Privacy Policy
Your rights in relation to privacy
Nest Legal understands the importance of protecting the privacy of an individual’s personal information and adopts the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Act).
This Privacy Policy sets out how we collect, use and disclose information about you, how we aim to protect the privacy of your personal information and your rights in relation to your personal information.
Please read this Privacy Policy carefully. By providing personal information to us, you consent to us collecting, holding, using and disclosing your personal information in accordance with this Privacy Policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of this Site or the products and/or services offered on or through it.
We may modify this policy from time to time by publishing it on our website. Your continued use of our website will indicate your acceptance of any changes to this Privacy Policy.
Kinds of personal information
During the provision of our services or through your use of our website, Nest Legal may collect your personal information. Personal information is information or an opinion about an identified, or reasonably identifiable, individual, whether or not the information or opinion is true and whether or not it is recorded in a material form.
If you’re a client (or potential client), it is highly likely that you will share some personal information with us. This includes:
● contact details such as your name, business or personal addresses, email addresses, phone and fax numbers;
● your employment or professional details;
● your marital status and/or anniversary;
● your age and/or date of birth;
● your preferences and/or opinions;
● information you provide to us through customer surveys;
● details of your company’s ABN and/or ACN;
● financial information including bank account and credit card details;
● your browser session and geo-location data, device and network information, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour;
● additional personal information that you provide to us, directly or indirectly, through your use of our website, associated applications, associated social media platforms and/or accounts from which you permit us to collect information; and
● any other personal information requested by us and/or provided by you or a third party.
We will sometimes collect “sensitive information” from you. Sensitive information is defined in the Privacy Act to include, information and/or opinions about sexual preference, political affiliations, religious beliefs and health information. We will only collect sensitive information with your consent or as required by law.
Collection of personal information
Generally, Nest Legal will collect your personal information through:
● direct contact with you, whether in person, over the phone, or via a video-conferencing platform (including recording and transcribing video and telephone calls so they can be saved to your file), email, or more rarely, snail mail; or
● the completion of online contact forms, intake forms or booking forms on our website.
We may also collect information from publicly available sources, other professional advisors or government and statutory authorities in connection with your matter.
When you use our website, the following information may be logged for statistical purposes and for the purposes of marketing and advertising to you:
● the date and time of your visit to our website;
● your IP address;
● pages that you accessed and documents downloaded; and
● the type of browser you were using.
Cookies may be used on our website. Cookies are pieces of information that a website transfers to a computer’s hard drive for record keeping purposes. Most web browsers are set to accept cookies and do not personally identify the user.
Purpose of collection
Nest Legal may need your personal information for the following reasons:
● to respond to your enquiries or consultation request via our website;
● so we can provide you with legal services;
● for accounting, billing and other internal administrative purposes;
● to add you to our mailing list where you have subscribed to our newsletter;
● any other legal requirements including any that we need to comply with under our legal profession rules, such as the Legal Profession Uniform Law Application Act 2014.
We will not use or disclose any information about you other than the purpose for which it was collected, without your consent, unless the use or disclosure is permitted under the Privacy Act, required by law or authorised by you.
We are bound by professional obligations of confidentiality and legal professional privilege. We will continue to treat and protect any personal information we receive in accordance with these obligations.
Nest Legal may also use and disclose your personal information in order to inform you of legal updates and/or services that may be of interest to you. In the event you do not wish to receive such communications, you may, at any time, request not to receive direct marketing communications from us or use any opt-out mechanism provided.
Management and security of your personal information
We take reasonable precautions to safeguard your information from loss, misuse, unauthorised access, modification or disclosure. We use a number of means to protect your information including:
we engage BITS Managed Security Services to ensure we comply with the cybersecurity framework established by the Australian Cyber Security Centre, train our team in cyber awareness, perform simulated phishing attacks to test our systems, monitor spam and phishing emails, monitor the dark web for data breaches and ensure all devices are regularly updated and compliant;
regularly updating and enforcing our Responsible AI Use Policy;
IT password protection including multi factor authentication on all databases containing personal information;
business grade anti-virus and firewall software;
employment conditions and staff policies requiring confidentiality of information and the privacy of individuals.
All information that you provide to us or is entered into our website, software applications, phone system or collected from your visiting our website is automatically transferred to our system. When you contact or engage us, you consent to your personal information being held by our system as outlined in this Privacy Policy.
