Home

Privacy Policy

Johnson Winter Slattery is the trading name used by two associated partnerships, namely Johnson Winter Slattery ABN 70 843 523 318 and Johnson Winter Slattery (SA) ABN 48 455 961 217.  JWS Services Pty Limited ATF JWS Services Trust (ABN 73 829 311 676) is an associated services entity providing administrative and support services to the partnerships. Any reference in this policy to we, ourus, the firm or JWS is a reference to each of those associated partnerships and the associated service entity that collectively operate a law firm with offices in major Australian cities and clients spanning the globe. 

We recognise that the privacy of your personal information is important to you and are committed to protecting the privacy of any personal information we collect from you. Unless you give us your consent to do otherwise, we will only collect, use and disclose your personal information in accordance with this Privacy Policy and as required or authorised by law.

JWS abide by the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy outlines how we will handle and manage your personal information. You can obtain information about the APPs and your privacy rights at the website of the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au/privacy. 

Observing and protecting the confidentiality of client information is an essential aspect of the conduct of our business. We generally disclose such information only in accordance with our Terms of Engagement.

What kinds of information do we collect and hold?

We collect personal information that is necessary for us to conduct our business. Personal information is any information that can be used to identify you and may include:

In respect of clients, their officers, employees, authorised agents, persons with authority to act on their behalf and beneficial owners

  • your name, address, occupation and contact details (address, telephone numbers and email address);
  • information required to verify your identity and ultimate beneficial ownership of the client, and otherwise comply with our client due diligence obligations under law (see our collection notice for client due diligence for further detail);
  • information about your dealings with us;
  • your interests regarding areas of law or events;

  • other personal information you may disclose to us when you give us instructions or request a service from us, or which is contained in communications between you and us.

    In respect of candidates for employment or partnership

     

  • information about your skills, knowledge and expertise;
  • your CV and where applicable, your transcripts and/or business plan;
  • your remuneration information and expectations;
  • qualifications and certifications, including where applicable, your admission and practicing certificate details;
  • where relevant, independent identity verification, police checks, bankruptcy checks, screening (for example sanction and adverse media checks), reference checks from previous employers, or information about past regulatory breaches or disciplinary actions;
  • where relevant, information about your membership of a professional association, political affiliations, opinions and exposure, medical and health information, sanctions or criminal history (including engagement in terrorism and other criminal activities);
  • (for partner candidates) information about your eligibility to hold a business name, including information about any criminal convictions and disqualification from managing corporations and

  • any other details submitted in your application or via a third party for consideration in connection with your potential candidacy.

    In respect of employees and partners

     

  • your name and contact details;
  • your emergency contact details;
  • your qualifications, certifications, skills, knowledge and expertise;
  • your work history;
  • your date of birth;
  • the start date of your employment/partnership;
  • where applicable, the status of your employment, including whether your employment is full-time, part-time, permanent, temporary or casual;
  • your tax file number, banking and superannuation information (where applicable);
  • (if you are a legal practitioner) information about your admission, practicing certificate and membership of law societies and professional associations;
  • information about your shareholdings and directorships;
  • information about your performance, behaviour or conduct;
  • information about your working hours, salary, wages or other remuneration;
  • information about the terms and conditions of your employment or partnership;
  • information about your annual, long service, sick, personal, maternity, paternity or other leave;
  • information about your citizenship, residency and right to work in Australia;
  • information about your application(s), resume(s), and internal or third party reports about training, disciplining, investigations, complaints or resignation;
  • information about your use of firm devices, including electronic communications;
  • health information;
  • where relevant, information about your membership of a professional association, political affiliations, opinions and exposure, criminal investigations or charges, secondary employment, board appointments, sanctions or criminal history (including engagement in terrorism and other criminal activities) and adverse media;
  • (for partners) information about your eligibility to hold a business name, including information about any criminal convictions and disqualification from managing corporations;
  • information about the termination of your employment or partnership;
  • your gender, age and any other demographic or other identifying information you may elect to provide for our Diversity and Inclusion Strategy including whether you identify as Aboriginal or Torres Strait Islander; and
  • any additional personal information you provide to us, or authorise us to collect, as part of your interaction with us.

