JANSSEN & MALUGA LEGAL PTY LTD
PRIVACY POLICY

The website of www.janssen-maluga.com.au is an offer by Janssen & Maluga Legal Pty Ltd (Janssen + Maluga Legal; JML), Perth, Western Australia. Janssen + Maluga Legal is committed to respecting and protecting your privacy. This Policy sets out information how we will collect, use, store and transfer any personal data in the course of our business and the measures which we will use to protect its security. It will also explain your rights regarding how we use your personal information. As a law firm we are collecting, working with and transferring personal data of visitors to our website, potential clients, clients and third parties.

The EU General Data Protection Regulation (“GDPR”), adopted by the European Parliament in April 2016, has superseded the Data Protection Directive (“DS-GVO”) in conjunction with the German Federal Data Protection Act-new (“BDSG-neu”) and became enforceable starting on 25 May 2018 in Europe. The Directive regulates and applies to the processing of personal data, regardless of whether such processing is automated or not, where the processing activities relate to the offering of goods and/or services to data subjects in the EU, or to the monitoring of behaviour that takes place within the EU, regardless of whether or not the data is processed in the EU. The GDPR may also apply to entities with no physical presence in the EU. We collect, hold, use and disclose personal information to carry out our functions or activities also under the Privacy Act 1988 (“Privacy Act”).

Personal data are information about or relating to a person (e.g. name, address, postal address, telephone number, IP address) which can be used to ascertain the identity of that person. Personal data are any information relating to an identifiable natural person. Natural persons are considered identifiable if they can be identified directly or indirectly – in particular by linking them to an identifier such as a name, identification number, location data or an online identifier.

1. Controller

This notice of personal data processing is in relation to:

Controller:

Janssen + Maluga Legal Pty Ltd acting as Janssen + Maluga Legal
22 Stirling Highway, Suite 4, Level 2
Nedlands WA 6009
Australia

E-mail: lawyers@janssen-maluga.com.au
Phone: +61 – (0) 8 – 9322 8107
Fax: +61  - (0) 8 – 93228109
Web: www.janssen-maluga.com.au

ACN 627786930 ABN 52627786930

Düsseldorf - Janssen + Maluga Legal Telephone Service

Telephone Service Düsseldorf: +49 (0) 211 - 17 862 39

Monday to Thursday, between 8:30 am and 5:30 pm.

Friday between 8:30 am and 5 pm.

Liability limited by a scheme approved under the Professional Standards Legislation


For Germany please note – not a controller:
Person authorised to receive mail and communication in Germany for Prof. Dr. Janssen and Dr. Maluga pursuant to § 30 I BRAO:

Mrs Anja Riemann-Uwer
Rechtsanwältin/German Lawyer
Kaiser-Wilhelm Ring 43a
40545 Düsseldorf
Germany

Phone: +49 – (0) 211 – 17 12 9909
Fax: +49 – (0) 211 – 17 12 9908
Email: riemann-uwer@strafrechtallianz.de

2. Processing and storage of personal data - Purpose and its use

(a) Processing of personal data for visits to this website

Each time you visit our website www.janssen-maluga.com.au, the browser used by your access device automatically sends data to the server used for our website. The data are temporarily processed in so called log files. The data is stored on our server in Australia. The following data are collected without your active participation and saved until they are automatically deleted:

• IP address of the accessing computer,
• date and time of the server query,
• name and URL of the requested file,
• referrer URL (previously visited page),
• browser and operating system of your computer and name of the requesting provider,
• amount of data transmitted,
• notification of whether the file was accessed successfully.

The data are used only for the following purposes:

• to provide the connection with our website,
• to optimise the offer,
• to analyse the security and stability of the system,
• for further administrative purposes.

The legal basis for processing these data is Art 6 para 1 subpara 1 lit. f of Regulation (EU) 2016/679 – hereinafter the 'GDPR'). Our legitimate interest follows from the above-listed purposes. We will not use the collected data to draw conclusions on the person of the user. Furthermore, this website makes use of so-called cookies. We will provide more information on this topic down below.

(b) Processing of personal data of potential clients or clients

If you intend to authorise/or have authorised us to represent you in your matter, the following information will be processed:

Categories of personal data that we collect include:

• Contact information such as name/given name/title, valid email address, residential and postal address and telephone number, valid Skype address, valid Facebook address;
• Biographical information such as job title, employer, photograph and video or audio content including you;
• Marketing, communication preferences and related information such as meal preferences, feedback;
• Billing and financial information such as billing address, bank account and payment information;
• Services information such as details of services that we have purchased from you;
• Special categories of data such as ethnicity, trade union membership, information about health or information, political opinions or religious beliefs;
• Information relating to children;
• Information regarding criminal matters.

