Privacy Policy

Your privacy is important to us. We are committed to taking all reasonable steps to protect your personal information and be clear and open about what we do with your information.

About us

Gallande Pty Limited (ACN 139 775 867) as trustee for the ERA Legal Unit Trust (ABN 78 639 912 045) t/as ERA Legal (“ERA”) is a law firm practising in Australia.

In this policy, “we”, “us” or “our” means ERA.

Your Privacy

Your privacy is important to us. We are committed to taking all reasonable steps to, protect your personal information and, be clear and open about what we do with your information. 

This policy explains how we collect, handle and use your personal information, and your rights in relation to that information.

ERA is subject to the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (the Privacy Act).  ERA is also bound by professional obligations of confidentiality and legal professional privilege where applicable.

Scope of Privacy Policy

This Privacy Policy applies when you (either directly, via your representative or a third party) access our website, services and / or otherwise engage with us, including in the following circumstances:

  • When you or your representative contacts and corresponds with us
  • When you are a subscriber, or a party being represented, in an electronic lodgement network (ELN), such as PEXA (PEXA)
  • When you or the organisation you work for engages our legal and other services
  • As a result of your relationship with one or more of our clients, including when you or the organisation you work for are a counterparty or customer of our client or prospective counterparty or customer of our client
  • When you use our website or services, including when you complete online application forms and visit our mobile apps
  • When you apply for a position of employment with us / when you are employed by us
  • When you attend our seminars or other hosted events
  • When you are entered onto our mailing lists to receive publications and other marketing emails

Your use of our online services or your provision of information to us (either directly or via a third party or your representative) constitutes your acknowledgment of the terms of this Privacy Policy.

 

What is personal information?

Generally, personal information is information which may be used to reasonably identify you.

For example, your name, address, date of birth, gender, email address and telephone number is considered to be personal information. Personal information may also include information we collect about your individual affairs, preferences and circumstances.

What information do we collect?

The kinds of personal information we collect from you and the reasons for using it will depend on the nature of your relationship with us or our client, but may include:

  • Contact information – such as your address (postal and residential), email address and telephone numbers(s)
  • Information about your identity – name, occupation, date of birth, gender, marital status
  • Information to identify you and the transaction in which you are involved in, in accordance with, and for the purposes of, compliance with:
    • the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth.) and associated rules and regulations (AML/CTF Legislation), including Know Your Customer information
    • the Electronic Conveyancing National Law and associated Model Operating Requirements prescribed by the Australian Registrars National E-Conveyancing Council (ARNECC) – known as e-conveyancing laws
    • any rules or regulations prescribed by any land registry, revenue office, government authority and other legislation in which is relevant to you and the transaction

This will include collection of your identity documents (i.e. driver licence, passport, Medicare card, birth certificate, visa documents etc).

  • Biometric information – a photo of yourself
  • Information about properties in which you have an interest in – including land title details
  • Information about your business, assets, liabilities, and affairs
  • Individual preferences in respect of the services we provide you
  • Financial and transaction information, including credit and tax information
  • Recruitment / Employment – your work history, education and other qualifications, character and eligibility to work, employee benefits and salary, leave records, health information, banking details, superannuation and tax, emergency contacts, training, employment performance, conduct and use of our IT and communications resources. See below “Recruitment /Employment” for further details
  • Payment details – Paypal, credit card, banking details and direct debit details for your bank account
  • When you visit our websites, our mobile apps or websites and apps of third parties in which provide services to us – your IP address, location information, any third party sites you access, including the date, time, duration and pages you have accessed

How we collect information

We will collect personal information about you:

  • Directly from you (in-person, via phone, email, questionnaire etc)
  • From your representative
  • From PEXA
  • From identity documents provided (for example Drivers Licences, Passports, Medicare Cards, Citizen Certificates etc)
  • From our clients or their counterparties, customers or authorised representatives
  • From organisations that you own shares in, have an interest in, are an officer of, or work with or for
  • From third parties – including any land registry, revenue office, regulatory authorities, financial institution, other ELN operators, electronic databases, government agencies, service providers, verification of identity platforms, Document Verification Service, agents, brokers, Google Analytics
  • From other public sources – including for example social media, LinkedIn and similar professional networks, public registers, directories or internet publications
  • When you apply to work with us – recruitment consultants, your previous employers, third party providers for pre-employment screening checks including national criminal checks, your referees and other sources of relevant information, such as educational institutions, professional and trade associates and other publicly available sources

