Privacy Policy


This Privacy Policy is maintained by Osborn Law Pty Ltd ABN 57 146 208 693 (“we”, “us” and “our”) and relates to the collection and use of personal information that you provide to us or that we collect from or about you (including via access to any system maintained by us or your conduct on any website maintained by us or through third parties). We acknowledge the importance of your privacy and are committed to protecting your personal information and adhering to the Australian Privacy Principle’s (“APP’s”) and the requirements of the Privacy Act 1988, (“the Act”).

This Policy sets out our approach in dealing with your personal information including without limitation the collection, use, storage, access to and dissemination of such information. We undertake to treat all client and other personal information in our possession in accordance with the requirements of the Act.

By “personal information” we mean information or an opinion about an identified individual, or about an individual reasonably identifiable from the information and includes sensitive information.

By accessing our website or a system or database maintained by us or otherwise transacting with us you agree to and acknowledge the content of this Privacy Policy. This Policy is in addition to any terms and conditions or other agreement applicable to our dealings with you.

We reserve the right, at our discretion, to vary, modify or remove portions of the Privacy Policy from time to time. You should review this Policy periodically so that you are updated on any variations. We welcome your feedback and encourage you to make contact with us with any comments you may have.

Collection of your information

The kind of personal information we may collect includes your name and birth date; your contact information, including postal and residential addresses, telephone and facsimile numbers, and email addresses; where relevant your financial information as well as government identifiers such as your tax file number, ABN or registered business names.

We collect personal information directly from you, such as when you meet with us, provide your information by document, telephone or by forwarding us an email.

In some cases, personal information may be provided by an entity/person authorised by you to do so, such as your employees or a corporate or business entity with which you are involved either as a principal, member or beneficiary, for the purpose of providing services to or on your behalf. Your personal information may also be provided by a trade reference or credit reporting agency, for the purpose of us determining whether or not to grant you credit. We may also collect your personal information from other publicly available means (such as by obtaining governmental or semi-governmental searches) or through websites (such as Google or social media sites) who disclose to their users that the user’s personal information is provided to businesses such as ours. The privacy of any personal information collected in this manner will be treated in accordance with the APP’s.

Where it is reasonable and practical to do so we will only collect personal information about you from you. You have no obligation to provide any information requested by us. However, if you choose to withhold personal information and sensitive information from us it may prevent us from being able to provide you with the services that you have requested.

Provision of personal information about another person

You should only provide us with the personal information of another person if you have that person’s express authority and consent to do so. You should also take reasonable steps to inform them of the existence of and the matters set out in this Privacy Policy. If you provide us with the personal information of another person you promise that you have obtained the authority of that person and notified that person of this Privacy Policy and we have and will rely on that promise.

Use and disclosure of personal information

Personal information is collected in order to conduct our business, to provide and market our services to you, including purposes necessary or incidental to the provision of services to you, or any purposes that you may reasonably expect, for any other purpose authorised by law or required to comply with our legal obligations, or for any other purposes disclosed to or authorised by you. This may include disclosure to organisations that provide us with support services and professional advice. The collection will be fair, lawful and not intrusive. The nature of this information will vary according to your relationship with the firm and the work we are performing.

We will only disclose personal information for the purpose it was collected unless you have consented, or you would reasonably expect such use or disclosure, or the use is for direct marketing where we expect the information may be of interest to you. Should you receive such direct marketing material and do not want to receive it in the future, we will provide you with a simple “unsubscribe” (opt out) method in the direct marketing material. If you receive hard copy marketing material and wish to unsubscribe, you can email us at:

We will provide personal information to third parties where we are required to by law, where it is reasonable for us to do so as part of providing services to you, where our advisors request it or where you have expressly asked us to do so.

We will hold your personal information for as long as is required to fulfill the purposes for which it was collected or as required by law. We will take reasonable steps to destroy or de-identify any personal information about you once the information is no longer required for the purposes for which it was collected or as authorised or required by law.

We will never sell your personal information.

Personal information is held in paper archives, by electronic or computer data base and remotely in cloud based storage systems.

Unless you specify an expiry date when you provide the personal information to us, we will hold the information for a period of time determined by us in our discretion.

Website collection of personal information

We may record your IP address and details of your access to our sites, we may place cookies on your computer to enable your web browser to search and find us efficiently. We use cookies to monitor the traffic to the various pages on our website, for statistical and website improvement purposes only. This information is anonymous and will not enable you to be identified. You are able to disable cookies and applets via your computer’s web browser. However, this may restrict access to some webpages and services within our website.

