Privacy Policy

In this Privacy Policy, “we”, ‘our” and “us” refers to Mills Oakley Lawyers Pty Ltd (ACN 079 480 943) and related entities.

This Privacy Policy outlines how we collect, hold, use and disclose your Personal Information in accordance with the Privacy Act 1988 (Cth).  Personal Information means any information about an individual person from which the person can be identified. It includes Personal Information provided by you, or a third party such as an organisation you work for or a credit agency, or collected through our website (located at (Website). By using our Website or otherwise dealing with our firm, you accept this Privacy Policy and consent to our collection, use and disclosure of your Personal Information in accordance with its terms.

What information do we collect?

We may collect and store your Personal Information. We will only collect your Personal Information in accordance with the Australian Privacy Principles (APPs) by lawful and fair means and for the purposes set out below. Examples of Personal Information we collect include your name, job title or position, business contact details, financial information such as bank account or payment details, information relating to legal matters in which you are involved, dietary and event management information, and address(es).

How do we collect information?

We may collect Personal Information about you during the course of providing legal services to you, to an organisation you work for, or to another party in relation to a matter which involves you. Mills Oakley is bound by legal obligations of confidentiality and legal professional privilege. We will treat and protect information we receive (including any Personal Information) in accordance with these obligations.

When you visit our Website, we may automatically collect information about you, including details of access, IP addresses, web statistics and other information which is required to ensure that the site is functioning properly.

 When you visit our Website, the server may attach a “cookie” to your computer’s memory.  A “cookie” assists us to store information about how visitors to our Website use it and to make assumptions about what information may be of most interest to you.  Cookies and the data associated with them do not generally include personal identifiers, but they may be used, stored and analysed in our IT systems and by the hosts for our servers and network.  It is possible that Personal Information will be captured in those processes.  Your computer, server host or IT provider may allow you to configure your web usage and profile to manage what information is captured when using our Website.

How do we use and disclose information?

We may use and disclose your Personal Information for the primary purpose (Primary Purpose) of managing our firm’s legal practice, which may include:

  • the provision of legal services to you, to an organisation you work for or to another party in matters in which you are involved
  • confirming your identity and details about you
  • complying with applicable laws, insurance requirements, legal practice obligations and court orders
  • enforcing agreements that we or our clients have with you, or involving you
  • managing our operations, recruitment and procurement processes.

We may also use and disclose your information for reasonably expected secondary purposes related to the Primary Purpose including the following:

  • communicating legal or firm news;
  • helping us to identify products and services that may interest you and provide you with relevant information about them (but you may unsubscribe from our marketing list at any time);
  • helping us to improve our services using marketing data and analytics;
  • keeping our facilities secure and well managed; and
  • collecting debts owing to us.

Please inform us if you do not wish receive marketing communication from us and we will remove you from our lists.

The Primary Purpose and secondary purposes are the Permitted Purposes.

Do we disclose your information to third parties?

We may disclose information to third parties for the Permitted Purposes.  Otherwise, we do not sell, trade or transfer your Personal Information to third parties.   If we do disclose your Personal Information to third parties, we will take reasonable steps to ensure that those third parties comply with the APPs when handling your Personal Information.

Our Website may direct you to websites operated by third parties (Linked Sites). We are not responsible for the content or practices of the Linked Sites or their privacy policies regarding the collection, storage, use and dissemination of your Personal Information. We encourage you to always read the applicable privacy statement of any Linked Site before using it.

Data quality and security

We will take such steps as are reasonable in the circumstances to ensure that any of your Personal Information that we collect, hold, use or disclose is accurate, complete and up-to-date.

We will take such steps as are reasonable in the circumstances to protect the Personal Information we hold about you from misuse, interference and loss and from unauthorised access, modification, or disclosure.  Where lawful to do so, if we no longer need your Personal Information for any purpose for which it may be used and disclosed, we will take such steps as are reasonable in the circumstances to destroy such Personal Information that we hold or to ensure that the information is de-identified.

If a data breach occurs that raises a risk of unauthorised use or access to Personal Information that we hold, we will follow the requirements of the Data Breach Notification scheme under the Privacy Act.  The requirements include notifying affected individuals and the Privacy Commissioner in some circumstances.


Subject to the exceptions contained in the Privacy Act, upon your request, we will take reasonable steps to let you know what sort of Personal Information we hold about you, for what purpose it is held, and how we collect, store, use and disclose that Personal Information.

However, we may not be able to tell you what Personal Information we hold about you in certain circumstances, including where the information relates to legal matters in which you are involved, and where the information would reveal commercially sensitive or legally privileged information.

Access, Correction and Complaints

Upon your request, we will take such steps (if any) as are reasonable in the circumstances to correct your Personal Information if it is inaccurate, out-of-date, incomplete, irrelevant or misleading within a reasonable period.

You have a right to access most of your Personal Information that we hold. We will not generally charge for providing you with access to your Personal Information, but reserve the right to charge you a reasonable fee if the request takes significant time and expense.

Please use the Contact Details below to ask for access to your Personal Information, make a complaint concerning privacy, or if you think any of your Personal Information is inaccurate, incomplete, irrelevant, out-of-date or misleading.


We will not use or disclose an identifier assigned to you by a government agency unless required to do so by law.

Wherever it is lawful and practicable, you have the option of not identifying yourself when entering into transactions with us.

Do we transfer data outside Australia?

We may transfer your Personal Information to someone who is outside Australia, but will only do so in accordance with the Privacy Act and if we reasonably believe that the recipient of the information is subject to a law, or binding scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way in which the APPs protect the information and there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme.  We do not have any offshore offices or linked affiliates to whom we regularly transfer Personal Information, nor do we routinely send Personal Information to any offshore jurisdictions.

European Union General Data Protection Regulation

If you are a citizen of a European Union (EU) country or we collect personal data about you from a source in the EU, we aim to provide the standards of privacy protection required by the EU’s General Data Protection Regulation (GDPR) from 25 May 2018.  Additionally, EU based organisations that share subject data with us may require that we meet GDPR standards.  Our commitments in this Policy are generally consistent with the GDPR requirements applying to a Controller of subject data, but if you have a query about your rights or our obligations for GDPR purposes, please contact us.

Sensitive information

Some Personal Information (e.g. race, ethnicity, health, criminal record etc.) is sensitive and requires a higher level of protection under the Privacy Act. We will not use or disclose your sensitive Personal Information other than as permitted by law or with your consent.

Contact Details and Additional Information

We may amend this Privacy Policy in order to comply with legislative updates or in order to reflect any changes that we make in the way that we collect, hold, use or disclose Personal Information.  Any changes take effect by being published on our Website, and will not be notified individually.

To raise any matter regarding this Privacy Policy, please contact us, stating that you wish to raise a privacy matter:

Mills Oakley Privacy Officer

via Melbourne reception desk – +61 (0)3 9670 9111

Email: [email protected]

If you are not satisfied with how we manage a privacy matter, you may lodge a complaint with the Office of the Australian Information Commissioner as shown on their website,