This is necessary to represent you in your claim and for defending your rights.

(i) Information provided by you may include personal data that relates to persons whose information is relevant to the instruction; for example, when we advise on a business transaction or a regulatory investigation or represent a client in a legal dispute.

(ii) If you provide information to us about another person, you must ensure that you comply with any legal obligations that may apply to your provision of the information to us, and to allow us, where necessary, to share that information with our service providers.

The processing and storage of your data are necessary to enable us to identify you as our client, to advise you properly and to represent you, also towards third parties, to correspond with you, to provide you with invoices, for the processing and handling of claims as well as claims against you. The data processing and storage is based upon your request and explicit consent and is necessary in order to allow a proper handling of your legal matter as well as for the joint fulfilment of obligations based on our ‘Letter of Engagement’ (German: ‘Mandantenbrief’) as well as ‘Costs Disclosure’ (German: ‘Kostenbelehrung) according to Art. 6 Abs. 1 S. 1 lit. b DS-GVO (GDPR).

3. How we use your data – Transmission of data

We will only use your personal data fairly and where we have a lawful reason to do so. We will not transmit any of your personal data to third persons for other reasons than those listed below. We will only transmit your personal data to third persons if and to the extent that

•     We are allowed to use your personal data if we have your explicit consent pursuant to Art 6 para 1 subpara 1 lit. a GDPR or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when it is in our legitimate business interest to use your personal data. We can only rely on our legitimate business interest if it is fair and reasonable to do so;
•     The transmission is necessary pursuant to Art. 6 para 1 subpara 1 lit. f GDPR for the enforcement, exercise of defence of claims and if there is no reason to assume that you have an overriding legitimate interest that the data are not transmitted;
•     As lawyers, we have an obligation to store your personal data according to the statutory laws and regulations. Other time frames apply according to Art. 6 para 1 subpara 1 lit. c GDPR based on tax law and/or commercial obligations and Australian law or you have provided your extended consent according to Art. 6 para 1 subpara 1 lit. a GDPR. We will ask for a separate consent if this is necessary. After these dates, your personal data will be deleted;
•     It is legally permitted and, pursuant to Art. 6 para 1 subpara 1 lit. b GDPR necessary for the completion of a contractual relationship with you.

We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims.

Your data is processed and stored mostly in Australia. If we engage third parties and provide your data we ensure that those comply with the data processing laws. We transfer your data to our external book keeping service in Australia as well as in Germany if the necessity arises.

4. Collection of personal data from third parties

Most of the personal data that we collect about you will be information that you provide us with voluntarily. In some circumstances, we may also receive information from:

• Our clients, when we handle personal data on their behalf;
• Regulatory bodies;
• Credit reference agencies (e.g. Creditreform);
• Other companies providing services to us.

Some of these third-party sources may include publicly available sources of information. We will also receive information about you from Google Analytics, a web analytics service provided by Google, Inc. ("Google") whose servers are in the United States of America. Google Analytics uses cookies to help us analyse how users use our site. We will provide more information down below.

5. Processing personal data to third parties

We may share your personal data with third parties in the following circumstances:

• Based on our obligation to perform under our Letter of Engagement (German: ‘Mandantenbrief’) and Costs Disclosure (German: ‘Kostenbelehrung’) and to comply with our duties as lawyers in your matter, pursuant to Art. 6 para 1 subpara 1 lit. b GDPR.
• With our employees, Directors and consultants and with other entities that JML might establish (see also our Legal Notice) on a confidential basis where required for the provision of our legal services, internal administration, billing, compliance and reporting, promoting our events and services and other business purposes;
• Where we provide legal services to you, with third-party providers for the purposes of our litigation services;
• With third party providers Will host the services on which our data is stored, our IT and marketing consultants and other suppliers of the business and administrative services including debt recovery;
• With third party providers for the purposes of money-laundering you and other compliance and reference checks you and other fraud and crime prevention purposes;
• With our insurers and professional advisers as is necessary for the purposes of obtaining and maintaining insurance cover, obtaining professional advice, managing legal disputes and maintaining accounts records and financial audits;
• With any third party to whom we assign or novate any of our rights or obligations or any part of our business is sold or transferred to, or integrated with another organization.

Any information which we share with third-party providers from you will be shared pursuant to contractual arrangements which we put in place which require that the data is processed only in accordance with our instructions for specified purposes and applicable law.

