LegalStream understands the importance of safeguarding the privacy of our clients and their customers and our obligations under the relevant legislation including the Privacy Act (1988), the Australian Privacy Principles (APPs) and the Privacy and Personal Information Act (1988).
In the course of our business, we collect or receive personal information including names and contact details of our clients. We are often provided with personal information via third parties, for example, where lenders provide us with borrowers’ details for the purpose of processing a mortgage transaction.
We collect and receive this information only for the purpose of conducting our business. Where information is required to be retained over a period of time, it is recorded in our database and we make every effort to ensure it is accurate and up-to-date.
We will not use or disclose your personal information other than in the following circumstances:
- the information is reasonably required to be disclosed in the normal course of conducting our business including as described in our Terms and Conditions, or
- the information is required to be disclosed according to the requirements of any law, or
- disclosure of the information has been approved by your written authorisation, or
- the information is or has generally become available to the public without breach of this policy.
From time to time, we may also let you know about our products and services. If, at any time, you do not wish to receive these kinds of communications, please let us know.
- Providing the services that LegalStream undertakes; and
- The normal day-to-day operations of our business.
Who and what this policy applies to
We handle Personal Information in our own right and also for and on behalf of our clients.
If, at any time, an individual provides Personal Information or other information about someone other than himself or herself, the individual warrants that they have that person’s consent to provide such information for the purpose specified.
Information we collect
In the course of business it is necessary for us to collect Personal Information. This information allows us to identify who an individual is for the purposes of our business.
- Personal information. We may collect personal details such as an individual’s name, location, date of birth, and other information defined as “Personal Information” in the Privacy Act that allows us to identify who the individual is.
- Contact information. We may collect information such as an individual’s email address, telephone & fax number, residential, business and postal address and other information that allows us to contact the individual.
- Financial information. We may collect financial information related to an individual used to transact with us and other information that allows us to transact with the individual and/or provide them with our services.
We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities.
How information is collected
Most information will be collected in association with a client’s dealing with us. However we may also receive Personal Information from sources such as public records, contractors, staff or recruitment agencies. In particular, information is likely to be collected as follows:
- Accounts. When an individual submits their details to open an account;
- Supply. When an individual supplies us with goods or services;
- Contact. When an individual contacts us in any way;
- Access. When an individual accesses us physically we may require them to provide us with details for us to permit them such access. When an individual accesses us through the internet we may collect information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services.
As there are several circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their Personal Information is being collected.
Where we obtain Personal Information without an individual’s knowledge we will either delete/destroy the information, or inform the individual that we hold such information, in accordance with the Australian Privacy Principles.
When personal information is used and disclosed
In general, the main principle is that we will not use any Personal Information other than for the purpose for which it was collected; namely, for the purpose of conducting our business. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
Retention of personal information
It may be necessary for us to disclose an individual’s Personal Information to third parties in a manner compliant with the Australian Privacy Principles in the course of our business.
No disclosure to unrelated third parties
We will not disclose or sell an individual’s Personal Information to unrelated third parties.
How we use information
Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
- The provision of services;
- Verifying an individual’s identity;
- Communicating with an individual about:
- Their relationship with us;
- Our services;
- Investigating complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
- As required or permitted by any law (including the Privacy Act).
There are some circumstances in which we must disclose an individual’s information:
- Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
- As required by any law (including the Privacy Act).
Disclosure of personal information outside of Australia
We do not operate outside the borders of Australia.
Should the occasion arise where we disclose Personal Information to an entity outside of Australia, we will take reasonable steps to ensure that any such disclosure will not be made until that entity has agreed in writing with us to safeguard Personal Information as we do.
Opting in or out
An individual may opt to not have us collect their Personal Information. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
- Opt in. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
- Opt out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
If an individual believes that they have received information from us that they did not opt in to receive, they should contact us on the details below.
The safety and security of personal information
We will take all reasonable precautions to protect an individual’s Personal Information from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
The security of online transactions and the security of communications sent by electronic means (unless arrangements have been made for the encryption of such communications) or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, Personal Information where the security of information is not within our control.
We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws)
If an individual thinks any misuse or loss of, or unauthorised access to, their Personal Information, they should let us know immediately.
We are not liable for any loss, damage or claim arising out of another person’s use of the Personal Information where we were authorised to provide that person with the Personal Information.
How to access and/or update information
Subject to the Australian Privacy Principles, an individual has the right to request from us the Personal Information that we have about them, and we have an obligation to provide them with such information within 28 days of receiving their written request.
If an individual cannot update his or her own information, we will correct any errors in the Personal Information we hold about an individual within 7 days of receiving written notice from them about those errors.
It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any information that is provided to us that is incorrect.
We may charge an individual a reasonable fee for our costs incurred in meeting any of their requests to disclose the Personal Information we hold about them.
Complaints and disputes
If an individual has a complaint about our handling of their Personal Information, they should address their complaint in writing.
If we have a dispute regarding an individual’s Personal Information, we both must first attempt to resolve the issue directly between us.
If we become aware of any unauthorised access to an individual’s Personal Information we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
From time to time, we may send an individual important notices, such as changes to our terms, conditions and policies. Because this information is important to the individual’s interaction with us, they may not opt out of receiving these communications.
All correspondence with regards to privacy should be addressed to:
The Chief Operating Officer at firstname.lastname@example.org
Additions to this policy
This Policy is subject to regular review. It was last reviewed on 20 August 2020.