We may also collect names and contact details of workers employed or otherwise engaged by our suppliers in the course of the supply relationship.

How do we collect and hold your personal information?

We usually collect personal information in the following ways:

  • directly from you, either in person, in documents, by email or via the JWS website;
  • from third parties, such as recruitment agencies, referees, reference checking agencies, pre-employment screening agencies, law enforcement agencies, your business associates, business counterparties, your employer or the person or entity you beneficially own or are acting on behalf of;
  • from third party risk assessment databases, and pre-employment and other screening databases and identity verification and screening service providers;
  • from publicly available resources such as social media, as well as government databases and public registries including those run by the Australian Securities & Investments Commission and the Personal Property Securities Register; and
  • from public search engines.

We hold personal information in hard copy and electronic files. We protect the personal information we hold through a layered combination of technical and organisational safeguards. Our information security management system is independently certified to ISO/IEC 27001:2022, supported by a comprehensive and mature framework of policies, standards and procedures designed to manage information security risks across the organisation. All partners and staff undertake ongoing mandatory cybersecurity awareness training to reinforce a strong security culture. This is complemented by a broad and integrated set of technical controls that operate across our environment to protect systems, data, and user access, supported by continuous monitoring and specialist oversight. Our technology architecture is designed with security and resilience at its core, incorporating multiple layers of protection and recovery capabilities to safeguard information throughout its lifecycle. We regularly assess and validate these controls through structured reviews and testing activities to ensure they remain effective and continuously evolve in response to emerging threats. 

Collection of information from the JWS website

When using the JWS website you may voluntarily disclose personal information to us. Our server may automatically record details such as your internet address, domain name if applicable, and the date and time of your visit to our website. This information is used for internal purposes only, including statistical purposes.

We will not try to identify users or their browsing activities except as necessary to investigate or report any suspected unlawful activity, as required or authorised by law or as reasonably necessary for the activity of an enforcement body.

The JWS website uses cookies, which may collect personal information. Cookies are pieces of data stored on your browser that record information on your use of the JWS website, such as details of your server and your browsing activity, and send the information to the server. We use these cookies to monitor usage of the JWS website and for security purposes only. You may be able to change the settings of your browser so that cookies are not accepted generally or that you are provided with options to accept or reject them as they are sent to your browser. You might not be able to use the full functionality of the JWS website by refusing the use of cookies.

Why do we collect, hold, use and disclose personal information and what are the consequences of not providing us with the information requested?

We collect, hold, use and disclose personal information for the following purposes:

  • to provide clients with legal and associated services, and to meet our obligations to clients;
  • to enable us to conduct our business and to seek feedback on, improve and promote the services we provide;
  • to manage and administer client relationships and the services we provide, including with respect to charging and billing;
  • to provide you or our clients and contacts generally with information about legal developments or events through our newsletters and other promotional materials;
  • to facilitate your communication with us in writing, by e-mail, telephone or via the JWS website;
  • to conduct our internal business operations;
  • to facilitate individuals seeking employment or partnership with us and to assess applications for employment or other positions with us;
  • to administer and manage partner and employee relationships;
  • to exercise our legal or contractual rights;
  • to comply with applicable legal and regulatory requirements;
  • to promote and market our services that you or our clients or contacts generally may be interested in; and
  • to assess proposals and other offerings from suppliers.

Our ability to provide you with services; to meet our obligations to you, your business, your employer or the person or entity you beneficially own or are acting on behalf of, our clients or related persons or bodies; to comply with our legal or regulatory obligations; or to process any application may be adversely affected if you do not give us the requested personal information, or if the information you give us is incomplete or inaccurate.

Disclosure (including overseas disclosure) of personal information

We will only disclose personal information for the purpose for which it was collected or in the following circumstances:

  • internally to partners and staff of our firm;
  • subject to our obligations to clients, to any person where necessary or desirable in connection with the provision of our services, such as to the client, regulatory authorities and other parties;
  • to third-parties to assist us with AML/CTF obligations including screening, identity verification and storage;
  • to external service providers (on a confidential basis) so they can provide us services related to our business, for example mailing services, IT services, cloud services, data analytics and risk assessment services, data storage/hosting or archive services;
  • to barristers and other legal representatives;
  • where required or authorised by law or regulation;
  • where you consent to the disclosure.

