Privacy

Legal Consolidated Privacy, Confidentiality and Data Handling Policy

1. Who we are

Legal Consolidated Barristers & Solicitors is an Australian law firm. In this policy, ‘Legal Consolidated’, ‘we’, ‘us’ and ‘our’ mean Legal Consolidated Barristers & Solicitors and, where the context permits, our principals, lawyers, employees, contractors and authorised representatives.

This policy explains how we collect, hold, use and disclose personal information when you use our website, create an account, build a legal document, communicate with us, deal with us through a lawyer, accountant, financial planner or other adviser, or otherwise interact with Legal Consolidated.

This policy should be read with our Online Terms. The Online Terms deal with the legal document-building service. This policy deals with privacy, confidentiality, legal professional privilege and data handling.

2. Our approach to privacy

We respect privacy and handle personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, our professional obligations as an Australian law firm, and other laws that apply to our online legal document service.

Privacy law is one part of a larger professional framework. Because we are a law firm, confidentiality, legal professional privilege, duties to the court, conflict obligations, AML/CTF obligations, sanctions obligations, court orders and other professional obligations may also affect how information is handled.

Where privacy law permits exceptions or where another law requires or permits collection, use, retention or disclosure, we may rely on those exceptions or comply with those other obligations.

3. Personal information

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not.

The kinds of personal information we collect depend on how you deal with us and which document you build.

names, addresses, telephone numbers, email addresses, dates of birth and other contact details;
account details, login details, adviser details and firm or practice details;
information entered into our online document-building system;
answers to questions, document instructions, names of parties, capacities, relationships, entity details, trust details, company details, SMSF details, estate planning details, signing details and implementation details;
communications with us, including emails, online forms, website messages, telephone notes and support requests;
limited payment information provided by our merchant facility, such as payment amount, payment date, transaction reference, approval status, cardholder name and the last four digits of a card;
identity, authority, beneficial ownership, sanctions, AML/CTF, source of funds, source of wealth and risk information where required or appropriate;
technical information about use of our website, such as IP address, browser type, device information, cookies, analytics information and pages visited; and
other information you, your adviser or another authorised person provides to us.

4. Sensitive information

Some documents may involve sensitive information. This may include health information, family information, religious or cultural information, criminal record information, biometric or identity information, membership of professional or trade associations, financial information, tax information, estate planning information and information about vulnerable people.

We collect sensitive information only where it is reasonably necessary for our functions or activities, where you consent, where the information is provided to us for the document build, where the law permits or requires it, or where it is necessary for legal, regulatory, professional, AML/CTF, sanctions, identity, authority, risk, complaint, insurance or dispute purposes.

5. How we collect information

We usually collect personal information directly from you through our website, online forms, account system, document-building questions, email, telephone, document portals and other communications.

We may also collect personal information from other sources where appropriate.

lawyers, accountants, financial planners, tax advisers, SMSF advisers and other professional advisers;
employees, officers, trustees, directors, attorneys, agents, representatives, family members or other persons connected with a document;
identity verification providers, payment providers, technology providers and other service providers;
government registers, courts, tribunals, regulators, public databases and publicly available sources;
professional referrer certificates, AML/CTF checks, sanctions checks and beneficial ownership checks; and
website analytics, cookies, server logs and security systems.

If you provide us with personal information about another person, you must have authority to do so and, where reasonable, tell that person about this policy.

6. Why we collect, hold, use and disclose information

We collect, hold, use and disclose personal information for the purposes of operating Legal Consolidated and providing our online legal document service.

creating, administering and securing accounts;
building, delivering, updating and supporting online legal documents;
communicating with clients, users and professional advisers;
checking identity, authority, capacity, beneficial ownership, sanctions and AML/CTF matters;
assessing whether we can provide, pause, refuse or stop a document build;
processing payments, refunds, receipts, tax invoices and reconciliation;
maintaining records, audit trails, version control and security logs;
responding to complaints, disputes, regulator enquiries, court orders and professional obligations;
maintaining insurance, professional indemnity, risk management and compliance records;
detecting, investigating and preventing fraud, misuse, cyber incidents, unauthorised access, unlawful activity and document tampering;
improving our website, document-building system, questions, hints, videos, logic and user experience;
sending service messages, legal updates, educational material or marketing communications where permitted; and
complying with law, including privacy, legal profession, tax, AML/CTF, sanctions, court, regulatory and record-keeping obligations.

7. If information is not provided

If requested information is not provided, or if we cannot verify information to our satisfaction, we may be unable to create an account, build a document, release a document, provide a refund, communicate with an adviser, complete an AML/CTF or sanctions check, respond to a request, or continue to provide the online service.

8. Disclosure of information

We may disclose personal information where reasonably necessary for the purposes described in this policy, where you consent, where disclosure is required or authorised by law, or where disclosure is consistent with our professional obligations.

Recipients may include:

professional advisers, referrers, representatives or other persons you identify or who appear to be connected with the document build;
technology, hosting, data storage, email, cyber security, document automation, payment, analytics and support providers;
identity verification, AML/CTF, sanctions, beneficial ownership, fraud prevention and risk screening providers;
insurers, professional advisers, auditors, consultants and contractors who assist Legal Consolidated;
courts, tribunals, regulators, law enforcement agencies, government agencies, professional bodies, AUSTRAC and other bodies where required or authorised by law;
third parties involved in a complaint, dispute, debt recovery, cyber incident, fraud investigation, regulatory enquiry or insurance matter; and
successors or proposed successors to Legal Consolidated’s business, subject to confidentiality and professional obligations.

We do not sell personal information.

9. Overseas disclosure and cloud services

We use online systems and service providers. Personal information may be stored, accessed, processed or backed up using cloud services or technology providers located in Australia or overseas.

