Skip to main content
McCarthy Durie Lawyers, Home

Legal

Privacy Policy

McCarthy Durie Lawyers is committed to protecting your privacy and handling your personal information responsibly.

Last updated: 25 June 2026

General

MDRN Pty Ltd trading as McCarthy Durie Lawyers ("we", "us" or "our") is committed to protecting the personal information collected. This policy outlines how the firm collects, uses, discloses and manages personal information.

The firm operates under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy applies to all individuals for whom the firm currently holds or may collect personal information. It excludes employee records of current and former staff.

Permitted general situations under s16A of the Act include:

  • Collection, use or disclosure reasonably necessary for establishing, exercising or defending legal or equitable claims
  • Collection, use or disclosure reasonably necessary for confidential alternative dispute resolution processes

This policy applies to all dealings with the firm — in person, by telephone, email, correspondence or via our website (www.mdl.com.au).

Pseudonym / Anonymous

In limited, lawful and practical circumstances, individuals may use pseudonyms or remain anonymous when dealing with the firm. Examples include survey responses and feedback where identity is unnecessary. Most legal services require real names due to professional obligations. If you do not provide us with the personal information we request, we may not be able to provide you with legal services or respond to your enquiry.

What is Personal Information

"Personal Information" means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in a material form or not.

Management of Personal Information

The firm ensures officers, employees and subcontractors understand their obligations under the Privacy Act through training and internal policies designed to prevent improper collection, use, disclosure, retention, access or disposal of personal information.

Collection of Personal Information

Kinds of Personal Information

The firm may collect:

  • General: your contact and identity details, financial information and matter related information about you and any relevant entity or person including but not limited to beneficial owners, controllers and representatives. This may include sensitive information.
  • Identification Information: name, gender, date of birth, signature, offices or directorships held
  • Contact Information: residential and postal address, email addresses, telephone numbers
  • Financial information: bank account details, billing information, payment / credit card details, tax file numbers
  • Professional and Business Information: occupation, employer, employment history, job title, professional qualifications, business holdings and structures
  • Identity documents including photographic identity documents (eg: driver's licence, passport, birth certificate, Medicare card etc)
  • Matter related information: information relevant to the services provided to you, your legal matter or the legal matter of our client
  • Transaction Information: details of services provided to you or your organisation
  • Communication records: records of correspondence and communications with you
  • Website and technical data: IP address, browser type, device information, pages visited, cookies
  • Recruitment information: employment history, qualifications, references, right to work status, background check results
  • Legal or Professional obligations: information required by law or professional obligations

Sensitive Personal Information

Depending on the legal matter, the firm may collect sensitive information including health records, criminal records, racial or ethnic origins, political opinions or memberships, religious beliefs, philosophical beliefs, union or professional association memberships, sexual preferences and genetic information.

Sensitive information is collected only when:

  • Reasonably necessary for the services or functions provided
  • You consent to its collection; or
  • Required or authorised by law

Purpose of Collection

Generally, personal information is collected to:

  • Provide legal services and process payment
  • Verify your identity and establish authority for instructions
  • Verify your identity and collect certain information under the AML/CTF Act when we provide designated services. Identity documents might also be required for other services such as court matters, real property transactions and asset dealings. This includes collecting identification documents and information about the source of funds and beneficial ownership of entities.
  • Provide you with information about products, services or offerings (with the option to opt out)
  • Share relevant business or expertise information
  • Facilitate attendance at seminars and conferences
  • Support internal business operations and legal compliance
  • Assess prospective employee candidates
  • Request testimonials
  • Respond to website inquiries
  • Comply with legal obligations

Method of Collection

Information is typically collected directly from you via forms, from other lawyers, government sources, public sources such as registers or the internet, email, correspondence or conversation.

