Important Notice - Data breach reported

A data breach has been reported and some user data may have been compromised.

Click here to read more about the incident and check if it affected you.


Overview and Definitions

In this Privacy Policy:

RBG Lawyers’, ‘Our’, ‘We’ or ‘Us’ refers to RBG Services Pty Ltd ACN 124 911 388.

You’ or ‘Your’ refers to the anyone from whom We collect information.

We respect the privacy of personal information and have published this policy (Privacy Policy) to provide practical guidance outlining the usual ways We treat that information. 

We collect, hold, use and disclose personal information to carry out Our business functions and activities.  These functions and activities involve providing legal services to individuals, businesses and government bodies.  The personal information We collect may also be used for other ancillary business activities, such as marketing and the operation of Our websites. 

This Privacy Policy does not address every aspect of how personal information is treated and will not apply to information that falls outside the Privacy Act 1988 (Cth) (Act) and Australia’s other privacy laws that may apply to Our business.

By using any of Our services, visiting Our website: or giving Us Your Personal Information, You agree to Your information being collected, stored, used and disclosed as set out in this Privacy Policy.

Personal Information: Personal Information has the meaning given to it under the Act.  As such, it means:

information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether or not recorded in a material form.

Sensitive Information: Sensitive Information has the meaning given to it under the Act and may include information about Your health, race, ethnicity, beliefs, criminal history, political or other associations and genetic or biometric information. 

Collection of Your Personal Information

Generally, We try to only collect the information We need for the function or activity We are carrying out. 

How do We collect personal information?

The main way We collect Personal Information is when You provide it to Us, upon engaging Us in the provision of legal services or through Our website (for example, if You submit a request to be contacted via Our website, then We will collect the Personal Information contained in the request).  

We may also collect Your Personal Information from publicly available sources (such as the Australian Securities and Investments Commission) or third-party clients who provide it to Us in connection with their legal matter (to enable Us to deal with You on their behalf, for example).

What types of information are collected?

Examples of Personal Information We may collect directly or indirectly include the following:

  • contact details (including name, position title, address, phone number, email address and date of birth etc.) of clients or other parties to a legal matter, users of Our website, job applicants and contractors;
  • information relating to Your enquiries, complaints or similar communications, including information provided over the phone or via Our website; and
  • financial information insofar as it relates to a legal matter.

The above list does not cover all the different types of information We may collect from time to time, rather it sets out the main types of information We collect on a regular basis.  As the Personal Information We collect varies on a case by case basis (e.g. depending on Your relationship with Us), please contact Us, using the details set out at the end of this Privacy Policy if You would like to know, specifically, what Personal Information We have collected from You.

How do We deal with unsolicited Personal Information? 

If We receive Personal Information about You that We have not requested, and We determine that We could not have lawfully collected that information under the Act had We asked for it, We will destroy or de-identify the information if it is lawful and reasonable to do so.

Can You deal with Us anonymously?

In most situations, it is impractical for Us to deal with You anonymously.  That is because for Us to conduct Our business, We need to know who We are dealing with.  If You would like to be dealt with anonymously, and it is possible to do so, We will allow You to interact with Us anonymously or through a pseudonym. 

How do We handle Sensitive Information?

It is unlikely that We will collect Your Sensitive Information.

There may be circumstances where We do need to collect Your Sensitive Information, such as where We are involved in court proceedings and Your sensitive information is required for Us to prosecute or defend those proceedings.  In these cases, We will usually collect Sensitive Information directly from You.  We will deal with all Sensitive Information in accordance with the law. 

Disclosure and use of Personal Information

When will We disclose or otherwise use personal information? 

We generally disclose Personal Information only in connection with the purpose for which it was provided (including incidental purposes), where You have consented to the disclosure, or as part of Our regular business activities.  We will not disclose or use Your Personal Information contrary to the law. 

Personal Information may be disclosed to Our various service providers and advisers, such as those who host Our website services or manage Our Information Technology. For example, if We are having a technical fault in Our IT systems (such as issues in receiving or sending emails), then Our IT service providers may access Our systems to assist Us in rectifying that fault and in doing so they may have access to Your Personal Information that is stored on Our systems.  Our service providers are bound by obligations of confidentiality and We have no reason to believe that they would use or disclose Your Personal Information for unlawful purposes.

Despite the above, We may also disclose and use Personal Information in other circumstances where the law allows Us to

Will We disclose Personal Information overseas?

While We do not directly disclose any Personal Information overseas, it may be held at locations outside of Australia in the following circumstances:

  • in connection with the processing of web traffic information disclosed to Google Analytics when You visit Our websites. Google stores information across multiple countries;
  • where Your Personal Information is stored on secure cloud storage and the service provider may have servers located overseas; and
  • where the disclosure is necessary to protect Our legitimate interests.

We will endeavour to obtain Your consent prior to disclosure of Your Personal Information to an overseas recipient in any circumstances not outlined above where those circumstances are not common in Our industry and such consent is required by law.  If You no longer consent to Your information being disclosed overseas, please contact Us. 

Will You use my Personal Information for marketing purposes?

We may use Your contact information for direct marketing.  If You do consent or would like to withdraw Your consent, You may opt-out of direct marketing at any time by notifying Us in writing. We will never sell Your information to anyone else.

Storage and security of Personal Information

How do We store and secure Your Personal Information?

Your Personal Information may be stored at the locations where We operate Our business in various forms (including in paper and electronic records), in secure cloud storage facilities and on servers operated or controlled by Us or Our service providers.

