Privacy Policy

Purpose of policy

Webb Henderson is an international legal practice with offices in Sydney and Auckland (we, us, our). We are committed to protecting your privacy in all communications, engagements and activities. We will only collect, use or disclose personal information in accordance with legal requirements in Australia and New Zealand and this Privacy Policy.

This Privacy Policy provides details on how we collect, use, disclose and handle personal information as well as your rights regarding your personal information, which includes personal information collected via our website.

How we collect personal information

While performing our functions or activities as legal and regulatory advisors, we may collect personal information about you in a number of circumstances, including:

• in person (for example, at a meeting, a seminar or other function which we are participating in);
• through the use of our website or services (including via cookies);
• when you contact or correspond with us (for example, to ask for information over phone, email or letter);
• when you sign up to receive information from us (for example, through email updates you opt into);
• when you provide goods or services to us; and
• when you apply for employment with us.

In some circumstances, we may also collect personal information from publicly available sources of information and third parties, including public registers, court and tribunal records, third party service providers, government departments, credit reporting bodies, credit providers, online searches, recruitment agencies and social media platforms (for example, LinkedIn).

What personal information we collect

The personal information we collect will depend upon the nature of our relationship with you. For example:

• if you are a client of the firm, we typically collect your name, contact details, job title and employer details, information relevant to your dealings with Webb Henderson and the legal or regulatory matters we conduct on your behalf, information regarding the legal and business or governmental areas of interest to you, financial information and any other personal information that you provide to us in the course of our relationship with you (for example, information related to seminars, training presentations and functions you have attended);
• if you are involved in a matter we are working on, including with or adverse to one or more of our clients, we typically collect your name, contact details and information relevant to the matter;
• if you are a contractor, service provider or supplier to Webb Henderson, we typically collect your name, contact details and financial information required to make payments;
• if you are a job applicant, we typically collect your name, contact details and any information you include in your application, including your cover letter, resume, referee reports and education and academic information; and
• if you use our website, open our marketing emails or attend a meeting, seminar or other function which we are participating in, we may collect your Internet Protocol (IP) address, location, interactions with our website or marketing emails, name, contact details, job title and employer details and your areas of legal and regulatory interest or specialisation.

Sensitive information

We may also collect and hold sensitive information including health information and criminal background checks. We will only do so if the sensitive information being collected is reasonably necessary for our functions or activities and either:

• you have consented to the collection; or
• we are required or authorised by or under law to do so.

What if you don’t provide us with your personal information?

If you do not provide information requested by us from time to time, we may not be able to provide services to you or otherwise fulfil the purpose for which we have requested the information. Where practical, we will offer the option of not identifying yourself, or of using a pseudonym (for example, you can view our website and make general queries anonymously).

Cookies

Cookies are small strings of information that a website, including ours, transfers to your browser for identification purposes. We do not use cookies that identify individual users, although our cookies do identify your internet browser, the pages you visit and how you interact with our website. Our cookies are used to personalise your visits to our website and improve performance.

If you prefer not to receive cookies, you can adjust your internet browser to reject cookies or to notify you when they are being used. Most internet browsers are set to accept cookies by default.

In addition, we may collect information through our marketing emails and other communications (e.g. via social media) using technologies that are functionally similar to cookies, to understand recipients’ interest in our communications.

Why we use and disclose personal information

The purposes for which we use your personal information may include:

• to contact you;
• to conduct conflict searches for our own purposes and to determine if we can represent you;
• to provide you with legal or regulatory advice and services;
• to engage and manage external service providers and suppliers;
• to maintain, manage and develop our relationship with you;
• to verify your identity and assess creditworthiness;
• to send you invoices or payment reminder notices;
• to carry out business administration, research and planning;
• to carry out security and risk management, including cybersecurity;
• to market our services, provide you with information about legal and regulatory developments and services that you have requested or which may interest you and organise events;
• to obtain goods and services;
• to assess any job applications or service proposals you provide to us;
• to manage insurance policies;
• to comply with our legal and regulatory obligations; and
• for any other purpose for which information was provided to us or for any purpose related or ancillary to any of the above.

We may disclose your personal information to third parties where appropriate for the purposes set out in this section, including:

• to third parties we generally engage with in conducting our business, subject to any confidentiality provisions that we agree with you and subject to any confidentiality provisions we require of the third parties, including:
  • financial institutions for payment processing;
  • insurance brokers;
  • barristers, experts or other relevant third parties involved in your matter;
  • overseas law firms, where we are required to seek foreign law advice;
  • external law firms who we contract to assist us in providing services to you;
  • referees provided to us by job applicants;
  • our contracted service providers, including agents, consultants, contractors, business and litigation support service providers; printers and mail houses, function and event organisers, data storage and archive providers, information and communication technology providers, document production providers; delivery and shipping providers; and
  • courts, law enforcement agencies, security agencies and regulators;

• where you have consented to a disclosure of your personal information to a third party; and
• where the law allows or requires us to do so.

