Home
Our Services
Who We Are
Legal Updates
NFP Resources
Contact
NFP logo
Legal

Privacy Policy

About this policy

This privacy policy outlines the personal information practices of NFP Lawyers.

The obligations of NFP Lawyers in respect of collecting and handling personal information are outlined in the Privacy Act 1988 (Cth) (Privacy Act) and, in particular in the Australian Privacy Principles (APPs) found in Schedule 1 of the Privacy Act.

Overview

NFP Lawyers collects, uses, discloses and holds personal information to perform its functions and activities.

Some of these functions and activities include:

  • providing legal advice or legal services as instructed or requested by you or your organisation
  • providing general information on the law or updates about the law through our newsletter
  • managing and administering your or your organisation's business relationship with NFP Lawyers, including processing payments, responding to you, billing and collection, support services
  • complying with our legal and regulatory obligations, compliance screening or recording obligations, which may include automated checks of your contact data or other information you provide about your identity against applicable sanctioned-party lists and our database and contacting you to confirm your identity in case of a potential match or recording interaction with you which may be relevant for compliance purposes
  • facilitating meetings and provide you with an acceptable service
  • protecting the security of and managing access to our premises (including security cameras), IT and communication systems, online platforms and mobile applications, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities
  • identifying persons authorised to trade on behalf of our clients or service providers
  • complying with court orders and exercises and/or defend our legal rights

Collection of personal information

NFP Lawyers aims to only collect personal or sensitive information it requires to carry out its functions and activities in any given instance.

  • The main way NFP Lawyers collects personal information about you is when you provide it. Some of the personal information NFP Lawyers collects, includes: your contact details, employee details and details of your organisation
  • When you register for NFP Lawyers’ newsletter, your contact details
  • If you are a client, your name, contact details, registered address, details of your organisation, and information or documents relevant to your matter
  • If you are a prospective employee, your name, contact details, qualifications and work history.

Indirect collection

NFP Lawyers may collect personal information about you indirectly from publicly available sources or from third parties such as:

  • the Australian Business Register;
  • the Australian Securities and Investments Commission; or
  • other publicly available registers and sources of information.

LFA would ordinarily collect your personal information in this way for the purposes of the provision of our services.

Dealing with us anonymously

Where reasonably practicable, you have the option of not identifying yourself when dealing with us. For example, general access to our website does not, and general telephone queries do not, require you to disclose personal information about yourself.

However, there are parts of our website where we may need to collect personal information from you for a specific purpose - for example, to provide you with our newsletter.

Dealing with us online

NFP Lawyers’ public website (www.nfplawers.com.au) and related websites / mobile apps that NFP Lawyers may create from time to time are hosted in Australia. There are a number of ways in which NFP Lawyers collects information through its website, including via online tools:

  • Google Analytics, a website analytic tool
  • Google reCAPTCHA
  • Vision6, a mailing list tool

Google Analytics

NFP Lawyers uses Google Analytics as a website analytics tool to collect data about how you interact with NFP Lawyers website, including:

  • device IP address (collected and stored in an anonymised format);
  • search terms and pages visited on the LFA website;
  • date and time when pages were accessed;
  • downloads, time spent on page and bounce rate;
  • referring domain and out link if applicable;
  • device type, operating system and browser information;
  • device screen size; and
  • geographic location (city).

This information will not ordinarily be personal information, because you will not be identified, or reasonably identifiable from it.

 

Google reCAPTCHA

NFP Lawyers uses Google reCAPTCHA (version 2) as a means to eliminate spam attacks and to be able to distinguish users from bots. The tool may collect data about how you interact with the website’s smart forms, including:

  • mouse movements;
  • device IP address;
  • date and time when pages were accessed;
  • device type, operating system and browser information;
  • device screen size; and
  • geographic location (city).

This information will be stored on Google’s servers outside of Australia. Content that you enter in NFP Lawyers web forms will not be collected through the use of this tool.

Mailing lists

NFP Lawyers uses Vision6 to manage its mailing lists.

NFP Lawyers collects personal information, such as contact details, that you provide to it when signing up to NFP Lawyers’ newsletter.

Information about you is also collected by NFP Lawyers when you open, click on links or download any image in an email sent to you via a NFP Lawyers mailing list. The information collected includes:

  • whether you opened an email sent to you via a NFP Lawyers mailing list;
  • which links you click in those emails;
  • your mail client (e.g. ‘Outlook’ or ‘iPhone’);
  • if interactions with those emails occurred on a mobile or desktop environment; and
  • the country geolocation of your IP address (the IP address itself is not stored).

Cookies

Cookies are small amounts of information which we may store on your computer (after you register on our website) to enable our server to collect certain information from your web browser, for record keeping purposes and to improve your website user experience.

