Updated: January 2024
1. Purpose and application
This notice sets out how LOD in Australia, Hong Kong, Singapore and the United Arab Emirates (LOD) handles the personal data of its current, past and prospective employees and independent contractors.
LOD is committed to protecting and safeguarding the privacy of all current, past and prospective LOD Professionals and LOD HQ staff in accordance with all applicable legislation. This includes the Privacy Act 1988 (Cth), the Hong Kong Personal Data (Privacy) Ordinance (Cap. 486), the Singapore Personal Data Protection Act 2012, DIFC Law No. 5 of 2020 on Data Protection Law, ADGM Data Protection Regulations 2021, Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data Protection and any amendments, regulations or guidelines enacted or issued under those laws from time to time by the relevant authorities (applicable privacy laws).
It applies to both LOD Professionals (as described below) and LOD HQ staff, as well as applicants for these positions.
An LOD Professional referred to in this privacy notice is a lawyer, consultant, paralegal or other professional engaged on a project or assignment through LOD, whether as an employee or an independent contractor.
3. Policy statement
3.1. Personal data
As used in this notice, personal data has the meaning set out in the applicable privacy laws in the country where you are based.
If you are an LOD Professional (whether currently engaged or in between assignments), a member of LOD HQ staff or going through the application process to join us, the personal data we may collect about you includes your:
a) Name or alias, gender, identity card number, passport number, date of birth, nationality, race, and country and city of birth;
b) Mailing address, telephone numbers, email address and other contact details;
c) CV, educational qualifications, professional qualifications and certifications and employment references;
d) Employment and training history;
e) Referee, next-of-kin, spouse, other family members and emergency contact details;
f) Diversity related data including in relation to ethnicity, disabilities, religion, sexual orientation and social background;
g) Time record details;
h) Photographs, videos and other audio-visual information;
i) Salary and benefit information and bank account details;
j) Leave records (including annual leave, sick leave and maternity/paternity leave);
k) Performance, conduct and disciplinary records; and
l) Any additional information provided to us by you during the recruitment process.
Whilst we don’t generally process personal data that is considered sensitive or special category under the applicable privacy laws, the following apply:
a) We do process data on racial, ethnic origin and on other diversity related data;
b) We may need to process data on work-related health issues and disabilities, and
c) For some types of assignments or clients we may need to undertake criminal records checks.
This processing is usually necessary for the purpose of carrying out our obligations and rights, such as in the context of your employment or engagement with us, or for diversity, inclusion and equality monitoring purposes.
3.2. Collection, use and disclosure of personal data
We generally collect and process personal data that you knowingly and voluntarily provide in the course of or in connection with your engagement or job application with us, or via a third party who has been duly authorised by you to disclose your personal data to us. We may also process personal data that we acquire from third party sources such as LinkedIn, credit reference check providers or clients.
Your personal data will be collected and used by us for the following purposes and we may disclose your personal data to third parties where necessary for the following purposes:
a) assessing and evaluating your suitability for engagement in any current or prospective position within LOD;
b) assessing and evaluating your suitability for secondments and assignments with our clients;
c) verifying your identity and the accuracy of your personal details and other information provided;
d) all administrative and human resources related matters within LOD, including applying for work passes and professional registrations, administering payroll, granting access to our premises and computer systems, processing leave applications, administering your insurance and other benefits, management and reporting purposes, processing your claims and expenses and investigating any acts or defaults (or suspected acts or defaults);
e) Diversity, inclusion and equality monitoring purposes;
f) managing and terminating our relationship with you, including monitoring your internet access and your use of our intranet and email to investigate potential contraventions of our internal or external compliance regulations, and resolving any related grievances;
g) performing obligations under or in connection with your contract with us, including payment of remuneration/fees and tax;
h) ensuring business continuity for LOD in the event that your engagement with us is or will be terminated;
i) performing obligations under or in connection with the provision of services to our clients;
j) facilitating any proposed or confirmed merger, acquisition or business asset transaction involving any part of the LOD Group, or corporate restructuring process; and
k) facilitating our compliance with any laws, customs and regulations which may be applicable to us.
We may also use your personal data to keep you updated of relevant news and industry updates, events and other information of ours that we think may be of interest to you. You can unsubscribe from these communications at any time.
The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
3.3. Lawful basis for processing
In order to process your personal data lawfully under the applicable privacy laws, we need to identify the lawful basis for processing. We rely on one or more of the following lawful bases for processing your personal data:
a) the processing is necessary in order to fulfil the contract we have with you, or to take specific steps before entering into a contract with you at your request;
b) the processing is necessary to comply with the law;
c) the processing is necessary for our legitimate interests or the legitimate interests of a third party (such as a client); and
d) in certain cases our lawful basis will be that you have given clear consent to the processing.
3.4. Your personal data rights
3.4.1. Withdrawing consent
The consent that you provide for the processing of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw your consent and request us to stop processing your personal data for any or all of the purposes listed above by submitting your request via email to firstname.lastname@example.org.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process and effect your request within 30 days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and extent of your request, we may not be in a position to process your job application (as the case may be). We shall, in such circumstances, notify you before completing the processing of your request (as outlined above). Should you decide to cancel your withdrawal of consent, please submit your request via email to email@example.com.
Please note that withdrawing consent does not affect our right to continue to process your personal data where such processing without consent is permitted or required under applicable privacy laws.
3.4.2. Access to and Correction of Personal Data
If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold, you may submit your request via email to firstname.lastname@example.org.
