Privacy Policy

1. Introduction

EEJM Law Pty Ltd (ABN 50 683 634 353), trading as McAuley Law Co ("we", "us", "our"), is committed to protecting the privacy of personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles ("APPs"). This Privacy Policy explains how we collect, hold, use, disclose, and safeguard your personal information when you visit our website, engage our legal services, or otherwise interact with us.

This Policy applies to all personal information we collect, including information collected through our identity verification processes. By providing us with your personal information, you consent to the practices described in this Policy.

2. Types of Personal Information We Collect

We may collect the following types of personal information depending on the nature of your engagement with us:

• Contact Details: Name, email address, phone number, postal or residential address.
• Identity Verification Information: Identity document details (such as driver licence, passport, Medicare card, birth certificate, or visa details), document numbers, dates of birth, and other information contained on identity documents provided for the purpose of verifying your identity.
• Biometric Information: Where electronic identity verification is used, we may collect facial images (photographs or selfies) for the purpose of biometric face matching and liveness detection. Biometric information is sensitive information under the Privacy Act and will only be collected with your express consent.
• Financial Information: Billing details, trust account information, and payment records necessary for providing our legal services.
• Sensitive Information: With your explicit consent, we may collect and use sensitive information (such as health information, criminal records, or other sensitive personal information as defined under the Privacy Act) when it is reasonably necessary for us to provide our legal services or assist you with your enquiry.
• Communications: Contents of email messages, contact forms, telephone conversations, and any information you provide during the course of correspondence or consultations.
• Technical Data: IP address, browser type, device information, pages visited, date and time of visits, and referral information collected through our website.

We only collect personal information that is reasonably necessary for our functions and activities, in accordance with APP 3.

3. How We Collect Personal Information

We collect personal information:

• Directly from you: When you contact us by phone, email, through our website contact form, or in person; when you engage us to provide legal services; or when you provide identity documents for verification.
• From third parties: Including other legal practitioners, courts and tribunals, government agencies, referrers, or other parties relevant to your legal matter.
• Through identity verification service providers: We use accredited Identity Service Providers ("IDSPs"), including APLYiD, to electronically verify your identity. Through these services, your identity document information and biometric data (facial images) may be collected and checked against government records via the Australian Government's Document Verification Service ("DVS").
• Via our website: Through cookies, server logs, and analytics tools as described in Section 5.
• From publicly available sources: Such as public registers, court records, or other publicly accessible databases.

4. Purpose of Collection, Use, and Disclosure

We collect, hold, use, and disclose personal information for the following purposes:

• Providing Legal Services: Administering your matter, providing legal advice, preparing documents, and conducting legal proceedings on your behalf.
• Client Identification and Verification: Verifying your identity as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) ("AML/CTF Act"), the Legal Profession Act 2007 (Qld), and the Australian Solicitors' Conduct Rules. This includes using electronic identity verification services such as APLYiD and the DVS to confirm the authenticity of identity documents you provide.
• Communication: Corresponding with you about your legal matter, responding to enquiries, and providing updates.
• Billing and Accounting: Processing payments, issuing invoices, and managing trust account transactions.
• Legal and Regulatory Compliance: Complying with our obligations under applicable laws, regulations, professional conduct rules, and court orders.
• Conflict Checking: Checking for conflicts of interest before accepting a new client or matter.
• Marketing and Business Development: Sending you information about our services, legal updates, or other communications (from which you may opt out at any time).
• Website Improvement: Analysing website usage and trends to improve our website's design and functionality.

We do not sell or rent your personal information to third parties.

Purpose of Collecting Identity Verification Information

We collect identity verification information specifically for the purpose of:

• Verifying your identity before providing legal services, as required by law and our professional obligations.
• Confirming the authenticity of identity documents by checking them against issuing agency records through the DVS.
• Conducting biometric face matching (where applicable) to ensure the person presenting the identity document is the rightful holder of that document.
• Complying with our obligations under the AML/CTF Act and the Australian Solicitors' Conduct Rules.

Identity verification information is not used for any purpose other than verifying your identity and fulfilling our legal and regulatory obligations.

5. Cookies and Website Analytics

Our website uses cookies and server log files to collect information about your visit:

• Cookies: Small text files stored on your device that allow us to recognise your browser, remember your preferences, and enhance your browsing experience.
• Server Logs: We automatically record technical data such as your IP address, browser type, pages visited, and referral information to monitor, analyse, and improve our website.

You can configure your browser settings to refuse cookies; however, this may limit your ability to use certain features of our website.

