Last Checked: Dec 2023

About this policy

Your privacy is important to us. This is our Privacy Policy and it sets out how O*NO Legal Pty Ltd ACN 638 701 112 and our related entities (‘We’, ‘us’ and ‘our’) collect, use and disclose your personal information.

We adhere to the Australian Privacy Principles contained in the Privacy Act 1998 (Cth) (‘the Act’).  The principles are designed to protect the privacy of individuals by regulating the way personal information is managed by Australian businesses.  Personal information is any information that allows an individual to be personally identified.

We adhere to and acknowledge the importance of the Notifiable Data Breach Scheme, which has been addressed by us in our Data Breach Response Plan.

You do not have to provide us with your personal information. However, if you do not, we may not be able to provide you with information or legal or privacy services you request, or important notices in relation to our provision, and your use, of our services.

By visiting our website, applying for or using any of our services or providing us with your information, you agree to your information being collected, held, used and disclosed as set out in this Privacy Policy.


The information we collect

We collect information that is reasonably necessary for us to provide you with the services or products you have requested from us, and to manage our obligations to you under any customer contract or applicable law. Some of the services or products may include:

  • Templated legal and privacy documents;
  • Privacy consulting advice;
  • Legal advice and legal services;
  • Compliance advice and services;
  • Training services;
  • PR and communications consultancy advice.

We will only collect your sensitive information if you have provided us with consent to do so. Where practicable, we will give you the option of interacting with us anonymously.

The information we collect and hold generally includes your name (and satisfactory evidence of identity), supply address, billing address and contact details (such as your phone number(s) and/or email address), other contact details, payment details, occupation, household details, business details, financial information, employment references, information about staff and directors, as required in the normal course of human resource management and the operation of a business and other information to assist us in conducting our business.

However, we may also collect and hold other information required to provide services or assistance to you, including your emergency contact details, sensitive information, and information necessary to assess your creditworthiness.


How we collect your information

We only use your information for the purpose for which it was provided to us, related purposes that you would reasonably expect and as permitted or required by law.

Such purposes include:

  • in the ordinary course of conducting our business. For example, sending you content which you have requested; providing you with privacy, legal or consultancy services; preparing documentation on your behalf, either through the use of legal bots or ‘human’ lawyers; acquiring products and services; responding to your enquiries and feedback; and providing information about our events, news, publications and products and services that may be of interest to you;
  • performing general administration, reporting and management functions. For example, invoicing and account management, payment processing, risk management, training, quality assurance and managing suppliers;
  • maintaining/administering your account and processing payments you have authorised;
  • processing your survey or questionnaire responses for the purpose(s) notified in the survey or questionnaire (where you have chosen to participate);
  • for market research and programs so that we can improve our services and meet our customers’ needs;
  • analysing broader market trends and demographics so that we may best serve our customers in the future;
  • providing you with marketing information regarding other products and services (of ours or of a third party) which we believe may be of interest to you, but not if you have opted out from receiving such information;
  • reporting to our owners or their shareholders;
  • quality assurance and training purposes;
  • employment-related purposes, such as recruiting and providing services to staff;
  • as part of a sale (or proposed sale) of all or part of our business;
  • other purposes related to or in connection with our business, including meeting our legal and contractual obligations to third parties and for internal corporate governance purposes; and
  • any other purposes identified at the time of collecting your information.

We may disclose your personal information to government agencies, our service providers, agents, contractors, business partners and other recipients from time to time, only if one or more of the following apply:

  • you have consented.
  • you would reasonably expect us to use or disclose your personal information in this way.
  • we are authorised or required to do so by law.
  • disclosure will lessen or prevent a serious threat to the life, health or safety of an individual or to public safety.
  • where another permitted general situation or permitted health situation exception applies.
  • disclosure is reasonably necessary for a law enforcement related activity.

However, we will only use your sensitive information for the purposes for which it was initially collected, other directly related purposes or purposes to which you otherwise consent.

If you are not a customer (for example, if you are a supplier or other third party), your information will only be used for the specific purpose for which it was provided to us, unless you have consented to other uses.


How we disclose your information

We may disclose your information to our related entities and third parties who provide services to us or on our behalf, including: government bodies, regulators, law enforcement agencies and any other parties where required or otherwise permitted by law; other service providers where necessary to cross check the accuracy of your contact details; our related entities and third parties who provide services to us, or to you on your behalf, including:

  • parties that help operate and maintain our IT infrastructure and other business assets;
  • parties that manage customer accounts and billing;
  • that are our business partners, joint venturers, partners or agents, including consultants that assist us in the delivery of our services;
  • external IT service providers, infrastructure and other third-party service providers;
  • mailing houses and marketing companies;
  • as part of a sale (or proposed sale) of all or part of our business. For example, we may disclose information to our external advisers, to potential and actual bidders and to their external advisors;
  • in the case of claims (or likely claims), assessors, repairers, builders and investigators;
  • parties that assess creditworthiness or assist in recovery against you if you are in breach of your obligations; and

other entities that may offer you related products or services if you have not opted out to receive such information.