Direct marketing

If you are a client or have otherwise expressed interest and provided us with your contact details, we may send emails to you with information about legal and regulatory developments (such as publications, alerts and newsletters) and marketing our services.

If you do not wish for us to send you such emails, you can unsubscribe from our email notifications by clicking on the “Unsubscribe” link at the bottom of our email notifications and following any prompts or by emailing us.

Overseas disclosure of personal information

Due to the international nature of Webb Henderson’s business operations, we may need to disclose your personal information to our offices in Australia and New Zealand or overseas service providers, unless we have specifically agreed to retain your personal information within a local jurisdiction.

We may disclose personal information to our offices in Australia and New Zealand or overseas service providers so that they can provide us with services in connection with our functions or activities, such as providing you with legal and regulatory advice, conducting information and data processing, back up or scanning and obtaining services overseas.

We have policies and measures in place to safeguard the transfer of personal information between our offices. In all other cases, some of the countries where your personal information is transferred may have a different standard of data protection than your local jurisdiction. We have put in place contractual or other appropriate protections to ensure that your personal information is protected to applicable requirements in Australia and New Zealand, even if a lower standard may be applicable under another jurisdiction.

Personal information about other people which you provide to us

If you provide personal information to us about someone else (such as a director or employee of your company, or someone with whom you have business dealings) you must ensure that you are entitled to disclose that information to us. Without us taking any further steps, we may collect, use and disclose that information as described in this Privacy Policy.

Security and storage of personal information

We take reasonable steps to keep secure any personal information we hold or process. We hold and process personal information in several ways, including in hard copy and electronically in our IT systems. Our IT systems use Australian and overseas cloud infrastructure and services.

We implement several physical and electronic security measures to protect the personal information we hold, including:

• key card and passcode-restricted access to our offices;
• mandatory password protection, encryption and mobile device management on all computers, mobile devices and digital accessories;
• extensive IT security;
• staff training and workplace policies; and
• systems and application access controls implemented to restrict access to information.

We take the protection of your personal information extremely seriously – it is critical to our business and your confidence in it. However, even state of the art protection cannot guarantee there will be no unauthorised access to, or alteration of, your personal information. We will act promptly if we discover this has occurred and do so in accordance with applicable legal obligations. If you become aware of a breach of security, please notify us immediately by contacting the Privacy Officer as provided in the ‘Contact us’ section below.

Your rights and access to your personal information

You have a right to withdraw your consent for the collection, use and disclosure of your personal information, request access to your personal information or request correction of your personal information if it is inaccurate, out of date, incomplete, irrelevant or misleading. You may do so by contacting our Privacy Officer as provided in the ‘Contact us’ section below.

We will respond to access and correction requests within a reasonable period. In rare cases, we may charge you a fee to cover our reasonable costs of providing access to this information and may refuse access in accordance with law.

Notifiable data breach

If we experience an event that results in any loss, unauthorised access or disclosure of your personal information that is likely to result to serious harm to you, we will investigate and notify you and the relevant privacy regulator as soon as practicable, and in accordance with any timeframes and other requirements under the law.

Complaints

If you have any questions or concerns about our collection, use or disclosure of your personal information, or believe that we have not complied with this Privacy Policy or privacy laws, please contact our Privacy Officer using the channels set out in the ‘Contact us’ section below.

In most cases, our Privacy Officer will investigate the complaint and determine what action, if any, to take and provide you with a response within 14 days of the receipt of the privacy complaint. We request that you cooperate with us during this process and provide us with any relevant information we may require.

If you are not satisfied with our response, you may refer your complaint to:

• the Office of the Australian Information Commissioner (www.oaic.gov.au, 1300 363 992 or [email protected]); or
• the Office of the Privacy Commissioner in New Zealand (www.privacy.org.nz, 0800 803 909 or [email protected]).

Contact us

If you have any questions or comments about our Privacy Policy, please contact our Privacy Officer using the channels below:

Mail: Attention “Privacy Officer” Level 18, 420 George Street, Sydney NSW 2000;

or Email: [email protected]

Changes to our Privacy Policy

We may review and revise this Privacy Policy from time to time with updates made to this page on our website. We suggest that you review our website from time to time to ensure that you are up to date with our latest Privacy Policy.