Privacy Policy

Home » Privacy Policy

Privacy Policy

AMANDA LITTLE AND ASSOCIATES PTY LTD — PRIVACY POLICY

 

Last updated 27 May 2026

 

AMANDA LITTLE AND ASSOCIATES PTY LIMITED (ACN 637 847 299) (“ALA Law”, “we”, “us”, “our”) is committed to respecting and protecting your privacy. This Privacy Policy describes the types of Personal Information (as defined below) we collect, the purposes for which we collect and use that Personal Information, and how we handle and secure it. This Privacy Policy applies to all individuals whose Personal Information we collect and process, including our clients, prospective clients, visitors to our website, business contacts, and all other individuals with whom we communicate in the course of providing our services or running our legal practice.

 This Privacy Policy may be updated from time to time. All material changes will be communicated by publishing a copy of the updated Privacy Policy on our website and, where practicable, by notifying you, including by email. We encourage you to review this Privacy Policy periodically.

 

  • Introduction and scope
    • ALA Law is a legal practice providing legal services including (without limitation) family law, family dispute resolution, conveyancing, wills and estates, and related matters. We maintain a website at amandalittleassociates.com.au (the “Site”).
    • ALA Law is an “Australian Privacy Principles entity” for the purposes of the Privacy Act 1988 (Cth) (“Privacy Act”). We collect, hold, use and disclose your Personal Information in accordance with the Australian Privacy Principles (“APPs”) and are responsible for its handling as set out in this Privacy Policy.
    • Some of the matters we handle, particularly in family law, care and protection, and deceased estates, may involve Personal Information about children and young people. Where we collect or hold such information, we handle it with particular care and in accordance with the Privacy Act and our professional obligations. Where a child or young person has the capacity to do so, we will deal directly with them in relation to their own Personal Information. Otherwise, we will deal with their parent, guardian, or other appropriately authorised person.
    • If you have any questions about how we handle your Personal Information, or wish to exercise any of your rights under the Privacy Act or the APPs, please contact our Privacy Officer using the details set out in the “Contacting us” section below.
  • Meaning of Personal Information
    • Under the Privacy Act, “Personal Information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
    • Some Personal Information is also “Sensitive Information” under the Privacy Act, including information or opinions about an individual’s health, racial or ethnic origin, political opinions, religious beliefs, sexual orientation or practices, criminal record, and biometric information. We may collect Sensitive Information where it is reasonably necessary for, or directly related to, the provision of our legal services, including in connection with family law, care and protection, and deceased estate matters. Outside that context, we do not intend to collect or process Sensitive Information and we request that you do not provide Sensitive Information to us unless this is strictly necessary for us to perform our services. We will only process Sensitive Information where we have your consent to the processing (which can include your provision of the Sensitive Information to us for a specified purpose), or where we are otherwise required or permitted to do so by law.
  • How we collect Personal Information
    • We collect Personal Information in a variety of ways, including:
      • Directly from you. We collect Personal Information that you provide directly to us, including through the contact forms on our Site, when you instruct us in relation to a legal matter, when you sign up to our publications or events, or when you correspond with us by email, telephone, or any client portal or matter management platform we make available to you.
      • Indirectly through your interactions with us. We collect Personal Information that you provide indirectly while interacting with us, such as when you use our Site, when you participate in our events, or in the course of communications relating to a matter.
      • From third parties in connection with your matter. In the course of acting on a matter, we may collect Personal Information about you (or about other individuals connected to the matter) from third parties, including from other parties to the matter, your other professional advisers, expert witnesses, public registers, government and regulatory authorities, courts and tribunals, and counterparties and their representatives.
      • From third parties in connection with our business operations. We may also collect Personal Information from third parties for purposes connected to running our business, including from referrers (such as other firms or professional advisers who introduce you to us), from recruitment agencies and job application platforms where you have applied for a role with us and from our analytics, cookie and marketing service providers in relation to your use of our Site.
      • From third-party identity verification and anti-money laundering providers. Where we are required to verify your identity, screen for sanctions or politically exposed person (PEP) status, or verify your source of funds or source of wealth in connection with our anti-money laundering and counter-terrorism financing obligations or our professional obligations of client due diligence, we may collect Personal Information from a range of sources, including: commercial identity verification (KYC) services; the government-managed Document Verification Service (DVS); sanctions lists, PEP databases and adverse media screening services; corporate registers including ASIC and equivalent overseas registers; credit bureaus and other secondary data providers; and financial institutions, revenue offices and public asset registers.
