Privacy Policy
Zed Legal Australia · Last updated: 5 July 2026
1. About this Privacy Policy
This Privacy Policy explains how Zed Legal Australia collects, holds, uses and discloses personal information, and how we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
We are a legal practice. We may collect personal information when you use our website, contact us, enquire about our services, become a client, provide information in relation to a legal matter, attend an appointment, verify your identity, subscribe to updates, interact with our social media, or otherwise communicate with us.
We respect your privacy and take the handling of personal information seriously.
In this Privacy Policy, “personal information” means information or an opinion about an identified individual or an individual who is reasonably identifiable. “Sensitive information” has the meaning given in the Privacy Act 1988 (Cth) and includes health and biometric information.
2. What information we collect
The types of personal information we may collect depend on your relationship with us and the nature of your matter.
We may collect information such as:
your name, address, email address, phone number and other contact details;
your date of birth, place of birth, citizenship, residency status or identification details;
information contained in identity documents, verification of identity records, passports, driver’s licences, birth certificates, marriage certificates, death certificates, Medicare cards, company searches, land title records and other official documents;
financial information, including bank account details, billing details, payment information, property settlement details, loan information, tax file number information where required, and information about assets, liabilities, income or expenses;
family, relationship, estate planning, property, business, migration, employment or dispute-related information relevant to your matter;
sensitive information, where it is relevant to our work, including health information, biometric information for identity verification purposes, criminal history information, racial or ethnic origin, religious information, political opinions, professional memberships or other sensitive information;
communications between you and us, including emails, letters, SMS messages, call notes, file notes, online forms and meeting notes;
documents, images, recordings or other materials you provide to us;
identity verification information, including images of your identity documents, data extracted from those documents, a facial image or “selfie” and short liveness capture, the result of any electronic identity check, a verification reference number, and related technical data such as your IP address, device information and approximate location captured at the time of verification (see Section 5);
information about how you use our website, including device information, browser information, IP address, pages viewed, referring websites, interactions with our website and cookie data; and
any other information you provide to us or that we are required or authorised to collect by law.
3. How we collect information
We may collect personal information directly from you when you contact us, complete a form, book an appointment, provide documents, speak with us, instruct us, verify your identity, sign documents, make a payment or use our website.
We may also collect personal information from third parties where it is lawful and appropriate to do so, including:
your authorised representatives, family members, business partners, agents or advisers;
other lawyers, conveyancers, migration agents, accountants, financial advisers, brokers, real estate agents, banks, insurers and other professionals;
courts, tribunals, government departments, regulators, registries and law enforcement bodies;
Land Services SA, PEXA, RevenueSA, the Australian Taxation Office, the Department of Home Affairs and other government or registry bodies;
our identity verification provider and the Australian Government’s Document Verification Service (see Section 5);
publicly available sources, including company registers, land title records, court lists and online searches;
third-party service providers we use to deliver legal services, verify identity, manage files, communicate with you, process payments, obtain searches or complete transactions; and
any other person or organisation where you have consented or where collection is required or authorised by law.
4. Why we collect, use and disclose personal information
We may collect, use and disclose personal information for purposes including:
responding to your enquiries;
checking for conflicts of interest;
deciding whether we can act for you;
providing legal services, notarial services, conveyancing services, migration-related services and related professional services;
verifying your identity and complying with professional, legal, regulatory, trust accounting, anti-money laundering, counter-terrorism financing, verification of identity and other compliance obligations;
opening, managing, administering and closing client files;
communicating with you and others involved in your matter;
preparing, reviewing, lodging, serving, filing, signing or exchanging documents;
conducting searches, due diligence, settlements, registrations, applications, claims, negotiations and transactions;
issuing invoices, receiving payments, managing trust money and recovering debts;
detecting, preventing and investigating fraud, identity theft and other unlawful activity;
managing our business, including insurance, auditing, training, quality assurance, risk management, cybersecurity, record keeping and internal administration;
improving our website, services, client experience and communications;
sending you legal updates, firm news or marketing communications where permitted by law; and
complying with court orders, professional obligations, legal obligations, regulatory requirements and lawful requests from authorities.
5. Identity verification and the Document Verification Service (DVS)
Before or during a matter, we are generally required to verify your identity to meet our professional obligations, the verification of identity requirements set by the Australian Registrars’ National Electronic Conveyancing Council (ARNECC) for conveyancing and property dealings, our anti-money laundering and counter-terrorism financing obligations, and to help prevent fraud and identity theft.
