Application

We are committed to protecting the privacy and confidentiality of Personal Information we collect and handle in the course of providing our Services.  This Privacy Policy explains how we collect, use, disclose, store and protect Personal Information in accordance with the Privacy Act and the Australian Privacy Principles.

We are an APP Entity for the purposes of the Privacy Act and are bound to observe the Australian Privacy Principles.

This Privacy Policy is intended to cover most Personal Information we handle but is not exhaustive.  Other policies may override or supplement this Privacy Policy in certain circumstances. For example, when we collect Personal Information from you we may advise a specific purpose for collecting it, in which case we will handle your Personal Information in accordance with that purpose.

By providing us with Personal Information, you acknowledge that we may collect, use and disclose it in accordance with this Privacy Policy and applicable law.

If you have any queries about our handling of your Personal Information, please contact us for further information (see Contact details below).

Definitions

In this Privacy Policy:

APP Entity (which stands for "Australian Privacy Principles Entity") has the meaning given by the Privacy Act, and describes an organisation (including a partnership) that is bound by the Australian Privacy Principles;

Australian Privacy Principles are as set out in Schedule 2 of the Privacy Act;

Online Services means services or content provided by us electronically or via the Internet, including our websites, any content provided on those websites, any electronic communications exchanged with us, and content we provide using third-party services such as social media platforms;

Other Services means services or content that are provided by third parties, and not by us;

Personal Information has the meaning given by the Privacy Act, and essentially describes information or an opinion that identifies and is about a certain individual;

Privacy Act or Act means the Privacy Act 1988 (Cth) including the Australian Privacy Principles;

Sensitive Information has the same meaning as given by the Privacy Act;

Services means the services we provide, including legal and commercial services; and

we, us or our refers to:

Notification of collection

When we collect your Personal Information, we take steps to ensure you are aware of certain details concerning our handling of your Personal Information. This Privacy Policy provides those details as they would typically apply in many situations.  Specifically, for:

However, depending on our specific interaction with you, different details may apply.  If we do not notify you of such other details, the details in this Privacy Policy apply.

We receive any Personal Information about a third party that you provide to us on the understanding that you are entitled to disclose that Personal Information to us and have ensured that the third party is aware that we have collected their Personal Information, the circumstances in which we have done so, and that our Privacy Policy will apply to the handling of their Personal Information.

Personal Information we collect and hold and why

Generally speaking, we collect Personal Information in order to provide our Services.

The nature of the relationship we have with you, the Services we provide, and the particulars of any matter in which we act, will determine the information we collect.  The Personal Information we collect may include:

The purposes for which we handle Personal Information depend on your dealings with us, but generally they may include enabling us to:

Sensitive Information

We do not usually collect Sensitive Information (such as information about racial or ethnic origin, criminal history, religious beliefs or health information) unless required in the course of providing Services, or where the collection is permitted by law.  If we do collect your Sensitive Information, we do so with your consent and only if reasonably necessary for our functions or activities.

We will assume you have consented to us collecting, using and disclosing (in accordance with this Privacy Policy) all information that you provide to us, including any Sensitive Information, unless you tell us otherwise at the time of collection.

If we request your Sensitive Information but you have any concerns providing it, please let us know.

Legal requirements for collection

There will not usually be Australian laws or court or tribunal orders that require or authorise us to collect your Personal Information, but should that be the case in specific circumstances we will take reasonable steps to notify you.

Consequences of failure to provide Personal Information

If you do not provide Personal Information we request, or if the Personal Information supplied is inaccurate or incomplete, we may be unable to provide Services, or the quality of our Services and the accuracy of advice we provide may be compromised.

You have the option of not identifying yourself, or of using a pseudonym, when dealing with us unless it is legally necessary or impracticable for us to deal with individuals who are not identified.  If we request your Personal Information but you would prefer to remain anonymous, please let us know.  We will notify you if we require you to be correctly identified for a particular interaction.

How do we collect Personal Information?

We aim to collect Personal Information directly from you, for example when you send us emails, during meetings and interviews, during telephone or video calls, from your business card, and if you attend our events.

We may also collect Personal Information:

How do we use your Personal Information?

