Application
We are committed to protecting the privacy and confidentiality of Personal Information we collect and handle in the course of providing our Services. This Privacy Policy explains how we collect, use, disclose, store and protect Personal Information in accordance with the Privacy Act and the Australian Privacy Principles.
We are an APP Entity for the purposes of the Privacy Act and are bound to observe the Australian Privacy Principles.
This Privacy Policy is intended to cover most Personal Information we handle but is not exhaustive. Other policies may override or supplement this Privacy Policy in certain circumstances. For example, when we collect Personal Information from you we may advise a specific purpose for collecting it, in which case we will handle your Personal Information in accordance with that purpose.
By providing us with Personal Information, you acknowledge that we may collect, use and disclose it in accordance with this Privacy Policy and applicable law.
If you have any queries about our handling of your Personal Information, please contact us for further information (see Contact details below).
Definitions
In this Privacy Policy:
APP Entity (which stands for "Australian Privacy Principles Entity") has the meaning given by the Privacy Act, and describes an organisation (including a partnership) that is bound by the Australian Privacy Principles;
Australian Privacy Principles are as set out in Schedule 2 of the Privacy Act;
Online Services means services or content provided by us electronically or via the Internet, including our websites, any content provided on those websites, any electronic communications exchanged with us, and content we provide using third-party services such as social media platforms;
Other Services means services or content that are provided by third parties, and not by us;
Personal Information has the meaning given by the Privacy Act, and essentially describes information or an opinion that identifies and is about a certain individual;
Privacy Act or Act means the Privacy Act 1988 (Cth) including the Australian Privacy Principles;
Sensitive Information has the same meaning as given by the Privacy Act;
Services means the services we provide, including legal and commercial services; and
we, us or our refers to:
- the Thomsons partnership;
- Thomson Geer Services Pty Ltd ATF for the TG Services Trust.
Notification of collection
When we collect your Personal Information, we take steps to ensure you are aware of certain details concerning our handling of your Personal Information. This Privacy Policy provides those details as they would typically apply in many situations. Specifically, for:
- the purposes for which we collect Personal Information, see the section headed Personal Information we collect and hold and why;
- third parties we would usually disclose Personal Information to, see the section headed Who we disclose Personal Information to;
- whether we are likely to disclose it to overseas recipients and where practicable the countries in which they are located, see the section headed Disclosing Personal Information overseas;
- whether there are laws or court or tribunal orders which require or authorise us to collect Personal Information, see the section headed Legal requirements for collection; and
- the main consequences for you if you fail to provide Personal Information, see the section headed Consequences of failure to provide Personal Information.
However, depending on our specific interaction with you, different details may apply. If we do not notify you of such other details, the details in this Privacy Policy apply.
We receive any Personal Information about a third party that you provide to us on the understanding that you are entitled to disclose that Personal Information to us and have ensured that the third party is aware that we have collected their Personal Information, the circumstances in which we have done so, and that our Privacy Policy will apply to the handling of their Personal Information.
Personal Information we collect and hold and why
Generally speaking, we collect Personal Information in order to provide our Services.
The nature of the relationship we have with you, the Services we provide, and the particulars of any matter in which we act, will determine the information we collect. The Personal Information we collect may include:
- your name, address, email address and telephone number;
- bank details and credit card details (such as card number and expiry date);
- information contained in a resume if you apply for a position with us; and/or
- information provided by you or a third party in the course of our provision of Services or a legal matter in which we are acting.
The purposes for which we handle Personal Information depend on your dealings with us, but generally they may include enabling us to:
- provide our Services to you or our client;
- communicate with you (including providing information you request, responding to your enquiries, handling complaints, or otherwise facilitating the purpose for which you have contacted us);
- manage matters that we handle for you or our client;
- handle payments and manage credit;
- verify your identity if required;
- inform you about industry developments, or provide marketing and promotional information regarding our Services such as newsletters (see Marketing below);
- send invitations to and manage events;
- seek feedback from you and perform market research; and/or
- generally carry on our business (including maintaining our business records and ensuring compliance with our legal, regulatory and insurance obligations).
