Introduction

Artificer is a privacy-aware organisation, and the effective management of information privacy in the digital age forms a critical part of our identity as a hybrid legal and technology services provider.

This Privacy Policy outlines how Artificer generally collects, holds, uses and discloses personal information in the performance of its services, and on this website. It has been prepared giving regard to the requirements under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

Although this Privacy Policy has been published by Artificer, the Privacy Act 1988 contains exceptions and thresholds to coverage which may mean that from time to time Artificer is not subject to parts of the Act. The publishing of and/or adherence to this Privacy Policy is not taken by itself to be a voluntary opt-in to the Act.

What Personal Information Artificer Collects

In both the legal and technology practice groups, Artificer may collect the following types of personal information about an individual:

• Identification and Contact Information: Basic identification information of individuals who give us instructions name, role or position, employer and in some cases date of birth, along with contact information for those individuals, such as address, email address, telephone number. We may also collect this information for individuals who are, or are employed by, prospective clients.

• Information and opinions about an individual's circumstances: Depending on the nature of the work performed, Artificer may collect information relating to an individual's circumstances which may or may not be sensitive, including about an individual's legal or pecuinary interests, relationships, medical circumstances and other information.

• Employment Information: Artificer collects information about the qualifications, skills and work experience of actual or potential employees, and suppliers/subcontractors.

Methods of Collection

Directly from Individuals

Artificer collects personal information directly from individuals who are clients or those who are employed by clients. Normally, Artificer will collect personal information from individuals directly using digital forms or via digital correspondence.

For Direct Marketing

In the case of prospective clients, or employees or agents of prospective clients, Artificer may use personal information for direct marketing purposes in accordance with the exception in APP 7.3 if that individual has consented to a third party for his/her information to be used for direct marketing purposes. Artificer will provide an opt-out to future direct marketing with its marketing communications, but for convenience you can opt-out here.

Using the above link to opt-out of direct marketing is different from a request to delete your information, your information will be retained for the purposes of ensuring Artificer does not target you with direct marketing communications, and you consent to Artificer doing so.

If you opt instead to make a request for Artificer to delete your information, there is no guarantee that you will not receive further direct marketing from Artificer in the future, for example where you provide your information with consent to an organisation that collects information for direct marketing purposes (for instance, a social media website that provides us with marketing services).

Note that individuals have the right to request deletion of all information except that necessary to prevent receipt of direct marketing from Artificer.

Holding and Storage

Artificer prioritises the implementation of technical and administrative safeguards to protect personal information from unauthorised access, modification, disclosure or from loss or misuse.

None of our ordinary processes for the storage of personal information include hard copy files or printing, eliminating most traditional risks of inadvertent disclosure. If Artificer does print a document containing personal information (for instance to take to Court), printed copy of the document will be destroyed as soon as it is no longer necessary for the purpose it was created for.

In the case of information stored for a Client, like most technology organisations and digitally-enabled law firms, our normal process is to store personal information on a purpose-built cloud storage service provided by a third party supplier. Employment information is also stored in a cloud storage service provided by a third party. To access or modify the information in the course of their normal work, practitioners will synchronise some files from the cloud storage service to their local machines.

Artificer stores information for prospective clients in a Customer Relationship Management system that features industry standard security protections, also provided by a third-party supplier.

Artificer is careful to purchase from technology suppliers that have sophisticated information security procedures and safeguards, such as ISO/IEC 27001:2022 and ISO/IEC 27017:2015. In every case, Artificer uses strong, unique passwords for each internal business system, and adopts modern security best practices where are available, such as the use of two-factor authentication and regular updates software to incorporate the latest security patches.

Disclosure of Purpose and Use

Artificer collects, holds, uses and discloses personal information in order to:

• Service Delivery: To provide legal and technology services to our Client(s), or to facilitate the procurement of services on behalf of a Client according to instructions, this includes disclosing personal information to third parties as instructed by our Client, or incidental to those instructions.

• Direct Marketing: To let organisations and individuals know about products or services that Artificer thinks will interest them, and to personalise our approach to those individuals.

• Prospective Client Enquiries: To respond to enquiries about prospective clients about Artificer services and to produce estimates or contractual documentation for consideration of purchase.

• Employment and Subcontracting: To determine whether to make an employment decision or whether to purchase services from a subcontractor based on the employee/subcontractors employment history, skills and experience.

• Business and/or administrative purposes: It might be required by law that Artificer discloses some personal information in connection for auditing, accounting or in connection with a practitioner's duty as an Officer of the Court.

Artificer may disclose your information if required by law, as permitted by APP 6.2. For example if:

• a warrant, order or notice issued by a court requires Artificer to provide information, or produce records or documents;

• Artificer is subject to a statutory requirement to report certain matters to an agency or enforcement body, for example, specific financial transactions, notifiable diseases or suspected cases of child abuse; or

• a law applying to the Artificer clearly and specifically authorises it to use or disclose the personal information.

Access Your Information

You can contact Artificer to access, correct or update your personal information. Unless Artificer is subject to confidentiality obligation or some other restriction on giving access to the information and it is permitted to refuse you access under the Privacy Act 1988, Artificer will endeavour to make your information available to you within 30 days.

Examples of circumstances where Artificer may refuse to give access to personal information include where:

• giving access would be unlawful;

• Artificer reasonably believes that giving you access would pose a serious threat to the life, health or safety of any individual or to public health or public safety;

• giving access would have an unreasonable impact on the privacy of others;

• the information could reveal the intentions of a party in negotiations;

• giving access could reveal evaluative information in a commercially sensitive decision-making process; and/or

• giving access would be inconsistent with a duty owed.

Disclosure to Overseas Recipients

In the course of delivery of services to a Client, Artificer will disclose personal information to overseas recipients only where instructed to do so, or where required by law.

Australian Privacy law distinguishes between the concepts of 'disclosure' and 'holding' and 'use'. Unless specifically instructed by a client or required by law, Artificer will not disclose information to overseas recipients. However, as part of ensuring Artificer can offer the best price and efficiency or service delivery, some of our third-party providers may cause us to use or hold personal information in regions outside of Australia (for instance where they use a shared/distributed cloud service offering that processes information in overseas data centres). As Artificer uses some Google services, regions where Google hosts data across its services may be involved in Artificer's holding or use of some personal information. Information about where Google bases its data centers can be found on Google's Data centre directory.

If required by a Client, Artificer is capable of delivering services which use and hold data only in Australian-based data centres. However, in order for this to apply to our service delivery, it must be a specific term in a Statement of Work or agreement that Artificer enters into with that Client. By default, Artificer will not incur the additional expense of procuring the required data sovereignty guarantees from our third party suppliers to ensure they only hold data in Australian-based data centres. It would be preferable if cloud providers offered by-default data sovereignty guarantees for Australian customers for all the latest technology, but that has not yet occurred.

Enquiries and Complaints

Complaints about Artificer's handling of personal information can be submitted here. Any request for access or correction of personal information, can be submitted here. Artificer aims to address privacy complaints within 30 days. If a response to the complaint by Artificer is not satisfactory, it can be raised with the Office of the Office of the Australian Information Commissioner using the privacy complaints information available on its website.