top of page

Privacy Policy

This page explains the type of information that is collected by Ellison Moschella & Co ABN 87 661 097 197 how such information is used and under what circumstances and to whom it may be disclosed. If you have any privacy concerns, you should direct them to our Privacy Manager by e-mailing mail@ellisonmoschella.com.au or by writing to:

Ellison Moschella & Co

P.O. Box 13045

BRISBANE QLD 4003

email: mail@ellisonmoschella.com.au

 

1. About this policy

We are a boutique Queensland law firm. We provide legal services to individuals, businesses, trustees, companies, property owners, developers, investors, lenders, borrowers, estates, and other clients.​

 

This Privacy Policy explains how we collect, hold, use, disclose, protect, retain, and destroy personal information. It applies to personal information we handle about clients, prospective clients, former clients, counterparties, witnesses, beneficiaries, directors, shareholders, partners, beneficial owners, employees, contractors, applicants, referrers, suppliers, visitors to our website, and other people who interact with us.​

 

This policy is intended to comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles, and to address our handling of personal information in connection with legal practice obligations, professional duties, and anti-money laundering and counter-terrorism financing obligations that may apply to us from 1 July 2026.

 

​Nothing in this policy limits legal professional privilege, client legal privilege, solicitor-client confidentiality, our professional obligations, or any obligation we have under law.​

 

2. What is personal information?

"Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.​“Sensitive information” includes information about a person’s racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade union membership, sexual orientation or practices, criminal record, health information, genetic information, biometric information, and biometric templates.​We only collect sensitive information where it is reasonably necessary for our functions or activities, where you consent, or where collection is otherwise permitted or required by law.​

 

3. Personal information we collect

The kinds of personal information we collect depend on the nature of our relationship with you and the matter we are handling. It may include:

Identity and contact information.

This may include your name, former names, date of birth, residential address, postal address, email address, telephone number, occupation, employer, job title, signature, and preferred contact details.​

Client and matter information

This may include your instructions, correspondence, file notes, contracts, pleadings, affidavits, settlement documents, transaction records, court and tribunal documents, property documents, company and trust documents, financial records, taxation information, banking details, trust account details, insurance information, business records, relationship information, and other material relevant to your matter.​

 

Verification of identity and AML/CTF information

Where required or appropriate, we may collect information to verify your identity, understand the nature and purpose of your instructions, identify beneficial owners or controlling persons, assess source of funds or source of wealth, screen for sanctions or politically exposed person status, undertake risk assessments, conduct ongoing customer due diligence, and comply with AML/CTF obligations.​

 

This information may include identity document details, verification results, electronic verification reports, company searches, trust deeds, partnership information, beneficial ownership information, control information, transaction information, source of funds information, source of wealth information, adverse media information, sanctions screening information, and related risk assessment records.

 

​Financial and payment information

This may include bank account details, payment details, invoices, receipts, trust account records, source of funds material, loan information, settlement information, and other financial information connected with our legal services.​

 

Information about other people connected with a matter

In some matters, we may collect information about directors, shareholders, partners, trustees, beneficiaries, appointors, attorneys, guardians, executors, administrators, witnesses, experts, employees, family members, dependants, counterparties, and other relevant people.​

 

Sensitive information

Depending on the matter, we may collect sensitive information such as health information, criminal record information, family circumstances, financial hardship information, racial or ethnic origin, cultural or native title information, religious or philosophical beliefs, political opinions, union membership, sexual orientation, biometric information used for identity verification, and other sensitive information relevant to the matter.​

 

Employment, contractor, and recruitment information

If you apply to work with us or provide services to us, we may collect your CV, qualifications, employment history, references, right-to-work information, background checks, interview notes, payroll details, tax and superannuation information, performance information, and other information relevant to employment, engagement, or personnel due diligence.

