We are committed to protecting your privacy. We collect, use, share, process and manage personal information only as reasonably necessary for carrying out our functions and activities.
If we prepare to provide, provide you with or reasonably anticipate that we may provide you with, any Designated Services, we will handle your personal information provided in relation to those services in an open and transparent way, subject to our legal obligations, in accordance with this Privacy Policy for AML/CTF obligations (hereinafter referred to as the “AML/CTF Privacy Policy”).
This policy applies only to personal information handled in connection with our AML/CTF obligations under the AML/CTF Framework. Other parts of our legal practice are outside the Privacy Act. We still handle that information confidentially under the legal profession legislation, including the Legal Profession Uniform Law Australian Solicitors' Conduct Rules 2015 (NSW). For our general handling of personal information outside our AML/CTF obligations, see our main Privacy Policy at adiuvolegal.com.au/privacy-policy.
We are a small business operator under section 6D of the Privacy Act and become subject to the Privacy Act, for the first time, only in relation to AML/CTF related activities by operation of section 6E(1A) of that Act.
Accordingly, the Privacy Act, including the APPs, applies only to our collection, use, sharing, processing and management of personal information required to comply with our obligations under the AML/CTF Framework.
Under APP 2 you may interact with us anonymously or using a pseudonym, where lawful and practicable. However, interacting anonymously or using a pseudonym is not possible where we are required to verify your identity under the AML/CTF Framework.
We collect personal information only by lawful and fair means.
We collect personal information directly from the individual who is the subject of the information unless the individual has consented to collection from a third party, it is unreasonable or impractical to collect directly or we are required or authorised by law to collect it from a third party.
We may collect personal information when you, your organisation or someone acting on your behalf engages us to provide a designated service, including when you supply KYC Information in response to our direct request or when our third party identity verification and screening provider (currently InfoTrack) collects and verifies information on our behalf.
If we use a credit reporting body for electronic identity verification, we will seek your express consent before doing so and offer you an alternative means of verification, such as certified copies of identification documents.
We will provide you with a Privacy Collection Notice at or before the time we collect your personal information, which accompanies our engagement letter and fee proposal.
We are required by law under the AML/CTF Act to collect and verify certain personal information and may be prohibited from providing Designated Services if we cannot do so.
We collect KYC Information as required by the AML/CTF Act, which may include your name, residential address, date of birth, contact details, occupation, identification document details, source of funds and source of wealth information and beneficial ownership information where you are acting for a company, trust or other entity.
We may also collect Sensitive Information where required for compliance with the AML/CTF Framework, including information about political associations relevant to determining whether you are a politically exposed person.
We may conduct ongoing monitoring of transactions and client information to comply with our AML/CTF obligations.
If you do not provide requested personal information, we may be unable to provide Designated Services to you and may be unable to comply with our legal obligations, which may mean we cannot act for you on a matter involving a Designated Service.
We collect and use personal information to carry out our functions and activities, including providing you with Designated Services and complying with our regulatory obligations, such as the AML/CTF Framework, the Legal Profession Uniform Law and its related rules and other relevant legislation such as the Duties Act 1997 (NSW) and the Australian Registrars National Electronic Conveyancing Council's Model Participation Rules.
Unless you consent otherwise, we only use your personal information for the primary purpose for which it was collected and for any secondary purpose you would reasonably expect that is related to the primary purpose. For Sensitive Information, any secondary purpose must be one you would reasonably expect and directly related to the primary purpose of collection.
Third parties
Subject to legal requirements, we do not share your personal information with third parties except with your express permission or to contracted service providers who support our AML/CTF due diligence processes. This currently includes our third party identity verification and screening provider (InfoTrack) and incorporation or registered agents engaged to establish or administer a company or trust on your behalf, including agents located overseas where your matter involves an international entity. We take reasonable steps to ensure such service providers protect your personal information appropriately and do not use or disclose it for any other purpose, other than as required by law.
Legal requirements
We may use or disclose your personal information where required by law or expressly permitted by the Privacy Act, including where it is necessary to lessen or prevent a serious threat to life, health or safety, where we reasonably suspect serious unlawful activity or misconduct relating to our functions, where necessary to assist in locating a missing person or where we are compelled by law, including by warrant, subpoena, court or tribunal order or a lawful request from a government agency or regulator. This includes disclosure to AUSTRAC, including where we form a suspicion about a matter or transaction under the AML/CTF Framework.
Nothing in this AML/CTF Privacy Policy limits our obligations of confidentiality or client legal privilege. However, there may be circumstances where we are compelled to disclose information to AUSTRAC under the AML/CTF Framework. We are prohibited from notifying you of disclosures to AUSTRAC and may be prohibited from notifying you of disclosures to other government agencies or authorities.
If Adiuvo Legal is involved in a merger, acquisition or sale of all or part of its practice, your personal information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
We hold personal information in hard copy and electronic formats. We take reasonable steps to prevent unauthorised access, disclosure, alteration, destruction or loss of personal information, including through staff awareness of privacy obligations, administrative and technical controls restricting access to those who need it and technological security measures such as encryption and access controls.
Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme in the Privacy Act, including notifying the OAIC and affected individuals as required.
When personal information is no longer needed for any purpose for which it may be used or disclosed under this policy and we are not required by law or court order to retain it, we take reasonable steps to destroy or de-identify it. We do not retain full copies of identification documents, such as scanned passports or driver's licences, for longer than needed to complete verification. KYC Information and transaction records are kept for 7 years after the practice relationship ends or the relevant transaction is completed, as required by the AML/CTF Framework.
We maintain your personal information physically and electronically within Australia, unless your matter requires us to share information with third parties offshore, such as incorporation or registered agents in jurisdictions relevant to your matter.
Some electronic services we use may process data offshore but those services are not entitled to access or use the personal information we hold except as required to deliver the contracted service. We take reasonable steps to ensure overseas recipients do not breach the APPs.
We will respond to inquiries about whether we hold personal information about you and allow access to and correction of that information, subject to the conditions in the Privacy Act, including where giving access would pose a serious threat to safety, have an unreasonable impact on the privacy of others, relate to a frivolous or vexatious request, relate to existing or anticipated legal proceedings, prejudice negotiations, be unlawful, be required or authorised to be denied under law, prejudice a suspected unlawful activity investigation or enforcement related activity or reveal commercially sensitive evaluative information.
If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you may request correction by contacting our Privacy Officer. We may ask you to verify your identity before giving access or making corrections and may charge a reasonable fee for access but not for correction. We aim to respond within 30 days.
Our Privacy Officer for these purposes is Jabran Chaudhry, Principal.
Contact: contact@adiuvolegal.com.au or (02) 9159 9047.
All privacy related inquiries and complaints are handled by our Privacy Officer. If you have concerns about how we manage your personal information or believe we have breached the APPs, please contact our Privacy Officer in writing, setting out the details of your complaint.
We will acknowledge receipt of your written complaint within a reasonable time, usually within 7 days. Our Privacy Officer will conduct an internal investigation, which may involve contacting you for further information and will aim to provide a written response outlining the outcome, our decision and any corrective action proposed within 30 days of receiving your complaint.
If you are not satisfied with our response or we do not resolve your complaint within 30 days, you may escalate it to the OAIC.
Lodge a complaint with the OAIC
If you require a copy of this Privacy Policy in a particular form, please contact our Privacy Officer.
Date reviewed: 30 June 2026
Copyright © 2026 Adiuvo Legal - All Rights Reserved.
Liability limited by a scheme approved under Professional Standards Legislation.
See our privacy policy for how we handle your personal information.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.