Where applicable we may rely on employee and related bodies corporate exemptions that are available to us under the Privacy Act when using or disclosing personal information.

We may deal with third parties, such as service providers or clients overseas. As a result, your personal information may be disclosed to a recipient in a foreign country, including but not limited to New Zealand, countries of the European Union, the United Kingdom, Singapore, India, the United States of America, Canada, Japan, Philippines, South Africa, Mexico, Lebanon, Tunisia and Botswana. For example, we may discuss your personal information with an overseas client or publish the information on the JWS website and the information is accessed by an overseas recipient.

Under the Privacy Act, we have an obligation to take reasonable steps, in the circumstances, before disclosing personal information to an overseas recipient to ensure that the overseas recipient does not breach privacy laws in relation to that information. We use contractual and other means to meet these obligations.

How secure and accurate is your personal information?

We will take reasonable steps to ensure that all personal information we hold is:

  • accurate, complete, up-to-date, relevant and not misleading;
  • stored in a secure environment; and
  • protected from misuse, interference and loss as well as unauthorised access, modification or disclosure.

Staff with access to such information are subject to obligations of confidentiality.

If any of your details change, please let us know as soon as possible by using the contact details below so we can maintain the accuracy of your personal information.

How can you access and correct your personal information?

Generally, you have a right to access personal information we hold about you. We will comply with any request to access your personal information that you send to our Privacy Officer at the details below, except where the Privacy Act (including the APPs) allow us to refuse to do so. There is no fee for making a request to access your personal information, but we may charge a reasonable fee for giving you access to your personal information in a mutually agreed format, usually by sighting the accessible information held on file. 

Generally, you also have the right to ask us to correct information about you that is inaccurate, incomplete, out-of-date, irrelevant or misleading. You can do so by contacting our Privacy Officer with the details specified below. If we refuse to correct your personal information as requested, we must:

  • notify you in writing of the reasons for the refusal (unless it would be unreasonable to do so) and how to complain of the refusal; and
  • upon request from you that we associate a statement that the information is inaccurate, incomplete, out-of-date, irrelevant or misleading, take such steps are as reasonable in the circumstances to associate such a statement so that it will be apparent to users of the information.

However, if you are a current or former employee, the personal information in your employee records is exempt from the requirements of the Privacy Act. An employee record is a record of personal information relating to your employment with us e.g. terms and conditions of your employment and your emergency contact details. If you are a current or former employee and you would like access to any of your employee records, you can also request access by contacting the Human Resources team of JWS. 

Sensitive information

Some personal information that we collect may be "sensitive information". Sensitive information includes: information relating to a person’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, trade union or other professional or trade association membership, sexual preferences and criminal record that is also personal information; health information and genetic information about an individual.

Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where other limited circumstances apply (e.g., where required by law).

Links to other websites

Sometimes the JWS website may contain a link to third party websites – for example, our insights articles and media releases may contain links to source information or other third party websites you can access if you wish to consider the article content in more. We are not responsible for the content or material contained in, or obtained through, any third party website or for the privacy practices of the third party website. We suggest that you review the privacy policy of each website that you visit.

How can I contact JWS?

If you have any questions or complaints about how we handle your personal information, you can contact our Privacy Officer on 02 8274 9553 during business hours, email (privacy@jws.com.au) or in writing at the address below:

Johnson Winter Slattery

Attention: Privacy Officer

GPO Box 9831

Sydney NSW 2000

We will consider and respond to any complaint notified to us within a reasonable period of time, which in most cases will be within 30 days. We will always endeavour to resolve any complaint to your satisfaction.

Australian Privacy Commissioner

If you are not satisfied with the way in which we handle your enquiry or complaint, you can contact the Office of the Australian Privacy Commissioner on Tel: 1300 363 992 or by using the online form available at the OAIC website.

Changes to this Privacy policy

This is our current Privacy Policy outlining our personal information management practices. This Policy replaces any other privacy policy published by us to date. We may vary this policy from time to time. We encourage you to review the JWS website regularly to ensure that you are aware of our current Privacy Policy.