We may verify your identity electronically. As part of this process, the details on your identity documents may be checked against the Australian Government’s Document Verification Service (DVS). The DVS is a secure, national, online system that operates under the Identity Verification Services Act 2023 (Cth) and allows authorised organisations to check, in real time, whether the information on an identity document matches the records held by the government agency that issued it.
The DVS performs a match-only check. It confirms whether the details you have provided are consistent with the issuing agency’s records and returns a “match” or “no match” result together with a verification reference number. The DVS does not give us or our provider access to the underlying government record, does not disclose any additional information about you, and does not retain the personal information used to conduct the check.
We access the DVS through a third-party identity verification provider that operates as an accredited gateway to the DVS (currently One Click Services Pty Ltd). Our provider’s systems, and the identity information processed through them, are hosted in Australia.
Your consent. We will obtain your consent before we conduct a DVS check on your identity documents. Providing this information and consent is voluntary; however, if you do not consent or we are unable to verify your identity, we may be unable to act for you, open your matter, or complete your transaction.
When you complete an electronic identity verification, we (through our provider) may collect and hold:
images of your identity documents and the data extracted from them;
a facial image (“selfie”) and a short liveness capture used to confirm that you are a real, present person and that you are the person shown on the identity document;
the result of each document check, a verification reference number (and, where applicable, the originating agency code); and
technical data captured at the time of verification, including your IP address, device information and approximate geographic location, which we use to help prevent fraud and to confirm that the verification took place in Australia.
We retain the results and supporting evidence of your identity verification as a record of having met our verification, ARNECC and compliance obligations, for the periods described in Section 18. Information collected for identity verification is used only for identity verification, fraud prevention, compliance and record-keeping purposes, and is not used for marketing.
If a verification cannot be completed electronically, or you believe a result is incorrect, please contact us. We can arrange an alternative manual verification of identity and, where appropriate, raise a dispute or re-check on your behalf.
6. Biometric information
A facial image and the data derived from it (for example, when your selfie is compared to the photograph on your identity document) is biometric information and is a type of sensitive information under the Privacy Act 1988 (Cth).
We collect and use biometric information only with your consent and only to confirm liveness and to perform a one-to-one “likeness” match between you and your identity document, as part of verifying your identity. This match is performed by our identity verification provider.
We do not use the Australian Government’s Face Verification Service, and we do not use your biometric information for surveillance, profiling, automated decision-making of any legal effect, or any purpose other than verifying your identity.
Biometric information is encrypted, access-restricted and retained only as part of your verification record for the periods described in Section 18.
7. Legal professional privilege and confidentiality
As a legal practice, we owe professional duties of confidentiality.
Some communications and documents may also be protected by legal professional privilege.
Nothing in this Privacy Policy limits our professional duties to clients or our obligations under applicable professional conduct rules.
8. Sensitive information
We will only collect sensitive information (including health and biometric information) where it is reasonably necessary for our functions or activities and:
you have consented;
the collection is required or authorised by law;
the collection is necessary to establish, exercise or defend a legal or equitable claim;
the collection is necessary for a confidential alternative dispute resolution process; or
another lawful basis applies.
9. Tax file numbers
If we collect tax file number information, we will only do so where required or authorised by law.
We will handle tax file number information in accordance with applicable privacy and tax file number requirements.
10. Anti-money laundering and counter-terrorism financing
As a legal practice providing certain designated services, we have obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and related rules, which apply to legal practitioners providing designated services.
To meet these obligations, we may collect and verify identity information, screen individuals against sanctions lists and politically exposed person (PEP) lists, conduct ongoing customer due diligence, keep records, and monitor and report certain matters to the Australian Transaction Reports and Analysis Centre (AUSTRAC).
Where the law requires or permits, we may be prohibited from informing you that a report has been, or may be, made.
11. Website analytics, cookies and online tracking
Our website may use cookies, analytics tools, pixels or similar technologies to understand website traffic, improve the website, measure performance, support security and assist with marketing.
Cookies are small files stored on your device. You can usually disable or manage cookies through your browser settings.
If you disable cookies, some parts of the website may not work properly.
Third-party platforms used for analytics, advertising, forms, bookings, embedded content, maps, video or social media may collect information about your interaction with our website in accordance with their own privacy policies.
12. Direct marketing
We may use your contact details to send you updates, newsletters, invitations, legal information or marketing communications where permitted by law.
You can unsubscribe from marketing communications at any time by using the unsubscribe function, replying to the communication or contacting us.
Even if you unsubscribe from marketing communications, we may still send you important non-marketing communications, including communications about your matter, invoices, legal obligations, appointments or changes to our terms.
