At Macpherson Kelley, we recognise the importance of your privacy and understand your concerns about the security of the personal information you provide to us. We comply with the Australian Privacy Principles (APPs) as contained in the Privacy Act 1988 (Cth). The APPs detail how personal information may be collected, used, disclosed, stored and destroyed, and how an individual may gain access to or make complaints about the personal information held about them.

This policy details how Macpherson Kelley manages personal information about you (including sensitive information and health information).

In the course of doing business, we predominantly collect business information. However, the ancillary collection of personal information in some instances is necessary or unavoidable. Also, when we provide legal services that relate to your personal affairs, we will also collect personal information.


“Personal information” is information or an opinion about an identified individual, or about an individual who is reasonably identifiable.

“Sensitive Information”, a sub-set of personal information, is information or an opinion about an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record, and includes health information and genetic information.

“Health Information” is information or an opinion about an individual’s health or disability, the health services provided or to be provided to them, their expressed wishes for the provision of future health services, personal information collected to provide a health service, personal information collected in connection with organ and body-part donation, and predictive genetic information.

“Macpherson Kelley” includes the following entities:

  • M&K Lawyers Holdings Pty Ltd
  • Macpherson Kelley Pty Ltd
  • M&K Lawyers Investments Pty Ltd
  • M&K Lawyers Nominee Pty Ltd
  • Macpherson Kelley Services Pty Ltd

What personal information we collect and hold?

If you are a client or a prospective client, then the kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the services you or your organisation have engaged us to provide, and the services you or your organisation are interested in.

The kinds of personal information that we commonly collect and hold from you or about you include: your name, address, phone, fax and mobile numbers and email address, and the history of and your relationship with others involved in your matter. In the course of providing our legal services, we also commonly collect and hold personal information regarding: your family composition, racial or ethnic origin, religious beliefs and affiliations, date/s of birth, gender/s, occupation/s, employment and qualification details, financial records, income details, asset listings, taxation records, bank account details, insurance policies, medical history, disability status, criminal record and Court records, etc. We may also collect other personal or sensitive information, depending on the nature of your matter.

Even if you are not a client of ours, or even if we have only limited contact with you, we may still collect, hold, use and disclose personal information about you. This will commonly occur where we are formally engaged to act against you or in a matter with which you are otherwise involved. In these cases, we may collect personal information from you directly, or about you from our client, other third parties or publicly available sources. We may do this without your consent, and without notifying you of the collection of this information.

When you browse our website or contact us electronically, or engage with us on social media, we record: geographical tagging and statistical data from your activity including your computer system internet address, your top level domain name (for example .com, .gov, .au, .uk etc), the date and time of your visit to the site, the pages you accessed and documents downloaded, the previous sites you have visited and the type of browser you are using. Note that none of the statistical information we collect allows us to identify a visitor to our website. The information we collect from your visit to our website is used by us to help administer and improve the website.

We use cookies to collect non personal information, and anonymous information about visits to our website and to track how you reached our website.  Cookies are small text files placed on your hard drive by website hosts. Cookies recognise a repeat visitor to its site and enable sites to store information on the user’s computer so that the information can be referenced later. You will be given the option to disable cookies when you visit our website, but this may prevent proper functionality of the website.  In particular, you may not be able to store your preferences, and some of our pages might not display properly. If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Note that our website does not have facilities for the secure transmission of emails. If you are concerned about the security of any personal information you submit by email, please contact us using an alternative method (eg. telephone, fax, secure post or encrypted message).

Our website also contains links to other websites of interest. However, once you have used those links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website/s in question.

How we collect and hold personal information

We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so. For example, we collect personal information from you or about you from correspondence that you submit to us, meetings and interviews with us, telephone calls with us, the instructions you provide to us, submissions you make on our website, and registration and feedback forms you may fill in for our marketing-related activities and events.

We engage a 3rd party to gather client feedback on our behalf via a Net Promoter Score system twice a year. They are provided with your name and email to help us understand whether we are delivering an excellent client experience. You can unsubscribe from this feedback mechanism at any point.

In some instances we may receive personal information about you from third parties, such as associated businesses, government agencies, local Councils and referrers (such as other law firms, accountants, real estate agents, financial planners, insurers and business consultants etc). We may also receive personal information about you from your family members, authorised third parties and publicly available sources.

You can be anonymous or use a pseudonym when dealing with us, unless:

  • the use of your true identity is a legal requirement; or
  • it is impracticable for us to deal with you on such basis.

Why we collect, hold, use and disclose personal information

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our business functions and activities, and to provide our legal advice and other service offerings. For example, we collect, hold, use and disclose your personal information as necessary to provide our legal services to you or your organisation, or to act for our client in a matter against you.

Our business works closely with other businesses, such as government departments and agencies, other law firms, barristers, accountants, real estate agents, financial planners, insurers, local business and industry networks, Chambers of Commerce, business and industry alliances, auditors and other consultants, etc. We routinely disclose your personal information to these third parties where it is reasonably necessary for them to assist us to provide our legal services to you, or to enable them to provide related service offerings that you have requested. We may also disclose your personal information to banking institutions (to verify and process your payments).

We will also disclose your personal information as necessary amongst the other entities within the Macpherson Kelley group, for purposes including conflict checks, the provision of our legal services, and enabling them to provide service offerings that you have requested.

We may collect sensitive information from you or about you where there is a legal requirement to do so, or where we are otherwise permitted by law. In all other situations, we will specifically seek your consent.

