EdenYork Legal Pty Ltd (ACN 684 674 851) and EdenYork Consulting Pty Ltd (ACN 689 145 908) (collectively “EdenYork”, “we”, “us” or “our”) are committed to protecting your privacy and ensuring the security of your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

This Privacy Policy outlines how we collect, use, store, and disclose your personal information. We may, from time to time, review and update this Policy periodically to reflect changes in laws, regulations, or business practices. The most recent version will always be available on our website. Significant changes will be notified with a new ‘Last Updated’ date, and where appropriate we will provide direct notice.

1. What personal information we collect

The types of personal information we may collect include:

• Names and contact details (e.g. phone number, email, address)
• Employment and professional information
• Information relevant to legal and consulting services we provide (e.g. financial, business, or health-related information)
• Records of communications with EdenYork
  Any information you provide through our website or contact forms, or correspondence.

2. Types of Information

The Privacy Act 1998 (Cth) (Privacy Act) defines types of information, including Personal Information and Sensitive Information:

Personal Information means information or an opinion about an identified individual or an individual who is reasonably identifiable:

1. whether the information or opinion is true or not; and
2. whether the information or opinion is recorded in a material form or not.

If the information does not disclose your identity or enable your identity to be ascertained, it will in most cases not be classified as “Personal Information” and will not be subject to this privacy policy.

Sensitive Information is defined in the Privacy Act as including information or opinion about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information, genetic information and biometric information.

Sensitive Information will be used by us only:

1. for the primary purpose for which it was obtained;
2. for a secondary purpose that is directly related to the primary purpose; and
3. with your consent or where required or authorised by law

We generally do not collect Sensitive Information unless it is relevant to our functions or services. If you choose to provide health, disability or other sensitive information for this purpose, we will collect and use it with your consent for that purpose or where otherwise permitted by applicable law.

3. Children

We collect personal information about children only with the consent of a parent or legal guardian, unless an exception applies under the Privacy Act. Parents and guardians may request access to, or correction of, a child’s information at any time.

4. How we collect personal information

We may collect personal information:

• Directly from you (via correspondence, online forms, meetings, or telephone)
• From third parties with your consent (e.g. accountants, referrers, or other professional advisers)
• From publicly available sources or regulatory bodies, where permitted
  If we receive information about you from a third party, we will take reasonable steps to notify you. Where we engage with you multiple times in a short period, we may not provide a separate privacy notice each time.

5. Why We Collect and Use your personal information

We collect, use and disclose your personal information for the following purposes:

1. To provide you with legal, consulting, and related professional services as requested by you or your organisation
2. To communicate with you about our services, your enquiries, or matters relevant to your engagement with us
3. To manage and support our client relationships and business operations, including processing payments, billing, accounting, auditing, and compliance functions
4. To comply with our legal and regulatory obligations, including record-keeping, compliance screening, fraud and crime prevention, and responding to lawful requests by courts or regulators
5. To improve our services, systems, and processes through testing, quality assurance and analytics
6. To protect the security and integrity of our systems and communication (including fraud or cyber threat detection)
7. To facilitate meetings, events, or professional engagements 
8. For insurance, risk management, and business continuity purposes
9. For any other purpose directly related to, or reasonably necessary for, the operation of our business or the provision of services to you

We reserve the right at all times to monitor, review, retain, and/or disclose any information as necessary to satisfy any applicable law, but we have no obligation to monitor the use of the Website or to retain your content.

Where you have expressly consented, we may also use your personal information to:

• Provide you with updates, announcements, and other information about EdenYork’s services, events, or projects that may be of interest to you
• Seek feedback through surveys or other engagement activities to help us improve our services
• Carry out marketing, communications, or promotional activities (including newsletters and insights) in line with your preferences and applicable laws

We will not use your personal information for automated decision-making that has legal or significant effects on you. We may also use aggregated or de-identified information for business reporting, analytics, and service improvement purposes.

EdenYork does not sell personal information.

