DATA SECURITY
We take data security seriously.
We secure your personal information by:
• Storing all digital personal data in encrypted form on LEAP, a reputable provider of a cloud-based client management system used by thousands of law firms around the world (and whose Data Security Policy can be accessed here);
• Using multi-factor authentication for all digital accounts, including email accounts (both a code received by SMS and a password are required to access accounts);
• Using Trend anti-virus/intrusion software (as recommended by our IT provider);
• Running mandatory cyber security training sessions for all staff;
• Reminding staff in our weekly meeting of the key cyber security steps, including that they telephone the purported sender of an unexpected email rather than opening it;
• Restricting access to physical client files to key staff;
• Changing passwords for all staff accounts on a 6-monthly schedule; and
• Maintaining up-to-date confidentiality and information security guidelines which align with industry best practice recommendations.
Please also read our Privacy Policy (below), which requires us to take all reasonable steps to protect your personal information from unauthorised access, misuse, loss, modification or disclosure through a number of measures, including those listed above.
PRIVACY POLICY
Our privacy terms are compliant with the Australian Privacy Principles set out in the Privacy Act 1988 (Privacy Act) as well as the Spam Act 2003.
Policy Statement
Elvin Lawyers respects your privacy. We are committed to ensuring the privacy of your information and that our terms are compliant with the Australian Privacy Principles as set out in the Privacy Act 1988 and the Spam Act 2003.
What personal information does Elvin Lawyers collect and hold?
Personal information is information or an opinion (whether true or not) about an identified, or reasonably identifiable, individual.
The types of personal information that we will collect will depend on the nature of your dealings with us. We collect personal information from clients, prospective clients, and other stakeholders we encounter in the ordinary course of business. This information is primarily collected to assist in the provision of our legal services and may also be collected for use in marketing and related activities.
This information is collected in a number of ways, such as via email, over the phone or in a person, and when receiving documents from you.
The personal information we will collect from you will usually include:
your name and title
your contact details (eg address, email address, phone number)
details about your occupation
details about your professional memberships
details about your interests in areas of legal practice or events
information about your dealings with us or with our clients, and/or
information relevant to our work for you or our clients.
However, we do not collect personal information that we do not need.
Please note that, while we seek to minimise the personal information we collect, if you do not provide us with the personal information we request, we may not be able to provide you with the services and other assistance you seek.
Generally, we endeavour to collect personal information directly from the individuals concerned, including via telephone, email, hardcopy or online forms.
However, if this is not practicable, we may collect personal information about individuals from third parties, including from publicly available sources. Such third parties may include your insurer, a company in which you are a shareholder or officeholder, your employer, your family members and/or anyone you have authorised to deal with us on your behalf and anyone seeking our services in relation to their dealings with you.
If we do collect personal information from third parties, we will take reasonable steps to ensure that the individuals concerned are made aware of the collection of their information.
On all occasions personal information is collected, held, used and disclosed by us in accordance with this Privacy Policy.
If you are a ‘business contact’ we may collect basic business contact information from you (e.g. your name, title and work contact details) automatically using the details in your email signature.
Elvin Lawyers will not ask to collect sensitive information about you (such as details of your racial or ethnic origin, political affiliation, religious beliefs, sexual preferences, criminal convictions or health information) unless it is needed for the purposes of providing legal advice.
Who does Elvin Lawyers use and disclose personal information to?
We may collect personal information to provide legal services and conduct our business. We also collect personal information so that we can communicate new legal or firm developments, including advertising new products or services that we offer, to our clients’ alert services or mailing lists.
Your personal information may also be confidentially disclosed to other entities. Such entities generally include:
our third-party service providers for the purpose of enabling them to provide, manage or administer a service (such as our IT service providers, organisations providing secure storage and archiving services, and insurers)
your representatives (including your financial advisors) if you have provided consent for such disclosure
government bodies, regulators, law enforcement agencies and any other parties where authorised or required by law
any other entities identified at the time of collecting your personal information or to which we are legally required to disclose your personal information.
Elvin Lawyers will only disclose personal information if this is required by law or permitted under the Privacy Act. Elvin Lawyers will not sell, rent or trade personal information about you to or with third parties. We are also bound by professional obligations of confidentiality, including in relation to personal information.
Elvin Lawyer’s policy is only to use personal information collected from business contacts for the business purpose for which it was collected.
Securing your personal information
We will use all reasonable endeavours to keep your personal information in a secure environment, however, this security cannot be guaranteed due to the nature of the internet and we cannot guarantee the security of your personal information.
We will take reasonable steps to protect personal information held from misuse, interference, loss and from unauthorised access, modification or disclosure – for example by:
security procedures for access to our business premises
security procedures within our offices
IT security procedures including password protection, firewalls, intrusion detection and site monitoring; and
mandatory confidentiality guidelines for all staff within the business.
You must take care to protect your personal information (for example, by protecting any usernames and passwords).
You must immediately notify us as soon as possible if you become aware of any security breaches or if you believe that there has been unauthorised use or disclosure of your personal information.
Accessing your personal information held by Elvin Lawyers
You may access personal information we hold about you, subject to any legal restrictions or exemptions. If such restrictions or exemptions exist, we will advise you of those reasons at the time of your request. We may also require you to provide proof of your identity before discussing any personal information.
We take reasonable steps to ensure that the personal information we hold about you is accurate, complete and up-to-date. However, we also rely on you to advise us of any changes to your personal information
Please contact us if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date.
While we do not charge you for a request for accessing your personal information you should be aware that we do charge a reasonable fee if an extended amount of time is required to collate and prepare material for you, and if you wish to have your files photocopied.
Junk mail or unsolicited email
You will only receive emails from us if:
You request information about our services when you choose to contact us;
It is otherwise relevant to the reasons for which we hold your email address, where we are permitted to do so by law.
What do you need to do if you have a complaint?
If you wish to make a complaint about a breach of this Privacy Policy, the Australian Privacy Principles, privacy-related issues or the privacy laws of your local jurisdiction, please contact our office.
We may ask that you provide us with sufficient details in writing regarding your complaint together with any supporting evidence.
Elvin Lawyers will investigate the issue and determine the steps (if any) that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation.
If you are not satisfied with our determination, you can contact us to discuss your concerns.
Contact us
Should you have any queries relating to this Privacy Policy or wish to make a complaint, please contact us at:
Elvin Lawyers, 622 Bell Street Preston VIC 3072
P: (03) 9498 0550
E: info@elvinlawyers.com.au