We will only disclose your sensitive information for the purposes for which it was initially collected, other directly related purposes or purposes to which you consent.

We may disclose, and you consent to us disclosing, your personal information among the entities that comprise Us and to any of our related bodies corporate or related entities (as both are described in the Corporations Act 2001 (Cth)) whether located in Australia or overseas. If we disclose your personal information to a Related Body Corporate, your information will be collected, stored, used and disclosed in accordance with this Privacy Policy and the APP's. 

We may disclose personal information to overseas recipients including but not limited to contracted service providers or related bodies corporate or related entities based outside Australia for processing, storage or backup. Overseas recipients are generally located in New Zealand or the United States of America.

We will take reasonable steps (eg. contractual measures) to ensure that these providers comply with applicable Australian Privacy Principles (‘APP’s’). Further, certain contracted service providers may enter arrangements with overseas providers from time to time. We recommend that you view their privacy policies for details.

Any overseas disclosure does not affect our commitment to safeguarding your personal information. Where reasonable in the circumstances, our contracts with overseas recipients oblige them to comply with the APP's and the Act. However, you acknowledge that, in agreeing to the disclosure of your information to overseas recipients, we will not be required to take further reasonable steps to ensure overseas recipients’ compliance with the APP's in relation to your information and we will not be liable to you for any breach of the APP's by those overseas recipients. On this basis, you consent to such disclosure.



Security of your information

We take reasonable steps (including any measures required by law) to ensure your information is protected and secure. For any payments you make via our websites, we use a recognised payment service provider that is required to take reasonable steps to protect your information.

We also take reasonable precautions to ensure that any information you provide to us through our websites is transferred securely.

Other information protection measures we take include:

  • computer and network security measures, including use of firewalls, password access and secure servers;
  • restricting access to your personal information to employees and those acting on our behalf who are authorised and on a ‘need to know’ basis;
  • entering into confidentiality agreements with staff and third parties.

All personal information collected by us through our platforms is stored in a variety of formats including electronically in databases, in hard copy files and on personal devices including laptop computers, mobile phones, cameras and other recording devices. We will not store personal information for longer than necessary (or than we are legally allowed to) and when it is no longer required it will be deleted from the database.  We may store information in ‘the cloud’ which may mean that it resides on servers situated outside of Australia.

However, no data protection and security measures are completely secure. Despite all the measures we have put in place, we cannot guarantee the security of your information, particularly in relation to transmissions over the internet.

Accordingly, any information which you transmit to us is transmitted at your own risk. You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, customer details, etc) and you should notify us as soon as possible after you become aware of any security breaches.

If we become aware of any security breaches, an internal process will be undertaken in accordance with our Data Breach Response Plan to conduct an assessment of the breach, and commence notification procedures, if necessary.


Accuracy, access and correction

We take reasonable steps to ensure the information we collect and hold about you is accurate, up-to-date and complete, and if used or disclosed, also relevant.

Please let us know as soon as possible if there are any changes to your information or if you believe the information we hold about you is not accurate, complete, up-to-date or is otherwise misleading.

We will, on request, provide you with access to the information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any refusal to allow you access to your information.



When you visit our website a ‘cookie’ may be stored on your computer or mobile device by our server.  We use cookies to maintain user sessions. We may use this information to generate statistics about how many people visit our site and how people use our website.  However, generally this information will not identify you and we do not link this information back to your identity or other information that you have provided to us. We do not store any information that identifies you inside cookies.

Most web browsers are set by default to accept cookies. However, if you do not wish to receive cookies, you may set your browser to either prompt or refuse cookies.

Sometimes our website contains links to other websites, for your convenience and information. When you access a website other than our own, please understand we are not responsible for the privacy policies of that site.  We suggest you review the privacy policies of each site you visit.


Notification of Data Breaches

If we have reasonable grounds to suspect that a data breach has occurred, we will:

  • complete an assessment of the suspected data breach within 30 days; and
  • if appropriate, take remedial action to address any potential harm to individuals that may arise due to a relevant data breach before any serious harm is caused to individuals to whom the information relates.

We will otherwise comply with privacy data breach notification requirements, including notifying affected individuals and the Office of the Australian Information Commissioner, as applicable.


What if you have an inquiry or complaint?

If you have an inquiry or complaint relating to our Privacy Policy or compliance with applicable APP’s, please contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint, as well as any supporting evidence and/or information.

We will refer your inquiry or complaint to our Privacy Officer. They will, within a reasonable time, investigate the issue and determine the steps that we will undertake to resolve any complaints. We will contact you if we require any additional information from you and will notify you in writing of the response or determination of our Privacy Officer.

If you are not satisfied with our response or determination, you can contact us or raise your concerns with the Australian Privacy Commissioner via www.oaic.gov.au

If you believe we have breached the APP’s or mishandled your personal information, or you have any questions about this Privacy Policy, please email us at [email protected]  and mark it ‘PRIVACY QUERY’.



How to contact

If you have any questions or concerns about this Privacy Policy, please email us at [email protected] and mark it ‘PRIVACY QUERY’.