6. Disclosure of Personal Information

We may disclose your personal information to the following categories of recipients:

• Courts, Tribunals, and Regulatory Bodies: As required in the course of providing legal services or complying with legal obligations.
• Other Legal Practitioners: Including barristers, expert witnesses, mediators, or opposing parties' lawyers, where necessary for your matter.
• Identity Verification Service Providers: Your identity document details and biometric information may be disclosed to our IDSP (currently APLYiD) and, through the DVS, to relevant Australian Government issuing agencies (such as the Department of Foreign Affairs and Trade, state and territory transport and road authorities, and the Department of Home Affairs) for the sole purpose of verifying the authenticity of your identity documents. These services return only a match/no-match result and do not retain your personal information beyond what is necessary for verification.
• Service Providers: Trusted third-party vendors who assist us in operating our website, processing payments, providing IT support, or administering our business. These parties are bound by contractual obligations to keep your information secure and confidential.
• Government Agencies: Where required by law, court order, or regulatory obligation.
• Professional Indemnity Insurers: For the purpose of obtaining or maintaining professional indemnity insurance.
• Business Transfers: In the event of a sale, merger, or change of control of McAuley Law, relevant client information may be transferred as part of the transaction, subject to the transferee agreeing to handle your information in accordance with this Policy.

7. Overseas Disclosure of Personal Information

In accordance with APP 8, we inform you that your personal information may be disclosed to recipients located outside Australia in the following circumstances:

• Cloud and IT Service Providers: Some of our third-party service providers (including website hosting, email, and data storage providers) may store or process data using servers located outside Australia, including in the United States.
• Identity Verification Services: Our identity verification service provider (APLYiD) primarily processes identity verification data within Australia. However, certain cloud infrastructure or sub-processors used by APLYiD or the DVS may be located outside Australia. Where this occurs, appropriate contractual and security safeguards are in place.
• Legal Matters with an International Element: Where your legal matter involves parties, documents, or proceedings in another country, we may need to disclose personal information to overseas recipients such as foreign legal practitioners, courts, or government agencies. The specific countries involved will depend on the circumstances of your matter.

Before disclosing personal information overseas, we take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information, or we will seek your informed consent to the disclosure. We will inform you if we are unable to ensure APP compliance by an overseas recipient.

8. Data Security and Retention

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure in accordance with APP 11. Our security measures include:

• Encryption: Data transmitted via our website is encrypted using SSL/TLS technology. Identity verification data is transmitted and stored using encryption.
• Access Controls: Access to personal information is restricted to authorised personnel who require it to perform their duties.
• Secure Storage: Physical files are stored in secure premises and electronic records are stored in access-controlled systems.
• Data Retention: We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Legal files are retained for a minimum of seven (7) years in accordance with our professional obligations. Identity verification records are retained for a minimum of seven (7) years after the end of the client relationship, as required by the AML/CTF Act. Once your information is no longer required, we take reasonable steps to destroy or de-identify it.

9. Access and Correction

Under APPs 12 and 13, you have the right to:

• Access: Request access to the personal information we hold about you. We will respond to your request within 30 days.
• Correction: Request that we correct any personal information that is inaccurate, out of date, incomplete, irrelevant, or misleading.
• Deletion: Request that we delete your personal information, subject to our legal and regulatory obligations to retain certain records (including obligations under the AML/CTF Act and our professional conduct rules).
• Withdrawal of Consent: Withdraw your consent to the collection, use, or disclosure of your personal information at any time, noting that this may affect our ability to provide services to you.

In some circumstances, we may refuse a request for access or correction, for example where the information is subject to legal professional privilege, the request relates to existing or anticipated legal proceedings, or providing access would be unlawful. If we refuse a request, we will provide you with written reasons for the refusal and advise you of your right to complain.

To make a request, please contact our Privacy Officer using the details in Section 12.

10. Privacy Complaints

How to Make a Privacy Complaint

If you believe that we have breached the APPs or otherwise mishandled your personal information, you have the right to make a privacy complaint. To lodge a complaint, please contact our Privacy Officer in writing:

• Email: admin@mcauleylaw.com.au
• Post: Privacy Officer, McAuley Law, 2c, 26-28 Redland Bay Road, Capalaba QLD 4157

When making a complaint, please include your name and contact details, a description of the conduct or practice you are complaining about, and how you would like us to resolve the matter.

How We Handle Privacy Complaints

Upon receiving your complaint, we will:

1. Acknowledge receipt of your complaint within seven (7) business days.
2. Investigate your complaint by reviewing the relevant facts, circumstances, and any applicable records.
3. Endeavour to resolve your complaint within thirty (30) days of receipt. If we require additional time, we will notify you and provide an estimated timeframe for resolution.
4. Provide you with a written response setting out the outcome of our investigation, our reasons, and any remedial action we propose to take.

Escalation to the Office of the Australian Information Commissioner

If you are not satisfied with our response to your complaint, or if we have not responded within 30 days, you have the right to lodge a complaint with the Office of the Australian Information Commissioner ("OAIC"):

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Post: GPO Box 5218, Sydney NSW 2001

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. Any changes will be effective immediately upon posting on our website. We encourage you to review this Policy periodically. The date of the most recent update is shown at the top of this page.

12. Contact Information

If you have any questions about this Privacy Policy, wish to exercise your rights, or would like further information about our privacy practices, please contact our Privacy Officer:

• Email: admin@mcauleylaw.com.au
• Phone: 0478 848 131
• Postal Address: 2c, 26-28 Redland Bay Road, Capalaba QLD 4157