Carter Newell is bound by the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles (APPs) set out in the Act. If you are in the European Economic Area you may also have additional rights under the EU’s General Data Protection Regulation (GDPR). For the purposes of the GDPR, Carter Newell is a data controller.
Carter Newell will ensure that all officers, employees and subcontractors are aware of and understand Carter Newell’s obligations as well as their own obligations in respect of privacy. We will achieve this through the provision of training and through maintaining and implementing internal policies and procedures to prevent personal information from being collected, used, disclosed, retained, accessed or disposed of improperly.
What is personal information?
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Collection of personal information
Carter Newell collects personal information in order to carry on its business as a legal service provider This includes the collection of information such as names, birth details, contact details, employment and education details and history, financial details, and feedback.
The information which we collect and use will depend upon the reason for which it is collected. The following are the main reasons:
- For compliance with a legal obligation we may have, including in the provision of legal services. In the course of acting, or considering acting, for a client we are likely to collect personal information about individuals and third parties to enable us to provide legal services. The type of personal information collected will vary from matter to matter.
- Where it is necessary for the performance of a contract to which an individual is party or otherwise involved, or in order to take steps at the request of an individual prior to entering into a contract (for example in property conveyancing we may require personal information).
- Where an individual has given consent, for example to enable us to consider or respond to comments, enquiries (including in respect of the provision of possible legal services, publications, or employment opportunities) or other requests made via our website or by email.
- Where it is necessary for the purposes of Carter Newell’s legitimate interests, including for providing you with material regarding our services, providing publications about developments in areas of the law, and informing you of seminars or legal education events that may be of interest, verifying identity in respect of any payments being made or received (marketing activities).
Depending on the type of legal matter involved, we may collect sensitive information regarding individuals, including but not limited to information about an individual’s:
- racial or ethnic origin;
- religious beliefs or affiliations;
- membership of a trade union or professional organisation;
- sexual orientation or practices;
- criminal record; and
- medical records or other health information.
Carter Newell will only collect sensitive information in circumstances where:
- it is reasonably necessary for one or more of the services we provide or functions we carry out; and
- the relevant individual consents to the collection of the information; or
- we are required or authorised by law to collect the sensitive information.
Carter Newell will, if it is reasonable or practicable to do so, collect personal information directly from the relevant individual.
Sometimes we will collect personal information from a third party or a publicly available source. For example, we may need to collect personal information from a credit reporting agency, from an individual’s legal adviser, from an individual’s past or current employers, from an individual’s medical practitioners, from an individual’s financial institution, etc. We also sometimes use third parties to assist us with our marketing activities and, in doing so, collect personal information from them.
If we receive personal information that we did not solicit, we will determine as soon as reasonably practicable whether we could have lawfully collected that information as part of our functions or activities. If we are not satisfied that we could have lawfully collected the information, then we will (if it is lawful and reasonable) destroy the information or ensure that it is de-identified.
Individuals may choose to deal with Carter Newell anonymously or under a pseudonym where lawful and practical. Where anonymity or use of a pseudonym will render us unable to provide the relevant service or do business, we may request that an individual identify him or herself. For example, whenever documents are to be submitted to a court, a government agency or a financial institution, it is essential that we record an individual’s name accurately.
Use and disclosure of personal information
Any personal information collected by Carter Newell will only be used and disclosed for the purpose for which it has been provided to us or as authorised under law.
Personal information may need to be disclosed to external service providers or third parties engaged by Carter Newell in order for those service providers to fulfil their service obligations to the firm and for us to provide legal services.
We may also use your contact details to send you firm newsletters, legal updates or invitations to Carter Newell seminars or events, which may be of interest to you. We may do this directly or through a third party.
