Updated: April 2020
1 PURPOSE & APPLICATION
1.1 This notice sets out how LOD in Australia, Hong Kong, Singapore and the United Arab Emirates (LOD) handles the personal data of its current, past and prospective employees and independent contractors. It applies to both LOD Professionals (as described below) and LOD HQ staff, as well as applicants for these positions.
1.2 An LOD Professional referred to in this privacy notice is a lawyer, consultant, paralegal or other professional engaged on a project or assignment through LOD, whether as an employee or an independent contractor.
1.3 LOD is committed to protecting and safeguarding the privacy of all current, past and prospective LOD Professionals and LOD HQ staff in accordance with all applicable legislation. This includes the Privacy Act 1988 (Cth), the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), the Singapore Personal Data Protection Act 2012, DIFC Law No. 1 of 2007 on Data Protection Law, ADGM Data Protection Regulations 2015, and any amendments, regulations or guidelines enacted or issued under those laws from time to time by the relevant authorities (applicable privacy laws).
2 PERSONAL DATA
2.1 As used in this notice, personal data has the meaning set out in the applicable privacy laws in the country where you are based.
2.2 If you are an LOD Professional (whether currently engaged or in between assignments), a member of LOD HQ staff or going through the application process to join us, the personal data we may collect includes your:
(a) Name or alias, gender, identity card number, passport number, date of birth, nationality, race, and country and city of birth;
(b) Mailing address, telephone numbers, email address and other contact details;
(c) CV, educational qualifications, professional qualifications and certifications and employment references;
(d) Employment and training history;
(e) Referee, next-of-kin, spouse, other family members and emergency contact details;
(f) Time record details;
(g) Photographs, videos and other audio-visual information;
(h) Salary and benefit information and bank account details;
(i) Leave records (including annual leave, sick leave and maternity/paternity leave);
(j) Performance, conduct and disciplinary records; and
(k) Any additional information provided to us by you during the recruitment process.
2.3 Whilst we don’t generally process personal data that is considered sensitive under the applicable privacy laws, the following may apply:
(a) We may need to process data on work-related health issues and disabilities, and
(b) For some types of assignment or client we may need to undertake criminal records checks.
3 COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
3.1 We generally collect and process personal data:
(a) that you knowingly and voluntarily provide in the course of or in connection with your engagement or job application with us;
(b) that is necessary for the performance of a contract to which you are a party or in order to take all necessary steps at your request prior to entering into a contract to which you are a party;
(c) via a third party who has been duly authorised by you to disclose your personal data to us, after you have been notified of the purposes for which the data is collected, and you have provided written consent to the collection and use of your personal data for those purposes; or
(d) with your consent and for a purpose notified to you (except where collection or use of personal data without consent is permitted or authorised by applicable privacy laws).
You acknowledge and agree that we may collect and process personal data that we acquire from third party sources such as LinkedIn, credit reference check providers or clients for the purpose of your engagement or job application with us.
3.2 Your personal data will be collected and used by us for the following purposes and we may disclose your personal data to third parties where necessary for the following purposes:
(a) performing obligations under or in connection with your contract with us, including payment of remuneration/fees and tax;
(b) verifying your identity and the accuracy of your personal details and other information provided;
(c) all administrative and human resources related matters within LOD, including applying for work passes and professional registrations, administering payroll, granting access to our premises and computer systems, processing leave applications, administering your insurance and other benefits, management and reporting purposes, processing your claims and expenses and investigating any acts or defaults (or suspected acts or defaults);
(d) managing and terminating our relationship with you, including monitoring your internet access and your use of our intranet and email to investigate potential contraventions of our internal or external compliance regulations, and resolving any related grievances;
(e) assessing and evaluating your suitability for secondments and assignments with our clients;
(f) assessing and evaluating your suitability for engagement in any current or prospective position within LOD;
(g) ensuring business continuity for LOD in the event that your engagement with us is or will be terminated;
(h) performing obligations under or in connection with the provision of services to our clients;
(i) facilitating any proposed or confirmed merger, acquisition or business asset transaction involving any part of the LOD Group, or corporate restructuring process; and
(j) facilitating our compliance with any laws, customs and regulations which may be applicable to us.
3.3 We may also use your personal data to keep you updated of relevant news and industry updates, events and other information of ours that we think may be of interest to you. You can unsubscribe from these communications at any time.
3.4 The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
4 YOUR PERSONAL DATA RIGHTS
4.1 The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. If you are an LOD Professional and have not undertaken any secondments with us, you may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request via email to email@example.com.
