Privacy Policy – Australia  

For Hamilton Locke New Zealand Privacy Policy – click here

October 2023

The HPX Group is a professional services provider, bringing together Hamilton Locke, Source and Helios to provide exceptional legal, governance, risk, compliance, information security and privacy services.

This Privacy Policy describes how all Australian companies in the HPX Group (we, us, our, HPX Group) handle personal information for the purposes of our obligations under the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs).

The Privacy Policy of Hamilton Locke and Source New Zealand is available here.

1. Definitions

In this Privacy Policy:

Personal information is defined in the Privacy Act to mean information or an opinion about an identified individual, or about an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

Sensitive information is a sub-set of Personal Information and is defined in the Privacy Act to mean information or an opinion about an individual’s racial or ethnic origin; political opinions, religious or philosophical beliefs or affiliations; memberships of trade union, trade or professional association; sexual orientation or practices; criminal record; health information, genetic or biometric information, or biometric templates.

Website means each of:

  1. https://www.hpxgroup.com.au/
  2. https://www.hamiltonlocke.com.au/
  3. https://www.sourceservices.com.au/
  4. https://heliosinfosec.com.au/


2. What kinds of Personal Information do we collect and hold?

We collect and hold a range of personal information in carrying out our business and functions. The kinds of Personal Information we collect and hold about you will depend on the nature of your relationship with us and the circumstances of a collection, including whether we collect the information from you as a client, service provider, supplier, job applicant or some other capacity.

2.1 Clients

If you are a client, a prospective client, or a representative of them, we may collect Personal Information about you or them related to the matter for which we have been engaged. This Personal Information may include:

  1. your name and contact details;
  2. job title, organisation or company name;
  3. identification documents such as your passport, driver’s licence, Medicare card or other official identification document;
  4. financial details, such as banking details, or credit/debit card information (if you provide them directly to us, however, typically your credit card information is processed by our payment service providers, and we do not have access to that information);
  5. communications between us and the history of, and your relationship with others involved in, the matter;
  6. information about your areas of interest, such as legal developments or events you are interested in hearing about from us; and
  7. other relevant Personal Information or Sensitive Information, depending on the nature of the matter or your engagement with us.

2.2 Suppliers and service providers

If you are a contractor, supplier or service provider to us (such as IT service providers and marketing firms) or on behalf of our clients (such as barristers, experts, valuers, accountants and tax advisers), we may collect Personal Information about you, or your employees and contractors, such as:

  1. your name and contact details;
  2. your job title, job history, organisation or company name;
  3. financial details such as your bank account to make payments to you;
  4. information about performance of the contract or other arrangement between us; and
  5. communications between us.

2.3 Matter parties

If you are another party in respect of one of our client’s matters, or if you represent such a party, we may collect Personal Information about you during the course of the matter. The type of this information will depend on the nature of the matter, but is likely to include:

  1. your name and possibly contact details;
  2. the history of, and your relationship with others involved in, the matter; and
  3. communications between us.

2.4 Job applicants

If you apply for a job with us, we may collect Personal Information directly from you when you complete an online job application or through an external party, such as a recruitment agency. The information collected may include:

  1. your name and contact details;
  2. your resume, covering letter and academic transcript;
  3. information provided on your application form or resume, including education level, tertiary institution, language skills, jurisdictions you are qualified to practice in (if applicable), employment history and any other background information relating to your right to work in Australia;
  4. information provided to us during an interview or assessment;
  5. references from past referees, including past employers; and
  6. skills and background checks, which may include a criminal history check.

If you are or become an employee, the handling of your personal information may be exempt from the APPs if it is directly related to your current or former employment relationship with us.

2.5 General collection

If you contact us through our website, or register to attend one of our seminars or other events, or subscribe to one of our publications, engage with us through social media or at an event, we will generally collect your name, contact details, and any other Personal Information you provide to us. We may also collect your health information (such as where you tell us your dietary preferences) and other Sensitive Information you provide to us, such as your religious beliefs or affiliations, or membership of a political, professional or trade association.