Please note that a reasonable fee may be charged for an access request, where permitted under applicable privacy laws. If so, we will inform you of the fee before processing your request.
We will respond to your access request as soon as reasonably possible. Should we not be able to respond to your access request within thirty (30) days after receiving your access request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any personal data or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the applicable privacy laws).
Please note that depending on the request that is being made, we will only need to provide you with access to the personal data contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of the personal data that we have on record, if the record of your personal data forms a negligible part of the document.
3.4.3. Additional Rights for People Based in the DIFC and ADGM
If you are based in the DIFC and ADGM, you have additional rights under the applicable privacy laws, namely a right of erasure and blocking of personal data, and a right to object to processing of personal data.
Additionally, if are based in the DIFC, you have a right to restrict or limit the processing of your personal data, a right to object to any decisions based solely on automated means which have legal or other seriously impactful consequences, and a right to request the transfer of your personal data to you or a third party in a structured, commonly used, machine-readable format.
If you wish to exercise any such rights, please submit your request via email to email@example.com.
3.5. Protection of personal data
We have appropriate security measures in place to protect personal data from being accidentally lost, used or accessed in an unauthorised way. In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
3.6. Accuracy of personal data
We generally rely on personal data provided by you. In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing us via email at firstname.lastname@example.org. Alternatively, you may correct any personal data you have submitted to us through our candidate portal yourself via that portal.
3.7. Retention of personal data
We may retain your personal data for as long as it is necessary to fulfil the purposes for which they were collected, or as required or permitted by applicable privacy laws, and it is our policy to retain certain personal data of unsuccessful applicants for a period we consider necessary for our business purposes, particularly as we receive a number of repeat applications. We also retain certain personal data of LOD Professionals when they cease to be engaged on, or available for, assignments through us, as this data may be required for general communication purposes, to enable us to suggest or process new assignments or in case of legal claims relating to past assignments. For former LOD employees, whether LOD Professionals or LOD HQ staff, data may be retained for residual employment-related activities, including for example provision of references, processing of applications for re- employment, matters relating to retirement benefits and allowing LOD to fulfil any of LOD’s contractual or statutory obligations.
We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purposes for which the personal data was collected, and is no longer necessary for legal or business purposes.
3.8. Transfers of personal data to data processors
We use a number of different service providers (acting as ‘data processors’ or ‘data intermediaries’) who provide services or cloud-based software to enable us to operate our business and the services we provide to our customers. Your personal data is transferred to (and stored by) these service providers (as our ‘data processors’), who generally fall under the following categories:
a) Website analytics
b) Website and data hosting
c) IT and system administration
d) Document storage
e) Email, contacts and calendar
f) CRM, accounting and billing
g) Other business service providers
These ‘data processors’ only process data on our behalf. They won’t use your personal data for their own purposes and we only permit them to use it in accordance with our instructions, our contract with them and the law.
Please contact us (see below) if you want further information on specific data processors or the types of personal data they process for us.
3.9. Other transfers of personal data
For LOD Professionals (including applicants), when we put you forward for assignments with our clients, we provide clients with your LOD profile which contains your personal data and, in some instances, the client may ask for proof of your right to work in the relevant country. Additionally, if you are offered an assignment, a client may require further checks to be undertaken, which may include checking your credit history, academic qualifications and if you have any criminal records. You will be asked to consent to these checks before they are carried out.
If you attend an event we have put on, we may need to share your name and any special dietary requirements with the event hosts or organiser and the names of attendees may be shared with speakers and other attendees.
LOD may from time to time transfer your personal data to the following classes of persons (within or outside the country where you are based):
a) any member of the LOD Group (as defined below);
b) clients of LOD;
c) the insurers and banks of LOD and/or any member of the LOD Group;
d) medical practitioners appointed by LOD;
e) administrator of any mandatory provident fund scheme;
f) outside parties involved in a merger, acquisition or due diligence exercise;
g) parties involved in a dispute, litigation, investigation, proceedings or enquiry;
h) companies, third party service providers and professional advisers LOD or a member of the LOD Group engages to perform functions for LOD;
i) applicable regulators, governmental bodies, tax authorities or other industry recognised bodies located inside or outside the country where you are based as required by any applicable privacy laws, rules and regulations, codes of practice or guidelines of any applicable jurisdiction or any governmental or regulatory authority in or outside the country where you are based; and
j) anyone you authorise.
“LOD Group” means the group comprising LOD and all of its subsidiaries, all of its holding companies and each other subsidiary of any of its holding companies, including Lawyers On Demand (Singapore) Pte Ltd.
Whenever we, or our data processors, need to transfer or store your personal data outside the country where you are based, we will ensure that an appropriate transfer safeguard mechanism is in place to protect your privacy rights and to ensure that your personal data continues to receive a standard of protection that is at least comparable to that under the applicable law. The countries to which international transfers may be made include Australia, the EEA, Hong Kong, Singapore, the UAE, the UK and the USA.
4. How to contact us
If you want to contact us about any of the points on this notice, or just generally about how we protect your privacy, please email us, as the data controller, at email@example.com.
5. Effect of this notice and changes to this notice
This notice applies in conjunction with any other policies, notices, contractual clauses and consent clauses that apply in relation to the processing of your personal data by us.
We may revise this privacy notice from time to time without any prior notice. You can request a copy at any time by emailing firstname.lastname@example.org.