Call Now Book Now

Legal

Privacy Policy

How we manage personal information collected for the purposes of, or in connection with, our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).

Introduction

Mengel Law is referred to in this Privacy Policy as we, us or our.

This Privacy Policy explains how we manage personal information. It also describes your rights to access and correct personal information we hold about you, and how you can make a complaint about our management of your personal information. This is in addition to our obligations of confidentiality to clients and other parties arising from sources other than the Privacy Act 1988 (Cth) (the Privacy Act).

Application of this Policy

This Privacy Policy applies to only some of the personal information we manage. As a small business operator, much of the personal information we handle is exempt from the Privacy Act. This Privacy Policy applies to personal information we manage for the purposes of, or in connection with, our obligations under the AML/CTF Act. Other personal information we manage remains excluded by applicable exemptions in the Privacy Act.

We apply customer due diligence to every client as a deliberate business policy, including to some matters that are not designated services. Where we collect that information it is collected with your consent, limited to what is reasonably necessary, and handled in accordance with this Policy.

Policy updates

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The current version will be available on our website at https://mengel.com.au/privacy-policy.

Personal information we collect

We collect your contact and identity details, financial information, and matter-related information about you and any relevant entity or person connected with a matter. The types of personal information we may collect include:

  • Identity information: name, date of birth, signature, photographic identification, and offices or directorships held;
  • Contact information: residential and postal addresses, email addresses and telephone numbers;
  • Professional and business information: occupation, employer, business holdings, and ownership, control and beneficial-ownership structures;
  • Financial information: your source of funds and source of wealth, and bank or payment details where relevant to a transaction;
  • Matter-related information: information relevant to your legal matter;
  • Screening information: politically-exposed-person, sanctions and adverse-media screening results; and
  • Identity-verification records.

Identity verification and the AML/CTF Act

We are required to verify your identity and collect certain information under the AML/CTF Act when we provide designated services. As a matter of practice policy, we carry out customer due diligence for every client. Identity documents may also be required for other services, such as court matters, real property transactions and asset dealings. This includes collecting identification documents and information about the source of funds and the beneficial ownership of entities.

How we collect personal information

Where reasonable and practicable, we collect personal information directly from you - for example, when you engage us, complete our intake form or provide documents, or communicate with us by telephone, email, post or in person.

We may also collect personal information about you indirectly, including from:

  • our client(s), where we collect information in the course of providing legal services;
  • other parties to a transaction or proceeding, and their lawyers;
  • courts, tribunals, law-enforcement and government agencies;
  • publicly available sources, including public registers, websites and social media; and
  • identity-verification, sanctions and PEP screening, and commercial data providers.

Anonymity and pseudonymity

You may ask to deal with us anonymously or by using a pseudonym. However, in most cases this is neither lawful nor practical for legal services: our professional and AML/CTF obligations require us to establish and verify who we act for, that you are aware of the instructions, and that the person we deal with has authority to act. If you do not provide the personal information we request, we may be unable to provide you with legal services or to respond to your enquiry.

Why we collect personal information and how we use it

We collect, hold, use and disclose personal information for the primary purpose of providing legal services, complying with our regulatory, professional and insurance obligations, and operating our legal practice. This includes:

  • providing legal advice and representation;
  • managing client matters and files, and preparing and reviewing legal documents;
  • communicating with you and other parties;
  • billing and recovering our fees;
  • complying with our legal, professional and insurance obligations, including under the AML/CTF Act; and
  • administering and managing our practice.

We may also use and disclose personal information for related secondary purposes, including:

  • ongoing customer due diligence as required by the AML/CTF Act;
  • enforcement of our right to payment of fees;
  • risk management and insurance purposes; and
  • internal reporting and quality assurance.

Disclosure of personal information

Your personal information and confidential data is held subject to our duty of confidentiality under the Australian Solicitors' Conduct Rules and any applicable undertakings or court rules. Subject to those obligations and the purposes described in this Policy, we may disclose personal information to:

  • other legal practitioners, barristers, mediators, experts and consultants engaged in your matter;
  • other parties to a transaction or proceeding, as instructed or as required;
  • courts, tribunals, government agencies and regulators;
  • AUSTRAC, and other regulators or law-enforcement agencies, where required by law;
  • identity-verification and sanctions / PEP screening providers;
  • our professional indemnity insurers, and any costs assessor;
  • service providers who assist us to operate our practice (including IT and document-management providers); and
  • any person you expressly or impliedly authorise.

In limited circumstances the AML/CTF Act requires us to report certain matters to AUSTRAC, and may prevent us from telling you that we have done so.

Overseas disclosure

We may disclose personal information to recipients located outside Australia where reasonably necessary to facilitate the purposes described in this Policy - for example, where an identity-verification or screening provider processes data overseas, or where your matter involves overseas parties.

Security of personal information

We hold your personal information using systems designed to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure. Sensitive AML/CTF material - including screening results and any report - is stored separately and access-restricted. As with all data-security systems, risks can be mitigated but not eliminated. We require our storage and service providers to be reputable.

Retention and destruction

We retain personal information for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal and professional obligations. Records collected for the purposes of, or in connection with, the AML/CTF Act are kept for at least 7 years, as the law requires. Sensitive AML/CTF compliance material is kept on its own retention clock, which may outlast the matter file.

Access and correction

You have the right to request access to, or correction of, the personal information we hold about you. To make a request, please contact our Privacy Officer (see below). We will respond within a reasonable period, generally within 30 days, and may charge a reasonable fee to cover the cost of locating and providing information (we do not charge for the recovery of records that are your property).

The Privacy Act permits us to refuse access in some circumstances - for example, where doing so would breach our confidentiality obligations to another client, or where we are prohibited by law (including where disclosure could amount to tipping off under the AML/CTF Act). If we refuse, we will give written reasons (unless it is unreasonable or unlawful to do so) and tell you how to complain.

If you believe information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, you may ask us to correct it. If we have disclosed information that we later correct, we will notify the third party of the correction if you ask us to.

Complaints and questions

If you have a question about this Policy, or a complaint about how we have handled your personal information, please contact our Privacy Officer in writing. We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If we need more time, we will keep you informed of our progress.

If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) or the relevant legal services regulator. OAIC: www.oaic.gov.au; 1300 363 992; enquiries@oaic.gov.au; GPO Box 5218, Sydney NSW 2001.

Artificial intelligence and automated decision-making

We use artificial-intelligence (AI) tools to assist us in operating our practice. We do not enter confidential or client information into third-party or cloud-based AI services. Where an AI tool is used to process client or confidential information, it is an isolated model hosted locally on our own systems, so that the information remains under our control and is not disclosed to any third party.

Privacy Officer

Mengel Law
Privacy Officer: Lindsay Mengel, Principal
Email: lindsay@mengel.com.au
Postal Address: 53 Kennedy Terrace, Paddington, QLD 4064

Version 1 · 1 July 2026