- Purpose and Scope
Andrew Douglas Solicitors is committed to protecting personal information and complying with applicable privacy and financial crime laws.
This Policy explains how we collect, use, disclosure, and manage personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988, and how we meet our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and the AML/CTF Rules, as regulated by AUSTRAC. This Policy applies to all clients, prospective clients, and third parties whose personal information we collect in the course of providing legal services.
PART A – PRIVACY
2. What is Personal Information
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
This may include (without limitation):
- name, address, email and telephone details;
- date of birth and identification details;
- occupation and financial information;
- government identifiers (where permitted);
- sensitive information where relevant to legal services or AML/CTF requirements.
- How We Collect Personal Information
We collect personal information through:
- client interviews and consultations;
- correspondence (including email and electronic communications);
- our website (andrewdouglas.com.au), forms and cookies;
- publicly available sources;
- third parties (e.g. referrers, identification & other agents, counterparties), such as searches and our InfoTrack software provider.
Where reasonable and practicable, we collect information directly from you.
- Purpose of Collection
We collect and use personal information for:
- providing legal services;
- communicating with clients and stakeholders;
- managing client relationships;
- complying with legal and regulatory obligations;
- limited marketing and service updates (subject to consent requirements)
We may also use information for secondary purposes where reasonably expected or required by law.
- Disclosure of Personal Information
We may disclose personal information:
- with your consent;
- to persons authorised to act on your behalf;
- to courts, tribunals, regulators or government agencies;
- where required or authorised by law.
- Security of Personal Information
We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure through:
- physical, electronic and procedural safeguards;
- secure IT systems and access controls;
- document management and destruction protocols.
- Data Retention
We retain personal information for a long as required for:
- the purpose for which it was collected;
- legal, regulatory and professional obligations.
In most cases, this will be a minimum of seven (7) years.
- Data Breach Response
A data breach occurs when personal information is lost or subjected to authorised access or disclosure. We have a data breach response plan in place to enable us to respond quickly to any data breach.
Under the Notifiable Data Breaches scheme, we are required to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach has occurred that is likely to result in serious harm.
There are some exceptions to the notification requirement. For example, notification is not required where it would be inconsistent with a secrecy provision under the AML/CTF Act, such as the prohibition on tipping off.
In those circumstances, we will comply with the notification requirements under the Privacy Act only to the extent necessary to avoid inconsistency with the secrecy provision.
- Access and Correction
You may request access to personal information we hold about you. We may require verification of identity prior to release. We will take reasonable steps to correct inaccurate or outdated information.
- Using Our Website
When you interact with our website, we and our internet service providers collect data to enhance your experience when using our website. We also use this data to interpret and report on which pages and downloads are used by visitors.
We use cookies in a limited manner when you visit our website, for the purpose of providing you with a better and more customised service. Cookies are not used by us to collect and store your personal information.
- Direct Marking
We comply with the Spam Act 2003. You may opt out of receiving marketing communications at any time.
PART B – AML/CTF OBLIGATIONS
- Our Legal Obligations
We are required to comply with the AML/CTF Act and Rules which is designed to detect and prevent money laundering, terrorism financing and other serious financial crime. This imposes obligations that may require us to collect, verify, use and disclose personal information without your consent.
- Collection of Identification Information (KYC/CDD)
Before providing certain services, we are required to collect and verify information including:
- identity information (e.g. passport, driver’s licence)
- residential address;
- date of birth;
- beneficial ownership and control (for entities);
- source of funds and/or source of wealth (where required).
We may use electronic verification systems and independent data sources to verify this information.
- Ongoing Monitoring and Risk Assessment
We are required to:
- assess the risk profile of clients and matters;
- conduct ongoing due diligence;
- monitor transactions and activities.
This may result in additional information being requested over time.
- Use and Disclosure Without Consent
Under the AML/CTF Act, we may:
- collect and use personal information where required by law;
- disclose information to AUSTRAC.
This includes (but is not limited to):
- suspicious matter reports;
- regulatory reporting obligations.
These disclosures:
- may occur without your knowledge or consent;
- may be required by law.
- Prohibition on Telling Clients (“Tipping Off”)
In certain circumstances, we are legally prohibited from informing you:
- that a report has been made;
- that a suspicion has arisen;
- that information has been provided to a regulator.
We will comply strictly with these legal restrictions.
- Consequences of Non-Compliance
If you do not provide required information, we may:
- be unable to act for you;
- delay or cease providing services
- terminate the client relationship.
- Complaints
If you are dissatisfied with how we have dealt with your personal information, or you have a complaint about our compliance with the Privacy Act, please contact us on the details below. We will usually acknowledge your complaint within seven (7) days and provide you with a substantive response to your complaint within thirty (30) days.
If you are dissatisfied with our response, you may make a complaint with the Office of the Australian Information Commissioner (OAIC) [email protected] or on 1300 363 992. Further information is available on the OAIC’s website at https://www.oaic.gov.au/
- Data Sharing and Third-Party Verification
We may disclose personal information to:
- identity verification service providers;
- credit reporting or data verification agencies;
- regulatory bodies;
- for the purpose of complying with AML/CTF obligations.
Before entering into a contract with a third party, we will review the terms of the agreement to understand how personal information is collected, handled and stored, and satisfy ourselves that the third party has appropriate processes in place to protect personal information.
This may include reviewing the third party’s privacy policy, information security policy and data breach response plan, and conducting due diligence on past security incidents.
- Interaction with Privacy Law
The Privacy Act permits the collection, use and disclosure of personal information where required or authorised by law. Our AML/CTF obligations operate alongside and, where necessary, override consent-based aspects of privacy law.
PART C – GENERAL
- Policy Updates
This Policy may be updated from time to time and will be available on our website.
- Contact Details
If you have any questions or complaints regarding this Policy, please contact:
PO Box 169
Morayfield Qld 4506
Email: [email protected]