- Home > Privacy Policy
Privacy Policy & Collection Statement
Our Commitment
Hicks Oakley Chessell Williams Pty Ltd as Trustee of the HNO Unit Trust trading as Hicks Oakley Chessell Williams (HOCW, we, us our) is a law firm, dedicated to providing expert legal advice and legal services (Services). We are committed to protecting the privacy and confidentiality of Personal Information we collect from you, clients, service providers and contractors. We collect, use, share, process, and manage Personal Information only as reasonably necessary for carrying out our functions and activities.
Applicability
HOCW is an entity covered under the Privacy Act 1988 (Cth) (the Privacy Act) and the Notifiable Data Breaches scheme under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (NDB Scheme).
Purpose of this Privacy Policy & Collection Statement
This Privacy Policy and Collection Statement (Policy) outline our ongoing obligations to you in respect of how we manage your Personal Information. The purpose of this Policy is to provide information on how we hold, collect, record, organise, structure, store, adapt, alter, retrieve, consult, use, disclose, transmit, disseminate or make available, align, combine, restrict, erase, destroy and profile Personal Information. It is also to inform affected individuals (you, your) about how we handle your Personal Information and inform you of your rights and choices.
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act.
A copy of the APPs may be obtained from the website of The Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au.
Exclusions & Qualifications
As a law firm, we adhere to our fiduciary duties and are bound by the rights and obligations that attach to the administration of justice. These include duty of confidentiality and legal professional privilege, which is a fundamental right that vests in the client. In the event of a conflict between Personal Information and client rights, client rights, including rights of privilege and confidentiality, will prevail.
What is Personal Information
Personal Information is information about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.
For the purposes of this Policy, privacy, Personal Information, personal data, employee record, credit-related Personal Information and tax file number all have the same meaning and outcome: The Personal Information either identifies, or it has the potential to identify an individual.
Indicative information we may collect includes:
your name
your contact details
your date of birth
copy or details of your drivers’ licence, national ID card, and/or passport
job titles or occupation
Directors ID (if a Director of a Company).
Personal Information may also include any fact or opinion you provide that is related to the matter you are seeking advice or representation on including information obtained from a third party such as past or present employer, your medical practitioners, your bank.
We may infer information about you from your engagement with us and your activities.
Under APP 2 in some circumstances, you have the right to choose to remain anonymous (you cannot be identified and we do not collect Personal Information) or you choose to use a pseudonym (you can use a name, term or description that is different from your own) when dealing with us.
Circumstances where you may choose to remain anonymous or to use a pseudonym include, for example, where you prefer not to be identified, to be left alone, to avoid direct marketing, to keep your whereabouts and choices from others, and to express views in the public arena without being identified.
However, interacting anonymously or using a pseudonym is not possible where we are required to verify identity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF) and the AML/CTF Rules and Australian Transaction Reports and Analysis Centre (AUSTRAC) issued guidance (AML/CTF Framework).
Other examples of circumstances where we will need to know the identity of the person that we are dealing with relate to the provision of the Services, where identification is required or authorised by law, where a refund is requested, for dispute resolution, where access to information is requested for correction of a Personal Information record and where costs become excessive or impractical without knowing the identity of the individual we are dealing with.
Collection
We collect Personal Information only by lawful and fair means.
We collect Personal Information where the information is reasonably necessary for the Services, to fulfill our professional obligations and activities relating to the Services, to carry out legal process and for the administration of justice.
In providing Services, we also collect sensitive Personal Information. This sensitive Personal Information is provided by the individual themselves, by parents and guardians and by third parties involved in the legal profession.
Given the nature of legal services, we may collect Personal Information such as: name; sex; date of birth; language preferences; physical, postal and email address; telephone numbers; occupation; personal, career and criminal history; financial, tax, investment and credit information; identity documents such as travel and driver licence information; Australian government related identifiers and identity documents; foreign government identifiers and identity documents; information about your personal circumstances, including the source of your wealth or funds. We may also collect Sensitive Information such as genetic and biometric information, physical and mental health information; information relating to racial, political, religious and philosophical beliefs; sexual orientation or practices, criminal record, professional or trade association information.
For internal human resourcing, we collect Personal Information and sensitive Personal Information, which we may solicit or request from a third party such as an employment agency or referees in the context of employment. From employees, we request third party information such as next-of-kin and medical practitioner details.
In most circumstances we collect Personal Information directly from you when you, your organisation, or those acting on your or your organisation’s behalf:
visit us or meet with our representatives
communicate with us, including by physical post, email, social media, telephone or text message
register to attend, present at or otherwise participate in a meeting, conference or event hosted or presented by us online or in person; and/or
engage us to provide services including when you supply Know Your Client Information as per the AML/CTF Framework in response to our direct request.
