1. Compliance with Australian Privacy Principles
1.1 Madison Marcus Law Firm Pty Ltd ABN 40 164 498 444 (Madison Marcus) respects and acknowledges the importance of privacy. Madison Marcus complies with the Australian Privacy Principles (APP) as contained within the Privacy Act 1988 (Cth) (Act), when collecting, using, disclosing and managing your personal information.
2. Use of personal information
2.1 MM may collect and use your personal information for a variety of reasons, which includes but is not limited to the following:
(a) verifying your identity including for the purposes of anti-money laundering and counter-terrorism laws;
(b) contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner);
(c) to provide you with services you request from Madison Marcus;
(d) undertaking conflict searches for our own purposes and the purpose of determining if we can represent a client or potential client;
(e) acting for a client when it acquires a business with employees;
(f) acting for a client in a matter or litigation against an individual;
(g) to add you to the Madison Marcus mailing list(s);
(h) to detect security issues and prevent fraud on the Website and generally;
(i) to request feedback on your experience with Madison Marcus;
(j) to provide you with support in relation to the Website;
(k) to enable you to access the Madison Marcus website;
(l) to process transactions and send notifications about your transactions;
(m) to manage and minimise risks and identify or investigate fraud and/or other illegal activities;
(n) responding to your enquiries which include the processing of complaints made to Madison Marcus;
(o) the resolution of disputes, collection of fees and troubleshooting problems;
(p) enforcement of our terms and conditions;
(q) deliver targeted marketing and various other notices and promotional communications based on your selected communication preferences;
(r) in the performance of data analytics to improve the Website and your experience with Madison Marcus;
(s) to analyse trends in your visits to the Website;
(t) to gather demographic information based on the visits to the Website;
(u) Madison Marcus’ business development, including sending of updates and publications;
(v) to manage and deliver contextual and behavioural advertising;
(w) to help us understand more about our audiences;
(x) auditing and managing the use of the Website and any other portal; or
(y) in order for Madison Marcus to comply with legal and regulatory obligations.
3. Collection of personal information
3.1 MM collects personal information through a variety of methods, which includes the following:
(a) directly from you;
(b) when applying for a position of employment with us;
(c) when a third party provides your personal information to us on your behalf and with your consent;
(d) when an associated entity of Madison Marcus provides personal information collected by that entity to Madison Marcus with your consent;
(e) through your access and use of the Website including via cookies;
(f) through your access and use of Madison Marcus’ software, applications or other platforms commissioned by Madison Marcus;
(g) through your access of surveys commissioned by Madison Marcus;
(h) when you subscribe to receive information from Madison Marcus;
(i) when you communicate with Madison Marcus, by email, post or otherwise;
(j) through publicly available information;
(k) financing providers with which Madison Marcus offer financing for legal services provided;
(l) financial service providers used when processing your payments; or
(m) through any social media account(s) which you use to create or log into the Website.
3.2 In the event that Madison Marcus is unable to obtain personal information from you as outlined above, this may result in Madison Marcus being unable to provide you with the services and assistance you require or access to the Website and/or marketing material.
4. Types of personal information and storage
4.1 The type of personal information that Madison Marcus may hold includes the following:
(a) identification information including your name, identification number (including passport number, driver’s licence number, ABN and ACN if applicable), date of birth, gender, phone number(s), addresses, time zone, title, department, sector, billing contact details, email address, postal address, billing address, and other contact information;
(b) occupation and education/work history
(c) data necessary to process your payment if you engage our services;
(d) registration information including an email address, username and other log-in details;
(e) your approximate physical location of the devices you use to access our website;
(f) your IP address and other device identifiers, including mobile advertising identifiers;
(g) your payment details;
(h) your account history, including any metadata contained in any content submitted by you via the Website, or that you have enquired about;
(i) aggregate, anonymous, or de-identified non-personal data;
(j) any other information provided by you in using the Website; and
(k) other information that helps us to identify you or helps us to provide or improve our website.
4.2 Madison Marcus may also collect:
(a) various financial information such as the full bank account details or credit card numbers that you link to your account with us; and
(b) sensitive information about you, including health information and criminal background checks.
4.3 The personal information referred to in clause 4.1 above may be held by Madison Marcus in both hardcopy files and also in an electronic form in our information technology systems.
4.4 Madison Marcus will take all reasonable steps to keep any personal information we hold about you secure. However, to the extent liability cannot be excluded due to the operation of statute, Madison Marcus excludes all liability (including in negligence) for the consequences of any unauthorised access to your personal information. Please notify us immediately if you become aware of any breach of security.
4.5 Madison Marcus has adopted a number of security measures, both physical and electronic, to protect the personal information we store, including but not limited to:
(a) mandatory password protection on all computers and employee profiles;
(b) passwords are required to be changed at regular intervals with strict password criteria;
(c) hardware encryption on desktops, laptops and other portable storage devices;
(d) firewall and antivirus/malware software;
(e) access restrictions and permissions have been implemented to personnel in particular positions;
(f) locked and secure destruction bins are located around our offices for hardcopy documents;
(g) restricted access to all offices via an access card.
