LMB is bound by the Privacy Act 1988 (Cth) (“Privacy Act”), including any relevant privacy code registered under the Privacy Act. LMB is committed to complying with the Privacy Act in relation to all personal information we collect and committed to protecting the privacy of personal information obtained through its professional service operations.
The Privacy Act incorporates the Australian Privacy Principles (APPs) which set out the way in which personal information must be treated. Disclosure of such information may be compelled by law (for example, under the Social Security Act 1991 (Cth)).
The LMB website contains links to non LMB websites. LMB is not responsible for the Privacy Policies of those other websites and LMB recommends that you should review the Privacy Policies of those other websites.
Collection of personal information
LMB collects personal information that is reasonably necessary for, or directly related to, its professional services. The types of personal information that LMB may collect and hold includes the following:
- Contact details
- Employment details & HR information
- Financial records & information
- Tax File Numbers
- Advice received from client or prospective client that may contain additional personal information, such as business-related connections and familial relationships.
LMB only collects personal information that has been directly provided to LMB by clients or prospective clients, associates of clients, suppliers or potential suppliers, LMB employees or potential employees or otherwise personal information available in the public domain where such information will assist LMB with the provision of services to LMB’s current or prospective clients. Personal information may have been provided in writing or verbally.
If clients or prospective clients do not provide personal information when requested, LMB may not be able to deliver the service that is required. LMB will endeavour to make this as clear as possible for each service. LMB will collect personal information from the user by lawful and fair means.
We manage the personal information we collect by implementing appropriate privacy management systems when dealing with your personal information, reviewing our privacy compliance from time to time and implementing security measures (such as unique usernames and passwords on our computer systems) to safeguard the personal information we collect. We will comply with our professional obligations (including confidentiality obligations) in dealing with your personal information at all times.
It is generally impracticable for LMB to deal with individuals on an anonymous basis or through the use of a pseudonym (an alias), although sometimes this is possible where it is lawful.
‘Sensitive information’ is a subset of personal information includes personal information that could have serious ramifications for you if used inappropriately. You consent and agree that the sensitive information that we collect and hold about you will include any information necessary so that we can provide our professional services to you. This may include professional or trade associations, racial or ethnic information, political opinions, any sensitive information required to be disclosed by law and any other sensitive information that we require to perform the professional services that you require. We will not collect sensitive information without your consent unless permitted under the Privacy Act or in accordance with law.
How we use personal information
The main purpose for which LMB collect, hold and use personal information are:
- for LMB to provide service;
- to maintain contact with clients;
- to keep clients and contacts informed of the services that LMB offers and of any current developments and updates such as changes of business hours;
- for administration and management purposes;
- to provide users with information about other services that LMB offers and that may be relevant to the user; and
- other purposes that is related to LMB’s business.
Employee records are not generally subject to the Privacy Act and therefore this policy may not apply to the handling of information about employees of LMB.
“Unsolicited” personal information is personal information about an individual that LMB has unintentionally received. This is not a common occurrence for LMB but when it does occur, LMB will seek to ensure to protect such personal information with same rigor to those personal information that LMB intended to collect.
Disclosure of Personal Information
Personal information is not disclosed to any third party unless the disclosure is:
- required by law, rules and regulations and/or professional standards;
- necessary to provide the client or prospective clients with the product or service requested;
- to protect the rights, property and personal safety of a LMB client, prospective client, the public and the interests of LMB; and
- given with consent.
Should it be necessary for LMB to forward personal information to third parties, LMB will make every effort to ensure that the confidentiality of the information is protected.
Overseas, Interstate & Data Retention Disclosures
LMB’s bookkeeping operations may occur overseas and LMB may use the following overseas contractors and their facilities: TOA Global. As a result, LMB may at times require the exchanges of personal information of LMB’s clients and/or prospective clients between locations and firms. The personal information may be transferred to countries whose privacy laws do not provide the same level of protection as compared to Australia’s privacy laws. In the event that personal information is disclosed to overseas recipients, LMB will take all reasonable steps to ensure that any personal information is secure and is treated in accordance with the Australian Privacy Principles.