Sensitive Information
We do not usually collect Sensitive Information (such as information about racial or ethnic origin, criminal history, religious beliefs or health information) unless required in the course of providing Services, or where the collection is permitted by law. If we do collect your Sensitive Information, we do so with your consent and only if reasonably necessary for our functions or activities.
We will assume you have consented to us collecting, using and disclosing (in accordance with this Privacy Policy) all information that you provide to us, including any Sensitive Information, unless you tell us otherwise at the time of collection.
If we request your Sensitive Information but you have any concerns providing it, please let us know.
Legal requirements for collection
There will not usually be Australian laws or court or tribunal orders that require or authorise us to collect your Personal Information, but should that be the case in specific circumstances we will take reasonable steps to notify you.
Consequences of failure to provide Personal Information
If you do not provide Personal Information we request, or if the Personal Information supplied is inaccurate or incomplete, we may be unable to provide Services, or the quality of our Services and the accuracy of advice we provide may be compromised.
You have the option of not identifying yourself, or of using a pseudonym, when dealing with us unless it is legally necessary or impracticable for us to deal with individuals who are not identified. If we request your Personal Information but you would prefer to remain anonymous, please let us know. We will notify you if we require you to be correctly identified for a particular interaction.
How do we collect Personal Information?
We aim to collect Personal Information directly from you, for example when you send us emails, during meetings and interviews, during telephone or video calls, from your business card, and if you attend our events.
We may also collect Personal Information:
- through our Online Services and by other electronic communication channels (for example if you post a comment on one of our blogs or social media accounts);
- from parties we refer you to, such as medical professionals or other experts;
- from credit reporting and fraud checking agencies;
- from debt collection agencies if you default in payment to us;
- from your employees, employer, or other employees of your employer (for example, if your employer is our client);
- from your personal referees;
- from other third parties, for example in the course of a matter in which we are acting;
- from publicly-available sources of information; and/or
- when we are permitted or required to do so by law (including the Privacy Act).
How do we use your Personal Information?
We may use your Personal Information for the purpose for which it was collected (such as to provide you with Services), and for other purposes permitted by the Privacy Act.
For example, we may use your Personal Information:
- with your consent;
- for purposes related to the purpose for which it was collected that we consider would be within your reasonable expectations;
- to comply with our contractual, legal, professional and ethical obligations;
- for insurance purposes;
- if you default in a payment to us (where we may use your Personal Information to recover that debt);
- to advise you of other services or information which may be of interest to you (see Marketing below); and/or
- as otherwise required or permitted by law.
Marketing
We do not disclose your Personal Information to any third party for marketing purposes.
From time to time we may use your Personal Information to provide you with information on legal issues or to invite you to briefings or events we host. We do not, however, use Sensitive Information for this purpose.
You may opt out of receiving direct marketing communications from us at any time. To do so, please use the opt-out function included in those communications or contact our Privacy Officer (see Contact details below) and we will remove your details from our marketing database.
There are no consequences of opting-out of receiving these communications except that you will no longer receive them, and you may elect to re-join our communications list at a later time should you wish to do so.
Disclosing Personal Information
If you provide Personal Information to us in the context of us providing legal advice to you, that information may be protected by legal professional privilege. In addition, we are bound by obligations of confidentiality if we are in a client-solicitor relationship with you.
If these obligations apply, your Personal Information will be protected from disclosure, other than where we are specifically required by law or a court order to disclose it or where disclosure is in accordance with your instructions.
We may disclose your Personal Information to third parties for the purpose for which it was collected (such as to provide you with Services), with your consent, or for other purposes permitted by the Privacy Act.
For example, we may disclose Personal Information:
- for purposes related to the purpose for which it was collected that we consider would be within your reasonable expectations (for example, as a result of disclosure in a court action, during court proceedings, for briefing and instructing counsel or disclosure to an expert); or
- where otherwise required or permitted by law (such as the Act or a court order), for example if disclosure will prevent or lessen a serious threat to someone's life, health or safety, or if required to investigate suspected fraud or other unlawful activity.