We take steps to protect the security of Personal Information We hold from inappropriate use or disclosure, including by implementing electronic security procedures (e.g. anti-virus software and password protection for Sensitive Information) and by imposing obligations of confidentiality on Our employees and contractors who may have access to Your Personal Information.  Physical records containing Personal Information are generally stored at secure premises where public access is restricted.

How long do We keep Your Personal Information?

We generally hold onto Personal Information until it is no longer needed for the purpose for which it was provided.  If You would like Us to destroy or deidentify any Personal Information provided to Us, please let Us know and We will endeavour to do so to the extent that it is not impractical and We no longer require the information for purposes permitted by law.

The law may entitle You to request that We erase or destroy Your Personal Information in certain circumstances.  Where You make such a request and there are no legal reasons for Us to retain Your Personal Information (such as where Your information is needed in connection with current or potential legal proceedings or You remain a contractor), then We will comply with such requests where required by law.  If We are entitled to hold onto Your Personal Information, then the law may entitle You to request that We restrict access to Your Personal Information in certain circumstances and We will do so where required by law. 

Please note that if We erase or destroy Your Personal Information then in the future We may not be able to contact You in relation to Our business activities and You may have to provide certain information again before We can deal with You. 

How do We make sure Personal Information is correct?

We seek to ensure that Personal Information We collect is accurate, current, and complete.  We do so by generally recording Personal Information in a consistent format, updating Our records as appropriate and (where We consider it necessary to do so) checking the accuracy of Personal Information collected by third parties or public sources.  We request that You notify Us of any Personal Information that may be inaccurate, outdated, or incomplete. 

Accessing and correcting Your Personal Information

You can request access and correction of Your Personal Information in accordance with relevant laws.

We will need to verify Your identity before We can provide access to Your information or make any corrections to it and We may ask for evidence supporting Your requests for corrections.  We will do Our best to respond to any requests within 30 days.  If We refuse to provide access to or correct Your information, We will notify You of Our reasons in writing and comply with any applicable laws in that regard.

Generally, this process is free.  However, in the event We do charge a fee that is permitted by law then You will be advised of the approximate fee in advance.

Please contact RBG Lawyers’ Privacy Officer (the contact details of which can be found below) if You wish to access Your personal information.

Our websites

There are several ways in which We collect information through Our websites.  We handle Personal Information obtained through Our websites in the same manner We deal with Personal Information obtained via other means. 

Our websites generally collect ‘cookies’ when used.  In case You were not already aware, cookies are small data files containing information transferred from websites onto computers or other devices for record-keeping purposes and to enhance website functionality.  Cookies usually do not identify You personally unless You provide the website with Your name (e.g. in an enquiry).  However, cookies may contain information in relation to how You access and interact with the website.  Most browsers allow You to choose whether to accept cookies or not.  Please set Your browser settings to reject all cookies before accessing Our website if You would prefer to avoid sharing cookies.

We may use analytics tools to collect data about Your integration with Our website and those analytics tools may be hosted by third parties.  Any data collected this way will be used primarily for the purpose of improving Your experience when using Our websites.  The type of information that analytics tools may collect includes Your device’s IP address, device screen size, device type (including operating system and browser information), the country in which You accessed the website, search terms and pages visited and times when website pages were accessed.  We will not make decisions in relation to You based solely on automated processing (e.g. profiling) where doing so would have legal implications for You. 

Our website may contain links to other third-party websites. Any access to and use of such websites is not governed by this Privacy Policy but is governed by the privacy policies of those third-party websites. We are not responsible for the information practices of third-party websites or those who operate them.


How can You make a privacy related complaint?

We take complaints and concerns regarding privacy seriously.

We request that any complaints relating to the way We have handled Your Personal Information be made in writing and sent to the contact named below.  If We receive a complaint from You about the way We have handled Your Personal Information We will determine what (if any) action should be taken to resolve the complaint. 

Any complaint will be investigated by Us and You will be notified of any decision relating to Your complaint as soon as is practicable after it has been made, usually within 30 days.

Complaints to external authorities

If We are unable to resolve Your complaint You may also contact the Office of the Australian Information Commissioner (OAIC). The OAIC will generally require You to give Us time to respond before they will investigate. For further information visit or call the OAIC on 1300 363 992 (from within Australia) or +61 2 9284 9749 (from outside Australia).

Contact details

We have a Privacy Officer (also referred to as a company representative) that has been appointed for the purposes of handling privacy related issues on Our behalf. 

If You have any queries about this Privacy Policy, Your rights under this Privacy Policy (e.g. Your rights relating to access and correction of Personal Information) or You would like to raise any privacy concerns, please contact Us using the details set out below:

Telephone:      (+61 7) 3009 9300


Address:          Level 10, 300 Adelaide Street, Brisbane QLD 4000

If You are contacting Us via telephone, please ask to speak to Our Privacy Officer.  Any email or postal correspondence should be marked “private and confidential” and addressed to the Privacy Officer at RBG Lawyers.


This Privacy Policy was last updated in October 2022.  This Privacy Policy will be reviewed from time to time to take into account new laws and technology, changes to Our operations and other necessary developments.  When this Privacy Policy is updated, We will publish the updated Privacy Policy on Our website.  Your continued use of Our website, products or services, requesting Our assistance, or the provision of further Personal Information to Us after this Privacy Policy has been revised, constitutes Your acceptance of the revised Privacy Policy.|u?D#|5NnQ?Jv-TP]Y[4i mZ~@-dFn1au3r(a37=|3(K+8!_dmBZwHV^!.0E >