Privacy Policy

Lawfully Australia Pty Ltd (ACN 656 083 340) trading as Lawlux (Lawlux) takes your privacy seriously and is committed to respecting it.  

This Privacy Policy sets out how we generally collect, store, use and disclose your personal information.

In this Privacy Policy, ‘us’ ‘we’ or ‘our’ means Lawlux. 

By providing personal information to us, you consent to our collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. 

Types of information

• Personal information is defined in the Privacy Act 1988 (Cth) (Privacy Act) to mean any information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not or recorded in material form or not.  Examples include the name, signature, address, telephone number, date of birth, medical records, bank account details, credit card information, employment details and commentary or opinion about a person.

• Sensitive information is a subset of personal information and is defined in the Privacy Act to mean health information, genetic information, biometric information, biometric  templates, and any information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, or criminal record.

What personal information do we collect?

Lawlux collects and stores a range of personal information in connection with it performing its business as a law firm, software developer and software vendor. 

The kind of personal information that Lawlux collects and holds about you depends upon the nature of your relationship with us and the information that provide to us.

Depending on the nature of our relationship, we may collect the following types of personal information:

• Name, job title, and contact details (including email address, phone number, and address).
• Age or date of birth.
• Financial and credit card information.
• Information to verify your identity (including driver license number, passport number and photo identification).
• Dietary requirements.
• Educational details, academic and other transcripts, employment history, skills and background checks, referee details, references from past employers, interview and assessment details.
• Your device ID, device type, geo-location information, browsing behavior, advertising data, acquisition sources, computer and connection information, statistics on page views, traffic to and from the Digital Services, ad data, IP address and standard web log information.
• Details of the products and services we have provided to you or that you have enquired about, including any additional information necessary to deliver those products and services and respond to your enquiries.
• Any additional information relating to you and clients that you provide to us directly (including through our website, via email and during meetings with us) or indirectly through your use of the Digital Services, your online presence or through other websites or accounts from which you permit us to collect information.
• Information you provide to us through customer surveys, feedback processes and questionnaires.
• Any other personal information that may be required in order to facilitate your dealings with us.

Lawlux may also collect and hold sensitive information in relation to clients (including their directors, employees, contractors and service providers), other parties to a dispute, other persons, employment candidates and employees including pre-existing illnesses or disabilities, criminal records details, vaccine information, membership of a professional or trade association, membership of a trade union, religious beliefs or affiliations, or criminal records.

This Privacy Policy does not apply to acts and practices in relation to employee records of our current and former employees, which are exempt from the Privacy Act.

How do we collect personal information?

We usually collect the above types of personal information from you directly or from your use of the Digital Services.  However, we sometimes also collect your personal information from third parties.  

We may collect personal information if you engage in the following conduct:

• Access or use the Digital Services, including if you:
  • use Lixo AI to obtain legal advice or documentation,
  • use Lixo AI to ask questions and seek legal information (although you agree not to provide personal information to Lixo AI when asking questions under the Terms of Use),  or
  • onboard as a client of Lawlux.
• Communicate with us via email, correspondence, chats, email, or when you share information with us from other social applications, services or websites.
• Register for an event or webinar.
• Meet with us.
• Apply for a job or position with us directly or via a recruitment consultant.
• Invest in our business or enquire as to a potential purchase in our business.

The third parties that we may collect personal information from include the following:

• Our clients.
• Government agencies.
• Law enforcement bodies.
• Publicly available records.
• Government databases (including the Australian Securities and Investment Commission and the Australian Business Register).
• Court or tribunal records.
• Service providers (including the Google Places API).
• Recruitment agencies.
• Online searches.
• Social media platforms (including LinkedIn, Instagram and Facebook).

If you provide us with personal information about another person, you agree to refer that person to this Privacy Policy. 

Before you provide us with personal information about another person that is sensitive information, you must ensure that you are authorised by the relevant individual to disclose that information to us.

Why do we collect, store, use and disclose personal information?

We may collect, store, use and disclose your personal information for the purposes for which is was collected, related purposes, and any other purposes including the following:

• Providing the legal, software and software vendor services that our clients request.
• Enabling you to access and use the Digital Services.
• Contracting out services to external service providers and suppliers, including to barristers, title and court searches, forensic witnesses, accountants, mediators, printers, carriers, mail providers, virtual offices, photocopiers, information technology providers, advertising, marketing and campaign managers, market research providers and recruiters.
• Maintaining and developing our relationship with clients and potential clients.
• Operating, protecting, improving and optimising the Digital Services, our business and our users’ experience, including to perform analytics, conduct research and for advertising and marketing.
• Sending you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you.
• Carrying out research, planning, service development, security and risk management processes.
• Sending you information on legal developments, marketing our services and events, and providing other information that may be of interest to you, including information sent by, or on behalf of, third parties that we think you may find interesting.
• Organising seminars and events.
• Assessing applications from prospective employees, contractors and service providers.
• Developing and managing relationships with our employees, contractors and service providers.
• Managing insurance.
• Conducting further searches and enquiries regarding the information you have provided to us or more generally to collect additional personal information about you or your associates for our operational or regulatory purposes.
• Ensuring a safe workplace to the extent reasonably practicable.
• Complying with our legal and regulatory obligations, resolving any disputes that we may have with any of our users, and enforcing our agreements with third parties.
• Otherwise carrying out our functions as a law firm, software developer and software vendor.