Our website may contain links to third parties’ websites, including sites maintained by related entities. Those other websites are not subject to this Privacy Policy and are not governed, managed or controlled by us. You should familiarise yourself and ensure you are comfortable with any particular privacy policies and other terms governing the use of those websites prior to such use.

Data security of personal information

We will take reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure.  Our staff are required to adhere to and comply with our Privacy Policy. We use a range of physical and electronic procedures to ensure that privacy of personal information is safeguarded, and we periodically review and update our security measures in light of current technologies. However, the internet is not secure and we cannot guarantee the security of any information sent to us via the internet, nor can we guarantee that our data storage measures are absolutely secure. We have appointed a Privacy Officer who is responsible for the application of this Privacy Policy and to ensure that our practices, procedures and systems are applied in an open and transparent manner. The Privacy Officer can be contacted at:

Notifiable Data Breaches

We take the security of your personal and sensitive information very seriously. However, sometimes a data breach can occur. Under the Act, an Eligible Data Breach is where there is an unauthorised access or disclosure of, personal information, or loss of personal information that has the potential to cause serious harm to the individual that the data pertains to and we have not been able to prevent the likely risk of serious harm with remedial action. If we have reasonable grounds to believe that an Eligible Data Breach has occurred, we will notify you and the Office of the Australian Information Commissioner.

Access to and correction of personal information

You may request access to your personal information by contacting the Privacy Officer. Except where some legal restrictions might apply you will be provided access to any personal information we have collected or hold about you. If we refuse to allow you access to your personal information held by us, we will explain why. We will deal with all requests to access to personal information as quickly as possible but may charge you a fee where access is provided.

We will endeavour to take reasonable steps to keep information about you accurate and up to date. If at any time you discover that information held about you is incorrect, you may contact us to request a correction and we will update that information.

Anonymity and Complaints

You can choose to deal with us anonymously. We will do our best to action any request or complaint that you supply to us anonymously. However, without providing your identity, we may be limited in the action that we can take in relation to your enquiry or complaint.

Should you have any complaints about our treatment of your personal information please direct this by email to our Privacy Officer on: We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.

If you believe that we have not adequately addressed your complaint, you may complain to the Office of the Australian Information Commissioner.

Commonwealth Government identifiers

We will not use Commonwealth government identifiers (Identifiers) as an identifier of individuals. Identifiers will only be used or disclosed in the circumstances permitted by the Act.

Transborder data flows

We currently use contracted cloud personnel based in the Philippines and India who have access to your information in order to assist us in performing services for you. The ways in which these contractors assist us (and so may have access to your information) include legal, accounting and administrative services.

There may be other occasions when personal information is transferred outside of Australia within our network, or such as where we engage a third party to provide services or an element of the services to you. Generally, this will occur in the provision of services to you and the transfer of this information outside of Australia will have been disclosed to, and authorised by, you as part of the terms of our engagement. When transferring personal information outside Australia within our network, we will comply with the requirements of the Act that relate to transborder data flows. Where the international transfer of personal information is to countries whose privacy laws may be considered not to provide the same level of protection as Australia, our commitment to safeguard your privacy will not change and remains subject to existing obligations and this Policy.

As part of provision of the services to you we may store your personal information using online or cloud software. The personal information that you provide to us may be transferred to the servers of our software providers as a function of transmission across the internet. By providing your personal information you are consenting to that personal information being transferred to and stored on the servers as set out in this Privacy Policy. However, as the third parties who host our servers do not control, and are not permitted to access or use your personal information (except for the limited purpose of storing the information), we do not “disclose” personal information to those server hosts, whether or not they are located overseas.

Notwithstanding the above, for the purpose of transparency we advise that the servers of our software providers are currently located in Australia. However, this location may change without prior notice to you. Your personal information may be routed through, and stored on, those servers. If the location of those servers changes in the future, we will update this Privacy Policy. We recommend that you familiarise yourself with our privacy policy regularly.

We will use reasonable endeavours to ensure that our server hosts do not have access to, and use the necessary level of protection to safeguard, your personal information and otherwise comply with the APPs. If you do not want your personal information to be transferred to a server in the location listed in the previous paragraph or to any other international locations, you should not provide us with your personal information or use our services.

Updating privacy policy

We may review our Privacy Policy from time to time to ensure that it is in line with best practice and remains current with any legislative requirements. Any changes to our Privacy Policy will be incorporated into a new version of this Policy stating the date from which it will operate and can be obtained on our website or by telephoning our office. Our commitment to protection of your personal information will be governed by the most recent and up-to-date policy in place.

Contacting us

We welcome your comments regarding this Privacy Policy and/or our treatment of your personal information. If you have any questions about this Privacy Policy and would like further information, please contact our Privacy Officer on: or by calling our office during business hours.