Our Commitment

This is the Privacy Policy of Arnotts Technology Lawyers Pty Ltd ("we", "us" and when relating to us, "our").

We are committed to protecting your privacy. We collect, use, share, process and manage personal information only as reasonably necessary for carrying out our functions and activities, providing legal services and complying with our legal and regulatory obligations.

We are also required to handle some personal information for the purposes of, or in connection with, activities relating to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) and the Anti-Money Laundering and Counter-Terrorism Financing Rules made under that Act (AML/CTF Rules). Where we prepare to provide, provide, or reasonably anticipate that we may provide services regulated by the AML/CTF framework, we will handle personal information provided in relation to those services in an open and transparent way, subject to our legal obligations, in accordance with this Privacy Policy.

What This Privacy Policy Covers

This policy describes how we manage personal information about our clients, prospective clients, website visitors and other people who interact with us in relation to our legal services. It does not address employee or contractor personal information, which is addressed in a separate privacy policy.

For AML/CTF-related activities, this policy also explains how we collect and handle personal information, including know-your-customer information, for the purposes of complying with the AML/CTF Act, AML/CTF Rules and guidance issued by the Australian Transaction Reports and Analysis Centre (AUSTRAC).

Nothing in this Privacy Policy limits our obligations of confidentiality or client legal privilege. We continue to handle information confidentially under applicable legal profession legislation and professional conduct rules, including the Legal Profession Uniform Law Australian Solicitors' Conduct Rules 2015 (NSW).

Meaning of Words Used in This Privacy Policy

In this Privacy Policy:

  • AML/CTF framework means the AML/CTF Act, AML/CTF Rules and AUSTRAC-issued guidance.
  • APPs means the Australian Privacy Principles in Schedule 1 of the Privacy Act 1988 (Cth) (Privacy Act).
  • Designated Services means services described as professional services in Table 6 of section 6 of the AML/CTF Act and relevant subsections, to the extent we provide those services. These may include assisting with the acquisition, sale, transfer, financing, creation, restructuring or management of bodies corporate or legal arrangements; receiving, holding, controlling or managing money, accounts, securities, virtual assets or other property in connection with a transaction; acting as, or arranging for someone else to act as, a company director or secretary, partner, trustee, power of attorney or equivalent position; acting as, or arranging a nominee shareholder; or providing a registered office or principal place of business address.
  • KYC Information means information sufficient to establish initial customer due diligence matters on reasonable grounds, or to fulfil ongoing customer due diligence obligations, under the AML/CTF Act. This may include information about a customer's identity, any person on whose behalf the customer receives services, any person acting on behalf of the customer, beneficial owners, politically exposed person or targeted financial sanctions status, source of wealth, source of funds, the nature and purpose of the business relationship or transaction, and any other matter specified in the AML/CTF Rules.
  • OAIC means the Office of the Australian Information Commissioner.
  • Personal information has the meaning given in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.
  • Sensitive information includes information or an opinion about matters such as racial or ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, trade union membership, sexual orientation or practices, criminal record, health information, genetic information, biometric information used for automated biometric verification or identification, and biometric templates.

How We Collect Personal Information

We collect personal information by lawful and fair means. Where practicable, we collect personal information directly from you. However, we may collect personal information from third parties where you consent, where it is unreasonable or impracticable to collect it directly, or where we are required or authorised by law to do so.

We may collect personal information when you, your organisation, or someone acting on your or your organisation's behalf:

  • Contact us with a question or inquiry
  • Subscribe to our newsletter or legal updates service
  • Visit us or meet with our representatives
  • Communicate with us by post, email, social media, telephone, text message or online form
  • Attend, present at or otherwise participate in a meeting, conference, webinar, seminar or event hosted or presented by us
  • Instruct us to act for you, supply information for a conflict check, or provide information relevant to a matter
  • Supply KYC Information in response to our request so we can comply with AML/CTF obligations
  • Our clients provide information relating to related and adverse parties relevant to the advice or services we provide
  • We undertake a search, investigation, verification or due diligence process

If we use a credit reporting body for electronic identity verification, we will seek your express consent before doing so and offer an alternative means of verification where legally required.

Where required, we will provide a collection notice at or before the time we collect personal information.

