Adiuvo Legal
  • Services
  • Resources
  • Team
  • Contact
  • More
    • Services
    • Resources
    • Team
    • Contact
Adiuvo Legal
  • Services
  • Resources
  • Team
  • Contact

Privacy Policy for AML/CTF obligations

Our commitment


We are committed to protecting your privacy. We collect, use, share, process and manage personal information only as reasonably necessary for carrying out our functions and activities.


If we prepare to provide, provide you with or reasonably anticipate that we may provide you with, any Designated Services, we will handle your personal information provided in relation to those services in an open and transparent way, subject to our legal obligations, in accordance with this Privacy Policy for AML/CTF obligations (hereinafter referred to as the “AML/CTF Privacy Policy”).


What does this AML/CTF Privacy Policy cover?


This policy applies only to personal information handled in connection with our AML/CTF obligations under the AML/CTF Framework. Other parts of our legal practice are outside the Privacy Act. We still handle that information confidentially under the legal profession legislation, including the Legal Profession Uniform Law Australian Solicitors' Conduct Rules 2015 (NSW). For our general handling of personal information outside our AML/CTF obligations, see our main Privacy Policy at adiuvolegal.com.au/privacy-policy.


Meaning of words used in this AML/CTF Privacy Policy


  • "AML/CTF Act" means Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
  • "AML/CTF Framework" means AML/CTF Act, AML/CTF Rules and AUSTRAC-issued guidance.
  • "AML/CTF Rules" means Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth) made under the AML/CTF Act.
  • "APPs" means The Australian Privacy Principles in Schedule 1 of the Privacy Act.
  • "AUSTRAC" means Australian Transaction Reports and Analysis Centre.
  • "Designated Services" means the services we provide that are described as Professional Services in Table 6 of section 6 of the AML/CTF Act, currently: conveyancing services; buying, selling or transferring a body corporate or legal arrangement; receiving, holding, controlling or managing client money or property as part of a transaction; equity or debt financing transactions; creating or restructuring a body corporate or legal arrangement, including company and trust formation; and acting as or arranging for someone else to act as, a director, secretary, trustee or nominee shareholder for international companies.
  • "We", "us", "our" means Adiuvo Legal Pty Ltd
  • "KYC Information" means information sufficient to establish initial customer due diligence matters on reasonable grounds or to fulfil our ongoing customer due diligence obligations, under the AML/CTF Act. This includes the identity of our client, the identity of any person on whose behalf our client is receiving the service, the identity of any person acting on behalf of the client including their authority to act, the identity of any beneficial owners where the client is not an individual, whether the client, beneficial owner or any person acting on their behalf is a politically exposed person or a person designated for targeted financial sanctions, information about source of wealth and source of funds, the nature and purpose of the business relationship or transaction and any other matter specified in the AML/CTF Rules.
  • "OAIC" means Office of the Australian Information Commissioner
  • "Personal Information" means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not, provided to us for the purposes of or in connection with, activities relating to the AML/CTF Act, the AML/CTF Regulations or the AML/CTF Rules.
  • "Privacy Act" means Privacy Act 1988 (Cth)
  • "Sensitive Information" means personal information that includes information or an opinion about an individual's racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or practices, criminal record, health information, genetic information or biometric information used for verification or identification.


What privacy law applies to our relationship


We are a small business operator under section 6D of the Privacy Act and become subject to the Privacy Act, for the first time, only in relation to AML/CTF related activities by operation of section 6E(1A) of that Act.


Accordingly, the Privacy Act, including the APPs, applies only to our collection, use, sharing, processing and management of personal information required to comply with our obligations under the AML/CTF Framework.


Under APP 2 you may interact with us anonymously or using a pseudonym, where lawful and practicable. However, interacting anonymously or using a pseudonym is not possible where we are required to verify your identity under the AML/CTF Framework.


How do we collect personal information?


We collect personal information only by lawful and fair means.


We collect personal information directly from the individual who is the subject of the information unless the individual has consented to collection from a third party, it is unreasonable or impractical to collect directly or we are required or authorised by law to collect it from a third party.


We may collect personal information when you, your organisation or someone acting on your behalf engages us to provide a designated service, including when you supply KYC Information in response to our direct request or when our third party identity verification and screening provider (currently InfoTrack) collects and verifies information on our behalf.


If we use a credit reporting body for electronic identity verification, we will seek your express consent before doing so and offer you an alternative means of verification, such as certified copies of identification documents.


We will provide you with a Privacy Collection Notice at or before the time we collect your personal information, which accompanies our engagement letter and fee proposal.


What personal information do we collect?


We are required by law under the AML/CTF Act to collect and verify certain personal information and may be prohibited from providing Designated Services if we cannot do so.


We collect KYC Information as required by the AML/CTF Act, which may include your name, residential address, date of birth, contact details, occupation, identification document details, source of funds and source of wealth information and beneficial ownership information where you are acting for a company, trust or other entity.


We may also collect Sensitive Information where required for compliance with the AML/CTF Framework, including information about political associations relevant to determining whether you are a politically exposed person.


We may conduct ongoing monitoring of transactions and client information to comply with our AML/CTF obligations.


What happens if you don't provide us with requested personal information?