Why we collect personal information

The purposes for which we collect, use and hold your information may include:

  • Contacting you (including via electronic messaging, by mail or by phone)
  • Providing you with services or information
  • Undertaking conflict searches
  • Corresponding with your representative
  • Acting for a client / our client providing you with a service
  • Processing transactions, including conveyancing transactions
  • Verifying your identity
  • Know Your Customer checks in accordance with the AML/CTF Legislation
  • To use PEXA and participate in electronic workspaces for conveyancing transactions
  • Minimising risks and identifying or investigating fraud and other illegal activities
  • Complying with our and our clients’ legal and regulatory requirements
  • Complying with audits imposed by government and law enforcement agencies or regulators or other third parties
  • Managing our relationship with you, evaluating our business performance and building our customer database
  • Managing our business
  • Managing visits made to our website, including analysing data collected from our website concerning site visits and activities of users
  • Direct marketing (see below)
  • In respect of recruitment, to assist us to decide whether to make an offer to you to work with us (pre-employment screening)
  • In respect of employment, to onboard and train you, to meet our legal obligations and the operational requirements of ERA

We may also use your personal information for other purposes not listed above but this will be made clear to you at the time we collect your personal information. 

 

How we may use and disclose personal information

ERA may use or disclose your personal information for:

 

  1. the primary purpose for which it was collected

 

  1. a related secondary purpose, if the use or disclosure could be reasonably expected by you and the secondary purpose is related to the primary purpose of collection (or directly related where the information is sensitive);

 

  1. as otherwise authorised or required by law; or

 

  1. with your consent.

We may share your information and disclose information collected from you to our related entities, advisors, consultants, insurers, employees, agents, contractors, and third parties. These third parties can include:

  • Where you are not our client – our client, related entities or assignees or substitutes of our client
  • Land registries and revenue offices
  • ELN operators such as PEXA and other participants in a PEXA workspace
  • Service providers we use in conducting our business – including document signing platforms (such as DocuSign), search and certificate providers (such as InfoTrack and Dye & Durham), service providers for verification of identity, banks, debt recovery firms, external photocopying providers, document production, legal outsourcing providers, data storage services and IT support, payroll services, remote and outsourced staffing solutions
  • Service providers for pre-employment screening checks such as Australian National Character Check
  • Government, private and law enforcement agencies or regulators including without limitation ARNECC, AUSTRAC, ASIC, Australian Taxation Office, law society
  • Credit reporting bodies and credit providers
  • Gateway service providers to access Document Verification Service (see below)
  • Organisations that help identify illegal activities and prevent fraud
  • Any industry body, tribunal, court or otherwise in connection with any complaint made by you about us
  • Other entities or third parties with your consent or as permitted or required by law or court/tribunal order

Sometimes, we (or the third parties) may disclose and send your information to a recipient outside Australia, including to:

  • Service providers or third parties who store data or operate outside Australia
  • Complete a transaction
  • Comply with law

The countries in which the information may be disclosed or in which the third parties are located will depend on the circumstances. However, in the course of our ordinary business operations, save for where otherwise prohibited by law or agreement, we commonly disclose personal information to third parties located in the following countries:

  • Philippines
  • New Zealand
  • Ireland
  • United States of America
  • the United Kingdom
  • India

The third parties will collect, store and share information about you and so you should read the privacy policies of the third parties.

 

We specifically disclose that your information may be disclosed by PEXA to a recipient outside Australia. Neither ERA nor PEXA will be liable for a breach of the Privacy Act by the overseas recipient of the personal information. We refer you to PEXA’s Privacy Policy, or such other web address as determined by PEXA from time to time.

 

We will not sell, trade or rent your personal information to any third parties for marketing purposes without your consent.