Despite our best efforts, the internet itself cannot be trusted as a secure environment. Whilst we choose services that we think offer appropriate levels of security for our information, we are unable to give an absolute promise that your personal information will always be safe. Your personal information may be stored in locations outside our direct control and may be held outside Australia. If you are not comfortable with this, you should not provide us with your personal information. If we become aware of any security breach relating to your personal information, we will advise you as soon as we can.
We may disclose personal information to external service providers including IT service providers. Where we engage external service providers we take reasonable steps to ensure these providers comply with the APPs.
If you need to use your credit card for any of our services, we will not store your credit card details. However your credit card details may be encrypted and securely stored by our chosen payment provider.
We use email to send out various general information that we think will be useful to our clients. You have the option to opt-out of these emails when you first engage us. There are clear instructions on the emails explaining how to remove yourself from our mailing list if you change your mind in the future. If you choose to opt out, this will not remove you from receiving emails about breaches (if relevant).
Overseas disclosure
We may disclose personal information to overseas recipients in order to provide necessary legal services and for administrative or other business management purposes. Before disclosing any personal information, we take steps reasonable in the circumstances to ensure the overseas recipient complies with the APPs or is bound by a substantially similar privacy scheme, unless you consent to the overseas disclosure or it is otherwise required or permitted by law.
Data retention and deletion
We take reasonable steps to securely dispose of all information that is no longer needed for the reason that it was requested, or as required by law. Nest Legal will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
In the event that we are required by law to retain your personal information for a longer period, we will comply with such legal obligations. However, we will ensure that the retention of your personal information is limited to what is necessary and will take appropriate measures to protect the privacy and security of your personal information during the retention period.
Disclosure of personal information
Generally, Nest Legal will only disclose your personal information for the purpose of providing legal services. This disclosure is always on a confidential basis or otherwise in accordance with law. This may include disclosing your personal information to:
· Third party service providers for the purpose of enabling them to provide their services to us including IT service providers, data storage, web-hosting and server providers, marketing or advertising providers
· Third party service providers engaged to perform administrative or other business management services, such as our outsourced accounting team.
· Courts, tribunals or debt collectors in the event that you fail to pay for services we have provided to you;
· AI and Generative AI service providers
· The third party service providers listed below:
Smokeball - Legal Practice Management - Smokeball Privacy Policy
Microsoft 365 - Document & email management - Microsoft 365 Privacy Statement
Acuity - Online Booking Tool - Squarespace Privacy
Settify - Intake Form - Settify Privacy Policy
VXT - Telephony - VXT Privacy Policy
Zoom - Video conferencing - Zoom Privacy Statement
Google Cloud - Data storage - Google Privacy Statement
Formsite - Intake and Quotation Forms - Formsite Security Statement
If the above service providers change in the future, we will update this Privacy Policy. We encourage you to frequently review our Privacy Policy so you are aware of any changes. We also encourage you to review the privacy policies of these service providers at the links provided above.
Nest Legal may also disclose your personal information with your consent or if disclosure is required or authorised by law.
Controlling your privacy
Please read this Privacy Policy carefully. If you provide personal information to us, you understand that we collect, hold, use and disclose your personal information in accordance with this Privacy Policy.
You do not have to provide personal information to us, however if you do not, it may affect our ability to provide our services to you.
How you can access your personal information
Under the Privacy Act, you have a right to access and seek correction of your personal information that is collected and held by Nest Legal.
If at any time you would like to access or correct the personal information that Nest Legal holds about you, please contact our privacy officer:
Sara Laing sara@nestlegal.com.au
PO Box 563 Northcote VIC 3070
To obtain access to your personal information:
● you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
● you will need to be reasonably specific about the information you require; and
● Nest Legal may charge you a reasonable administration fee, which reflects the cost to us for providing access in accordance with your request.
If Nest Legal refuses your request to access or correct your personal information, we will provide you with written reasons for the refusal and details of complaint mechanisms.
Links to other websites
We may provide you with links to other websites. We do not have control over those websites and we are not responsible for the protection and privacy of any personal information which you provide whilst visiting those websites. Those websites are not governed by this Privacy Policy.
Complaints
Please direct all privacy complaints to our privacy officer. We will take any privacy complaints seriously and deal with them in a prompt and confidential manner.
You will be informed of the outcome of your complaint following completion of the investigation, which will take no more than 30 days.
In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.