Cookies do not identify the individual user, just the computer used.

Cookies themselves only record which areas of the site have been visited by the computer in question, and for how long. Allowing us to create a cookie does not give us access to the rest of your computer and we do not use cookies to track your online activity once you leave our site. Cookies are read only by the server that placed them and are unable to execute any code or virus.

 

Social networking services

NFP Lawyers uses LinkedIn to communicate with the public about its work. When you communicate with NFP Lawyers using these services, the OAIC collects the personal information you provide to it by engaging in that communication.

LinkedIn has its own privacy policy.

 

No transmission over the internet can be guaranteed as totally secure and accordingly, we cannot warrant or ensure the security of any information you provide to us over the internet. Please note that you transmit information at your own risk.

Our website may also contain links to other websites which are outside our control and are not covered by this Privacy Policy. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their privacy policy, which may differ from ours.

 

Use

Primary purpose uses

NFP Lawyers usually uses your personal and sensitive information for the purpose for which it was collected.

This ordinarily includes to:

  • perform its functions and activities, set out at the beginning of this policy; and
  • carry out business improvement and reporting.

Secondary purpose uses

NFP Lawyers will only use your sensitive information for a secondary purpose with your consent.

There are some limited exceptions that permit use of sensitive information for a secondary purpose without your consent, including where it is required or authorised by or under law, or where a permitted general situation exists, like where the entity reasonably believes that the use is necessary to lessen or prevent a serious threat to the life, health or safety of an individual or the public.

Third party contractors

NFP Lawyers will only provide your personal information on a confidential basis to contractors who provide services to NFP Lawyers (for example database management, printing and mailing). In these cases, we ensure that our contractors are also bound by contractual obligations of confidentiality.

NFP Lawyers will sometimes use third party service providers to conduct surveys and facilitate information collection and event registration. Some of these service providers conduct all or part of their business overseas and so your personal information may be transferred overseas as a result. NFP Lawyers conducts a due diligence process before entering into an agreement with these service providers and will take all reasonable steps to ensure that your information is not used for any other purpose and appropriate security measures are implemented to protect your information.

 

Disclosing your personal information

NFP Lawyers discloses personal information for purposes other than the purpose for which personal information was collected in certain circumstances. These include:

  • where you have provided consent to disclosure for a secondary purpose
  • where the secondary disclosure of your personal information is authorised or required by or under law
  • where you would reasonably expect NFP Lawyers to use it for that secondary purpose, and the information is related to the primary purpose of collection or, in the case of sensitive information, directly related to the primary purpose
  • where a permitted general situation exists in relation to the use or disclosure of the information by NFP Lawyers

Direct Marketing

If you consent to your personal information being used for direct marketing, we may use your personal information to provide you with information about changes in the law or general legal information. If you do not wish to receive such information, you can opt-out at any stage. If you decide to opt-out, you will be removed from LFA's marketing database to ensure that you do not receive future direct marketing material.

 

There may be times, however, when the law requires us to provide certain information to you (for example health and safety information). We will continue to send this information to you.

 

Overseas Disclosure of Personal Information

Transfer of information overseas would normally only occur for data processing purposes, for example third party payment facilitators may process their data off-shore. NFP Lawyers will not transfer your personal information overseas or into the “cloud” unless we have taken reasonable steps to ensure that the information which is being transferred will not be held, used or disclosed by the recipient of the information in a manner which is inconsistent with the Australian privacy laws.

When you communicate with NFP Lawyers through a social network service such as LinkedIn, the social network provider and its partners may collect and hold your personal information overseas.

Certain tools, such as Google Analytics and Google reCAPTCHA will require data collected by these tools to be sent overseas and stored on Google’s servers. Google’s Cloud Data Processing Addendum provides that when collecting, using and storing data, it will comply with applicable laws, including Australian privacy laws.

 

Quality of personal information

To ensure that the personal information NFP Lawyers collects is accurate, up-to-date and complete, LFA:

  • records information in a consistent format;
  • where necessary, confirms the accuracy of information its collects from you or a third party such as your representative or health professional;
  • promptly adds updated or new personal information to existing records; and
  • audits its contact lists to check their accuracy from time to time and where necessary.

NFP Lawyers also reviews the quality of personal information before it uses or discloses it.

Personal Information Storage and Security Arrangements

We take reasonable steps to protect your personal information from interference, loss, misuse, unauthorised access, modification or disclosure. We may store your personal information indifferent forms, including in hardcopy and electronic form. We have established policies, procedures and systems to keep your personal information secure (including but not limited to password protection and securing physical storage arrangements).

