Privacy Policy

Privacy Policy

Effective 30 January 2026

1. Purpose & Scope

This Privacy Policy explains how Clayhills Escobar Solicitors (the Firm, we, us, our) collects, holds, uses and discloses personal information in the course of operating our legal practice, including through our website(s), enquiries, client engagements, events and marketing communications. This policy is intended to comply with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

2. Contact Details

Firm: Clayhills Escobar Solicitors
Address: 108/1 Erskineville Road, Newtown NSW 2042
Phone: (02) 9519 5030
Email:
Privacy contact: Privacy Officer

3. Key definitions

Personal information has the meaning given in the Privacy Act and includes information about an identified individual, or an individual who is reasonably identifiable.

Sensitive information includes certain categories such as health information, criminal record information, biometric information, and information about a person’s racial or ethnic origin, political opinions, religious beliefs, sexual orientation, or trade union membership.

Client includes a prospective client and any person who engages the Firm.

4. What personal information is collected

The Firm may collect personal information including (without limitation):

  1. identity and contact details (name, email, phone, address, date of birth);
  2. occupation and business details (employer, role, ABN/ACN, business address);
  3. matter-related information relevant to legal services requested or provided;
  4. financial information (including billing and payment details);
  5. identification information required for verification (for example, copies of identity documents) where needed;
  6. communications (emails, correspondence, call records/notes); and
  7. technical and usage data when you use our website(s) (IP address, browser/device information, cookies and analytics data).

5. Sensitive information

The Firm may collect sensitive information where it is reasonably necessary to provide legal services or otherwise for our functions and activities. Where required, sensitive information will be collected with consent and/or as permitted by law.

6. Legal professional privilege and confidentiality

Nothing in this policy limits any rights the Firm may have to claim legal professional privilege or maintain confidentiality obligations owed to clients. Information may be handled and disclosed where necessary to provide legal services, comply with court/tribunal processes, or as otherwise authorised by law.

7. Verification and anti-fraud checks

Where necessary, the Firm may collect and use identification information to verify identity and to prevent fraud and cyber risks.

8. How personal information is collected

We collect personal information in a range of ways, including:

  1. directly from you (for example, when you contact us, provide instructions, complete a form, attend a meeting, or use our website);
  2. from third parties where appropriate (for example, barristers, expert witnesses, courts/tribunals, government agencies, counterparties, referees, employers, accountants, or other professional advisers), including where you authorise this or where permitted by law; and
  3. from publicly available sources (for example, ASIC registers, land titles, court lists, internet sources) where relevant to a matter.

Where practicable, personal information will be collected directly from you.

9. Why personal information is collected, held, used and disclosed

The Firm collects, holds, uses and discloses personal information for purposes including:

  1. assessing whether we can act for you, including conflict checks and client due diligence;
  2. providing legal services and carrying out your instructions;
  3. communicating with you and other parties about your matter;
  4. preparing documents, advice and court/tribunal materials;
  5. billing, payment processing, and practice administration;
  6. complying with legal and regulatory obligations (including court/tribunal requirements);
  7. managing risk, quality assurance, training, and business systems;
  8. maintaining records and managing our professional responsibilities; and
  9. marketing our services and sharing legal updates where permitted by law (see section 14).

If personal information is not provided when requested, we may not be able to provide legal services or respond fully to your enquiry.

10. Disclosure of personal information

We may disclose personal information to third parties where reasonably necessary for the purposes set out in section 9, including:

  1. our staff, principals, contractors and related entities (where applicable);
  2. counsel (barristers), experts and consultants;
  3. courts, tribunals, registries, and government agencies;
  4. counterparties and their advisers;
  5. service providers who support our practice (for example IT providers, practice management system providers, document management, secure storage, auditors, insurers, payment processors); and
  6. other parties as authorised by you or permitted/required by law.

Where practicable, disclosures are limited to what is necessary, and service providers are required to protect information through appropriate confidentiality and security obligations.

11. Overseas disclosure (cross-border) (APP 8)

Some of the Firm’s service providers may store, host or process personal information outside Australia (for example, cloud hosting, email systems, document management, CRM and analytics providers). Countries may include the United States and other locations in which our providers operate.

Overseas recipients may not be subject to the Privacy Act and the APPs, and you may have limited avenues for redress in Australia. The Firm takes reasonable steps to ensure that overseas recipients handle personal information consistently with Australian privacy requirements (for example through due diligence and contractual protections) where practicable.

12. Security of personal information (APP 11)

We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. This may include access controls, encryption where appropriate, multi-factor authentication, secure storage, staff training, and vendor management practices.

No data transmission or storage system can be guaranteed as completely secure.

13. Retention of personal information

We retain personal information only for as long as necessary to carry out the purposes described in this policy, unless a longer period is required or permitted by law, professional obligations, or our risk management requirements.

In many cases, legal practice records (including client files and associated communications) must be retained for a significant period. The Firm maintains internal retention and destruction practices that address different classes of records (for example, client files, trust account records if applicable, marketing lists).

14. Marketing communications (Spam Act)

The Firm may send marketing communications (for example newsletters, legal updates and event invitations) by email or SMS where permitted by law, including where:

  1. you have given express consent; and/or
  2. we reasonably infer consent from your conduct and the context of your relationship with the Firm.

Marketing messages will include the Firm’s identity and a functional unsubscribe facility. Unsubscribe requests are processed promptly. The Firm may retain minimal information necessary to ensure that unsubscribe preferences are respected.

15. Cookies and website analytics

Our website(s) may use cookies and similar technologies (including analytics tools) to help us understand usage and improve functionality and marketing performance. You can adjust browser settings to refuse cookies; however, parts of the website may not function as intended.

16. Access and correction (APP 12 and APP 13)

You may request access to personal information the Firm holds about you and request correction if it is inaccurate, out-of-date, incomplete, irrelevant or misleading. Requests should be made using the contact details in section 2. We may need to verify identity before processing.

In some circumstances, access may be refused or limited as permitted by law (for example where giving access would unreasonably impact another person’s privacy, prejudice legal proceedings, or reveal privileged information). Where required, reasons will be provided.

17. Complaints

If there is a concern about how the Firm has handled personal information, a complaint may be made to us using the contact details in section 2. We will acknowledge and respond within a reasonable time.

If you are not satisfied with our response, a complaint may be made to the Office of the Australian Information Commissioner (OAIC):
Website: https://www.oaic.gov.au/
Phone: 1300 363 992
Mail: GPO Box 5218, Sydney NSW 2001

18. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. The current version will be made available on our website and will include the effective date.

Scroll to Top