Our Commitment to Your Privacy.

Luma Legal (Luma, we or us) respects your privacy and is committed to complying with the Australian Privacy Principles contained in the Privacy Act 1988 (Privacy Act).

We understand the importance of keeping personal information private and secure. Accordingly, we are committed to protecting any personal information about you that we hold.

This privacy Policy (Policy) outlines our ongoing obligations to you regarding how we collect, use, store and disclose your personal information and safeguard privacy. If you would like more information, please do not hesitate to contact us.

We wish to make clear that protecting confidential information is fundamental to our relationship with our clients and to our business. All information received in respect of a client matter is subject to strict duties of confidentiality. We will not disclose such information except in accordance with instructions.

We may modify this Policy from time to time by publishing it on our website. We encourage you to check our website periodically to ensure that you are aware of our current privacy Policy. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au.

What information do we collect?

Luma may collect personal information about our clients, prospective clients, business associates, suppliers, contractors, employees and other individuals who come into contact with us.

Personal information includes information or an opinion (whether true or not) about an identified or a reasonably identifiable individual. We may collect personal information about our clients, prospective clients, business associates, suppliers, contractors, employees and other individuals who come into contact with us.

We may collect personal information from you when:

you inquire about, or instruct us to provide you (or your employer or other representative), with legal advice;
you subscribe to one of our online services, newsletters, mailings lists or our website;
you register for or attend one of our events or seminars;
indirectly from you via interviews, correspondence, telephone conversations, emails, business cards, via our website www.aghlaw.com.au, from media and publications, from other publicly available sources, social media channels and from third parties;
we have other business dealings with you (e.g. as a regulator, a supplier to Luma, or in relation to a transaction); or
you apply for, or register your interest in, a role at Luma.

We only collect personal information that is necessary for us to perform our functions. The kinds of personal information we collect, and hold will depend upon the services you request from us. However, it may include, without limitation:

general personal or business details such as your name, job title, contact number, address and email address;
particularly if you are a client or potential client (or employed or engaged by one), your expertise and business interests and, where relevant, other information such as your membership of professional associations or boards;
contact information such as your name, address, email address, phone number, your relationship to another person, the company you work for and your position;
your financial or billing information (such as billing address, bank account and payment information); and
only where relevant and with your consent, sensitive information (e.g. where you register for an event or seminar we may ask you for information about your health, any disabilities and special dietary needs; or we may collect this information where we need it to provide you with legal advice).

In addition, if you apply for a job with us, we may collect certain information about you (including your name, contact details, working history and relevant records checks) from any recruitment consultant or from your previous employers, universities and others who may be able to assist us in our decision as to whether to make you an offer of employment or engage you under a contract.

When we collect personal information, we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

The Privacy Act contains certain exemptions in relation to certain acts undertaken in relation to employee records and related bodies corporate. Where appropriate we make use of relevant exemptions in the Act.

We generally endeavour to collect your information directly from you. However, in some circumstances we may collect your information from third parties, such as your employer or contracting organisation, your business contacts or other organisations that you deal with, regulatory or credit reporting agencies, a service provider or from a publicly available record. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Why do we collect, use and disclose your personal information?

Any personal information which we collect about you will be used and disclosed by us so that we can provide you with the services that you have requested, or otherwise to enable us to carry out our functions as professional legal service providers. It may also be used and disclosed for the further purposes for which it was collected, including those listed below or for secondary purposes related to those purposes, to the extent lawful.

The purposes for which we collect your information may include, to:

provide you with legal services or information;
verify your identity;
communicate with you, and build and maintain our relationships with you;
conduct appropriate checks for credit-worthiness
undertake conflict searches for our own purposes and the purpose of determining if we can represent a client or potential client;
conduct, monitor and analyse our business and internal operations;
identify and develop new products and services you may be interested in;
perform analytics on matter management, financial performance and event attendance, (however, our analytics are always conducted on a de-identified basis);
comply with applicable laws and our other regulatory, accounting, reporting or professional obligations;
protect, exercise or defend our legal rights; and
process and respond to your requests, enquiries or complaints.

We may also provide you with information from time to time about our services, marketing information, event details and updates on areas of law, unless you ask us not to do so in writing.

To whom do we disclose your personal information?

The personal information you provide to Luma is available to all Luma employees. We use your personal information so that we can deliver our services and conduct our business. We may disclose your personal information to:

our service providers, agents and contractors from time to time that provide services to us and/or help us to provide and market our services to you;
specific third parties authorised by you to receive information held by us; and
other persons, including government agencies, regulatory bodies and law enforcement agencies; or as otherwise required or authorised by law.

We will not pass on the personal information you have given us to anyone without first asking your permission, unless we are required or permitted to do so by law.

Luma does not host or store your personal information outside Australia. Luma do not sell, rent or trade your personal information to or with any third parties. Your personal information may be disclosed confidentially to third parties:

as required or permitted by law; or
with your consent.

