We respect your privacy. We owe all clients a duty of confidentiality and will comply with all privacy laws.
We will comply with the Australian Privacy Principles unless authorised or required by law to depart from them.
This privacy collection notice from Bright Corporate Law (in respect of legal advice) and Bright Legal Services Pty Ltd (in respect of news emails and compliance courses) outlines why we collect your personal information, what we collect, how we collect it and who we share it with.
If you have any enquiries about our privacy policy, or to make an access or amendment request or complaint, please contact our Principal David Jacobson, on 07 3878 5098.
You can see our website terms of use here.
You can see our compliance course site privacy policy here.
Why we collect information
We will only use your personal information for work you ask us to do or to tell you about our services or events. We will protect the security of your personal information once we receive it but we cannot guarantee the security of transmission from you. No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee the absolute security of your Personal Information.
We will only collect personal information if:
- it is for a lawful purpose that is directly related to one of our services, and
- it is reasonably necessary for us to have the information.
For clients of Bright Corporate Law we collect your personal information to comply with the ‘Customer Due Diligence’ requirements in the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act). This includes to:
- establish and verify your identity before providing certain services to you
- make reports required by law under the AML/CTF Act
- meet record-keeping obligations under the AML/CTF Act.
We collect the following types of personal information for Customer Due Diligence: your full name, date of birth, residential address, photo ID and unique identifier, such as a passport or driver’s licence number.
How we will collect personal information
We will collect personal information directly from the individual concerned unless it is unreasonable or impractical.
If you consent, we may use a third party identity verification service to collect personal information on your behalf.
We will not collect personal information by unlawful means.
We will not collect personal information that is intrusive or excessive.
We will take reasonable steps to ensure that the personal information we collect is relevant, accurate, up-to-date and complete.
Use of information
When collecting personal information, we will tell the person:
- what it will be used for
- what other organisations (if any) routinely receive this type of personal information from us
- how the person can access their personal information held by us
- whether the collection is required by law
- what the consequences will be for the person if they do not provide the information to us.
We will tell you if we use third-parties to assist with AML/CTF obligations including identity verification and storage.
If you do not provide us with your personal information, we may not be able to verify your identity and provide you with the services you have requested.
Access to information
We will enable anyone to know, upon request, whether we are likely to hold their personal information, and if so:
- what type of information we hold about them
- the purposes for which it will be used
- how they can access their own personal information
We will allow people to access their personal information without unreasonable expense or delay.
We aim to respond to requests within 30 days
We will only refuse access where authorised by law, and we will provide written reasons.
Security safeguards
We will take reasonable security measures to protect personal information from loss, unauthorised access, use, modification or disclosure.
We will take reasonable steps to ensure personal information is stored securely, not kept longer than necessary, and disposed of appropriately.
If a data breach involving your Information occurs, or we suspect that a data breach has occurred, whether the entity experiencing the data breach is Bright Law or third parties we use, such as contractors or subcontractors, we will expeditiously conduct an investigation and assessment.
Based on this assessment, we will determine whether any steps need to be taken by us to ensure your Information is not accessed by unauthorised persons or whether we need to notify you with recommendations about the steps that you should take in response to the data breach.
If there is a serious data breach we will tell you about any action we have taken, or we are intending to take, to prevent reoccurrence.
Amendment
We will allow people to update, correct or amend their personal information where necessary, to ensure it is accurate, relevant, up-to-date, complete or not misleading.
Where possible, we will notify any other recipients of any changes.
Accuracy
Before using or disclosing personal information, we will take appropriate steps to ensure that the information is relevant, accurate, up-to-date, complete, and not misleading
Direct marketing
We will use personal information for direct marketing only if:
- the person has consented
- they would reasonably expect it
- we provide you with an opportunity to opt out
- you have not opted out.
Other
We do not use linked health records, nor do we use unique personal identifiers. It is not practicable for us to provide anonymous services.
