We are bound by industry legislation, regulations and ethical duties (such as the ASCR and the LPA) to protect Personal Information and confidential information in performing our Services.
We respect your privacy and use our best endeavours to keep your Personal Information secure.
By continuing to use this Website, or engaging our Services, you consent to the handling of your Personal Information in accordance with this Policy.
Personal Information we collect & process
How we collect Personal Information
We may collect Personal Information directly or indirectly from any of the following sources:Click or tap on each heading to show detailed information
Personal Information obtained when you or third parties communicate with us.
For Example: emails, telephone calls, video conferences, meetings, verbal instructions, SMS or instant message communications.
Personal Information obtained in documentary formats.
For example: Agreements, contracts, electronic documents, emails, written correspondence, records, evidence.
Personal Information contained in data obtained through searches and legal research activities.
For Example: Government agency and public search databases and registers, domain name whois data, online searches and legal research.
Web Technologies including Cookies
Personal Information and analytics data obtained through the use of web technologies, email marketing, social media and other online channels.
In many cases, such data is anonymised and aggregated so that individuals are not identified or tracked.
For Example: Cookies, web beacons, web analytics tools.
Types of Personal Information we collect & process
We may collect and process the follwing kinds of Personal Information:Click or tap on each heading to show detailed information
Personal Information relating to an individual's identity.
For Example: Name, date of birth, age, sex.
Government Identifier information
Personal Information contained in government issued identifiers.
For Example: Drivers' licence number, passport or visa information, Director ID Number (DIN), Australian Business Number (ABN).
Personal Information relating to an individual's location or address.
For Example: Residential or business address, postal address, geographic location.
Personal Information relating to an indivudal's contact information.
For Example: Telephone numbers, email addresses, social media handles.
Financial & payment information
Personal Information relating to an individual's financial status, transactions or payments.
For Example: banking and payment transaction information, solvency status information, creditworthiness information, property information, mortgage and personal property securities information.
Legal, personal & business affairs informationPersonal Information about an individual's legal, personal and business affairs, including information realting to Service provided (or to be provided) to an individual.
For Example: Information about legal matters, legal advice and strategy, business planning information, intellectual property information.
Personal Information about how an individual interacts with or relates to others.
For Example: Membership information, professional affiliations, shareholder or partnership information.
Web & browser information
Personal Information about an individual's web browsing activities.
For Example: web analytics information, internet browser or device (including operating system, make, model and configuration), IP address, user behaviour (such as links activated, clicks, email and page views, and bounce rates), location (where location services are enabled on the individual’s device).
The Privacy Act defines some types of Personal Information as sensitive information, such as health information. We do not actively collect sensitive information unless it is necessary in the course of providing our Services.
We collect and process Personal Information under one or more of the following legal bases:Click or tap on each heading to show detailed information
The individual has provided us with express or implied consent to collect and process their Personal Information.
You may have the right to revoke or limit such consent where it has been given.
We have entered into, prepared or proposed a contractual or other legal relationship with the individual.
For Example: Client retainers, service contracts.
We have a legal obligation to collect or process the Personal Information.
For Example: Performance or observance of legal obligations, professional duties, ethical duties, duties to the court or administration of justice, or to satisfy requirements and obligations for tax, legal, evidentiary, accounting or similar purposes.
We may collect and process Personal Information where we have a legitimate interest to do so.
For Example: marketing, advertising, professional development, product and service development, website enhancement, information security.
How we store and secure Personal Information
We are required by law to retain certain Personal Information to comply with our statutory duties and other ethical and professional duties.
Where we are required to store Personal Information, we use reasonable endeavours to:
maintain the security of; and
prevent unauthorised access to, or disclosure of;
the Personal Information we collect.
Location of data
Our website, email and electronic document storage services are hosted on servers located within Australia. However, we use other third-party services that may transmit or store some Personal Information overseas.
Personal Information may also be transmitted or stored outside Australia if:
we send or receive communications or information to or from Clients or other parties located outside Australia (For example: international trade mark applications require us to provide Personal Information to organisations outside of Australia); or
the sender or recipient of the communications or information uses a service (for example: an email hosting provider) that is located outside Australia.
- Personal Information that is transmitted or stored outside Australia might not be subject to Australian privacy laws.
Information security measures we adopt
We adopt a range of technologies and measures to safeguard Personal Information and confidential information, including the following:Click or tap on each heading to show detailed information
Technological security measures
SSL encryption technology on our website - by default, connections to our website are automatically redirected to HTTPS/SSL connections and unsecured HTTP connections are not permitted;
CSRF and XSS prevention measures and implementation of CSP measures on our website to minimise malicious scripting attack vectors;
Multi-factor authentication or two-factor authentication (MFA/2FA) technologies (where available) to protect against unauthorised account logins and transactions;
Password management tools & policies – including deployment of password management software and adoption of "robust password generation" & "password non-recycling/non-reuse" policies;
Data encryption and isolation (where available);
Digital email signatures (where possible);
Secure document sharing platforms (where possible) to avoid sharing of sensitive information over email channels;
Payments processing in accordance with our Payment Security Policy;
Third-party payment gateways for processing of all credit card and online payment transactions.We do not collect or store credit card information on our servers except for partial card numbers, expiry date and cardholder information that we are required to retain for transaction verification purposes.
Physical security measures
Secure destruction of physical files and documents when no longer required to be retained.
Minimising printing and the use of physical filing.
We regularly engage in cybersecurity learning and seek to promote good IT security practices for ourselves and our Clients.
