The Shape Group Pty Ltd (ABN 87 119 674 038) (we, us, our) are committed to protecting your privacy, in accordance with applicable Australian privacy laws.
This Policy is designed to give you a greater understanding of how we collect, use, disclose and otherwise handle personal information, and the steps we take to protect it. It does not cover our client confidentiality obligations (which are set out in our terms of engagement) or our privacy obligations in respect of credit reporting.
1.2 WHAT IS PERSONAL INFORMATION?
Personal information means information or an opinion, whether true or not and whether recorded in a material form or not, about an individual who is identified or reasonably identifiable.
1.3 OUR OBLIGATIONS
We are required to comply with the Australian Privacy Principles (APPs) in the Privacy Act. The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection to use and disclosure, storage, accessibility and disposal.
We are also required to comply with more specific privacy legislation in some circumstances, such as:
- applicable State and Territory health privacy legislation (including the Victorian Health Records Act) when we collect and handle health information in the relevant jurisdiction; and
- the Spam Act; and
- the Do Not Call Register Act.
1.4 EMPLOYEE RECORDS
2. What we collect
The type of personal information that we collect about you depends on the type of dealings you have with us. For example, if you:
- are a client of ours, we will collect your name, job title, address, contact details, information about your company and projects;
- ask to be placed on one of our mailing lists, we will collect your name, address and contact details;
- supply goods or services to us, we will collect your name, address, contact details and financial details for payment purposes;
- send us an enquiry or provide us with feedback, we will collect your name, contact details and details of your enquiry or feedback;
- apply for a job with us, we will collect the information you include in your job application, including your cover letter, resume, contact details and referee reports.
2.2 SENSITIVE INFORMATION
Sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. It includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual preferences or practices, criminal record and some types of biometric information.
We only collect sensitive information where it is reasonably necessary for our functions or activities and either:
- the individual has consented; or
- we are required or authorised by or under law (including applicable privacy legislation) to do so.
2.3 COLLECTION OF INFORMATION OTHER THAN PERSONAL INFORMATION THROUGH OUR WEBSITE
When you visit our website, or one of our client portals, some of the information that is collected about your visit is not personal information, as it does not reveal your identity.
Site visit information
For example, we record your server address, the date and time of your visit, the pages you visited, any documents you downloaded, the previous site you visited and the type of device, browser and operating system you used.
We use and disclose this information in anonymous, aggregated form only for purposes including statistical analysis and to assist us to improve the functionality and usability of our website. You are not individually identified, however we reserve the right to use or disclose this information to try to locate an individual where we reasonably believe that the individual may have engaged in any unlawful or inappropriate activity in connection with our website, or where we are otherwise required or authorised by law to do so.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use do not identify individual users although they do identify the user’s internet browser.
We only use non-persistent cookies. That is, they are held on your browser’s memory only for the duration of your session.
Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used. There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website.
3. How we collect personal information
3.1 METHODS OF COLLECTION
In the course of providing legal services, we collect personal information in a number of ways, including:
- in person (for example, at a meeting or function);
- through one of our websites;
- over the telephone (including through voice mail messages left on our telephone system);
- through written correspondence (such as emails, letters and faxes);
- from third parties, including: credit reporting bodies and credit providers;
- from regulatory authorities; and/or
- from public registers (for example, by conducting searches of the ASIC database or from other publicly available sources).
4. Why we collect personal information
The main purposes for which we collect, hold, use and disclose personal information are to:
- provide our clients with marketing services;
- maintain cyber security;
- send you information if you are on one of our mailing lists;
- obtain goods and services;
- perform research and statistical analysis, including for customer satisfaction and service improvement purposes;
- protect the security of our offices, staff, clients and the property held on our premises;
- answer queries and resolve complaints; and
- recruit staff and contractors.
We may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or which are:
required or authorised by or under law (including, without limitation, privacy legislation); or
for which you have provided your consent.
