Privacy Policy

Thynne + Macartney is a law firm with offices in Brisbane, Cairns and Toowoomba providing professional legal services throughout Australia. It functions as a single partnership but has related entities. In this policy, the principal partnership and its related entities are collectively referred to as “Thynne + Macartney”.

Introduction

Thynne + Macartney is committed to protecting your personal information.

Thynne + Macartney is bound by the Privacy Act 1988 (Cth) (“Privacy Act”), including the Australian Privacy Principles (“APPs”). Additionally, Thynne + Macartney is bound by professional obligations of confidentiality to its clients in respect of information received in connection with legal services matters.

However, acts done or practices engaged in by Thynne + Macartney, which are directly related to:

  • a current or former employment relationship with Thynne + Macartney; and
  • employee records held by Thynne + Macartney,

are exempt from the Privacy Act, including the APPs.

This policy applies to any person about whom Thynne + Macartney holds personal information and sets out how Thynne + Macartney manages that information.

Thynne + Macartney encourages you to check its web site regularly for any updates to this privacy policy.

Personal information

Thynne + Macartney may collect and hold information about a range of persons it comes into contact with, including:

  • clients and prospective clients;
  • referrers;
  • business associates;
  • job applicants;
  • suppliers;
  • contractors; and
  • individuals who visit the Thynne + Macartney web site.

Thynne + Macartney only collects and holds personal information that is necessary for it to provide you with the services you are seeking, or otherwise to enable it to operate its business so as to carry out its function as a professional legal service provider.

The personal information Thynne + Macartney collects and holds about you depends on your interaction with Thynne + Macartney. It may include:

  • your contact details, including your name, gender, organisation, occupation, job title, address, phone number, facsimile number, email address, date of birth and place of birth;
  • details of your qualifications, membership of professional associations, interests and expertise;
  • business circumstances, including information about assets and investments;
  • tax file numbers;
  • family circumstances;
  • identity documents such as driver’s licences, passports, birth certificates or marriage certificates;
  • referral information;
  • other information you give Thynne + Macartney in the course of your relationship with Thynne + Macartney as a client, prospective client, prospective employee or supplier;
  • other information Thynne + Macartney obtains about you from other persons in the course of providing legal services for you;
  • where necessary, financial information including banking information, tax file numbers and credit card information; and
  • where necessary, health information.

Generally, Thynne + Macartney will collect and hold your personal information for the purpose of:

  • providing legal services and other services to you or someone else you know;
  • providing you with information about other services that Thynne + Macartney offers that may be of interest to you;
  • providing you with information relevant to the operation of your business (such as updates on developments in the law);
  • facilitating Thynne + Macartney’s internal business operations, including the fulfilment of any legal requirements;
  • analysing Thynne + Macartney’s services and customer needs with a view to developing new and/or improved services;
  • contacting you, in the case of an emergency involving someone else you know; and
  • contacting you to provide a testimonial for Thynne + Macartney.

Personal information will generally be collected by Thynne + Macartney directly from you. Thynne + Macartney may also collect information from other sources such as:

  • family members, friends or associates of the individual;
  • professional advisors or agents of individuals for whom Thynne + Macartney acts, such as their accountants and bankers;
  • other lawyers and barristers;
  • banks and other financial institutions;
  • government bodies; and
  • insurers.

We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.

If the personal information you provide to Thynne + Macartney is incomplete and/or inaccurate, Thynne + Macartney may be unable to provide you, or someone else you know, with the services you, or they, are seeking.

The APPs entitle individuals not to identify themselves or to use a pseudonym when dealing with any entity bound by the Privacy Act, subject to certain exemptions. Generally, one of those exemptions will apply if you are dealing with Thynne + Macartney as it is impracticable for legal services to be provided to someone who has not identified themselves or who has used a pseudonym. Dealing with an anonymous individual or someone using a pseudonym is likely to be inconsistent with our statutory and professional obligations. However, if you do wish to remain anonymous or use a pseudonym please notify us of this when first contacting us and we will consider if this is something we are able to do.

Sensitive information

‘Sensitive information’ is a subset of personal information and is afforded a higher level of protection under the Privacy Act than personal information. This is because the inappropriate handling of sensitive information could have adverse consequences for the individual or the associates of the individual.

Sensitive information can include:

  • health or genetic information;
  • racial or ethnic origin;
  • political opinions or membership of a political association;
  • sexual preferences or practices;
  • religious beliefs or affiliations;
  • philosophical beliefs;
  • membership of a professional or trade association or union; or
  • criminal records.