We hold, or may hold your personal information electronically, physically, on our premises, in off-site storage facilities in Australia (in any account held by us or held by or owned by any Company or Trust or legal entity from whom we lease commercial premises), by a third party data storage facilitator and/or provider in Australia and/or overseas (including but not limited to international cloud computing services in overseas countries including but not limited to Philippines and the United States Of America), through third party providers such as Microsoft, Xero, Quickbooks, MailChimp, Adobe, Receipt Bank, Dropbox, by an email filtering host in Australia and/or overseas, through internal servers, our website, private cloud, as well as on electronic storage devices, including DVD and USB. If you send an email to us, the information in your email (including any personal information) may be retained on our systems in accordance with our procedures.
Whilst we take reasonable steps to ensure that all personal information that we hold is secure from any unauthorised access, misuse or disclosure, no data transfer over the internet is ever one hundred percent (100%) secure and we cannot guarantee that personal information cannot be accessed by an unauthorised person (for example, a hacker) or that unauthorised disclosures will not occur. Information you send to us, from your workplace, for example, may possibly be accessed by your employer or an intermediate service provider. If you send any information (including personal information) to us through the internet or through any other electronic means, you do so at your own risk. Some of the methods we use to store and secure personal information include using security cards to access areas that contain personal information, using designated areas (that do not contain personal information) to meet with clients and non-employees of LMB, using customised usernames, passwords and other protections on computer and other systems that can access personal information, as well as using lockable storage devices for storing some more sensitive information, other important documents or financial records.
We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected. The primary purpose for which information is collected varies, but is generally for the relevant LMB to provide the professional services to you. In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us or to consider an enquiry made with us, in respect of potential employment with us. You authorise and provide your consent to LMB that you have made an enquiry with or that you have Retained to collect, hold, use and disclose such personal information to any other LMB Business and/or to others in furtherance of your matter (including overseas recipients in countries including but not limited to Philippines) and/or to other service providers, in order to provide the relevant professional service to you (for example, other solicitors, barristers, experts, accountants, financial institutions, insurers, in Court during Court proceedings or as the context of the relevant professional service requires), as well as to third party agents, contractors or service providers to which LMB have contracted out or outsourced any administrative, financial, information technology, marketing or other services (such as but not limited to bulk mailing, client marketing research, company audits and Information Technology and Marketing support).
You also agree that we may also disclose your personal information in circumstances where disclosure is permitted by law (including under the Privacy Act, under Court Orders or Statutory Notices to produce documents under laws relating to Anti-Money Laundering, Bankruptcy, Counterterrorism, Social Security, Taxation and the management of incorporated entities) or where disclosure is required to investigate suspected fraud or other unlawful activity, or otherwise where disclosure may prevent or lessen a serious or imminent threat to someone’s life or health. If information has to be disclosed overseas, the overseas recipient may not be subject to privacy obligations or to any rules similar to the rules of legal professional privilege or the Australian Privacy Principles. The overseas recipient may also be subject to a foreign law which could compel the disclosure of personal information to a third party (such as, for example, an overseas government or regulatory authority). You hereby consent to the disclosure in the knowledge that we will not take any steps to ensure that the overseas recipient deals with your personal information in accordance with the Australian Privacy Principles and accordingly should such overseas recipient handle the information in breach of the Australian Privacy Principles, then you may not be able to seek redress in the overseas jurisdiction and we will not be accountable under the Privacy Act.
Personal information may also be used or disclosed by us for secondary purposes which are within your reasonable expectations and related to the primary purpose of collection and you hereby authorise us to use any email address or any other contact or personal information that you provide to us at any time, for these secondary purposes. For example, you provide your consent for us to use your personal information for the following secondary purposes: to comply with our contractual and other legal obligations; for the purposes of sending you information about products, services, special offers and updates by post, telephone or any form of electronic communication (such as email); for the purposes of taking a message or telephone number so that we might call you back or contact you; for insurance and/or or professional indemnity purposes; to add your details to our Newsletter register, to inform you of updates and changes to the law or financial services that may affect you and to invite you to legal or financial events relevant to your industry (which you can unsubscribe from at any time); or to collect moneys owed to us; or to agents or third parties from time to time, to help us with the provision and/or marketing of our services to you. We may also contact you by email, telephone or mail from time to time regarding marketing offers and/or by providing you with marketing material, brochures, communications or other documentation (hereinafter “jointly and/or severally referred to as “direct marketing”) in relation to any of the related business.