JML reserves the right to disclose any information which we hold where necessary

• To appropriate courts, law enforcement authorities, governmental or regulatory authorities, if required to do so by law or regulation you or by any governmental or law enforcement agency; and
• In order to protect the vital interests of the data subject or of any other individual.

6. When we may transfer your personal data abroad

JML operates globally, we may transfer your personal data abroad for storage or processing where required for any of the purposes set out above, including any of the countries in which JML, agents or contractors have offices. You when doing so, we will comply with applicable data protection requirements and take appropriate safeguards to insure the security and integrity of your personal data. Where we use third party service providers, we will put in place confidentiality agreements, including appropriate data protection obligations.

For users of this website who are based in the European Economic Area (‘EEA’), you should be aware that information which you provide to us may be transferred to countries outside of the EEA, you Including the United States of America, which do not always have the same standards of data protection as those inside the EEA.

JML is based in Australia and we process and store your data mainly in Australia. Pursuant to Art. 45 the European Commission has the power to determine whether a country outside of the EU offers an adequate level of data protection, whether by its domestic legislation or of the international commitment it has entered into. At this point in time the European Commission has not recognised Australia. The GDPR and the Australian Privacy Act 1988 share many common requirements, including to:

• Implement a privacy by design approach to compliance;
• Be able to demonstrate compliance with privacy principles and obligations;
• Adopt transparent information handling practices.

There are some notable differences such as the ‘right to be forgotten’, which do not have an equivalent right under the Privacy Act. We do our very best to comply with the GDPR.

7. Cookies

Our JML website makes use of cookies. Cookies are small text files that your browser produces automatically and which are stored on your access device (e.g. laptop, tablet, smartphone etc.) when your visit our website. Cookies do not cause any harm to your access device and they do not carry computer viruses, Trojans or other malware. Cookie store information in connection with the access device.  However, this does not mean that we know the identity of the user of our website.

The use of cookies serves the purpose to make our website more user-friendly. Therefore, we use session cookies which show which parts of our website have been visited. These are automatically deleted when you leave our website.

We also use temporary cookies to optimise the user friendliness, by saving certain information so that such information does not have to be re-entered the next time you visit our website. We also use cookies to capture statistical data of our website use and analyse it in order to improve our offer. The legal basis for processing personal data with the support of cookies is pursuant to Art. 6 para 1 subpara 1 lit. f GDPR.

Here is a list of cookies names used for the www.janssen-maluga.com.au website:

Most browsers automatically accept cookies. You have the option of configuring your web browser so that cookies are immediately or regularly deleted from your cache, all the cookies are blocked or you are warned before a cookie is saved. However, if you block cookies you may no longer be able to fully use all functions of our website.

Should you leave our website via a link and go to third party websites, it is possible that cookies will be placed by hosts of the linked websites. JML is not legally responsible for those cookies.

More information can be found on the website allaboutcookies.org.

8. Google Maps Plugin

On our website, we use a plug-in of the Internet service Google Maps. Google Maps is operated by Google Inc., with its business residence in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View. When you use Google Maps on our website, data information concerning the use of our website and your IP address are transmitted to and stored on a server operated by Google in the USA. We have no specific knowledge of what start-up are transmitted to Google, nor how they are used by Google. Google may recombine those data with information they gather from other Google services. It is possible that Google will transmit these data to third persons.

If you deactivate Javascript in your browser, you block the usage of Google Maps. In this case, however, you cannot use the Map indications on our website. By using our website, you declare your consent with the collection and processing of data by Google Inc., as described above. For further information on the data protection regulation and the user guidelines for Google Maps please see http://www.google.com/intl/de_de/help/terms_maps.html.

9. Analysis Tools – Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. (‘Google’) which transmits website traffic data to Google servers and stores it in the United States of America. Google Analytics is operated by Google Inc., with its business residence in the USA, CA 94043, 1600 Amphitheatre Parkway, Mountain View.

Google Analytics does not identify individual users or associate your IP address with any other data held by Google. Only in exceptional cases will the full IP address be sent to a Google server in the USA and anonymised there. We use reports provided by Google Analytics to help us understand the website traffic and webpage usage, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator.

The anonymised IP address provided by Google Analytics within the framework of Google Analytics will not be merged with other data provided by Google. You can prevent the storage of cookies by a corresponding setting of your browser software. However, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible.

You can prevent the collection by Google Analytics by clicking on the link down below. An opt-out cookie will be set to prevent future collection of your information when you visit this site: http://tools.google.com/dlpage/gaoptout?hl=de.

