At HDY, we recognise the importance of individuals' privacy. Our policy for the management of personal information is set out on this page. It is our intention to always comply with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (APPs).

This privacy policy uses the definitions of "personal information" and "sensitive information" which are provided in the Privacy Act.

What kinds of personal information do we collect and hold?

We collect information about individuals such as their name, contact details, occupation, photographs, employment history, title, expertise and interests, and information concerning the matters on which a client seeks our services. We also collect sensitive information as set out below.

Failure to collect this information will prevent us from providing our clients with legal services or from achieving the purpose for which the information was given to us.

How we collect personal information

We usually collect personal information directly from an individual when an individual communicates with us, such as when he or she:

  • provides us with personal information (including identification information such as passport details) in connection with the provision or potential provision of legal services by us
  • makes inquiries about our services or contacts us for any other reason so that we can process, deal with and respond to such queries or any other issues, including complaints
  • provides us with business cards or other contact information
  • registers for or attends at HDY events or third party events arranged in conjunction with HDY
  • subscribes to our mailing lists
  • uses our website,
  • contacts, registers with, posts to, likes or follows any of our social media websites, pages, forums or blogs; or
  • applies for prospective employment and contracting opportunities at HDY.

We may also collect personal information about an individual when a client (eg an employer, colleague or associate of the individual) uses our services.

We may also collect personal information about individuals from third parties, such as:

  • from agents or advisors on behalf of an individual
  • from identity verification agents
  • from third party referrals
  • when we obtain references
  • through reports from professionals, such as medical professionals, or otherwise in connection with the provision of our legal services; or
  • from publicly available sources.

Sensitive information

We may collect sensitive information about individuals, but only where:

  • the individual has provided consent to such collection and the information is reasonably necessary for our functions or activities; or
  • as otherwise permitted by the APPs.

Cookies and other web tracking systems

We track traffic patterns throughout our website.

We use "cookies" on our website. A "cookie" is a small amount of information which is transferred to the hard drive of your computer and which can identify your web browser but not you. A cookie can collect and store information, but cannot interfere with your computer.

Our internet service provider will record and advise us of your service address, domain name, the date and time of your visit to our site, the pages viewed and the information downloaded.

If you want, you can disable your web browser from accepting cookies. If you do so, you can still access our website, but not all services may be available.

We also use third parties to provide web analytics services to us. Such providers collect information on how people use our website. Our providers of web analytics services use cookies and other web tracking technologies to collect such information. For more information on these services, please see Google Analytics.

Use and disclosure of information

We collect and use personal information for our business purposes. The main purposes for which we collect and use information are:

  • to provide our clients with legal services
  • where the information was given to us for another specific purpose (such as a job application), for that purpose
  • in respect of our website, to respond to any requests made and for statistical, web development and internal purposes
  • to carry out identity verification
  • for our own internal, relationship and marketing purposes (however, we always provide a choice to "opt out" of receiving direct marketing or related communications from us); and
  • for a related purpose, where the individual concerned would reasonably expect us to use it for that related purpose.

We may disclose personal information for the above purposes to third parties such as:

  • a service company or trust company affiliated with the HDY partnership
  • service providers, agents or contractors of HDY, such as archive service providers or printers; or
  • identity verification agents, such as ZipID Pty Ltd. For information on how ZipID collects, uses and discloses personal information please see its privacy policy at the ZipID website
  • barristers, our interstate agents or other advisors we or our clients engage to assist in providing services.

We only disclose personal information:

  • with the consent of the individual concerned
  • as otherwise permitted by the APPs; or
  • as required or permitted by law or court or tribunal order.

HDY is also bound by professional obligations in respect of confidentiality.

Overseas disclosure of personal information

We may disclose personal information to third parties outside Australia such as overseas agents or other advisors engaged to assist in providing services to clients.

However, we will not disclose individuals' personal information to overseas recipients other than in accordance with the APPs and this policy.

Some personal information is stored in the cloud, on servers in the United Kingdom on our behalf by third party data service providers. However, we maintain effective control over such information under contractual arrangements.

Dealing with us anonymously or using a pseudonym

Generally, we will require personal information from individuals in order to provide our services and to comply with legal obligations.

However, you may be able to deal with us on an anonymous basis when you access our website, social media pages, forums or blogs.

You also may use a pseudonym if posting any information to our social media pages.

Integrity of personal information

We store personal information securely through computer or cloud storage and paper-based files.

We will take all reasonable steps to ensure that all information we collect or use is accurate, complete, up-to-date, protected from misuse, interference, loss, unauthorised access, modification and disclosure, and accessed only by authorised personnel for permitted purposes.

If you need to update your personal information held by us, please contact our Privacy Officer.

We take steps as are reasonable in the circumstances to de-identify or destroy personal information that is no longer required by us for the purpose for which was collected, held or used.

Government related identifiers

We do not use any government related identifiers, such as Medicare numbers, driver licence numbers or TFNs as our own identifiers.

Third party links

This privacy policy does not apply to your use of another website accessed through a link from ours. In this case, the privacy policy of the owner of the other website (if any) will apply. We cannot and do not make any warranty or representation as to the practices of any linked websites in the handling of your personal information.

Changes to this privacy policy

We may make changes to this privacy policy from time to time for any reason. Any changes will be effective from the date of publication on our website. Please check this privacy policy from time to time for updates.

Your choices - access and correction of personal information

If you wish to:

  • seek access or correction of any personal information which we hold about you
  • request removal of your name from our marketing distribution lists; or
  • get more information about the way we manage the personal information we hold,

please contact our Privacy Officer - see the Contact Us section below.

If we do not agree to provide access to you to your personal information or to amend or annotate the information we hold about you, you may seek a review of our decision. Please see the Complaints section below.

If we do not agree to make the requested changes to your personal information, you may make a statement about the requested changes and we will attach the statement to your record.


If you have a complaint about a breach of the APPs by HDY in relation to your personal information, please contact us in writing, either by email or mail - see the relevant details in the Contact Us section below.

Complaints will be reviewed by our Privacy Officer and a response will usually be provided within 30 days of receipt of the complaint by us.

If you believe that your complaint has not been satisfactorily addressed by us, after following the procedure set out above, you can make a complaint to the Office of the Information Commissioner.

For more information about making a complaint, contact our Privacy Officer.

Contact us

If you have any questions about our privacy policy or need to contact our Privacy Officer for any other reason, please contact our Privacy Officer using the contact details below.

61 2 9947 6000
Privacy Officer, Henry Davis York, 44 Martin Place, SYDNEY NSW 2000