account details or a credit reference) that we may need to access for particular dealings, legal proceedings or other purposes. Where we are at liberty to do so, we will use our best endeavours to seek an individual’s consent before obtaining their personal information from third parties.
Personal information may be collected by us:
- when we are contacted about our services, in person or over the telephone or Internet;
- during the course of a dealing or proceedings involving a client;
- when we negotiate and enter into dealings;
- when we respond to an inquiry, where we consider personal details are required or appropriate to fulfil the query; or
- in connection with a referral to or from a law firm in the Cornwalls group.
The personal information of our clients or their representatives will usually be recorded on the file concerning the matter in which the individual is involved or for which the personal information was collected and/or updated on our computer database.
Any additional purpose for which the information is collected (not included in this policy) will be identified when we collect the personal information, or as soon as practicable afterwards.
Collecting sensitive information
We may need to collect sensitive information about you or others for dealings or in relation to proceedings.
Under the APPs, we are entitled to collect sensitive information about you or others for a number of reasons, including where the collection is reasonably necessary to establish, exercise or defend a legal or equitable claim.
Where we are required to and it is practicable to do so, we will seek your consent before collecting your sensitive information and inform you of the purpose at that time. Your consent to collection of your sensitive information may be implied in limited circumstances.
Use of personal information
We will use personal information:
- to identify individuals and protect them from unauthorised access to their personal information, accounts or services;
- to improve our services to you or others;
- where reasonably required to provide legal services that we are obliged to provide;
- to inform you or others of our marketing initiatives;
- to inform you or others of developments in the law and relevant business markets;
- to derive or aggregate anonymous information from which individuals cannot be identified;
- to prevent or lessen a threat to a person’s life or health;
- where disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim;
- for the purpose for which it was collected, or for a related purpose (or a directly related purpose in the case of sensitive information);
- where the individual concerned would reasonably expect us to use the information;
- where reasonably required to provide legal services that we are instructed or obliged to provide; or
- for any other purpose, where an individual has consented to its use for that purpose.
Disclosure of information
Except where indicated above, we will not disclose personal information to a third party unless:
- the disclosure is for a primary purpose for which the information was collected;
- the individual concerned has consented to the disclosure;
- the third party is our agent or contractor, in which case we will require them to disclose and to use the personal information only for the purpose for which it was disclosed;
- the third party is a person involved in a dealing or proposed dealing (including a sale) of all or part of our assets and business;
- there are reasonable grounds to believe that disclosure is necessary to prevent or lessen a threat to your life or health or that of another person;
- the disclosure is to a related body corporate or a law firm in the Cornwalls group;
- the disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or
- the disclosure is permitted, required or authorised by or under law.
Information collected via our website
To ensure we are meeting the needs and requirements of our website users, and to develop our online services, we may collect aggregated information by using cookies.
Cookies are unique identification numbers like tags that are placed on the browser of our website users. The cookies do not in themselves identify users personally, but are linked back to a database record about them.
- the address of a user’s server;
- a user’s top level domain (such as .com or .au);
- the date and time of a user’s visit;
- the pages a user accessed and downloaded;
- the search engine a user used;
- the type of browser that was used.
When a user visits our site a cookie may be placed on their machine. Where a user has visited us before, the cookie may be read each time they re-visit the site.
We do not use this technology to access any other personal information of a user in our records and a user cannot be personally identified from a cookie.
If a user chooses not to have their browser accept cookies from our site, they are still able to view the text on their screens.
We may use personal information to advise the individual concerned of new services and marketing initiatives that we think may be of interest to them. This may include newsletters, invitations to seminars or business functions, and general information about Cornwalls.
Those who prefer not to receive information about our services or seminars can contact our Privacy Officer and request to be removed from the relevant circulation list. Contact details for our Privacy Officer appear at the end of this policy.
We do not disclose personal information to a third party to enable that party to direct market their products or services to an individual, unless individuals have expressly consented to that disclosure. We may require written confirmation of a request to be removed from our circulation list, for example where legislation requires us to provide particular communications to the individual concerned.
Updating your information
We ask that you tell us of any changes to the personal information we hold about you. You may notify our Privacy Officer (whose contact details appear at the end of this policy) at any time to request that your personal information is amended or updated. We will then take reasonable steps to correct the information in the manner requested.
If we consider that the personal information we retain does not require amendment, we will annotate the request on our files.
The protection of personal information is a priority for us.
We are committed to maintaining:
- safeguards to protect personal information against unauthorised use, disclosure, access, interference, modification, destruction and accidental loss;
- industry standards for the security and protection of information. Personal information is stored securely and access is restricted to authorised personnel only. Our computer systems require access passwords and these are kept secure by our personnel; and
- internal policies on management of personal information and staff training to ensure compliance with these policies. All our staff are required to read this policy (and related policies dealing with data security and responses to data breaches) and understand their responsibilities regarding personal information.