In exceptional circumstance, or when authorised or required by law, we will collect Personal Information from some source other than the individual themselves. We may obtain information from a third party such as a past or present employer, your medical practitioners, your bank, your financial advisor.
We may also use third party providers such as credit reporting bodies or AML/CTF Technology providers for the purposes of complying with the AML/CTF Framework which includes Client Due Diligence, Risk Assessments and Verification of Identity.
In relation to individuals acting as service providers, contractors or agents of the firm, we collect your name, contact details and relevant information concerning your dealings with us.
Purpose of Collection
In relation to clients, this information is collected to provide you with legal services, advice and representation, including providing you with Designated Services, under the AML/CTF Framework, complying with our regulatory obligations in relation to the delivery of those services, including adherence to the Legal Profession Uniform Law and its related rules and legislation, the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 and the Legal Profession Uniform General Rules 2015.
In the provision of such services, we may provide information to agents to take actions or make enquiries in relation to the conduct of your matter. For example, at your instruction, a barrister may be briefed, expert advice sought, or a search firm may be engaged to conduct a title search in relation to your matter. We may also access your information to send you information about the firms' activities or developments in law that we believe will be of interest to you.
In relation to individuals acting as service providers, contractors or agents, we may use your information to access or use services provided by you or an organisation that you work for.
Use & Disclosure of Information
We use and disclose your information for the primary purpose for which you have provided the information. In addition to the use and disclosure of information outlined above and under 'Purpose of Collection', we also use and disclose information for purposes ancillary and consequential to the primary purpose of collection such as invoicing, related correspondence and accurate file management.
To this end the firm may use the services of agents, service providers or contractors. All such third parties must comply with fiduciary and confidentiality duties and the Privacy Act in their handling and management of information. This may include service providers that support our due diligence processes associated with complying with our AML/CTF obligations.
We take reasonable steps to ensure that such service providers commit to protecting your Personal Information appropriately and agree not to use or disclose your Personal Information for any other purpose (other than as required by law).
In the case of Sensitive Information, any secondary purpose will be one that you would reasonably expect and directly related to the primary purpose of collection.
At your instruction or according to the requirements of law, we may disclose your information to organisations such as regulatory authorities, government departments, courts, or other parties or advisers.
Legal Requirements
We may use or disclose your Personal Information in circumstances where required by law and/or expressly permitted by the Privacy Act, including if:
it is not reasonable or practical to obtain consent, and we reasonably believe use or disclosure is necessary to lessen or prevent a serious threat to life, health, or safety of any individual or public health and safety
we have reason to suspect that unlawful activity or misconduct of a serious nature that relates to our activities or functions is being or has been engaged in, and we believe the collection, use or disclosure is necessary to take appropriate action in relation to the matter
we reasonably believe that the collection, use or disclosure is reasonably necessary to assist with the location of a person reported missing; or
we are compelled by law including:
by warrant or subpoena
where we are required by request under statute or lawful order of a government agency or authority including law enforcement, courts and tribunals and regulators; and/or
to AUSTRAC and other government agencies without your knowledge or consent, including where we form a suspicion about a matter or transaction under the AML/CTF Framework.
Nothing in this Policy limits our obligations of confidentiality or client legal privilege. However, there may be circumstances where we are compelled to disclose confidential information to AUSTRAC under the AML/CTF Framework.
We are prohibited from notifying you of disclosures to AUSTRAC and may be prohibited from notifying you of disclosures to other government agencies or authorities.
Business Transactions
If we are involved in a merger, acquisition or asset sale, your Personal Information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.
Compliance with Anti-Money Laundering & Counter-Terrorism Financing Laws
We are required by law under the AML/CTF Act to collect and verify certain Personal Information and may be prohibited from providing services if we cannot do so.
We may also collect Sensitive Information where required for compliance with the AML/CTF Framework or where otherwise permitted by law.
We may conduct ongoing monitoring of transactions and client information to comply with our AML/CTF obligations.
You expressly agree to provide, or cause others to provide to us, any Personal Information we request for those purposes.
Without limiting this Policy, you expressly consent to us providing that Personal Information to any relevant third party, including our outsourced service providers, identity service providers and the Attorney-General’s Department in respect of the Document Verification Service for or the purposes of our compliance with these regulatory requirements.
Use of Technology & AI Tools
In providing our services, we may use secure third-party technology platforms, including AI-enabled tools, to process information on our behalf. We take reasonable steps to ensure that such tools are subject to appropriate confidentiality, security and data protection safeguards consistent with our professional and legal obligations.
Direct Marketing
When we provide Services to individuals, we ask for consent to communicate directly with the individual in order to provide information and to promote our Services.
