Fc lawyers (“FCL”) values your privacy and is committed to protecting your personal data. The following Privacy Statement sets out how we collect and use your information, the rights you have in relation your information and the legal basis upon which we rely on to process your information.
Personal data includes any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Data Controller - Who we are
FCL is an Australian law firm. It has offices in Maroochydore and Brisbane, Queensland. Further details can be found on our website. Our contact details can be found in section 12 of this statement.
Explaining the legal basis we rely upon to process your personal information
Data protection laws set out various grounds on which an organisation may lawfully collect and process your personal data. These include:
We can collect and process your data with your consent. For example, when we are processing sensitive or special personal data, such as information relating to your health or religious beliefs. In many circumstances, if we rely on your consent as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
In many circumstances, we require your personal data to comply with contractual obligations. For example, we collect your identity and contact information when we verify you as a new client. If you are unable to provide such information to us, we may not be able to perform the contract we have with you or your organisation or enter into a contract with you or your organisation.
If the law requires us to, we may need to collect and process your personal data. For example, we may require your personal data to comply with anti-money laundering legislation or laws relating to the provision of legal services. If you are unable to provide such information to us, we may not be able to perform the contract we have with you or your organisation or enter into a contract with you or your organisation.
In many situations, we require your personal data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests. For example, it may be in our legitimate interests to use your personal information for marketing purposes to assist us with the growth of our business.
In Australia, organisations must not collect personal information unless the information is reasonably necessary for one or more of the organisation’s functions or activities, subject to some exceptions. Please contact us if you require details of the specific legal ground, we are relying on to process your personal data.
Personal data that we collect - What, when & why
We may collect personal data from you in the course of our business, including when you engage our legal or other services, through your use of our website, when you contact or request information from us, or as a result of your relationship with our staff and clients.
The personal information that we process includes, but is not limited to:
Contact information, such as your name, the company you work for, your title, position, your relationship to a person, your postal address, email address and phone number(s);
Identification and background information provided by you or collected as part of our business acceptance processes, this may include your full name, photographic identification and gender;
Financial information, such as bank account and payment card details;
Technical information, such as information collected from your visits to our website;
Information you provide to us for the purposes of attending meetings and FCL events, including dietary requirements;
Personal information provided to us by or on behalf of our clients or generated by us in the course of providing services to them.
We collect your personal information for a number of reasons. These may be to:
help us deliver our legal services;
confirm your identity;
develop and market new services;
comply with any applicable law or court order;
enforce our agreements with you;
recruit new employees.
Online data collection – FCL website
Marketing Related Personal Data Processing
We may collect information from you online in a number of ways, such as through the use of our website. Certain sections of our website, including our blogs, invite you to subscribe to newsletters and alerts, subscribe to receive invitations to events, seminars and webinars, take part in client surveys and to receive firm announcements. If you do so, we may collect your name, business email address, job title, organisation name and company address. We consider that the collection of this personal data is necessary to pursue our legitimate interests in a way which might reasonably be expected as part of operating and growing our business.
Automated technologies or interactions
As you interact with our website, we may automatically collect technical information about your equipment, browsing actions and patterns. We collect this data by using cookies, server logs and other similar technologies. Please refer to our cookies policy for further information.
“Off-line” data collection
We use different methods to collect personal data from you and about you. These may be through direct interactions (such as when you provide us with your business card at a meeting or event), from third-party sources (such as tax authorities) or from publicly available sources.
Anti-Money laundering, anti-terrorism, fraud and other background checks for new clients
There are laws and regulations that we are required to comply with when we take you on as a new client or open a new matter for you. In order to fulfil our legal obligations, we are obliged to verify the identity of new clients, and in some circumstances, existing clients. In some circumstances we may decline to, or may not be permitted to, proceed to act until such procedures have been completed. We consider that the legal basis for this processing is to perform contractual obligations and to comply with legal or regulatory obligations that we are subject to.
How we protect your data
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and protect your personal data. We regularly monitor our system for possible vulnerabilities and attacks, and we carry out penetration testing to identify ways to further strengthen security.
We limit access to your personal data to those employees, agents, contractors and other third parties on a “need to know” basis. We have procedures in place to identify and respond to data security breaches. We will notify you and any data protection authority of a breach where we are legally required to do so.
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements.
FCL has a document retention and deletion policy. At the end of any retention period, your data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning).
In some circumstances, you can ask us to delete your data.
Who do we share your personal data with?
FCL may share your personal data with a number of third parties (who may act as “data processors” or “joint data controllers”) in the course of providing our services. These may include, but are not limited to:
IT service providers;
Various professional experts, including accountants and tax advisers;
Document management services;
Regulators or tax authorities.
