We recognise the important role data, especially personal information or personal data, plays in modern business. We also recognise the importance of keeping that data secure and maintaining the privacy of individuals. Gilchrist Connell (GC) respects individuals’ rights to privacy, which is demonstrated by our adoption of Privacy by Design principles.
Who is Gilchrist Connell?
Gilchrist Connell is an Australian law firm with offices in various States. The legal practice is conducted by a distinct practice trust in each State. We operate through a corporate structure with corporate trustees owned by certain of the senior lawyers in the firm. That trustee is responsible for the practice trusts which operate the legal business trading as Gilchrist Connell. Gilchrist Connell Pty Ltd is the holder of the business name ‘Gilchrist Connell’ which is used nationally for trading purposes.
Gilchrist Connell Pty Ltd is the data controller responsible for your personal information:
Level 4, 41 Currie Street
Adelaide, South Australia, 5000
+61 8 8215 7000
Why we collect personal information
GC only collects, uses, processes, stores, transfers or discloses personal information for the purpose it was collected, related purposes or as permitted by law. This includes:
- verifying your identity,
- providing our legal and other services and accounting for the services we provide,
- communicating with you,
- investigating and responding to any requests or queries,
- managing relationships with various third-party providers,
- maintaining and updating our security and operational standards,
- managing and recruiting our personnel,
- fulfilling our legal requirements, including as required by professional standards legislation and regulations,
- further developing our product and services, and
- managing and enhancing our relationship with you including providing you with information which we believe may be of interest.
Information we collect
For individuals to whom we provide legal or other services, the personal information GC generally collects from you may include your name, contact details (including your contact numbers, address and email address), occupation, your place of employment or business, financial information including tax office identifiers and bank account details, health information, areas of legal interest to you and other information relevant to the provision of our services to you.
For visitors to our website or who otherwise contact us, the personal information we may collect may include your name, contact details (including your contact numbers, address and email address), occupation, your place of employment or business, areas of legal interest to you, details of website pages visited and other information you may voluntarily have provided (such as comments or survey responses). This may be, for example, to respond to a request for further information about our services or to assist us to improve our product and services.
We do not collect, use, access, store, transfer or distribute any personal information without your explicit authorisation and consent.
How we collect personal information
We collect personal information via a variety of methods, including via phone, email, hard copy documents and online forms.
We will generally collect your personal information directly from you, but as a legal services provider will also collect personal information from other sources and third parties, including:
- your agents or representatives,
- companies and organisations with whom you have an association or connection,
- individuals with whom you have an association or connection,
- public records, and
- information brokers and third parties holding personal information which we require to provide our services and meet our legal obligations.
We may also collect certain information when you visit our website using ‘cookies’ and ‘Google Analytics’.
‘Cookies’ are small text files that are transmitted and stored on your computer and we use them (like many others) to improve your user experience.
The use of ‘cookies’ may enable us to ascertain certain system information such as the type of browser you are using, the web page(s) you visit and broad location information. Information on the type of data collected by Google Analytics is available here.
These cookies are completely anonymous and do not contain any personal information. You will be asked to provide your consent before we place any cookies on your device(s). You can refuse to accept cookies but doing so may affect the extent of your access to our website.
Disclosure to third parties
In the course of providing its services, Gilchrist Connell is from time to time required to disclose personal information to third parties. This includes:
- insurers and/or their agents
- Courts, tribunals, regulators or other government bodies
- other parties and their legal representatives involved in litigation
- expert witnesses
- service providers that provide GC with IT, document processing, document delivery, archiving and storage services.
There may also be other third parties we are legally required to disclose personal information to that we identify when we collect your personal information or in the course of providing services to you.
We take all reasonable steps to protect any personal information provided to third parties, including imposing confidentiality, privacy and data security obligations as appropriate. All our approved third-party providers go through a data protection compliance vetting process before being selected as a third-party provider.
In providing legal services or products to you, it may become necessary for us to transfer your personal information overseas.
When you acquire our services or products, we will obtain your consent to disclose personal information to such persons or entities overseas as is reasonably necessary in the provision of services or products or you otherwise expressly or impliedly provide your consent for us to transfer your personal information overseas.
GC has the following measures to protect any transfer of personal information overseas:
- all transfers are conducted in accordance with relevant data privacy laws,
- any overseas third party that receives any personal information:
- is only authorised to use that information for the purpose it was provided,
- has undergone a data protection compliance vetting process and we are reasonably satisfied it has appropriate controls in place as required by relevant data privacy laws,
- is obliged to delete any personal information that is no longer required.
Legal basis to use or deal with personal information
GC will collect, use or disclose your personal information only for the purposes disclosed to you or otherwise because it is:
- a use of the information for an additional purpose directly related to the original purpose the information was collected,
- necessary to prepare, negotiate and perform a contract with you,
- required by law or the competent governmental or judicial authorities,
- necessary to establish or preserve a legal claim or defence, or
- necessary to prevent fraud or other illegal activities, such as wilful attacks on GC.
Non-personal data collected automatically
We may collect non-personal information (e.g. type of Internet browser and operating system used, domain name of the Web site from which you came, number of visits, average time spent on the site, pages viewed). We may use this data to monitor and improve the performance of or content on our sites.
We take all reasonable steps to protect all information we hold, including your personal information. Our security measures include password protected access, protecting our IT systems from unauthorised access, protection of our office premises from unauthorised access and secure physical storage of archived information. When information we hold is no longer needed, we ensure it is effectively and securely destroyed. All persons within GC with access to confidential information are subject to confidentiality obligations.
GC has in place privacy, data security and incident management policies that are regularly reviewed and tested.
Third party sites
We provide links to third party sites and content for your convenience.
The inclusion of these links does not mean we endorse any of the content contained on those sites. GC is not responsible for that content and excludes all liability for any loss and/or damage that may be incurred by you as a result of your access and/or use of such content.
Right to object or restrict processing
If you would like to object to or restrict our processing of your personal information, please ask us.
In certain circumstances and where your request is appropriate, GC will take all reasonable steps to comply with your request.
Right of erasure
If you would like us to delete or remove your personal information, please ask us.
If your request is appropriate and we no longer need your personal information or, where applicable, you withdraw your consent, GC is committed to taking all reasonable steps to ensure it is able to forget and erase personal information on request.
Please note that GC will not be able to erase your data if it is technically impossible, if we are required to hold the information for legal reasons or if we require that information to perform and comply with our contractual or other lawful obligations.
If you believe that any personal information we hold about you is not accurate, complete or up to date, please contact our Information Officer so we can take steps to obtain your updated personal information and we will amend our records accordingly.
Access to your information
You may contact our Information Officer to request access to your personal information. We may advise you that we will not provide you with access to your personal information if we are legally permitted or required to deny your request.
How to contact us and complaints
If you have any requests, comments, queries or complaints in relation to your personal information, our handling of your personal information or how we handle personal information generally, please contact our Information Officer by email at email@example.com.
We will respond to any requests or complaints within a reasonable period (usually 30 days).
If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au, calling 1300 363 992 or by emailing firstname.lastname@example.org.
Changes to this policy