Privacy Policy/

Kreisson understands that your privacy and how we collect, use, disclose and protect your personal information (in electronic or physical form) is of the utmost importance to you and we are committed to ensuring that the privacy of your information is handled in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

This Privacy Policy sets out how and why Kreisson Legal ABN: 38 113 986 824 (“Kreisson”, “we” or “us”) collect, store, use and disclose your personal information.

As an organisation bound by the Privacy Act, we comply with the APPs in respect of all personal information we handle. This includes personal information we collect to meet our anti-money laundering and counter-terrorism financing (AML/CTF) obligations – see the “Anti-money laundering and counter-terrorism financing” section below.

By visiting our website, using any of our services or otherwise providing us with your personal information (or authorising it to be provided to us by someone else), you agree to your personal information being handled as set out in this Privacy Policy and, where appropriate, as set out in our Legal Services Agreement with you.

This policy only affects information about individuals. It does not apply to the collection, storage, use or disclosure of any information about a corporation.

Confidentiality and legal professional privilege

This Privacy Policy operates alongside our professional duties of confidentiality and the law of legal professional privilege. Information you provide to us in the course of a legal matter is also governed by our Legal Services Agreement with you and our obligations under the Legal Profession Uniform Law (NSW) and the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (NSW). Nothing in this Privacy Policy reduces those protections; where they impose stricter obligations than the Privacy Act, those obligations prevail.

Transparency

The Privacy Policy is published so you can be sure that Kreisson manages your personal information in an open and transparent way.

Collection and use of personal Information

We may use technologies such as artificial intelligence to assist our lawyers in researching legal precedents, finding evidence, and preparing correspondence and legal documents. We use enterprise-grade AI platforms that protect your confidential information and that contractually prohibit the use of your data to train AI models.

Kreisson only collects, holds and uses personal information for the purposes for which it was collected and provided to us, related purposes or as permitted or required by law. The types of personal information that Kreisson collects will depend on the nature of your dealings with us.

Such purposes may include but is not limited to:

  • assess whether we are able to take instructions from you;
  • assess whether we are able to take instructions from others that may affect your interests;
  • keeping in contact with you;
  • opening, managing and administering client matters, including conflict checks, file management and billing;
  • marketing our services including maintaining a database of clients and matters that record Kreisson’s experience and supporting internal management reporting;
  • responding to your and/or our clients’ enquiries or providing you with assistance you have requested;
  • completing registration forms to our events and completing any application forms on various sections of the Kreisson website;
  • providing you with publications including newsletters and event invitations based on the areas of interest and mailing lists that you subscribe to;
  • quality assurance, IT security and operations and training purposes;
  • managing relationships with vendors, contractors and third parties;
  • recruitment of personnel; and/or
  • complying with our legal and professional obligations including checking for conflicts of interest and other new client procedures.
  • complying with anti-money laundering and counter terrorism financing laws;
  • complying with Commonwealth and State tax laws;
  • complying with laws requiring us to verify your identity including meeting our customer due diligence and reporting obligations under the AML/CTF Framework (see below); and
  • maintaining, improving and securing our services, website and business operations.
If you receive marketing materials relating to our services by email or post, you may withdraw your consent for us to send these to you at any time, by using the “unsubscribe” option included in the email or other material. Alternatively, you can let us know your preferences by sending an email to excellence@kreisson.com.au.

Anonymity and pseudonymity

Kreisson will allow individuals (not companies) the option of not identifying themselves or of using a pseudonym but some exceptions apply.

For example, you cannot deal with us anonymously or by pseudonym where we are required to verify your identity under the AML/CTF Framework, or where it is otherwise impracticable for us to deal with you on that basis.

What personal information does Kreisson collect?

Kreisson will generally collect personal information directly from you, from our client and/or their authorised representatives. In certain circumstances we may be required or permitted by law to collect certain personal information about you.

