Skip to Content

Xuveo Legal Privacy Policy

Last updated:

  1. Introduction

      1. This is our Privacy Policy, which explains the way in which we collect and process Personal Information.

      2. In relation to the use of this Website, this Privacy Policy is subject to, and must be read with our Website Terms.

      3. If you are a Client, this Privacy Policy also forms part of our Terms of Retainer.

      4. We are bound by industry legislation, regulations and ethical duties (such as the ASCR and the LPA) to protect Personal Information and confidential information in performing our Services.

      5. We respect your privacy and use our best endeavours to keep your Personal Information secure.

      6. By continuing to use this Website, or engaging our Services, you consent to the handling of your Personal Information in accordance with this Policy.

  2. Personal Information we collect & process

    1. How we collect Personal Information

      1. We may collect Personal Information directly or indirectly from any of the following sources:

        Click or tap on each heading to show detailed information
        1. Communications

          Personal Information obtained when you or third parties communicate with us.

          For Example: emails, telephone calls, video conferences, meetings, verbal instructions, SMS or instant message communications.

        2. Documents

          Personal Information obtained in documentary formats.

          For example: Agreements, contracts, electronic documents, emails, written correspondence, records, evidence.

        3. Search Data

          Personal Information contained in data obtained through searches and legal research activities.

          For Example: Government agency and public search databases and registers, domain name whois data, online searches and legal research.

        4. Web Technologies including Cookies

          Personal Information and analytics data obtained through the use of web technologies, email marketing, social media and other online channels.

          In many cases, such data is anonymised and aggregated so that individuals are not identified or tracked.

          For Example: Cookies, web beacons, web analytics tools.

          For information about cookies and how we use them, please see our Cookie Policy.
    2. Types of Personal Information we collect & process

      1. We may collect and process the follwing kinds of Personal Information:

        Click or tap on each heading to show detailed information
        1. Identity information

          Personal Information relating to an individual's identity.

          For Example: Name, date of birth, age, sex.

        2. Government Identifier information

          Personal Information contained in government issued identifiers.

          For Example: Drivers' licence number, passport or visa information, Director ID Number (DIN), Australian Business Number (ABN).

        3. Location information

          Personal Information relating to an individual's location or address.

          For Example: Residential or business address, postal address, geographic location.

        4. Contact information

          Personal Information relating to an indivudal's contact information.

          For Example: Telephone numbers, email addresses, social media handles.

        5. Financial & payment information

          Personal Information relating to an individual's financial status, transactions or payments.

          For Example: banking and payment transaction information, solvency status information, creditworthiness information, property information, mortgage and personal property securities information.

        6. Legal, personal & business affairs information Personal Information about an individual's legal, personal and business affairs, including information realting to Service provided (or to be provided) to an individual.

          For Example: Information about legal matters, legal advice and strategy, business planning information, intellectual property information.

        7. Association information

          Personal Information about how an individual interacts with or relates to others.

          For Example: Membership information, professional affiliations, shareholder or partnership information.

        8. Web & browser information

          Personal Information about an individual's web browsing activities.

          For Example: web analytics information, internet browser or device (including operating system, make, model and configuration), IP address, user behaviour (such as links activated, clicks, email and page views, and bounce rates), location (where location services are enabled on the individual’s device).

      2. The Privacy Act defines some types of Personal Information as sensitive information, such as health information. We do not actively collect sensitive information unless it is necessary in the course of providing our Services.

    3. Legal Basis

      1. We collect and process Personal Information under one or more of the following legal bases:

        Click or tap on each heading to show detailed information
        1. Consent

          The individual has provided us with express or implied consent to collect and process their Personal Information.

          You may have the right to revoke or limit such consent where it has been given.

        2. Contract

          We have entered into, prepared or proposed a contractual or other legal relationship with the individual.

          For Example: Client retainers, service contracts.

        3. Legal obligations

          We have a legal obligation to collect or process the Personal Information.

          For Example: Performance or observance of legal obligations, professional duties, ethical duties, duties to the court or administration of justice, or to satisfy requirements and obligations for tax, legal, evidentiary, accounting or similar purposes.

        4. Legitimate interests

          We may collect and process Personal Information where we have a legitimate interest to do so.

          For Example: marketing, advertising, professional development, product and service development, website enhancement, information security.

