Our Commitment

Kenny Spring Solicitors Pty Ltd (“we”, “our”, “us”) is committed to protecting your Privacy.

This Privacy Policy explains how we collect, use, disclose, and store personal information, and how you may access it, correct it, or make a complaint.

Our commitment in respect of your personal information is to abide by the Australian Privacy Principles (APPs) as set out in the Privacy Act 1988 (Cth) (Privacy Act) and to abide by any other relevant law whenever applicable including the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) and the AML/CTF Rules.

By using our website or engaging our services, you agree to the terms outlined in this Privacy Policy.

How do we collect Personal Information

We collect Personal Information only by lawful and fair means.

We will collect Personal Information directly from the individual who is the subject of the information unless:

  • the individual has consented to collection of his or her Personal Information from a third party,
  • it is unreasonable or impractical to make a direct collection; and/or
  • we are required or authorised by law to collect his or her information from a third party.

We may collect Personal Information when you, your organisation, or those acting on your or your organisation’s behalf:

  • visit us or meet with our representatives;
  • communicate with us, including by physical post, email, social media, telephone or text message;
  • register to attend, present at or otherwise participate in a meeting, conference or event hosted or presented by us; and/or
  • engage us to provide services including those which require us to comply with our obligations under the AML/CTF Act and the AML/CTF Rules or when you supply KYC Information in response to our direct request.

If we use a credit reporting body for electronic identity verification, we will seek your express consent prior to doing so and offer an alternative means of verification (for example, certified copies of identification documents), as legally required

We will provide you with a collection notice at or before the time we collect your Personal Information.

What Personal Information do we collect

We are required by law under the AML/CTF Act to collect and verify certain Personal Information and may be prohibited from providing services if we cannot do so.

In particular, we collect Know your client (KYC) Information as required by the AML/CTF Act which may include: names, addresses, location, contact details, job titles, services and transactions obtained, offered and supplied including usage history, including information about the time, place, and circumstances of our interactions with you.

We may infer information about you from your engagement with us and your activities. We may also collect Sensitive Information where required for compliance with the AML/CTF Framework or where otherwise permitted by law.

We may conduct ongoing monitoring of transactions and client information to comply with our AML/CTF obligations.

What happens if you don’t provide us with requested Personal Information

If you do not provide requested Personal Information, we may be unable to provide Designated Services and/or comply with our legal obligations.

Purposes of collection of Personal Information

We collect and use Personal Information to carry out our activities and functions including providing you with designated services, complying with our regulatory obligations in relation to the delivery of those services, including adherence to the Legal Profession Uniform Law and its related rules and legislation, the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (NSW) and the Legal Profession Uniform General Rules 2015 (NSW). Other relevant legislation which may require us to collect and use your Personal Information includes the Duties Act 1997 (NSW) and the Australian Registrars National Electronic Conveyancing Council’s Model Participation Rules.

Unless you consent to us doing so otherwise, we will only use your Personal Information for the primary purpose for which it was collected, and for any secondary purpose if you would reasonably expect, and the purpose is related to, the primary purpose of collection. Examples of secondary purposes you might reasonably expect are listed in the previous paragraph.

In the case of sensitive Information, any secondary purpose will be one that you would reasonably expect and directly related to the primary purpose of collection.

Disclosure of Personal Information
Third parties
Subject to legal requirements, we do not share your Personal Information with any third parties except:

  • with your express permission; and
  • to contracted service providers to organise or facilitate the efficient and effective administration, management or delivery of our services. This may include service providers that support our due diligence processes associated with complying with our AML/CTF obligations.

We will ensure that such service providers commit to protecting your Personal Information appropriately and agree not to use or disclose your Personal Information for any other purpose (other than as required by law).

Legal requirements

We may use or disclose your Personal Information in circumstances where required by law and/or expressly permitted by the Privacy Act, including if:

  • it is not reasonable or practical to obtain consent and we reasonably believe use or disclosure is necessary to lessen or prevent a serious threat to life, health, or safety of any individual or public health and safety;
  • we have reason to suspect that unlawful activity or misconduct of a serious nature that relates to our activities or functions is being or has been engaged in, and we believe the collection, use or disclosure is necessary to take appropriate action in relation to the matter;
  • we reasonably believe that the collection, use or disclosure is reasonably necessary to assist with the location of a person reported missing; or
  • we are compelled by law including:
    • by warrant or subpoena;
    • where we are required by request under statute or lawful order of a government agency or authority including law enforcement, courts and tribunals and regulators; and/or
    • to AUSTRAC and other government agencies without your knowledge or consent, including where we form a suspicion about a matter or transaction under the AML/CTF Framework.

Nothing in this Privacy Policy limits our obligations of confidentiality or client legal privilege. However, there may be circumstances where we are compelled to disclose confidential information to AUSTRAC under the AML/CTF Framework.

We are prohibited from notifying you of disclosures to AUSTRAC and may be prohibited from notifying you of disclosures to other government agencies or authorities.

Business transactions

If we are involved in a merger, acquisition or asset sale, your Personal Information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.

