Privacy Policy
Robinson and Robinson Lawyers Pty Ltd (ABN 69 683 381 777) (“we”, “us” or the “Company”) is committed to privacy protection. At www.robs.com.au (“this site”), we understand the importance of keeping personal information private and secure. This privacy policy (“Privacy Policy”) describes generally how we manage personal information and safeguard privacy. If you would like more information, please don’t hesitate to contact us. This Privacy Policy forms part of, and is subject to the provisions of, our Website Terms of Use (www.robs.com.au/privacy).
Our Commitment to Your Privacy
We care about your privacy. We will never rent, trade, or sell your email address to anyone. Furthermore, we will never publicly display your email address or other personal details that identify you.
We treat all personal information in accordance with any and all obligations that are binding upon us under the Privacy Act 1988 (Cth) (“Privacy Act”). The Privacy Act lays down 13 key principles in relation to the collection and treatment of personal information, which are called the “Australian Privacy Principles”.
What is “Personal Information”?
Personal information held by the Company may include your identity information (such as your name, date of birth, gender, signature, photographic identification, and offices or directorships held) and your contact information (such as residential and postal addresses, email addresses, and telephone numbers). It may also include professional and business information (such as your occupation, employer, job title, professional qualifications, and business holdings or structures), financial information (such as bank account details, billing information, payment card details, and tax file numbers), and details relevant to your legal matter or transaction. Finally, we may hold communication records (such as details of correspondence with you), website and technical data (such as your IP address, browser type, device information, pages visited, and cookies), and sensitive information (such as racial or ethnic origin, political beliefs, and criminal records).
Identity Verification and Legal Obligations
We may be required to verify your identity and collect certain information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (the “AML/CTF Act”) when we provide designated services. This includes collecting identification documents and information about the source of funds and beneficial ownership of entities.
How We May Collect Your Personal Information
Where reasonable and practicable, we collect personal information directly from you. This may occur when you engage us to provide legal services, respond to communication with us (or engage a solicitor or agent to do so), contact us by telephone, email, post, or in person, complete forms, provide documents, visit our website, use our online services, or apply for employment with us.
We may also collect personal information about you from third parties, including our clients (where we collect information in the course of providing legal services), other parties to legal proceedings or transactions and their lawyers, witnesses of fact, expert witnesses, health care providers, and hospitals. Additionally, we may collect information from courts, tribunals, law enforcement, government agencies, publicly available sources (such as public registers, websites, and social media), referrers who introduce you to us, lead agencies, advertising sites, recruitment agencies, previous employers, identity verification services, commercial data brokers, and background check providers.
IP Addresses and Cookies
This site may collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. The Company collects and manages IP addresses as part of providing internet session management and for security purposes. We may also collect and use web log, computer, and connection information for security purposes and to help prevent and detect any misuse of, or fraudulent activities involving, this site.
This site also uses “cookies” to help personalise your online experience. A cookie is a text file or a packet of information that is placed on your hard disk by a web page server to identify and interact more effectively with your computer. There are two types of cookies that may be used at this site: a persistent cookie and a session cookie. A persistent cookie is entered by your web browser into the “Cookies” folder on your computer and remains there after you close your browser, allowing it to be used on subsequent visits. A session cookie is held temporarily in your computer’s memory and disappears after you close your browser or shut down your computer. Cookies cannot be used to run programs. They are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you. In some cases, cookies may collect and store personal information. The Company extends the same privacy protection to your personal information whether gathered via cookies or from other sources.
You can configure your internet browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your internet browser’s instructions to learn more about these functions. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline them if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of this site.
Why We Use Cookies
This site uses cookies in order to remember your preferences for using this site, show relevant notifications to you (such as notifications that are relevant only to users who have or have not subscribed to newsletters or email services), and remember details of data that you choose to submit to us (such as through online contact forms). Many of these cookies are removed or cleared when you log out, but some may remain so that your preferences are remembered for future sessions.
