Effective Date: 25 May 2018
The Gordian group of companies (“We/Us/Our”) respect your privacy. So that you may understand how We deal with your Personal Information (please see section 3 below setting out details of the type of information that this may include), We have set out how and why We collect, hold, use, manage, process and transfer Personal Information in this Privacy Policy. You may print a copy of this Privacy Policy. Please read the following carefully to understand our views and practices regarding your Personal Information and how we will treat it.
Where your personal information is protected by the GDPR, We will process that data in accordance with the GDPR.
Where you personal information is protected by other law, such as the Australian Privacy Act 1988 (Cth), We will, at a minimum, process that information in accordance with that law. However, where it is lawful and practical to do so, We will also extend to all individuals the similar rights as those that are provided to data subjects who are protected under GDPR, in respect of the:
1.3.1
Right of access;
1.3.2
Right to object;
1.3.3
Right of portability;
1.3.4
Right of erasure or the right to be forgotten.
Where legal services are provided by Gordian Lawyers Pty Ltd then Gordian Lawyers Pty Ltd is bound by local law and relegations that require lawyers and law firms to keep all information provided to them by their clients secret and confidential, and to use it only in the interests of their clients, subject to the lawyers duty to the court and the administration of justice. Notwithstanding anything else in this Privacy Policy, Gordian Lawyers Pty Ltd will not make any disclosure or use of any information in contravention of those professional laws and regulations.
The GDPR Representative of Gordian Services Pty Ltd is Gordian GDPR Representative Ltd. You can contact the Representative and our Privacy officer at:
1.5.1
2nd Floor College House, 17 King Edwards Road, Ruislip, London, HA4 7AE, United Kingdom; and
1.5.2
via the Contact Us page on our website.
We will update this Privacy Policy from time to time at Our discretion, so you should visit Our website regularly to see the latest copy of the Privacy Policy.
This Privacy Policy binds the following companies in the Gordian group of companies, being:
1.7.1
Gordian GDPR Representative Ltd (UK Company number 11325831);
1.7.2
Gordian Services Limited (UK Company number 11325863);
1.7.3
Gordian Services Pty Ltd (Australian Company ABN 86 160 629 685);
1.7.4
Gordian Lawyers Pty Ltd (Australian Company ABN 78 121 066 733),
and this Privacy Policy should be interpreted so that “We/Us/Our” includes any of these companies.
The Gordian group of companies is engaged in the following business activities:
1.8.1
promoting, offering, selling and performing representative services as defined in Article 27 of GDPR, in particular Gordian GDPR Representative Limited;
1.8.2
promoting, offering, selling and performing professional services relating to privacy advice and compliance, including consulting, training, supporting online services and Data Protection Officer Services as defined by Article 37-39 of GDPR, in particular:
1.8.2.1
Gordian Services Limited;
1.8.2.2
Gordian Services Pty Ltd;
1.8.3
providing legal services as defined under the law of New South Wales, Australia, being Gordian Lawyers Pty Ltd;
1.8.4
any business activities related or ancillary to any of the activities set out above.
This Privacy Policy relates to how We collect, hold, use, manage, transfer and disclose Personal Information that We collect.
Some of the key phrases that are used in this Privacy Policy include:
1.10.1
Australian Privacy Law means the Australian Privacy Act 1998 (Cth).
1.10.2
GDPR means the privacy laws that applies to the European Union, General Data Protection Regulation 2016/679.
1.10.3
Personal Information:
1.10.3.1
has the same meaning as defined in the Australian Privacy Law, where the Australian Privacy Law applies; or
1.10.3.2
has the same meaning as defined in the GDPR, where the GDPR applies;
1.10.4
Sensitive Information has the same meaning as defined in the Australian Privacy Law.
1.10.5
Special Category Data has the same meaning as defined in the GDPR.
1.10.6
Regulator is the legal entity that is responsible for the supervision of the relevant privacy law in Australia or the relevant Member State of the EU, as applicable.