Where it is practicable to identify likely countries, overseas recipients or systems may be located in countries such as the United States, the United Kingdom, the European Union, New Zealand, Singapore, Canada or other countries where our service providers or their infrastructure operate.

Where privacy law requires it, we take reasonable steps in the circumstances to address cross-border disclosure of personal information.

10. Website, cookies and analytics

We may use cookies, pixels, local storage, server logs, analytics tools and similar technologies to operate, secure, measure and improve our website and online document-building system.

These technologies may help us remember preferences, maintain sessions, protect accounts, detect errors, prevent misuse, understand website traffic, improve content and measure the performance of pages, hints, videos and document-building workflows.

You can usually control cookies through your browser settings. If cookies or similar technologies are disabled, parts of the website or document-building system may not work properly.

11. Credit card and payment information

Credit card payments are handled by our merchant facility through its secure payment gateway. Your card number, expiry date and CVV are entered into and processed by the merchant facility, not by Legal Consolidated, and cannot be viewed by us.

Your full credit card details do not pass through, and are not stored on, Legal Consolidated’s website, servers, database, email system or document-building system. This is standard merchant facility practice.

For administration, reconciliation, refunds, fraud prevention and record keeping, the merchant facility may provide us with limited payment information, such as the cardholder’s name, payment amount, payment date, transaction reference, approval status and the last four digits of the card.

12. Confidentiality

As an Australian law firm, we owe professional duties of confidentiality. We keep confidential information confidential in accordance with our professional obligations.

Confidentiality is not absolute. We may use or disclose information where required or authorised by law, where necessary for legal professional obligations, where permitted by the client, where necessary to defend or enforce our rights, where required for AML/CTF, sanctions, suspicious matter reporting, identity checks, professional indemnity, complaints, audits, cyber security, court orders, regulatory enquiries or other lawful purposes.

13. Legal professional privilege

Because Legal Consolidated is a law firm, some communications may attract legal professional privilege or client legal privilege. Privilege belongs to the client and may be lost or waived by conduct.

Not every communication with us is privileged. Privilege may not protect information that we are required or permitted by law to collect, retain, use or disclose.

Legal professional privilege is different from privacy and confidentiality. Privacy concerns personal information. Confidentiality concerns information we must keep confidential. Privilege concerns protection from compulsory disclosure in particular legal settings.

14. Artificial intelligence and automation

We may use technology, automation, document assembly systems, expert systems, artificial intelligence and other tools to build, test, improve, review, validate and deliver online legal documents and website content.

We do not use public artificial intelligence systems in a way that intentionally discloses confidential client information contrary to our professional obligations.

Where we use AI or automated tools, we apply confidentiality controls that we consider appropriate for the nature of the information and the work. We do not treat the use of approved internal or controlled tools as permission for public disclosure of confidential information or waiver of privilege.

Our online document-building system uses questions, answers and logic to build documents. The user remains responsible for selecting the document, entering data, checking data and confirming that answers are accurate and complete.

15. Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, unauthorised modification and unauthorised disclosure.

Security measures may include secure website connections, password controls, access controls, logging, backups, cyber security tools, staff confidentiality obligations, service provider controls, document version control and other administrative, technical and physical safeguards.

No online service is risk-free. You are responsible for keeping your account credentials secure, logging out of shared devices, checking suspicious emails or payment requests by telephone, and telling us promptly if you suspect unauthorised access or misuse.

16. Data breaches

If we become aware of a data breach, we assess it and respond in accordance with our legal and professional obligations.

Where the Notifiable Data Breaches scheme applies and a data breach is likely to result in serious harm, we notify affected individuals and the Office of the Australian Information Commissioner as required by law.

17. Retention and destruction

We retain personal information for as long as reasonably necessary for the purposes for which it was collected, for our legal and professional obligations, for record keeping, for insurance and risk management, for complaints and disputes, for cyber security, and where required or permitted by law.

Different records may be kept for different periods. AML/CTF, tax, legal profession, limitation period, insurance, audit, complaint or dispute requirements may require or justify longer retention.

When information is no longer required, we may delete, de-identify, archive or securely destroy it, subject to our legal and professional obligations.

18. Access and correction

You may ask us to give you access to personal information we hold about you or to correct personal information that is inaccurate, out of date, incomplete, irrelevant or misleading.

We may need to verify your identity before responding. We may refuse access or correction where the law permits, including where access would affect another person’s privacy, breach confidentiality, prejudice legal proceedings, reveal commercially sensitive information, undermine security, interfere with AML/CTF or sanctions obligations, or otherwise be unlawful or inappropriate.

If we refuse a request, we will explain the reason where it is reasonable and lawful to do so.

19. Direct marketing and legal updates

We may send legal updates, educational material, service messages, website information or marketing communications where permitted by law.

You may opt out of marketing communications by using the unsubscribe function or contacting us. We may still send service, account, document, compliance, security or legal notices that are not marketing.

20. Complaints

If you have a privacy complaint, contact Legal Consolidated first using the contact details below and mark the communication ‘Privacy Complaint’. Please provide enough detail for us to understand and investigate the issue.

We will consider the complaint and respond within a reasonable time.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

21. Changes to this policy

We may update this policy from time to time by publishing an updated version on our website or otherwise making it available.

The current version published or made available by Legal Consolidated applies from the time it is published or made available, unless we state otherwise.

22. Contact

Legal Consolidated Barristers & Solicitors ABN 94 936 003 432

Website: www.legalconsolidated.com.au

Email: lawyer@legalconsolidated.com.au

Email: admin@legalconsolidated.com.au

Postal: Post Office Box 5169, Dalkeith, WA, 6009

Head office: 18 Stirling Highway, Nedlands, WA, 6009