What types of ‘personal information’ do we collect and hold?

‘Personal information’ is information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual, or an individual who is reasonably identifiable.

In the course of our business, we collect personal information about our clients or potential clients and their associates and contacts, group members and potential group members to a class action, as well as employees, prospective employees, contractors and suppliers, and other visitors to our website and those who contact us.

We may collect and hold personal information including (but not limited to) names, addresses, contact details, birth dates, occupations, medical histories, details of memberships and associations, bank account details, financial and tax records, IP address, family and relationship information and other information which assists or may assist us to provide or market our professional services and to meet our legal and professional obligations.

Some personal information, including information we may collect, is ‘sensitive information’. Sensitive information includes information about a person’s religious or political affiliation, racial or ethnic origin, sexual preferences, physical or mental health or special needs, medical history, criminal record or membership in a trade union or other professional or trade association.
We may also collect and hold in limited circumstances some Government Related Identifiers (numbers assigned by a government authority to identify you) where this is necessary to provide legal and other services to you.

What is your personal information collected for?

We may collect, hold, use and disclose personal information for the following purposes:

1. 1. Providing legal services and related services, including but not limited to the investigation of potential claims; the preparation, commencement and conduct of proceedings; engaging in confidential alternative dispute resolution processes; securing disbursement funding and/or litigation funding and/or insurance in connection with your claim; and effecting the distribution of any settlement among clients and group members.
2. Reviewing, processing and responding to inquiries and requests for our services from prospective clients.
3. Recruiting and careers.
4. Marketing, including direct marketing and market research and analysis.
5. The general conduct and management of our business.
6. Meeting our legal and professional obligations, such as to courts, regulatory authorities and other third parties legally entitled to access the information.

We may be compelled to disclose your personal information by law. For example, taxation, anti-money laundering, and incorporated entities management laws may require us to produce documents pursuant to court orders or statutory notices. Where necessary to establish or protect our legal rights, or defend ourselves against a claim, we may also share personal information.

There may be situations where your claim is funded by an overseas-based litigation or disbursements funder, where insurance is obtained in connection with your claim from an overseas-based insurer, or where we consult overseas-based experts, consultants or lawyers regarding your claim or other service providers in connection with your claim. If these situations apply to you, while we do not generally transfer personal information to overseas parties from Australia, we may be required to provide access or disclose your personal information to recipients outside Australia. There may be other situations where personal information may be accessed by or disclosed to external third party service providers based outside of Australia, such as when we outsource information technology support, mailing or digital marketing, and financial, administrative or other services in connection with our business. We currently consider that these recipients would most likely be located in the United Kingdom, Europe, Canada, New Zealand, Ireland, or the United States.

Phi Finney McDonald personnel may access your personal information. Our personnel are bound by contractual and professional obligations of confidentiality.

How is personal information collected and held?

Often, we collect personal information directly from you. We may collect personal information in a variety of manners, including in face-to-face meetings, by telephone, via hand-completed forms, by email or via online forms or portal pages completed via our website or other electronic platforms. In certain circumstances, digital recording using CCTV may be used. We may also engage third parties to analyse our website traffic, which may involve the use of cookies, however any information obtained via this kind of analysis is anonymous.

We may receive personal information about a person from a third party, for example, if a client provides personal information which includes the personal information of a family member, or if your authorised representative tells us information about you. Where that occurs, we are relying on the person providing the information to tell the other person they are doing that, and to direct them to this policy. We may also receive personal information from a party in a proceeding who is authorised by court order to do so.

The personal information we receive is held in paper and/or electronic form, and we endeavour to keep it secure and confidential. In some instances, the personal information we hold will be stored with third party data storage providers who are subject to confidentiality obligations. Because the privacy of your information is important to us, we also take such steps as are reasonable in the circumstances to protect your personal information held by us from loss or misuse and from unauthorised access, modification or disclosure. This includes reasonable steps to maintain the security of physical files and restricted access to electronic records. However, we cannot guarantee the security of information about you, and do not accept automatic liability for any loss or damage that may result from our collection, holding, use or disclosure of your personal information.

You do not have to provide your personal information to us. However, if you do not, we may not be able to provide the requested legal or other service to you.

Marketing

We may use your personal information to send you information related to the legal services we offer or publications we have produced. Such communications will contain a simple ‘unsubscribe’ procedure for individuals who do not want to receive such materials in the future.

Cookies

We use cookies from our website services. Please see the Cookie Policy.

Third Party Websites

Our website may contain links to third party sites which are controlled by other parties. You should consult the privacy policies and terms of use of those third party websites. We do not accept responsibility for their collection, use or disclosure of your personal information.

How long will my personal information by kept by Phi Finney McDonald?

We are subject to legal, contractual and professional obligations to hold your information. If you are a client, your information about your case must be kept for seven years after your case closes. For compliance and regulatory reasons, we are required to keep some documents for longer than this, including for establishing, prosecuting or defending legal proceedings.
Once our obligations to keep your information have ceased, we will either destroy or de-identify your information. Electronic information which cannot be destroyed or de-identified without compromising other information, will be securely stored with restricted access. In such circumstances we won’t attempt to use it, and we will seek to destroy the information in the future when it can be done without compromising other information.

Can I access my personal information held by Phi Finney McDonald?

You have rights to access and seek correction of your personal information which we hold, except where the law provides a valid reason not to provide the information to you. Please address any requests for access and correction of personal information to our Privacy Officer, Kelly Bassett, by email at dataprotection@phifinneymcdonald.com. We will do our best to respond to you within a reasonable time.
We want the information we hold about you to be accurate and current if you are involved in a class action with us. If your contact or other information you have provided to us changes, please notify us in writing to the relevant class action contact email address.

Complaints

If you have any concerns about the manner in which we have dealt with your personal information, or if you believe that we may have breached our obligations under Australian privacy law, please contact our Privacy Officer, Kelly Basset at dataprotection@phifinneymcdonald.com. We will do our best to respond to you within a reasonable period of time, and no more than one month. If after that time we have not resolved your complaint, you may refer your complaint to the Office of the Australian Information Commissioner on 1300 363 992 or at enquiries@oiac.gov.au.

Where can I find out more about Australian privacy law?

If you would like more information about Australian privacy law, please visit the dedicated webpage maintained by the Office of the Australian Information Commissioner at https://www.oaic.gov.au/privacy-law/.