We are bound by industry legislation, regulations and ethical duties (such as under the ASCR and the LPA) to protect Personal Information and confidential information in performing our Services.
We respect your privacy and use our best endeavours to keep your Personal Information secure.
By continuing to use this website or our Services, you consent to the handling of your Personal Information in accordance with this Policy.
Personal Information we collect
How we collect Personal Information
We may collect Personal Information directly or indirectly from any of the following sources:
information, communications, documents and instructions provided to us by our Clients or their associates and advisors;
information, communications and documents provided to us by third parties (for example: opposing lawyers, barristers, advisors or government agencies);
information and documents obtained by searching public or government databases (for example: ASIC, ABR, PPSR and other government agency searches); and
information collected by a person’s use of this website, email communications or our social media channels (forexample: form submissions and analytics data).
Types of Personal Information we collect on our website, email and social media platforms
device, including its operating system, make, model and configuration;
behaviour, such as links activated, clicks, page views and bounce rates;
location (where location services are enabled on the individual’s device);
You may be able to opt out of collection of some types of the above information by changing your browser or device configuration or settings. However, disabling some features may reduce the functionality of our website or our ability to communicate with you or provide Services to you.
Types of Personal Information we collect in the course of providing Services
We collect a wide range of Personal Information in the course of providing Services to our Clients.
Examples of the kinds of Personal Information we collect in the course of providing Services may include an individual’s:
identity, such as their name, date of birth, age and sex;
government-related identifiers (for example: drivers licences or passport information);
physical location, such as their residential and business addresses;
contact information, such as their telephone numbers, email addresses and social media profiles;
financial information, such as solvency status and creditworthiness;
payment information, such as partial card number, cardholder name, card expiry date and bank account details
legal affairs, personal affairs and business planning information, such as business plans, contractual negotiations and proposals;
intellectual property information; and
association with other individuals, groups or entities.
The Privacy Act defines some types of information as sensitive information, such as health information. We do not actively collect sensitive information unless it is necessary in the course of providing our Services.
Pseudonyms and Anonymity
You may have the option to interact with us on this website or in our social media channels anonymously or under a pseudonym.
However, as we are normally required by law to identify all Clients who engage us to provide Services, it may not be possible for us to offer Services to you anonymously or under a pseudonym.
We will take reasonable steps to ensure that Personal Information we collect, use or disclose is accurate having regard to the purpose of collection, use or disclosure.
However, we often need to rely upon information from third-party sources, the accuracy of information may be affected by those third-party sources.
How we store and secure Personal Information
We are required by law to retain certain Personal Information to comply with our statutory duties and other ethical and professional duties.
Where we are required to store Personal Information, we use reasonable endeavours to:
maintain the security of; and
prevent unauthorised access to, or disclosure of;
the Personal Information we collect.
Location of data
Our website, email and electronic document storage services are hosted on servers located within Australia. However, we use other third-party services that may transmit or store some Personal Information overseas.
Personal Information may also be transmitted or stored outside Australia if:
we send or receive communications or information to or from Clients or other parties located outside Australia (For example: international trade mark applications require us to provide Personal Information to organisations outside of Australia); or
the sender or recipient of the communications or information uses a service (for example: an email hosting provider) that is located outside Australia.
- Personal Information that is transmitted or stored outside Australia might not be subject to Australian privacy laws.
Information security measures we adopt
Technological security measures we adopt include use of:
SSL encryption technology on our website - by default, connections to our website are automatically redirected to HTTPS/SSL connections and unsecured HTTP connections are not permitted;
CSRF and XSS prevention measures and implementation of CSP measures on our website to minimise malicious scripting attack vectors;
multi-factor authentication technologies (where available) to protect against unauthorised account loginsand transactions;
reputable password management and generation software and password non-recycling policy;
database at-rest encryption and isolation (where available);
third-party payment gateways for processing of all credit card and online payment transactions - we do not collect or store credit card information on our servers except for partial card number, expiry date and cardholder information that we are required to retain for transaction verification purposes.
We adopt a range of physical security measures, including:
secure destruction of physical files when no longer required to be retained; and
minimising printing and the use of physical filing.
Physical documents that are no longer required are destroyed securely to DIN 66399 Standard Level P4 or greater or returned to our Clients.
Use and sharing of Personal Information
Purposes for which we use or share Personal Information
We may use and share Personal Information for the following purposes:
in the course of providing Services to our Clients;
where we are required to disclose Personal Information by law, or to comply with contractual, ethical, statutory or professional duties owed to our Clients, to the court or to the administration of justice;
in the course of obtaining goods or services from third-party suppliers (for example: when engaging another law practice on behalf of a Client, or when processing banking transactions, or when obtaining IT services such as website hosting or IT support);
How to contact us about Privacy
You may contact us about privacy using the contact methods published on our website.
We will endeavour to respond to enquiries regarding privacy within a reasonable timeframe, however, this may be extended if the enquiry is complex or relates to historical or archived information.
However, we may not be able to respond to enquiries about privacy where such response would require or cause us to:
breach any legislation that applies to us;
breach any professional, contractual or ethical duties owed by us to our Clients or third parties including the duty of confidentiality;
breach any of our duties to the court (including a court order or undertaking) or to the administration of justice;
waive legal professional privilege on behalf of a Client;
If you have a complaint about privacy or our handling of Personal Information, we ask that you contact us in the first instance to discuss your complaint.
If you are unhappy with our response to a privacy enquiry or complaint, you may contact the Office of the Australian Information Commissioner (OAIC). For further information about the OAIC, please visit the privacy.gov.au website.
Interpretation & General Provisions
Unless the context otherwise requires, words and phrases used in this Policy have the meanings set out below:
- the Australian Solicitors’ Conduct Rules
- a client of ours, which may include a former client or prospective client
- Corporations Act
- the Corporations Act 2001 (Cth)
- the Legal Profession Act 2007 (Qld)
- Personal Information
- has the meaning defined under the Privacy Act
- Privacy Act
- the Privacy Act 1988 (Cth)
- the services we provide to our Clients or as part of our business, including legal services
- we / us / our
- Xuveo Pty Ltd (ABN 48 624 437 092) trading as Xuveo Legal
Rules for interpretation
Unless the context otherwise requires, the following rules of interpretation apply to this Policy.
the singular includes the plural, and vice versa;
any gender includes other genders;
a person includes individuals and other entities that have legal personality; and
legislation includes subordinate legislation, amendments and re-enactments;
The phrase “including” or use of examples does not imply limitation.
Headings and other formatting features are for ease of reference and document navigation and do not affect interpretation.
This Policy is governed by the laws of the State of Queensland, Australia.
If any part of this Policy is unlawful or unenforceable, that part may be severed from the rest of this Policy without affecting the remaining parts.
We may amend this Policy at any time without prior notice by publishing an amended version on our website.
Amendments will take effect from the later of the date of publication or the effective date stated on the amended Policy.