How do we protect your information

We hold Personal Information in hard copy and electronic formats. We take reasonable steps to prevent unauthorised access, disclosure, alteration, destruction or loss of Personal Information including by using a range of physical, operational and technological security measures to protect this information. These measures include organisational and technical measures such as:

  • staff education and training to ensure our staff are aware of their privacy obligations when handling your Personal Information;
  • administrative and technical controls to restrict access to Personal Information to only those people who need access;
  • technological security measures, including firewalls, encryption and anti-virus software.

 

Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme in the Privacy Act, including notifying the OAIC and affected individuals, as required.

When we consider that Personal Information is no longer needed for any purpose for which the information may be used or disclosed in accordance with this Policy and that we are not required by law or court order to retain the Personal Information, we will take reasonable steps to destroy or de-identify the information. AML/CTF KYC Information and transaction records are kept for seven years after the business relationship ends or the transaction is completed, as required by the AML/CTF Framework.

We maintain your Personal Information physically and electronically within Australia unless we have agreed with you to share your Personal Information with third parties offshore (such as local law experts in another jurisdiction).

Some electronic services we use may process data, but those services are not entitled to access or use the Personal Information held by us except as required for delivery of the contracted service.

We take reasonable steps to ensure overseas recipients do not breach the APPs.

How you can access and correct your Personal Information

We will respond to inquiries from an individual regarding whether we hold any Personal Information relating to that individual and will allow access to and correction of any such Personal Information subject to our contractual arrangements where Personal Information is held by a third party, and the conditions and limitations set out in the Privacy Act, including:

  • if we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety;
  • giving access would have an unreasonable impact on the privacy of other individuals;
  • the request for access is frivolous or vexatious;
  • the information relates to existing or anticipated legal proceedings between the organisation and the individual, and would not be accessible by the process of discovery in those proceedings;
  • giving access would reveal the intentions of the organisation in relation to negotiations with the individual in such a way as to prejudice those negotiations;
  • giving access would be unlawful;
  • denying access is required or authorised by or under an Australian law or a court/tribunal order;
  • the organisation has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to the organisation’s functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
  • giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
  • giving access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision‑making process.

If you believe that the Personal Information we, or our contracted third party, hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you may request that we correct it by contacting our Privacy Officer. We may ask you to verify your identity before giving you access or making corrections, and we may charge a reasonable fee for providing access (but not for making a correction). In addition, we may review and update your Know Your Client (KYC) information as part of our ongoing client due diligence obligations under the AML/CTF Act.

We will take reasonable steps to correct your information to ensure it is accurate, complete, and up-to-date within a reasonable period (usually within 30 days) of receiving your request.

How you can complain about our information handling practices

All privacy-related inquiries and complaints are handled by our Privacy Officer. If you have any concerns regarding our management of your Personal Information, or if you believe we have breached the APP/s, please contact our Privacy Officer in writing setting out the details of your complaint.

We are committed to achieving a fair and equitable resolution of any privacy concerns. When you lodge a complaint, we will follow this internal review process:

  1. We will acknowledge receipt of your written complaint within a reasonable time (usually within seven days).
  2. Our Privacy Officer will conduct an internal investigation into your complaint. This will involve reviewing the circumstances of the collection, use, or disclosure of your information and assessing our compliance with our internal procedures and the Privacy Act. We may contact you to request further information to assist with our investigation.
  3. We will endeavour to complete our investigation and provide you with a written response outlining the outcome of our review, our decision, and any corrective actions we propose to take within 30 days of receiving your complaint.

 

If you are not satisfied with our response, or if we do not resolve your complaint within 30 days, you are entitled to escalate your complaint by lodging a complaint with the Office of the Australian Privacy Commissioner at this link:

https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.

Direct marketing 

From time to time we may use your personal information to provide you with current information about new products or services being offered by us.

If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting our offices. 

Website analytics

To improve your experience of our site, we may use 'cookies'. Cookies are an industry standard and most major websites use them. A cookie is a small text file that our site may place on your computer as a tool to remember your preferences.  In addition cookies may be used to service relevant ads to website visitors through third party services such as AdRoll. These ads may appear on this website or other websites you visit.  You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also opt-out from receiving targeted advertisements from AdRoll by visiting the NAI website opt-out page here: http://www.networkadvertising.org/choices/

Our website may contain links to other websites. Please be aware that we are not responsible for the privacy practices of such other sites. When you go to other websites from here, we advise you to be aware and read their privacy policy.

Our website uses Google Analytics, a service which transmits website traffic data to Google servers in the United States. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage.

By using this website, you consent to the processing of data about you by Google in the manner described in Google's Privacy Policy - external site and for the purposes set out above. You can opt out of Google Analytics if you disable or refuse the cookie, disable Javascript, or use the opt-out service provided by Google - external site.

Kennyspring.com.au also uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to "like" or "share" information from this website through these services, you should review the privacy policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your visits to this site with other personal information.

Further information

You may request further information about the way we manage your personal information by contacting us on the details below.

Kenny Spring Solicitors

PO Box 149 Bathurst NSW 2795

Email: solicitors@kennyspring.com.au

Website: www.kennyspring.com.au

Change in our Privacy Policy

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practice.

As a consequence we may change this personal information and privacy policy from time to time or as the need arises.

This version of this privacy policy is dated 1 July 2026.