Introduction

This Privacy Policy applies to all operations conducted by Bridges Lawyers.

Bridges is committed to protecting the privacy and confidentiality of Personal Information in accordance with the Privacy Act, the APPs, the AML/CTF Act, other applicable Australian State and Commonwealth laws and our professional obligations as legal practitioners.

This Privacy Policy outlines how we collect, hold, use, disclose and otherwise manage Personal Information in the course of providing legal services, operating our business, and complying with our legal and regulatory obligations.

Differing data protection laws may apply where we obtain Personal Information from people outside of Australia. We endeavour to apply with that legislation where applicable.

Scope of this Policy

This Privacy Policy applies to Personal Information we collect and handle in connection with:

  • By Bridges in the conduct of its business;
  • Compliance with legal and regulatory obligations (including AML/CTF);
  • Recruitment and employment processes;
  • About all users of www.bridgeslawyers.com.au ( Website );
  • About users of the services available from Bridges and on the Website ( Services );
  • General business administration.

Definitions

In this Privacy Policy the terms listed have the following meanings:

Term Definition
AML/CTF Act Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
AML/CTF Framework The AML/CTF Act, Rules and AUSTRAC-issued guidance.
AML/CTF Rules Anti-Money Laundering and Terrorism Financing Rules 2025 (Cth) made under the AML/CTF Act.
APPs The Australian Privacy Principles in Schedule 1 of the Privacy Act.
Bridges, we, us, our Bridges Lawyers Pty Ltd, ABN 13 160 506 114, practising as Bridges Lawyers.
Designated Services All the services described as Professional Services in Table 6 of section 6 of the AML/CTF Act and its relevant subsections, including:

  • Assisting in the planning or execution of a transaction to sell, buy or transfer real estate (unless ordered by a court or tribunal);
  • Assisting in the planning or execution of a transaction to sell, buy or transfer a body corporate or legal arrangement (unless ordered by a court or tribunal);
  • Receiving, holding, controlling or managing a person’s property to help in the planning or execution of a transaction;
  • Assisting in organising, planning or executing a transaction for equity or debt financing relating to a body corporate or legal arrangement;
  • Selling or transferring a shelf company;
  • Assisting in the planning or execution or restricting of a body corporate or legal arrangement;
  • Acting or arranging for someone to act on behalf of a person in particular positions in a body corporate or legal arrangement;
  • Providing a registered office address or principal place of business address of a body corporate or legal arrangement.
KYC Information Customer identification and verification information required under the AML/CTF Framework.
OAIC Office of the Australian Information Commissioner.
Personal Information Information or an opinion about an identified individual or an individual who is reasonably identifiable.
Privacy Act Privacy Act 1988 (Cth).
Sensitive Information As defined in the Privacy Act, including health, criminal records, ethnicity, political or religious beliefs, sexual orientation, biometric or genetic data.
You, your, yours The user of our Services or user or viewer of our Website.

Types of Personal Information We Collect

Legal Services

As a supplier of legal services, the Personal Information we may collect depends how you use our Services as well as the type of relationship we have with you and may include:

  • Name, date of birth and gender;
  • Address;
  • Contact details such as email address and phone number;
  • Financial information such as bank account details;
  • Job titles and employment history;
  • Passport details;
  • Tax File Numbers.

We are required by law under the AML/CTF Act to collect and verify certain Personal Information and may be prohibited from providing services if we cannot do so.

In particular, we collect KYC Information as required by the AML/CTF Act which may include the information detailed above as well as:

  • Beneficial ownership information;
  • Politically exposed person (PEP) status;
  • Sanctions screening results;
  • Transaction monitoring information including usage history and information about the time, place and circumstances of our transactions with you.

We may infer information about you from your engagement with us and your activities.

We may also collect Sensitive Information where required for compliance with the AML/CTF Framework or where permitted by law.

We may conduct ongoing monitoring of transactions and client information to comply with our AML/CTF obligations.

If you do not provide requested Personal Information, we may be unable to provide Designated Services and/or comply with our legal obligations.

Job Applicants

We will collect and hold personal information in relation to job applications. Such information includes name, address, telephone number and any CVs submitted by job applicants.

Employee Information

We will collect and hold personal information of the type described as an ‘employee record’ within the meaning of the Privacy Act 1988. Such information includes but is not limited to, health information about the employee and information which includes their contact details, referral documents, employment contract, employment record including any disciplinary proceedings, taxation, banking and superannuation affairs.

How We Collect Personal Information

We collect Personal Information only by lawful and fair means.

We will collect Personal Information directly from the individual who is the subject of the information unless:

  • The individual has consented to collection of his or her Personal Information from a third party;
  • It is unreasonable or impractical to make a direct collection;
  • and/or
  • We are required or authorised by law to collect his or her information from a third party.

We may collect Personal Information when you, your organisation or those acting on your or your organisation’s behalf:

  • Visit us or meet with our representatives;
  • Communicate with us including by physical post, email, social media, telephone or text message;
  • Register to attend, present at or otherwise participate in a meeting, conference or event hosted or presented by us;
  • and/or
  • When you supply KYC Information in response to our direct request.

