top of page

Sunrise Legal & Associates Pty Ltd
Privacy Policy

1. Introduction

Sunrise Legal & Associates Pty Ltd (ABN: 21 696 527 894) ("we", "us", "our") is committed to protecting your personal information and complying with the following legislation:

  • Privacy Act 1988 (Cth) as amended by the Privacy and Other Legislation Amendment Act 2024 (Cth)

  • Australian Privacy Principles (APPs) contained within the Privacy Act

  • Health Records and Information Privacy Act 2002 (NSW) (HRIP Act) where applicable to health information held in connection with our legal services

  • Legal Profession Uniform Law (NSW) and associated professional conduct rules

 

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you engage our legal services or visit our website. Please read this policy carefully. If you do not agree with its terms, please do not use our services.

 

This policy reflects the significant reforms introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth), which received Royal Assent on 10 December 2024 and represents the most substantial update to Australia's privacy framework in decades.

 

For questions or concerns about this Privacy Policy, please contact our Privacy Officer using the details set out at the end of this document.

 

​

2. Information We Collect

2.1 Personal Information You Provide

We may collect the following personal information that you voluntarily provide to us:

  • Full name, address, email address, and telephone number

  • Government-issued identification numbers (e.g. passport, driver's licence)

  • Financial information, including billing and payment details

  • Information related to your legal matter or case

  • Communications you send to us

  • Any other information you choose to provide

 

2.2 Sensitive Information

In the course of providing legal services, we may also collect sensitive information as defined under the Privacy Act, including health information, criminal record information, or other information that is reasonably necessary for the provision of our legal services. We will only collect sensitive information with your consent or where required by law.

​

2.3 Health Information (NSW HRIP Act)

Where our legal services involve matters such as personal injury, workers compensation, family law, or criminal law, we may collect and hold health information about you. In such cases, we comply with the Health Records and Information Privacy Act 2002 (NSW) and its 15 Health Privacy Principles (HPPs), in addition to the federal APPs. Health information is treated with the highest level of care and will only be collected, used, or disclosed as necessary to provide our legal services or as required by law.

 

2.4 Information Collected Automatically

When you access our website or digital services, we may automatically collect:

  • Log data including IP address, browser type, pages visited, and time spent

  • Device information such as hardware model and operating system

  • Cookie data and similar tracking technologies

  • General location information based on IP address

 

​

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our legal services

  • To process transactions and send related information

  • To communicate with you about your legal matter

  • To send administrative information, updates, and security alerts

  • To respond to your comments, questions, and requests

  • To comply with our legal obligations, including obligations under the Legal Profession Uniform Law and applicable professional conduct rules

  • To protect the rights, property, and safety of our clients and others

  • To meet our obligations under applicable anti-money laundering and counter-terrorism financing laws

 

​

4. Disclosure of Your Information

4.1 Service Providers

We may share your personal information with carefully selected third-party service providers who assist us in operating our practice, such as:

  • IT and data storage providers

  • Legal research and practice management platforms

  • Accounting and billing systems

 

These parties are only permitted to use your information as necessary to provide services to us and are bound by confidentiality obligations. We take reasonable steps to ensure these providers comply with applicable privacy laws.

​

4.2 Legal and Regulatory Obligations

We may disclose your personal information where required or permitted by law, including:

  • To comply with a court order, subpoena, or other legal process

  • To respond to a lawful request by a government authority

  • To meet our obligations under applicable Australian legislation

 

Please note that any such disclosure will not override our professional obligations of confidentiality, which take precedence except where the law requires otherwise.

 

4.3 Overseas Disclosure

In some circumstances, we may disclose your personal information to recipients located outside Australia (for example, where cloud storage services are hosted overseas). Before doing so, we will take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to your information, in accordance with APP 8.

 

4.4 With Your Consent

We may share your personal information for any other purpose with your express consent.