Who we may disclose Personal Information to
Examples of third parties to whom we may disclose Personal Information are (as applicable in the circumstances):
- counsel or experts we engage with your consent in the course of our provision of the Services;
- agents or advisers we engage to assist in the provision of the Services (eg, accountants, business advisers, or legal advisers in other jurisdictions relevant to your matter);
- our auditors, insurers and other professional advisers;
- certain suppliers who provide services to or for us or support us in our provision of the Services (for example, those who support or maintain our computer systems, electronic records, websites and social media accounts, or provide payment processing or other services); and/or
- anyone else you authorise us to disclose the information to.
We endeavour to ensure third parties are only given the Personal Information necessary to achieve the relevant purpose, and that they are bound by appropriate obligations to ensure the information is only used for the limited purposes for which we have provided it.
Disclosing Personal Information overseas
Personal information may be stored or processed on servers located overseas, however generally we retain effective control over such data.
In some cases we may be required to disclose Personal Information outside of Australia, for example if a matter involves proceedings in a foreign jurisdiction, if you are involved in a transaction or dispute which involves another country, or if specialist advice is required from an overseas lawyer or expert. In these circumstances you will be advised in the course of the matter when and to whom Personal Information will be disclosed.
If Personal Information is disclosed overseas, the overseas recipient may not be subject to privacy obligations or principles similar to the Australian Privacy Principles or legal professional privilege. An overseas recipient may be subject to a foreign law which might compel disclosure of Personal Information to a third party, for example an overseas government or regulatory authority.
In some cases of disclosure to an overseas recipient, you may not be able to seek redress under the Privacy Act or in the overseas jurisdiction, and we will not be liable under the Act if you consent to the disclosure after we have informed you that we will not take steps to ensure the overseas recipient complies with the Australian Privacy Principles.
Online or electronic transmission of Personal Information
While we take reasonable steps to protect information transmitted electronically, transmission over the Internet is not completely secure and we cannot guarantee the security of information transmitted to us electronically.
If you send us an email, the information in your email (including any Personal Information) may be retained on our systems in accordance with applicable email retention policies and procedures. Please see also How we store, retain and protect your Personal Information below.
Our website uses "cookies", which may identify your device to our servers when you visit our website. Our website may request to store cookies on your device in order to improve the user experience (for example, by delivering content customised for you). If you do not want information collected through the use of cookies, you may be able to configure your Internet browser to disable them. We do not attempt to specifically identify and track individuals using cookies.
If you access Other Servicesfrom or via our Online Services and/or if you provide Personal Information to Other Services, you do so in accordance with the policies and terms and conditions applicable to those Other Services. We are not responsible for the privacy practices of organisations that operate Other Services, even when we have linked to them. This Privacy Policy applies only in respect of our Online Services.
How we store, retain and protect your Personal Information
We may hold Personal Information in electronic or hard-copy formats, such as in our information systems and physical files.
We take reasonable steps (including both technical and organisational measures) to protect Personal Information we hold from misuse, interference and loss as well as unauthorised access, modification or disclosure. Our procedures to securely store Personal Information include electronic and physical security measures such as the use of password protection (with strong password selection policies), two-factor authentication to access certain systems via public networks, and physical building access controls for access to our premises.
We take steps to ensure those who work with us are aware of the legal obligations with respect to confidentiality and privacy that apply, including staff training.
However, we cannot and do not guarantee that Personal Information we hold will be protected against unauthorised access or misuse. Unfortunately, no system or methodology for holding information can be guaranteed as entirely secure.
We may retain physical matter files for at least seven years after the matter has been completed and we close our file.
Personal Information may also be retained if we consider it necessary to do so to comply with any applicable law or our insurance or governance obligations, to collect any monies owed, to resolve disputes, or as part of our IT systems archival processes.
