Privacy Policy
1. Introduction
1.1. Staltare Law Company Pty Ltd (Staltare Law Company) is committed to protecting your privacy. This Privacy Policy (Policy) explains how we manage personal information about individuals who are not employees. Paragraph 12 explains the position concerning employees.
1.3. This Policy, together with our website Terms of Use and any other documents referred to in it, sets out:
(a) the types of personal information we collect;
(b) how we collect and process that information;
(c) who we share it with in relation to the services we provide; and
(d) certain rights and options that you have in this respect.
2. Meaning of ‘personal information’
2.1. As defined in the Act, ‘personal information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(a) whether the information or opinion is true or not; and
(b) whether the information or opinion is recorded in a material form or not.
3. How we collect your ‘personal information’
3.1. We collect and hold personal information relating to our clients and to other people and entities associated with our clients as may be provided or disclosed to us in the course of business. Such personal information may include, but is not limited to, names, tax file numbers, addresses, telephone numbers, social media details, email addresses, occupations, wage records, bank account details, asset and investment details, financial planning records, taxation records, medical records and relationship details.
3.2. Personal information is collected from our clients in the following ways:
(a) by providing it to us directly;
(b) by authorising third parties to provide it to us;
(c) by other parties providing it to us either voluntarily or pursuant to compulsory processes we conduct on our client’s behalf.
4. Right to withdraw consent
4.1. If you choose not to provide personal information, or withdraw consent to our use or disclosure of such information, we may not be able to provide some of the services you have requested from us.
4.2. Without collecting your personal information, we would not be able to provide you with some of our services.
5. How is personal information received and held?
5.1. Personal information may be received and held either as a hard copy, paper, or a soft copy being electronic data, in any available form. In either case, we take the security of personal information very seriously.
5.2. We secure hard copy documents carefully in and out of our office. We use cyber-security systems to protect soft copy documents.
5.3. We never ask for bank details or other sensitive information by email or SMS communications. We will always ask for these details either in person, via telephone or by letter sent to your nominated postal address.
6. For what purpose is personal information collected, held, used and disclosed?
6.1. All data is processed by Staltare Law Company on a lawful basis. The purposes for which we collect, hold, use and disclose personal information are:
(a) to offer our products and services to our clients. In doing so we may disclose personal information to other people or entities involved in the provision of the product or service, such as government departments and individuals. Unless compelled by law, we will never disclose personal information without the client’s knowledge and consent;
(b) to facilitate our internal and external administrative processes including financial and business operations and reporting requirements;
(c) to obtain, maintain and comply with the terms of our professional indemnity and other insurance policies; and
(d) to comply with applicable laws.
7. Information about other people
7.1. If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that:
(a) they understand how their information will be used; and
(b) they have given their permission for you to:
(i) disclose it to us; and
(ii) allow us and any of our outsourced service providers to use it.
8. Marketing
8.1. Staltare Law Company may send legal updates or other communications to you where we have a business relationship with you or you have consented. If you no longer wish to receive our marketing information, you can opt out at any time by using the contact details provided below, or by ‘unsubscribing’ from our email marketing messages.
8.2. We do not disclose your personal information (including your email address) to any third party for the purpose of allowing them to market their products or services to you.
9. Sensitive information
9.1. Staltare Law Company does not collect any ‘sensitive information’ as that term is defined in used in s 6(1) of the Act. It includes information relating to your racial or ethnic origin, membership of political bodies, religion or trade unions, sexual preferences or activities, criminal record, state of health or medical history, unless it is reasonably required for the purposes of providing our services to you.
9.2. If we hold any sensitive information about you, it will only be used and disclosed by us for the purpose that it was collected or otherwise in accordance with the law.
10. Accessing or correcting your personal information
10.1. You may request access to your personal information or seek correction of it at any time by writing request to privacy@staltarelawco.com.au.
10.2. If we agree to provide access, before we release or amend any of your personal information, we will formally identify you. We may also seek to recover our reasonable costs from you for the work involved in preparing and giving access to your personal information.
10.3. If we refuse access, we will provide you with a written notice which sets out the reasons for the refusal and how you can take further steps in relation to our refusal. We will not be able to provide a reason if the law prevents us from specifying a reason.
10.4. Please be aware that due to our professional obligations, we may not be able to confirm that we act for a particular client or whether we hold any information about any person at a particular time or at all.
10.5. Staltare Law Company will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
11. Overseas disclosure
11.1. We do not routinely disclose personal information overseas. However, we do disclose personal information overseas when it is specifically appropriate to providing our legal services for a particular client.
11.2. If we do disclose your information, we ensure that the recipient is bound by an obligation of confidentiality where it is lawful and appropriate to do so. Please note that if information is disclosed to a court or a government body, it will usually not be possible to require that it be kept confidential.
12. How long we keep your personal data
12.1. We only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including but not limited to the purposes of:
(a) satisfying any legal, accounting, or reporting requirements; and,
(b) where required for Staltare Law Company to assert its rights or defend against any legal claims,
until the end of the relevant retention period or until the claims in question have been settled.
12.2. If you want to learn more about our specific retention periods for your personal data established in our retention policy, please contact us at privacy@staltarelawco.com.au.
12.3. Upon expiry of the applicable retention period, we will securely destroy your personal data in accordance with applicable laws and regulations.
13. Complaints process relating to personal information
13.1. If you have any enquiries, concerns or complaints about this Policy, our handling of your personal information or our compliance with the Act or the APP, please contact us at privacy@staltarelawco.com.au.
13.2. We will investigate your complaint and provide you with a response within a reasonable time and in accordance with our legal obligations.
13.3. If you are not satisfied with our response to your complaint, you may seek a review by contacting the Office of the Australian Information Commissioner (OAIC) on 1300 363 992 or via its website at oaic.gov.au.
14. Data breaches
14.1. All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.
15. What is an eligible data breach?
15.1. An eligible data breach, defined in s 26WE(2) of the Act, is when:
(a) both of the following conditions are satisfied:
(i) there is unauthorised access to, or unauthorised disclosure of, the information
(ii) a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates; or
(b) the information is lost in circumstances where:
(i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
(ii) assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates;…
16. Suspected data breach
16.1. If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days.
16.2. If we believe or have reasonable grounds to believe that there has been a breach, then a statement will be prepared setting out:
(a) the business’ details;
(b) a description of the breach;
(c) the kind or kinds of information concerned; and
(d) recommendations about the steps that we will take in response to it.
16.3. If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable, we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.
16.4. The statement will be submitted to the Privacy Commissioner.
17. Exception to reporting
17.1. Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.
18. Contact details and further information
If you have any queries or wish to make a complaint about our privacy practices or our compliance with the Act or APP, please contact us at privacy@staltarelawco.com.au.
19. Changes to this Policy
Staltare Law Company may amend this Policy from time to time without notice to you. The updated policy will be published on our website at staltarelawco.com.au and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to this Policy.
This Policy was [published] [last amended] on 1 August 2023.
20. Employees’ personal information
20.1. We collect information in relation to employees as part of the application process and during the course of their employment, either from them or in some cases from third parties such as recruitment agencies. This may include information about the employee’s health, their right to work in Australia, or other sensitive information. For some roles, employees may need to obtain a security clearance or provide their criminal record.
20.2. Under the Act, personal information about a current or former employee may be held, used or disclosed in any way that is directly connected to the employment relationship. We handle employee information in accordance with legal requirements and our applicable policies in force from time to time.