We may collect and hold the following types of Personal Information:
As a rule We do not collect or hold Sensitive Information or Special Category Data. The only exceptions to this rule are:
We collect Personal Information in a number of ways, including:
We hold Personal Information:
We will only ask for personal information where it is necessary, and is to be processed for a lawful purpose.
If you elect not to provide Us with Personal Information then We may not be able to provide you with the information, products, services or support that you may want.
We may receive other unsolicited Personal Information in the course of Our business, for example, where you send us a resume (which includes your name, address and work history) without us specifically asking you to. We will notify you when we receive any such unsolicited information; confirm to you the purposes for which we intend to use that Personal Information; and deal with this unsolicited Personal Information in accordance with our legal obligations.
We collect, hold, use and disclose Personal Information for the following purposes:
We take appropriate measures to secure personal data and protect it from loss or unauthorised disclosure or damage. All Personal Information provided to Us will be held for so long as we reasonably require to deliver services to you or to or your employer or as otherwise required for regulatory or other legal purposes and will be hold on secure servers. Any payment transactions processed by us or any applicable third party will be encrypted using SSL technology.
In accordance with this Privacy Policy, We may send Personal Information to third parties, including those located outside of the territory in which the individual’s Personal Information is gathered for processing by staff who work for Us or for one of our suppliers, including staff engaged in, among other things, the fulfilment of service delivery, the processing of payment details and the provision of support services. Transfers of Personal Information to overseas jurisdictions will take place in the following circumstances:
The countries in which We know that Personal Information may be processed and/or transferred to include:
We will only transfer personal information outside of the country of collection in accordance with applicable law. Wherever Personal Information is transferred outside of the country of collection, we will take all steps reasonably necessary in accordance with applicable law to ensure that such Personal Information is treated securely and in accordance with this Privacy Policy.
Where We have given you (or where you have chosen) a password which enables you to access certain parts of our website or any part of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your Personal Information, We cannot guarantee the security of your Personal Information transmitted to our site; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
Under applicable privacy legislation We must ensure that your Personal Information is accurate and up to date. Therefore, please advise Us of any changes to your information.
If you want to find out what Personal Information We hold on you, or you believe any of your Personal Information that is held by Us is inaccurate, out of date, incomplete, irrelevant or misleading or it is not necessary for Us to continue to hold it, or that We are not processing it lawfully and you require Us to suspend or stop processing it, or you wish for Us to delete or port your Personal Information to a third party provider, you can contact Us, and We will either provide you with access to the Personal Information (in so far as We are legally able and required to do so by applicable law,) or We will delete it or correct it (and/or add supplementary information) or satisfy your rights as a data subject, as applicable, within a reasonable period, in accordance with applicable privacy legislation. Where your Personal Information is subject to GDPR We will provide you these rights in accordance with GDPR. Where your Personal Information is subject to Australian Privacy Law, then We will provide you these rights at least in accordance with Our obligations under Australian Privacy Law, and where it is lawful and practical for Us to do so, to the same extent as if GDPR applied.
For clarity, nothing in this Privacy Policy subjects any Gordian group company to the jurisdiction of GDPR, unless and to the extent that GDPR lawfully extends its jurisdiction to the relevant Gordian company.
You can contact Us for any of these purposes by:
If you wish to complain about a breach of any breach of applicable privacy laws or codes, or this Privacy Policy you should contact Us by:
If you make any such complaint, We may be obliged to report that complaint to the relevant local regulator within the time frames set out in the relevant local legislation. We may also be obliged to self report breach of privacy to the relevant local regulator within the time frames set out in the relevant local legislation.
We will aim to respond to any complaint within 10 business days of the date of receipt. We will attempt to resolve your complaint to your satisfaction. If you are not satisfied with how We deal with your complaint you may contact the relevant regulatory authority in your country.
Gordian Lawyers Pty Limited
ABN 78 121 066 733
Privacy Policy
Liability limited by a scheme approved under Professional Standards Legislation