Important: If you do not provide the Personal Information we request. we may be unable to delivery certain services you have requested or need, or respond effectively to your enquiries.

6. Disclosure and Overseas Transfer

We do not disclose your personal information to recipients outside Australia, unless authorised by you or required by law.

We may disclose your personal information to:

• Service providers and contractors engaged to support our operations and deliver services (who are bound by confidentiality obligations)
• Barristers, consultants, experts, or other legal professionals involved in your matter
• Courts, tribunals, regulatory authorities, or law enforcement agencies where disclosure is required or permitted by law
• Insurers, auditors, and professional advisers assisting with our business operations and risk management
• Third parties assisting us with compliance screening, fraud prevention, credit risk checks, or similar regulatory requirements
• Other parties with your express consent

If disclosure to overseas recipients is necessary, we will take reasonable steps to operate under the provisions of the Act and APP’s. If this is not permissible, we will make reasonable efforts to notify you and verify that their policies would not contravene the Act or APP’s and ensure that they are subject to their own laws and regulations.

7. Retention, Protection and Storage

We retain personal information only as long as needed for the purposes described or to meet legal obligations (typical up to seven (7) years after last interaction). 

We take reasonable steps to protect your personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes using secure electronic and physical storage systems, access controls, and staff training.

When personal information is no longer required, we take reasonable steps to securely destroy, anonymise or de-identify it securely.

8. Access, Correction and Verification

You may request access to, or correction of, your personal information by contacting our Privacy Officer.

If we deny a request, we will, where permitted by law, provide you with written reasons for the denial. If we experience a data breach that is likely to result in serious harm, we will conduct an assessment and, where required by law, notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.

To protect privacy, we may need to verify your identity before processing requests. We do not charge for such requests, although we may apply a reasonable fee if a request is repetitive, unfounded, or requires multiple copies of the same records.

9. Complaint Procedure

If you have a concern about how your personal information has been collected, used, or managed, you can contact our Privacy Officer using the details set out below. We aim to respond to all requests and concerns promptly and within a reasonable period, in line with our legal obligations.

If you are not satisfied with our response, you have the right to raise your complaint with the OAIC or another relevant regulator. We can provide you with their contact details on request.

10. Direct Marketing

By using our Website or electing to follow EdenYork’s on social media, you consent to the receipt of direct marketing material through those mediums. We will only use Personal Information for this purpose if we have collected such information direct from you, and if it is material of a type which you would reasonably expect to receive from us. We do not use Sensitive Information for marketing or send marketing communications to children. 

Our direct marketing material will include a simple means by which you can request not receive further communications of this nature, such as an unsubscribe button link. We will promptly action any opt-out requests.

11. Social Media Integrations

Third-party social media widgets on our site may collect information about your visits, even if you do not interact with them. Your use of those platforms is subject to their privacy practices. We are not responsible for the technical operation of these applications or the collection and use practices of the relevant third parties.

12. Cookies and Analytics 

We may also use cookies and analytics tools to understand site usage and improve website experience. While cookies generally do not identify you, you may disable them in your browser settings. Disabling cookies may impact functionality. 

We use Google Analytics to collect aggregate data on website usage. Google processes this information in accordance with its privacy policy. Where feasible, we enable IP anonymisation and other controls to reduce the identifiability of visitors. You can opt-out using the Google Analytics browser add-on:  https://tools.google.com/dlpage/gaoptout.

13. Software Hosting

We may disclose your Personal Information to our Website host, IT service providers or software application providers and developers in certain limited circumstances. These providers are bound by strict confidentiality and security requirement.

14. GDPR

In some circumstances, the European Union General Data Protection Regulation (GDPR) provides additional protection to individuals located in Europe. Our Website and services are directed primarily to Australia and do not specifically target or monitor individuals located in the European Union.

15. Contacting our Privacy Officer

Privacy Officer

EdenYork

PO Box 78

Parramatta NSW 2124

P: +61 2 9891 4244

E: privacy@edenyork.com.au