Privacy Policy

North Coast Law Pty Ltd

 Privacy Policy

 Effective date: 1 July 2026

  1. Purpose of this Privacy Policy

This Privacy Policy explains how North Coast Law collects, holds, uses, discloses and protects personal information.

In this Privacy Policy:

  • “personal information” has the meaning given in the Privacy Act 1988 (Cth) and generally means information or an opinion about an identified individual, or an individual who is reasonably identifiable;
  • “sensitive information” includes information about matters such as a person’s health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, biometric information and membership of a professional or trade association; and
  • “we”, “us” and “our” means North Coast Law.

As a legal practice, we also owe professional duties of confidentiality to our clients. Nothing in this Privacy Policy limits any higher obligation of confidentiality, privilege or professional conduct that applies to us.

  1. Application of this Privacy Policy

This Privacy Policy applies to personal information we collect in the course of providing legal services and operating our legal practice, including information collected from:

  1. clients and prospective clients;
  2. opposing parties, witnesses and other persons involved in legal matters;
  3. barristers, experts, consultants and other service providers;
  4. employees, contractors, applicants and secondees;
  5. users of our website, online forms and digital platforms; and
  6. other persons who interact with us.

This Privacy Policy does not apply to employee records where the employee records exemption under the Privacy Act 1988 (Cth) applies, although we may still manage such information in accordance with applicable legal and professional obligations.

  1. Types of personal information we collect

The types of personal information we collect depend on the nature of our relationship with you and the services we provide.

We may collect personal information including:

  1. name, date of birth and contact details;
  2. occupation, job title and employer details;
  3. identification information, including copies of identity documents where required;
  4. financial information, including billing details, payment information and trust account information;
  5. information about legal matters, disputes, transactions, claims, investigations or proceedings;
  6. information contained in documents, correspondence, witness statements, affidavits, contracts, pleadings, briefs and evidence;
  7. information required to comply with legal, regulatory, insurance, professional conduct and conflict-checking obligations;
  8. records of communications with us, including emails, telephone calls, meeting notes and file notes;
  9. website usage information, including IP address, device information, browser type and cookies; and
  10. recruitment information, including employment history, qualifications, references and background checks.

We may also collect sensitive information where it is reasonably necessary for our functions or activities, including for the provision of legal services.

  1. How we collect personal information

We collect personal information in a range of ways, including:

  1. directly from you, including when you contact us, instruct us, complete a form, attend a meeting or provide documents;
  2. from clients, witnesses, counterparties, barristers, experts, consultants, courts, tribunals, regulators and government agencies;
  3. from publicly available sources, including ASIC records, court lists, land title searches, professional registers and social media;
  4. through our website, email systems, client portals, practice management systems and other technology platforms;
  5. from recruitment agencies, referees and background-check providers; and
  6. from third-party service providers who assist us to operate our practice.

Where reasonable and practicable, we collect personal information directly from the individual concerned. However, given the nature of legal services, we may collect personal information from third parties where this is necessary or appropriate.

  1. Why we collect, use and disclose personal information

We collect, use and disclose personal information for purposes connected with our legal practice, including to:

  1. provide legal advice and legal services;
  2. open and manage client files;
  3. conduct conflict checks, due diligence and client identification processes;
  4. communicate with clients, courts, tribunals, regulators, counterparties, experts and other relevant persons;
  5. prepare, review and manage legal documents, correspondence, evidence and submissions;
  6. brief barristers, engage experts and instruct consultants;
  7. conduct litigation, dispute resolution, investigations, transactions and negotiations;
  8. issue invoices, receive payments and manage trust money;
  9. comply with legal, regulatory, insurance and professional obligations;
  10. manage risk, quality assurance, complaints and professional indemnity matters;
  11. recruit and manage staff, contractors and service providers;
  12. maintain and improve our website, systems, security and client services;
  13. send legal updates, invitations or marketing communications, where permitted; and
  14. conduct any other activities reasonably necessary for the operation of our legal practice.

We may also use or disclose personal information for any purpose required or authorised by law.

  1. Legal professional privilege and confidentiality

Information provided to us for the purpose of obtaining legal advice or legal services may be protected by legal professional privilege.

We take confidentiality and privilege seriously. We will not disclose confidential client information except where:

  1. authorised by the client;
  2. necessary for the provision of legal services;
  3. required or authorised by law;
  4. permitted under applicable professional conduct rules; or
  5. necessary to protect our lawful interests, including in relation to a dispute, complaint, insurance claim or regulatory matter.
  1. Disclosure of personal information

We may disclose personal information to third parties where appropriate, including to:

  1. barristers, experts, consultants, investigators and other professional advisers;
  2. courts, tribunals, commissions, regulators and government agencies;
  3. counterparties, their legal representatives and other persons involved in a legal matter;
  4. process servers, search providers, transcription providers and litigation support providers;
  5. insurers, brokers and professional indemnity providers;
  6. auditors, accountants and financial institutions;
  7. technology providers, cloud storage providers, cybersecurity providers and practice management software providers;
  8. mailing, printing, archiving and document management providers;
  9. recruitment agencies, referees and background-check providers;
  10. debt recovery providers, where necessary; and
  11. any other person where disclosure is required or authorised by law or necessary to provide legal services.

