We take privacy seriously

1. Introduction

Lakis & Knight Solicitors (“we”, “us”, “our”) takes the protection of your personal data very seriously. This privacy notice sets out how and why we use your personal data when you access our website, services and/or otherwise engage with us, as well as explaining certain legal rights that you have under the applicable data protection laws.

If you have any questions or comments about this privacy notice, please contact us using the contact details in section 10 “Contacting Us?”. Please also note that we may change this privacy notice from time to time by updating this page. This privacy notice does not apply to any third-party websites, plug-ins or applications to which you may be directed from our website. Clicking on those links or enabling those connections may allow third parties to collect or share data about you and so we encourage you to read their privacy policies/notices as well. We do not accept any responsibility or liability for the privacy practices of third parties and your use of them is at your own risk.

2. What personal data do we collect about you and for what purposes?

A. Contact Information

This includes personal data such as your name, title, position, the company you work for, your postal address, email address and phone number. We may also ask about your relationship to another person, for example to establish any conflict of interest that might exist. We require the above information in order to engage with you for business purposes.

B. Identification and Verification

We may ask for official photographic documents to verify your identity, as well as other information relating to your background such as any directorships/financial interests you have. We may also find information about you from other sources, such as from tax authorities and/or from publicly available registers/websites where you have voluntarily made your personal data available (e.g. LinkedIn). We require this information as part of our business acceptance processes and to comply with our legal obligations to prevent against money laundering, terrorism and fraud.

C. Payment details

Where we enter into a contract for our legal services directly with you rather than the corporate entity you work for/are associated with, we will need to collect and use your payment information, including your credit/debit card details. This type of personal data is processed strictly in accordance with relevant payment card industry standards.

D. Meetings/events

We may collect basic contact information from you when you attend a meeting or event hosted at our offices. We use this information to identify you for building security and safety reasons.

E. Automated interactions

If you interact with our website, we may automatically collect personal data from your device by using cookies and other similar technologies. Processing such information is necessary for us to pursue our legitimate interests in improving our website and better servicing our clients. This information is not used to develop a personal profile of you.

F. Indirect collection of personal data

Sometimes we may have access to and use personal data of individuals with whom we do not have any direct contact. For example, if we are providing advice to a client relating to the acquisition of another company, we may use personal data about the seller’s employees. In circumstances such as these, it may not be appropriate for us to provide the individuals concerned with a privacy notice that sets out how we use their personal data as doing so may breach client confidentiality. Nevertheless, we manage such personal data in accordance with applicable data protection laws.

3. On what legal basis do we use your personal data?

In general, we need your personal data because it is necessary in our legitimate interests to provide our services to or otherwise engage with you and to develop our business, but only in circumstances where these interests are not outweighed by the need to protect your privacy.

Alternatively, it may be necessary for us to collect and use personal data to perform a contract with you or your organisation. For example, your instruction to us may contain personal data of staff, customers and/or other third parties. Without this information, we cannot enter into the contract.

Otherwise, it may be the case that we rely on the ‘legal obligations’ basis, i.e. it is necessary for us to collect certain personal data to comply with the law. For example, in order to comply with anti-money laundering laws, we need to obtain the identity of relevant individuals and conduct certain background checks on them when we onboard new clients.

4. Who do we share your personal data with?

We may share information that you have provided to us as necessary with certain third parties such as service providers acting on our behalf who will use the data to provide the service. These may include insurers, IT service providers, barristers, accountants and tax advisers. We will ensure that any third-party service provider that we use commits to an appropriate level of security and confidentiality to protect your personal data.

5. How do we keep your personal data secure?

Any personal data that we hold about you is kept securely in accordance with our policies and procedures. These include appropriate physical and technological security measures, such as access controls, regular penetration testing of our systems and careful selection of staff and third-party service providers.

6. How long will we keep your personal data?

Your personal data will be retained in line with legal and regulatory retention requirements. At the end of any retention period, your personal data will either be securely deleted in its entirety or anonymised so that you can no longer be identified from that data. We aggregate such anonymised data for statistical analysis and business planning.

7. What are your rights over your personal data?

You may have various legal rights in relation to your personal data, as set out in this section. Such rights may allow you to ask us to:

• provide a copy of your personal data (subject to the privacy rights of other people and the information already provided to you in applicable privacy notices);
• correct any inaccuracies in your personal data by informing us to make the necessary changes;
• modify or withdraw your consent for the collection, use and disclosure of your personal data (see section 3 “On what legal basis do we use your personal data?” above);
• delete your personal data where there is no lawful justification for us to retain it;
• put the processing of your data on hold while, or until such time as:
  • we verify any inaccuracies in your personal data that you notify us of; or
  • we respond to a claim by you that our legitimate interests in processing your personal data are outweighed by your interests in the data not being processed; and
• transfer your personal data to you or another organisation in a commonly used electronic format (known as the right to data portability).

You also may have the right to object to the processing of your personal information, including in the event that we use it for profiling purposes, where we do this:

• for the purposes of its legitimate interests or those of a third party; or
• on the basis that it is acting in the public interest; or
• for direct marketing purposes.

If you lodge an objection on the last of these three grounds we will stop processing your personal data. In the other two cases, we will stop processing the relevant data unless we identify compelling legitimate grounds for the processing which override your rights and interests or else we need to process the data in connection with a legal claim.

You may exercise or enquire about the above rights by contacting us (see “How can you contact us?” below).

8. How can you contact us?

If you have any concerns, requests related to, among others, the exercise of your rights, complaints or questions that haven’t been covered, please contact us by emailing info@lakisknight.com.au  

9. Complaints

You may have a right to make a complaint to the relevant data protection authority (“DPA”) at any time. We would appreciate the opportunity to understand your concerns in the first instance before your contact the DPA, because we may be able to quickly resolve your complaint directly with you. The DPA for Australia is the Office of the Australian Information Commissioner (OAIC).

10. Changes to this privacy notice

This privacy notice was last updated in December 2021. We may change this privacy notice from time to time by updating this page.