4.2 Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within 30 days of receiving it.
4.3 Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to process your job application (as the case may be). We shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, please submit your request via email to firstname.lastname@example.org.
4.4 Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclosure without consent is permitted or required under applicable privacy laws.
Access to and Correction of Personal Data
4.5 If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold, you may submit your request via email to email@example.com.
4.6 Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.
4.7 We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the applicable privacy laws).
4.8 Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that we have on record, if the record of your personal data forms a negligible part of the document.
Additional Rights for People Based in the DIFC and ADGM
4.9 LOD Professionals and LOD HQ staff based in the DIFC and ADGM have additional rights under the applicable privacy laws, namely a right of erasure and blocking of personal data, and a right to object to processing of personal data. If you wish to exercise any such rights, please submit your request via email to firstname.lastname@example.org.
5 PROTECTION OF PERSONAL DATA
5.1 We have appropriate security measures in place to protect personal data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
5.2 You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
5.3 We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
6 ACCURACY OF PERSONAL DATA
We generally rely on personal data provided by you. In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing us via email at email@example.com.
7 RETENTION OF PERSONAL DATA
7.1 We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable privacy laws, and it is our policy to retain certain personal data of LOD Professionals when they cease to be engaged on, or available for, assignments through us. This data may be required for general communication purposes, to enable us to suggest or process new assignments or in case of legal claims relating to past assignments. For former LOD employees, whether LOD Professionals or LOD HQ staff, data may be retained for residual employment-related activities, including for example provision of references, processing of applications for reemployment, matters relating to retirement benefits and allowing LOD to fulfil any of LOD’s contractual or statutory obligations.
7.2 We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data were collected, and are no longer necessary for legal or business purposes.
8 TRANSFERS OF PERSONAL DATA TO DATA PROCESSORS
8.1 We use a number of different service providers (acting as ‘data processors’ or ‘data intermediaries’) who provide services or cloud-based software to enable us to operate our business and the services we provide to our customers. Your personal data is transferred to (and stored by) these service providers (as our ‘data processors’), who generally fall under the following categories:
(a) Website analytics
(b) Website and data hosting
(c) IT and system administration
(d) Document storage
(e) Email, contacts and calendar
(f) CRM, accounting and billing
8.2 These ‘data processors’ only process data on our behalf. They won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law.
8.3 Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.
9 OTHER TRANSFERS OF PERSONAL DATA
9.1 For LOD Professionals, when we put you forward for secondments with our clients, we provide clients with your LOD profile which contains your personal data and, in some instances, the client may ask for proof of your right to work in the relevant country. Additionally, if you are offered a secondment a client may require further checks to be undertaken, which may include checking your credit history, academic qualifications and if you have any criminal records. You will be asked to consent to these checks before they are carried out.
9.2 If you attend an event we have put on, we may need to share your name and any special dietary requirements with the event hosts or organiser and the names of attendees may be shared with speakers and other attendees.
9.3 LOD may from time to time transfer your personal data to the following classes of persons (within or outside the country where you are based):
(a) any member of the LOD Group (as defined below);
(b) clients of LOD;
(c) the insurers and banks of LOD and/or any member of the LOD Group;
(d) medical practitioners appointed by LOD;
(e) administrator of any mandatory provident fund scheme;
(f) outside parties involved in a merger, acquisition or due diligence exercise;
(g) parties involved in a dispute, litigation, investigation, proceedings or enquiry;
(h) companies, third party service providers and professional advisers LOD or a member of the LOD Group engages to perform functions for LOD;
(i) applicable regulators, governmental bodies, tax authorities or other industry recognised bodies located inside or outside the country where you are based as required by any applicable privacy laws, rules and regulations, codes of practice or guidelines of any applicable jurisdiction or any governmental or regulatory authority in or outside the country where you are based; and
(j) anyone you authorise.
“LOD Group” means the group comprising LOD and all of its subsidiaries, all of its holding companies and each other subsidiary of any of its holding companies, including Lawyers On Demand (Singapore) Pte Ltd.
We will take steps to ensure that your personal data continues to receive a standard of protection that is at least comparable to that under the applicable law.
10 HOW TO CONTACT US
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us, as the data controller, at firstname.lastname@example.org.
11 EFFECT OF THIS NOTICE AND CHANGES TO THIS NOTICE
11.1 This notice applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us.
11.2 We may revise this privacy notice from time to time without any prior notice. If we make any significant changes we will endeavour to notify you by email. You can request a copy at any time by emailing email@example.com.