Thynne + Macartney may solicit, collect and hold sensitive information if it is reasonably necessary for the provision of legal services and other services to the individual that information belongs to. This will only be done with the consent of the individual involved, unless an exception under the Privacy Act applies.

Web site

When you access Thynne + Macartney’s web site, Thynne + Macartney may collect additional personal information about you in the form of:

  • the date and time of your visit;
  • the pages you visited and documents downloaded;
  • your internet service provider;
  • if you accessed the web site via a link from another site (such as a search engine), the address of the web site you came from; and
  • your IP address (that is, the single numerical address for your computer on the internet, which consists of four consecutive numbers ranging between 0 and 255) and/or domain name (that is, the textual address for your location on the internet which corresponds to your IP address, which internet computers can read).

Also, Thynne + Macartney’s web site may at times use cookies. A cookie is a message given by a web server (that is, a computer that delivers or serves up pages on the world wide web such as www.thymac.com.au) to a web browser (that is, software, such as Microsoft Internet Explorer, used to locate and display pages on the world wide web). The web browser stores the message in a text file. The message is then sent back to the web server each time the web browser requests a page from the web server.

Cookies do not identify you personally, but they may link back to a database record about you.

Thynne + Macartney may use cookies to monitor usage of Thynne + Macartney’s web site and to create a record of visits to Thynne + Macartney’s web site and what pages are viewed so that Thynne + Macartney may operate its business more effectively. If you do not wish to receive cookies, you may be able to adjust the settings of your web browser to refuse them.

Use and disclosure of personal information

Generally, Thynne + Macartney only uses and/or discloses personal information about you for the purposes for which it was collected (as set out above). However, Thynne + Macartney may disclose personal information about you to:

  • where you ask us for a referral, other providers of legal services;
  • barristers;
  • experts;
  • service providers, who assist Thynne + Macartney in operating its business, but only to the extent necessary for the service provider to provide the services Thynne + Macartney has contracted out to them;
  • your authorised representatives;
  • government bodies;
  • a purchaser of the assets and operations of Thynne + Macartney’s business, providing those assets and operations are purchased as a going concern; and
  • Thynne + Macartney’s related entities.

Thynne + Macartney also manages the personal information it collects by:

  • regularly reviewing privacy compliance;
  • implementing security measures, to ensure the personal information collected remains safe; and
  • appointing a privacy officer to be a contact for any privacy complains and access or correction requests.

Security of personal information

Thynne + Macartney stores your personal information in different ways, including in paper and in electronic form. Any personal information held in a physical or hard format will be held at our office or by third party physical storage providers in Brisbane engaged by us. Any personal information in digital or electronic formats will be held on internal servers, websites, electronic storage devices, third party data storage and service providers in Australia and overseas countries that have similar privacy regimes to Australia.

The security of your personal information is important to Thynne + Macartney. Thynne + Macartney takes all reasonable measures to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures. Some of the measures include:

  • using security cards to access areas that contain personal information;
  • having designated areas to meet with clients and other persons that do not contain personal information;
  • using security cards to access printers;
  • using unique usernames, passwords and other protections on systems that can access personal information;
  • using our document retention system (an offsite provider with a secure storage area) for important documents such as Wills and original documents; and
  • securely storing electronic data within our encrypted or protected systems.

We generally do not disclose personal information to overseas recipients, unless that is directly required as part of providing services or if that is something we are instructed to do. However, personal information may be disclosed to service providers who are located overseas. In circumstances where personal information is disclosed to parties located overseas, Thynne + Macartney will take steps that are reasonable in the circumstances to ensure the recipient does not breach the APPs in relation to that information. We may not do this if an exception in the Privacy Act applies.

Credit information

Thynne + Macartney may, in the course of providing legal services to you, collect credit information where it is necessary for the provision of legal services. That credit information is primarily personal credit and identification information, however the other kinds of credit information that may be collected and held may include:

  • credit that you have been provided previously;
  • your repayment history;
  • your overdue payments;
  • the terms and conditions on which credit has been provided to you;
  • information on any bankruptcy agreements;
  • publicly available information about your credit history; and
  • information about any credit infringements have been taken place.

Thynne + Macartney won’t collect information from credit reporting bodies unless that is necessary for the provision of the relevant legal service, or if that is something you have consented to or asked Thynne + Macartney to do.

The preceding sections of this policy also relate to your credit information that Thynne + Macartney collects and holds.