In some cases, third parties may place cookies through this site. For example, Google Analytics (one of the most widespread and trusted website analytics solutions) may use cookies to gather de-identified data about how long users spend on this site and the pages they visit. Google AdSense may use cookies to serve more relevant advertisements across the web and limit the number of times a particular advertisement is shown to you. Additionally, third-party social media applications (such as Facebook, Twitter, LinkedIn, Pinterest, YouTube, and Instagram) may use cookies to facilitate various social media buttons and plugins on this site.
How We May Use Your Personal Information
We collect, hold, use, and disclose personal information for the primary purpose of providing legal services to our clients, complying with regulatory and insurance obligations, and operating our legal practice. Secondary purposes include financial management, system improvement, enforcement of our right to payment, and managing the relationship between our firm and former clients once a retainer has concluded.
Specifically, primary purposes include providing legal advice and representation to you or to our clients, managing client matters and files, conducting legal research and investigations, preparing and reviewing legal documents, communicating with you and other parties, billing and collecting fees (including the pursuit of our rights under a Costs Agreement or retainer), complying with our legal, professional, and insurance obligations, and administering our firm.
Our secondary purposes include maintaining and developing our relationship with you, quality assurance and service improvement (including training closed-circuit AI models compliant with our confidentiality obligations), training and professional development, ongoing Customer Due Diligence as required by the AML/CTF Act, enforcement of our rights to payment of fees, internal reporting and analysis, as well as risk management and insurance purposes.
When We May Disclose Your Personal Information
We may disclose your personal information to third parties to facilitate the purposes of collection noted above. These purposes include disclosure to parties to proceedings or transactions or their representatives, and to courts, government, and regulatory agencies as may be necessary or appropriate to establish legal rights or progress transactions in which we are instructed. We also disclose information to third parties (such as data storage or archiving companies, our regulators, or our insurers) who hold or process information for us.
Your personal information and confidential data are held by us subject to our duty of confidentiality under the Australian Solicitor’s Conduct Rules (ASCR) and any applicable undertaking or court rules. We may disclose personal information to third parties subject to those obligations for purposes including: discharging our professional obligations to you or our clients; complying with our legal obligations or answering a compulsory notice (such as a subpoena, warrant, or disclosures under the AML/CTF Act, Criminal Code, or Legal Profession Act); and engaging barristers, mediators, expert witnesses, investigators, consultants, or other legal practitioners for your matter. We may also disclose info to others involved in legal proceedings or transactions as instructed or required by law, courts, tribunals, regulators, our professional indemnity insurers, a Costs Assessor if an assessment is ordered, related entities, service providers who assist our business operations (including IT, AI, document management, and marketing providers), as permitted under ASCR confidentiality exceptions, or to any person you expressly or impliedly authorise.
Overseas Disclosure
We will disclose information to overseas recipients where this is reasonably necessary to progress our instructions (for example, when dealing with a company that has an overseas office). We may disclose personal information to recipients located outside Australia where reasonably necessary or convenient to facilitate the collection, holding, use, and disclosure purposes stated in this policy.
Access to and Correction of Your Personal Information
In most cases, you may have access to the personal information that we hold about you. We will handle requests for access in accordance with the Australian Privacy Principles. All requests for access must be directed to the Privacy Officer by email at claired@robs.com.au or by writing to our postal address. We will deal with all requests as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time. We may charge you a fee for access if a cost is incurred by us to retrieve your information, but we will never charge a fee for the application itself.
In some cases, we may refuse to give you access to your personal information. This includes circumstances where giving access would be unlawful (e.g., where a record is subject to a claim for legal professional privilege by one of our contractual counterparties), would have an unreasonable impact on another person’s privacy, or would prejudice an investigation of unlawful activity. We may also refuse access where the personal information relates to existing or anticipated legal proceedings and the information would not be accessible by the process of discovery in those proceedings. If we refuse access, we will provide you with the reasons for our refusal.
