1. Purpose of the Policy
National Retail Association Legal Limited (NRA Legal) is committed to protecting the privacy of personal information obtained through its operations as a legal practice.
NRA Legal is bound by the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs), and any relevant privacy code registered under the Privacy Act.
The purpose of this policy is to generally inform people of:
- how and when we collect personal information and personal data;
- how we use and disclose personal information and personal data;
- how we keep personal information and personal data secure, accurate and up-to-date;
- how an individual can access and correct their personal information and personal data; and
- how we will facilitate or resolve a privacy complaint.
2. Policy Statement
The 13 Australian Privacy Principles apply to personal information.
Personal information is information or an opinion (whether true or not) relating to an identified individual or which can be used to reasonably identify that individual.
Please note that information about bodies corporate is not personal information. However, the principles will apply to an individual who is carrying on a business as a sole trader or a member of a partnership, and to individuals who deal with NRA Legal on behalf of bodies corporate.
3. What personal information we collect and hold, and why
NRA Legal collects personal information for the purposes of providing our services to our clients, including but not limited to:
- help us deliver our legal services;
- confirm your identity;
- develop and market new services;
- comply with any applicable law or court order;
- enforce our agreements with you; and
- recruit new employees.
NRA Legal also collects personal information that is reasonably necessary for, or directly related to those purposes.
The specific types of personal information NRA Legal may collect and hold includes, but is not limited to:
- Contact information – such as your name, the company you work for, your title/position, your relationship to a person, your postal address, email address and phone numbers;
- Identification and background information provided by you or collected as part of the delivery of our services; this may include your full name, photographic identification and gender;
- Financial information, such as bank account and credit card details;
- Technical information, such as information collected from your visits to our websites;
- Information you provide to use for the purposes of attending NRA Legal meetings and events, such as dietary requirements;
- Personal information provided to us by or on behalf of our clients or generated by us in the course of providing services to them.
As set out below, NRA Legal also collects certain information that is not directly and specifically provided by you from third parties, such as your IP address, your browsing pattern on websites controlled by us, click stream, and the status of cookies placed on a computer.
NRA Legal does not collect any personal information other than information reasonably necessary for, or directly relating to, the primary purpose for which NRA Legal has been engaged or may be engaged, or its other functions and activities.
4. How we collect personal information
NRA Legal will collect personal information directly from you, from our clients (including prospective clients) or their counterparties and authorised representatives.
NRA Legal may also collect personal information from third parties such as regulatory authorities, your employer (including a former employer or referee), other organisations with whom you have or have had dealings, government agencies, credit reporting agencies, recruitment agencies, information or service providers, publicly available records and third parties described in this policy.
5. Use of personal information
NRA Legal may use your personal information if:
- it is necessary for the performance of a contract with you or the organisation for which you work;
- it is necessary in connection with a legal or regulatory obligation;
- you have provided your consent (where necessary) to such use or the organisation for which you work has obtained your consent (where necessary);
- we (or a third party) have a legitimate interest which is not overridden by your interests, rights or freedoms; or
- we are otherwise required or authorised by law.
We may use your information to:
- provide and improve our services and products;
- maintain and develop our relationship with you and our clients;
- monitor and analyse our business;
- facilitate our internal business operations;
- fulfil our legal, regulatory, accounting, reporting, risk management or professional obligations;
- identify services that may be of interest to you;
- send you legal updates, publications, marketing and details of events;
- protect, establish, exercise or defend legal rights; and
- process and respond to enquiries, requests or complaints received from you.
6. Disclosure of personal information
NRA Legal may share your information with third parties including:
- our clients, your professional advisors and your employers or place of business;
- third parties involved in the provision of services to clients including barristers, local counsel and other professional advisors;
- our professional advisors, auditors and insurers;
- third party service providers to whom we outsource services, for example archival, auditing, reference checking, professional advisory, IT support, mailing house, delivery, website, social media, research, banking, payment, client contact, data processing, insurance, forensic, litigation support, data room, marketing and security services.;
- third party technology organisations, including cloud service providers, such as data storage platforms;
- third parties with whom we have co-promotional arrangements (such as jointly sponsored events);
- third parties who carry out research or analyses of our services and products on our behalf;
- regulatory authorities, courts, tribunals, government agencies, law enforcement agencies and other third parties.
