Here at Hede Byrne & Hall Lawyers (ABN 59 138 843 993), we value your trust and are committed to protecting your privacy.
Our website may contain links or references to other websites to which this Privacy Policy may not apply. You should review the Privacy Policy of each of those websites and assess whether those polices are accepted to you before using those websites.
We may, from time to time, review and update this Privacy Policy to take account of new laws and technology, changes to our operations and practices and to make sure it remains appropriate. Any changes to our Privacy Policy will be published on our website. This Privacy Policy was last updated on 8 August 2024.
Hede Byrne & Hall (the ‘firm’) is committed to handling your personal information in a secure and appropriate manner and in compliance with all applicable laws.
This policy and associated procedures apply to our firm in the context of its own internal business activities, the provision of services to our clients and in its dealing with outside entities be they government entities, contractors, suppliers, or other service providers.
Privacy law in Australia is governed by The Privacy Act 1988 (Cth) (the ‘Act’) and the Australian Privacy Principles (the ‘APP’s’) which affect the handling of personal information.
The principles were introduced in 2014 to bring Australia’s privacy laws (first introduced in 2001) in line with advancing technology trends and to provide more transparency around the capture and use of personal information.
Personal information is defined in section 6(1) of the Act as information that identifies, or could reasonably identify, an individual. While providing legal services, our firm will, from time to time, be required to collect and record personal information. In addition, as an employer, our firm is required to collect information from our current or prospective employees to manage ongoing and future employment with our firm. This may include:
Personal information is only collected by our firm where it is permitted by the Act, associated with or required for the purposes of fulfilling our professional obligations, in completion of the provision of legal services, in fulfilling legal obligations as an employer or otherwise as consented to by you.
Sensitive Information is defined in section 6(1) of the Act and includes:
Sensitive information is only collected by our firm where it is permitted by the Act, associated with or required for the purposes of fulfilling our professional obligations, in completion of the provision of legal services, in fulfilling legal obligations as an employer or otherwise as consented to by you.
A TFN is a unique identifier issued to individuals for the entirety of their life.
Relevant legislation/rulings:
Recipients of Tax File Number (‘TFN’) must abide by the TFN Rule and the TAA. The TFN Rule states that a recipient must not record, collect, use or disclose TFN information unless it is permitted under taxation, personal assistance or superannuation law.
The TAA creates offences for the unauthorised request, disclosure or recording of a TFN unless an exception applies.
Individual TFN information may be used or disclosed by our firm for lawful purposes such as facilitating taxation payments or superannuation law as an employer or as otherwise lawfully permitted in the course of carrying out legal services for individuals or corporations.
We collect personal information: –
Our firm may hold personal information physically or digitally either by ourselves or through our third-party service providers.
Our firm will take reasonable steps to ensure that the personal information that we hold is kept confidential and secure, by implementing and maintaining information security controls, policies and other measures.
Our firm takes steps to ensure that our employees understand the importance of confidentiality and security of personal information. These steps include the requirement of all staff to enter into contractual agreements enforcing the restrictions of use of confidential information, education at the time of induction and throughout employment and through the implementation processes such as redacting information where appropriate.
Our firm will take reasonable steps to ensure that personal information is not used or disclosed for a purpose other than for the reason it was collected. The use and disclosure of personal information may occur where:
We have a duty to maintain the confidentiality of our clients’ affairs, including personal information. Our duty of confidentiality to our clients applies, except where disclosure of personal information is consented to by the client or is compelled by law.
Client personal information may be disclosed to approved third parties who are also required to comply with the Australian Privacy Principles.
As identified by the Office of Australian Information Commissioner (the ‘OAIC’), A data breach is an unauthorized access or disclosure or loss of personal information. A data breach may be caused by malicious action (by external or insider party), human error, or a failure in information handling and security systems.
Our firm has a Data Breach Response Plan that outlines a process whereby we take immediate steps to contain, evaluate and respond to a breach, or suspected breach, in order to minimise or eliminate any potential harm a breach may cause to a client or individual. This plan also includes notification requirements such as to individuals significantly affected by a data breach event, and the OAIC where required.
For enquiries or complaints about how our firm manages your personal information, please contact our firm by:
Email: hedemail@hede.com.au
Telephone: +61 7 4637 6300
Post: Att: Privacy Officer, PO Box 1055, Toowoomba Qld 4350
We will endeavour to respond to your complaint within 48 hours.
If you are unsatisfied with our response to your complaint, you have the right to contact the OAIC (www.oaic.gov.au).