Some data collected by tools such as Google Analytics and Google reCAPTCHA will be stored in cloud-based servers located across North America, Europe, South America and Asia . Data may be de-identified and anonymised so that individuals cannot be identified or re-identified from the data, before such data is sent overseas for storage. When data is not de-identified or anonymised, it will be stored and handled in a way that complies with Australian privacy laws.

 

Reasonable steps to protect personal information

NFP lawyers takes reasonable steps to protect the security of the personal information it holds from both internal and external threats through access security and monitoring controls, including:

  • regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information;
  • taking measures to address those risks, for example, by keeping a record (audit trail) of when someone has added, changed or deleted personal information held in NFP Lawyers’ electronic databases and regularly checking that staff only access those records they are permitted to and  when they need to; and
  • conducting regular internal and external audits to assess whether NFP Lawyers has adequately complied with or implemented these measures;
  • by implementing and regularly updating NFP Lawyers’ data breach response plan to ensure that NFP Lawyers meets its obligations under the notifiable data breach (NDB) scheme under the Privacy Act; and
  • by undertaking privacy impact assessments when information handling practices change, or new practices are introduced.

 

Destruction/deletion of personal information

When NFP Lawyers no longer requires your personal information, we will take reasonable steps to destroy, delete or de-identify your personal information in a secure manner. However, we may sometimes be required by law to retain certain personal information. For example, under the Legal Profession Act 2007 (Qld), we are required to retain client documents for a minimum of seven years after the competition or termination of your engagement unless you instruct us otherwise.

 

Accessing and Correcting your Personal Information

Correcting your personal information

So that we can carry out our activities and functions, it is important that the personal information we hold about you is complete, accurate and up to date. At any time, while we hold your personal information, we may request that you inform us of any changes to your personal information. Alternatively, if you believe that any of the personal information, we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading or needs to be corrected or updated, please contact us using our Contact Details below. We will respond to a request to correct your personal information within a reasonable time.

If we refuse to correct your personal information, you may request that we associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

 

Accessing your personal information

You may also request access to the personal information we hold about you by contacting us using our Contact Details provided below. We will respond to a request for access within a reasonable time - either by giving you access to the personal information requested, or by notifying you of our refusal to give access.

 

Access and correction arrangements generally

We may require you to submit your requests in writing and require that you verify your identity before we respond to any request.

We will not charge you an application fee for making a request to access the personal information we hold about you or for requesting any correction to your personal information.

However, in certain circumstances we may charge you a fee for providing you with access to your personal information, for example if you make multiple request for information, the information requested is voluminous or we incur third party costs in providing you with access to your personal information.

If we cannot respond to you within a reasonable time (generally within 30 days),we will contact you and provide a reason for the delay and an expected timeframe for finalising your request.

Please note that in certain circumstances, we are permitted by law to refuse to provide you with access to your personal information.

If we decide not to provide you with access to or correct your personal information, we will- provide you with written reasons for our decision and advise you of the further complaint mechanisms available to you.

 

1.1     Lodging a complaint

If you have a complaint about how we handled your personal information or about any decision to refuse access or correction of your personal information, please contact us using the Contact Details below. We will request that you lodge your complaint in writing.

We will acknowledge receipt of your complaint as soon as possible after receiving your written complaint. We will then investigate the circumstances of your complaint and provide you with a response within a reasonable timeframe.

If you are still not satisfied with how your complaint is handled by us, then you may lodge a formal complaint with the Office of the Australian Information Commissioner at:

  • Telephone: 1300 363 992 (if calling from outside Australia including Norfolk Island please call: +61 2 9284 9749)
  • National Relay Service:
    • TTY users phone 133 677 then ask for 1300 363 992
    •  Speak and Listen users phone 1300 555 727 then ask for 1300 363 992
    • Internet relay users connect to the National Relay Service then ask for 1300 363 992
  • Post: Office of the Australian Information Commissioner, GPO Box 5218, SYDNEY NSW2001
  • Fax: +61 2 9284 9666
  • Email: enquiries@oaic.gov.au
  • Website: http://www.oaic.gov.au/privacy/making-a-privacy-complaint

 

1.2     Our Contact Details

If you wish to contact us regarding our handling of your personal information or any of the matters covered in this Privacy Policy, you may do so in a number of ways.

You may contact us on:

 

1.3     Changes to our Privacy Policy

We welcome your questions and any suggestions you may have about our Privacy Policy.

We reserve the right to revise or supplement this Privacy Policy from time to time. Any updated version of this Privacy Policy will be posted on our website www.nfplawyers.com.au and will be effective from the date of posting. You should bookmark and periodically review this page to ensure that you are familiar with the most current version of this Privacy Policy so that you remain aware of the way we handle your personal information.

 

 

Version control

Approved by Director             September 2024