This personal information may include:
  • your name, and your role or position;
  • your contact details, including postal and email addresses and telephone numbers;
  • details about your occupation, business name (if any);
  • the organisation you represent;
  • current and historical details of any directorship appointments;
  • details about your professional memberships;
  • details about your interests in areas of legal practice or events;
  • information about your dealings with us or with our clients; and/or
  • information relevant to your matter, including correspondence and documents exchanged;
  • billing and payment information;
  • identity verification and ‘know your customer’ (KYC) information where we provide designated services (see below), which may include date of birth, identification documents, beneficial ownership, and source of funds and source of wealth;
  • technical information collected through our website, such as IP address and cookie data (see “Use of cookies”); and
  • sensitive information, only where necessary for a matter or required or permitted by law (see below).

Sensitive information. We do not generally collect sensitive information (such as information about health, criminal record, or biometric information used for identity verification). Where we need to collect sensitive information, we will obtain your consent unless an exception under the Privacy Act applies – for example, where collection is required or authorised by law, including under the AML/CTF Framework.

Personal information about other people

In the course of our work we also collect personal information about individuals who are not our clients – for example, other parties to a matter, their representatives, witnesses, and the directors, officers and staff of organisations we deal with. It is often not practicable for us to collect this information directly from those individuals, or to notify them. We handle their personal information in accordance with this Privacy Policy and the APPs. If you are such a person and have questions about how we handle your information, please contact Kreisson Management.

How does Kreisson collect solicited personal information?

Kreisson may collect your personal information in various ways, including via telephone, our website, email or hardcopy and/or online forms. In most situations we collect your personal information directly from you.

However, we may also collect information from third parties, such as:
  • your insurer;
  • a company in which you are a shareholder or officeholder;
  • your employer;
  • your family members, legal guardian and/or anyone you have authorised to deal with us on your behalf; 
  • anyone seeking our services in relation to their dealings with you;
  • your organisation, and people authorised to act on your behalf;
  • other parties to your matter and their representatives;
  • courts, tribunals, government agencies and regulators;
  • publicly available sources and registers, for example ASIC and land title searches;
  • credit reporting bodies and identity verification providers, where we verify your identity electronically for AML/CTF purposes (with your consent); and
  • people who refer you to us.
On all occasions personal information is collected, held, used and disclosed by us in accordance with this Privacy Policy.

How does Kreisson deal with unsolicited personal information?

If we receive personal information about you, without requesting it, then we will destroy or de-identify that information as soon as may be practicable. We can’t do so if a law or a legal order prevents us. We won’t do so if destruction or re-identification is unreasonably difficult (for example, where it has been mixed with personal information that you have provided to us and it is impracticable to separate it). In those cases, we will continue to hold the information and will only use or disclose it in accordance with this Privacy Policy and the Privacy Act, and:

  • protect its security,
  • allow you to access it
  • allow you to correct it and
  • not use it for secondary purposes.

Notification of the collection of personal information

If we collect personal information from someone other than the individual concerned, we will notify the individual about the collection and the circumstances in which it was collected.

If we collect personal information under a law or an order of a court or tribunal order, we will notify the individual that the collection is authorised in that way.

In every case, we will notify you:
  • of our identity and how to contact us;
  • of the facts and circumstances of collection, and the law (if any) that requires or authorises it;
  • of the purposes for which we collect the information;
  • of the main consequences if the information is not collected;
  • of the types of third parties to whom we usually disclose the information;
  • that this Privacy Policy explains how you can access and correct your information and how to make a complaint; and
  • whether we are likely to disclose your information overseas and, if so, the countries involved where practicable.

Will your personal information be disclosed to anyone else?

Kreisson does not sell, rent or trade personal information about you to or with third parties. Your personal information however may be confidentially disclosed to other entities in the circumstances described below:
  • our third party external service providers for the purpose of enabling them to provide, manage or administer a service offered through Kreisson (such as, but not limited to our IT service providers, data storage providers, external photocopying and litigation support providers and archiving services);
  • your representatives (including your financial advisors) if you have provided consent for such disclosure; and/or
  • any other entities, government bodies, regulators, law enforcement agencies and any other parties where authorised or required by law.
Kreisson will take reasonable steps to ensure that when these third parties handle personal information about you, that they are only authorised to use the personal information that we provide to them for the limited purposes specified in our agreement with them.

