Who we are
We are Claire Naidu & Co. Our website address is: http://www.clairenaidu.com.au.
Claire Naidu & Co understands that privacy and how we collect, use, disclose and protect your information is important to you. We are committed to ensuring the privacy of your information and to complying with the Australian Privacy Principles (APPs), which are contained in the Privacy Act 1988 (Privacy Act).
In summary, personal information is information or an opinion (whether true or not) about an identified, or reasonably identifiable, individual.
What Personal Information does Claire Naidu & Co collect and hold?
Claire Naidu & Co is a dispute resolution business. The types of personal information that Claire Naidu & Co collects will depend on the nature of your dealings with us.
We may collect personal information from you when you:
- instruct or enquire with Claire Naidu & Co regarding providing you with legal advice or other dispute resolution services including mediation, conflict coaching and arbitration;
- purchase or subscribe to a Claire Naidu & Co online service;
- subscribe to a Claire Naidu & Co newsletter;
- subscribe to any of our websites (or sub-domains) or to one of our mailing lists;
- attend a Claire Naidu & Co seminar or webinar;
- have business dealings with us (whether as one of our suppliers, or as a regulator we deal with, or in the context of a transaction), or
- apply, or register your interest for, employment with Claire Naidu & Co.
The personal information we will collect from you may include personal data, persona information, sensitive information, and government related identifiers (“GRI)” (such as drivers licence numbers, passport numbers etc).
The words ‘information about you’ refers to personal and sensitive information (or special categories of information) and GRI managed by us. This includes:
- contact information including your name, title, address and e-mail address and contact numbers (telephone, fax, mobile);
- financial information;
- business circumstances;
- family circumstances;
- information about assets and investments;
- employment history;
- date and place of birth;
- insurance history;
- banking and credit card details;
- expertise and interests;
- tax file numbers;
- driver’s licence and other photographic information;
- video or photographic footage given by clients to us for legal advice;
- information otherwise required by law; and
- any other personal information required to perform the legal service to the individual.
If necessary for the purposes of providing advice to you, or for providing you with other information (such as email updates) sometimes we may collect other personal information from you, such as the areas of our practice which you are interested in. However, we do not collect personal information that we do not need.
Please note that, while we seek to minimise the personal information we collect, if you do not provide us with the personal information we request, we may not be able to provide you with the services and other assistance you seek.
Generally, we endeavour to collect personal information directly from the relevant individuals concerned. However, if this is not practicable, we may collect personal information about individuals from third parties, including from publicly available sources. If we do, we will take reasonable steps to ensure that the individuals concerned are made aware of the collection of their information.
Most information about you is collected directly from you either verbally, in writing or from documents provided by you. We also collect and receive information about you from the following third parties:
- material provided under freedom of information, health records and other legislation;
- taxation records from the Australian Taxation Office;
- information from other government agencies;
- medical records and information from treating doctors and other health professionals;
- statements from policing authorities and witnesses, if relevant;
- employment records and information from employers and former employers;
- financial information from accountants and financial advisors;
- claims records and other information from insurers; and
- data from our website and the internet as a result of receiving subscription applications and emails.
If you are one of Claire Naidu & Co’s ‘business contacts’ (e.g. a contact person in one of our suppliers, or in a government agency or company with which we deal), we may collect basic business contact information from you (e.g. your name, title and work contact details) automatically using the details in your email signature.
Claire Naidu & Co will not ask to collect sensitive information about you (such as details of your racial or ethnic origin, political affiliation, religious beliefs, sexual preferences, criminal convictions or health information) unless it is needed for the purposes of providing legal advice, or conflict resolution services, or otherwise providing you with assistance.
How does Claire Naidu & Co use Personal Information?
Claire Naidu & Co’s policy is only to use personal information collected from business contacts for the business purpose for which it was collected.
Claire Naidu & Co need to collect personal information so that we can provide our products and services and conduct our business including:
- determining if we are able to assist you with your legal or dispute resolution matter;
- assessing and processing inquiries and requests for legal or other dispute resolution services;
- securing litigation and/or disbursement funding;
- market research and analysis;
- recovering moneys that you may owe us; and
- to inform you about any relevant legal services provided by us.