Processing of Personal Information
Purposes for which we process Personal Information
We may process Personal Information for one or more the following purposes:Click or tap on each heading to show detailed information
Operating our business.
For Example: Providing Services to our Clients, responding to enquiries, communications, internal management, administration, record-keeping and file maintenance, auditing, legal compliance, obtaining goods & services.
Professional regulation & compliance
To comply with our legal, regulatory, professional and ethical duties and obligations.
For Example: Disclosures required to professional regulators, trust account auditing, tax compliance, insurance obligations, court and tribunal orders and directions.
Payment processing & transactions
To facilitate and process financial transactions and payments.
Website features, functionality & analytics
To enable features and functionality on our website, and to monitor website usage and engagement.
We use third-party analytics services to understand and monitor the use of our website, including obtaining anonymised aggregate user behaviour metrics, search terms and website performance monitoring.
This data is used to improve the quality of your user experience, to identify and diagnose performance issues, and to develop and improve our website, Service offerings and other content.
We do not currently use this data to generate user profiles or for targeted advertising services.
Marketing & advertising
To promote, advertise and market our business, and measure engagement and marketing results.
For Example: email marketing campaigns, newsletter campaigns, online advertising.
We will not sell or lease your personal information for marketing purposes without your prior consent.
We work and interact with a wide range of third parties to operate our business and obtain goods & services and we may provide some of those third parties with the Personal Information we collecte & process.
- Some major third party suppliers to whom we may provide Personal Information, and the purposes for which we provide such Personal Information, are set out in the following table. You can learn more about each third party's data and privacy practices on their respective websites.
Click or tap on each heading to show detailed information
Pinch Payments provides payment processing services for online card and direct debit payments.
- Pinch Payments and its subsidiaries, related entities & affiliates.
- Business Purposes;
Payment processing & transactions;
Stripe provides payment processing services for online card payments (credit and debit card transactions)
As of January 2024, we no longer use Stripe for payment processing.
- Stripe Inc and its subsidiaries, related entities & affiliates.
- Business Purposes;
Payment processing & transactions;
GoCardless provides payment processing services for Direct Debit and/or PayTo™ payments
As of January 2024, we no longer use GoCardless for payment processing.
- GoCardless Ltd and its subsidiaries, related entities & affiliates.
- Business Purposes;
Payment processing & transactions;
- GoCardless Privacy Centre
Courts, Tribunals & Government and Non-Government Agencies
Note: It is not possible to exhaustively list all agencies with which we deal. Generally, interactions with specific agencies are disclosed to our Clients under our Terms of Retainer or in the course of performing Services.
Queensland Courts and Tribnals, including the Supreme, District and Magistrates Courts and the Queensland Civil and Administrative Tribunal (QCAT);
Australian Commonwealth Courts, including the Federal Court of Australia (FCA) and the Federal Circiut and Family Court of Australia (FCFCOA);
Australian Securities and Investments Commission (ASIC);
Australian Business Register (ABR);
Australian Taxation Office (ATO);
Australian Financial Services Authority (AFSA);
Intellectual Property Office of New Zealand (IPONZ);
World Intellectual Property Organisation (WIPO)
- Business Purposes;
Professional Regulation & Compliance
- Please consult the respective agency websites for further information about their privacy policies and information processing practices.
Legal Profession Regulators & Professional Association Bodies
Trust Account External Examiner
SRJ Walker Wayland
Audit Assist Pty Ltd (Former External Examiner)
- Professional Regulation & Compliance
- (Available upon request)
Privacy Enquiries & Complaints
In some circumstances, you may have the right to request access to, or correction, amendment, deletion or transfer of, your Personal Information. In addition, you may have the right to object to our handling of your Personal Information.
Your rights may vary depending on your jurisdiction. You may need to seek independent advice in relation to the rights that apply to you.
How to contact us about Privacy
If you have a privacy enquiry or complaint, or objection to our processing of your Personal Information, we ask that you Contact Us using the contact methods published on our website.
We will endeavour to respond to enquiries regarding privacy within a reasonable timeframe, however, this may be extended if the enquiry is complex or relates to historical or archived information.
We may not be able to respond to enquiries about privacy where such response would require or cause us to:
breach any legislation that applies to us;
breach any professional, contractual or ethical duties owed by us to our Clients or third parties including the duty of confidentiality;
breach any of our duties to the court (including a court order or undertaking) or to the administration of justice; or
waive legal professional privilege on behalf of a Client.
If you are not satisfied with our response
If you are unhappy with our response to a privacy enquiry or complaint, you may contact the Office of the Australian Information Commissioner (OAIC).
If you are outside Australia, you may also have the right to lodge a complaint or enquiry with an equivalent authority in your jurisdiction.
Other Privacy Matters
Pseudonyms & Anonymity
You may have the option to interact with us on this website or in our social media channels anonymously or under a pseudonym.
However, as we are normally required by law to identify all Clients who engage us to provide Services, it may not be possible for us to offer Services to you anonymously or under a pseudonym.
Quality Assurance, Information Integrity & Accuracy
We will take reasonable steps to ensure that Personal Information we collect and process is accurate having regard to its purpose.
However, we often need to rely upon information from third-party sources, the accuracy of information may be affected by those third-party sources.
Interpretation & General Provisions
Removal of Stripe and GoCardless as payment processors.
Rebrand Xuveo Legal to Mirai Legal
Added Pinch Payments as third party supplier.