General Data Protection Regulation (GDPR) Notice 

• clients, business associates and potential clients and their employees;
• information about individuals we collect in the course of acting for clients;
• suppliers and their employees;
• our employees, partners, contractors, former employees, former partners, former contractors or prospective employees, contractors or partners; and
• other people who come into contact with a member of the MinterEllison Group and the MinterEllison Legal Group.

In general, the personal information we may collect and hold includes name, date of birth, contact details (including email addresses), occupation, company name, username and password (as applicable), personal preferences, payment details, employment history, education and qualifications, testimonials and feedback, and other information which assists us in conducting our business, providing and marketing our services and meeting our legal obligations. In some cases we may also collect 'sensitive information', such as information about an individual's membership of a professional association, criminal record or health information.

Sometimes we collect information about you from sources other than you. We may collect information about you that is publicly available or made available by third parties (including, but not limited to: Companies House, other online search tools, the Financial Conduct Authority Register, or from our clients, suppliers and service providers and their websites etc.).

For instance, we do this where:

• we can’t get hold of you and need to update your contact details; and
• we need information about individuals from third parties to help us provide our services to clients.

We may use or disclose information about you in order to combine the information that we hold with information collected from or held by external sources. We do this in order to enable us to provide our services.

In connection with our legitimate interests in carrying on our business

We may use and process your information for our legitimate interests (where we have considered these are not overridden by your rights and which you have the right to object to as explained below) in:

• identifying opportunities to improve our service to you;
• conducting market research to serve you better by understanding your preferences to ensure we send you appropriate promotions and campaigns;
• assisting in arrangements with other organisations in relation to a product or service we make available to you;
• allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing); and
• verifying identity, preventing or investigating any fraud or crime, or any suspected fraud or crime.

Where processing is necessary for the performance of a contract

We may use and process your personal information in connection with a contract to which you are a party (for example, verification of identity checks on real estate transactions).

Under a legal obligation

We may also use and process your personal information where we are authorised or required by applicable laws, regulations or codes that bind us, in particular as a law firm.

With your consent

Where required, we will only use your personal information for the purpose/s for which you have given your valid or explicit consent, which we will ensure we have obtained before we process your information.

Some information you provide us in connection with your instructions to us for providing or administering a product or service we provide you, may be more sensitive and therefore falls within a special category of personal information, such as health information. We will collect and process this information only with your explicit consent.

For direct marketing

We may communicate with you (through the preferred communication channel(s) you have selected, which may include by email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums) to, amongst other things, tell you about products, services, event and offers that may be of interest to you.

If you have provided your consent to receive direct marketing, you can withdraw it at any time without detriment, we will process your request as soon as practicable.

If you no longer wish to receive these emails you can email us at: [email protected].

We may share your information with other organisations consistent with the purposes for which we use and process your information as described above. This includes with the entities described below.

Sharing with the MinterEllison Legal Group and MinterEllison Group

We may share your personal information with other MinterEllison Group or MinterEllison Legal Group members. This could depend on the product or service you have applied for and the MinterEllison Group or MinterEllison Legal Group member you are dealing with. Where appropriate we integrate the information we hold across the MinterEllison Group and MinterEllison Legal Group to provide us with a complete understanding of you and your needs in connection with the product or services we are providing you.

Sharing at your request

At your request, we will share your personal information with your representative or any person acting on your behalf (for example, financial advisers, lawyers, settlement agents, accountants, executors, administrators, trustees, guardians, brokers or auditors)

Sharing with third parties

We may disclose your personal information to third parties outside of the MinterEllison Group or MinterEllison Legal Group. For instance, to:

• parties who provide us with administrative or other services to assist us in providing legal advice to you; and
• parties who assist us in advising you (e.g. barristers, medical professionals etc).

We may send and process your personal information to MinterEllison Organisations in Australia. We may also need to share some of the information we collect about you from the EEA with organisations both inside and outside Australia, sometimes we may need to ask you before this happens.

We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be accessed or held.

If we or our service providers transfer any of your personal information we collect from you out of the EEA, it will only be done with relevant protections in place. We will take steps to ensure that your personal information will be afforded the level of protection required of us under and in accordance with our Privacy Policy and applicable data protection laws and in accordance with current legally recognised data transfer mechanisms, such as where the country has been deemed adequate by the European Commission, where a valid Privacy Shield certification exists (in the case of a data transfer to a Privacy Shield certified US recipient - https://www.privacyshield.gov/welcome or by adopting appropriate EC approved standard contractual clauses (see https://ec.europa.eu/info/law/law-topic/data-protection_en)

If you wish to know whether or not the country to which the overseas disclosure is intended to be made has been deemed adequate by the European Commission, please refer to this link:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu

Overseas organisations may be required to disclose information we share with them under an applicable foreign law.