Protecting your personal information.

Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

When your personal information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your personal information. However, most of the personal information is or will be stored in client files which will be kept by us for a minimum of seven years.

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

for the primary purpose for which it was obtained;
for a secondary purpose that is directly related to the primary purpose; and
with your consent; or where required or authorised by law.

Using our website.

While we do not use your browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your device.

We and our ISP also collect information such as the webpages that visitors to our site access, the documents they download, links from other sites they visit to reach our site, and the type of browser they use. However, this information is anonymous (i.e. it does not contain your personal information) and is only used for statistical and website development purposes.

If you have registered to receive electronic client publications or legal updates from us, then we may identify and record when you click on a link to our site that is contained in that publication or update.

Cookies.

A “cookie” is a piece of data stored on your hard drive containing non-personally identifiable information about you. We make limited use of cookies and other similar tracking technologies on our website. We use cookies for the purposes of enabling us to evaluate the use of our website in order to make it function effectively and also to improve our website visitors’ experience when they browse our website.

There are two types of cookies that may be used at our website: a persistent cookie and a session cookie. A persistent cookie is entered by your web browser into the "Cookies" folder on your computer and remains in that folder after you close your browser and may be used by your browser on subsequent visits to our website. A session cookie is held temporarily in your computer’s memory and disappears after you close your browser or shut down your computer.

When cookies are used on our website, they are used to store information relating to your visit such as a unique identifier, or a value to indicate whether you have seen a web page. The information collected by a cookie or other tracking device does not contain your personal information.

Most Internet browsers are set up to accept cookies. If you do not wish to receive cookies, you may be able to change the settings of your browser to refuse all cookies or to notify you each time a cookie is sent to your computer, giving you the choice whether to accept it or not. If you choose to decline cookies, you may not be able to fully experience the interactive features of our website.

Third party cookies.

In some cases, third parties may place cookies through our website. For example:

Google Analytics, one of the most widespread and trusted website analytics solutions, may use cookies de-identified data about how long users spend on our website and the pages that they visit;
Google AdSense, one of the most widespread and trusted website advertising solutions, may use cookies to serve more relevant advertisements across the web and limit the number of times that a particular advertisement is shown to you; and
third party social media applications (e.g., Facebook, Twitter, LinkedIn, Pinterest, YouTube, Instagram, etc) may use cookies in order to facilitate various social media buttons and/or plugins in our website.

How do we store and keep your information secure?

We may hold your personal information in either electronic or hard copy form. We use a variety of physical and electronic security measures to keep your personal information secure from misuse, interference, loss or unauthorised use or disclosure. For example, we restrict physical access to our offices, employ firewalls and secure databases, password protect our IT systems, frequently update our anti-virus software and conduct regular audit and data integrity checks. All of our employees are also bound to keep your personal information secure and treat it as confidential.

However, we cannot guarantee the security of your personal information. The internet is not a secure environment. If you do use the Internet to send us any information, including your email address, please be aware that it will be sent at your own risk.

Our websites and electronic newsletters may also contain links to other websites operated by third parties. Unless expressly stated otherwise, Luma is not responsible for the privacy practices or the content of those linked websites. The privacy policies that apply to those other websites may differ from our Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information.

You have rights under the Privacy Act to request access and correction to personal information we hold about you, subject to certain exceptions. It is important to us that your personal information is up to date. Luma will take reasonable steps to make sure that your personal information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable in writing so we can update our records and ensure we can continue to provide quality services to you. We encourage all requests for access to your personal information to be directed to our Office Manager by e-mail, admin@lumalegal.com.au.

We will deal with all requests for access to personal information as quickly as possible. In some cases, consistent with the Australian Privacy Principles under the Privacy Act, we may refuse to give you access to personal information we hold about you. This includes, without limitation, circumstances where giving you access:

would be unlawful (for example, where a record which contains personal information about you is subject to a claim for legal professional privilege by one of our clients);
would have an unreasonable impact on another person’s privacy;
would prejudice negotiations we are having with you;
would be likely to prejudice the taking of appropriate action in relation to suspected unlawful activity or misconduct of a serious nature, that relates to our functions or activities; or
would be likely to prejudice enforcement related activities carried out by, or for, an enforcement body.

If we refuse to give you access to personal information, we will provide you with reasons for our refusal. Generally, on your request we will amend any personal information we hold about you which is inaccurate, incomplete or out of date.

Making a complaint.

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us using the details set out below. Please include your name, email address and/or telephone number and clearly describe your complaint.

Any complaint will be investigated by the firm's Office of General Counsel and the outcome of that investigation communicated to you (please allow at least 30 days for us to do so).

If you are not satisfied with the outcome of any internal investigation that we conduct, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at enquiries@oaic.gov.au or on 1300 363 992. More information is available on the OAIC's website at https://www.oaic.gov.au/.

Changes to this Privacy Policy.