We will also collect Personal Information that you give to us in the course of our relationship. This information will depend on the nature of our relationship, but may include:

  1. information included in your requests for support;
  2. if you join our alumni program, your name and contact details, and your current employment; and
  3. calling line identification when you call us.

To the extent that it is relevant to the work we are undertaking for a client or a job applicant, we may also collect and hold personal information that is Sensitive Information. For example, we may collect health information about an individual, membership of a professional or trade association, membership of a trade union, religious beliefs or affiliations or criminal records.

3. Anonymity and use of pseudonyms

We provide tailored professional legal advice and related services. This means that, generally, you will have to identify yourself when dealing with us. However, there may be some circumstances, such as when you use our Website, that you may be able to deal with us anonymously or through a pseudonym. You do not have to provide us with your Personal Information, but this may mean we cannot provide our services or assistance to you.

4. How we collect Personal Information

In most circumstances, we will collect Personal Information about you directly from you, or if you are an employee, director or officer of a client or other organisation with whom we deal, from that organisation. There are some circumstances where it is unreasonable or impracticable for us to do so, and we will collect Personal Information from third parties, such as:

  1. associated businesses, government agencies, courts or tribunals, licensing bodies, local councils, referrers (such as other law firms, accountants, real estate agents, financial planners, insurers and business consultants);
  2. barristers, experts, and accountants we engage to provide services in respect of your matter;
  3. our client, or your legal representatives, where you are another party involved in a matter;
  4. service providers, including recruitment agencies;
  5. ratings and search agencies;
  6. referees and previous employers, when you provide references to us in the course of a job application;
  7. other third parties that you refer us to; and
  8. publicly available sources, such as social media and online searches.

Where you provide us with the personal information of an individual, you must make that individual aware that we are collecting their personal information and refer them to this Privacy Policy. You must only provide Sensitive Information about another individual where you have that individual’s consent to do so.

5. Purposes of collection, use, disclosure and holding personal information

We collect, hold, use and disclose Personal Information for the purpose for which it was collected and otherwise as permitted under the Privacy Act. This includes:

We collect, hold, use and disclose personal information for a range of purposes including:

  1. to supply our products and services;
  2. to conduct conflict checks, verifying identity, and undertaking other searches and checks (including for example to undertake PEXA checks, AFSL-related checks, criminal history checks and bankruptcy checks) for our regulatory purposes;
  3. to respond to your enquiry and communicate with you about your enquiry;
  4. to verify and process payments;
  5. for our administrative, insurance and risk management purposes, and internal record keeping;
  6. to provide you with support and deal with any complaints or feedback you have;
  7. to perform research and analysis and improve or develop our products or services;
  8. to manage our relationships with our clients, service providers, suppliers and contractors;
  9. to consider job applicants for current and future employment;
  10. for marketing, business development and direct marketing purposes, including to organise events; and
  11. carrying out our functions and activities as a professional legal service and compliance services provider.

We may use and disclose your personal information for other purposes required or authorised by or under law (including purposes for which you have provided your consent).

6. Disclosure of personal information to third parties

We may disclose your Personal Information to third parties for the purposes outlined above, in the course of carrying out our services or conducting our business. These third parties may include, where appropriate:

  1. our related companies within the HPX Group, and entities with which we have licensing or other partnership agreements or arrangements with (including Hamilton Locke (NZ) Limited);
  2. financial institutions for payment processing and fraud detection and management;
  3. credit reference agencies, so far as it relates to clients who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us;
  4. our contracted service providers, including our outsourced back-office service providers (for services such as IT support, word processing and billing assistance), marketing, promotional and market research agencies and external business advisers (such as auditors);
  5. in the case of a sale of our business (in whole or in part) to the purchaser (as an asset of the business); and
  6. if you are a job applicant, referees whose details you provide to us.

Our business works closely with other organisations, such as government departments and agencies, other law firms, barristers, accountants, real estate agents, financial planners, insurers, local business and industry networks, business and industry alliances, auditors and other consultants. We routinely disclose Personal Information to these third parties where it is reasonably necessary for them to assist us to provide our legal services to you, or to enable them to provide related service offerings that you have requested.