We also collect personal information so that we can communicate new services, products or firm developments, including advertising new products or services that we offer, to our clients and to those people who have subscribed to our website, social media, alert services, mailing lists or otherwise expressed interest in our business.
If, at any time, you do not wish to receive these kinds of communications, please let us know using the contact details set out below.
Will Your Personal Information be given to anyone else?
Claire Naidu & Co does not sell, rent or trade personal information about you to or with third parties.
Personal information may be disclosed outside of Claire Naidu & Co in the circumstances described below:
(a) Disclosures to external service providers
Claire Naidu & Co may disclose personal information to external service providers who provide services to you and help us operate our business. Examples of our external service providers include: courts, tribunals, ombudsmen, commissions and regulatory authorities (information provided to courts and tribunals may be made available to other parties to the litigation and will be on the public record); other parties involved in your matter and their solicitors (for example, counter parties to litigation or a transaction); third parties or entities who assist us in providing legal services or who provide services to you, or who provide services to us including recruitment services, data storage, distribution and mailing services, direct marketing, technology support services, and business development services; third party data storage providers; IT and other software and systems providers; companies who provide photocopying and archiving services; advertising and marketing agencies who assist us with our campaigns and programs, securing litigation and/or disbursement funding; companies, businesses and courts or tribunals for the purposes of recovering moneys that you may owe us; confidential destruction of documents; and research organisations and consultants who conduct research on our behalf.
(b) Entities or persons with your authority or direction
(b) Disclosures overseas
Where Claire Naidu & Co engages external information technology service providers, we ensure that wherever possible, our data is stored within Australia. Some of our vendors do however store data in overseas locations, including but not limited to UK, New Zealand, USA, and South Africa.
(c) Disclosures required or permitted by law
Otherwise, Claire Naidu & Co will only disclose personal information if this is required by law or permitted under the Privacy Act. Claire Naidu & Co is also bound by professional obligations of confidentiality, including in relation to personal information.
Security of Personal Information
Claire Naidu & Co takes reasonable steps to ensure the security of your personal information. Our IT systems are password protected. In addition, all Claire Naidu & Co employees are required, as a condition of employment, to treat personal information held by Claire Naidu & Co as confidential.
We use LEAP legal management software to store and manage information about your matter, which is a cloud-based software system. Information about your matter will be stored on secure LEAP-hosted servers based in Sydney. Our email servers are hosted remotely using Office 365 software, which stores information in data centres within Australia. The Firm believes on reasonable grounds that LEAP and Office 365 complies with the Privacy Act 1988 (Cth) in the storage of your personal information.
We take reasonable steps to ensure that personal information we hold is secure and protected from misuse, interference and loss or unauthorised access, modification of disclosure. We cannot however guarantee that our hard copy and electronic records cannot be accessed or will be free from malicious third party intervention. We take no responsibility for malicious attacks or accessing of personal information that was outside of our reasonable control to prevent.
LEAP Data on the LEAP Servers
Being a cloud solution, the software and all client data is stored on LEAP Servers, which are built on the AWS (Amazon Web Services) platform.
Amazon Web Services (AWS) is a leading cloud services platform, providing database storage, content delivery and a range of other functions.
LEAP stores data in the jurisdiction of origin, in the UK that is in Dublin, Ireland, in Australia that is in Sydney and in the United States in North Virginia. LEAP actively works to take advantage of AWS services, following Information Security best practices.
You can find out more about AWS security in the AWS Security & Compliance Quick Reference Guide (2018).
LEAP’s cloud infrastructure is maintained by the industry leading cloud platform provider, Amazon Web Services (AWS), in multiple unmarked facilities within the Sydney region.
The terms of agreement between LEAP & AWS, are here: aws.amazon.com/agreement
AWS has achieved a substantial amount of certification and compliance in industry standards, which recognise best practices in Information Security.
For a full listing of AWS certification and compliance, visit aws.amazon.com/compliance
Access and Correction
Under the Privacy Act, you have the right to:
- seek access to your personal information handled by Claire Naidu & Co;
- ask us to update or correct your personal information when it is inaccurate, incomplete or out of date; and
- opt-out of receiving direct marketing communications from us.
To provide you with access to your personal information held by us on our current records, Claire Naidu & Co can provide you with a copy of the relevant personal information.
