Whitcombe Law is committed to ensuring compliance with its legal obligations under the Privacy Act 2020.
Personal Information (or data) is any information that relates to an identifiable person.
We collect and store personal information for the purpose of conducting our business, to market our services and to meet our legal obligations, including in relation to our privacy and anti-money laundering compliance obligations.
Depending on the nature of your relationship with Whitcombe Law, the personal information we will collect from you may include:
- Name, date of birth, address and contact details;
- Payment details;
- Employment history;
- Education and qualifications;
- Evidence of source of funds (in some cases); and
- Any other information which assists us in conducting our business, providing and marketing our services and meeting our legal obligations.
Collecting Personal Information
Generally, we will collect personal information from you directly by email, phone, forms, face to face meetings, and through our website.
Whitcombe Law has engaged third party agents to assist with its Customer Due Diligence (CDD) requirements under the Anti-Money Laundering and Countering Financing of Terrorism Act 2009.
Our third-party agents may collect personal information from you directly in accordance with the terms of this Policy and under all applicable laws. If we, or our third-party agents are unable to obtain the requested information from you, or if you are unwilling to provide that information, we may be unable to act for you.
Our information technology system may record information automatically when you visit our website through cookies. The cookies will collect information in respect of your use of our website, including the date, time and URL of the pages you visit, your IP address, your location and browser software.
Security and Storage
Whitcombe Law takes all reasonable steps to ensure your personal information is safe from loss, unauthorised use, modification, disclosure, and any other misuse.
All information is stored electronically (requiring logins and passwords) or physically (in secured premises). Only authorised persons are permitted to access your personal information.
We will use, disclose or retain your personal information for as long as necessary to fulfil the purpose for which it was collected and as otherwise permitted or required by law.
In the event of a privacy breach, we have established procedures for notifying the Privacy Commissioner and the individual affected, including setting out the reasonable steps we have taken to mitigate the effects of a privacy breach, should we be required to do so under law.
We may need to disclose your personal information for the purpose of complying with our legal obligations, responding to your questions in relation to our services, or as otherwise stated at the time of collection. We will not disclose personal information, except in accordance with the law.
We may disclose your personal information to third parties who:
- Perform checks that are necessary under law on our behalf;
- Provide services and perform functions on our behalf (data storage providers, consultants and barristers); and
- Maintain databases against which your identity may be verified (this may include overseas recipients). We will take reasonable steps to ensure that any overseas recipient does not breach relevant privacy law.
We may also disclose your personal information to the courts, tribunals and regulatory authorities, and anyone else to whom you authorise us to disclose it.
Accessing your Personal Information
You have the right to access your readily retrievable personal information we hold and to request that your personal information be updated or corrected.
You can contact us to update any personal information we hold about you. We may charge a fee for providing access and if so, we will advise you of the cost in advance.
Last updated: 1 December 2020