Skip to main content

About this policy

Mellor Olsson is committed to protecting your privacy and handling your personal information responsibly, in accordance with Australian privacy laws.

This policy explains how we collect, hold, use and disclose personal information. It applies to Mellor Olsson Lawyers (ABN 44 157 825 957) and our related entities, including Shelfcom (ABN 20 794 235 274) (together, referred to as Mellor Olsson, we, us or our).

We are bound by the Privacy Act 1988 (Cth) (the Act) and the Australian Privacy Principles (the APPs). As a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (the AML/CTF Act), we also comply with the Act when handling personal information for AML/CTF purposes.

In this policy, references to “services” include legal and conveyancing services provided by Mellor Olsson, as well as company registration, trust and SMSF establishment and related corporate services provided by Shelfcom.

We may update this policy from time to time. Any changes will be published on our website, and we encourage you to review this page periodically.

Why we collect personal information

We collect personal information so we can:

  • conduct our business and provide our services professionally and efficiently
  • respond to enquiries and communicate with our clients and contacts
  • identify clients, potential clients and relevant parties
  • conduct client onboarding and matter management
  • comply with legal and regulatory obligations, including AML/CTF requirements (such as customer due diligence)
  • inform you of initiatives, developments in the law and relevant business markets that may be of interest to you
  • send marketing communications where permitted by law
  • manage events, seminars and registrations
  • recruit and manage staff and contractors
  • improve our services, website functionality and user experience
  • conduct website analytics and performance monitoring, and
  • manage risk, prevent fraud and handle disputes.

If you do not provide the personal information we request, we may be unable to provide our services to you.

What personal information we collect

The types of personal information we collect depend on your relationship with us and the services we provide to you.

For clients and prospective clients, we may collect information such as:

  • identity details, including name, contact details, date of birth and photographic identification
  • financial details, including billing and payment information and bank account details
  • other information relevant to your matter (which may include sensitive information – see below)
  • information required by law or our professional conduct rules, and
  • information collected and verified as part of our Customer Due Diligence (CDD) obligations under the AML/CTF regime.

For employees and prospective employees, we collect information necessary for recruitment and employment.

For suppliers and other business contacts, we collect names, contact details and information relevant to our business relationship.

If you interact with us via our website or social media channels, we may collect online data about you via cookies and analytics as described below.

How we collect personal information

Where possible, we collect personal information directly from you – for example, through meetings, telephone calls or email correspondence.

In some cases, we may collect personal information about you from third parties. For example:

  • We may receive your personal information from your authorised representatives or agents, such as your accountant, financial adviser or another law firm acting on your behalf.
  • Our clients may provide us with personal information about third parties where it is relevant to their matter. For example, in disputes, we may receive personal information about opposing parties or witnesses, and in commercial transactions, we may receive personal information about directors, employees or shareholders of a target company or business.
  • We may collect personal information from publicly available sources where relevant to a matter, such as ASIC registers and lands title searches.

Where we receive personal information about you from a third party, we will handle that information in accordance with the APPs.

Identity verification

We use a third-party digital identity verification platform to collect and verify identification documents and related personal information as part of our Customer Due Diligence (CDD) obligations under the AML/CTF Act. When you provide identification documents through this platform, your personal information is stored on the platform provider’s systems, which are hosted in Australia. We require our verification provider to handle personal information in accordance with the APPs and appropriate contractual safeguards.

Collection of sensitive information

Sensitive information (such as health information, biometric data, racial or ethnic origin, political opinions, religious beliefs or criminal record information) is given a higher level of protection under Australian privacy laws. We may collect sensitive information where it is necessary for your legal matter, where we are required or authorised to do so by law (including under the AML/CTF Act for identity verification) or where we have your consent.

Anonymity and pseudonymity

Where practicable, you have the option of not identifying yourself, or of using a pseudonym, when dealing with us – for example, when making a general enquiry. However, in most cases we will need to verify your identity in order to provide our services and comply with our professional and legal obligations.

How we use personal information

We use personal information for the primary purpose for which it was collected, for related purposes that you would reasonably expect and for other purposes authorised by law. In general, we use and disclose personal information for the purposes set out in the section “Why we collect personal information” above.

We may also use personal information to generate anonymous data from which individuals cannot be identified.

Disclosure of personal information

We do not generally disclose personal information to third parties unless:

  • the disclosure is for the primary purpose for which it was collected
  • you have consented to the disclosure
  • the third party is our agent or contractor, in which case we require them to use the personal information only for the purpose for which it was disclosed
  • the third party is involved in a dealing or proposed dealing (including a sale) of all or part of our assets or business
  • the disclosure is to a related body corporate
  • the disclosure is required or authorised by law (including the AML/CTF Act).