We may use your Personal Information for the purpose for which it was collected (such as to provide you with Services), and for other purposes permitted by the Privacy Act.

For example, we may use your Personal Information:

Marketing

We do not disclose your Personal Information to any third party for marketing purposes.

From time to time we may use your Personal Information to provide you with information on legal issues or to invite you to briefings or events we host.  We do not, however, use Sensitive Information for this purpose.

You may opt out of receiving direct marketing communications from us at any time.  To do so, please use the opt-out function included in those communications or contact our Privacy Officer (see Contact details below) and we will remove your details from our marketing database.

There are no consequences of opting-out of receiving these communications except that you will no longer receive them, and you may elect to re-join our communications list at a later time should you wish to do so.

Disclosing Personal Information

If you provide Personal Information to us in the context of us providing legal advice to you, that information may be protected by legal professional privilege.  In addition, we are bound by obligations of confidentiality if we are in a client-solicitor relationship with you.

If these obligations apply, your Personal Information will be protected from disclosure, other than where we are specifically required by law or a court order to disclose it or where disclosure is in accordance with your instructions.

We may disclose your Personal Information to third parties for the purpose for which it was collected (such as to provide you with Services), with your consent, or for other purposes permitted by the Privacy Act.

For example, we may disclose Personal Information:

Who we may disclose Personal Information to

Examples of third parties to whom we may disclose Personal Information are (as applicable in the circumstances):

We endeavour to ensure third parties are only given the Personal Information necessary to achieve the relevant purpose, and that they are bound by appropriate obligations to ensure the information is only used for the limited purposes for which we have provided it.

Disclosing Personal Information overseas

Personal information may be stored or processed on servers located overseas, however generally we retain effective control over such data.

In some cases we may be required to disclose Personal Information outside of Australia, for example if a matter involves proceedings in a foreign jurisdiction, if you are involved in a transaction or dispute which involves another country, or if specialist advice is required from an overseas lawyer or expert.  In these circumstances you will be advised in the course of the matter when and to whom Personal Information will be disclosed.

If Personal Information is disclosed overseas, the overseas recipient may not be subject to privacy obligations or principles similar to the Australian Privacy Principles or legal professional privilege.  An overseas recipient may be subject to a foreign law which might compel disclosure of Personal Information to a third party, for example an overseas government or regulatory authority.

In some cases of disclosure to an overseas recipient, you may not be able to seek redress under the Privacy Act or in the overseas jurisdiction, and we will not be liable under the Act if you consent to the disclosure after we have informed you that we will not take steps to ensure the overseas recipient complies with the Australian Privacy Principles.

Online or electronic transmission of Personal Information

While we take reasonable steps to protect information transmitted electronically, transmission over the Internet is not completely secure and we cannot guarantee the security of information transmitted to us electronically.

If you send us an email, the information in your email (including any Personal Information) may be retained on our systems in accordance with applicable email retention policies and procedures.  Please see also How we store, retain and protect your Personal Information below.

Our website uses "cookies", which may identify your device to our servers when you visit our website.  Our website may request to store cookies on your device in order to improve the user experience (for example, by delivering content customised for you).  If you do not want information collected through the use of cookies, you may be able to configure your Internet browser to disable them.  We do not attempt to specifically identify and track individuals using cookies.

If you access Other Servicesfrom or via our Online Services and/or if you provide Personal Information to Other Services, you do so in accordance with the policies and terms and conditions applicable to those Other Services.  We are not responsible for the privacy practices of organisations that operate Other Services, even when we have linked to them.  This Privacy Policy applies only in respect of our Online Services.

How we store, retain and protect your Personal Information

We may hold Personal Information in electronic or hard-copy formats, such as in our information systems and physical files.

We take reasonable steps (including both technical and organisational measures) to protect Personal Information we hold from misuse, interference and loss as well as unauthorised access, modification or disclosure.  Our procedures to securely store Personal Information include electronic and physical security measures such as the use of password protection (with strong password selection policies), two-factor authentication to access certain systems via public networks, and physical building access controls for access to our premises.

We take steps to ensure those who work with us are aware of the legal obligations with respect to confidentiality and privacy that apply, including staff training.