5. Disclosure of personal information
5.1 Madison Marcus may use or disclose your personal information:
(a) for the purpose for which it was collected. We will also use and disclose your personal information for a secondary purpose that is related to a purpose for which we collected it, where you would reasonably except us to use or disclose your personal information for that secondary purpose; and
(b) in circumstances where:
(i) you have expressly or impliedly consented to the use or disclosure;
(ii) in confidence to our advisers, consultants and insurers;
(iii) it is authorised or required by or under an Australian law or court/tribunal order.
5.2 Madison Marcus may be required to disclose your personal information to the following third parties:
(a) Madison Marcus’ associated entities;
(b) our professional advisors, including our accountants, lawyers, business advisors and consultants;
engaged by Madison Marcus for;
(c) external service providers so that the third party can carry out the service that they have been engaged by Madison Marcus for;
(d) our partners and the suppliers and service providers who help with our business operations including in relation to fraud prevention, identity verification, payment collection, marketing, customer service, and technology services;
(e) third parties who have instructed us to provide goods and/or services;
(f) organisations that provide applications, websites, services, goods, software, programs used by Madison Marcus;
(g) third parties that may provide Madison Marcus with marketing or analytics reports;
(h) organisations that help identify illegal activities and prevent fraud;
(i) organisations and/or individuals that Madison Marcus intends on entering negotiations with for any merger, sale of assets, financing, acquisition of all or a part of Madison Marcus’ business; or
(j) any legal industry regulatory body in any of the states, territories and jurisdictions that Madison Marcus operates in.
5.3 Madison Marcus may be required to disclose your personal information in order to respond to subpoenas, court orders, or to investigate, prevent, defend against, or take action regarding violations of our terms and conditions, illegal activities, suspected fraud, or situations involving potential threats to the legal rights or physical safety of any person or the security of our network, customers/users or services.
5.4 Any purchases and/or payments made on or via the Website, will be processed through our third-party payment processor where they will collect the billing and financial information required to process your charges. This may include your name, address, e-mail address, and financial information. Madison Marcus’ payment processors do not share your financial information with Madison Marcus, but they may share non-financial information with us related to your purchases, including your name, address, and the service purchased.
5.6 You acknowledge and agree that delivery of your purchase could involve disclosure of certain personal information about you to bring about delivery of the item(s) such as your name and contact details, which may be disclosed on the cover of the parcel, on an envelope or a delivery related document, as the case may be, which could be seen by third parties who view such parcel, envelope or said document.
5.7 Where the Act permits, Madison Marcus may also disclose personal information to third party suppliers and service providers located overseas for some of the purposes listed above.
6. Protection of personal information
6.1 Madison Marcus may, from time to time, have affiliated offices operating in overseas. Madison Marcus may send your personal information to these offices for one or more of the purposes listed in clause 2.1. If Madison Marcus’ overseas offices are operated by ‘related body corporates’ of Madison Marcus, Madison Marcus will take such steps as a reasonably required to ensure that there is appropriate data handling of your personal information and proper security arrangements are in place
6.2 From time to time, Madison Marcus may also send your personal information overseas for the following reasons:
(a) to third party service providers who store data or operate outside of Australia;
(b) to complete a transaction involving an international financial institution; or
(c) as required by laws and regulations of Australia or another country.
6.3 Before Madison Marcus discloses personal information about you to an overseas recipient who is not a related entity, Madison Marcus will take such steps as a reasonably required to ensure that there is appropriate data handling of your personal information and proper security arrangements are in place.
6.4 If you are a user of the Website and located in the European Union, you may also have rights under the General Data Protection Regulation (GDPR). Further details of any additional rights you may have are outlined in Annexure A.
7.1 Cookies are used by Madison Marcus to maximise and enhance our user experience.
7.2 When accessing the Website, small files of data may be placed on your device that enable Madison Marcus to recognise you as a Madison Marcus client each time you return to the Website. As a result of these cookies, you avoid the need to keep inputting your information throughout a session and may have these details auto filled when you visit the Website. In addition, these cookies enable Madison Marcus to ascertain information regarding what web pages you visit and how regularly, enabling us to make our websites and platforms increasingly user friendly and to target advertising to content that you may be interested in.
7.3 You are free to decline the cookies in which Madison Marcus utilises and can disable them through your web browser.
8. Protection of personal information
8.1 Madison Marcus will take all reasonable steps to ensure that your personal information is properly protected from misuse, loss, unauthorised access, modification or disclosure.
9. Notifiable Data Breaches Scheme
9.1 In the event of any loss, or unauthorised access or disclosure of your personal information that is likely to result in serious harm to you, Madison Marcus will investigate and notify you and the Australian Information Commissioner as soon as practicable, in accordance with the Act.
