EAGLEGATE Lawyers — Privacy Policy

EAGLEGATE Privacy Policy

EAGLEGATE Pty Ltd ACN 628 435 647 (“EAGLEGATE”, “we”, “us”, “our”) is an Australian law firm. We are committed to protecting the privacy and security of personal information entrusted to us in the course of providing legal services. This Privacy Policy (“Policy”) describes how we collect, hold, use, and disclose personal information, and explains the rights available to you under Australian privacy law.

This Policy applies to all personal information we handle in connection with our legal services, our website, our client portal, and any other interaction you have with EAGLEGATE. It should be read together with any other terms or notices we provide to you.

We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”) set out in Schedule 1 to that Act. Certain provisions of the Information Privacy Act 2009 (Qld) may also be relevant where we handle personal information in a Queensland government context.

Key Definitions

The following terms are used throughout this Policy:

APPs	The Australian Privacy Principles set out in Schedule 1 to the Privacy Act 1988 (Cth).
Closed AI	An artificial intelligence system provided by a third-party vendor under a contractual arrangement that prohibits the vendor from using client data to train its models and which processes data in accordance with agreed security and confidentiality standards.
Overseas Recipient	A person or entity outside Australia that receives personal information from EAGLEGATE.
Personal Information	Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether the information is recorded in a material form or not (as defined in s 6 of the Privacy Act).
Privacy Act	The Privacy Act 1988 (Cth) as amended from time to time.
Sensitive Information	A subset of personal information including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, and biometric data, as defined in the Privacy Act.
We / Us / Our	EAGLEGATE, its principals, employees, contractors, and agents acting under its direction.
You / Your	Any individual about whom we hold personal information, including clients, prospective clients, counterparties, witnesses, and other individuals.

Anonymity and Pseudonymity

APP 2 of the Privacy Act generally requires entities to give individuals the option of not identifying themselves or of using a pseudonym when dealing with an APP entity. However, APP 2.2(b) provides an exception where it is impracticable for the entity to deal with individuals who have not identified themselves.

IMPORTANT NOTICE — EAGLEGATE is unable to offer you the option of dealing with us anonymously or by pseudonym. Due to the nature of legal services — including our professional obligations under the Legal Profession Act 2007 (Qld), our anti-money laundering and counter-terrorism financing obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML/CTF Act”), our obligations under the Foreign Acquisitions and Takeovers Act 1975 (Cth) and other legislation, and the requirements of courts and regulatory bodies — we are required by law to verify your identity and to maintain accurate, identified records of our engagement with you. Engaging with us on an anonymous or pseudonymous basis is not practicable and we cannot accept instructions on that basis.

This means that if you contact us or engage our services, you will be required to provide identifying information. If you are unwilling to do so, we may be unable to act for you.

What Personal Information We Collect

General personal information

Depending on the nature of the matter and our engagement with you, we may collect and hold the following categories of personal information:

Full legal name, date of birth, and gender
Residential, postal, and registered addresses
Contact details, including telephone numbers and email addresses
Passport, driver’s licence, and other government-issued identification documents
ABN, ACN, and business registration details
Financial information, including bank account details, tax file numbers, and financial statements
Employment and occupational information
Family and relationship information (in family law matters)
Immigration status and visa information
Property and asset details
Corporate structure, ownership, and beneficial ownership information
Litigation history and prior legal proceedings
Counterparty and witness details
Any other information reasonably necessary for the conduct of your matter

Sensitive information

In the course of some matters, we may be required to collect sensitive information, including:

Health and medical information (for example, in personal injury, workers’ compensation, or family law proceedings)
Criminal records and conviction information
Information about racial or ethnic origin
Information about sexual orientation or practices (in some family or discrimination matters)
Immigration and citizenship status

We will only collect sensitive information where it is reasonably necessary for the conduct of your matter and, where required by the APPs, with your consent. Sensitive information will be treated with heightened care and used only for the purpose for which it was collected unless an exception under the Privacy Act applies.

Information collected automatically

When you visit our website, we may automatically collect certain technical information, including your IP address, browser type, device information, pages visited, and time and date of access. We use this information to maintain and improve our website and services. This information is generally not linked to your identity unless you choose to contact us through the website.