Purposes of Collection and Use

We collect and use Personal Information to carry out our activities and functions including providing you with Services including Designated Services, complying with our regulatory obligations in relation to the delivery of those services, including adherence to the Legal Profession Uniform Law and its related rules and legislation, the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (NSW) and the Legal Profession Uniform General Rules 2015 (NSW). Other relevant legislation which may require us to collection and use your Personal Information includes the Duties Act 1997 (NSW) and the Australian Registrars National Electronic Conveyancing Council’s Model Participation Rules.

Unless you consent to us doing so otherwise, we will only use your Personal Information for the primary purposes for which it was collected and for any secondary purpose if you would reasonably expect and the purpose is related to the primary purpose of collection.

In the case of Sensitive Information, any secondary purpose will be one that you would reasonably expect and directly related to the primary purpose of collection.

Disclosure of Personal Information

Third Parties

Subject to legal requirements, we do not share your Personal Information with any third parties except:

  • With your express permission;
  • and
  • To contracted service providers to organise or facilitate the efficient and effective administration, management or delivery of our services.

This may include service providers that support our due diligence processes associated with complying with our AML/CTF obligations.

We will ensure that such service providers commit to protecting your Personal Information appropriately and agree to not use or disclose your Personal Information for any other purpose (other than as required by law).

Legal Requirements

We may use or disclose your Personal Information in circumstances where required by law and/or expressly permitted by the Privacy Act, including if:

  • It is not reasonable or practicable to obtain consent and we reasonably believe use or disclosure is necessary to lessen or prevent a serious threat to life, health or safety of any individual or public health or safety.
  • We have reason to suspect that unlawful activity or misconduct of a serious nature that relates to our activities or functions is being or has been engaged in and we believe the collection, use or disclosure is necessary to take appropriate action in relation to the matter;
  • We reasonably believe that the collection, use or disclosure is reasonably necessary to assist with the location of a person reported missing;
  • or
  • We are compelled by law including:
    • By warrant or subpoena;
    • Where we are required by request under statute or lawful order of a government agency or authority including law enforcement, courts and tribunals and regulators;
    • and/or
    • To AUSTRAC and other government agencies without your knowledge or consent, including where we form suspicion about a matter or transaction under the AML/CTF Framework.

Nothing in this Privacy Policy limits our obligations of confidentiality or client legal privilege.

However, there may be circumstances where we are compelled to disclose confidential information to AUSTRAC under the AML/CTF Framework.

Business Transactions

If we are involved in a merger, acquisition or asset sale, your Personal Information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner. We will provide notice before your Personal Information is transferred.

Storage and Security

We hold Personal Information in electronic formats.

We take reasonable steps to prevent unauthorised access, disclosure, alteration, destruction or loss of Personal Information including by using a range of physical, operational and technological security measures to protect this information.

These measures include organisational and technical measures such as:

  • Staff education and training to ensure our staff are aware of their privacy obligations when handling your Personal Information;
  • Administrative and technical controls to restrict access to Personal Information to only those people who need access;
  • Technological security measures including firewalls, encryption and anti-virus software.

Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme in the Privacy Act including notifying the OAIC and affected individuals as required.

When we consider that Personal Information is no longer needed for any purpose for which the information may be used or disclosed in accordance with this Policy and that we are not required by law or court order to retain the Personal Information, we will take reasonable steps to destroy or de-identify this information.

AML/CTF KYC Information and transaction records are kept for seven years after the business relationship ends or the transaction is completed, as required by the AML/CTF Framework.

Access and Correction

You may request access to or correction of your Personal Information that we hold. Access will be provided if it is reasonable and practicable to do so. Instances where we may refuse your request as set out in the Privacy Act include:

  • Providing access would pose a serious and imminent threat to the life, health or safety of any individual;
  • Providing access would have an unreasonable impact on the privacy of other individuals.
  • The request is frivolous or otherwise made in bad faith;
  • The information relates to existing or anticipated legal proceedings between you and us and would not be discoverable in those proceedings;
  • Providing access would be unlawful;
  • Refusal of access is required or authorised by law;
  • Providing access would be likely to prejudice an investigation into possible unlawful activity;

If you believe that Personal Information we or our contracted third party hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you may request that we correct this information.

We may require proof of identify before granting access to information and we may charge a reasonable fee for providing access (but not for making a correction).

We will take reasonable steps to correct your information to ensure it is accurate, complete and up-to-date within a reasonable period (usually within 30 days) of receiving your request.

Cookies and Analytics

Our website may use standard technologies such as cookies or analytics tools to support basic website functionality and security.

However:

  • We do not actively access, monitor or use cookie data for profiling or marketing purposes;
  • We do not use website data to identify individuals or track user behaviour for commercial purposes.

Privacy Complaints

If you have a complaint about how we handle Personal Information, please reach out to your direct contact at the firm or by the contact details provided at the end of this policy.

Your complaint will be acknowledged promptly and we will endeavour to respond to you within 30 business days.

If you are not satisfied with the outcome of your complaint to Bridges, you may contact OAIC.

Changes to this Policy

We may make changes to this policy from time to time in accordance with legislative updates or when OAIC material is updated.

Changes to this policy will be posted to our Website and we recommend you review this privacy policy periodically when rendering our Services or visiting our Website.

Contact Us

If you require any further information regarding this Privacy Policy or have any concerns, please reach out via the details below or directly to your solicitor.

Email: admin@bridgeslawyers.com.au
Phone: 02 8272 7100
Address: Level 2, 50 Margaret Street, Sydney NSW 2000