We employ the services of third parties to assist us with website hosting. VentraIP processes and stores data. We have tracking scripts on our website that allow us to attribute web browsing activity and social media engagement with a contact record in our customer records management system, via Google Analytics.
In relation to the recruitment of new workers, FCL use a third-party provider, Seek for certain aspects our recruitment activities in some jurisdictions.
FCL requires that all third parties that act as “data processors” for us provide sufficient guarantees to implement appropriate technical and organisational measures, only process personal data for specified purposes and have committed themselves to confidentiality.
Where your data may be processed
Personal data that we collect may be stored and processed in Australia, and/or other countries in which FCL or its affiliates, subsidiaries, contractors or agents maintain facilities. We take all reasonable steps to protect personal data no matter what country it is stored in. However, information collected may be retained, and may be stored, processed, accessed, and used in jurisdictions whose privacy laws may be different and less protective than those of in Australia. By using our site or giving us the personal information requested, you consent to any such transfer, processing and storage of personal information outside of Australia.
To facilitate our operations, FCL may transfer, store and process your information with various parties as described in section 7.
Personal data collected on FCL Website
The FCL website is hosted on VentraIP servers in Sydney, Australia. We use a third-party supplier, GoComputers, who support the hosting and maintenance of the website application. Personal data that you provide us with on our website (such as a request for newsletters) is transferred directly to our Australian customer records management system.
In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. The fact that you may be located in Europe does not, however, on its own entitle you to protection under the GDPR. Our website does not specifically target customers located in the European Union and we do not monitor the behavior of individuals in the European Union, and accordingly the GDPR does not apply.
There are several ways you can stop receiving direct marketing communications from us. Click the ‘unsubscribe’ or ‘opt-out’ link in any email communication that we send you, or email us at email@example.com. Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. In relation to any third-party marketing, we will get your express opt-in consent before we share your personal data with any company outside FCL for any marketing purposes.
What are your rights over your personal data?
You have a number of rights in relation to the personal data that we hold about you.
Request access to the personal data we hold about you
Subject to any applicable exceptions, we will provide you with a copy of your personal data within the timescales set out in relevant legislation. For EU residents, we will do this for no fee, in accordance with applicable legislation, unless the request is manifestly unfounded or excessive, in particular because of its repetitive character.
Right to rectification
If the information we hold about you is inaccurate, you have the right to have this information rectified. An application setting out the specific information to be rectified and the corrections to be made shall be sent.
Right to erasure / ‘Right to be forgotten’
You can ask us to delete or remove your information in certain circumstances. For EU residents, whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. In cases where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing your data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
Right to restriction
In certain circumstances, you a have a right to request the restriction of the processing of your information.
Right to data portability
In certain circumstances, you may have the right to obtain your personal data in a structured, commonly used and machine-readable format and to reuse it elsewhere or ask us to transfer it to a third party of your choice.
Right to object
In certain circumstances, you have a right to object to processing being carried out by us. Where personal data is being processed for direct marketing purposes, you have a right to object at any time
Rights in relation to automated decision-making and profiling
In certain circumstances, you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.
To protect the confidentiality of your information, we will require you to verify your identity before proceeding with any request. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Links to third party websites
Our website may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. If you follow a link to any third-party website, please be aware that these websites have their own privacy notices or policies and we do not accept any responsibility or liability for their data processing activities.
We hope this Privacy Statement has been helpful in setting out the way we handle your personal data and your rights to control it. This Privacy Statement sets out most of your rights under relevant laws, but not necessarily every right you have.
If you have any concerns, requests related to, among others, the exercise of your rights, complaints or questions that haven’t been covered, please contact our Group Privacy Officer who will be pleased to help you:
Email us on firstname.lastname@example.org, or write to us at PO Box 5851, Maroochydore, QLD, 4558.
You have a right to make a complaint to the relevant data protection authority (“DPA”) at any time. We would appreciate the chance to understand your concerns in the first instance before your contact the DPA however.
Data Protection Authorities
Australia: Office of the Australian Information Commissioner (OAIC), GPO Box 5218, Sydney, NSW 2001
United Kingdom: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Changes to this Privacy Statement and your duty to inform us of any changes to your personal data
This Privacy Statement was last updated on 8 October 2019. Previous versions can be obtained by contacting us. Should any substantive or material change be made to this Privacy Statement, we will notify you.
It is important that the personal data that we hold about you is accurate and current. Please keep us informed if any of the personal data you have provided us with changes during your relationship with us.
Call 07 3035 4077 to speak with our team now