We do not use information collected for identity verification (including biometric information) for direct marketing.
13. Disclosure to third parties
We may disclose personal information to third parties where necessary or appropriate for the purposes described in this Privacy Policy.
Those third parties may include:
courts, tribunals, government departments, regulators, registries and law enforcement bodies;
other lawyers, conveyancers, barristers, experts, accountants, financial advisers, brokers, agents and professional advisers;
banks, lenders, insurers, real estate agents, settlement agents and other parties involved in a transaction or matter;
PEXA, Land Services SA, RevenueSA, the Australian Taxation Office, the Department of Home Affairs, AUSTRAC and other registry, government or regulatory platforms;
our identity verification provider and, through it, the Australian Government’s Document Verification Service;
identity verification, document signing, payment, practice management, cloud storage, email, IT, cybersecurity, website, marketing, analytics and administration service providers;
debt recovery providers, insurers, auditors and professional indemnity bodies;
your authorised representatives or persons you ask us to communicate with; and
any other person or organisation where you have consented or where disclosure is required or authorised by law.
14. Overseas disclosure
Information collected for identity verification, including images of identity documents and biometric information, is processed and stored in Australia.
Some of our other service providers, technology platforms or professional contacts may store, process or access information from outside Australia, including in countries such as the United States. The countries in which information may be stored, processed or accessed can change depending on the systems and providers used.
Where practical, we take reasonable steps to use reputable service providers and to protect personal information from unauthorised access, misuse, interference, loss, modification or disclosure.
If your matter involves overseas parties, overseas authorities, overseas lawyers, overseas courts, embassies, consulates, migration authorities or foreign document recipients, we may need to disclose personal information overseas to progress your matter.
15. Use of technology and artificial intelligence
We may use technology tools to assist with legal research, document management, drafting support, administration, transcription, data extraction, workflow management, cybersecurity, file management or client communication.
We do not treat technology outputs as a substitute for legal judgment.
Where we use external technology providers, we take reasonable steps to manage confidentiality, privacy and security risks.
We will not intentionally upload confidential client information into public artificial intelligence tools where doing so would be inconsistent with our legal, professional or confidentiality obligations.
16. Security of personal information
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.
Those steps may include secure systems, encryption of identity, biometric and financial information both in transit and at rest, access controls, password protection, multi-factor authentication, staff training, confidentiality obligations, secure document handling, backups, logging and monitoring, and appropriate technology safeguards.
No method of transmission or storage is completely secure. You should take care when sending information by email, webform, SMS or other electronic methods.
If you believe your information may have been compromised, please contact us promptly.
17. Data breaches
We are subject to the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988 (Cth).
If we become aware of an eligible data breach that is likely to result in serious harm to any individual whose information we hold, we will assess the breach and, where required, notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable.
We maintain procedures to contain, assess and respond to actual or suspected data breaches.
18. Retention of information
We retain personal information for as long as reasonably necessary for the purposes for which it was collected, including to provide legal services, comply with legal and professional obligations, maintain business records, manage risk, resolve disputes and enforce our rights.
Legal files and related records may need to be retained for minimum periods required by law, professional rules, insurance requirements or good legal practice. Verification of identity records are retained for the periods required by ARNECC, anti-money laundering and other applicable requirements (generally at least 7 years).
When information is no longer required, we may destroy, delete or de-identify it where lawful and appropriate.
19. Access and correction
You may request access to personal information we hold about you.
You may also request that we correct personal information if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.
We may need to verify your identity before responding to an access or correction request.
In some cases, we may refuse access or correction where permitted by law, including where access would breach legal professional privilege, reveal information about another person, prejudice a legal matter, breach confidentiality, or be unlawful.
20. Anonymity and pseudonymity
You may contact us anonymously or using a pseudonym where it is lawful and practical.
However, for most legal services, we will need to identify you and collect sufficient information to comply with our professional, legal, verification and conflict-checking obligations.
21. Privacy complaints
If you have a concern about how we have handled your personal information, please contact us first so we can try to resolve it.
Please include your name, contact details and a description of your concern.
We will acknowledge and consider your complaint and respond within a reasonable time, and in any event within 30 days.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.
22. Changes to this Privacy Policy
We may update this Privacy Policy from time to time.
The updated version will apply from the time it is published on our website.
You should review this Privacy Policy periodically to ensure you are aware of the current version.
23. Contact us
If you have any questions about this Privacy Policy, or if you wish to request access to or correction of your personal information, you can contact us at:
