Kreisson understands that your privacy and
how we collect, use, disclose and protect your personal information (in
electronic or physical form) is of the utmost importance to you and we are
committed to ensuring that the privacy of your information is handled in
accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
Privacy Principles (APPs).
This Privacy Policy sets out how and why
Kreisson Legal ABN: 38 113 986 824 (“Kreisson”, “we” or “us”) collect, store,
use and disclose your personal information.
As an organisation bound by the Privacy
Act, we comply with the APPs in respect of all personal information we handle.
This includes personal information we collect to meet our anti-money laundering
and counter-terrorism financing (AML/CTF) obligations – see the “Anti-money
laundering and counter-terrorism financing” section below.
By visiting our website, using any of our
services or otherwise providing us with your personal information (or
authorising it to be provided to us by someone else), you agree to your
personal information being handled as set out in this Privacy Policy and, where
appropriate, as set out in our Legal Services Agreement with you.
This policy only affects information about
individuals. It does not apply to the collection, storage, use or disclosure of
any information about a corporation.
This Privacy Policy operates alongside our professional duties of confidentiality and the law of legal professional privilege. Information you provide to us in the course of a legal matter is also governed by our Legal Services Agreement with you and our obligations under the Legal Profession Uniform Law (NSW) and the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (NSW). Nothing in this Privacy Policy reduces those protections; where they impose stricter obligations than the Privacy Act, those obligations prevail.
We may use technologies such as artificial intelligence to assist our lawyers in researching legal precedents, finding evidence, and preparing correspondence and legal documents. We use enterprise-grade AI platforms that protect your confidential information and that contractually prohibit the use of your data to train AI models.
Kreisson only collects, holds and uses personal information for the purposes for which it was collected and provided to us, related purposes or as permitted or required by law. The types of personal information that Kreisson collects will depend on the nature of your dealings with us.
Such purposes may include but is not limited to:
Kreisson will allow individuals (not companies) the option of not identifying themselves or of using a pseudonym but some exceptions apply.
For example, you cannot deal with us anonymously or by pseudonym where we are required to verify your identity under the AML/CTF Framework, or where it is otherwise impracticable for us to deal with you on that basis.
Sensitive information. We do not generally collect sensitive information (such as information about health, criminal record, or biometric information used for identity verification). Where we need to collect sensitive information, we will obtain your consent unless an exception under the Privacy Act applies – for example, where collection is required or authorised by law, including under the AML/CTF Framework.
In the course of our work we also collect personal information about individuals who are not our clients – for example, other parties to a matter, their representatives, witnesses, and the directors, officers and staff of organisations we deal with. It is often not practicable for us to collect this information directly from those individuals, or to notify them. We handle their personal information in accordance with this Privacy Policy and the APPs. If you are such a person and have questions about how we handle your information, please contact Kreisson Management.
If we receive personal information about you, without requesting it, then we will destroy or de-identify that information as soon as may be practicable. We can’t do so if a law or a legal order prevents us. We won’t do so if destruction or re-identification is unreasonably difficult (for example, where it has been mixed with personal information that you have provided to us and it is impracticable to separate it). In those cases, we will continue to hold the information and will only use or disclose it in accordance with this Privacy Policy and the Privacy Act, and:
Some of our service providers - including cloud hosting and enterprise AI providers - may store or process personal information outside Australia, including the United States. Before disclosing your personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information, and we remain accountable for that information under the Privacy Act. In limited cases we may disclose your information overseas on another basis permitted by the Privacy Act - for example, where you consent after we have told you that we will not be taking those reasonable steps. Our AI providers are engaged on enterprise terms that protect confidential information and contractually prohibit the use of your data to train AI models.
Data breaches. Where a data breach involving your personal information is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act, including by notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals as required.
Retention and destruction. We keep personal information only for as long as it is needed for the purposes set out in this Privacy Policy or as required by law. For example, we retain client files in accordance with our professional obligations, and we retain KYC information and transaction records for seven years after the end of the business relationship or completion of the relevant transaction, as required by the AML/CTF Framework. When personal information is no longer required and we are not required by law to keep it, we take reasonable steps to destroy or de-identify it.
Where we provide certain “designated services” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) – for example, assisting with the transfer or sale of a body corporate, or the creation or restructuring of a body corporate or legal arrangement – we are a “reporting entity” and must comply with the AML/CTF Act, the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth) and AUSTRAC guidance (together, the AML/CTF Framework).
To meet these obligations we are required to collect and verify “know your customer” (KYC) information. This may include your identity and identification documents; the identity of any person you act for or who acts for you, and their authority to act; the beneficial ownership of a client that is not an individual; whether you, a beneficial owner or a person acting for you is a politically exposed person or subject to targeted financial sanctions; your source of funds and source of wealth; and the nature and purpose of the business relationship or transaction. We may be unable to act for you if you do not provide this information.
We may verify your identity electronically through a credit reporting body. We will obtain your express consent before doing so, and offer an alternative means of verification.
We conduct ongoing monitoring of customers and transactions as required by the AML/CTF Framework.
