1.  Introduction

This Privacy Policy (Policy) sets out how Grindal Legal Pty Ltd (ABN 71 258 133 034) (we, us, our, or Grindal Legal) collects, holds, uses, and discloses personal information. We are an APP entity bound by the Australian Privacy Principles (APPs) contained in Schedule 1 of the Privacy Act 1988 (Cth) (Privacy Act), and we take our obligations under that legislation seriously.

This Policy applies to personal information collected from clients, prospective clients, employees, job applicants, and other individuals with whom we interact. It does not apply to acts and practices directly related to the employee records of our current or former employees, which are exempt under section 7B(3) of the Privacy Act.

By providing personal information to us, you consent to its collection, use, and disclosure in accordance with this Policy. We may update this Policy from time to time and will publish any changes on our website at www.grindal.legal. Your continued use of our services following the publication of changes constitutes acceptance of those changes.

2.  Definitions

In this Policy, the following terms have the meanings given below:

APPs means the Australian Privacy Principles contained in Schedule 1 of the Privacy Act.

Personal Information has the meaning given in section 6 of the Privacy Act and means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Privacy Act means the Privacy Act 1988 (Cth) as amended from time to time.

Sensitive Information has the meaning given in section 6 of the Privacy Act and includes information about an individual’s health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and related matters.

Services means the legal and advisory services provided by us to our clients.

Website means our website at www.grindal.legal and any other online platforms operated by us.

3.  Personal Information We Collect

We may collect the following types of personal information, depending on the nature of our relationship with you:

1. (a) Client and matter information, including your name, contact details, date of birth, identity documents, financial information relevant to your matter, and any other information you provide in connection with the legal services we perform for you. This may, in some circumstances, include sensitive information such as health information or criminal history where relevant to your matter.
   
   
2. (b) Website and technical information, including your IP address, browser type, operating system, pages visited, and other standard web log information collected automatically when you access our website. We also collect information through cookies and similar technologies, as described in section 6 below.
   
   
3. (c) Employment and recruitment information, including your curriculum vitae, qualifications, employment history, referee details, and any other information you provide when applying for a position with us.

Where we receive personal information about you that we did not solicit and could not have collected under the APPs, we will destroy or de-identify that information as soon as practicable.

4.  How We Collect Personal Information

We collect personal information in the following principal ways:

(a) Directly from you, when you engage us to provide legal services, contact us by telephone, email, or post, visit our website, attend our offices, submit a job application, or otherwise interact with us.

(b) From third parties, including courts, tribunals, opposing parties and their legal representatives, government agencies, professional advisers, referees, recruitment consultants, and other sources relevant to the matter or purpose for which we are collecting the information.

(c) Automatically, through our website and online platforms, using server logs, cookies, and analytics services as described in section 6 of this Policy.

Where practicable, we will collect personal information directly from you. If we collect personal information about you from a third party, we will take reasonable steps to notify you of that collection unless doing so is impracticable or would be contrary to law.

5. Purposes of Collection, Use and Disclosure

We collect, hold, use, and disclose personal information for the following principal purposes:

(a) Provision of legal services, including providing advice and representation, preparing legal documents and correspondence, communicating with other parties and courts on your behalf, managing conflicts of interest, and complying with our professional and ethical obligations.

(b) Business administration and operations, including managing our relationship with you, processing payments, maintaining records, improving our services and website, ensuring the security and integrity of our systems, and training our personnel.

(c) Marketing and communications, including sending you information about our services, publications, and events that may be of interest to you. You may opt out of receiving marketing communications at any time by using the unsubscribe facility in our communications or by contacting our Privacy Officer. We will comply with the requirements of the Spam Act 2003 (Cth) in all direct marketing activities.

(d) Legal and regulatory compliance, including complying with our obligations under applicable laws and regulations, responding to lawful requests from government agencies and courts, meeting our anti-money laundering and counter-terrorism financing obligations, and pursuing or defending legal claims.

(e) Recruitment and employment, including assessing your suitability for a position, conducting reference and background checks, verifying qualifications, and maintaining records of our recruitment processes.

