top of page

PRIVACY POLICY

1. About this Privacy Policy

1.1 This law firm is bound by the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs), which regulate how personal information is collected, used, disclosed, stored and managed in Australia.

1.2 In this Privacy Policy, references to “we”, “us” or “our” mean JR Legal Pty Ltd ACN 681 499 525 / ABN 23 681 499 525 trading as Winstone Brown Legal.

1.3 By engaging with us, you acknowledge and consent to the collection, use, storage and disclosure of your personal information in accordance with this Privacy Policy.

1.4 This Privacy Policy may be amended from time to time. The most current version will be available on our website or upon request.

1.5 This Privacy Policy applies to all directors, employees, contractors, consultants, clerks, students and any other individuals engaged by us (Staff).

1.6 All Staff are subject to professional confidentiality obligations and are required to comply with this Privacy Policy.

1.7 If you have any concerns or would like to access your personal information that we hold, please contact Jessica Winstone or Mickaela Brown:

ADDRESS: Corn East & Churchill Streets, Ipswich QLD 4305

PHONE: (07) 3281 9999

EMAIL: mail@wblegal.au

2. What is personal information?

2.1 “Personal information” has the meaning given in the Privacy Act and includes information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether it is recorded in material form or not.

3. What is sensitive information?

3.1 “Sensitive information” is a subset of personal information and includes information or opinions about an individual’s:

  • racial or ethnic origin

  • political opinions

  • religious or philosophical beliefs

  • membership of a professional or trade association or trade union

  • sexual orientation or practices

  • criminal history

  • health information

  • genetic or biometric information.

4. What personal information do we collect and hold?

4.1 The type of personal information we collect depends on how you interact with us.

4.2 The personal information we may collect includes, but is not limited to:

  • name

  • residential or postal address

  • contact details (email address, telephone number)

  • date of birth or age

  • gender

  • employment and occupation details

  • information contained in resumes or job applications

  • photographs or images

  • billing, payment and banking details

  • financial or credit-related information.

4.3 We may also collect sensitive information, including health information or criminal history information, where relevant.

4.4 Sensitive information will only be collected where you have consented or where permitted or required by law, including where necessary for the establishment, exercise or defence of a legal claim.

5. How do we collect personal information?

5.1 We generally collect personal information directly from you. However, we may also collect personal information from third parties where it is unreasonable or impracticable to collect it directly from you, or where permitted by law.

5.2 We may collect personal information when you:

  • engage us to provide legal services

  • enquire about our services or events

  • attend seminars, webinars or professional development activities

  • communicate with us by telephone, email, post, social media or in person

  • visit our premises or website

  • submit an employment application

  • are otherwise required or authorised by law.

5.3 Where we collect sensitive information, we will seek your consent unless an exception under the Privacy Act applies.

5.4 Third parties from whom we may collect information include:

  • your authorised representatives

  • insurers

  • employers (current or former)

  • government bodies and courts

  • publicly available sources

  • other professional or service providers.

5.5 Where practicable, we will take reasonable steps to notify you if we collect your personal information from a third party.

6. Employee records exemption

6.1 This Privacy Policy does not apply to employee records held by us that relate directly to current or former employment relationships, as those records are subject to the employee records exemption under the Privacy Act.

7. Why we collect, use and disclose personal information

7.1 We collect, hold, use and disclose personal information primarily to provide legal services and operate our law practice, including to:

  • deliver legal services and advice

  • communicate with clients and other parties

  • manage our business operations

  • administer accounts and billing

  • improve our services and client experience

  • manage recruitment and employment processes

  • send information about services, events or publications

  • comply with legal, regulatory and professional obligations

  • assist regulators, courts or law enforcement agencies where required.

7.2 If we use personal information for a purpose not described in this Privacy Policy, we will inform you where required by law.

8. Direct Marketing

8.1 We may use your personal information to provide information about our services or events that may be of interest to you.

8.2 You may opt out of receiving marketing communications at any time by contacting us or using the unsubscribe option in electronic communications.

9. Disclosure of personal information

9.1 We may disclose personal information to:

  • barristers, experts and other legal service providers

  • third-party suppliers who support our operations

  • professional advisers such as accountants or auditors

  • insurers and medical practitioners where relevant

  • courts, tribunals, regulators and government authorities

  • any other party where required or authorised by law.

9.2 We take reasonable steps to ensure that disclosures are limited to relevant information and that recipients handle information in accordance with the Privacy Act.

9.3 We do not sell personal information.

10. Overseas Disclosure

10.1 In some circumstances, personal information may be disclosed to recipients located outside Australia, including service providers or legal practitioners involved in a matter.

10.2 Where overseas disclosure occurs, we take reasonable steps to ensure the recipient handles the information in a manner consistent with the APPs.

11. Information collected via our website

11.1 This Privacy Policy applies to information collected through our website.

11.2 We may use session and persistent cookies to operate and improve our website. You may disable cookies through your browser settings, however this may affect website functionality.

11.3 Our website may use third-party analytics tools (such as Google Analytics) to collect anonymised information about website usage, including traffic sources and user behaviour.

11.4 We may collect non-identifiable information such as IP address, browser type, pages visited and access times for statistical and security purposes.

11.5 Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies.

12. Storage and security

12.1 We store personal information electronically and in hard copy, using secure systems and trusted service providers.

12.2 We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification or disclosure, including through staff training and secure IT systems.

12.3 Where personal information is no longer required and retention is not required by law, we will securely destroy or de-identify it.

13. Access and correction

13.1 You may request access to, or correction of, personal information we hold about you by contacting us.

13.2 We will respond within a reasonable time and may charge reasonable costs for providing access where permitted by law.

13.3 If access or correction is refused, we will provide reasons and information about available complaint options.

14. Complaints

14.1 If you have a complaint about how we handle personal information, please contact us on the information provided in clause 1.7 above.

14.2 We will investigate complaints and notify you of the outcome.

14.3 If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

15. Data breaches

15.1 We comply with the Notifiable Data Breaches scheme under the Privacy Act.

15.2 Where an eligible data breach occurs or is suspected, we will assess the breach and notify affected individuals and the OAIC as required.

16. Contact us

16.1 For privacy enquiries, access requests or complaints, please contact us on the information provided in clause 1.7 above.

17. Additional matters

17.1 This privacy policy came into existence on 8 November 2024, and was last updated on 16 March 2026.

17.2 We reserve the right to amend or update our Privacy Policy at any time, provided the change does not have a disadvantageous effect to your privacy rights.

© 2026 by Wren Marketing & Media and secured by Wix

bottom of page