Riordan & Riordan Lawyers

Privacy Policy

 

1. Background

Riordan & Riordan Lawyers Pty Ltd (ABN 11 385 814 517) and its related entities (Riordan & Riordan, we, our or us) are committed to protecting the privacy of the personal information we collect and hold.  We are bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act).

This Privacy Policy outlines how we manage personal information in accordance with our obligations under the APPs.  It explains what personal information we may collect, why we may collect it, how we may use and disclose it, how we store and protect it, and how you can access and correct your personal information or make a complaint.

2. Kinds of personal information we collect and hold

The kinds of personal information we collect, and hold, will depend on the nature of your dealings with us. We may collect and hold the following kinds of personal or sensitive information

(a)  Personal information

       (i)          your name, residential and postal addresses, email address, telephone and other contact details;

       (ii)         your date and place of birth, gender, gender preferences and nationality;

       (iii)        your occupation, job title, employer and professional qualifications;

       (iv)        biometric information and geolocation data for the purpose of verifying your identity;

       (v)         your associations and affiliates, including any trusts and companies that you are affiliated with;

       (vi)        banking and financial information, including bank account details and billing information necessary for processing payments and fraud                                                      prevention;

       (vii)       information contained in our correspondence, file notes, attendance records and trust account records and documents relating to your matter                                        or engagement with us;

       (viii)      information you provide in connection with an application for employment with us, including your employment history, educational                                                            qualifications and referee details;

       (ix)       government-related documents and identifiers, including Australian Company Number (ACN), Australian Business Number (ABN), driver’s                                                 licence and number, passport and number, and Medicare card and number; director identification number (DIN);

(b)  Sensitive Information 

         (i)       medical or information (e.g. where relevant to an estate planning matter);

         (ii)      criminal record information (e.g. where are required to conduct background checks);

         (iii)     professional memeberships;

         (iv)     racial or ethnic origin, sexual orientation, political options or involement, religious beliefs or philosophical beliefs (where relevant to your                                                   matter).

Where required and practicable to do so, we will seek your consent before collecting sensitive information and explain the purpose of collection at that time. In limited circumstances, your consent may be implied.

3. How we collect personal information

(a)  Direct collection of personal information

       Personal information is collected by Riordan & Riordan when you:

         (i)      provide it to us;        

         (ii)     visit our website;       

         (iii)    visit our social media profiles (e.g. LinkedIn); and       

         (iv)    communicate with us in-person, or via email, telephone or facsimile.        

(b)  Collection of personal information via third parties

       In some circumstances, personal information about you may be collected by Riordan & Riordan from third parties, including:

         (i)      by an employee or partner of Riordan & Riordan;        

         (ii)     by a referral partner or other professional who refers you to us;       

         (iii)     our contractors or services providers;         

         (iv)     barristers or other professional advisers engaged in connection with your legal matter;

         (v)      public registers and government agencies (e.g. the Land Titles Office, Courts, Tribunals, ASIC); and/or 

         (vi)     third-party electronic verification services used for Anti-Money Laundering / Counter – Terrorist Financing (AML/CTF) compliance. 

We will only collect personal information from third parties where it is unreasonable or impracticable to collect that information directly from you, or where the collection is authorised or required by law, or if you otherwise consent.

4. Information collected for AML/CTF purposes

Riordan & Riordan is required to collect personal information in accordance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (collectively referred to as the AML/CTF Laws).

Where Riordan & Riordan provides a designated service under the AML/CTF Laws, we are required to collect identification information to verify the identity of our clients, and where applicable, the beneficial owners and controllers of legal structures.

Riordan & Riordan has appointed a third party, EasyAML Pty Ltd ACN 688 823 145, trading as easyAML to assist with our compliance of the AML/CTF Laws.  In doing 

         (i)       we may request that you provide personal information including identification and biometric information to easyAML for the purposes of verifying your                         identity and complying with the AML/CTF Laws;

         (ii)     easyAML may transmit, process and store your personal information. easyAML stores and processes that information in Australia;

         (iii)    easyAML may submit any identity documents or biometric information provided by you to a government body or third party service provider appointed                         by  easyAML for the purpose of verifying and authenticating an identity document or biometric information provided by you;

         (iv)     the personal information provided by you or Riordan & Riordan to easyAML will be handled in accordance with easyAML’s privacy policy, which can be                            found on their website here.

5. How we hold personal information

Protecting your personal information is a priority for Riordan & Riordan.  Riordan & Riordan may hold your personal information in electronic or physical files or on secure servers, storage and archive systems including via a system of networked computing facilities, software and databases that provide remote data storage and processing facilities online via the internet (Our Servers and Databases).

Riordan & Riordan takes reasonable technical and organisational measures to protect the personal information held by us from misuse, loss, unauthorised access, interference or disclosure.  Those measures include:

         (i)     access controls and role-based permissions on our computer systems;

         (ii)    firewalls, intrusion alert and antivirus software and encryption of data in transit and at rest;

         (iii)   multifactor authentication for access to systems that contain personal information;

         (iv)   physical security measures, including restricted access to our offices and secure destruction of our physical records;

         (v)   regular training of our employees on privacy and information security obligations; and

         (vi)   regular review and testing of information security practices. 

Whilst Riordan & Riordan takes caution to protect your personal information, the transmission of data over the internet or electronically cannot be completely secure.  Riordan & Riordan will not be liable for any loss, corruption, delay or loss of confidentiality arising from data or information transmitted electronically.