 

​Website and technology information

When you use our website or communicate with us electronically, we may collect technical information such as your IP address, browser type, device information, pages visited, time and date of access, referring website, cookies, analytics data, email metadata, and cyber security logs.​

 

4. How we collect personal information

We collect personal information in several ways, including:

  • directly from you, including when you contact us, complete forms, provide instructions, sign an engagement agreement, attend meetings, send documents, or use our website;

  • from your authorised representatives, such as attorneys, guardians, employees, officers, agents, accountants, brokers, financial advisers, migration agents, conveyancers, or other lawyers;

  • from courts, tribunals, government agencies, regulators, public registers, land titles offices, ASIC, the ATO, AUSTRAC, law enforcement agencies, and other official sources;

  • from counterparties, opposing solicitors, barristers, experts, witnesses, referrers, real estate agents, lenders, banks, insurers, settlement agents, and other participants in a matter;

  • from identity verification, AML/CTF screening, sanctions screening, credit reporting, company search, property search, document verification, e-signature, and other service providers;

  • from publicly available sources, including websites, media reports, professional directories, and public databases;

  • through our website, cookies, analytics tools, email systems, practice management systems, telephone systems, and cyber security systems.​

Where reasonable and practicable, we collect personal information directly from the individual concerned. In some matters, it is necessary or more practical to collect information from third parties.​

 

5. Why we collect, use, and disclose personal information

We collect, use, and disclose personal information for the purposes for which it was collected and for related purposes that you would reasonably expect. These purposes include:

  • providing legal services;

  • assessing whether we can act for you;

  • conducting conflict checks;

  • opening, administering, and managing client matters;

  • communicating with you and others involved in a matter;

  • preparing, reviewing, negotiating, executing, lodging, and storing legal documents;

  • conducting litigation, dispute resolution, transactions, settlements, and advisory work;

  • verifying identity;

  • complying with AML/CTF obligations, including customer due diligence, enhanced customer due diligence, ongoing monitoring, risk assessment, reporting, and record-keeping;

  • administering our trust account and office account;

  • issuing invoices, receiving payments, recovering debts, and managing accounting and taxation obligations;

  • obtaining advice from barristers, experts, consultants, insurers, auditors, external examiners, and other professional advisers;

  • complying with court orders, subpoenas, notices, warrants, statutory obligations, professional obligations, and regulatory requirements;

  • managing professional indemnity insurance, risk, quality assurance, file reviews, complaints, and claims;

  • maintaining cyber security, physical security, records management, and business continuity;

  • managing recruitment, employment, contractors, and personnel due diligence;

  • improving our services, systems, website, and client experience;

  • sending legal updates, invitations, and marketing communications where permitted by law;

  • any other purpose required or authorised by law.​

 

6. AML/CTF, identity verification, and customer due diligence

From 1 July 2026, we may be regulated under the AML/CTF regime when we provide certain designated services. Depending on the matter, we may need to collect, verify, use, and retain personal information before we can act, continue to act, receive funds, transfer funds, undertake a transaction, or complete a matter.​

 

We may ask you, and relevant associated persons, to provide information or documents to:

  • verify identity;

  • identify beneficial owners or controlling persons;

  • understand the ownership and control structure of a client;

  • understand the nature, purpose, and intended outcome of a matter;

  • assess source of funds or source of wealth;

  • screen against sanctions, politically exposed person, adverse media, and other risk databases;

  • conduct initial, ongoing, simplified, or enhanced customer due diligence;

  • comply with AML/CTF reporting, monitoring, and record-keeping obligations.​

 

Where it is reasonably sufficient and legally appropriate, we prefer to record verification details, verification outcomes, document reference numbers, dates, and provider reports rather than retaining full scanned or photocopied identity documents. However, we may retain copies of identity documents where required by law, required by a regulator, necessary for a matter, necessary for risk management, or reasonably required for another lawful purpose.​

 

We may use external identity verification, document verification, AML/CTF screening, sanctions screening, and risk assessment providers. Those providers may use electronic databases and official or commercial data sources to verify information.

 

​If you do not provide information we reasonably require, we may be unable to act for you, continue acting for you, receive or transfer funds, complete a transaction, or provide some services.​In some circumstances, AML/CTF laws may require or authorise us to disclose information to AUSTRAC, law enforcement agencies, regulators, or other bodies.

