Gallande Pty Limited (ACN 139 775 867), as trustee for the ERA Legal Unit Trust (ABN 78 639 912 045) t/as ERA Legal (“ERA”), is a legal practice. We specialise in providing legal services in the areas of commercial, insolvency and litigation law.
In this policy, “we”, “us” or “our” means ERA.
Your privacy is important to us. We are committed to taking all reasonable steps to protect your personal information and be clear and open about what we do with your information.
This policy explains how we collect, handle and use your personal information, and your rights in relation to that information.
ERA is subject to the Australian Privacy Principles set out in the Privacy Act 1988 (the Privacy Act). ERA is also bound by professional obligations of confidentiality and legal professional privilege where applicable.
- When you contact and correspond with us, including when you request information from us or provide information to us
- When you, or the organisation you work for, engages our legal and other services
- As a result of your relationship with one or more of our clients, including when you or the organisation you work for are a counterparty or customer of our client
- When you use our website or services, including when you complete online application forms and visit our mobile apps
- When you apply for a position of employment with us
- When you attend our seminars or other hosted events
- When you are entered into our mailing lists to receive publications and other marketing emails
What is personal information?
Generally, personal information is information which may be used to reasonably identify you.
For example, your name, address, date of birth, gender, email address and telephone number is considered to be personal information. Personal information may also include information we collect about your individual preferences.
What information do we collect?
The kinds of personal information we collect from you will depend on the type of interaction you have with us but may include:
- Information about your identity – including your name, address (postal and residential), occupation, email address, telephone number(s), date of birth, gender and marital status
- Information to identify you in accordance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act)
- Individual preferences in respect of the services we provide you
- Financial and transaction information, including credit information
- Paypal, credit card and direct debit details for your bank account
- When you visit our websites or use our mobile apps – your IP address, location information, any third-party sites you access, including the date, time, duration and pages you have accessed
How we collect information
We will collect personal information about you:
- Directly from you
- From identity documents provided (for example Drivers Licences, Passports, Medicare Cards, Citizen Certificates etc)
- From our clients or their counterparties, customers or authorised representatives
- From companies or bodies that you own shares in, have an interest in or are an officer of
- From third parties – including regulatory authorities, electronic databases, government agencies, service providers, agents, brokers recruitment agencies, Google Analytics
We may also collection information about you or your business that is publically available (for example, in public registers or on social media).
Why we collect personal information
The purposes for which we collect, use and hold your information may include:
- Verifying your identity – including for the purposes of the AML/CTF Act
- Contacting you (including via electronic messaging, by mail or by phone)
- Providing you with legal services or legal information
- Managing our relationship with you, evaluating our business performance and building our customer database
- Undertaking conflict searches
- Acting for a client
- Processing transactions
- Minimising risks and identifying or investigating fraud and other illegal activities
- Complying with our, and our clients legal and regulatory requirements
- Direct marketing (see below)
- Managing our business
- Managing visits made to our website, including analysing data collected from our website concerning site visits and activities of users
We may also use your personal information for other purposes not listed above but this will be made clear to you at the time we collect your personal information.
How we may use and disclose personal information
ERA may use or disclose your personal information for the purpose for which it was collected. We will also use and disclose your personal information for a related second purpose, if the use or disclosure could be reasonably expected and as otherwise authorised or required by law.
We may share your information and disclose information collected from you to our related entities, advisors, consultants, insurers, employees, agents, contractors and third parties. These third parties can include:
- Service providers we use in conducting our business – including banks, debt recovery firms, external photocopying providers, document production, legal outsourcing providers, data storage services and IT support
- Government and law enforcement agencies or regulators
- Credit reporting bodies and credit providers
- Gateway service providers to access the Document Verification System (see below)
- Organisations that help identify illegal activities and prevent fraud
Sometimes, we (or the third parties) may send your information overseas, including to:
- Service providers or third parties who store data or operate outside Australia
- Complete a transaction
- Comply with law
The countries in which these third parties are located will depend on the circumstances. However, in the course of our ordinary business operations, we commonly disclose personal information to third parties located in the following countries:
- New Zealand
- United States of America
- the United Kingdom
We will not sell, trade or rent your personal information to any third parties for marketing purposes without your consent.