 

Verification of Identity / Document Verification Service

We may need to verify your identity for one or more of the purposes for which we collected your personal information – see under the heading “Why we collect personal information” – for example for our own, or our client’s, legal and regulatory requirements or otherwise for us or our client to provide you with a service or process a transaction.

In order to verify your identity we may use, on our own behalf or on behalf of our clients’, the Document Verification Service (DVS) accessed via a third party approved gateway service provider.

 

The DVS is a national online system that allows organisations to take information from an identity document presented by an individual and compare it against the original record of the document held by the government agency that issued the document.

 

If identity documents are provided by you for the purpose of verifying your identity, with your express consent:

  • your personal details and information (recorded on your identity documents) will be subject to an electronic match request to a government record on the DVS. This means that your information will be checked with the document issuer or official record holder (i.e. Registries of Births, Deaths and Marriages in Australian States and Territories, Home Affairs and Austroads Ltd) via third party systems who can access the DVS.

The DVS will return a match result for the identification information submitted – the result may be that the identification information either matches or does not match the official record data, or that there has been a system error encountered in trying to process the request.

  • our access to and use of the DVS will involve use of third party systems and services; and
  • as relevant, that information provided to or by you in or from Australia will be transmitted to New Zealand or vice versa.

If you decline to consent to the use of the DVS, generally we and our client will be unable to provide you with the services in which you have sought.

If the DVS or information from the DVS is not available, there may be alternative methods of identity verification available if the circumstances permit it – such as an in-person verification of identity in accordance with the Verification of Identity Standard published by ARNECC. We will provide direction to you on the alternative methods at the relevant time or upon request.  

We will only use or disclose government related identifiers and DVS match results if it is reasonably necessary for us to verify your identity for the purposes of our, or our clients’, functions or activities.

Notwithstanding anything in this Privacy Policy, we will not use or disclose any information obtained for the purposes of using the DVS, for the purpose of any of the following:

  • engaging in activities that would allow us to create a data profile of you
  • offering to supply goods or services
  • advertising or promoting goods or services
  • enabling another person or entity to offer to supply goods or services
  • enabling another person or entity to advertise or promote goods or services
  • market research

The Attorney-General’s Department (Department) administers the DVS. For further information about the handing of personal information in the DVS by the Department, see the ‘Privacy Statement – Identity Verification Services’ available at the hyperlink or via such other web address the Department determines from time to time.

 

You should also read the Department’s Privacy Policy available at the hyperlink, or such other web address the Department determines from time to time.

 

Recruitment / Employment

We will collect, store and in certain circumstances disclose personal information about you before and during your employment with us and after your employment with us comes to an end.

Where you make an application to work with us, your application will constitute your express consent to our collection and use of your personal information as set out in this Privacy Policy and / or any other separate privacy collection notice issued in connection with your application or employment.

The Fair Work Act 2009 (Cth.) requires ERA to collect (and store for seven years after your employment comes to an end) accurate and complete employee records including general records, pay records, hours of work, leave and superannuation contributions.

It may be necessary for us as a condition of your employment to undertake, or direct you to undertake, certain background and probity checks (such as national criminal history check (previously known as a police check), background, directorship (ASIC banned and disqualified check), insolvency/financial probity, identity, eligibility to work, licence and qualification checks).

ERA has engaged Australian National Character Check (ANCC) as our independent third party provider for national criminal checks. The Australian Criminal Intelligence Commission (ACIC) administers access to nationally coordinated criminal history checks under the Australian Crime Commission Act 2002 (Cth.). ANCC is an accredited body and has an agreement with the ACIC to access national police checking services.

ERA will use other third party service providers and government databases to conduct other pre-screening employment checks as disclosed in this Privacy Policy. We will also conduct social media checks. These checks involve searches of publicly accessible social media profiles.

If you are an employee of ERA we may need to conduct regular checks and verify your identity throughout the course of your employment for you to fulfil your role and meet the operational requirements of the firm.

Whilst ERA are subject to the APPs set out in the Privacy Act, the handing of certain employee records in relation to current and former employment relationships is exempt from the APPs.

 

Keeping your information safe

 

We store information in physical and electronic / digital form.

