display:none

Privacy Policy

This privacy policy sets out how Onyx Legal handles your personal information. Onyx Legal complies with Australian privacy legislation.

‘Personal data’ or ‘personal information’ is information that directly identifies you, such as your name and email address, or data that could be used, on its own or in combination with other data, to identify you.

We collect, hold, use and disclose personal information for the purpose of providing you with legal services and sharing information through our social media channels and email updates.  

We do not sell or give away access to the personal information you provide to us.

Law Firm Compliance

If you are our client, any information you provide to us and all advice we provide to you remains confidential as between you and Onyx Legal.

Our advice to you remains protected by legal professional privilege unless you, or we, do something to waive or destroy that privilege. This means that we may each be excused from releasing your information in response to a warrant or subpoena.

If you provide us with written consent to release information, we may do so in accordance with your consent.

How We Use Your Information

We use your personal information to:

  • verify your identity as required by law
  • provide legal advice and services
  • communicate with you about your matter or our services or changes in the law
  • comply with legal and regulatory obligations.

Staying Anonymous

You can browse this website anonymously. However, if you would like to take advantage of our services, you will need to identify yourself to us and at that point we will collect your personal information.

Collection and use of personal information

We may request records to independently identify you such as copies or records of official identification documents like passports, identity cards, driving licenses or similar. For an enterprise, we may request details of your Australian Business Number or business registration in another company, copies of a current company extract or certificate of registration, or copies of trust deeds or other documents establishing your enterprise.

At all times we try to only collect the information we need for the particular service we are providing. This information includes:

  • your full name
  • your email address
  • your best phone number
  • your street address and/or postal address
  • your business registration details
  • your identification documents
  • your online channels

The main way we collect personal information about you is when you give it to us, for example:

  • when you contact us
  • when you submit information to our website
  • when you ask for access to information we hold about you

You agree that we may retain any of your personal information indefinitely if required to do so for compliance purposes, although we are not obliged to do so. For compliance purposes we will retain your information for at least five years.

Please keep your contact details with us up to date.

We also may share your personal information when required to do so by law or with our professional advisers to obtain advice, for instance if there is a breach of the terms and conditions, or to meet our accounting or compliance obligations.

Transfer of Business

If our business is acquired by or merged with another company or business, your personal data may be transferred to the new owners so they may continue to support and sell similar products and services. Provided the new owners have a privacy policy that is compliant with current laws, by agreeing to this privacy policy, you agree to such a transfer.

Testimonials

Testimonials. If you provide us with a testimonial, you give us your consent to use on our website or other marketing material, your name together with your personal image and testimonial wording. You also give us permission to store this information in our secure records together with your email address and the year in which we provided you the services related to your testimonial. We will retain and use this information for its intended purpose for a period of up to seven years.

We process this information based on your consent. We will only display your logo on our website with your consent.

Indirect collection

We use a practice management system (Smokeball) as other software which may collate information from the publicly available profiles associated with the contact information that you provide to us. This can include your social media channels. We will only use that information to help us to communicate with you.

We may also collect information about you from publicly available sources if we believe that information may assist us in providing the services you have requested. This can include information available via government registers such as ASIC.gov.au and ABR.gov.au and domain registrars.

Social Media Channels and links to other websites

We may provide links to other websites or use social media channels to communicate with the public about our work. These sites have their own privacy policies. When you communicate with us using these services we may collect your personal information. We will only use it to help us to communicate with you and the public. Any social media service will also handle your personal information for its own purposes. You should be aware that personal information you disclose on social media sites is publicly available.

Collecting sensitive information

We do not actively collect sensitive information about you, including information about your health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or criminal history, however we do recognise that you may provide some of that information as part of seeking legal services. We will take steps to appropriately protect any sensitive information we do receive.

Unsubscribe or Opting Out

With your permission, we may use your email address to send you legal updates or other communications that may be considered marketing information.

These communications may contain links to blog posts, YouTube videos, reports/ checklists etc. We process this information based on your consent.

You may always withdraw your consent and unsubscribe from these emails by clicking on the unsubscribe link at the bottom of the email, disconnect from us on social media or by contacting us at principal(at)Onyx.legal to request your removal from those communications.