6. Disclosure of Personal Information

6.1  Internal and Service Provider Disclosures

We may disclose your personal information to our personnel, related bodies corporate, and third-party service providers who assist us in operating our business and providing our services. These include technology and platform providers, professional advisers, barristers and other legal practitioners engaged on your matter, document management providers, payment processors, and other service providers engaged to support our operations. We require all service providers to handle personal information in a manner consistent with the APPs.

6.2 Legal and Regulatory Disclosures

We may disclose your personal information to courts, tribunals, government agencies, regulatory bodies, and other parties where required, authorised, or permitted by law. This includes disclosures necessary to comply with our professional and ethical obligations as legal practitioners, to respond to legal process, or to prevent or lessen a serious threat to the life, health, or safety of any individual.

6.3 Overseas Disclosures

We may disclose personal information to service providers located overseas, including in the Philippines (for information technology support, data processing, and administrative services). We will take reasonable steps to ensure that any overseas recipient handles your personal information in a manner consistent with the APPs.

By providing your personal information to us, you consent to its disclosure to overseas recipients as described in this Policy. You acknowledge that, as a consequence of that consent, we may not be required under Australian Privacy Principle 8.1 to take reasonable steps to ensure that an overseas recipient complies with the APPs, and that you may have limited recourse against overseas recipients under Australian law.

7.  Website and Cookies

When you visit our website, we automatically collect certain technical information as described in section 3 above. This information is used to administer the website, improve its functionality, and analyse how visitors use it.

Our website uses cookies, which are small text files placed on your device to enable certain website functions and to collect analytics information. We use cookies for essential website functionality and for performance and analytics purposes. We do not use advertising or targeting cookies.

You may manage your cookie preferences through your browser settings. Please note that disabling cookies may affect the functionality of certain parts of our website. For further information about managing cookies, please refer to your browser’s help documentation.

8.  Security and Data Retention

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference, and loss, as well as unauthorised access, modification, or disclosure. We use a number of physical, administrative, personnel, and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information.

We retain personal information for as long as is necessary to fulfil the purposes for which it was collected, or as required by law or our professional obligations. When personal information is no longer required, we will take reasonable steps to destroy or de-identify it.

In the event of a data breach that is likely to result in serious harm to affected individuals, we will comply with our obligations under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act, including notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals as required.

9. Third Party Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from this Policy, so we encourage you to read them before using those websites.

10. Access and Correction

You have the right to request access to the personal information we hold about you and to request that inaccurate, out of date, incomplete, or misleading information be corrected. To make an access or correction request, please contact our Privacy Officer in writing using the details in section 12 below.

We will respond to your request within 30 days of receipt. We may need to verify your identity before providing access. We may charge a reasonable fee to cover the costs of processing an access request, but will not charge for correction requests. In certain circumstances, we may be unable to provide access to all personal information we hold, including where access would prejudice enforcement activities, reveal legally privileged information, or be contrary to law. If we decline to provide access or to make a correction, we will provide written reasons.

11. Complaints

If you believe we have breached the Privacy Act or the APPs, or if you have a concern about the way we have handled your personal information, please contact our Privacy Officer in writing using the details set out in section 12 below. We will acknowledge your complaint within 5 business days and will endeavour to respond substantively within 30 days.

If you are not satisfied with our response, or if we have not resolved your complaint within a reasonable time, you may lodge a complaint with the OAIC:

Office of the Australian Information Commissioner

GPO Box 5218, Sydney NSW 2001

Telephone: 1300 363 992

Email: enquiries@oaic.gov.au

Website: www.oaic.gov.au

12. Contact Information

For all privacy-related enquiries, requests, or complaints, please contact our Privacy Officer:

Privacy Officer

Grindal Legal Pty Ltd

Level 7, 459 Little Collins Street, Melbourne VIC 3000

Email: info@grindal.legal 

Telephone: 03 9110 3910

We aim to respond to all privacy-related enquiries within 5 business days of receipt.