When we provide Services to other entities (companies, trusts, partnerships, not-for-profit organisations), we imply consent to communicate directly with the individuals concerned (directors, officers, employees etc. of those entities) in order to provide information and to promote our Services.
Individuals are allowed to opt-out of receiving direct communications and direct marketing notifications.
We do not disclose, sell or share Personal Information to third parties for direct marketing purposes.
Security of Personal Information
We hold Personal Information in hard copy and electronic formats.
We take reasonable steps to prevent unauthorised access, disclosure, alteration, destruction or loss of Personal Information including by using a range of physical, operational and technological security measures to protect this information. These measures include organisational and technical measures such as:
staff education and training to ensure our staff are aware of their privacy obligations when handling your Personal Information
administrative and technical controls to restrict access to Personal Information to only those people who need access
technological security measures, including firewalls, encryption and anti-virus software.
Our information security and privacy practices include circumstance where our data storage and handling practices are outsourced to third parties. Accordingly, we only enter into agreements with third parties which we consider have reasonably compliant privacy policies.
Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme in the Privacy Act, including notifying the OAIC and affected individuals, as required.
When we consider that Personal Information is no longer needed for any purpose for which the information may be used or disclosed in accordance with this Policy and that we are not required by law or court order to retain the Personal Information, we will take reasonable steps to destroy or de-identify the information. AML/CTF Know Your Client Information and transaction records are kept for seven years after the business relationship ends or the transaction is completed, as required by the AML/CTF Framework.
Can your Personal Information be accessed offshore?
We maintain your Personal Information physically and electronically within Australia unless we have agreed with you to share your Personal Information with third parties offshore (such as local law experts in another jurisdiction).
Access & Collection of your Personal Information
We take all reasonable steps to ensure that the information we collect is accurate, complete and up to date at the time of collection.
We will respond to inquiries from an individual regarding whether we hold any Personal Information relating to that individual and will allow access to and correction of any such Personal Information subject to our contractual arrangements where Personal Information is held by a third party, and the conditions and limitations set out in the Privacy Act, including:
if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
giving access would have an unreasonable impact on the privacy of other individuals
the request for access is frivolous or vexatious
the information relates to existing or anticipated legal proceedings between the organisation and the individual, and would not be accessible by the process of discovery in those proceedings
giving access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations
giving access would be unlawful
denying access is required or authorised by or under an Australian law or a court/tribunal order
the organisation has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the organisation’s functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter
giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
giving access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision‑making process.
If you believe that the Personal Information we, or our contracted third party, hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you may request that we correct it by contacting our Compliance Manager. We may ask you to verify your identity before giving you access or making corrections, and we may charge a reasonable fee for providing access (but not for making a correction). This may include costs of retrieval of files from archival storage.
You can contact our Compliance Manager by email at compliance@hocw.com.au.
We will take reasonable steps to correct your information to ensure it is accurate, complete, and up to date within a reasonable period (usually within 30 days) of receiving your request.
Complaints
All privacy-related inquiries and complaints are handled by our Compliance Manager. If you have any concerns regarding our management of your Personal Information, or if you believe we have breached the APP/s, please contact our Compliance Manager in writing setting out the details of your complaint.
We are committed to achieving a fair and equitable resolution of any privacy concerns. When you lodge a complaint, we will follow this internal review process:
We will acknowledge receipt of your written complaint within a reasonable time (usually within seven days).
Our Compliance Manager will conduct an internal investigation into your complaint. This will involve reviewing the circumstances of the collection, use, or disclosure of your information and assessing our compliance with our internal procedures and the Privacy Act. We may contact you to request further information to assist with our investigation.
We will endeavour to complete our investigation and provide you with a written response outlining the outcome of our review, our decision, and any corrective actions we propose to take within 30 days of receiving your complaint.
If you are not satisfied with our response, or if we do not resolve your complaint within 30 days, you are entitled to escalate your complaint by lodging a complaint with the Office of the Australian Privacy Commissioner at this link: https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.
If you require a copy of this Policy in a particular form (e.g. large print, accessible PDF) please contact our Compliance Manager.
Company Information
| Name: | Hicks Oakley Chessell Williams Pty Ltd as Trustee of the HNO Unit Trust trading as Hicks Oakley Chessell Williams |
|---|---|
| ABN: | 42 140 904 578 |
| Physical address: | Central 1, Level 2, Suite 17, 1 Ricketts Road, Mount Waverley, VIC 3149 |
| Postal address: | PO Box 2165, Mount Waverley, VIC 3149 |
| Phone number: | +61 3 9440 4600 |
| Website: | hocw.com.au |
| Email address: | compliance@hocw.com.au |