We’ll only keep your information for as long as we require it for our purposes. We’re required to keep some of your information for certain periods of time under applicable law. When we no longer require your information, we’ll ensure that your information is destroyed or de-identified.

In relation to the provision of legal services, we are required to keep your information for at least 7 years or otherwise as required for our business operations or by applicable laws.

We may need to retain certain personal information after we cease providing you with products or services to enforce our terms, for fraud prevention, for audit or insurance purposes, to identify, issue or resolve legal claims and/or for proper record keeping.

We may also retain a record of any stated objection by you to receiving marketing for the purpose of ensuring we can continue to respect your wishes and not contact you further.

How to access your information

Subject to applicable laws, you have the right to access your personal information and to receive a copy of that information.

You can ask us to access your personal information that we hold by writing to us at: [email protected]. You can also ask that personal information provided by you to us is transmitted to another party.

We may need to verify your identity to respond to your request. We will respond to any request within a reasonable period permitted under applicable privacy laws and will generally give access unless an exemption applies to certain information.

We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee under certain circumstances to cover our costs when giving you access but we’ll always confirm this with you first.

If we can’t give you access, we will tell you why in writing and how you can make a complaint about our decision.

If you have concerns, you can complain: [email protected]

How to correct your personal information

You have the right to correction (rectification) of personal information and can contact us if you think there is something wrong with the information we hold about you.

If you are worried that we have given incorrect information to others, we will tell them about the correction. If we can’t, then we’ll let you know in writing.

Your right to erasure of your information

You also have in certain circumstances the right to request that the personal information that we collect from you is erased. If we refuse any request you make in relation to this right, we will tell you why in writing and how you can make a complaint about our decision.

Your right to object to or restrict processing of your information

You may also request that further processing of your personal information is restricted in certain circumstances, including while we investigate your concerns with this information.

If we can’t give you access, we will tell you why in writing and how you can make a complaint about our decision. If you have concerns, you can complain to the Australian Information Commissioner or the relevant data protection authority such as the Office of the UK Information Commissioner.

Right to object to data processing and right to data portability

You also have in certain circumstances the right to request that the further processing of your information is restricted or to object to its processing and the right to data portability (to receive and have transferred the information you provided). If we refuse any request you make in relation to this right, we will write to you to explain why and how you can make a complaint about our decision.

Right to withdraw consent

You can let us know at any time if you no longer wish to receive direct marketing offers from us . We will process your request as soon as practicable. Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately.

You may also withdraw your consent where provided or object to the further processing of your personal information under certain circumstances. If we refuse any request you make in relation to this right, we will write to you to explain why and how you can make a complaint about our decision.

The withdrawal of your consent will not affect the processing of your information that you had consented to.

If you have a complaint about how we handle your personal information, we want to hear from you. Please email us at: [email protected].

You have the right to make a complaint to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights).

Need more help?

Office of the Australian Information Commissioner
Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: [email protected]

Office of the UK Information Commissioner
Online: www.ico.gov.uk
Phone: 0303 123 1113
Live chat: https://ico.org.uk/global/contact-us/live-chat

• we, us and our means the MinterEllison Group.
• The MinterEllison Group means each MinterEllison Organisation; the Safetrac Group and the ITNewcom Group.
• The MinterEllison Legal Group means each MinterEllison Organisation; the partnerships known as MinterEllison in Adelaide and Darwin and MinterEllison Gold Coast; and Minter Ellison Rudd Watts in Auckland and Wellington.
• The ITNewcom Group means IT Newcom Pty Limited, IT Newcom Foundation and IT Newcom New Zealand Limited.
• The Safetrac Group means Safetrac Pty Ltd and Boardtrac Pty Ltd.
• Minter Ellison Organisations means MinterEllison's offices in Brisbane, Sydney, Canberra, Melbourne, Perth, Beijing and Shanghai; MinterEllison's limited liability company in Ulaanbaatar; the partnerships licensed to use the MinterEllison name which have an the office in London and Hong Kong respectively; and the Minter Ellison Revenue Group (a partnership which provides taxation advice and consulting services together with management services).