For more information about Terms of Use and Privacy, please visit https://policies.google.com. We point out that in this website Google Analytics has been extended by the code ‘anonymizelp’ to ensure an anonymous collection of IP addresses (so-called IP-Masking).

10. Social Networking Services

We use social networking services such as Twitter, Facebook & Linked In to communicate with the public about our work. This is on the legal basis of Art. 6 Abs. 1 S. 1 lit. f DSGVO/GDPR. When you communicate with us using these services, we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies for Twitter, Facebook & Linked In on their websites.

11. Your rights

You have the following rights:

Pursuant to Art. 7 para 3 GDPR you shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal;

Pursuant to Art. 15 GDPR you have the right to obtain information on your processed personal data. You can ask for access to your data especially as follows: for the purpose of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed; the envisioned period for which is personal data will be stored; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing; the right to lodge a complaint with a supervisory authority as well as the existence of automated decision-making, including profiling;

Pursuant to Art. 16 GDPR you shall have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning yourself; you also shall have the right to complete incomplete data of yours;

Pursuant to Art. 17 GDPR you shall have the right that we erase personal data of yours without undue delay especially on the following grounds: the purpose for the storage or processing no longer exists; you withdraw your consent; your right does not apply for an exercising the right of freedom of expression or information, a compliance with legal obligations, for the reason of public interest in the area of public health and for the establishment, exercise or defence of your legal claim;

Pursuant to Art. 18 GDPR you shall have a right to restriction of the processing of your personal data, if you contest the accuracy of the personal data, the processing is unlawful and you oppose the erasure and request a restriction of the use instead, if we no longer need your data for the purpose of the processing but you require it for the establishment, exercise or defence of a legal claim, or if you have used your right to object pursuant to Art. 21 DSGVO;

Pursuant to Art. 20 GDPR it is your right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format; you also have the right to transmit those data to another controller without hindrance from us;

Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority in particular in the Member State of your habitual residence, place of work or place of alleged infringement.

12. Your right to object – Art. 21 GDPR

You have the right to object to the processing and storage of your personal data at any time (Art. 21 DSGVO), if the lawfulness pursuant to Art. 6 Abs. 1 S. 1 lit. f DSGVO is not met. You have the right to object insofar as there are reasons which arise for this from your special situation, of the objection is directed against direct advertisement. In the latter case, you have a general right to object, which will be implemented by us without citing a special situation.

If you decide to make use of your right of objection, please email us on lawyers@janssen-maluga.com.au.

13. Your right to withdraw consent

If the personal data are processed on the basis of your consent, Art. 6 Para 1 (a) GDPR, you can withdraw your consent at any time for the purpose in question. The lawfulness of the processing based on your provided consent remains unaffected until notification has been received that your consent has been withdrawn.

14. Privacy Regulators

We invite you to first discuss with us any concerns or queries you might have. If you are not happy with our handling of your concern or query, you can contact the relevant privacy regulator.

In Australia, the privacy regulator is the Office of the Australian Information Commissioner:

By telephoning 1300 363 992 (of +61 2 9284 9749 if calling from outside Australia)
By fax to +61 2 92849666
By emailing enquiries@oaic.gov.au
By writing to:
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Sydney, New South Wales 2001.

In the European Union, the privacy regulators for each Member State are listed (along with contact details) on the following website: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

15. Data security

We use administrative, technical and physical measures to keep your personal data confidential and secure, in accordance with our internal procedures to protect it you from being accidentally lost, altered, used, accessed or disclosed in an authorised way. Personal data may be held on our technology systems, those of our third-party contractors and/or in paper files. Where we share information with third parties, we will obtain written confirmation that they will similarly protect the data with appropriate safeguards. Our security measures are continuously improved in accordance with technological developments.

16. Current version and modification of this privacy policy

This privacy policy is currently valid as of February 2019. We may revise and update this Privacy Policy from time to time in order to reflect any changes to the way in which we process your personal data and changes in applicable law requirements or guidance. We will publish the updated Privacy Policy on our website and you should review this page periodically to ensure that you are aware of any change to its terms.

From time to time, Janssen + Maluga Legal may offer additional services via additional websites or through a separate website linked to this website. In some cases, such additional services may be subject to alternative terms of use, including the use of your personal information. You If you choose to use any such services and provide personal information for this purpose, we will ask you to consent to your acceptance of such alternative terms of use and the use of your information for the purpose specified. Unless otherwise stated, such alternative terms of use shall apply to supplement this Privacy Policy.