Overseas disclosure

Some of our service providers - including cloud hosting and enterprise AI providers - may store or process personal information outside Australia, including the United States. Before disclosing your personal information to an overseas recipient, we take reasonable steps to ensure that the recipient does not breach the APPs in relation to that information, and we remain accountable for that information under the Privacy Act. In limited cases we may disclose your information overseas on another basis permitted by the Privacy Act - for example, where you consent after we have told you that we will not be taking those reasonable steps. Our AI providers are engaged on enterprise terms that protect confidential information and contractually prohibit the use of your data to train AI models.

Security of personal information

Kreisson takes reasonable steps to protect your personal information by the following measures:
  • Our building premises is secure and has 24 hour security monitoring. Our building is protected by CCTV and you may be recorded when you visit. Our building uses CCTV to help provide a safe and secure environment for visitors;
  • Entry into our office requires a passcode;
  • All our IT systems are password protected and we conduct regular checks;
  • Our anti-virus software is kept up to date in order to protect our systems from any viruses;
  • Our office can only be accessed after hours with a security pass; and
  • All staff within the business adhere to confidentiality guidelines as a condition of their employment.
Data protection measures are never completely secure and, despite the measures we have put in place, we cannot guarantee the security of your personal information. You must take care to protect your personal information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches.

Data breaches. Where a data breach involving your personal information is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act, including by notifying the Office of the Australian Information Commissioner (OAIC) and affected individuals as required.

Retention and destruction. We keep personal information only for as long as it is needed for the purposes set out in this Privacy Policy or as required by law. For example, we retain client files in accordance with our professional obligations, and we retain KYC information and transaction records for seven years after the end of the business relationship or completion of the relevant transaction, as required by the AML/CTF Framework. When personal information is no longer required and we are not required by law to keep it, we take reasonable steps to destroy or de-identify it.

Anti-money laundering and counter-terrorism financing (AML/CTF)

Where we provide certain “designated services” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) – for example, assisting with the transfer or sale of a body corporate, or the creation or restructuring of a body corporate or legal arrangement – we are a “reporting entity” and must comply with the AML/CTF Act, the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth) and AUSTRAC guidance (together, the AML/CTF Framework).

To meet these obligations we are required to collect and verify “know your customer” (KYC) information. This may include your identity and identification documents; the identity of any person you act for or who acts for you, and their authority to act; the beneficial ownership of a client that is not an individual; whether you, a beneficial owner or a person acting for you is a politically exposed person or subject to targeted financial sanctions; your source of funds and source of wealth; and the nature and purpose of the business relationship or transaction. We may be unable to act for you if you do not provide this information.

We may verify your identity electronically through a credit reporting body. We will obtain your express consent before doing so, and offer an alternative means of verification.

We conduct ongoing monitoring of customers and transactions as required by the AML/CTF Framework.

We are required to report certain matters to AUSTRAC, including suspicious matters. We are prohibited by law from telling you about some of these disclosures, and may be prohibited from telling you about disclosures to other agencies. Nothing in this Privacy Policy limits our obligations of confidentiality or client legal privilege; however, there are limited circumstances in which we may be compelled to disclose information to AUSTRAC.

A separate AML/CTF privacy collection notice applies, and will be provided to you, when we collect this information at the start of a designated-service matter.

Government related identifiers

To verify identity – including for our AML/CTF obligations – we may collect government related identifiers, such as passport, driver licence or visa numbers. We do not adopt a government related identifier as our own identifier of you, and we use or disclose these identifiers only where permitted by the Privacy Act, including where reasonably necessary to verify your identity or to meet an obligation to an agency or under law.

Use of cookies

When you use our online services, a data file called a “cookie” is stored on your computer or mobile device by our server.

For statistical purposes, we collect information about how many people visit our site and how people use our website. We use web logs and cookies to do this. This enables us to keep our site relevant and useful. However, generally this information will not identify you. We do not link this information back to your identity or other information that you have provided to us. We do not store any information that identifies you inside cookies.

We may also collect technical information automatically when you use our website, including your IP address, device and browser type, the pages you view and the dates and times of your visits. We may use third-party analytics tools and social media plugins to help us understand and improve how our website is used; these may set their own cookies and are subject to their own privacy policies.

By using our website and not opting-out of cookies, you consent to our use of cookies in accordance with the terms of this Privacy Policy.

