Book a Consultation
Book a Consultation

Privacy Policy

Last updated: February 2026

Elton Law Group Pty Ltd (ABN 92 690 247 360) (“Elton Law Group”, “we”, “us”, “our”) is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, store and disclose personal information when you interact with us, including through our website, client portals, email communications, and in the course of providing legal services.

By accessing our website, engaging us, submitting information to us, or otherwise dealing with Elton Law Group, you agree to the terms of this Privacy Policy.

Your use of our website is also subject to our terms of use.

  1. What Personal Information We Collect

“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

The types of personal information we may collect include:

  • name, job title, organisation and contact details
  • date of birth
  • identification documents
  • financial information relevant to your matter
  • information relating to your legal issue or instructions
  • information you provide through our website forms, client portals or email
  • IP address, device identifiers and website usage data
  • employment history and background information if you apply for a role with us
  • any other information you choose to provide to us.

We may also collect sensitive information, such as health information or criminal history, where required for your matter and with your consent.

  1. How We Collect Personal Information

We collect personal information in several ways, including when you:

  • engage us to provide legal services
  • communicate with us by email, phone, online forms or in person
  • subscribe to our publications or register for events
  • use our website, client portals or digital tools (including cookies and analytics)
  • apply for employment or provide services to us.

We may also collect information from third parties where reasonably necessary, including:

  • your authorised representatives
  • counterparties, regulators, courts and tribunals
  • publicly available sources
  • recruitment agencies, referees and background‑check providers
  • service providers assisting us with your matter.

  1. Why We Collect, Use and Disclose Personal Information

We collect, hold, use and disclose personal information for purposes including:

  • providing legal services and advice
  • communicating with you about your matter
  • verifying your identity
  • managing conflicts of interest
  • maintaining and updating client records
  • sending legal updates, insights and event invitations (you may opt out at any time)
  • improving our services, website and client experience
  • meeting our legal, regulatory and professional obligations
  • processing employment applications
  • responding to enquiries, feedback or complaints.

We will only use or disclose your personal information for the purpose for which it was collected, for a related purpose you would reasonably expect, or where required or authorised by law.

  1. Disclosure of Personal Information

We may disclose your personal information to:

  • barristers, experts, consultants and other professionals engaged in your matter
  • courts, tribunals, regulators and government agencies
  • third‑party service providers who support our operations (e.g., IT, data storage, document production, email filtering, administrative support)
  • our insurers and professional advisers
  • any person you authorise us to disclose information to.

We do not sell, rent or trade personal information.

  1. Overseas Disclosure

Some service providers or personnel assisting us may be located outside Australia.

These may include providers in countries such as:

  • the Philippines
  • the United States
  • the United Kingdom
  • New Zealand
  • Canada
  • the European Union

Where personal information is accessed or processed overseas, we ensure that:

  • appropriate confidentiality and data‑security obligations are in place, and
  • the handling of your information is consistent with this Privacy Policy and the APPs.

  1. Storage and Security

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

Security measures include:

  • secure cloud‑based storage (e.g., Microsoft Azure, AWS)
  • encryption and access controls
  • password protection and multi‑factor authentication
  • restricted access on a need‑to‑know basis
  • secure disposal of documents and hardware
  • firewalls, antivirus and intrusion‑detection systems
  • regular system reviews and security audits.

However, no system is completely secure. If you become aware of any security breach, please notify us immediately.

  1. Data Retention

We retain personal information for as long as required to:

  • provide services to you
  • comply with legal and regulatory obligations
  • maintain business records
  • manage risk and professional obligations.

Information is securely destroyed or de‑identified when no longer required.

  1. Access and Correction

You may request access to, or correction of, the personal information we hold about you.

We may require identity verification before providing access. In limited circumstances, we may refuse access where permitted by law, and we will explain why.

Requests can be made by contacting our Privacy Officer (details below).

  1. Direct Marketing

We may send you legal updates, insights, newsletters or event invitations.

You may opt out at any time by:

  • clicking “unsubscribe” in our communications, or
  • contacting us directly.

  1. Cookies and Website Analytics

Our website may use cookies and analytics tools to collect information such as:

  • pages visited
  • time spent on the site
  • browser type and device information
  • referring links
  • IP address.

This helps us improve website functionality and user experience.

You may disable cookies in your browser settings, although some features may not function properly.

  1. Notifiable Data Breaches Scheme

If a data breach occurs that is likely to result in serious harm, we will:

  • investigate promptly
  • take steps to contain and mitigate the breach
  • notify affected individuals where required
  • notify the Office of the Australian Information Commissioner (OAIC).

  1. Complaints

If you have concerns about how we handle your personal information, please contact our Privacy Officer.

We will investigate your complaint and respond as soon as reasonably practicable.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website. Continued use of our website or services constitutes acceptance of the updated policy.

  1. Contact Us

Privacy Officer
Elton Law Group
Email: info@eltonlaw.com.au
Phone: (02) 7240 6739
Address: Level 1, 60 Martin Place, Sydney, NSW, 2000