This policy is available on our website. If you would like a copy in another format, please contact us and we will take reasonable steps to provide it in that format.

We may collect the following types of personal information:

(a)    Contact details: name, email address, phone number, postal address;

(b)    Business information:  company name, ACN/ABN, role or position;

(c)    Legal matter information: information you provide to us, or we collect on your behalf, in connection with the provision of legal services, including financial, commercial, corporate and transactional information;

(d)    Website usage information: IP address, browser type, device information, pages visited and time spent on our website (collected via cookies and similar technologies); and

(e)    any other information you choose to provide to us or that we are required or authorised to collect by law; and

(f)      Sensitive information (as defined in the Privacy Act) includes information about an individual's racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, genetic or biometric data, sexual orientation, or criminal record. We will only collect sensitive information where it is reasonably necessary for, or directly related to, one or more of our functions or activities, and:

(i)      you have consented to the collection; or

(ii)     we are required or authorised by or under an Australian law or court/tribunal order to collect the information; or

the collection is necessary for the establishment, exercise or defence of a legal claim.

We collect personal information:

(a)    directly from you, when you contact us, complete a form, engage our services or correspond with us by email, phone or in person;

(b)    from third parties, including your other professional advisors, counterparties to transactions, referrers, courts, government agencies, publicly available sources, and other parties involved in your legal matter, where it is reasonably necessary for the provision of our legal services or where we are otherwise required or authorised by law to do so; and

(c)    automatically, through our website via cookies and analytics tools.

Where practicable, we will collect personal information directly from you. However, in some circumstances it may be necessary to collect information from third parties, for example where we are acting on your behalf in a transaction or litigation, or where we are required to conduct due diligence or comply with our legal and regulatory obligations.

We collect, hold, use and disclose personal information for the following purposes:

(a)    provide legal advice and services to you, including advising on legal matters, drafting and reviewing documents, representing you in negotiations or proceedings, and conducting legal research;

(b)    communicate with you about your legal matter, including providing updates, requesting information or instructions, and responding to your enquiries;

(c)    comply with our legal and professional obligations (including under the Legal Profession Uniform Law and applicable conduct rules);

(d)    send you updates, newsletters or marketing communications (you may opt out at any time); and

(e)    improve our website and services.

We may disclose your personal information to:

(a)    your other professional advisors (e.g. accountants, tax advisors, transfer pricing advisors) where you have authorised us to do so;

(b)    third-party service providers who assist us in delivering our services, such as providers of practice management software, cloud storage and computing services, document management systems, email and communication platforms, accounting and financial software, payment processing services, e-signature tools, and marketing platforms. These providers may be located in Australia or overseas (including in the United States, United Kingdom, European Union and New Zealand);

(c)    AI tools we use in the delivery of our services (see clause 7 below); and

(d)    regulators, courts or government authorities where required or authorised by law.

We do not sell your personal information to third parties.

Some of our third-party service providers and tools may store or process data on servers located outside Australia, including in the United States of America, the EU and the United Kingdom. Where personal information is disclosed to an overseas recipient, we take reasonable steps to ensure that the recipient handles your information in a manner consistent with the Australian Privacy Principles, including by confirming that the recipient is subject to a law or binding scheme that provides substantially similar protection.

By engaging our services, you consent to such overseas processing to the extent necessary for us to deliver those services to you.

We use various artificial intelligence (AI) and automation tools to enhance the efficiency and quality of our legal services. We categorise our use of AI into two areas:

(a)    Administrative and Embedded AI: We use standard professional software that has integrated AI features (such as automated filing and document generation from our internal precedents in Actionstep (our practice management software), predictive text in Microsoft 365 or Google Workspace and bank reconciliation in Xero). Use of these tools is essential to our day-to-day operations. By engaging our services, you consent to the processing of your information through these embedded administrative tools.

(b)    Generative and Analytical AI: We may use specialised Generative AI tools to assist with legal research, document drafting, and data analysis. These tools are subject to the following protections:

(i)      No Model Training: We do not permit AI providers to use your personal information or matter data to train their public AI models.

(ii)     Practitioner Oversight: All AI-generated output is subject to rigorous review and professional legal judgement by a qualified practitioner before being delivered to you.

(iii)    Security: We only use "enterprise-grade" versions of these tools which provide higher levels of data encryption and privacy than consumer-grade versions.

You may request that we do not use Generative AI  in the course of your specific legal matter by notifying us in writing at liz@austinlegal.com.au.

Please note that if you opt out of all AI tools (including administrative tools), we may be unable to provide services to you as these technologies are deeply integrated into our practice management and communication systems.

We take reasonable steps to protect the personal information we hold from misuse, interference, loss, and unauthorised access, modification or disclosure. These steps include:

• secure document and email systems;

• password-protected client portals;

• enterprise-grade security on all AI tools we use; and

• staff awareness of confidentiality and privacy obligations.

Where we no longer need personal information, we will take reasonable steps to destroy or de-identify it.

In the event of a data breach, we will notify you and the OAIC in accordance with our obligations under the Notifiable Data Breaches scheme.

You may access the personal information we hold about you and seek correction of that information. To do so, please contact us using the details in clause 11 below. We will respond within a reasonable time. We may need to verify your identity before providing access.

We may decline access in limited circumstances permitted by the APPs, in which case we will tell you why.

If you have a concern about how we have handled your personal information, please raise it with us in the first instance using the contact details in clause 11. We will endeavour to resolve your concern promptly.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au

• Phone: 1300 363 992

You should lodge a complaint with the OAIC within 12 months of becoming aware of the issue.

Our address is in the footer of our website, www.austinlegal.com.au.

You can contact us by email at: liz@austinlegal.com.au 

If you are located in the European Union or European Economic Area (EEA), you may have additional rights under the EU General Data Protection Regulation (GDPR), including the right to:

• access your personal data;

• request correction or erasure of your personal data;

• object to or restrict our processing of your personal data; and

• data portability.

We process personal data of EU and EEA clients on the basis of contractual necessity (to provide you with legal services) and legitimate interests (to communicate with you and manage our relationship with you).

As an Australian business, we are not established in the EU. However, where we collect and process personal data of EU or EEA individuals, we take reasonable steps to handle that information consistently with the GDPR. If you wish to exercise any of your rights under the GDPR, or have a concern about how we have handled your personal data, please contact us at liz@austinlegal.com.au. You also have the right to lodge a complaint with your local EU data protection authority.

We may update this policy from time to time, including to reflect changes to the AI tools we use or their data handling terms. The current version will be available at www.austinlegal.com.au. The date at the right of this policy indicates when it was last updated.