mdp Law Pty Ltd ACN 605 767 164 as Trustee for mdp Law Trust is a proprietary company registered in Melbourne, Australia.
Reference in this policy to “your personal data” means any information that identifies, or could reasonably be used to identify, you as one of the aforementioned persons.
Information We Collect
The personal data we collect may include:
- Contact details, such as name, work address, telephone number and email address;
- Work history, such as work function, education, training and details of former employment;
- Identification information, such as drivers’ licence, date and place of birth;
- Billing information, such as account numbers and tax information; and/or
- Other personal data regarding your preferences where it is relevant to legal services that we provide.
We collect personal data through direct contact with our clients, potential clients, their affiliates and affiliated individuals, through subscriptions submitted to our website and through information publicly available on websites.
Use of Your Personal Data
mdp Law collects and processes your personal data to fulfil the following purposes:
- To provide legal advice or other services or things you may have requested;
- To send information on news, publications, blog and other content to you which we think may be of interest to you by post, email, or other means;
- To perform accounting, billing and other administrative and operational functions;
- For monitoring and assessing compliance with our policies and standards;
- To comply with our legal obligations; and
- For any other purpose for which you give your consent.
With regard to marketing-related communication, we will only provide you with such information after you have opted in. If you do not wish to receive further marketing-related communication from us, please email us at [email protected]. mdp Law will take immediate steps to ensure that you do not receive any direct marketing information in future.
The lawful bases upon which we collect and process your information are:
- To fulfil the legitimate interests we pursue, that being (amongst others), provision of our professional services to you; and
- For us to comply with our legal obligations. Particularly, in certain circumstances under Australian law we are required to retain your personal data for at least a period of seven years.
During the course of our representation of you, we may transfer your personal data to other offices within the mdp Law network to facilitate and centralise the operation of client services, conflicts checking, billing, marketing and related professional services.
You should be aware that when you provide information to any individual mdp Law lawyer, you are providing it to mdp Law as a whole, and your information may therefore be exported to, processed in and accessed from countries whose laws provide varied levels of protection, not always equivalent to that provided in your own country.
mdp Law has adopted various procedural and technical safeguards, in accordance with European data protection law, to protect your data.
Access by Third Parties
Consistent with our professional and ethical obligations, mdp Law may allow others to access your information in order to:
- Process data on our behalf in connection with the conduct of our business (in other words, to fulfil the legitimate interests we pursue); and
- Fulfil our obligations to you, including those that we are contractually obliged to fulfil. For instance, if you retain us for a particular matter, we may need to provide your personal data to a third party, so that we can complete the services we are retained to provide to you.
In some cases, we will provide your personal data to a third party after obtaining your explicit consent. For instance, where we brief external counsel to assist in your matter. We may also allow third parties to access your information where disclosure of your information is in your interest or is otherwise permitted, required or authorised under applicable law.
Prior to allowing any third party access to your information for the purpose of conducting our business, mdp Law will take all reasonable steps to ensure that such third party enjoys a sound business reputation and provides at least the same level of privacy protection that we offer to our clients.
How to Access Your Personal Data
If you have any questions about our use of your personal data (including categories of third parties to whom your personal data has been disclosed), please email us at [email protected].
Depending on the basis upon which we hold particular personal data of yours, you may be able to exercise your right to see a copy of, correct, erase or block the personal data we hold about you or submit a written demand that mdp Law cease processing your personal data. Be aware that in some cases, for instance, if we are holding particular personal data to comply with our legal obligations to store certain data for a particular period of time, we may not be able to comply with certain requests in respect of that personal data.
Personal data is only collected and processed to the extent necessary for the purposes described above. mdp Law updates, corrects and erases personal data on a regular basis. mdp Law will store and process your data only for the term of your retention of mdp Law and for a period thereafter reasonably determined by business necessity and our professional obligations to you, and as is required by law.
mdp Law takes all commercially reasonable steps consistent with industry practice to protect your personal data by using established security standards and procedures.
To prevent the loss, misuse, unauthorised access, disclosure, alteration and destruction of your personal data, we have established physical, electronic and managerial security procedures appropriate to the risks represented and the nature of the personal data to be protected.
We will work in good faith to resolve any concerns you may have about this policy and our privacy practices. If we fail to resolve a complaint regarding the processing of personal data, under certain circumstances the matter may be referred to the local data protection authorities in the appropriate jurisdiction.
Questions | Comments