By engaging LMB you consent and agree to us contacting you by email, telephone or mail regarding direct marketing in relation to LMB and your consent will survive and remain after the termination and/or completion of any services provided to you with LMB. If you do not wish to receive any direct marketing, please advise us in writing by email at email@example.com. Please note that if you chose to not receive any direct marketing, we may still contact you in relation to (without limitation) your matter and the services provided by us.
Apart from the primary and/or secondary purposes specified above, we will only disclose your personal information to third parties with your consent or if the disclosure is permitted by law or the Privacy Act.
Accessing your personal information
Users have the right to request access to the personal information that LMB holds about such user. This right is subject to certain exceptions allowed by law.
Upon your request and subject to applicable privacy laws, LMB will provide you with access to your personal information that is held by LMB. You must thoroughly identify the types of information you are requesting. LMB will deal with your request within a reasonable time – usually within 30 days from the date of the request. LMB may also recover from you any reasonable costs incurred in supplying you with access to your personal information.
Exceptions under Law
You do not have absolute right to access personal information. The law permits LMB to refuse your request to provide you with access to your personal information, such as circumstances where:
- access would be unlawful;
- access would pose a serious threat to the life or health of any individual;
- access would have an unreasonable impact on the privacy of others; and
- access may prejudice enforcement activities, a security function or commercial negotiations.
LMB will take all reasonable steps to protect against the loss, alteration and/or misuse of any personal information under LMB’s control. LMB is committed to keeping your trusts by protecting your personal information.
LMB employs the most appropriate technical, administrative and physical procedures to protect the security of your personal information. LMB only keeps personal information for as long as it is required for business purposes or by the law.
Cloud Computing Services & Storage
We use or may use international cloud computing services such as Microsoft Outlook for e-mail, calendar and contacts data storage. Such e-mail, calendar and contact data storage data is encrypted (effectively, access can only be obtained through a secure username and password system), so that the personal information contained in e-mail, calendar and contact data is protected from unauthorised access.
Countries in which such e-mail, calendar and contact data may be stored include (but are not limited to) Australia, United States of America and the Philippines. We conduct due diligence on proposed cloud computing service providers, prior to engaging them and as part of this due diligence, we satisfy ourselves and accordingly reasonably believe that the overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the personal information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information and also that there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme. We also satisfy ourselves that we will possess effective control over the data.
Loss of personal information
Despite LMB’s effort to protect your personal information, there remains the possibility for a breach of security to occur. In the event of loss of personal information, LMB will:
- seek to immediately identify and secure the breach to prevent further breaches;
- engage the appropriate authorities where criminal activity is suspected;
- assess the nature and severity of the breach including the type of personal information involved and the risk of harm to affected individuals;
- notify the affected individuals directly where possible; and
- notify the Privacy Commissioner if the breach is significant.
Website Security and Privacy
LMB will take all reasonable steps to have systems in place to ensure the security of your dealings with LMB at all times.
Updating your information
It is important that the personal information or credit information that we hold about you is up-to-date. LMB will take all reasonable steps to ensure that all personal information held by LMB remains accurate. If you advised LMB of any change of details, LMB will amend your records accordingly.
Where a third party disclosed your personal information, LMB will take all reasonable steps to notify the third party of any correction.
Where LMB is unable to update your information, LMB will provide an explanation as to why the information cannot be corrected.
Privacy Complaints Procedure
If an individual feels that LMB has breached its obligations in the handling, use or disclosure of their personal information, they may raise a complaint. We encourage individuals to discuss the situation with their LMB representative in the first instance, before making a complaint.
The complaints handling process is as follows: The individual should make the complaint including as much detail about the issue as possible, in writing to firstname.lastname@example.org
LMB will investigate the circumstances included in the complaint and respond to the individual as soon as possible (and within 30 calendar days) regarding its findings and actions following this investigation.
Should after considering this response, if the individual is still not satisfied they make escalate their complaint directly to the Information Commissioner for investigation.