 

In some circumstances, we may be legally restricted from telling you about a disclosure, report, investigation, monitoring activity, or related matter.​

 

7. Legal professional privilege and confidentiality

As a law firm, we owe strict duties of confidentiality to our clients. We also recognise and protect legal professional privilege and client legal privilege where they apply.​

 

We do not disclose confidential client information unless:

  • the client authorises the disclosure;

  • disclosure is impliedly authorised to carry out the client’s instructions;

  • disclosure is required or permitted by law;

  • disclosure is required or permitted by professional conduct rules;

  • disclosure is necessary to obtain advice from counsel, experts, consultants, insurers, auditors, external examiners, or other professional advisers;

  • disclosure is necessary for billing, debt recovery, risk management, file management, or practice administration;

  • another recognised exception applies.​

 

Nothing in this policy is intended to waive legal professional privilege or client legal privilege. Where a request for access, correction, disclosure, deletion, or transfer of information would affect privilege, confidentiality, another person’s privacy, court obligations, professional obligations, or legal restrictions, we may decline or limit the request to the extent permitted by law.​

 

8. Who we disclose personal information to

We may disclose personal information to:

  • our principals, employees, consultants, contractors, secondees, and agents;

  • barristers, experts, investigators, consultants, mediators, arbitrators, and other professional advisers;

  • other lawyers and law practices, including opposing solicitors and transaction participants;

  • courts, tribunals, commissions, registries, dispute resolution bodies, and government agencies;

  • AUSTRAC, the Australian Taxation Office, ASIC, Titles Queensland, revenue offices, police, law enforcement agencies, regulators, and statutory bodies;

  • the Queensland Law Society, the Legal Services Commission, external examiners, auditors, and professional indemnity insurers;

  • banks, lenders, brokers, settlement agents, PEXA or other electronic lodgement network operators, payment providers, and trust account service providers;

  • accountants, bookkeepers, debt collectors, process servers, search agents, company search providers, property search providers, and document lodgement providers;

  • identity verification, AML/CTF screening, sanctions screening, credit checking, document verification, and electronic signature providers;

  • IT, cloud hosting, email, data storage, document management, practice management, cyber security, backup, archiving, printing, scanning, transcription, telephone, secure messaging, and website service providers;

  • insurers, brokers, reinsurers, loss adjusters, and claims managers;

  • referrers and business partners, where you have consented or would reasonably expect the disclosure;

  • prospective purchasers, successors, assignees, or merger partners of our practice, subject to confidentiality protections;

  • any person or body to whom disclosure is required or authorised by law.​

 

We take reasonable steps to ensure third-party service providers handle personal information consistently with applicable privacy, confidentiality, and security obligations.​

 

9. Overseas disclosure

Some of our service providers may store, process, support, or access personal information from outside Australia. The countries in which overseas recipients may be located include: Australia, New Zealand, United States, United Kingdom, European Union, Singapore, Canada, India, or the Philippines.​

 

Some matters may also require overseas disclosure, such as where a client, counterparty, witness, foreign lawyer, foreign court, foreign regulator, overseas expert, overseas bank, overseas company, or overseas transaction is involved.​

 

Before disclosing personal information overseas, we take reasonable steps required by law, unless an exception applies. Overseas recipients may be subject to different privacy and confidentiality laws.​

 

10. How we hold and protect personal information

We may hold personal information in electronic files, hard copy files, email systems, practice management systems, document management systems, cloud platforms, accounting systems, trust accounting systems, backup systems, archives, and secure third-party platforms.​

 

We use a range of physical, technical, and organisational safeguards, which may include:

  • access controls and role-based permissions;

  • multi-factor authentication;

  • password protection;

  • encryption where appropriate;

  • secure backups;

  • cyber security monitoring;

  • locked offices, cabinets, and storage areas;

  • confidentiality obligations for staff and contractors;

  • staff training;

  • secure document transfer methods;

  • secure destruction and disposal processes;

  • supplier due diligence and contractual protections.

 

​No method of transmission or storage is completely secure. You should take care when sending information by email or other electronic means and tell us if you require a particular communication method.​We do not permit staff to upload confidential client information or personal information into publicly available artificial intelligence tools unless the use has been approved by the firm and is consistent with confidentiality, privilege, privacy, security, and professional obligations.​

 

11. Retention and destruction

We retain personal information for as long as reasonably necessary for the purpose for which it was collected, to provide legal services, to comply with legal and professional obligations, to manage risk, to maintain business records, to respond to claims or complaints, to comply with insurance requirements, and to satisfy AML/CTF record-keeping obligations.