What Personal Information We Collect

We collect various types of personal information to provide our legal services effectively and comply with our obligations. This may include:

  • Contact details such as name, role or position, address, email address, mobile number, landline number and fax number
  • Information that you enter into our online forms
  • Information relating to your circumstances and affairs relevant to the matters in which we are instructed
  • Information about your legal interests and requirements and the legal services that you may wish to purchase
  • Information regarding our communications with you and your attendance at seminars, webinars and promotional events held by us
  • If you are an employee or prospective employee, information about your qualifications, skills and work experience
  • If you are a supplier or prospective supplier, information about your business skills, services, products and prices
  • KYC Information required by the AML/CTF framework, including names, addresses, location, contact details, job titles, identity information, beneficial ownership information, source of funds and source of wealth information, and information about services or transactions obtained, offered or supplied, including information about the time, place and circumstances of our interactions with you

We may infer information about you from your engagement with us and your activities. We may also collect sensitive information where required for compliance with the AML/CTF framework or where otherwise permitted by law.

We may conduct ongoing monitoring of transactions and client information to comply with our AML/CTF obligations.

What Happens if You Do Not Provide Requested Information?

We are required to collect the full name and address of our clients. Accurate name and address information may also be required to comply with trust account record keeping requirements, our duties to courts and tribunals, and our professional obligations.

We may also be required under the AML/CTF Act to collect and verify certain personal information. If you do not provide requested personal information, we may be unable to provide legal services or Designated Services, carry out your instructions, complete verification or due diligence, or comply with our legal obligations.

Under APP 2 you may interact with us anonymously, or using a pseudonym, where lawful and practicable. However, interacting anonymously or using a pseudonym is not possible where we are required to verify identity under the AML/CTF framework or otherwise need your identity to act for you.

How We Use Your Personal Information

We collect, hold, use and disclose personal information for the following purposes:

  • Respond to your enquiries
  • Provide legal services and Designated Services
  • Open files, conduct conflict checks, verify identity and undertake due diligence
  • Carry out the instructions of our clients
  • Comply with regulatory obligations, including obligations under the AML/CTF framework, legal profession legislation and professional conduct rules
  • Employ competent and diligent personnel
  • Monitor or improve the use of and satisfaction with our legal services
  • Provide you with access to online resources, including webinars
  • Let you know about legal developments, our expertise and legal services that may be of interest to you
  • Maintain and improve our operations, conduct research, hold meetings, seminars or events, and administer our practice
  • Support our legal practice, subject to our confidentiality obligations
  • Comply with legal requirements as required or permitted by law

Unless you consent to us doing so otherwise, we will only use your personal information for the primary purpose for which it was collected, and for any secondary purpose if you would reasonably expect it and the purpose is related to the primary purpose of collection. For sensitive information, any secondary purpose will be one that you would reasonably expect and directly related to the primary purpose of collection.

Who We Share Your Information With

Subject to our confidentiality obligations and legal requirements, we may share relevant personal information with:

  • Parties related to a matter you have with us, courts, tribunals, government authorities, regulators and service providers as reasonably required to carry out your instructions
  • Contracted service providers who organise or facilitate the efficient and effective administration, management or delivery of our services, including providers that support due diligence and AML/CTF compliance processes
  • Our email marketing provider for the purposes of providing our newsletter, invitations and legal updates
  • Third party service providers who assist us with archival, auditing, accounting, legal, business consulting, marketing, website, technology, IT security or professional services
  • Other parties with your express permission

We will take reasonable steps to ensure contracted service providers protect personal information appropriately and do not use or disclose it for any other purpose except as required by law.

Legal Requirements and AML/CTF Disclosures

We may use or disclose personal information if required by law or expressly permitted by the Privacy Act, including where:

  • It is not reasonable or practicable to obtain consent and we reasonably believe use or disclosure is necessary to lessen or prevent a serious threat to the life, health or safety of any individual or to public health or safety
  • We have reason to suspect that unlawful activity or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in, and we believe the collection, use or disclosure is necessary to take appropriate action
  • We reasonably believe the collection, use or disclosure is reasonably necessary to assist with the location of a person reported missing
  • We are compelled by warrant, subpoena, court or tribunal order, statute, lawful request, regulator request, or law enforcement or government authority requirement
  • Disclosure is required or permitted to AUSTRAC or other government agencies, including where we form a suspicion about a matter or transaction under the AML/CTF framework

There may be circumstances where we are compelled to disclose confidential information to AUSTRAC under the AML/CTF framework. We are prohibited from notifying you of disclosures to AUSTRAC and may be prohibited from notifying you of disclosures to other government agencies or authorities.

