Privacy Policy

AF Legal Group Ltd ACN 063 366 487 and its related bodies corporate (AF Legal Group, we, our, us) takes your privacy seriously and are committed to responsible privacy practices.

Please read the following privacy policy (Privacy Policy) to understand how we collect, use, disclose, store, handle and protect your personal information.  We hope that this will help you make an informed decision about sharing personal information with us.  As well as applying to our interactions with you, this Privacy Policy also applies to all information collected through our main website https://aflegal.com.au/, and any other website or platforms we operate including the websites of our related bodies corporate.

This Privacy Policy sits alongside our Terms of Use (found at https://www.australianfamilylawyers.com.au/terms-of-use), and any other terms and conditions that apply to the products and services we provide to you.

What is personal information?

In this Privacy Policy, ‘personal information’ has the meaning set out in the Privacy Act 1988 (Cth) (Privacy Act).  In general terms, personal information is information (whether fact or opinion) about an individual who is identified or reasonably identifiable from that information or other information combined with that information.

Some types of personal information are classified as ‘sensitive information’ and/or ‘health information’, which are subject to additional protection under the Privacy Act. Sensitive information may include information about your racial origin and health status, and health information may include information about a health-related service you have had or will receive, including test results and appointment details.

What types of personal information do we collect?

The types of personal information we collect about you will depend on the purpose for which the personal information is collected.  This can include:

• in the case of clients procuring our services – your name, billing or street address, email address, telephone number(s), payment information (including credit card information or alternative payment method account information, as this information will be processed by our payment gateway providers National Australia Bank Limited (NAB) and St. George Bank, a Division of Westpac Banking Corporation ( George Bank). Further details about NAB can be found on their website https://www.nab.com.au/ and their privacy policy located at https://www.nab.com.au/common/privacy-policy. Further details about St. George Bank can be found on their website https://www.stgeorge.com.au/ and their privacy policy located at https://www.stgeorge.com.au/privacy?fid=GL:GF:None:stg:www:privacy;
• if you have requested to receive news about exclusive offers, promotions, or events from AF Legal Group – your name, mailing or street address, email address, and telephone number(s). We may sometimes collect this personal information through registrations for our events you make through third parties;
• if you have contacted us to make a complaint, provide feedback, submit an enquiry, request a call-back – your name, email address, telephone number(s), State of residence, and relevant or requested legal service;
• in the case of prospective employees or contractors – information contained in your application or résumé, recorded during any interview, or obtained through any pre-employment checks, and government-issued identifiers such as tax file numbers;
• in the case of our shareholders – your name, contact details, government-issued identifiers such as tax file numbers, details of shares and how they are held on the Australian Securities Exchange (ASX) Clearing House Electronic Subregister System and information relating to voting, such as proxy forms; and
• in the case of our suppliers and distributors – your name, mailing or street address, email address, and telephone number(s).

Unless you become our client (including through participating in a private legal consultation with us) or our employee, we will not collect sensitive information about you.  For instance, to assist with your matter and as part of ongoing proceedings, we may need to know if you have any medical conditions, including obtaining health data such as medical diagnosis from a doctor.

We may also collect technical information and general analytics, such as web browser type and browsing preferences, Internet service provider, referring/exit pages, date/time stamps, IP address, time zone and geolocation data (if applicable), some of which is collected automatically,  arising from your use of our website and/or platforms, as well as information about your usage of our website and/or platforms when browsing (see: “How do we collect personal information” below).

How do we collect personal information?

We collect your personal information directly from you, including when you:

• access or use our website;
• subscribe to or purchase our services or engage with us as a client;
• pay your bill for our services through our bill payment portal;
• sign up to receive news and exclusive offers, promotions, or events;
• enter surveys, competitions, promotions or request information or material from us;
• make inquiries about us or our products or services or otherwise communicate with us by email, by telephone, in person, via a website or otherwise;
• become a shareholder of the AF Legal Group through the ASX; and
• apply to work with us or are engaged by us as a contractor.

Where it is reasonable and practicable to do so, we will only collect personal information about you from you directly and not from third parties.

In limited circumstances, we may collect personal information about you from publicly available sources (such as the Internet) and from third parties (such as mutual contacts, your professional advisers such as stockbrokers if you are or become a shareholder, or from your referees during the recruitment process if you apply for a job with us).

We may also collect personal information through third parties such as our service providers or through promotional and marketing activities. Whilst we will always maintain robust privacy practices, we are not responsible for the privacy practices of third parties, including NAB and St. George Bank, so you should review their relevant privacy policy to satisfy yourself as to how they protect and handle your personal information.

We also use the following technologies to collect technical information and general analytics:

• cookies, which are data files that are placed on your device and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org;
• log files, which track actions occurring on our website; and
• web beacons, tags, and pixels, which are electronic files used to record information about how you browse our website.