Most web browsers are set by default to accept cookies. However, if you do not wish to receive cookies you may set your browser to either prompt, or refuse cookies. If you use your browser settings to block all cookies, you may not be able to access and/or use all or parts of our website.

Access to other websites

Our website may contain links to other websites, for your convenience and information. When you access another website other than www.kreisson.com.au, Kreisson is not responsible for the privacy practices of that site.

Job applicants and our people

If you apply for a role with us, we collect and use your personal information to assess your application, which may include contacting your referees and verifying your qualifications. The Privacy Act does not apply to an employee record held by us in relation to a current or former employee where our handling of the record is directly related to the employment relationship; we handle employee records in accordance with our internal policies.

Direct marketing

Kreisson will only use or disclose personal information for direct marketing purposes if certain conditions are met. We will only use your personal information for direct marketing where we collected it from you and you would reasonably expect us to use it that way, or where you have consented. Every marketing communication includes a means to opt out, and you can ask us at any time to stop sending you marketing material by contacting us at excellence@kreisson.com.au. You can also ask us to tell you the source from which we obtained your personal information. We do not use sensitive information for direct marketing without your consent.

Accessing your personal information

You can request access to your personal information, subject to a small number of legal restrictions or exemptions. Where such restrictions or exemptions exist we will advise you of those reasons at the time of your request. We may ask you to verify your identity before we give you access, and we will usually respond within 30 days. We may recover our reasonable costs of giving access, but we do not charge for making a correction. Grounds on which we may refuse access include where giving access would have an unreasonable impact on the privacy of others, where the request is frivolous or vexatious, where the information relates to existing or anticipated legal proceedings or negotiations with you, or where access would be unlawful or is refused as required or authorised by law.

Correcting your personal information

If the personal information we hold about you is inaccurate, incomplete or out of date, you can ask us to correct it. If we have disclosed the information to others, you may ask us to notify them of the correction. If we decide not to correct the information, we will give you our reasons and you may ask us to attach a statement noting your view.

Quality of personal information

We take reasonable steps to ensure that the personal information we hold about you is accurate, complete and up-to-date having regard to the purpose of the use or disclosure. However, we also rely on you to advise us of any changes to your personal information.


If you wish to access your personal information that we hold, please request this in writing to Kreisson Management (see “Contact us”).

Making a complaint

If you wish to make a complaint about a breach of this Privacy Policy or the APPs, please contact us setting out your complaint in writing to Kreisson Management. You will need to provide us with sufficient details regarding your complaint, together with any supporting evidence.

We will investigate the issue and determine the steps (if any) that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will acknowledge your complaint within 7 days and aim to provide a written response within 30 days.

If you are not satisfied with our determination, you can contact us to discuss your concerns.

If your complaint remains unresolved, you can complain to the Australian Privacy Commissioner via www.oaic.gov.au.

If you need this Privacy Policy in another format (for example, large print or an accessible PDF), please contact us.

Amendments to this Privacy Policy

Kreisson may amend and/or update this Privacy Policy from time to time so please review it periodically for changes.


Your continued use of our website or services, requesting our assistance or the provision of further personal information to us (directly or via an authorised person) after this Privacy Policy has been revised, constitutes your acceptance of the revised Privacy Policy.

Meaning of words used in this Privacy Policy

APPs: the Australian Privacy Principles in Schedule 1 to the Privacy Act.

AML/CTF Framework: the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth), and AUSTRAC guidance.

AUSTRAC: the Australian Transaction Reports and Analysis Centre.

Designated service: a service of a kind listed in the AML/CTF Act that makes us a reporting entity.

KYC information: “know your customer” information we collect to verify identity and meet our customer due diligence obligations under the AML/CTF Framework.

OAIC: the Office of the Australian Information Commissioner.

Personal information: information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in a material form or not.

Sensitive information: a subset of personal information, including information about an individual’s health, racial or ethnic origin, political or religious beliefs, sexual orientation, criminal record, and genetic or biometric information.

Contact us

If you have a query relating to this Privacy Policy or wish to make a complaint, please contact us using the following contact details:

Kreisson

Level 37
25 Martin Place
SYDNEY NSW 2000

Ph: (02) 8239 6500

Email: excellence@kreisson.com.au

 

Last reviewed: June 2026