We may also disclose your personal information to a trusted third party who holds other information about you.  That third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

Do we use your personal information for direct marketing?

We may send you direct marketing communications and information about our services and products, including publications, alerts, seminar invitations and newsletters.  That may take the form of emails, SMS, mail or other forms of communication, in accordance with the Spam Act 2003 (Cth) and the Privacy Act.  

You may opt-out of receiving marketing materials from us by contacting our Privacy Offer on the details set out below or by using the opt-out facilities provided (eg an unsubscribe link).

Who do we disclose your personal information to?

We have purposely designed Lawlux’s software and system architecture so that as much personal information as possible is stored on secure local Australian servers.  

Our databases, large language models, and document and advice assembly software are all developed by our engineers, do not involve the disclosure of data to third parties, and are stored on secure local Australian servers. 

Where possible, we also minimise the amount of personal information that is disclosed to other organisations.

However, we may disclose personal information for the purposes described in this Privacy Policy to the following:

• Our employees, contractors and related bodies corporate.
• Third party suppliers and service providers, including IBM, Microsoft, professional advisors, recruiters and other providers necessary for the delivery of the Digital Services, recruitment and the provision of our products and services.
• Payment systems operators, including Stripe and NAB Limited.
• Our existing and potential clients, advisers, agents, business partners and partners.
• Anyone to which our assets or businesses (or any part of them) are transferred.
• Specific third parties authorised by you to receive information held by us.
• Other persons, including government databases such as ASIC Connect and ABN Lookup, government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

Disclosure of personal information outside Australia

Although we are generally not likely to disclose personal information to an overseas recipient, we may potentially disclose personal information to an overseas service or storage provider, to an overseas recipient to assess an employment application, or to an overseas recipient as part of a submission for a professional award or ranking.

When you provide your personal information to us, you consent to the disclosure of your information outside of Australia and acknowledge that we are not required to ensure that overseas recipients handle that personal information in compliance with Australian Privacy Law.  That said, we will take reasonable steps to ensure that any overseas recipient will deal with such personal information in a way that is consistent with the Australian Privacy Principles.

Using the Digital Services and cookies

We may collect personal information about you when you use and access the Digital Services (which includes our website).

While we do not use browsing information to identify you personally, we may record certain information about your use of the Digital Services, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use ‘cookies’, ‘web beacons’ or other similar tracking technologies (including from third party service providers) on the Digital Services that help us operate the Digital Services and provide services, enhance and customise your experience across the Digital Services, track your website usage, remember your preferences, perform analytics and deliver advertising and marketing that’s relevant to you.  

Cookies are small files that store information on your computer, TV, mobile phone or other device.  They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and / or browsing sessions.  You can disable cookies through your internet browser but the Digital Services may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information.  For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act.  We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

Security

We have purposely designed Lawlux’s software and system architecture to prioritise data security, including the security of personal information.

As a ‘paperless’ organisation, we generally hold your personal information in electronic form.  However, we may also hold it in hard copy form. 

Although we cannot guarantee the security of personal information, we take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure.

We use a number of physical, administrative, personnel and technical measures to protect your personal information.  Those measures include:

• encrypting all data at rest (AES-256) and in transit (TLS 1.2+), 
• two factor authentication for key applications,
• next generation firewalls with traffic shaping, load balancing and an integrated VPN, 
• intrusion detection,
• automated data backup, 
• integrated document upload virus and malware virus scanning and isolation, and 
• personnel access limits.

Links

The Digital Services reference and link third party websites.  Those links are provided for convenience and may not remain current or be maintained.  

Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites.  The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

Accessing or correcting your personal information

You can access the personal information we hold about you by contacting our Privacy Officer at the details below.  Sometimes, we may not be able to provide you with access to all of your personal information, including if your personal information is covered by client legal privilege.  Where this is the case, we will tell you why.  We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure it is corrected.

Application

Lawlux is not an APP entity for the purpose of the Privacy Act and has not made a choice in writing to the Office of the Australian Information Commissioner to be treated as an APP entity under section 6EA of the Privacy Act.

Amendments 

We may amend this Privacy Policy from time to time by publishing updates on our website.  We encourage you to check our website regularly to ensure you’re aware of our current Privacy Policy.

Privacy Officer

If you have any questions on this Privacy Policy, require more information about the way we manage personal information, would like to request access to or correct personal information that we hold about you, or intend to make a complaint, please contact our Privacy Officer at [email protected].

If you would like to make a complaint, please include your name, email address and / or telephone number and clearly describe your complaint.  We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time.

Updated 20 November 2024