In addition to AF Legal Group’s cookies, certain third parties may deliver cookies to your device for a variety of reasons. For example, we sometimes use various web analytics tools such as Google Analytics or Meta Pixel that help us to understand how visitors engage with our website. Any third party links or advertising on our website may also use cookies; you may receive these cookies by clicking on the link to the third party site or advertising. We do not control the collection or use of information by these third parties, and these third party cookies are not subject to this Privacy Policy. You should contact these companies directly if you have any questions about their collection and/or use of information. When linking to any other site, you should always check the relevant website’s privacy policy before providing any personal information.

Can you choose not to disclose your personal information?

You do not have to identify yourself or provide any personal information if you contact us. You can also notify us that you wish to deal with us using a pseudonym.

However, if we cannot collect personal information about you or if you use a pseudonym, we will not be able to provide you with the information or assistance you require, such as our legal services.  For example, we will not be able to send you any information you have requested if you have not provided us with a valid email address or telephone number.

How do we use your personal information?

We use your personal information for purposes collected including managing our business and providing our services to you, including to:

• provide legal services to our clients or to receive goods or services from third parties;
• enable the proper operation and functionality of our services;
• verify your identity (for example, if you request access to the personal information we hold about you);
• consider you for a job at AF Legal Group (whether as an employee or contractor) or other relationships with us;
• communicate with you, and to address any issues or complaints that we or you may have regarding our relationship or services;
• prevent, detect and investigate suspicious, fraudulent, criminal or other activity that may cause you, us or others harm, including in relation to our services;
• comply with our legal obligations such as notifying you of matters that we may be required by law to do so;
• identify opportunities to improve our services and to improve our service to you;
• gain insights about you so that we can serve you better, understand your preferences and interests, personalise your experience and/or enhance services you are offered and receive;
• for direct marketing purposes (see “Direct Marketing Communications” below);
• for shareholder communication and company participation, shareholder registry maintenance and legal compliance purposes (see “Shareholder personal information” below) and
• contact you regarding any of the above, including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner.

Any personal information or sensitive information you provide to us as a client when you engage us for legal services is subject to legal professional privilege.  We take your privacy seriously and will only use your personal information as set out in this section and disclose your personal information (where we are permitted to) in accordance with the “To whom do we disclose personal information” section below.

We may also use or disclose your personal information for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes and for other purposes to which you have consented, or as otherwise permitted or required by law.

Technical information and general analytics are used for the purpose of gauging visitor traffic, trends and delivering personalised content to you while you are using our website, and to improve our website and our products and services.

To whom do we disclose personal information?

We may disclose your personal information to third parties in connection with the purposes described above (see the “How do we use your personal information?” section).

This may include disclosing your personal information to the following types of third parties:

• our related companies;
• any potential third party acquirer of our business or assets, and advisors to that third party;
• our professional advisers (such as external lawyers, accountants or auditors) and insurers;
• our employees, contractors and third party service providers who assist us in performing our functions and activities e.g. barristers, payment systems operators and financial institutions, cloud service providers, data storage providers, shipping companies, telecommunications providers, share registry service providers, stockbrokers, accountants and IT support services providers;
• organisations authorised by us to conduct promotional, research or marketing activities;
• courts, tribunals and regulatory authorities, where required to do so;
• third parties to whom you have authorised us to disclose your information (e.g. referees or account nominees); and
• any other person as required or permitted by law, (e.g. members of the public who have validly requested a copy of our company registers).

We use third party service providers to provide us with web analytics services, such as Meta Platforms, Inc., Post Hog and Google LLC.  You can read more about how these third party service providers use your personal information here: https://www.facebook.com/privacy/policy/, https://posthog.com/privacy and https://policies.google.com/privacy.

If we disclose your personal information to third parties we will use reasonable commercial efforts to ensure that such third parties only use your personal information as reasonably required for the purpose of disclosure and in a manner consistent with applicable laws, for example (where commercially practical) by including suitable privacy and confidentiality clauses in our agreement with a third party service provider to which we disclose your personal information.

Direct marketing communications

We will only send you direct marketing communications (either through mail, SMS or email), including any news and exclusive offers, promotions, or events, where you have consented for us to do so.

You may opt-out of receiving direct marketing communications at any time by contacting us or by using opt-out facilities provided in the direct marketing communications.

Shareholder personal information

We will send shareholder communications and notices pursuant to the Corporations Act 2001 (Cth) (Corporations Act).  Where shareholder communications may involve direct marketing, such as the promotion of new financial products, we will only send communications in accordance with the above “Direct marketing communications” section.

If you are a shareholder and you believe the personal information we hold about you is inaccurate or out of date, you may request access or correction by following the process in the “How can you access and correct your personal information?” section below.

You can also inspect or get a copy of any of the registers kept by us free of charge pursuant to the Corporations Act, by visiting our registered company address or by submitting an inspection request to our contact details, which must include your name, address and purpose.  If we deem your request to be for a proper purpose, we will provide you with a copy or inspection within 7 days of your request.

If you are not a shareholder, we may also charge you a fee to inspect or obtain a copy of the registers pursuant to Schedule 4 of the Corporations Regulations 2001 (Cth).