We are required to report certain matters to AUSTRAC, including suspicious matters. We are prohibited by law from telling you about some of these disclosures, and may be prohibited from telling you about disclosures to other agencies. Nothing in this Privacy Policy limits our obligations of confidentiality or client legal privilege; however, there are limited circumstances in which we may be compelled to disclose information to AUSTRAC.
A separate AML/CTF privacy collection notice applies, and will be provided to you, when we collect this information at the start of a designated-service matter.
To verify identity – including for our AML/CTF obligations – we may collect government related identifiers, such as passport, driver licence or visa numbers. We do not adopt a government related identifier as our own identifier of you, and we use or disclose these identifiers only where permitted by the Privacy Act, including where reasonably necessary to verify your identity or to meet an obligation to an agency or under law.
When you use our online services, a data file called a “cookie” is stored on your computer or mobile device by our server.
For statistical purposes, we collect information about how many people visit our site and how people use our website. We use web logs and cookies to do this. This enables us to keep our site relevant and useful. However, generally this information will not identify you. We do not link this information back to your identity or other information that you have provided to us. We do not store any information that identifies you inside cookies.
We may also collect technical information automatically when you use our website, including your IP address, device and browser type, the pages you view and the dates and times of your visits. We may use third-party analytics tools and social media plugins to help us understand and improve how our website is used; these may set their own cookies and are subject to their own privacy policies.
By using our website and not opting-out of cookies, you consent to our use of cookies in accordance with the terms of this Privacy Policy.
Most web browsers are set by default to accept cookies. However, if you do not wish to receive cookies you may set your browser to either prompt, or refuse cookies. If you use your browser settings to block all cookies, you may not be able to access and/or use all or parts of our website.
If you apply for a role with us, we collect and use your personal information to assess your application, which may include contacting your referees and verifying your qualifications. The Privacy Act does not apply to an employee record held by us in relation to a current or former employee where our handling of the record is directly related to the employment relationship; we handle employee records in accordance with our internal policies.
Kreisson will only use or disclose personal information for direct marketing purposes if certain conditions are met. We will only use your personal information for direct marketing where we collected it from you and you would reasonably expect us to use it that way, or where you have consented. Every marketing communication includes a means to opt out, and you can ask us at any time to stop sending you marketing material by contacting us at excellence@kreisson.com.au. You can also ask us to tell you the source from which we obtained your personal information. We do not use sensitive information for direct marketing without your consent.
You can request access to your personal information, subject to a small number of legal restrictions or exemptions. Where such restrictions or exemptions exist we will advise you of those reasons at the time of your request. We may ask you to verify your identity before we give you access, and we will usually respond within 30 days. We may recover our reasonable costs of giving access, but we do not charge for making a correction. Grounds on which we may refuse access include where giving access would have an unreasonable impact on the privacy of others, where the request is frivolous or vexatious, where the information relates to existing or anticipated legal proceedings or negotiations with you, or where access would be unlawful or is refused as required or authorised by law.
If the personal information we hold about you is inaccurate, incomplete or out of date, you can ask us to correct it. If we have disclosed the information to others, you may ask us to notify them of the correction. If we decide not to correct the information, we will give you our reasons and you may ask us to attach a statement noting your view.
We take reasonable steps to ensure that the personal information we hold about you is accurate, complete and up-to-date having regard to the purpose of the use or disclosure. However, we also rely on you to advise us of any changes to your personal information.
If you wish to access your personal information that we hold, please request this in writing to Kreisson Management (see “Contact us”).
If you wish to make a complaint about a breach of this Privacy Policy or the APPs, please contact us setting out your complaint in writing to Kreisson Management. You will need to provide us with sufficient details regarding your complaint, together with any supporting evidence.
We will investigate the issue and determine the steps (if any) that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will acknowledge your complaint within 7 days and aim to provide a written response within 30 days.
If you are not satisfied with our determination, you can contact us to discuss your concerns.
If your complaint remains unresolved, you can complain to the Australian Privacy Commissioner via www.oaic.gov.au.
If you need this Privacy Policy in another format (for example, large print or an accessible PDF), please contact us.
Kreisson may amend and/or update this Privacy Policy from time to time so please review it periodically for changes.
Your continued use of our website or services, requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after this Privacy Policy has been revised, constitutes your acceptance of the revised Privacy Policy.
APPs: the Australian Privacy Principles in Schedule 1 to the Privacy Act.
AML/CTF Framework: the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth), and AUSTRAC guidance.
AUSTRAC: the Australian Transaction Reports and Analysis Centre.
Designated service: a service of a kind listed in the AML/CTF Act that makes us a reporting entity.
KYC information: “know your customer” information we collect to verify identity and meet our customer due diligence obligations under the AML/CTF Framework.
OAIC: the Office of the Australian Information Commissioner.
Personal information: information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.
Sensitive information: a subset of personal information, including information about an individual’s health, racial or ethnic origin, political or religious beliefs, sexual orientation, criminal record, and genetic or biometric information.
Kreisson
Level 37
25 Martin Place
SYDNEY NSW 2000
Ph: (02) 8239 6500
Email: excellence@kreisson.com.au
Last reviewed: June 2026