We will amend any personal information about you that is held by us and that is inaccurate, incomplete, or out of date if you request us to do so. If we disagree with your view about the accuracy, completeness, or currency of a record, and you ask us to associate a statement with that record expressing your contrary view, we will take reasonable steps to do so.
Storage, Security, and Data Retention
We are committed to maintaining the confidentiality of the information you provide, and we will take all reasonable precautions to protect your personal information from unauthorised use or alteration. Personal information may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. We hold your personal information using a system designed to protect against data breaches, and we take all reasonable measures to ensure the security of hard-copy information. We retain personal information for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal and professional obligations. Such information may be destroyed after seven years.
GDPR Compliance and Rights
The Company welcomes the General Data Protection Regulation (GDPR) of the European Union (EU) as an important step forward in streamlining data protection globally. Although we do not operate an establishment within the EU and do not target service offerings toward clients in the EU specifically, we intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of EU data subjects that we may obtain.
The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include specific rights. You are entitled to request details of the information we hold about you and how we process it; for EU residents, we will provide this information for no fee. You may also have a right to have that information rectified or deleted, restrict our processing of it, stop unauthorised transfers to a third party, and, in some circumstances, have the information transferred to another organisation. You also hold the right to lodge a complaint with a local supervisory authority. Where we rely upon your consent as our legal basis for processing your data, you may withdraw that consent at any time.
If you object to the processing of your personal information, or if you later choose to withdraw previously given consent, we will respect that choice in accordance with our legal obligations. However, please be aware that such an objection or withdrawal could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing services to other clients under appropriate confidentiality protections. Furthermore, even after you withdraw consent, we may continue to keep and process your personal information to the extent required or permitted by law—specifically to pursue our legitimate business interests (where it does not materially impact your rights) and to exercise, defend, or meet our legal, regulatory, and insurance obligations.
Third-Party Storage and Data Processors under GDPR
Data that we collect about you may be stored or otherwise processed by third-party services with data centres based outside the EU, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, and online relationship management tools. We consider that the collection and processing of this information is necessary to pursue our legitimate business interests (e.g., to analyse how clients use our services, develop our offerings, and grow our business) in a way that does not materially impact your rights, freedom, or interests. The Company requires that all third parties acting as “data processors” for us provide sufficient guarantees, implement appropriate technical and organisational measures to secure your data, process data only for specified purposes, and commit themselves to confidentiality.
We will only keep your data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting, or reporting requirements. At the end of any retention period, your data will either be deleted completely or anonymised (such as through aggregation for statistical analysis and business planning). In some circumstances, you can ask us to delete your data. To ensure your personal information remains accurate, please promptly advise us of any changes by contacting our data protection officer by email at claired@robs.com.au or by post.
Serious Privacy Breaches and Your Rights
Under Australian law, individuals may seek compensation for serious invasions of privacy, such as the misuse of personal information or unauthorised surveillance. If you believe your privacy has been seriously breached, you may have the right to take legal action in addition to lodging a complaint with the OAIC. The OAIC possesses enhanced enforcement powers, including civil penalties and broader investigation authority.
We take privacy complaints seriously. If you are dissatisfied with our handling of your personal information, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC). The OAIC has the power to investigate and enforce compliance under the Privacy Act 1988 (Cth).
Prohibited Use of Information and Data Breaches
We do not permit the use of any personal information obtained via our services for unlawful purposes, including doxxing (the malicious sharing of personal information to cause harm). This is a criminal offense under Australian law, carrying penalties of up to 7 years imprisonment.
In the event of a data breach involving personal information that is likely to result in serious harm, we will notify affected individuals and the OAIC, as required by law.
Changes to this Privacy Policy
From time to time, it may be necessary for us to revise this Privacy Policy. Any changes will be made in accordance with applicable requirements under the Privacy Act and the Australian Privacy Principles. We may notify you about changes to this Privacy Policy by posting an updated version on this site.