How We Collect Personal Information

From you directly

We collect most personal information directly from you, including through:

Initial enquiries by telephone, email, or in person
Completion of our client intake forms and identity verification procedures
Execution and performance of your engagement with us
Correspondence, meetings, and instructions during the course of your matter
Documents and records you provide to us

From third parties

We may also collect personal information from third parties, including:

Other law firms, barristers, and legal practitioners acting in the same or related matters
Courts, tribunals, and government agencies
Counterparties and their legal representatives
Financial institutions, accountants, and other professional advisers
Publicly available sources, including ASIC registers, land title offices, court records, and government databases
Referring practitioners and introducers
Investigation firms and process servers engaged on your behalf

Where we collect personal information about you from a third party, we will take reasonable steps to notify you of that collection to the extent required by APP 5.

Cookies and website analytics

Our website may use cookies and similar tracking technologies. You can configure your browser to refuse cookies; however, some features of our website may not function correctly if you do so. We do not use cookies to collect personal information for the purpose of sharing it with third parties for their own marketing purposes.

Purpose of Collection and Use of Personal Information

Primary purposes

We collect and use personal information primarily for the following purposes:

Providing legal advice, representation, and related legal services to you
Establishing and maintaining our client relationship, including the engagement and ongoing management of your matter
Conducting client identity verification and anti-money laundering checks as required by the AML/CTF Act and the Legal Profession Act 2007 (Qld)
Preparing, filing, and serving legal documents in courts, tribunals, and before regulatory bodies
Corresponding with counterparties, their legal representatives, courts, and government agencies
Issuing invoices, processing payments, and managing trust account obligations
Complying with our professional and ethical obligations under the Legal Profession Act 2007 (Qld), the Australian Solicitors’ Conduct Rules, and applicable Federal law
Maintaining conflict-of-interest checks
Responding to complaints, disciplinary proceedings, or legal claims against us

Secondary purposes

We may also use personal information for the following secondary purposes, each of which is directly related to our primary purposes:

Improving and developing our legal services and internal processes
Training our staff and legal practitioners (using de-identified or anonymised information where practicable)
Conducting client satisfaction surveys (participation is voluntary)
Sending you legal updates, alerts, or other information about our services where you have consented or where it is otherwise permitted

If we wish to use your personal information for a purpose materially different from those described above, we will obtain your consent or otherwise act in accordance with APP 6.

Disclosure of Personal Information in Australia

In the ordinary course of providing legal services, we disclose personal information to third parties within Australia, including:

Barristers, expert witnesses, and other legal practitioners engaged on your matter
Courts, tribunals, the Queensland Courts system, Federal Court of Australia, and other judicial and quasi-judicial bodies
Government departments and agencies (including the Australian Taxation Office, Australian Securities and Investments Commission, Queensland Department of Justice and Attorney-General, and others) as required by law or by your instructions
Land registries, ASIC, and other statutory registers
Process servers, investigation firms, and debt recovery agents engaged in connection with your matter
Mediators, arbitrators, and dispute resolution providers
Our insurers and reinsurers, for the purpose of maintaining and administering our professional indemnity insurance
Our auditors, accountants, and financial advisers
Regulatory bodies, including the Queensland Law Society, in compliance with our professional obligations
Technology and cloud service providers operating under contractual confidentiality and data processing obligations (see the Disclosure to Overseas Recipients section below)

We disclose personal information to these parties only to the extent necessary for the relevant purpose. Where we disclose information to third-party service providers within Australia, we take reasonable steps to ensure those providers handle the information in accordance with the APPs.

Disclosure to Overseas Recipients

Overview of overseas transfers

In operating our practice, we use a number of technology platforms and service providers whose infrastructure, servers, or personnel are located outside Australia. As a result, your personal information may be transferred to, stored in, or accessed from the following jurisdictions:

Jurisdiction	Category of Platform / Use	Basis of Transfer
Australia (primary)	Practice management, document management, email, trust accounting, file storage	Domestic processing; APPs apply in full
United States of America	Cloud infrastructure, AI productivity tools, communication platforms, and software-as-a-service providers	APP 8.2(b) exemption applies — see the APP 8.2(b) exemption section below
Singapore	Cloud infrastructure and data replication; certain SaaS providers with Asia-Pacific data centres	APP 8.2(b) exemption applies — see the APP 8.2(b) exemption section below

Australian Privacy Principle 8 and the APP 8.2(b) exemption

APP 8.1 generally requires an APP entity, before disclosing personal information to an overseas recipient, to take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information.