We also collect, hold, use and disclose your personal information for purposes related to the provision of our legal services that you would reasonably expect, such as internal audit investigations, performance reporting, file research, legal services planning, our own internal administrative and accounting functions, our professional and reporting obligations, data backups, marketing and promotions, ongoing newsletter communications, providing you with details about law changes, educational briefings and other service offering updates, conducting client satisfaction surveys and feedback requests, statistical collation and website traffic analysis.

Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.

When we collect personal information from you, we may request that you opt in to receiving direct marketing material specifically tailored to the industry you operate in, the services you or your organisation have engaged Macpherson Kelley to provide, or the services you or your organisation are or may be interested in.  Where we or other businesses in the Macpherson Kelley group use your personal information for newsletter, marketing and educational briefing communications, you can also opt out at any time by notifying us. Opt out procedures are also included in our marketing communications.

Our marketing communication email platform, and our feedback survey program, are conducted by Australian organisations external to Macpherson Kelley. Your personal information included in our marketing database is shared with our external marketing agencies and survey contractors for these purposes.

We may also disclose your personal information to third parties (including government departments and agencies, enforcement bodies and professional registration and accreditation bodies etc) where required or permitted by law. Commonly, we will also disclose your personal information as required under taxation, superannuation, personal assistance, stamp duty, local government, industrial relations, conveyancing and family laws etc.  As an example, where you have engaged us to act on your behalf in regards to a Migration or Visa related matter, we may, when required, disclose your personal details and health information to regulatory bodies including the Department of Home Affairs.

Where you are a prospective employee of any entity within the Macpherson Kelley group, we will collect, hold, use and disclose your personal information for purposes related to your prospective recruitment. In many cases, our recruitment activities are managed by a third party recruitment agency.

If we do not collect, hold, use or disclose your personal information, or if you do not consent to the provision of such information, then we may not be able to answer your enquiry, complete the transaction you have entered into, or provide the legal services that you or your organisation have engaged us to provide.

How we hold and store personal information

Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure:

  • Data held and stored on paper is stored in secure key-card premises with monitored alarms.
  • Data held and stored electronically is protected by internal and external firewalls, high encryption and all access to electronic data including databases requires password access that meets Microsoft complexity standards.
  • Access to personal information is restricted to staff and contractors whose job description requires access. Our employees and contractors are contractually obliged to maintain the confidentiality of any personal information held by us.
  • Where the information has been collected in relation to Migration and Visa related matters, we implement further electronic security processes to protect your information against inadvertent disclosure.
  • Data stored or archived off-site is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.
  • We undertake regular data backups, with the data copied and backed up to multiple locations.
  • Where we disclose personal information to third parties (including contractors and affiliated businesses located locally and overseas), our contractual arrangements with them include specific privacy requirements.
  • Our staff receive regular training on privacy procedures.

Destruction and De-identification

We will retain your personal information whilst it is required for any of our business functions, or for any other lawful purpose. For example, we necessarily retain records of client names and the names of opposing parties indefinitely, so as to avoid conflicts of interest.

We will also retain your personal information for the time periods required by law (commonly, seven years).

We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed:

  • Paper records are sent for secure destruction. In some instances, paper records and original transaction documents will be returned to you and/or relevant third parties.
  • Electronic records retained for longer than 7 years may be archived to alternative storage and are subject to the procedural safeguards described above.

Overseas disclosure

Our business is affiliated with other businesses located overseas, including:

  • a global association of law firms called “MultiLaw”;
  • a network of law firms in the Pacific called the “Pacific Legal Network” (PLN),
  • the International Trademark Association (INTA); and
  • an expert alliance of law and tech firms focused on data privacy matters called “PrivacyRules”.

In the course of doing business with you, we may disclose some of your personal information to overseas recipients (either within the global MultiLaw franchise or separate to it including our networks within PLN, INTA or PrivacyRules). However, we will only do so where:

  • it is necessary to complete the transaction you have entered into; and
  • you have provided consent; or
  • we believe on reasonable grounds that the overseas recipient is required to deal with your personal information by enforceable laws which are similar to the requirements under the APPs; or
  • it is otherwise permitted by law.

Some of our administrative, marketing and IT computer systems and platforms are hosted by service providers located overseas. Currently, these hosting service providers are located in the United States of America.

We may also engage Australian service providers to assist with our IT systems or undertake administrative tasks not directly related to your legal matters. They may have personnel located overseas. In any such engagement these providers and their staff may have access to some of your personal information.  However, we take reasonable steps (including undertaking due diligence and by imposing contractual obligations and electronic restrictions) to protect your personal information from improper use or disclosure.

Requests for access and correction

We take reasonable steps to ensure that the personal information we use or disclose is accurate, complete and up to date, having regard to the purpose of the use or disclosure.

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you. Your right to request access may arise under the Privacy Act, your retainer with us, the Legal Profession Act or the common law.

In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For further information, please contact us.

To assist us to keep our records up-to-date, please notify us of any changes to your personal information.

Data Breaches

In Australia, if we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach within 30 days after becoming aware of the occurrence of the suspected breach. Where it is ascertained that a breach has actually occurred and where required by law, we will notify the Privacy Commissioner and affected individuals in accordance with our legal requirements.

Complaints and Concerns

We have procedures in place for dealing complaints and concerns about our practices in relation to the Privacy Act, the APPs, and any alleged breach of this Policy. We will respond to your complaint in accordance with the relevant provisions of the APPs. For further information, please contact us.


Our Privacy Officer can be contacted to discuss or attempt to resolve any complaints relating to the collection, storage and use of your personal information. For further information, please contact:

Privacy Officer
Macpherson Kelley
40-42 Scott Street
P: 1800 888 966
F: 03 9794 2500
Last updated: June 2021

stay up to date with our news & insights