 

We will take such reasonable steps as are reasonable in the circumstances to protect personal information from misuse, interference, and loss and from unauthorised access, modification or disclosure.

 

Such steps include: 

  • Using software which encrypts information you input
  • Using firewalls, intrusion detection and virus scanning tools to stop viruses and unauthorised people accessing our systems
  • Securing our physical premises and digital storage media
  • Placing password protection and access control over our information technology systems and databases to limit access and protect electronic information from unauthorised interference, access, modification and disclosure
  • Taking regular back-ups of our electronic systems

The providing of information via the internet is not completely secure. We cannot guarantee the security of your data provided online. You need to be vigilant about the protection of your own personal information when using the internet.

 

How we use personal information for direct marketing

We may contact you from time to time to inform you about existing and new services that we feel you may be interested in.

 

We will ensure that any e-mail that you are sent by us as direct marketing complies with the SPAM Act 2003 (Cth.) and contains an ‘unsubscribe’ option so that you can remove yourself from any further marketing communications.

 

You can also call or write to us to request that your details be removed from our direct marketing list. We will endeavour to remove your details from our direct marketing list within a reasonable time. 

 

Cookies and Analytics

We use a cookie system on our website. Cookies are small files of information that save and retrieve information about your visit to our website. If you do not wish to grant us the right to use cookies to gather information about you while you are using our website, then you may elect to set your browser settings to disable cookies.  This may cause parts of our website to not function properly.

 

We may use statistical analytics software tools such as Google Analytics and software known as cookies which transmit data to third party servers located overseas including in the United States of America. 

Not identifying yourself

Under the Privacy Act, individuals have the option of not identifying themselves, or of using a pseudonym. Because of the nature of our business, it is impracticable to deal with people on an anonymous basis or using a pseudonym.

 

We may be able to provide you with limited information in the absence of you identifying yourself but generally we (and usually our clients) will be unable to provide you with services or information unless you have identified yourself. 

External websites

Our site contains links to external and third party websites.  The terms of this Privacy Policy do not apply to externally linked websites, plug-ins or applications to which you may be directed from our website save for where otherwise specified.

Clicking on links may allow third parties to collect or share data about you and so you should read the privacy policies on the other websites you visit.

ERA makes no representation or warranty as to how third party websites may handle, collect or disclose your personal information and ERA do not accept any responsibility or liability for the privacy practises of such third parties.

Updating your personal information

ERA makes all efforts to ensure that your personal information is complete, current and accurate. You have a right to request a correction or update of your personal information held by us. If you wish to correct or update any personal information we may hold about you, please contact us as set out below.

Access to personal information

You are entitled to access any personal information we have collected which is about you. If you wish to access any personal information we may hold about you, please contact us as set out below.

We may charge for providing access to your personal information.

Complaint process / Contact us

If you have any enquiries about this Privacy Policy, or want to submit a written complaint to us about how we handle your personal information or any information collected for the purposes of the DVS, please contact us at:

Attention: Privacy Officer

ERA Legal
Level 15, 45 Clarence Street
Sydney, NSW 2000

Telephone: (02) 9324 5300          

Email: privacy@eralegal.com.au  

 

We take any privacy complaint seriously. We will aim to resolve any such complaint in a timely and efficient manner. We will:

  • Keep a record of your complaint; and
  • Aim to provide you with a response in 30 days.

If you are not satisfied with our handling of a complaint or the outcome of a complaint you may make a complaint or refer the matter to Office of the Australian Information Commissioner (OAIC). 

Notifiable Data Breaches Scheme

The Privacy Act includes a Notifiable Data Breaches Scheme which requires us to notify you of certain data breaches and recommend steps you can take to limit the impacts of a breach.

In the event of any loss, unauthorised access or disclosure of your personal information that is likely to result in serious harm to you and in which we are unable to prevent the likely risk of serious harm with remedial action, ERA are obliged to investigate and notify you and OAIC as soon as practicable, in accordance with the Privacy Act.

If you believe that any personal information we hold about you has been impacted by a data breach, we invite you to contact us as soon as possible. 

Updating our Privacy Policy

ERA may change this policy from time to time.  The most up to date version of our Privacy Policy is contained on our website.