Privacy Policy

Last Updated

Our commitment

Enigma is committed to providing quality services to you and this policy outlines our ongoing obligations to you regarding how we manage your Personal Information. 
 
We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). The APPs govern the way in which we collect, use, disclose, store, secure, and dispose of your Personal Information. 
 
A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at www.oaic.gov.au

What is Personal Information?

Personal Information is information or an opinion, whether true or not, about an identified individual, or an individual who is reasonably identifiable.  

Information about your business is not typically Personal Information.

Sensitive Information

Sensitive information is a subset of Personal Information and includes information or opinion about an individual's:  

  • racial or ethnic origin 

  • political opinions 

  • membership of a political association 

  • religious or philosophical beliefs 

  • membership of a trade union or other professional body 

  • criminal record, or  

  • health information. 

What Personal Information do we collect?

We typically collect the following Personal Information about you: 

  • Name 

  • Phone number 

  • Email 

  • Where you work 

We may collect Personal Information about other people you provide to us while providing our services. 

We do not typically collect Sensitive Information, however in the event we do, we will only collect Sensitive information:  

  • with your consent, or  

  • where required or authorised by law. 

How do we collect Personal Information?

We collect Personal Information in many ways including:  

  • meetings with you in person or on the phone 

  • email  

  • via our website www.enigmalaw.com.au  

  • your website 

  • media and publications 

  • other publicly available sources  

  • cookies, and  

  • from third parties.

Do we collect Personal Information from Third Parties?

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties.

Where we collect your Personal Information from a third party, we will notify you as soon as practicable of the matters set out in this policy, including the fact that we collected the information from a third party, unless doing so would be unreasonable or impracticable in the circumstances, or would prejudice a legitimate legal process.

How do we use Personal Information?

We collect your Personal Information for the primary purposes of:  

  • providing our services to you  

  • providing information to our clients, and  

  • marketing.  

We may also use your Personal Information for secondary purposes related to the above primary purposes, in circumstances where you would reasonably expect such use. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing or clicking the unsubscribe link in such a message. 
 
At or before the time we collect your Personal Information (or as soon as practicable afterwards), we will notify you of:

  • our identity and contact details

  • the purposes of collection

  • the main consequences if you do not provide the information

  • any third parties to whom we may disclose the information

  • whether we are likely to disclose to overseas recipients, and

  • how you may access and correct your information or make a complaint.

We do not typically use Sensitive Information, however in the event we do, we will only use Sensitive information:  

  • for the primary purpose for which it was obtained  

  • for a secondary purpose that is directly related to the primary purpose,  

  • with your consent, or  

  • where required or authorised by law. 

Disclosure of Personal information

Your Personal Information may be disclosed for the primary purpose for which it was collect, or for a secondary purpose where: 

  • you would reasonably expect us to disclose your information, and the secondary purpose is related to the primary purpose 

  • you consent to the disclosure, or  

  • required or authorised by law. 

We do not currently disclose your Personal Information to overseas recipients. If this changes, we will update this policy to identify the countries where recipients are likely to be located and ensure appropriate protections are in place in accordance with APP 8.

Security of personal information

We protect your Personal Information through a combination of technical and organisational measures including:

  • secure storage systems with access controls limited to authorised personnel

  • encryption of electronic data in transit and at rest

  • regular security assessments

  • staff training on privacy and data handling obligations, and

  • documented incident response procedures for potential data breaches.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or in some cases permanently de-identify it. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years as required by law. 

Access to your personal information

You may access the Personal Information we hold about you to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing. 
 
Enigma will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information. 
 
In order to protect your Personal Information we will require identification from you before releasing the requested information. 

Maintaining the quality of your personal information

It is important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete, and up to date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services. 

Policy updates

This Policy may change from time to time and is available on our website.

Complaints and enquiries

If you have any queries or complaints about how we handle your Personal Information, please contact us via the Contact page.

Alternatively, you can contact the Office of the Australian Information Commissioner (OAIC) via their website: https://www.oaic.gov.au/.