We may also disclose your personal information to other third parties and for other purposes where we are required or authorised by or under law to do so (including where you have provided your consent).

7. Direct marketing

We may use your personal information so we can contact you with information about our products and services, events, activities and legal developments and insights that may be of interest to you.

We may contact you by email, mail or telephone. You can let us know at any time if you no longer wish to receive these communications, by contacting us (using the contact details at the end of this policy) or using the opt-out/unsubscribe facility in our communications.

If you are a client or have otherwise expressed interest and provided us with your contact details, we may send emails to you with information about legal developments (such as publications, alerts and newsletters) and marketing our services (such as seminar invitations).

8. Websites

When you access our Websites, we may collect information from and about your device including:

  1. your Internet Protocol (IP) address;
  2. browser type;
  3. language preference;
  4. referring site;
  5. the date and time of each visitor request; and
  6. Website usage statistics, such as the pages viewed, and the length of time viewed.

We cannot identify you from this information. If collected, this information will be used and disclosed by us in anonymous, aggregated form only, for purposes including statistical analysis and website development.

We also use cookies on our Websites to display personalised content and store your preferences on your computer.

A cookie is a string of information stored on your device which is used to identify a unique visitor. We use cookies to help identify and track visitors, their usage of the Website, and their website access preferences.

You can choose if and how cookies will be accepted by configuring your preferences and options in your browser. However, if you decide not to display cookies you may not experience optimum performance of our Websites.

9. Overseas disclosure

Some of our service providers are located outside Australia. As a result, Personal Information collected and held by us may be transferred to recipients in other countries.  In particular, we may disclose Personal Information to our service providers located in India and The Philippines, so that they can provide us with services in connection with the operation of our business, such as financial administration and related services.

Where your matter is international in nature, we may need to disclose your Personal Information to third parties based overseas. The countries in which these overseas recipients may be located will depend upon the individual circumstances of your matter.

10. How we hold, store and protect Personal Information

We generally hold Personal Information in computer systems, including computer systems operated for us by our service providers. We do maintain some paper records which contain Personal Information. We take reasonable steps to protect Personal Information from misuse, interference, loss, and from unauthorised access, modification or disclosure. This includes taking appropriate security measures to protect access to our premises and physical files, and to electronic materials, and requiring our service providers to do so.

11. Requests for access and correction

You have a right to request access to your Personal Information we hold and request its correction if it is inaccurate, out of date, incomplete, irrelevant or misleading. You may do so by contacting our Privacy Officer at the details below.

We take reasonable steps to ensure that your Personal Information we hold is accurate, complete and up to date. However, we encourage you to tell us if your Personal Information changes or if you believe or suspect it may not be correct.

We will respond to all requests for access to or correction of your Personal Information within a reasonable period.

In most cases, we will comply with such requests. If, for whatever reason, we do not, we will give you written reasons why. We may charge an access fee to cover the cost of retrieving the information and supplying it to you. For further information, please contact us.

12. Complaints and concerns

Please contact us at the address below if you would like any further information, or have any concerns or complaints, about the manner in which we have collected or handled your personal information, or would like to complain about a breach of the APPs. We will respond to complaints within a reasonable period of time (usually 30 days).

If you are not satisfied with our response, you can contact us to discuss your concerns or lodge a complaint with the Office of the Australian Information Commissioner at oaic.gov.au, calling 1300 363 992 or emailing enquiries@oaic.gov.au.

13. Contact

If you would like more information about the way we manage personal information, would like to request access to or correction of personal information that we hold about you, or wish to make a complaint, please contact:

Privacy Officer

HPX Group

Australia Square

Level 42, 264 George Street

Sydney NSW 2000

P:  (02) 8072 8271

E:  privacy@hpxgroup.com.au

14. Changes to our privacy policy

From time to time, it may be necessary for us to review and revise our Privacy Policy. We may notify you about changes to this Privacy Policy by posting an updated version on our Website. We encourage you to check our Website from time to time to ensure you are familiar with our latest Privacy Policy.

This Policy was last updated in September 2023.