IMPORTANT NOTICE — IMPORTANT DISCLOSURE — Please read carefully before engaging our services: In respect of our disclosures to overseas technology platforms and service providers located in the United States of America and Singapore, EAGLEGATE relies on the exemption in APP 8.2(b) of Schedule 1 to the Privacy Act 1988 (Cth). This means that APP 8.1 does NOT apply to those disclosures. The legal consequence is that EAGLEGATE IS NOT ACCOUNTABLE UNDER THE PRIVACY ACT 1988 (CTH) FOR ANY ACT OR PRACTICE OF AN OVERSEAS RECIPIENT THAT WOULD BREACH THE AUSTRALIAN PRIVACY PRINCIPLES IF IT HAD OCCURRED IN AUSTRALIA. We bring this expressly to your attention so that you can make a fully informed decision before engaging our services. If you have concerns about the transfer of your personal information to overseas recipients, you should raise them with us before engaging us.

Notwithstanding our reliance on APP 8.2(b), EAGLEGATE takes the selection of its technology platforms seriously. We do not rely on the APP 8.2(b) exemption as a reason to disregard the security or privacy practices of our service providers. Rather:

We select our platforms carefully, applying criteria that include the provider’s data security standards, privacy frameworks and contractual commitments
We require our service providers to maintain appropriate security and confidentiality obligations by contract, including data processing agreements and, where applicable, standard contractual clauses or equivalent mechanisms
We limit the data we transfer to what is reasonably necessary for the service being provided
We regularly review the platforms we use to assess whether they continue to meet our standards

We bring the APP 8.2(b) exemption to your attention expressly and transparently so that you are fully informed before engaging our services. This is consistent with our commitment to candour and with the obligation to provide sufficient information for an informed consent to be given.

Your options

If you do not wish your personal information to be transferred overseas on the basis described above, please contact us before engaging our services so that we can discuss your concerns. In some circumstances, we may be able to modify our processes, but we cannot guarantee this in every case, as some overseas transfers are inherent in the platforms we use to operate our practice.

Security of Personal Information

We take reasonable steps to protect personal information we hold from misuse, interference, and loss, and from unauthorised access, modification, and disclosure, in accordance with APP 11. Our security measures include:

Encryption of personal information in transit and at rest where technically practicable
Access controls, including role-based access, multi-factor authentication, and least-privilege principles for our practice management and document systems
Physical security measures at our office premises
Confidentiality obligations imposed on all employees, contractors, and agents as a condition of engagement
Incident response and data breach procedures, including our obligations under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act
Regular review of our IT systems and security practices

Notwithstanding these measures, no data transmission over the internet or electronic storage system is entirely secure. If you have reason to believe that your personal information has been compromised, please contact us immediately using the details in the Contact Us — Privacy Officer section below.

Data breach notification

If we have reasonable grounds to believe that a data breach has occurred that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individual(s) and the Office of the Australian Information Commissioner (“OAIC”) as soon as practicable in accordance with our obligations under the Notifiable Data Breaches scheme.

Artificial Intelligence and Automated Decision-Making

Our use of artificial intelligence

EAGLEGATE uses artificial intelligence (“AI”) tools to assist our practitioners in the performance of legal work. We use only closed AI systems — that is, AI platforms provided by reputable third-party vendors under agreements that:

Prohibit the vendor from using your data or our inputs and outputs to train, fine-tune, or improve the vendor’s AI models
Require the vendor to maintain appropriate data security and confidentiality standards
Restrict the vendor’s use of data to the provision of the contracted service

We do not use open AI platforms or public AI tools that may retain, share, or use submitted data to train models accessible to third parties.

No automated decision-making

EAGLEGATE does not use AI tools or any other automated system to make decisions that have a legal or similarly significant effect on you without human review. All legal advice, recommendations, documents, and decisions relating to your matter are reviewed, considered, and approved by a qualified legal practitioner before being communicated to you or acted upon. AI tools are used to assist our practitioners — not to replace their professional judgment.

This means that:

No automated system will assess your legal merit, creditworthiness, or eligibility for any outcome without human oversight
AI-assisted research, drafting, or analysis is always reviewed by a practitioner before reliance
You will always have access to a qualified legal practitioner who can explain the basis for advice or recommendations given to you

AI and your personal information

When we use AI tools in connection with your matter, we take reasonable steps to minimise the personal information included in inputs to AI systems, consistent with the task being performed. Where possible, we use techniques such as redaction or de-identification before submitting information to AI platforms.

AI tool providers we use are themselves subject to the Disclosure to Overseas Recipients section of this Policy. Our AI tool providers are included within the disclosure made in the Australian Privacy Principle 8 and the APP 8.2(b) exemption section above.

