Fox and Thomas


Fox and Thomas – Privacy Policy

The privacy of your personal information is very important to Fox and Thomas Pty Ltd (ACN: 010 123 814). We are committed to protecting the privacy and confidentiality of your personal information.

Privacy matters in Australia are governed by the Federal Government’s Privacy Act 1988 (Cth) (Act). The Act provides the rules around how we retain your personal information and how we deal with any requests to access and correct it.

We may modify this policy from time to time by publishing it on our website. We encourage you to check our website to ensure that you are aware of our current privacy policy.

What information do we collect?

Personal information is information or an opinion, whether true or not, and whether recorded in a material form or not, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

We will only collect personal information that is required for us to provide you with legal services or is necessary for one or more of our other functions or activities. This may include collecting information from you or, where you request, we collect the information on your behalf from third parties.

Generally, if appropriate, we will tell you why we are collecting your personal information and how we plan to use it, or this will be obvious when we collect the personal information from you.

To provide our legal services we may collect and store personal information about a range of people including:

  • clients, potential clients and their employees;
  • our suppliers, business associates and their employees;
  • current, former and prospective employees and contractors; and
  • other people who may come into contact with us or with our clients.

The kinds of personal information that we collect and hold may include:

  • contact information, including postal and residential addresses, telephone and facsimile numbers, and email addresses;
  • information about your occupation and employer;
  • billing and credit card information;
  • government issued identifiers, such as Tax File Numbers and Australian Business Numbers (which are only used in accordance with the Privacy Act); and
  • other personal information relevant to matters being conducted by us, such as sensitive information and health information.

If you do not provide us with personal information that we request, this may affect our ability to provide legal services to you, to engage you to provide services to us or to perform one or more of our functions or activities (as the case may be).

How information is collected

We collect information in the following ways:

  • in the course of meeting with our clients;
  • in correspondence from our clients or third parties, including legal advisors, government agencies;
  • in court documents or other publicly available sources; or
  • via our website.

Any collection of personal information by us will be fair and lawful and will not be intrusive.

If it is reasonable and practical do so, we will collect personal information about you only from you. In the course of our business, it may be necessary to collect personal information about an individual from a third party.

If we collect personal information about you from a third party we will, where required, take reasonable steps to ensure that you are notified or aware that we are holding personal information about you, how we will use and disclose it, and that you may contact us to gain access to, correct and update it. We note that we may not be required to notify you, where doing so would constitute a breach of our obligations of confidence or legal professional privilege.

How we retain the information including security

We are bound by professional obligations of confidentiality and legal professional privilege, including as prescribed by the Australian Solicitors’ Conduct Rules. Where these obligations apply, we treat information that we receive and hold (including personal information) in accordance with our obligations.

We will generally hold personal information in physical records, records on our servers, and in some cases, records on third party servers, which may be located overseas. Please refer to “Cross-border disclosures of information” below.

We may provide you an online document storage service called the Fox and Thomas Document Portal to allow you to log in, preview and download electronic copies of your documents we hold in our Safe on your behalf. Access to the document portal is protected by a secure login process with all users being verified to our reasonable satisfaction prior to the disclosure of any documents or information to the account holder.

Access to specific documents will only be made available to you via the document portal when you have requested access. At any time, you may request for the removal of documents or information stored on your document portal account.

Your Fox and Thomas Document Portal account is provided for your benefit. It is your responsibility to ensure your email address and login information is secure and only accessible by you alone. If you have reason to believe your document portal account has been compromised by a third party, please contact us immediately to temporarily suspend your account until its security can be confirmed.

We take reasonable steps to hold hard copy and electronic records of your personal information in a secure manner to ensure that it is protected from misuse, interference and loss, and unauthorised access, modification or disclosure.

We will destroy or de-identify your personal information once it is no longer needed for a valid purpose or required to be kept by law.

The purposes for which we collect, hold, use and disclose personal information

In general, we will collect, hold, use and disclose personal information for the purposes of providing or offering legal services to you, to enhance and develop our relationship with you and to comply with certain laws and regulations.

We will, wherever possible, keep all personal information strictly confidential. However, in the course of providing legal services, we may need to disclose personal information to other third parties, including other parties involved in a matter, other law firms, barristers, conveyancers, government departments such as the Lands Titles Office, Australian Securities and Investments Commission, Office of the Australian Information Commissioner and courts and tribunals. The precise personal information required to be provided will vary depending on the circumstances requiring disclosure of that personal information.