How do we store personal information?

We store your personal information in paper-based files and/or other electronic record keeping methods in secure databases.  Personal information may be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed).  We combine or link personal information we hold about you with other personal information about you from third party sources.

Does personal information leave Australia?

Your personal information may be transferred overseas or stored overseas for a variety of reasons. [It is not practical for us to list every country where such overseas recipients may be located, however such countries are likely to include [insert]]. If your personal information is sent to a recipient in a country with data protection laws which are at least substantially similar to the Privacy Act and the Australian Privacy Principles, and where there are mechanisms available to you to enforce protection of your personal information under that overseas law, we will not be liable for a breach of the Privacy Act and the Australian Privacy Principles if your personal information is mishandled in that jurisdiction. If your personal information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia’s, we will take commercially reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the Privacy Act and the Australian Privacy Principles.

How do we protect your personal information?

We implement reasonable measures to protect and safeguard your personal information from misuse, loss, theft and unauthorised access, modification or disclosure.

We maintain physical security over networking equipment and electronic data stores, such as through locks and security systems at our premises.  We also maintain computer and network security, for example, we use firewalls (security measures for the internet), data encryption and practice management protocols and other security systems such as user identifiers, user access control settings, 2-factor authentication and passwords to control access to our computer systems.

However, particularly for electronic data stores and due to the fact that the Internet is inherently insecure, we cannot guarantee the security of transmission of personal information disclosed to us online.  Accordingly, you transmit your personal information to us online at your own risk and are encouraged to exercise care in sending personal information via the internet.  Please notify us immediately if you know or reasonably suspect that your personal information has been subject to any data breach, breach of security or other unauthorised activity.

How long do we keep your personal information?

Generally, we will retain your personal information for the period necessary for the purposes for which your personal information was collected (as outlined in this Privacy Policy) unless a longer retention period is required by law or if it is reasonably necessary for us to comply with our legal obligations, resolve a dispute or maintain security.

This means that we will store your personal information for the following periods:

• if you are a client, we retain your personal information for a minimum of 7 years from the later of the date on which your matter with us is completed or your retainer is terminated, unless you have instructed us to the contrary. We also retain some of your personal information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services;
• if you are a shareholder, we will retain your personal information for a minimum of 7 years as part of our company financial and governance records. We also retain some of your personal information as necessary to comply with our legal obligations, including our reporting obligations to regulatory and governmental bodies such as the Australian Securities and Investments Commission and the ASX;
• if you unsuccessfully apply for a job with us (whether as an employee or contractor): up to 2 years;
• if you work with us (whether as an employee or contractor): up to 7 years after you cease working with us;
• if we process your personal information in connection with you being a supplier to us (or an employee or contractor of a supplier): up to 7 years from your last interaction with us; and
• if we process your personal information for direct marketing purposes or process your personal information based on your consent, we may retain the information until you ask us to stop and for a short period after that (to allow us to implement your request). We will indefinitely keep a record of the fact that you have asked us not to send you direct marketing or to process your information so that we can respect your request in future.

When personal information is no longer required, we will take reasonable steps to delete the personal information from our systems or de-identify the personal information.

How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us at [email protected].  We will provide access to that information in accordance with the Privacy Act, subject to any exemptions that may apply.  We may charge an administration fee in limited circumstances, but we will let you know in advance if that is the case.

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it by contacting us at [email protected]. Where we agree that the information needs to be corrected, we will update it. If we do not agree, you can request that we make a record of your correction request with the relevant information.

You can also ask us to notify any third parties that we provided incorrect information to about the correction. We’ll try and help where we can – if we can’t, then we’ll let you know.

Questions or complaints?

If you have any questions, concerns or complaints about our collection, use, disclosure or management of your personal information, please contact us at [email protected].

We are committed to resolving any complaints reasonably and to ensuring that we are doing the right thing by our clients. We will make all reasonable inquiries and your complaint will be assessed with the aim of resolving any issue in a timely and efficient manner.

If you have raised a complaint with us and you are unsatisfied with the outcome or have further concerns about the way we handle your personal information, under the Privacy Act, you may complain to the Information Commissioner at the Office of the Australian Information Commissioner, whose contact details are set out below:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Online:  www.oaic.gov.au
Email:   [email protected]

How to contact us

If you have a query, concern or complaint about the manner in which your personal information has been collected or handled by us or would like to request access to or correction of the personal information we hold about you, please contact us using the details provided below:

Privacy Officer
AF Legal Group Ltd
Level 2/326 William St, Melbourne VIC 3000

Email: [email protected]

Changes to this Policy

We may change or update this Privacy Policy from time to time to keep up-to-date with legal requirements and the way we operate our business.  An up-to-date version of this Privacy Policy is available at any time on this page. You are responsible for reviewing this Privacy Policy periodically and informing yourself of any changes. We suggest that you check back regularly. If we make significant changes to our Privacy Policy, we will seek to inform you by notice on our website or by email.

Last updated: 17 February 2026