  3. How we store and secure Personal Information

    1. General

      1. We are required by law to retain certain Personal Information to comply with our statutory duties and other ethical and professional duties.

      2. Where we are required to store Personal Information, we use reasonable endeavours to:

        1. maintain the security of; and

        2. prevent unauthorised access to, or disclosure of;

        the Personal Information we collect.

    2. Location of data

      1. Our website, email and electronic document storage services are hosted on servers located within Australia. However, we use other third-party services that may transmit or store some Personal Information overseas.

      2. Personal Information may also be transmitted or stored outside Australia if:

        1. we send or receive communications or information to or from Clients or other parties located outside Australia (For example: international trade mark applications require us to provide Personal Information to organisations outside of Australia); or

        2. the sender or recipient of the communications or information uses a service (for example: an email hosting provider) that is located outside Australia.

      3. Personal Information that is transmitted or stored outside Australia might not be subject to Australian privacy laws.
    3. Information security measures we adopt

      1. We adopt a range of technologies and measures to safeguard Personal Information and confidential information, including the following:

        Click or tap on each heading to show detailed information
        1. Technological security measures
          • SSL encryption technology on our website - by default, connections to our website are automatically redirected to HTTPS/SSL connections and unsecured HTTP connections are not permitted;

          • CSRF and XSS prevention measures and implementation of CSP measures on our website to minimise malicious scripting attack vectors;

          • Multi-factor authentication or two-factor authentication (MFA/2FA) technologies (where available) to protect against unauthorised account logins and transactions;

          • Password management tools & policies – including deployment of password management software and adoption of "robust password generation" & "password non-recycling/non-reuse" policies;

          • Data encryption and isolation (where available);

          • Digital email signatures (where possible);

          • Secure document sharing platforms (where possible) to avoid sharing of sensitive information over email channels;

          • Payments processing in accordance with our Payment Security Policy;

          • Third-party payment gateways for processing of all credit card and online payment transactions.

            We do not collect or store credit card information on our servers except for partial card numbers, expiry date and cardholder information that we are required to retain for transaction verification purposes.
        2. Physical security measures
          • Secure destruction of physical files and documents when no longer required to be retained.

          • Minimising printing and the use of physical filing.

      2. We regularly engage in cybersecurity learning and seek to promote good IT security practices for ourselves and our Clients.

  4. Processing of Personal Information

    1. Purposes for which we process Personal Information

      1. We may process Personal Information for one or more the following purposes:

        Click or tap on each heading to show detailed information
        1. Business purposes

          Operating our business.

          For Example: Providing Services to our Clients, responding to enquiries, communications, internal management, administration, record-keeping and file maintenance, auditing, legal compliance, obtaining goods & services.

        2. Professional regulation & compliance

          To comply with our legal, regulatory, professional and ethical duties and obligations.

          For Example: Disclosures required to professional regulators, trust account auditing, tax compliance, insurance obligations, court and tribunal orders and directions.

        3. Payment processing & transactions

          To facilitate and process financial transactions and payments.

        4. Website features, functionality & analytics

          To enable features and functionality on our website, and to monitor website usage and engagement.

          We use third-party analytics services to understand and monitor the use of our website, including obtaining anonymised aggregate user behaviour metrics, search terms and website performance monitoring.

          This data is used to improve the quality of your user experience, to identify and diagnose performance issues, and to develop and improve our website, Service offerings and other content.

          We do not currently use this data to generate user profiles or for targeted advertising services.

        5. Marketing & advertising

          To promote, advertise and market our business, and measure engagement and marketing results.

          For Example: email marketing campaigns, newsletter campaigns, online advertising.

    2. Third Parties

      1. We will not sell or lease your personal information for marketing purposes without your prior consent.

      2. We work and interact with a wide range of third parties to operate our business and obtain goods & services and we may provide some of those third parties with the Personal Information we collecte & process.

      3. Some major third party suppliers to whom we may provide Personal Information, and the purposes for which we provide such Personal Information, are set out in the following table. You can learn more about each third party's data and privacy practices on their respective websites.