Collection directly from you may occur when you:

  • Engage us to provide legal services
  • Respond to communication with us or engage a solicitor or agent to do so
  • Contact us by telephone, email, post or in person
  • Complete forms or provide documents to us
  • Visit our website or use our online services
  • Apply for employment with us

Indirect Collection

Indirect collection may occur from third parties including:

  • Our client(s), where we collect information in the course of providing legal services
  • Other parties to legal proceedings or transactions and their lawyers
  • Witnesses of fact, expert witnesses, health care providers and hospitals
  • Courts, tribunals, law enforcement and government agencies
  • Publicly available sources, including public registers, websites and social media
  • Referrers who introduce you to us or lead agencies and advertising sites
  • Recruitment agencies and previous or current employers (for job applicants)
  • Identity verification, commercial data brokers and background check service providers
  • Related entities
  • Third parties acting on your behalf (agents, brokers, advisors)
  • Medical practitioners
  • Government bodies
  • Financial institutions

You will be notified of any indirect collection in advance or as soon as reasonably practicable.

Internet Users

Visitors to our website may have their IP addresses and domain names collected. The firm is not responsible for the privacy practices of linked websites.

Collection of Statistical Information via Website

Internet service provider records may include:

  • Server address
  • Top-level domain name (.com, .gov, .au, etc.)
  • Visit date and time
  • Pages accessed and documents downloaded
  • Previously visited sites
  • Browser type

Copying / Scanning of Identification

Copies of identification (paper or electronic) may be retained to demonstrate compliance with identity verification obligations, to confirm authority for instructions, for insurance purposes, to provide evidence against fraudulent activities or to comply with any other statutory obligation.

Failure to Provide Information

If you provide incomplete or inaccurate information, the firm may be unable to provide its services to you.

Use and Disclosure

We collect, hold, use and disclose personal information for the primary purpose of:

  • providing legal services to you or to our clients
  • managing client matters and files
  • conducting legal research and investigations
  • preparing and reviewing legal documents
  • communicating with you and other parties
  • billing and collecting fees, including pursuit of our rights under a Costs Agreement or retainer
  • complying with our legal, regulatory, professional and insurance obligations; and
  • operating our legal practice.

We may also use and disclose personal information for secondary purposes that are related to our primary purpose including:

  • financial management and enforcement of our right to payment of fees
  • maintaining and developing our relationship with you
  • managing the relationship between our firm and former clients once the retainer has concluded
  • quality assurance and improvement of our system and services, including training our AI models or those of our AI providers (subject to our obligations of confidentiality to you)
  • training and professional development
  • Ongoing Customer Due Diligence as required by the AML/CTF Act
  • training AI or automated systems including AI development by our vendors with appropriate confidentiality safeguards in place
  • internal reporting and analysis; and
  • risk management and insurance purposes

Generally, your information is used or disclosed only for the purpose it was collected or as authorised by law. Your personal information and confidential data is held by us subject to our duty of confidentiality under the Australian Solicitor's Conduct Rules ("ASCR") and any applicable undertakings or court rules. We may disclose personal information to third parties subject to those obligations and for the purposes described in this Privacy Policy including:

  • To discharge our professional obligations to you or to our clients or in the reasonable execution of our instructions
  • Service providers who assist us to operate our business (including IT and cloud providers, AI providers, document management providers and marketing service providers such as Salesforce, Netdocs, Jotform, Aria, Postini, Google, Dropbox, Smart sheet and others)
  • Purchasers of the firm's assets or operations (in going-concern transactions)
  • Related entities
  • To comply with our legal obligations or in answer to a compulsory notice such as a subpoena or warrant, or to disclose information under the Criminal Code(s), Legal Profession Act, Social Security Act, Financial Transactions Reports Act 1988, Anti-Money Laundering and Counter-Terrorism Financing Act 2006 or other relevant legislation
  • Courts, tribunals, regulators, opposing parties, parties to litigation, mediators, valuers, experts, barristers, accountants, insurers, investigators and consultants and other legal practitioners engaged to act for you (and / or our client) or in relation to the matter
  • Our professional indemnity insurers
  • Other parties to legal proceedings or transactions as instructed, reasonably necessary or required by law
  • A Costs Assessor where an assessment is ordered or reasonably necessary
  • Government authorities where legally required
  • Debt collection and credit reporting agencies (in relation to unpaid accounts)
  • As permitted under the ASCR confidentiality exceptions; and
  • Any person you expressly or impliedly authorise us to disclose information to.
  • To a Real Estate Agent or Accountant engaged by you in relation to your matter where we have a Reliance Agreement (RA) for the purposes of the AML/CTF laws in place with that Real Estate Agent or Accountant and they have requested CDD documents in accordance with that RA and in that case we disclose such Know Your Client (KYC) information as is necessary to comply with our obligations pursuant to that RA.