The recipients of personal information include:
- clients along with their advisers, financiers, insurers, or representatives who, in the course of the provision of our legal services, may need to be provided with personal information regarding the matter we are engaged in;
- IT service providers who assist in managing Carter Newell’s servers and networks may need to access client data in order to maintain the servers and networks;
- third parties who provide administrative assistance in relation to the provision of our legal services (including ediscovery and copying providers, and process servers);
- barristers or experts engaged on behalf of a client to provide a legal or expert opinion for a client matter may require access to certain personal information held by Carter Newell in relation to that matter in order to provide their services;
- courts or tribunals where, in the course of performing our legal services, we may file documents containing personal information; and
- third parties who assist us to deliver our marketing activities.
Where personal information is disclosed to an external party, Carter Newell will take reasonable steps to ensure that the external party treats such information confidentially and in accordance with this policy and relevant privacy obligations.
There may be circumstances in which it is necessary for Carter Newell to collect an individual’s government related identifier such as a tax file number or Centrelink reference number. We will not use or disclose government related identifiers unless we are required or authorised to do so by law or by a court or tribunal order, or in order to fulfil our obligations to a State or Territory authority.
Carter Newell may transfer your personal information to overseas countries, including but not limited to the USA and European Union countries, in order to perform one or more of our functions or activities. In these circumstances, we will take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information.
Accuracy of personal information
Carter Newell will take reasonable steps to ensure that all personal information it collects, uses or discloses is accurate, complete and up-to-date.
If you believe your personal information is not accurate, complete or up-to-date, please contact us (see the Contacting us section for more information).
Security and retention
Personal information may be stored by Carter Newell in hard copy documents or electronically. Carter Newell is committed to keeping personal information secure and safe. Some of the ways we do this are:
- requiring employees and contractors to enter into confidentiality agreements;
- security measures for access to our computer systems;
- providing a discreet environment for confidential discussions;
- access control for our buildings; and
- security measures for our website (see the Your privacy on the internet section for more information).
We will review and update our security measures from time to time.
In addition, we will review the personal information held by us from time to time, ensuring that information which is no longer needed for a purpose for which it was initially collected is destroyed or de-identified (provided it is lawful for us to do so).
In the provision of legal services, we are required to keep information for at least seven (7) years following completion of the relevant services. We may need to keep this information longer for business reasons.
Outside of the provision of legal services, for business purposes or because of other legal or regulatory requirements, we may need to keep personal information for longer than seven (7) years after any relationship or contact with you has ended.
We will keep personal information in relation to marketing activities (including records to ensure that we comply with your desire or otherwise to be informed of marketing activities) until you notify us that you no longer wish to receive such material.
Your privacy on the internet
Carter Newell takes care to ensure that the information you provide to us via our website is protected. For example, our website has electronic security systems in place, including the use of firewalls.
You may be able to access external websites by clicking on links we have provided. Those other websites are not subject to our privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.
Unless your web browser settings have been changed, when you visit our website, Carter Newell and its digital service providers make a record of each visit to Carter Newell’s website using “cookies”. Cookies are small data files sent from our website and recorded on your device when you visit our site, and which are sent to our webserver when you later access pages on our website. A cookie's purpose is to remember whether the same visitor has returned to a website, assist in navigation, and to collate information on when and how a website is used for our analysis.
When you visit our website, information including the following may be collected using “session” and “Google Analytics” cookies:
- your IP address;
- your top level domain name (for example .com, .gov, .au, etc);
- the date and time of your visit to the site;
- the pages accessed and documents downloaded by you;
- the previous site visited by you; and
- the type of browser / agent used by you.
“Session” cookies are temporary files that may make our website work better and assist with analytics, but which are deleted when you close our site.
The information collected through the above processes is not linked by us to your identity in any way, or to any other information provided by you.
You can change or withdraw your consent at any time by clicking on the ‘Cookie settings’ badge that appears on the bottom of our website.
You may also be able to make changes to your web browser settings to delete or not to accept cookies, however that could reduce functionality.