Where we disclose personal information to third-party service providers, we take reasonable steps to ensure those providers handle the information consistently with applicable privacy and confidentiality obligations.

  1. Overseas disclosure

Some of our service providers or technology platforms may store, process or access personal information outside Australia.  Unfortunately we are not able to tell you where but we can tell you that our main practice management software and our banking data is held in Australia.

  1. Website, cookies and analytics

When you use our website, we may collect information such as:

  1. IP address;
  2. device and browser type;
  3. pages visited;
  4. time and date of access;
  5. referring website; and
  6. other usage data.

We may use cookies, analytics tools and similar technologies to improve our website and understand how users interact with it.

You may be able to disable cookies through your browser settings. However, some website functions may not operate properly if cookies are disabled.

If our website uses third-party analytics, advertising pixels, embedded content, online enquiry forms, chat functions or client portals, those functions should be specifically described here.

  1. Direct marketing

We may use personal information to send newsletters, legal updates, event invitations or other communications that may be of interest to clients and contacts.

You may opt out of receiving marketing communications at any time by:

  1. using the unsubscribe function in an email; or
  2. contacting us using the details set out in section 16.

We will not sell personal information to third parties for marketing purposes.

  1. Storage and security of personal information

We may hold personal information in physical and electronic form, including in:

  1. hard copy files;
  2. email systems;
  3. practice management systems;
  4. document management systems;
  5. cloud storage platforms;
  6. accounting and trust accounting systems; and
  7. archived files and backups.

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.

Our security measures may include:

  1. access controls and password protections;
  2. multi-factor authentication;
  3. encryption where appropriate;
  4. staff confidentiality obligations and training;
  5. secure document storage and disposal procedures;
  6. cybersecurity monitoring and backup systems;
  7. physical office security; and
  8. policies for managing confidential and privileged information.

No method of transmission or storage is completely secure. However, we take reasonable steps to maintain the security of personal information having regard to the nature of the information and the risks involved.

  1. Retention and destruction of personal information

We retain personal information for as long as necessary for the purposes for which it was collected, including to:

  1. provide legal services;
  2. comply with legal, regulatory, insurance and professional obligations;
  3. maintain client records;
  4. resolve disputes or complaints;
  5. enforce agreements; and
  6. meet limitation period and professional indemnity requirements.

When personal information is no longer required, we will take reasonable steps to destroy or de-identify it, subject to any legal, professional or archival obligations.

Client files may be retained for the period specified in our costs agreement, engagement terms, file retention policy or as otherwise required by law or professional standards.

  1. Access to personal information

You may request access to personal information we hold about you.

We will respond to access requests within a reasonable period. We may require proof of identity before providing access.

In some circumstances, we may refuse access or provide limited access where permitted by law, including where:

  1. providing access would prejudice legal professional privilege;
  2. providing access would reveal confidential information about another person;
  3. the request is frivolous, vexatious or unreasonable;
  4. access would prejudice legal proceedings, negotiations or investigations;
  5. access would pose a serious threat to health or safety; or
  6. access is otherwise not required by law.

If access is refused, we will provide reasons where it is reasonable to do so.

  1. Correction of personal information

We take reasonable steps to ensure the personal information we hold is accurate, up to date, complete, relevant and not misleading.

You may request correction of your personal information by contacting us using the details set out in section 16.

If we refuse to correct personal information, we will provide reasons where required by law. You may request that we associate a statement with the information noting that you consider it to be inaccurate, out of date, incomplete, irrelevant or misleading.

  1. Notifiable data breaches

We are subject to the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

If we become aware of a data breach involving personal information, we will assess whether the breach is likely to result in serious harm to any individual.

Where required, we will notify affected individuals and the Office of the Australian Information Commissioner.

  1. Privacy enquiries and complaints

If you have a question, concern or complaint about how we handle personal information, you may contact us at:

nclaw@nclaw.com.au

We will acknowledge privacy complaints within a reasonable time and will investigate and respond to the complaint.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner:

Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001
Australia
Website: www.oaic.gov.au
Telephone: 1300 363 992

  1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

The current version will be available on our website at nclaw.com.au or may be requested by contacting us.

  1. Contact details

nclaw@nclaw.com.au