Some of your personal information may be stored with and managed by a cloud service provider located outside Australia.
7. Security and storage of personal information
We will keep your personal information for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements.
NRA Legal has a document retention and deletion policy. At the end of any retention period, your personal information will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).
NRA Legal is committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and protect your personal data. This includes, but is not limited to, ensuring physical records are kept in access-controlled premises and that our systems require at least one level of user verification.
We limit access to your personal information to those employees, agents, contractors and other third parties on a “need to know” basis, and all such persons are required to keep such information confidential. We require our third-party data storage providers to comply appropriate information security industry standards.
We regularly monitor our system for possible vulnerabilities and attacks, and have procedures in place to identify and respond to data and security breaches. We will notify you and any data protection authority of a breach where required to do so.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any such transmission is at your own risk.
8. Direct marketing
As mentioned at clause 5 above, NRA Legal may use personal information provided by you for the purposes of marketing, including direct marketing.
If at any time you do not wish to receive any further marketing communications from us, you may ask us not to send those to you or disclose your information to other organisations for that purpose by using the “unsubscribe” facility in all such communications. Alternatively, you may advise us of your preference by emailing us directly on the contact details set out at clause 13 below.
9. Your rights to your personal information
Under the Australian Privacy Principles, you have the right to request access to any personal information that we may hold about you and to advise us if the information should be corrected.
The Australian Privacy Principles set out the circumstances when we can refuse those requests. If we do refuse your request, we will provide you with a written notice that sets out the reasons (unless it would be unreasonable to provide them to you).
To seek access to your personal information held by us, or to request the amendment of any of your personal information held by us, please contact us on the contact details set out at clause 13 below.
Our policy is to provide written acknowledgement of our receipt of any request for access to personal information or a request for correction of personal information within 7 days of the request being received. We will then provide a written response within 30 days of our receipt of the request.
10. Anonymity and pseudonymity
Please note that as the provision of NRA Legal’s services relies on the accurate identification of the individuals who engage with us, in most circumstances it will not be reasonably practicable for you to interact with our facilities either anonymously or under pseudonym.
The exception to this is if your interactions with us are limited to the receipt of marketing materials.
11. Third party sites
Our websites may from time to time contain links to other websites which are controlled by third parties.
Please note that these sites are not controlled by NRA Legal and will be subject to the privacy policies and practices of the relevant third parties; NRA Legal does not accept any responsibility or liability for the data processing activities of third party siteso provide written acknowledgement of our receipt of any request for access to personal information or a request for correction of personal information within 7 days of the request being received. We will then provide a written response within 30 days of our receipt of the request.
If you wish to make an enquiry about your personal information held by NRA Legal, or make a complaint because you believe that we may have breached the Australian Privacy Principles or a privacy code that applies to us, you may contact us at the contact details set out at clause 13 below.
In order to resolve a complaint, we:
• will liaise with you to identify and define the nature and cause of the complaint;
• may request that you provide the details of the complaint in writing;
• will keep you informed of the likely time within which we will respond to your complaint; and
• will inform you of the legislative basis (if any) of our decision in resolving such complaint.
We will respond to each complaint within a reasonable time.
If a party has lodged a complaint with NRA Legal and is not satisfied with our response, they may contact the Office of the Australian Information Commissioner as detailed at https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us/.
13. Contact us
You can contact NRA Legal directly by any of the following methods:
Phone: 1800 572 679
Mail: Level 3, 67 St Paul’s Terrace, Spring Hill QLD 4000
Alternatively, if you are a current or former client, you may contact the lawyer with carriage of your matter directly.