12. Children’s Privacy
12.1 We do not, and do not intend to, transact through the Website directly with anyone we know to be under the age of 18. If you are under the age of 18, you should use the Website only with the involvement of a parent or guardian and should not submit any personal information to us. By providing any personal information to us, you declare that you are over the age of 18.
13. Mobile Application Use
14. Accessing and requesting correction of Personal Information
14.1 To access, seek or request personal information that Madison Marcus holds about you, please contact us at:
The Privacy Officer
General Manager: Verdiana Riolo
Contact Number: +61 2 98022 1222
14.2 In the event that access to personal information is requested, Madison Marcus will endeavour to respond to that request as soon as reasonably practicable if and to the extent required by the applicable law.
14.3 If Madison Marcus is unable to give you access, or if Madison Marcus declines to amend your personal information, Madison Marcus will issue a written notice that describes our reasoning for doing so. Madison Marcus notes that before providing you with any personal information Madison Marcus will be required to verify your identity.
14.4 Madison Marcus reserves the right to make an administrative charge to you if it is required, to provide you with access to personal information as outlined in clauses 13.1 and 13.2 above.
15. Resolving your concerns
15.1 If you wish to make a complaint regarding that way in which Madison Marcus manages your personal information, or if you feel that Madison Marcus has fallen short of the required standards set by the Act, please prepare your complaint in writing and provide it to The Privacy Officer.
15.2 A written acknowledgement of your complaint will be provided within 7 days, and Madison Marcus will attempt to have your concern resolved within 30 days of receipt of your written complaint and any additional information / documents Madison Marcus has requested you provide.
15.3 Madison Marcus endeavours to investigate your complaint promptly and fairly. In the unfortunate event that you remain dissatisfied, you may also make a formal written complaint to the Office of the Australian Information Commissioner (OAIC, the regulatory body responsible for privacy in Australia). The contact details of the OAIC are accessible via the following link – https://www.oaic.gov.au/about-us/contact-us.
Additional rights for individuals located in the European Union
The GDPR has coordinated the laws in the European Union (EU) in respect of data privacy. The GDPR provides individuals with more rights and imposes further obligations such as requiring the organisation to provide more information on how it collects, uses, shares and stores personal information, to protect that individual’s personal information.
In this Annexure A, any references to:
(a) “personal information” refers to any information relating an identifiable natural person; and
(b) “personal data” has the meaning given to it in the GDPR.
2. Personal information we collect
(b) There are specific types of personal information that we may only obtain or use with your consent or where it is lawfully permitted. Example of these types of personal information include, but is not limited to:
(i) your racial or ethnic origin;
(ii) political opinion;
(iii) religious or philosophical beliefs;
(iv) trade union memberships;
(v) biometric data; or
(vi) data relating to your health, sex life or sexual orientation.
3. Duration personal information is stored
(a) Generally, your personal information may be retained by us for up to seven (7) years after you stop being a client of Madison Marcus.
(b) We may however require your personal information for longer periods so that Madison Marcus may:
(i) fulfil Madison Marcus’ legal or regulatory obligations;
(ii) conduct internal research and/or analytics; and
(iii) respond to an enquiry or complaint submitted by you.
4. Use of your personal information
Madison Marcus may only use your personal information if we have a lawful reason to do so. Such reasons may include:
(a) fulfilling contract or service you have requested from us;
(b) fulfilling an enquiry submitted by you;
(c) complying with any applicable law(s);
(d) you have provided Madison Marcus with consent to use your personal information for a specific purpose; and
(e) subject to an overriding objective to protect your personal information, providing your personal information for the legitimate interests of Madison Marcus and/or a third party.
5. Your rights
The GDPR affords you with the following rights in respect of your personal information:
(a) (notification) to be notified and informed on how your personal information is collected and used. You may withdraw your consent for Madison Marcus to use your personal information at any time. In the event you withdraw your consent, Madison Marcus may only be able to provide limited services to you;
(b) (access) access your personal information by contacting our Privacy Officer;
(c) (rectification) to question any personal information Madison Marcus holds in respect of you that may not be accurate or complete. If such enquiry is made by you, Madison Marcus will take reasonable steps in confirming the accuracy of your personal information with us;
(d) (delete) request for Madison Marcus to delete your personal information. Madison Marcus notes that such request may be subject to legal requirements imposed on us and will notify you of same in the event such request to delete is made by you;
(e) (restrict processing) to restrict Madison Marcus’s use of your personal information in specific circumstances. Madison Marcus notes that such request may be subject to legal requirements imposed on us;
(f) (portability) to provide you with a copy of your personal information held by us;
(g) (objection) to object to us processing your personal information; and
(h) (complaint) to complain to the relevant regulator if you are not satisfied with the outcome of a complaint that you submitted to Madison Marcus. The European Commission website contains details of the relevant data protection authorities.