We may also use and disclose personal information about you:

  • for purposes necessary or incidental to the provision of legal services
  • to send you direct marketing materials, client updates or event invitations
  • where the use or disclosure is required or authorised by law
  • where you have given us your consent (express or implied)
  • to avoid, lessen or prevent a serious emergency or crime. If we use or disclose personal information about you in those circumstances we will make a written record of such use or disclosure.

Any personal information submitted online may need to be processed by a third party. By submitting personal information via an online form, you consent to the disclosure of that information to a third party, which may be located overseas, for the sole purpose of processing the online form.

When we handle, personal information relying on the employee and related bodies corporate exemptions in the Act, we will rely on those exemptions where relevant.

Notifiable Data Breaches

Amendments to the Act states

  1. where an eligible data breach has occurred involving the unauthorised access to, disclosure of, or loss off, personal information, and
  2. the release of such information is likely to result in serious harm to any of the individuals to whom the information relates (the Individual),
  3. we may be required to provide a statement of notification (Statement) to both the Office of the Australian Information Commissioner and the individual.

The contents of this statement may include

  • the identity and contact details of the individual,
  • a description of the data breach,
  • the kinds of information involved in the breach and any steps we recommend the individual take in response to the data breach.

Where an eligible data breach involves information pertaining to multiple individuals, we may be required to provide a statement to each of them.

Where it is not otherwise practicable to notify an individual of the contents of the statement, we will be required to take reasonable steps to publicise the contents of the statement, which may include publishing a copy of the statement on our website.

Direct Marketing

We will not use or disclose your personal information for the purposes of direct marketing unless the personal information is collected directly from you and:

  • you would reasonably expect us to use or disclose your personal information for the purpose of direct marketing; and
  • we have provided you a means to “opt-out” and you have not opted out.

You may opt out of receiving direct marketing materials or newsletters from us at any time by contacting our reception or by clicking on an unsubscribe link where provided.

Access & correction of your personal information

You may request access to or a correction of your personal information at any time by sending a written request to our [email protected] We will take reasonable steps to give you access in the manner you have requested, or make the corrections you have requested, and will respond within a reasonable time.

You do not need to provide a reason for your request. We may charge a small fee for providing access if it requires a significant amount of time to locate or collect your personal information or to present it in an appropriate form. There is no charge to you for requesting an update or correction of your personal information.

Under the Privacy Act we are entitled to deny access in various circumstances, such as where the requested access will have an unreasonable impact upon the privacy of others or where we are required by law to withhold the personal information. This may include situations where providing the personal information would constitute a breach of our obligations of confidence, or legal professional privilege.

If we deny you access to your personal information, or are not able to make any amendments which you have requested, we will provide you with reasons for our refusal.

Cross-border disclosures of information

We may disclose personal information to overseas recipients, where:

  • the overseas recipient is a party to the matter for which you have instructed us; or
  • we have engaged an overseas recipient to provide services to us, such as SaaS (software as a service) or cloud-based storage solutions.

The countries in which such recipients are located will depend on the nature of the services being provided by us and the particular matter involved. We will, where practicable, advise you of the countries in which overseas recipients are likely to be located.

Please note that the use of overseas service providers to store personal information will not always involve a disclosure of personal information to that overseas provider. However, by providing us with your personal information, you consent to the storage of such information on overseas servers and you acknowledge and agree that Australian Privacy Principle (APP) 8.1 will not apply to the extent that such storage constitutes a cross-border disclosure. For the avoidance of doubt, in the event that an overseas recipient breaches the Australian Privacy Principles, that entity will not be bound by, and you will not be able seek redress under, the Act.

Unsolicited Information

If we receive Personal information that we have not solicited and we could not have obtained the information by lawful means, we will destroy or de-identify the personal information as soon as practicable and in accordance with the law.


If you have any questions or concerns please telephone our Privacy Compliance Officer (General Manager) on 07 4671 6000.

If you believe that we may have breached the APPs, or failed to comply with this policy, you may make a written complaint addressed to our Privacy Compliance Officer (General Manager):

  • by mail to Privacy Compliance Officer (General Manager), Fox and Thomas, PO Box 189, Goondiwindi, Qld, 4390
  • by email to [email protected]

We take all complaints seriously, and will investigate and respond to your complaint within a reasonable period.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner:

  • by mail to Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
  • by telephone on 1300 363 992
  • by email to [email protected]

Additional information

We will comply with all relevant legislative requirements if and when they are applicable to us. However, in the event of any inconsistency, the legislative requirements will override the provisions of this document.

This document reflects our Privacy Policy as at 06 April 2018. We may amend our Privacy Policy at any time and will make the updated version available on our website.

Download pdf version

Have Any Questions?