AML / CTF Act
The AML / CTF Act is part of a legislative package to deter money laundering and terrorism financing in Australia. This legislation requires us and some of our clients to collect identification information to verify your identity from original or certified copies of identification documents and perform electronic verification.
The Document Verification System (DVS) is a national online system that allows organisations to take information from an identity document presented by an individual and compare it against the original record of the document held by the government agency that issued the document.
If identity documents are provided by you for the purpose of verifying your identity in accordance with the AML/CTF Act, with your express consent:
- your personal details and information (recorded on your identity documents) will be subject to an electronic match request to a government record on the DVS. This means that your information will be checked with the document issuer or official record holder (i.e. Registries of Births, Deaths and Marriages in Australian States and Territories, Home Affairs and Austroads Ltd) via third party systems who can access the DVS;
- our access to and use of the DVS will involve use of third party systems and services; and
- as relevant, that information provided to or by you in or from Australia will be transmitted to New Zealand or vice versa.
Keeping your information safe
We store information in paper, physical and electronic form.
We will take reasonable steps to keep secure and protect any personal information which we hold about you, including:
- Using software which encrypts information you input
- Using firewalls, intrusion detection and virus scanning tools to stop viruses and unauthorised people accessing our systems
- Securing our physical premises and digital storage media
- Placing password protection and access control over our information technology systems and databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure
- Performing regular back-ups of our electronic systems
The providing of information via the internet is not completely secure. We cannot guarantee the security of your data provided online. You need to be vigilant about the protection of your own personal information when using the internet.
How we use personal information for direct marketing
We may contact you from time to time to inform you about existing and new services that we feel you may be interested in.
We will ensure that any e-mail that you are sent by us as direct marketing complies with the SPAM Act 2003 (Cth.) and contains an ‘unsubscribe’ option so that you can remove yourself from any further marketing communications.
You can also call or write to us to request that your details be removed from our direct marketing list. We will endeavour to remove your details from our direct marketing list within a reasonable time (ordinarily 5 business days).
Cookies and Analytics
We may use statistical analytics software tools such as Google Analytics and software known as cookies which transmit data to third party servers located overseas including in the United States of America.
Not identifying yourself
Under the Privacy Act, individuals have the option of not identifying themselves, or the use of a pseudonym. Because of the nature of our business, it is impracticable to deal with people on an anonymous basis or using a pseudonym.
We may be able to provide you with limited information in the absence of you identifying yourself, but generally we will be unable to provide you with services unless you have identified yourself.
Updating your personal information
ERA undertakes all efforts to ensure that your personal information is complete, current and accurate. You have a right to request a correction or update of your personal information held by us. If you wish to correct or update any personal information we may hold about you, please contact us as set out below.
Access to personal information
You are entitled to access any personal information we have collected which is about you. If you wish to access any personal information we may hold about you, please contact us as set out below.
We may charge for providing access to your personal information.
Complaint process / Contact us
Attention: Privacy Officer
Level 15, 45 Clarence Street
Sydney, NSW 2000
Telephone: (02) 9324 5300
We take any privacy complaint seriously. We will aim to resolve any such complaint in a timely and efficient manner. We will:
- Keep a record of your complaint; and
- Aim to provide you with a response within 30 days.
If you are not satisfied with our handling of a complaint or the outcome of a complaint you may make an application to the Office of the Australian Information Commissioner or the Privacy Commissioner in your State or Territory.
Notifiable Data Breaches Scheme
In the event that you believe that there has been a breach of the Privacy Act, we invite you to contact us as soon as possible.
In the event of any loss, unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, ERA will investigate and notify you and the Australian Information Commissioner as soon as practicable, in accordance with the Privacy Act.