Destruction of records
We will destroy or de-identify any personal information that we hold which is no longer needed for any purpose permitted by the APPs unless we are required by law to retain such personal information.
Access to personal information
We will generally allow an individual access to any personal information that we hold about them on request – subject to any restrictions on access. We will try to give the individual concerned access in a form and manner that suits their needs.
To request such access please contact our Privacy Officer. Contact details for our Privacy Officer appear at the end of this policy.
Restrictions on access
We are entitled to restrict access to personal information in accordance with the APPs.
You may not be allowed access to personal information we hold where access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process. Instead, we may give you an explanation for the decision, rather than direct access to the information.
If we have given you such an explanation and you believe that direct access to the evaluative information is necessary to provide a reasonable explanation of the reasons for the decision, we will, at your request, review the decision. Personnel other than the original decision-maker will conduct the review.
Wherever direct access by you is impractical or inappropriate, we should consider together whether the use of a mutually agreed intermediary would allow sufficient access to meet both our needs and concerns.
Other instances where it may not be appropriate to provide you with access to the personal information we hold, include where:
- providing access would pose a serious and imminent threat to the life, health or safety of any individual;
- providing access would have an unreasonable impact upon the privacy of others;
- the request for access is frivolous or vexatious; or
- the information relates to an anticipated or existing legal dispute between you and us and would not be accessible by the process of discovery in that dispute.
Charges for access
An individual will not incur charges for lodging a request to access personal information. However, we may levy a reasonable charge for providing access to that information. We will provide an estimate of any charge on request, or if it appears to us that the work will be onerous or otherwise warrants a charge.
Transferring information overseas
We may transfer personal information overseas if necessary for the conduct of a legal matter or for a business transaction or other dealing or for our administrative operations, including in relation to IT storage or back-up services. We will take reasonable steps to ensure that an overseas recipient does not breach the APPs in relation to the disclosed personal information unless:
- we reasonably believe that the recipient of the information is subject to legal obligations that have the effect of protecting the information in a way that, overall, is at least substantially similar to protection under the APPs and there are mechanisms that you can access to enforce that protection;
- we are given consent by the individual concerned to do so, expressly or by implication after they are expressly informed by us that if they consent we will not be required to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information; or
- we are legally authorised or required to do so.
Changes to our policy
We may update or change this policy. When we do so, we will publish the current policy on our website. Please check our website to review this policy regularly.
Notifiable data breach scheme
If there is a loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, we will investigate and notify you and the Australian Information Commissioner as soon as practicable, in accordance with the Act.
We are committed to constantly improving our procedures so that personal information is treated appropriately.
If you feel that we have failed to deal with your personal information in accordance with the APPs or this policy, please speak to us so that we have an opportunity to resolve the issue to your satisfaction.
The person to contact is our Privacy Officer, whose contact details appear at the end of this policy.
Our Privacy Officer will manage the following process for us to:
- listen to your concerns and grievances regarding our handling of personal information;
- discuss with you the ways in which we can remedy the situation; and
- put in place an action plan to resolve your complaint and improve our information handling procedures (if appropriate).
If this process does not result in an outcome that is satisfactory to you, you may contact the Office of the Australian Information Commissioner’s Office. We will work together with the Information Commissioner’s Office to resolve the issues between us.
The contact details for the Office of the Australian Information Commissioner’s Office are as follows:
Street address: Level 3, 175 Pitt Street, Sydney NSW 2000
Telephone: 1300 363 992 (for the cost of a local call anywhere in Australia)
TTY: 133 677 followed by 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001
Facsimile: +61 2 9284 9666
Further information about privacy and your rights can be obtained at the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.
If you wish to access any personal information that we hold about you, or have a query about this policy, please contact our Privacy Officer:
Privacy Officer – Cornwalls (Victoria)
114 William Street
MELBOURNE VIC 3000
Privacy Officer – Cornwalls (NSW)
32 Martin Place
SYDNEY NSW 2000
Privacy Officer – Cornwalls (Queensland)
300 Queen Street
BRISBANE QLD 4000
Limitation of Liability Scheme and Limited Partnership
Cornwalls is a group of independently owned and operated law firms comprising Cornwalls ABN 19 738 311 557 (a limited partnership) Cornwalls (QLD) ABN 18 604 548 601 (individual liability limited by a scheme approved under professional standards legislation) and Cornwalls (NSW) ABN 68 626 837 223 (liability limited by a scheme approved under professional standards legislation).