Data Quality

We take reasonable steps to ensure that the personal information we collect, use, and disclose is accurate, up to date, complete, and relevant to the purpose for which it is held, in accordance with APP 10. We rely on you to inform us promptly of any changes to your personal information, such as a change of address, contact details, or circumstances relevant to your matter. If you become aware that information we hold about you is inaccurate or out of date, please contact us using the details in the Contact Us — Privacy Officer section below.

Retention and Destruction of Personal Information

We retain personal information for as long as is necessary for the purposes for which it was collected, or as required or permitted by law. In particular:

Client files: We retain client files for a minimum of seven (7) years following the conclusion of a matter, in accordance with the Legal Profession Act 2007 (Qld) and the Australian Solicitors’ Conduct Rules. Longer retention periods may apply for certain matter types (for example, matters involving minors, conveyancing, or ongoing obligations).
Trust account records: We retain trust account records for the minimum period required by the Legal Profession Act 2007 (Qld) and the Queensland Law Society.
AML/CTF records: We retain identity verification and transaction monitoring records for at least seven (7) years after the end of the customer relationship, as required by the AML/CTF Act.
Taxation records: We retain financial records for the minimum period required by the Income Tax Assessment Act 1997 (Cth) and the Taxation Administration Act 1953 (Cth).
General correspondence: We retain correspondence and other records for such period as is reasonably necessary, taking into account our professional obligations and any applicable limitation periods.

When personal information is no longer required to be retained, we will take reasonable steps to destroy or de-identify it in a secure manner, in accordance with APP 11.2.

Access to and Correction of Personal Information

Right of access

Subject to the exceptions in APP 12, you have the right to request access to personal information we hold about you. We will respond to a request for access within a reasonable time, and in any event within 30 days. We may charge a reasonable fee for providing access where permitted by APP 12.

We may refuse or limit access in circumstances permitted by the Privacy Act, including where:

Providing access would pose a serious threat to the life, health, or safety of any individual
Providing access would have an unreasonable impact on the privacy of others
The request is frivolous or vexatious
The information relates to anticipated or existing legal proceedings between us and you, and the information would not be discoverable in those proceedings
Providing access would prejudice enforcement-related activities of a government agency
Legal professional privilege applies to the information

Where we refuse access, we will provide you with a written explanation of the reasons for refusal and information about how to make a complaint.

Right to correction

If you consider that personal information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, you may request that we correct it. We will take reasonable steps to correct the information as soon as practicable. If we decline to make the correction, we will provide our reasons in writing and advise you of your right to complain to the OAIC.

How to make an access or correction request

To request access to or correction of personal information, please contact our Privacy Officer using the details in the Contact Us — Privacy Officer section below. We may need to verify your identity before processing your request.

Privacy Complaints

Making a complaint to us

If you believe we have breached the APPs or this Policy, you may make a complaint to our Privacy Officer. Please provide:

Your name and contact details
A description of the conduct you believe constitutes a breach
The steps you would like us to take to resolve the matter

We will acknowledge receipt of your complaint within five (5) business days and aim to resolve the complaint within 30 days. If we require additional time, we will advise you and keep you informed of progress.

Making a complaint to the OAIC

If you are not satisfied with our response to your complaint, or if you do not wish to raise the matter with us directly, you may lodge a complaint with the Office of the Australian Information Commissioner (“OAIC”):

Website: www.oaic.gov.au
Telephone: 1300 363 992
Post: GPO Box 5218, Sydney NSW 2001

The OAIC has the power to investigate complaints about alleged breaches of the APPs and to make determinations, including for the payment of compensation.

Queensland complaints

Where your complaint relates to the handling of personal information held by a Queensland government agency in circumstances where the Information Privacy Act 2009 (Qld) applies, you may also contact the Office of the Information Commissioner (Queensland):

Website: www.oic.qld.gov.au
Telephone: 07 3234 7373

Contact Us — Privacy Officer

For all privacy-related enquiries, access or correction requests, or complaints, please contact our designated Privacy Officer:

Privacy Officer — EAGLEGATE Lawyers
Address: 5/82 Eagle Street, Brisbane
Email: [email protected]
Website: eaglegate.au

Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices, technology platforms, or applicable law. We will publish the current version of this Policy on our website. If we make a material change to the Policy, we will take reasonable steps to notify you, which may include email notification or a notice on our website. The version date at the top of this document indicates when it was last reviewed.

We encourage you to review this Policy periodically. Your continued engagement of our services following the publication of an updated Policy constitutes your acceptance of the changes, subject to your rights under the Privacy Act.