However, we cannot and do not guarantee that Personal Information we hold will be protected against unauthorised access or misuse.  Unfortunately, no system or methodology for holding information can be guaranteed as entirely secure.

We may retain physical matter files for at least seven years after the matter has been completed and we close our file.

Personal Information may also be retained if we consider it necessary to do so to comply with any applicable law or our insurance or governance obligations, to collect any monies owed, to resolve disputes, or as part of our IT systems archival processes.

Once we no longer require your Personal Information for any purpose for which we can lawfully use or disclose it, then we will generally take reasonable steps in the circumstances to destroy or de-identify that Personal Information.

No data extraction

You must not use automated means, including bots, scrapers or AI systems, to access, collect or extract data from our Online Services without our prior written consent.  We do not authorise use of our Online Services by artificial intelligence agents or processes (including use of our content to train AI models).

Data breach

If we suspect there has been loss of or unauthorised access to or disclosure of Personal Information we hold, we will undertake a prompt investigation which will include an assessment of whether the incident is likely to result in serious harm to an individual.  If that is the case, we will comply with the requirements of the Privacy Act, which may require notification to the Office of the Australian Information Commissioner and affected individuals.

If you believe that a data breach may have occurred, please contact our Privacy Officer as soon as possible so that we may investigate and, if necessary, undertake appropriate containment, risk mitigation and notification activities as required.

Individuals who apply to work for us

We will collect Personal Information about you if you apply for a position with us, undertake a work experience or university placement, volunteer or otherwise request to work in our firm.  This will include contact information, information in your resume (if applicable) and other Personal Information as appropriate to assess you for the role.  Depending on the role you apply for, and consistent with our professional standards and obligations, we may also collect Sensitive Information such as details of any previous criminal convictions.

We will collect Personal Information from you directly and may also collect Personal Information from third parties (for example referees or employment agencies) or from publicly-available sources (such as professional networking platforms or social media sites).  We will not collect Personal Information about you from another individual unless you have consented or we are legally permitted to do so.

We will only use or disclose your Personal Information for the purpose of:

Access and correction

You may contact us to request access to or correction of your Personal Information.  You may do so by contacting our Privacy Officer (see Contact details below), or if you prefer you may contact a Partner with whom you have an existing relationship.

We will respond to your request for access within a reasonable period after the request is made.  We may require you to comply with certain procedures before we allow access to or amendment of your Personal Information (eg, providing satisfactory identification), in order to ensure the integrity and security of the information that we hold.  These processes are designed to protect you and other individuals from unauthorised access.

We may require you to pay certain costs in order to access your Personal Information held by us.  We will advise the amount payable (if any) once we have assessed your request.  We will not however charge a fee for you to lodge a request for access to your Personal Information.

If access is granted, we will allow you to access the Personal Information in the manner you request if it is reasonable and practicable to do so.

We may refuse to allow access or to amend your Personal Information if we are legally required or permitted to do so. In that case, we will provide you with written reasons for the refusal (unless it is unreasonable to do so) and information about how you may complain about the refusal.

We will take reasonable steps to ensure that the Personal Information we collect is accurate, up-to-date and complete, and the Personal Information we use and disclose is accurate, up-to-date, complete and relevant.  If we are satisfied that any Personal Information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will amend our records accordingly.

Please let us know if your Personal Information changes, so that we may ensure our records are kept up-to-date.

How to complain if you believe we have breached the Australian Privacy Principles

If you believe that we have breached our privacy obligations or your privacy rights, please contact our Privacy Officer (see Contact details below).

You may lodge a complaint with our Privacy Officer.  Your complaint will be promptly considered and dealt with by our Privacy Officer or other nominated representative, who may escalate the complaint internally within our firm if the matter is serious or if necessary to resolve it.

Please allow us a reasonable time to respond to a complaint.  If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (see Contact details below).

Changes

We may amend this Privacy Policy at any time and, if we do so, we will provide the updated version on our website.

Contact details

If you would like further information regarding this Privacy Policy or our handling of Personal Information, or have any concerns regarding our privacy practices, please contact our Privacy Officer at privacy@thomsons.com.au.

If you would like further information regarding Australian privacy law or wish to make a privacy complaint (see also How to complain if you believe we have breached the Australian Privacy Principles above), please visit the website of the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.