 

​For AML/CTF purposes, we may be required to keep certain customer due diligence, transaction, and related records for 7 years. Other legal practice, trust accounting, taxation, employment, limitation period, insurance, and professional obligations may require different retention periods.​

 

When personal information is no longer required, we take reasonable steps to destroy it securely or de-identify it, unless we are required or permitted to retain it.​

 

We may retain archived client files after a matter is completed. We may not be able to return, delete, or destroy information where retention is required or appropriate for legal, professional, regulatory, insurance, risk management, dispute, or archival reasons.​

 

12. Accuracy and correction

We take reasonable steps to ensure the personal information we collect, use, and disclose is accurate, up to date, complete, relevant, and not misleading.​Please tell us promptly if your personal information changes or if you believe information we hold about you is inaccurate, incomplete, out of date, irrelevant, or misleading.​

 

13. Access to personal information

You may request access to personal information we hold about you by contacting our Privacy Officer.Before responding, we may need to verify your identity.

 

We will respond within a reasonable time.​We may refuse, limit, or defer access where permitted by law, including where access would:

  • prejudice legal professional privilege or client legal privilege;

  • breach confidentiality owed to another person;

  • unreasonably affect another person’s privacy;

  • prejudice legal proceedings, negotiations, investigations, enforcement activities, or dispute resolution;

  • reveal commercially sensitive evaluative information;

  • create a serious threat to life, health, or safety;

  • be unlawful;

  • be frivolous, vexatious, or unreasonable; and

  • be otherwise permitted or required to be refused by law.​

 

There is no fee to make an access request. We may charge a reasonable administrative fee for providing access where permitted by law.​

 

14. Correction requests

You may ask us to correct personal information we hold about you. If we are satisfied the information is inaccurate, incomplete, out of date, irrelevant, or misleading, we will take reasonable steps to correct it.​If we do not agree to make a correction, you may ask us to associate a statement with the information noting that you consider it inaccurate, incomplete, out of date, irrelevant, or misleading, where required by law.​

 

15. Anonymity and pseudonymity

You may deal with us anonymously or using a pseudonym where lawful and practicable, such as when making a general website enquiry.​However, in most legal matters, we need to identify our clients and relevant associated persons. We may be unable to act, continue acting, provide advice, receive funds, transfer funds, or complete a transaction unless we can identify relevant people and complete required checks.​

 

16. Direct marketing

We may use your contact details to send legal updates, invitations, publications, or information about our services where permitted by law.​You may opt out of marketing communications at any time by using the unsubscribe function or contacting us. We will not use sensitive information for direct marketing without consent.​

 

17. Cookies, analytics, and website use

Our website may use cookies, analytics tools, pixels, logs, and similar technologies to operate the website, understand website traffic, improve functionality, maintain security, and assess marketing effectiveness.​You can usually adjust your browser settings to block or delete cookies. Some website features may not work properly if cookies are disabled.​Our website may contain links to third-party websites. We are not responsible for the privacy practices, security, or content of third-party websites.​

 

18. Data breaches

We take data security seriously.

 

If we suspect a data breach, we will assess the incident and take appropriate steps to contain, investigate, remediate, and notify affected individuals or regulators where required by law.​Where the Notifiable Data Breaches scheme applies, we will notify the Australian Information Commissioner and affected individuals where required.

 

​19. Privacy complaints

If you have a privacy complaint, please contact our Privacy Officer using the details below.

 

We will usually:

  • acknowledge your complaint within 5 business days;

  • investigate the complaint;ask you for further information if needed;

  • aim to provide a written response within 30 days, or tell you if more time is required.​

 

If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner.​

 

If your concern relates to solicitor conduct, confidentiality, or professional obligations, you may also contact the Legal Services Commission Queensland or the Queensland Law Society, although those bodies do not replace the OAIC’s role as privacy regulator.​

 

20. Changes to this policy

We may update this Privacy Policy from time to time. The current version will be published on our website. The effective date at the top of the policy indicates when it was last updated.​​

Ellison Moschella & Co

Subscribe Form

Thanks for submitting!

mail@ellisonmoschella.com.au

(07) 3221 8655

Level 7, King George Tower,

79 Adelaide St, Brisbane City QLD 4000

PO Box 13045

Brisbane QLD 4003

  • Google Places

©2021 by Ellison Moschella & Co ABN 87 934 273 596 
Liability limited by a scheme approved under professional standards legislation.
CAUTION ON MONEY TRANSFERS We may ask clients to deposit funds into our firm’s trust account.  Please do not deposit money to an account nominated by us without calling us to verify the account number by telephone.

bottom of page