If you do not provide requested personal information, we may be unable to provide Designated Services to you and may be unable to comply with our legal obligations, which may mean we cannot act for you on a matter involving a Designated Service.


Purposes of collection of personal information


We collect and use personal information to carry out our functions and activities, including providing you with Designated Services and complying with our regulatory obligations, such as the AML/CTF Framework, the Legal Profession Uniform Law and its related rules and other relevant legislation such as the Duties Act 1997 (NSW) and the Australian Registrars National Electronic Conveyancing Council's Model Participation Rules.


Unless you consent otherwise, we only use your personal information for the primary purpose for which it was collected and for any secondary purpose you would reasonably expect that is related to the primary purpose. For Sensitive Information, any secondary purpose must be one you would reasonably expect and directly related to the primary purpose of collection.


Disclosure of personal information


Third parties


Subject to legal requirements, we do not share your personal information with third parties except with your express permission or to contracted service providers who support our AML/CTF due diligence processes. This currently includes our third party identity verification and screening provider (InfoTrack) and incorporation or registered agents engaged to establish or administer a company or trust on your behalf, including agents located overseas where your matter involves an international entity. We take reasonable steps to ensure such service providers protect your personal information appropriately and do not use or disclose it for any other purpose, other than as required by law.


Legal requirements


We may use or disclose your personal information where required by law or expressly permitted by the Privacy Act, including where it is necessary to lessen or prevent a serious threat to life, health or safety, where we reasonably suspect serious unlawful activity or misconduct relating to our functions, where necessary to assist in locating a missing person or where we are compelled by law, including by warrant, subpoena, court or tribunal order or a lawful request from a government agency or regulator. This includes disclosure to AUSTRAC, including where we form a suspicion about a matter or transaction under the AML/CTF Framework.


Nothing in this AML/CTF Privacy Policy limits our obligations of confidentiality or client legal privilege. However, there may be circumstances where we are compelled to disclose information to AUSTRAC under the AML/CTF Framework. We are prohibited from notifying you of disclosures to AUSTRAC and may be prohibited from notifying you of disclosures to other government agencies or authorities.


Business transactions


If Adiuvo Legal is involved in a merger, acquisition or sale of all or part of its practice, your personal information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.


How do we protect your information?


We hold personal information in hard copy and electronic formats. We take reasonable steps to prevent unauthorised access, disclosure, alteration, destruction or loss of personal information, including through staff awareness of privacy obligations, administrative and technical controls restricting access to those who need it and technological security measures such as encryption and access controls.


Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme in the Privacy Act, including notifying the OAIC and affected individuals as required.


When personal information is no longer needed for any purpose for which it may be used or disclosed under this policy and we are not required by law or court order to retain it, we take reasonable steps to destroy or de-identify it. We do not retain full copies of identification documents, such as scanned passports or driver's licences, for longer than needed to complete verification. KYC Information and transaction records are kept for 7 years after the practice relationship ends or the relevant transaction is completed, as required by the AML/CTF Framework.


Can your personal information be accessed offshore?


We maintain your personal information physically and electronically within Australia, unless your matter requires us to share information with third parties offshore, such as incorporation or registered agents in jurisdictions relevant to your matter.


Some electronic services we use may process data offshore but those services are not entitled to access or use the personal information we hold except as required to deliver the contracted service. We take reasonable steps to ensure overseas recipients do not breach the APPs.


How you can access and correct your personal information


We will respond to inquiries about whether we hold personal information about you and allow access to and correction of that information, subject to the conditions in the Privacy Act, including where giving access would pose a serious threat to safety, have an unreasonable impact on the privacy of others, relate to a frivolous or vexatious request, relate to existing or anticipated legal proceedings, prejudice negotiations, be unlawful, be required or authorised to be denied under law, prejudice a suspected unlawful activity investigation or enforcement related activity or reveal commercially sensitive evaluative information.


If you believe personal information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, you may request correction by contacting our Privacy Officer. We may ask you to verify your identity before giving access or making corrections and may charge a reasonable fee for access but not for correction. We aim to respond within 30 days.


Our Privacy Officer for these purposes is Jabran Chaudhry, Principal. 

Contact: contact@adiuvolegal.com.au or (02) 9159 9047.


How you can complain about our information handling practices


All privacy related inquiries and complaints are handled by our Privacy Officer. If you have concerns about how we manage your personal information or believe we have breached the APPs, please contact our Privacy Officer in writing, setting out the details of your complaint.

We will acknowledge receipt of your written complaint within a reasonable time, usually within 7 days. Our Privacy Officer will conduct an internal investigation, which may involve contacting you for further information and will aim to provide a written response outlining the outcome, our decision and any corrective action proposed within 30 days of receiving your complaint.


If you are not satisfied with our response or we do not resolve your complaint within 30 days, you may escalate it to the OAIC.


Lodge a complaint with the OAIC


If you require a copy of this Privacy Policy in a particular form, please contact our Privacy Officer.


Date reviewed: 30 June 2026


Copyright © 2026 Adiuvo Legal - All Rights Reserved.

Liability limited by a scheme approved under Professional Standards Legislation.

See our privacy policy for how we handle your personal information.

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

Accept