Business Transactions

If we are involved in a merger, acquisition, restructure or asset sale, your personal information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy, where required by law.

International Disclosure

Some third parties described above, including our service providers, may be located in Australia, the United States of America and other countries.

We maintain personal information physically and electronically within Australia where practicable. Some electronic services we use may process or store data offshore. Those services are not entitled to access or use personal information held by us except as required for delivery of the contracted service. We take reasonable steps to ensure overseas recipients do not breach the APPs.

Marketing Communications

We may, from time to time, send you newsletters, invitations and legal updates about our services. You can opt out of receiving further such communications by notifying us using our contact details or by clicking the "unsubscribe" option at the bottom of any marketing email received from us.

Security and Retention

We hold personal information in hard copy and electronic formats. We take reasonable physical, technical, administrative and operational safeguards to protect personal information from misuse, interference, loss, and unauthorised access, modification and disclosure. These measures include secure offices, staff education and training, access controls that restrict personal information to people who need access, and technological security measures such as firewalls, encryption and anti-virus software.

Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme in the Privacy Act, including notifying the OAIC and affected individuals as required.

When we consider that personal information is no longer needed for any purpose for which it may be used or disclosed in accordance with this policy, and we are not required by law or court order to retain it, we will take reasonable steps to destroy or de-identify it. AML/CTF KYC Information and transaction records are kept for seven years after the business relationship ends or the transaction is completed, as required by the AML/CTF framework.

Accessing and Correcting Your Personal Information

You can contact us to access, correct or update your personal information. We will respond to inquiries about whether we hold personal information relating to you and will allow access to and correction of personal information subject to any contractual arrangements where personal information is held by a third party, our confidentiality obligations, legal professional privilege, and the conditions and limitations in the Privacy Act.

Examples of circumstances where we may refuse to give access include where:

  • Giving access would be unlawful
  • We reasonably believe giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety
  • Giving access would have an unreasonable impact on the privacy of others
  • The request is frivolous or vexatious
  • The information relates to existing or anticipated legal proceedings and would not be accessible by discovery in those proceedings
  • The information could reveal the intentions of a party in negotiations in a way that would prejudice those negotiations
  • Denying access is required or authorised by or under an Australian law or a court or tribunal order
  • Giving access could prejudice the taking of appropriate action in relation to unlawful activity or misconduct of a serious nature
  • Giving access would be likely to prejudice enforcement-related activities conducted by or on behalf of an enforcement body
  • Giving access could reveal evaluative information generated within the organisation in connection with a commercially sensitive decision-making process

If you believe that personal information we or a contracted third party hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request that we correct it. We may ask you to verify your identity before giving access or making corrections. We will not charge you to make a request to access or correct your personal information, but we may charge a reasonable fee for providing access depending on the costs associated with obtaining and providing the material.

We will take reasonable steps to correct your information to ensure it is accurate, complete and up-to-date within a reasonable period, usually within 30 days, of receiving your request.

Privacy Complaints

Privacy-related inquiries and complaints may be made to us using the contact details contained on our website or by emailing law@arnotts.tech. If you have concerns regarding our management of your personal information, or if you believe we have breached the APPs, please contact us in writing setting out the details of your complaint.

We are committed to achieving a fair and equitable resolution of privacy concerns. When you lodge a complaint, we will follow this internal review process:

  • We will acknowledge receipt of your written complaint within a reasonable time, usually within seven days
  • We will conduct an internal investigation into your complaint, which may include reviewing the circumstances of the collection, use or disclosure of your information and assessing our compliance with our internal procedures and the Privacy Act
  • We may contact you to request further information to assist with our investigation
  • We will endeavour to complete our investigation and provide you with a written response outlining the outcome of our review, our decision and any corrective actions we propose to take within 30 days of receiving your complaint

If you are not satisfied with our response, or if we do not resolve your complaint within 30 days, you may seek a review by lodging a complaint with the Office of the Australian Information Commissioner at www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.

Changes to This Privacy Policy

If we decide to change our Privacy Policy, we will send you a copy of our revised policy or post a copy on our website. If you require a copy of this Privacy Policy in a particular form, such as large print or accessible PDF, please contact us.

Date reviewed: 1 June 2026.