You can assist us to keep your personal information secure by ensuring you have appropriate back-up, security and virus checking systems and procedures in place for any personal information sent to or received from us.  You should also exercise caution and discretion when disclosing your personal information.

If Riordan & Riordan becomes aware of a data breach that is likely to result in serious harm to any person, Riordan & Riordan will take prompt action to assess the incident, and where required under the Privacy Act, notify the affected persons and the relevant regulatory authorities.  The notification will include a description of the breach, the likely consequences, and measures taken or proposed to be taken to address the breach.

Riordan & Riordan will retain personal information for as long as required for the purposes it was obtained, or as otherwise required by law.  When personal information is no longer needed, or if we are no longer required by law to retain it, we will take reasonable steps to securely destroy it.

6. Purposes for which we collect, hold, use and disclose personal information

Riordan & Riordan may collect, hold, use and disclose personal information for the following purposes:

(a)  to provide professional services

         (i)     to provide you with legal services;

         (ii)     to manage your legal matter/s or engagements with us, including opening and maintaining our client files;      

         (iii)    to conduct conflict of interest searches;       

         (iv)    to communicate with you about your matter or engagement;   

         (v)     to prepare and issue invoices and manage trust account transactions;

         (vi)      to engage third parties (such as barristers or other professional advisers) in connection with your matter.

(b)  to comply with AML/CTF Laws and other laws

         (i)       to comply with our obligations under the AML/CTF Laws, including carrying out verification of identification searches, conducting ongoing due diligence,                       monitoring transactions and to fulfil our reporting obligations with AUSTRAC;        

         (ii)      to comply with our professional and ethical obligations, including those required under the Legal Profession Uniform Law and any other relevant                                    legislation;      

         (iii)     to comply with our obligations under the Privacy Act;        

         (iv)     to respond to requests or orders from Courts, Tribunals or Government agencies.

(c)  to operate our business

       to carry out matters incidental to operating the business of Riordan & Riordan, including: administration, management and planning, marketing, data collection         for internal business purposes, debt collection, insurance purposes, monitoring and complying with our policies and internal business standards, risk                           management, employee training and professional development, business development, recruitment or human resource management.

(d)  to disclose your personal information in certain circumstances

         (i)     to our employees, contractors and service providers;

         (ii)     to Courts, Tribunals or law enforcement agencies;

         (iii)   to third party professional advisers where engaged or proposed to be engaged as part of your legal matter;

         (iv)    to any settlement agency engaged by us, including PEXA or easyAML;

         (v)     to AUSTRAC, where authorised or required by law;

         (vi)      other third parties with your consent, or otherwise authorised or required by law. 

7. Access and correction of your personal information

You may request access to your personal information held by Riordan & Riordan at any time.  However, this right of access is subject to exceptions.  To make a request, please contact the Privacy Officer using the contact details below.

We may refuse access in certain circumstances, including:

         (i)     where the request is frivolous or vexatious;

         (ii)    providing access would be unlawful (e.g. where disclosing the information would breach the tipping off provisions of the AML/CTF Laws), or where denying                   access is required or authorised by law;

         (iii)   we have a reason to suspect unlawful activity or serious misconduct;

         (iv)    providing access would have an unreasonable impact on the privacy of others or would pose a serious threat to the life, health, safety of a person or to                        public health and safety;

         (v)      the information relates to existing or anticipated legal proceedings and would not be discoverable through legal discovery.

We will notify you in writing if your request to access personal information is refused.

Riordan & Riordan may require proof of identity or charge a reasonable fee for searching for and providing access to your personal information.

You may request that we update or correct your personal information if you believe it is inaccurate, out of date, incomplete or misleading.  You may request that your personal information is securely destroyed, however not all information can be destroyed if it is required to be retained by law.  Some personal information may also be retained by Riordan & Riordan’s technical systems in accordance with its data security and business procedures.

8. Cross border disclosure of your personal information

As part of delivering legal services and operating our business, Riordan & Riordan may store personal information on Our Servers and Databases maintained and operated by third parties located outside Australia.  Countries in which Our Servers and Databases third party providers may store data include the USA, United Kingdom, New Zealand and Canada.

Before entering into contractual arrangements with Our Servers and Databases third party providers, Riordan & Riordan takes reasonable steps to ensure that the third party provider recipients do not breach the Australian Privacy Principles set out in the Privacy Act in relation to that information.

9. Governing Law

This Privacy Policy and use of our website are governed by the laws of Australia and Victoria.  If a dispute arises under this Privacy Policy, you agree to attempt to resolve the dispute under those laws.

10. Access to Privacy Policy

If you require a copy of our Privacy Policy in another form, please contact the Privacy Officer using the details below.

11. How to make a complaint

If you believe that there has been a breach of your privacy, or if you are dissatisfied with how we have dealt with your personal information, you may make your complaint in writing to the Privacy Officer using the details below.  Riordan & Riordan will respond to your complaint within a reasonable time.

If the complaint cannot be resolved, or if you are dissatisfied with our response, you may refer your complaint to the Office of the Australian Information Commissioner.

12. Contact Details of the Privacy Officer

Privacy Officer:             Simon Riordan

Address:                        Level 19, 390 St Kilda Road, Melbourne VIC 3004

Phone:                           03 9864 8444

Email:                            sar@riordanriordan.com.au

 

This Privacy Policy was published on 30 June 2026.