Electronic communications about marketing activities
Carter Newell uses Campaign Monitor, a business based in Australia, to assist with providing electronic communications about its marketing activities, including newsletters and other publications. Campaign Monitor is a data processor. Through its services we send out marketing material and track the engagement of subscribers, to ensure that the content remains relevant. In this regard, Carter Newell may provide your name and email address to Campaign Monitor for the purposes of use in relation to providing their services. Personal information held by Campaign Monitor may be processed and/or stored on servers located in the United States of America.
Details regarding Campaign Monitor’s privacy policies and your rights in respect of personal information they may hold, including additional rights for people in the European Economic Area, can be found here.
Your email address and other personal information will remain within Campaign Monitor’s database unless and until we cease using their services or you request removal.
You may at any time opt out of receiving such material by contacting Carter Newell on firstname.lastname@example.org, sending a request to the address below, or by using the unsubscribe link contained in any email material sent to you. Upon receiving such a request, Carter Newell will remove your contact details from our distribution lists. We will process such requests as soon as possible.
Accessing and correcting personal information
You may request access to personal information that Carter Newell holds about you (see the Contacting us section for more information).
We will acknowledge your request within five (5) business days of the request being made. If access is being denied, we will usually advise you in writing of the denial of access and the reasons for same within 10 business days of our acknowledgement. If access is being granted, access will usually be granted within 10 business days of our acknowledgement or, if the request involves complex considerations or voluminous photocopying or scanning, within 20 business days. We will let you know which timeframe applies to your request and if any delays are anticipated.
You will need to verify your identity before access to your personal information is granted.
While we cannot and do not charge an 'application fee' for you applying to access your personal information, in certain circumstances we may charge a fee for actually giving you access to your personal information in your preferred format (where reasonable and possible), which will cover our costs involved in locating and collating information as well as reproduction costs.
Once your request has been processed by us, you may be forwarded the information by mail or email or you may personally inspect it at the location where the information is held or another appropriate place. Whenever possible, we will endeavour to make the information available to you in the manner requested by you unless it is unreasonable for us to do so.
If you are aware that we hold personal information about you that is no longer accurate, complete or up-to-date, please contact us (see the Contacting us section for more information).
If you request access to your personal information, or if you request that we correct your personal information, we will allow access or make the correction unless we consider that there is a sound reason to withhold the information, or not make the correction.
Under the Act, we may refuse to grant access to personal information if:
- we believe that granting access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
- granting access would have an unreasonable impact upon the privacy of other individuals;
- denial of access is required or authorised by law or by a court or tribunal order;
- giving access would be unlawful;
- the request for access is frivolous or vexatious;
- legal proceedings are underway or anticipated and the information would not be accessible by way of the discovery process in those proceedings;
- giving access would reveal our intentions in relation to negotiations between us and you in such a way as to prejudice those negotiations;
- giving access is likely to prejudice enforcement related activities conducted by, or on behalf of, an enforcement body;
- giving access is likely to prejudice action being taken or to be taken with respect to suspected unlawful activity or serious misconduct relating to our functions or activities; and
- giving access would reveal information in connection with a commercially sensitive decision making process.
If we do not agree to make a correction to your personal information, you may provide a statement about the requested corrections, and we will ensure that the statement is apparent to any users of the relevant personal information.
In certain circumstances, including if the GDPR applies, you may have the right to request the erasure of personal data, the restriction of processing, to object to processing, and the right to data portability.
If we refuse your requests, we will provide written reasons for the refusal and the mechanisms available to complain about the refusal (see the Complaints section for more information).
It you believe there has been a breach of the APPs or the GDPR (if applicable), you are entitled to complain to us. Please direct any complaints to our privacy contact below. We will investigate your complaint and endeavour to resolve it.
If you consider that we have not dealt with your complaint adequately, you may complain to the Office of the Australian Information Commissioner on the below details:
Office of the Australian Information Commissioner (OAIC)
1300 363 992
If the GDPR applies, you may also have the right to apply to a relevant supervisory authority. For more information, please refer to this list of data protection authorities.
To contact us about any privacy or data matter or to notify us that you wish to be removed from our distribution lists, please either post or email:
The Privacy Officer