4.1 DIRECT MARKETING
We may use your personal information to send you information about our products and services, including marketing updates and invitations to seminars and functions and relevant products and services of third parties either where we have your express or implied consent, or where we are otherwise permitted by law to do so. We may contact you for these purposes in a variety of ways, including by mail, email, SMS, telephone or social media campaigns.
Where you have consented to receiving these communications from us, that consent will remain current until you advise us otherwise. However, you can opt out at any time, by:
- contacting our Privacy Officer (details under heading 9 below); or
- using the unsubscribe facility that we include in our commercial electronic messages (such as emails and SMSs) to opt out of receiving those messages.
5. WHO WE MAY SHARE YOUR PERSONAL INFORMATION WITH
We may share your personal information with third parties where appropriate for the purposes set out under heading 4, including:
- financial institutions for payment processing;
- credit reporting bodies and credit providers;
- government regulators;
- referees whose details are provided to us by job applicants;
- our contracted service providers
In each case, we may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.
6. Data quality and security
We hold personal information in a number of ways, including in hard copy documents, electronic databases, email contact lists, and in paper files held in drawers and cabinets. Paper files may also be archived in boxes and stored offsite in secure facilities. We take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant;
- protect the personal information that we hold from misuse, interference and loss and from unauthorised access, modification or disclosure; and
- destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the APPs.
You can help us keep your information up to date, by letting us know about any changes to your details, such as your address, email address or phone number.
The steps we take to secure the personal information we hold include website protection measures (such as firewalls and anti-virus software), security restrictions on access to our computer systems (such as login and password protection), controlled access to our corporate premises, policies on document storage and security, personnel security, staff training and workplace policies.
While we strive to protect the personal information and privacy of users of our websites, we cannot guarantee the security of any information that you disclose online, and you disclose that information at your own risk. If you are concerned about sending your information over the internet, you can contact us by telephone or post (details under heading 9 below).
Third party websites
7. Access and Correction
Please contact our Privacy Officer (details under heading 10 below) if you would like to access or correct the personal information that we hold about you. We may require you to verify your identity before processing any access or correction requests, to make sure that the personal information we hold is properly protected.
We will generally provide you with access to your personal information, subject to some exceptions permitted by law. We will also generally provide access in the manner that you have requested (eg by providing photocopies or allowing a file to be viewed), provided it is reasonable and practicable for us to do so. We may however charge a fee to cover our reasonable costs of locating the information and providing it to you.
If you ask us to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading.
7.4 TIMEFRAME FOR ACCESS AND CORRECTION REQUESTS
Except in the case of more complicated requests, we will endeavour to respond to access and correction requests within 30 days.
If you have a complaint about how we have collected or handled your personal information, please contact our Privacy Officer (details under heading 10 below), who will endeavour in the first instance to deal with your complaint and take any steps necessary to resolve the matter within a week.
If your complaint can’t be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which asks you to explain the circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how you believe your complaint should be resolved.
We will endeavour to acknowledge receipt of the Privacy Complaint Form within 5 business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the relevant facts, locating and reviewing relevant documents and speaking to relevant individuals.
In most cases, we expect that complaints will be investigated, and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know.
If you are not satisfied with our response, you can refer your complaint to the Office of the Australian Information Commissioner (see here for further information) or, in some instances, other regulatory bodies, such as the Victorian Health Services Commissioner (see here) or the Australian Communications and Media Authority.
9. Our contact details
If you have any queries about the personal information that we hold about you or the way we handle that personal information, please contact our Privacy Officer.
Mail: Privacy Officer, The Shape Group, 7/18-22 Thomson Street, South Melbourne VIC 3008
Telephone: 03 9696 9288
Further general information about privacy is available on the website of the Office of the Australian Information Commissioner at www.oaic.gov.au or by calling the OAIC’s enquiry line at 1300 363 992.
10. Changes to this Policy
Version dated 16 December 2019