        Click or tap on each heading to show detailed information
        1. Microsoft
          Supplier
          Microsoft, Inc. and its subsidiaries, related entities & affiliates.
          Purposes
          Website Functionality;
          Business Purposes;
          Communications
          Policies
          Microsoft Privacy Statement
        2. Xero
          Supplier
          Xero Limited and its subsidiaries, related entities & affiliates.
          Purposes
          Business Purposes;
          Communications;
          Payment processing & transactions;
          Compliance
          Policies
          Xero Privacy Statement
        3. Stripe
          Supplier
          Stripe Inc and its subsidiaries, related entities & affiliates.
          Purposes
          Business Purposes;
          Communications;
          Payment processing & transactions;
          Compliance
          Policies
          Stripe Privacy Policy
        4. Google
          Supplier
          Google Inc and its subsidiaries, related entities & affiliates.
          Purposes
          Website Functionality & Analytics;
          Marketing
          Policies
          Google Privacy Policy
          Google Partner Site Privacy Policy
        5. Courts, Tribunals & Government and Non-Government Agencies
          Supplier
          Purposes
          Business Purposes;
          Professional Regulation & Compliance
          Policies
          Please consult the respective agency websites for further information about their privacy policies and information processing practices.
        6. Legal Profession Regulators & Professional Association Bodies
          Supplier
          Queensland Law Society Inc (QLS);
          Legal Services Commission of Queensland (LSC);
          Lexon Insurance Pte Ltd;
          Purposes
          Business Purposes;
          Professional Regulation & Compliance
          Policies
          QLS Privacy Policy;
          LSC Protection of Information Policies
          Lexon Insurance Privacy Policy
        7. Trust Account External Examiner
          Supplier
          Audit Assist Pty Ltd
          Purposes
          Professional Regulation & Compliance
          Policies
          (Available upon request)
  5. Privacy Enquiries & Complaints

    1. Your Rights

      1. In some circumstances, you may have the right to request access to, or correction, amendment, deletion or transfer of, your Personal Information. In addition, you may have the right to object to our handling of your Personal Information.

      2. Your rights may vary depending on your jurisdiction. You may need to seek independent advice in relation to the rights that apply to you.

    2. How to contact us about Privacy

      1. If you have a privacy enquiry or complaint, or objection to our processing of your Personal Information, we ask that you Contact Us using the contact methods published on our website.

      2. We will endeavour to respond to enquiries regarding privacy within a reasonable timeframe, however, this may be extended if the enquiry is complex or relates to historical or archived information.

      3. We may not be able to respond to enquiries about privacy where such response would require or cause us to:

        1. breach any legislation that applies to us;

        2. breach any professional, contractual or ethical duties owed by us to our Clients or third parties including the duty of confidentiality;

        3. breach any of our duties to the court (including a court order or undertaking) or to the administration of justice; or

        4. waive legal professional privilege on behalf of a Client.

    3. If you are not satisfied with our response

      1. If you are unhappy with our response to a privacy enquiry or complaint, you may contact the Office of the Australian Information Commissioner (OAIC).

        For further information about the OAIC and Australian Privacy Law, please visit the OAIC Website.
      2. If you are outside Australia, you may also have the right to lodge a complaint or enquiry with an equivalent authority in your jurisdiction.

  6. Other Privacy Matters

    1. Pseudonyms & Anonymity

      1. You may have the option to interact with us on this website or in our social media channels anonymously or under a pseudonym.

      2. However, as we are normally required by law to identify all Clients who engage us to provide Services, it may not be possible for us to offer Services to you anonymously or under a pseudonym.

    2. Quality Assurance, Information Integrity & Accuracy

      1. We will take reasonable steps to ensure that Personal Information we collect and process is accurate having regard to its purpose.

      2. However, we often need to rely upon information from third-party sources, the accuracy of information may be affected by those third-party sources.

  7. Interpretation & General Provisions

    1. Definitions

      1. Unless the context otherwise requires, words and phrases used in this Policy have the meanings defined in our Website Terms.

    2. Rules for interpretation

      1. This Policy forms part of, and is to be interpreted in the same way as, our Website Terms.

Connect

Connect

Contact Form
Social Media
Mail
PO Box 5159
Mt Gravatt East Queensland 4122
Hours
Monday-Friday 9:00am-5:00pm (AEST).
Closed Public Holidays.
Meetings by appointment only. Telephone and Videoconference appointments are preferred, subject to prevailing Covid restrictions.
Contact Us
 
Personal information submitted in this form will be used for the purpose of responding to your Enquiry and will be handled in accordance with our Privacy Policy