Security and overseas recipients

We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we use third party hosting and storage providers with industry standard security. We also internally take reasonable precautions and aim for industry best practice to avoid mis-use, interference loss or unauthorised access, modification or disclosure of your personal information. Our internal procedures may include:

  • risk assessment of misuse, interference, loss, and unauthorised access, modification or disclosure of your information
  • background tracking and records of changes made to your personal information

Our website data is currently hosted by Montec data centres in Sydney, Australia. Our CRM data is currently hosted by Insightly data centres in Texas, United States of America. Our business systems are operated using Google Workspace by Google hosted across their international server locations.

Depending on your location, your personal information may cross Country boarders and may be stored in a jurisdiction with different privacy laws to where you live. By agreeing to this policy, you agree to such a transfer.

DISCLAIMER: While we do our best to ensure the security of your data, no storage is 100% secure and we cannot guarantee the safety of your data. If you feel this is not sufficient, please do not provide us with your personal information, or, if you have already provided personal information, please contact us and we will securely destroy it.

Disclosure

The information that we collect about you is used only for the purpose of providing you with services. We do not publish your personal information.

We may disclose your personal information:

  • to third parties involved in your matter, such as barristers, other solicitors, or government agencies
  • as required by law, such as in response to a court order or regulatory request
  • with your consent, where necessary for the provision of our services.

We may give access to identification data we obtain and transaction records to appropriate and competent advisors or authorities for the purpose of preparing responses to audits of our legal practice, to obtain legal, accounting or other advice, or for compliance with our obligations for practice.

We do not use data processing houses overseas. However, we may use technical assistance located in another country and the people providing that assistance may be able to access your personal information while providing services to us. We require those providers to comply with our privacy obligations.

Mandatory Data Reporting

If any of your personal information is lost, accessed or disclosed by us, whether intentionally, unintentionally or through no fault of Onyx Legal we will comply with mandatory data breach notification requirements.

We are required to notify any affected person within 30 days if the loss or disclosure of data is likely to result in serious harm to that person.

Your Data Rights

You have the right to ensure:

  • we process your data fairly and lawfully and within the purpose and/or consent it was provided to us
  • your data is accurate
  • the data collected by us is not more than we reasonably require for the purpose collected.

To ensure this happens, you can:

  • have your data updated and amended if incorrect, out of date or incomplete
  • know how long we keep your data
  • ask us to erase your data and be forgotten once that information is no longer required for our compliance purposes
  • ask us to provide you with details of the personal data we hold about you.

To achieve this, at your request, and upon production of satisfactory identification, we will tell you what personal data about you is being processed (eg. what information we have stored), on what basis, and by whom.

You may amend inaccurate, incomplete or outdated personal data at any time by contacting us at principal(at)Onyx.legal. If we do not agree with your requested change, we will keep a copy of your request with our information.

If you decide your data should not be processed for one or more purposes, you may withdraw your consent from using your data in that way. Please note that we will action your request as soon as practically possible however such a request will not take effect immediately and your data may still be used in the meantime.

You may request that all personal data we have collected about you be deleted from our records and erased from information stored by any third-party organisations processing data on our behalf.

If data we have collected about you is processed using automated means, you have the right to receive that data in a structured, machine-readable format and to transmit it to another data controller without hindrance.

Problems?

If you have any concerns about our use of your personal information, please write to contact us and let us know what the problem is. We will respond to your concerns within 30 days.

If you are not happy with how we manage your concerns, you can contact the Australian Privacy Commission, available at http://www.oaic.gov.au.

How to contact us

You can contact us via this website or:

  • email principal(at)Onyx.legal
  • call +61 7 3886 0029
  • post snail mail to PO Box 448 | North Lakes | QLD 4509

Changes to this Privacy Policy

It is important to us that our privacy policy is regularly reviewed and we will do so to keep it relevant and up to date with changing laws. We will notify you of any changes by posting the new policy on this page.

Cookie Policy

How we use Cookies and other identifiers

We use a range of tools provided by third parties including search engine browsers, Google Analytics and our web hosting company, to collect or view website traffic information. These sites have their own privacy policies. We also use cookies and session tools to improve your experience when accessing our website.

Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Some website features may not function properly without cookies.

The information collected by these tools may include the IP address of the device you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to help to track your use of our websites to improve your user experience and the quality of our services. We may also use it for improving our marketing by identifying topics you are most interested in.

We do not use paid advertising on our website.

This Privacy Policy and Cookie Policy was last updated on 3 September 2025.