Kennedy & Cooke Lawyers understand the importance of personal privacy and are committed to ensuring the protection of your personal information.

This privacy policy aims to provide you with information on how Kennedy & Cooke Lawyers collect, use, hold and disclose your personal information and otherwise comply with the framework of the Australian Privacy Principles and the Privacy Act 1988.

The requirements under the Privacy regulations for dealing with personal information are in addition to the protections provided by legal professional privilege and confidentiality.

What personal information do we collect?

We collect both personal information and sensitive information from you.

Personal Information is information or an opinion that identifies an individual, whether that information or opinion is true or not. Examples of Personal Information we collect include: names, addresses, email addresses and phone numbers.

Sensitive information is a subset of personal information and includes information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. Examples of sensitive information that we collect include: health information and criminal record information.

How do we collect personal information?

We collect your personal information in a number of ways, including directly from you


We also collect personal information about you indirectly through other sources in the

course of our dealings with you. This may include when we conduct searches through

third parties, such as land title searches or bankruptcy searches.

How do we hold and secure your personal information?

We hold your personal information hardcopy files and in electronic form. Your personal information is stored in a manner that reasonably protects it from misuse and loss and from unauthorised access, modification or disclosure.

In regards to our hardcopy files, we do this by restricting physical access to our storage cabinets which are located in access-controlled premises. We also apply additional security to some files which are locked in restricted access rooms and are accessed only as required and only disclosed with proper consent. We may store some hardcopy files offsite at secure storage facilities where access is strictly controlled and monitored.

In regards to personal information held in electronic form, we store electronic files within our password-protected, secure network. Access is strictly limited to our secure network and appropriate levels of security apply to block attempts of unauthorised remote access. We also store electronic files with third-party service providers. These thirdparty service providers protect our electronic files through various methods including multiple layers of security controls, 24-hour surveillance of servers and cloud facilities, data encryption and employee vetting.

All staff of Kennedy & Cooke Lawyers are required to sign confidentiality agreements on commencement and are trained to ensure that all personal information we collect is held securely.

In the event that Kennedy & Cooke Lawyers closes down or merges with another firm, security of personal information shall be in accordance with the Privacy Act 1988 and the Legal Profession Uniform Legal Practice (Solicitors) Rules 2015. Disclosure of your personal information as part of this process will not occur without your written instructions.

What is the purpose of collecting, holding, using and disclosing your personal information?

We collect personal information from you in order to provide you with legal services or to provide you with relevant information and advice. If we did not collect this information and use this information we would not be able to represent you or advise you in relation to your legal affairs.

When you apply for a job with us, we collect your personal information and use it to determine whether you are suitable for employment with us. 

We also collect your personal information and use it to contact you.

We may also disclose your personal information to third parties including state and federal courts and tribunals, government agencies for searching purposes and to other law firms. We only disclose your personal information to third parties when it is necessary to conduct your legal affairs. Other than this, we will only disclose personal information about you to a third party when:


We may disclose your personal information to our staff for the purpose of providing legal services to you. 

It is not our usual practice to disclose personal information to overseas recipients. However, this may be necessary if your legal matters involve persons or organisations located overseas. Our cloud servers are located in Australia. 

How do I access and seek correction of my personal information?

If you wish to access your personal information, please notify us in writing. You can email us at info@kcmerimbula.com.au or by post at PO Box 144, Merimbula. NSW 2548

What happens when there is a breach of data?

A data breach is unauthorised access to, or unauthorised disclosure of any personal information we hold. Under the Notifiable Data Breach Scheme, where such unauthorised access or disclosure is likely to result in serious harm to you, we will notify you and the Privacy Commissioner. We will also take steps to contain any breach and take any remedial action necessary.

What if I have a complaint?

If you are unhappy with the way we have handled your personal information, or you are concerned that we have breached the Australian Privacy Principles, you can make a written complaint to us at PO Box 144, Merimbula NSW 2548 or email to info@kcmerimbula.com.au. We will respond to your compliant within 30 days.

If you are still not satisfied, you may complain to the Information Commissioner. For the contact details of the Information Commissioner, see https://www.oaic.gov.au/individuals/how-do-i-make-a-privacy-complaint.

Policy Updates

We may be required to update our privacy from time to time and as required by Australian law. Our revised policy will be posted to this website. The current date of this policy is provided below.

Our privacy policy was last updated on 17th October 2022