How Thynne + Macartney responds to data breaches

Thynne + Macartney has policies and procedures in place to deal with data breaches (including notifiable data breaches) and security incidents. These are situations where information is lost or is accessed by someone who is not authorised to do so.

The exact steps that will be taken by Thynne + Macartney will depend on exactly what has occurred, but generally this will involve:

  • escalating the incident to either or both the IT Manager and the General Manager;
  • investigating the incident and determining the extent of the unauthorised disclosure, which may involve engaging the services of a third party for an external forensic review or notifying our insurer; and
  • setting out a process for notifying anyone who has been affected or anyone who we are required to notify, including the Privacy Commissioner and our insurer.

We will generally notify you if we reasonably believe that your personal information has been subjected to a data breach where we are required notify you by law or believe that there is a risk of serious harm to you, or the notification could allow you to avoid or mitigate serious harm.

Access to your personal information

You may access personal information Thynne + Macartney holds about you, upon making a written request. Thynne + Macartney will endeavour to acknowledge your request within 14 days of its receipt and to provide you with access to the information requested within 30 days. Requests for large amounts of information, or information not currently in use, may require further time before a response can be given. Thynne + Macartney may charge you a reasonable fee for processing your request.

Thynne + Macartney may decline a request for access to personal information where, among other things:

  • providing access would pose a serious threat to the life or health of an individual;
  • providing access would have an unreasonable impact upon the privacy of other individuals;
  • the request for access is frivolous or vexatious;
  • the information relates to existing or anticipated legal proceedings between Thynne + Macartney and you, and the information would not be accessible by the process of discovery in those proceedings;
  • providing access would reveal information about a commercially sensitive decision making process;
  • providing access would be unlawful;
  • denying access is required or authorised by or under law;
  • providing access would prejudice negotiations between Thynne + Macartney and you;
  • providing access would be likely to prejudice an investigation of possible unlawful activity;
  • providing access would be likely to prejudice the activities of enforcement bodies; or
  • you are unable to provide sufficient evidence of your identity to satisfy Thynne + Macartney that the personal information belongs to you.

If, upon receiving access to your personal information or at any other time, you believe the personal information Thynne + Macartney holds about you is inaccurate, incomplete or out of date, please notify Thynne + Macartney immediately. Thynne + Macartney will take reasonable steps to correct the information so that it is accurate, complete and up to date. If Thynne + Macartney disagrees with you about whether your personal information is inaccurate, incomplete or out of date, and you ask Thynne + Macartney to associate with your personal information a statement claiming that your personal information is inaccurate, incomplete or out of date, Thynne + Macartney will take reasonable steps to do so.

Thynne + Macartney will provide reasons for any decision to refuse access to, or correction of, personal information.

Links to other web sites

Thynne + Macartney’s web site may contain links to other web sites. Thynne + Macartney is not responsible for the privacy practices of linked web sites and so linked web sites are not subject to Thynne + Macartney’s privacy policies and procedures.

Updates to this policy

This privacy policy may be updated by Thynne + Macartney from time to time.

Complaints

If you wish to complain about an alleged privacy breach involving Thynne + Macartney, this is done by:

  • first making the complaint to Thynne + Macartney in writing, using the contact details set out below; and
  • if the complaint cannot be resolved or is not resolved within a reasonable time, making the complaint to the Office of the Australian Information Commissioner.

Feedback on this policy

If you have any queries or concerns about Thynne + Macartney’s privacy policy or the way in which Thynne + Macartney handles your personal information, please contact Thynne + Macartney’s privacy officer at:

Street address: Level 32, Riverside Centre, 123 Eagle Street, Brisbane, Queensland 4000 (please attention “Privacy Officer”)

Postal address: GPO Box 245, Brisbane, Queensland 4001 (please attention “Privacy Officer”)

Email address: privacy@thymac.com.au (please attention “Privacy Officer”)

Telephone: (07) 3231 8888

Facsimile: (07) 3229 0855 (please attention “Privacy Officer”)

More information

For more information about privacy in general, you can visit the Office of the Australian Information Commissioner web site at https://www.oaic.gov.au/.

News & Insights

Thynne + Macartney 2025/26 office closure dates

Thynne + Macartney 2025/26 office closure dates

Read More
Westpac had no grounds to refuse WFH request

Westpac had no grounds to refuse WFH request

Read More
Redundancy redeployment considerations extend to roles held by contractors

Redundancy redeployment considerations extend to roles held by contractors

Read More
But wait, he resigned!

But wait, he resigned!

Read More