[Last updated 14 January 2020]
‘Personal data’ or ‘personal information’ is information that directly identifies you, such as your name and email address, or data that could be used, on its own or in combination with other data, to identify you.
We collect, hold, use and disclose personal information for the purpose of providing you with legal services. If you subscribe to our newsletter, you may receive updates from us from time to time. We do not sell or give away access to the personal information you provide to us.
Law Firm Compliance
It is fundamental to the ethics of legal practice that the fact you are our client, any information you provide to us and all advice we provide to you remains confidential as between you and Onyx Legal.
Our advice to you remains protected by legal professional privilege unless you, or we, do something to waive or destroy that privilege. This means that we may each be excused from releasing your information in response to a warrant or subpoena.
If you provide us with written consent to release information, we may do so in accordance with your consent.
You can browse this website anonymously. However, if you would like to take advantage of our services, you will need to identify yourself to us and at that point we will collect your personal information.
Collection and use of personal information
We may request records to independently identify you such as copies or records of official identification documents like passports, identity cards, driving licenses or similar. For an enterprise, we may request details of your Australian Business Number or business registration in another company, copies of a current company extract or certificate of registration, or copies of trust deeds or other documents establishing your enterprise.
At all times we try to only collect the information we need for the particular service we are providing. This information includes:
- your full name
- your email address
- your best phone number
- your street address and/or postal address
- your business registration details
- your driver’s licence or other photo identification
- you website URL and whois details
The main way we collect personal information about you is when you give it to us, for example:
- when you contact us
- when you submit information to our website
- when you ask for access to information we hold about you
You agree that we may retain any of your personal information indefinitely if required to do so for compliance purposes, although we are not obliged to do so. For compliance purposes we will retain your information for at least five years.
Please keep your contact details with us up to date.
We also may share your personal information when required to do so by law or with our professional advisers to obtain advice, for instance if there is a breach of the terms and conditions, or to meet our accounting or compliance obligations.
Testimonials. If you provide us with a testimonial, you give us your consent to use on our website or other marketing material, your name together with your personal image and testimonial wording. You also give us permission to store this information in our secure records together with your email address and the year in which we provided you the services related to your testimonial. We will retain and use this information for it’s intended purpose for a period of up to seven years. We process this information based on your consent.
We use a customer relationship management system (Insightly.com) that automatically collects information from your publicly available profiles associated with the contact information that you provide to us. This can include your LinkedIn, Facebook, Twitter, Google + and other social media profiles. We will only use that information to help us to communicate with you.
We may also collect information about you from publicly available sources if we believe that information may assist us in providing the services you have requested. This can include information available via government registers such as ASIC.gov.au and ABR.gov.au and domain registrars.
Social Networking Services and links to other websites
We may provide links to other websites or use social networking services such as Twitter, LinkedIn and Facebook to communicate with the public about our work. These sites have their own privacy policies. When you communicate with us using these services we may collect your personal information. We will only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. You should be aware that personal information you disclose on social media sites is publicly available.
Collecting sensitive information
We do not actively collect sensitive information about you, including information about your health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal history, however we do recognise that you may provide some of that information as part of seeking legal services. We will take steps to appropriately protect any sensitive information we do receive.
With your permission, we may use your email address to send you emails about new products, free and premium content and special events.
With your permission, we may use your mobile phone number to send you SMS with links to legal updates or information about new products, free and premium content and special events.
These communications may contain links to blog posts, YouTube videos, reports/ checklists etc. We process this information based on your consent.
You may always withdraw your consent and unsubscribe from these emails by clicking on the unsubscribe link at the bottom of the email, unsubscribe from SMS messages by responding STOP to our message, or by contacting us at Admin(at)Onyx.legal.
Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Some website features may not function properly without cookies.
The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to help to track your use of our websites to improve your user experience and the quality of our services. To find out how to opt out of tailored advertising please check the options available here – http://www.networkadvertising.org/choices/.
Security and overseas recipients
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we use third party hosting and storage providers with industry standard security. We also internally take reasonable precautions and aim for industry best practice to avoid mis-use, interference loss or unauthorised access, modification or disclosure of your personal information. Our internal procedures may include:
- risk assessment of misuse, interference, loss, and unauthorised access, modification or disclosure of your information
- background tracking and records of changes made to your personal information
Our website data is currently hosted by Montec data centres in Sydney, Australia. Our CRM data is currently hosted by Insightly data centres in Texas, United States of America. Our business systems are operated using G Suite for Business by Google hosted across their international server locations.
Depending on your location, your personal information may cross Country boarders and may be stored in a jurisdiction with different privacy laws to where you live. By agreeing to this policy, you agree to such a transfer.
DISCLAIMER: While we do our best to ensure the security of your data, no storage is 100% secure and we cannot guarantee the safety of your data. If you feel this is not sufficient, please do not provide us with your personal information, or, if you have already provided personal information, please contact us and we will securely destroy it.
The information that we collect about you is used only for the purpose of providing you with services. We do not publish your personal information. We may give access to identification data we obtain and transaction records to appropriate and competent advisors or authorities for the purpose of preparing responses to audits of our legal practice, to obtain legal, accounting or other advice, or for compliance with our obligations for practice.
We do not use data processing houses overseas. However, we may use technical assistance located in another country and the people providing that assistance may be able to access your personal information in the course of providing services to us. We require those providers to comply with our privacy obligations.
Mandatory Data Reporting
If any of your personal information is lost, accessed or disclosed by us, whether intentionally, unintentionally or through no fault of Onyx Legal we will comply with mandatory data breach notification requirements.
We are required to notify any affected person within 30 days if the loss or disclosure of data is likely to result in serious harm to that person.
Your Data Rights
You have the right to ensure:
- We process your data fairly and lawfully and within the purpose and/or consent it was provided to us.
- Your data is accurate.
- The data collected by us is not excessive.
- Your data is accurate.
To ensure this happens, you can:
- Have your data updated and amended if incorrect, out of date or incomplete.
- Restrict the level of processing or automated processing we do.
- Know how long we keep your data.
- Ask us to erase your data and be forgotten.
- Ask us to provide details of the personal data we hold.
To achieve this, at your request, and upon production of satisfactory identification, we will tell you what personal data about you is being processed (eg what information we have stored), on what basis, and by whom.
You may amend inaccurate, incomplete or outdated personal data at any time by by contacting us at Admin(at)Onyx.legal. If we do not agree with your requested change, we will keep a copy of your request with our information.
If you decide your data should not be processed for one or more purposes, you may withdraw your consent from using your data in that way. Please note that we will action your request as soon as practically possible however such a request will not take effect immediately and your data may still be used in the meantime.
You may request that all personal data we have collected about you be deleted from our records and erased from information stored by any third party organisations processing data on our behalf.
If data we have collected about you is processed using automated means, you have the right to receive that data in a structured, machine-readable format and to transmit it to another data controller without hindrance.
If you have any concerns about our use of your personal information, please write to contact us and let us know what the problem is. We will respond to your concerns within 30 days.
If you are not happy with how we manage your concerns, you can contact the Australian Privacy Commission, available at http://www.oaic.gov.au.
How to contact us
You can contact us via this website or:
- email Adminl(at)Onyx.legal
- call +61 0423 462 207
- post snail mail to PO Box 448 | North Lakes | QLD 4509