Government-related identifiers (such as tax file numbers and driver's licence numbers) are used or disclosed only where required or authorised by law, by court or tribunal order, or to fulfil professional obligations.

Overseas Disclosure

We will disclose information to overseas recipients where this is reasonably necessary to progress our instructions (dealing with a company with an overseas office, for example).

We may disclose personal information to recipients located outside Australia where reasonably necessary or convenient to facilitate the purposes of collection, holding, use and disclosure of information stated in this policy. The following are common examples when that may apply:

  • Where your matter involves overseas parties or overseas proceedings
  • To overseas law firms or legal practitioners engaged in a matter
  • To our staff, staff of a related entity or contractors if working or travelling overseas
  • To parties such as regulators and auditors who may use overseas processors or offices
  • To service providers whose systems or servers are located overseas (including cloud storage, AI and IT service providers (such as those in the USA, UK or EU) if we consider that the confidentiality arrangements that will apply to such information is sufficient); and
  • Where you instruct or authorise us to do so

Cross-border disclosure of personal information: countries where personal information may be disclosed include the United Kingdom, United States, European Union, New Zealand, Japan, Singapore etc.

By engaging the firm, you acknowledge and consent to disclosure to overseas recipients as described, understanding that:

  • Overseas entities may be required to comply with similar privacy laws, but this cannot always be confirmed
  • Redress may not be available in overseas jurisdictions
  • Overseas recipients are not required to comply with Australian privacy laws
  • The firm is not liable for the handling of information by overseas recipients
  • Foreign law may compel disclosure to third parties such as overseas authorities

Credit Information / Credit Reporting Policy

The firm does not assess credit eligibility using personal information. However, credit information necessary for service provision may be collected during the delivery of legal services.

Main Kinds of Credit Information Collected

  • Identification information
  • The fact that an application for service has been made
  • Credit provider status (where billing terms exceed standard periods)

Other Credit Information Held

  • Credit information provided to us
  • Repayment history
  • Overdue payment information
  • Variations to credit arrangements
  • Court proceedings related to credit activities
  • Bankruptcy or debt agreement involvement
  • Publicly available information about creditworthiness
  • Information relating to fraudulent or serious credit infringements

Collection Sources

Credit information is collected from:

  • Disclosure by you (in most cases)
  • Banks and credit providers (only where necessary for service provision or account recovery)
  • Other individuals or entities via referrals
  • Suppliers and creditors

Purpose and Disclosure

Credit information is held to enable the provision of legal services and to recover unpaid accounts. It may be disclosed to credit reporting bodies, including:

  • Veda Advantage, Level 15, 100 Arthur Street, North Sydney NSW 2060 — Ph: 1300 921 621
  • NCI, Level 2, 165 Grenfell Street, Adelaide SA 5000 — Ph: 1800 882 820
  • Dun & Bradstreet, Level 2, 143 Coronation Drive, Milton QLD 4064 — Ph: (07) 3360 0600

Notifiable Matters

  • Credit information may be disclosed to credit reporting bodies
  • Credit reporting bodies may include that information in reports provided to other credit providers
  • Failed payment obligations or serious credit infringements may be disclosed
  • You have rights of access, correction and complaint
  • You may request that credit reporting bodies not use your information for pre-screening or direct marketing
  • You may request non-use or non-disclosure if you reasonably believe you have been, or are likely to be, the victim of fraud

The firm does not hold an Australian Credit Licence and will not disclose Repayment History Information to credit reporting bodies.

