A data breach has been reported and some user data may have been compromised.
Click here to read more about the incident and check if it affected you.
In this Policy:
‘RBG Lawyers’, ‘Our’, ‘We’ or ‘Us’ refers to RBG Services Pty Ltd ACN 124 911 388.
‘You’ or ‘Your’ refers to the anyone from whom We collect information.
We respect the privacy of personal information and have published this policy to provide practical guidance outlining the usual ways We treat that information.
We collect, hold, use and disclose personal information to carry out Our business functions and activities. These functions and activities involve providing legal services to individuals, businesses and government bodies. The personal information We collect may also be used for other ancillary business activities, such as marketing and the operation of Our websites.
Personal Information: Personal Information has the meaning given to it under the Act. As such, it means:
information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.
Sensitive Information: Sensitive Information has the meaning given to it under the Act and may include information about Your health, race, ethnicity, beliefs, criminal history, political or other associations and genetic or biometric information.
Generally, We try to only collect the information We need for the function or activity We are carrying out.
The main way We collect Personal Information is when You provide it to Us, upon engaging Us in the provision of legal services or through Our website (for example, if You submit a request to be contacted via Our website, then We will collect the Personal Information contained in the request).
We may also collect Your Personal Information from publicly available sources (such as the Australian Securities and Investments Commission) or third-party clients who provide it to Us in connection with their legal matter (to enable Us to deal with You on their behalf, for example).
Examples of Personal Information We may collect directly or indirectly include the following:
The above list does not cover all the different types of information We may collect from time to time, rather it sets out the main types of information We collect on a regular basis. As the Personal Information We collect varies on a case by case basis (e.g. depending on Your relationship with Us), please contact Us, using the details set out at the end of this policy if You would like to know, specifically, what Personal Information We have collected from You.
If We receive Personal Information about You that We have not requested, and We determine that We could not have lawfully collected that information under the APPs had We asked for it, We will destroy or de-identify the information if it is lawful and reasonable to do so.
In most situations, it is impractical for Us to deal with You anonymously. That is because for Us to conduct Our business, We need to know who We are dealing with. If You would like to be dealt with anonymously, and it is possible to do so, We will allow You to interact with Us anonymously or through a pseudonym.
It is unlikely that We will collect Your Sensitive Information.
There may be circumstances where We do need to collect Your Sensitive Information, such as where We are involved in court proceedings and Your sensitive information is required for Us to prosecute or defend those proceedings. In these cases, We will usually collect Sensitive Information directly from You. We will deal with all Sensitive Information in accordance with the law.
We generally disclose Personal Information only in connection with the purpose for which it was provided (including incidental purposes), where You have consented to the disclosure, or as part of Our regular business activities. We will not disclose or use Your Personal Information contrary to the law.
Personal Information may be disclosed to Our various service providers and advisers, such as those who host Our website services or manage Our Information Technology. For example, if We are having a technical fault in Our IT systems (such as issues in receiving or sending emails), then Our IT service providers may access Our systems to assist Us in rectifying that fault and in doing so they may have access to Your Personal Information that is stored on Our systems. Our service providers are bound by obligations of confidentiality and We have no reason to believe that they would use or disclose Your Personal Information for unlawful purposes.
Despite the above, We may also disclose and use Personal Information in other circumstances where the law allows Us to
While We do not directly disclose any Personal Information overseas, it may be held at locations outside of Australia in the following circumstances:
We will endeavour to obtain Your consent prior to disclosure of Your Personal Information to an overseas recipient in any circumstances not outlined above where those circumstances are not common in Our industry and such consent is required by law. If You no longer consent to Your information being disclosed overseas, please contact Us.
We may use Your contact information for direct marketing. If You do consent or would like to withdraw Your consent, You may opt-out of direct marketing at any time by notifying Us in writing. We will never sell Your information to anyone else.
Your Personal Information may be stored at the locations where We operate Our business in various forms (including in paper and electronic records), in secure cloud storage facilities and on servers operated or controlled by Us or Our service providers.
We take steps to protect the security of Personal Information We hold from inappropriate use or disclosure, including by implementing electronic security procedures (e.g. anti-virus software and password protection for Sensitive Information) and by imposing obligations of confidentiality on Our employees and contractors who may have access to Your Personal Information. Physical records containing Personal Information are generally stored at secure premises where public access is restricted.