 

​

5. Automated Decision-Making

In accordance with the Privacy and Other Legislation Amendment Act 2024 (Cth), we are required to disclose whether we use automated computer programs to make decisions that could significantly affect your rights or interests.

 

We do not use automated decision-making processes that significantly affect clients' rights or interests. All decisions in relation to your legal matter are made by our legal practitioners;

 

Please note that full mandatory disclosure requirements for automated decision-making under the amended Privacy Act take effect from 10 December 2026. We will update this policy accordingly.

 

​

6. Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or professional reporting requirements.

 

Client files and associated personal information are retained in accordance with our obligations under the Legal Profession Uniform Law (NSW), the Law Society of New South Wales guidelines, and our professional indemnity insurance requirements. Generally, this means client files are retained for a minimum of seven (7) years after the conclusion of a matter.

 

When we no longer need personal information, we take reasonable steps to securely destroy or permanently de-identify it.

​

​

7. Security of Your Information

We take reasonable technical and organisational measures to protect your personal information from loss, theft, misuse, unauthorised access, disclosure, alteration, and destruction. These measures are consistent with our obligations under the Privacy Act and applicable professional conduct rules.

 

Whilst we implement appropriate safeguards, no data transmission or storage system is completely secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.

​

 

8. Notifiable Data Breaches & Penalties

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. In the event of an eligible data breach that is likely to result in serious harm to affected individuals, we will:

  • Take immediate steps to contain the breach and assess the likely harm

  • Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable

  • Notify affected individuals directly where required

 

Please note that under the Privacy and Other Legislation Amendment Act 2024 (Cth), the OAIC has significantly enhanced enforcement powers. Non-compliant organisations may face penalties of up to AUD $66,000 per contravention for individuals, with substantially higher penalties for serious or repeated contraventions by corporations. We take our obligations under the NDB scheme seriously and have internal procedures in place to respond promptly to any eligible data breach.

 

​

9. Your Rights and Choices

Under the Privacy Act and the APPs, you have certain rights with respect to your personal information, including the right to:

  • Request access to the personal information we hold about you

  • Request correction of inaccurate, incomplete, or out-of-date information

  • Make a complaint about the way we have handled your personal information

  • Bring a civil action under the statutory tort for serious invasions of privacy, introduced by the Privacy and Other Legislation Amendment Act 2024 (Cth) and effective from June 2025

 

To exercise any of these rights, please contact us using the details provided in section 13 below. We will respond to your request within a reasonable timeframe and in accordance with our obligations under the Privacy Act.

Please note that in some circumstances, access to your personal information may be restricted where permitted by law, for example, where granting access would prejudice legal proceedings or an investigation.

​

​

10. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your experience. Cookies are small files stored on your device that help us understand how you use our website.

 

You may configure your browser to refuse cookies or to notify you when a cookie is being sent. Please note that some features of our website may not function properly without cookies.

​

​

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Where we make material changes, we will update the date at the top of this policy and publish the revised policy on our website. We encourage you to review this policy periodically.

​

​

12. Complaints

If you believe we have not complied with our obligations under the Privacy Act or the APPs, you may lodge a complaint with us in the first instance. We will acknowledge your complaint promptly and endeavour to resolve it within 30 days.

 

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

 

Office of the Australian Information Commissioner

Website: www.oaic.gov.au

Phone: 1300 363 992

GPO Box 5218, Sydney NSW 2001

​

​

13. Contact Us

For all privacy-related enquiries or to exercise your rights under this policy, please contact our Privacy Officer:

 

Sunrise Legal & Associates Pty Ltd

Attention: Privacy Officer

Email: info@sunriselegal.net.au

Phone: (02) 8076 7499

Fax: (02) 8008 1624

Address: Level 1, 52 Park Road, Cabramatta NSW 2166

 

​​

This Privacy Policy is governed by the laws of New South Wales, Australia. Sunrise Legal & Associates Pty Ltd is an Australian legal practice regulated by the Law Society of New South Wales.

bottom of page