Security

Personal information is stored in both paper and electronic form. The firm takes reasonable measures to prevent misuse, loss, unauthorised access, modification or disclosure through electronic and physical security. However, no system can absolutely guarantee against unauthorised access or disclosure.

Retention and Destruction

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal and professional obligations and to ensure that pertinent evidence remains available if reasonably required.

Third Party Websites

Our website may contain links to third party websites, such as payment processors. We are not responsible for the privacy practices of those websites, and we encourage you to read their privacy policies.

Access to and Correction of Personal Information

Written requests for access will be acknowledged within 14 days and answered within 30 days. Reasonable processing fees may apply (no fee is charged simply for making a request). Identity verification is required.

Where reasonable and practicable, information will be provided in the manner you request.

Access may be declined in circumstances prescribed by the Privacy Act, with written notice detailing the reasons for refusal and the complaint mechanisms available.

If personal information is inaccurate, incomplete or out of date, please notify the firm immediately. Reasonable steps will be taken to correct it. If correction is refused, written notice will be provided detailing the reasons and complaint mechanisms.

If the firm disagrees about accuracy or completeness and you request that a statement be associated with your information claiming inaccuracy or incompleteness, the firm will take reasonable steps to do so.

Updates

This privacy policy may be updated. Please check the website regularly for updates. Last updated: 25 June 2026.

By using the website and continuing to deal with the firm, you accept and agree to the collection, use and disclosure of personal information as described in this policy.

Feedback and Correcting or Updating Your Profile

For updates or corrections, contact the firm using the details below.

For queries, concerns or complaints about privacy handling, or about breaches of the Privacy Act, the Australian Privacy Principles, or any applicable privacy code, contact CEO Shane McCarthy:

  • Postal address: PO Box 122, Capalaba QLD 4157
  • Telephone:
  • Fax: (07) 3245 5150
  • Email:

The firm will investigate complaints and respond. If you are not satisfied with the response, you may lodge a complaint with the Office of the Australian Information Commissioner.

Analytics Cookies

We use Google Analytics to understand how visitors use our website. Analytics cookies are enabled by default and help us improve our services. You can opt out for your current browser session using the control at the bottom of this page. Your preference will last until you close this browser tab.

More Information

For general information about privacy, visit the Office of the Australian Information Commissioner website at www.oaic.gov.au.

Disclaimer

Material on this website is provided as a summary and general overview only. Content is subject to continuous change. The firm does not guarantee its currency or correctness due to possible delays, errors and omissions.

To the maximum extent permitted by law, McCarthy Durie Lawyers assumes no responsibility for any losses or damages arising from use of this website or its content, including the transmission of computer viruses. Conduct virus checks before downloading any files, photos or articles.

The firm provides links for convenience but does not guarantee the accuracy or currency of information on linked sites, nor does it endorse any referenced information, goods or services.

McCarthy Durie Lawyers authorises personal-use printing only. All other copying or reproduction is prohibited except as permitted by law.

Email Disclaimer Notice

Emails sent by the firm and any transmitted files are intended solely for the addressee. The content may be private, confidential or protected by client legal privilege.

If you are not the intended recipient, do not interfere with, print, forward, save or use the email. Notify the firm immediately by reply email or on , then erase the email and any attached files.

Scan emails and attachments for viruses. MDRN accepts no liability for any losses, damages or consequences arising from attached files.

By participating in electronic communications with MDRN, both parties consent to electronic information provision under s11 of the Electronic Transactions (Qld) Act 2001.

Liability limited by a scheme approved under Professional Standards Legislation.

Analytics tracking is currently active

Click below to opt out for this browser session.