We generally hold onto Personal Information until it is no longer needed for the purpose for which it was provided. If You would like Us to destroy or deidentify any Personal Information provided to Us, please let Us know and We will endeavour to do so to the extent that it is not impractical and We no longer require the information for purposes permitted by law.
The law may entitle You to request that We erase or destroy Your Personal Information in certain circumstances. Where You make such a request and there are no legal reasons for Us to retain Your Personal Information (such as where Your information is needed in connection with current or potential legal proceedings or You remain a contractor), then We will comply with such requests where required by law. If We are entitled to hold onto Your Personal Information, then the law may entitle You to request that We restrict access to Your Personal Information in certain circumstances and We will do so where required by law.
Please note that if We erase or destroy Your Personal Information then in the future We may not be able to contact You in relation to Our business activities and You may have to provide certain information again before We can deal with You.
We seek to ensure that Personal Information We collect is accurate, current, and complete. We do so by generally recording Personal Information in a consistent format, updating Our records as appropriate and (where We consider it necessary to do so) checking the accuracy of Personal Information collected by third parties or public sources. We request that You notify Us of any Personal Information that may be inaccurate, outdated, or incomplete.
You can request access and correction of Your Personal Information We hold in accordance with relevant laws.
Before We can deal with Your request, We will need to verify Your identity before We provide access to Your information or make any corrections to it and We may ask for evidence supporting Your requests for corrections. We will do Our best to respond to any requests within 30 days. If We refuse to provide access to or correct Your information, We will notify You of Our reasons in writing and comply with any applicable laws in that regard.
Generally, this process is free. However, in the event We do charge a fee that is permitted by law then You will be advised of the approximate fee in advance.
Please contact RBG Lawyers’ Privacy Officer (the contact details of which can be found below) if You wish to access Your personal information.
There are several ways in which We collect information through Our websites. We handle Personal Information obtained through Our websites in the same manner We deal with Personal Information obtained via other means.
Our websites generally collect ‘cookies’ when used. In case You were not already aware, cookies are small data files containing information transferred from websites onto computers or other devices for record-keeping purposes and to enhance website functionality. Cookies usually do not identify You personally unless You provide the website with Your name (e.g. in an enquiry). However, cookies may contain information in relation to how You access and interact with the website. Most browsers allow You to choose whether to accept cookies or not. Please set Your browser settings to reject all cookies before accessing Our website if You would prefer to avoid sharing cookies.
We may use analytics tools to collect data about Your integration with Our website and those analytics tools may be hosted by third parties. Any data collected this way will be used primarily for the purpose of improving Your experience when using Our websites. The type of information that analytics tools may collect includes Your device’s IP address, device screen size, device type (including operating system and browser information), the country in which You accessed the website, search terms and pages visited and times when website pages were accessed. We will not make decisions in relation to You based solely on automated processing (e.g. profiling) where doing so would have legal implications for You.
We take complaints and concerns regarding privacy seriously.
We request that any complaints relating to the way We have handled Your Personal Information be made in writing and sent to the contact named below. If We receive a complaint from You about the way We have handled Your Personal Information We will determine what (if any) action should be taken to resolve the complaint.
Any complaint will be investigated by Us and You will be notified of any decision relating to Your complaint as soon as is practicable after it has been made, usually within 30 days.
If We are unable to resolve Your complaint You may also contact the Office of the Australian Information Commissioner (OAIC). The OAIC will generally require You to give Us time to respond before they will investigate. For further information visit www.oaic.gov.au or call the OAIC on 1300 336 002.
We have a Privacy Officer (also referred to as a company representative) that has been appointed for the purposes of handling privacy related issues on Our behalf.
If You have any queries about this policy, Your rights under this policy (e.g. Your rights relating to access and correction of Personal Information) or You would like to raise any privacy concerns, please contact Us using the details set out below:
Telephone: (+61 7) 3009 9300
Address: Level 10, 300 Adelaide Street, Brisbane QLD 4000
If You are contacting Us via telephone, please ask to speak to Our Privacy Officer. Any email or postal correspondence should be marked “private and confidential” and addressed to the Privacy Officer at RBG Lawyers.