Once we no longer require your Personal Information for any purpose for which we can lawfully use or disclose it, then we will generally take reasonable steps in the circumstances to destroy or de-identify that Personal Information.
No data extraction
You must not use automated means, including bots, scrapers or AI systems, to access, collect or extract data from our Online Services without our prior written consent. We do not authorise use of our Online Services by artificial intelligence agents or processes (including use of our content to train AI models).
Data breach
If we suspect there has been loss of or unauthorised access to or disclosure of Personal Information we hold, we will undertake a prompt investigation which will include an assessment of whether the incident is likely to result in serious harm to an individual. If that is the case, we will comply with the requirements of the Privacy Act, which may require notification to the Office of the Australian Information Commissioner and affected individuals.
If you believe that a data breach may have occurred, please contact our Privacy Officer as soon as possible so that we may investigate and, if necessary, undertake appropriate containment, risk mitigation and notification activities as required.
Individuals who apply to work for us
We will collect Personal Information about you if you apply for a position with us, undertake a work experience or university placement, volunteer or otherwise request to work in our firm. This will include contact information, information in your resume (if applicable) and other Personal Information as appropriate to assess you for the role. Depending on the role you apply for, and consistent with our professional standards and obligations, we may also collect Sensitive Information such as details of any previous criminal convictions.
We will collect Personal Information from you directly and may also collect Personal Information from third parties (for example referees or employment agencies) or from publicly-available sources (such as professional networking platforms or social media sites). We will not collect Personal Information about you from another individual unless you have consented or we are legally permitted to do so.
We will only use or disclose your Personal Information for the purpose of:
- considering your application;
- establishing the relevant legal relationship with you (eg, as an employee) if your application is successful; and
- otherwise as permitted by law (including the Privacy Act).
Access and correction
You may contact us to request access to or correction of your Personal Information. You may do so by contacting our Privacy Officer (see Contact details below), or if you prefer you may contact a Partner with whom you have an existing relationship.
We will respond to your request for access within a reasonable period after the request is made. We may require you to comply with certain procedures before we allow access to or amendment of your Personal Information (eg, providing satisfactory identification), in order to ensure the integrity and security of the information that we hold. These processes are designed to protect you and other individuals from unauthorised access.
We may require you to pay certain costs in order to access your Personal Information held by us. We will advise the amount payable (if any) once we have assessed your request. We will not however charge a fee for you to lodge a request for access to your Personal Information.
If access is granted, we will allow you to access the Personal Information in the manner you request if it is reasonable and practicable to do so.
We may refuse to allow access or to amend your Personal Information if we are legally required or permitted to do so. In that case, we will provide you with written reasons for the refusal (unless it is unreasonable to do so) and information about how you may complain about the refusal.
We will take reasonable steps to ensure that the Personal Information we collect is accurate, up-to-date and complete, and the Personal Information we use and disclose is accurate, up-to-date, complete and relevant. If we are satisfied that any Personal Information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.
Please let us know if your Personal Information changes, so that we may ensure our records are kept up-to-date.
How to complain if you believe we have breached the Australian Privacy Principles
If you believe that we have breached our privacy obligations or your privacy rights, please contact our Privacy Officer (see Contact details below).
You may lodge a complaint with our Privacy Officer. Your complaint will be promptly considered and dealt with by our Privacy Officer or other nominated representative, who may escalate the complaint internally within our firm if the matter is serious or if necessary to resolve it.
Please allow us a reasonable time to respond to a complaint. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (see Contact details below).
Changes
We may amend this Privacy Policy at any time and, if we do so, we will provide the updated version on our website.
Contact details
If you would like further information regarding this Privacy Policy or our handling of Personal Information, or have any concerns regarding our privacy practices, please contact our Privacy Officer at privacy@thomsons.com.au.
If you would like further information regarding Australian privacy law or wish to make a privacy complaint (see also How to complain if you believe we have breached the Australian Privacy Principles above), please visit the website of the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.