The types of third parties to whom we may disclose personal information include our technology and systems service providers, debt collectors, investigation services, event venues and courier services. We require our service providers to handle personal information consistently with the APPs.

Marketing activities

We may use personal information we have collected from you (other than sensitive information) to market our services to you, including providing information about our services, events and legal developments. We will only do so where permitted by law.

All marketing communications will include an unsubscribe link. Once you unsubscribe, we will remove you from our mailing lists.

You can also ask us to stop sending you marketing communications at any time by contacting our Privacy Officer using the contact details below.

We do not disclose personal information to third parties for them to market their products to you unless you have expressly consented.

Our website

You may visit our website without identifying yourself. If you provide your contact details through our website, that information will be managed in accordance with this policy.

Our website uses cookies. A “cookie” is a small file stored on your device that helps us manage website settings and deliver content. We also collect certain technical information, such as your device type, browser type, IP address and the pages you visit on our website and on third-party websites. This information is used in aggregate form and is not intended to identify individuals directly.

You can manage cookies through your browser settings, although doing so may limit your access to some website features.

Our website may contain links to third-party websites. We are not responsible for the content or the privacy practices of those sites.

Security of personal information

Protecting personal information is a priority for us. We take reasonable steps to safeguard your personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Personal information is stored securely and access is restricted to authorised personnel only. Our security measures include encryption, multi-factor authentication, strong password policies, role‑based access controls, audit logging, endpoint protection, backup and recovery processes and physical security at our premises.

We maintain internal policies on management of personal information, and provide staff training to ensure compliance with these policies.

How we store personal information

We store personal information in paper-based files and in secure electronic databases (including those maintained by trusted third-party storage providers based in Australia). Paper-based files are stored securely at our premises.

We use a range of third-party technology providers to operate our systems. When engaging third-party service providers, we take reasonable steps to:

  • use reputable providers with strong data protection standards
  • ensure that providers handle personal information consistently with the APPs and are bound by appropriate contractual safeguards, and
  • ensure that personal information is hosted in Australia where practicable.

We primarily store personal information on servers located in Australia. However, some data (such as website traffic and technical metadata) may be processed through overseas servers as a result of our use of global service providers. Where personal information is processed overseas, we take reasonable steps to ensure it is handled in accordance with the APPs or equivalent international standards. We retain personal information only for as long as necessary to meet our business, legal and regulatory requirements. When personal information is no longer required, it is securely destroyed or de‑identified.

Correcting your information

You can contact us at any time to update your personal information or let us know if it is inaccurate or incomplete. We will take reasonable steps to correct it.

If we consider that correction is not required, we will note your request and provide you with written reasons for our decision.

Access to personal information

You may request access to the personal information we hold about you by contacting our Privacy Officer. We will respond to your request within 30 days. No fees are charged for access requests.

In limited circumstances we may refuse access – for example, where providing access would pose a serious threat to life or health, unreasonably impact another person’s privacy, be unlawful, prejudice an enforcement activity or relate to an existing legal dispute.

If we refuse access, we will provide written reasons (unless doing so would be unreasonable) and information about how to complain.

Transferring information overseas

In addition to the overseas processing described above (see “How we store personal information”), we may transfer personal information overseas where necessary for your legal matter. Otherwise, we will not transfer personal information outside Australia unless:

  • you have consented to the transfer, or
  • we are required or authorised by law to do so.

Before transferring personal information overseas, we take reasonable steps to ensure the recipient will handle it in accordance with the APPs – for example, by assessing the recipient’s privacy practices and relying on contractual safeguards.

Data breaches

We maintain a data breach response plan. If a data breach occurs that is likely to result in serious harm to any individual, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Act.

Complaints

We are committed to continuously improving our procedures to ensure personal information is handled appropriately. If you believe we have not handled your personal information in accordance with this policy or applicable privacy laws, please contact our Privacy Officer.

Our Privacy Officer will:

  • listen to your concerns about our handling of personal information
  • discuss with you how we can remedy the situation, and
  • put in place an action plan to resolve your complaint and, if appropriate, improve our information handling procedures.

If you are not satisfied with the outcome of this process, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) on 1300 363 992 or at www.oaic.gov.au.

Contact us

If you would like to access any personal information we hold about you, or if you have any questions about this policy, please contact our Privacy Officer:

Privacy Officer

Email: [email protected]

Phone: 08 8414 3400

Address: Level 6, 89 Pirie Street, Adelaide SA 5000