For legal and administrative reasons, Claire Naidu & Co may also archive non-current records containing personal information, such as back up data files and offsite storage. Please note that if we do provide access to old records, we may charge you for the cost of providing such access.
If you are of the view that personal information about you is inaccurate or out of date, or if you have any other queries about access and correction, please contact our Privacy Officer using the contact details set out below.
Disclosure from the EU/EEA to recipients outside the EU/EEA
If EU data protection law applies to processing of your personal data by Claire Naidu & Co, the following section applies:
Your rights (GDPR)
In some cases, EU data protection law (including the GDPR) will apply to processing of personal information by Claire Naidu & Co.
If EU data protection law does apply, you may have the right to:
- Access. You have the right to request a copy of the personal information we are processing about you, which we will provide back to you in electronic form. For your own privacy and security, in our discretion we may require you to prove your identity before providing the requested information. If you require multiple copies of your personal information, we may charge a reasonable administration fee.
- Rectification. You have the right to have incomplete or inaccurate personal information that we process about you corrected.
- Deletion. You have the right to request that we delete personal information that we process about you, except we are not obligated to do so if we need to retain such information in order to comply with a legal obligation or to establish, exercise or defend legal claims.
- Restriction. You have the right to restrict our processing of your personal information where you believe such information to be inaccurate, our processing is unlawful or that we no longer need to process such information for a particular purpose, except for where we are not able to delete the information due to a legal or other obligation or because you do not wish for us to delete it.
- Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such information to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that information on the basis of your consent (such as for direct marketing communications) or to perform a contract with you.
- Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the information for the establishment, exercise or defence of a legal claim.
- Withdrawing Consent. If you have consented to our processing of your personal data, you have the right to withdraw your consent at any time. This includes cases where you wish to opt out from marketing messages that you receive from us.
Online Privacy Issues
Access to other websites
Sometimes our website contains links to other websites, for your convenience and information. When you access a website other than www.clairenaidu.com.au, please understand that Claire Naidu & Co is not responsible for the privacy practices of that site. We suggest that you review the privacy policies of each site you visit.
Destruction, de-identification and putting beyond use
Our professional obligations oblige us to maintain records (including personal information we collect about you) following the closure of your file for a period of at least seven years. We may after that time destroy or delete personal information we hold.In some cases we may be required to retain documents for a longer period of time.
Making a complaint
If you wish to make a complaint about how Claire Naidu & Co handles your personal information, please contact us setting out your complaint in writing, and forward it to our Privacy Officer, using the contact details below.
We will deal with all requests for access to personal information or complaints as quickly as possible and will endeavour to get back to you within a reasonable timeframe.
How do we handle the personal information of job applicants?
Claire Naidu & Co collects personal information about and from individuals who apply for employment with Claire Naidu & Co. The information we collect includes the job applicant’s:
- personal contact details and gender;
- educational and employment history, and relevant qualifications and employment history;
- eligibility to work in Australia; and
- referees’ contact details.
We may collect this information directly from the job applicant or indirectly from a third party, including from a recruitment agency. If necessary, we will also collect information about applicants from referees and from professional social networking sites like LinkedIn.
If the applicant proceeds to the interview stage, we will collect information about the applicant’s performance during interview.
Claire Naidu & Co is committed to a policy of diversity and inclusion. For this reason, we may also collect information as to whether a job applicant identifies as Aboriginal or Torres Strait Islander. We collect this information for the sole purpose of equal employment opportunities. Claire Naidu & Co will not use this information for any other purpose.
If you do not provide with us the information we request, we may not be able to process or assess your job application.
Claire Naidu & Co uses the personal information we collect about job applicants to assess their eligibility and suitability for employment with the firm. Generally, our assessment of applicants’ personal information will relate to a particular role. However, we may also retain and use applicants’ personal information to assess their suitability for other roles with the firm. We may disclose personal information to service providers that conduct background and eligibility checks on our behalf.
For information as to how an applicant may access and correct the personal information we hold about them, or complain about a breach of the APPs, please see the Policy below respectively.
Additional Privacy Information and How to Contact Claire Naidu & Co
Post: Claire Naidu & Co PO Box 858 Gungahlin ACT 2912
Telephone: +61 2 6109 0118
Amendment of this policy