      • From publicly available sources. We collect Personal Information from publicly available sources, including the Australian Securities and Investments Commission (ASIC) and equivalent registers in other jurisdictions, IP registries (such as IP Australia and WIPO), court and tribunal records, news and media publications, and professional networking sites such as LinkedIn.
    • If you provide Personal Information to us about another person (for example, members of your family, employees of your business, directors and officers of a corporate client, or other individuals connected to a matter), you are responsible for ensuring that the individual is aware that you are providing their information to us, has been made aware of this Privacy Policy and how to access a copy of it, and that you have the authority to provide their information to us for the purposes set out in this Privacy Policy.
  • What we collect and what we do with it
    • The Personal Information we collect from you will depend on how you interact with us — for example, whether you are a client, prospective client, a visitor to our Site, a business contact, or a party or witness in a matter we are handling.
    • We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together as follows:
      • ‘Identity Data’ includes first name, last name, title, job title, company, location, date of birth, gender, and other information that appears on your identification documents;
      • ‘Contact Data’ includes billing address, residential and/or business postal address, email address and telephone numbers;
      • ‘Financial Data’ includes trust account ledger details, bank account and payment card details (through our third-party payment processor, Stripe);
      • ‘AML/CTF Data’ includes information about your source of funds, source of wealth, politically exposed person status, sanctions screening status, beneficial ownership, and credit information collected for our anti-money laundering and counter-terrorism financing and client due diligence purposes.
      • ‘Transaction Data’ includes details about fees, disbursements, costs agreements, trust account transactions, payments to and from you, and other details of products and services you have purchased from us;
      • ‘Technical Data’ includes internet protocol (IP) address, your login data for our services, statistics on page views and sessions, acquisition sources, search queries and/or browsing behaviour, browser session data, webpage from which you came, webpage(s) or content you accessed, navigational and log data, information about your access and use of our Site and services, including through the use of internet cookies, time zone settings and geolocation, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the Site;
      • ‘Matter Data’ includes your personal and/or business circumstances and other information that is reasonably required for, or that you provide in connection with, a legal matter we are conducting for you, including correspondence, documents, instructions, court and tribunal materials, expert reports, communications with other parties, and any Sensitive Information you provide in that context, and also includes any personal data contained within data, documents, files, communications, transaction records, stored files, analytics data, metrics, or other materials that you (or your authorised contacts) submit, upload, store, transmit, create, generate, provide or otherwise process when using our services, and all other information that is reasonably required for the purpose of allowing us to provide our legal services;
      • ‘Profile Data’ includes your preferences and feedback you provide to us;
      • ‘Usage Data’ includes information about how you use our Site, products and services including session times, login and logout times, and content accessed;
      • ‘Marketing and Communications Data’ includes your preferences in receiving marketing from us and our third parties and your communication preferences.
    • The table below sets out the purposes for which we typically collect, use and disclose Personal Information, and the categories of Personal Information used for each purpose. We may state a more specific additional purpose when we collect your Personal Information
PURPOSE OF USE / DISCLOSURE PERSONAL INFORMATION CATEGORIES
●     To onboard you as a new client, including conflict checks (for actual and potential clients, and for counterparties), identity verification, anti-money laundering, counter-terrorism financing and other background checks, and engagement letter processes

●     To provide you with our services and conduct a client relationship with you, including taking instructions, providing legal advice and representation, and conducting matters on your behalf

●     To handle correspondence, documents, instructions, court and tribunal materials, expert reports, communications with other parties, and any other materials we receive or generate in the course of acting on your matter

●     Identity Data

●     Contact Data

●     Profile Data

●     Matter Data

●     AML/CTF Data

 

●     To enable you to access and use our Site, any client portal or matter management platform we make available to you ●     Identity Data

●     Contact Data

●     Technical Data

●     Profile Data

●     For internal record-keeping and administrative purposes, including invoicing, billing, trust accounting, maintaining our business records, and updating your account details ●     Identity Data

●     Contact Data

●     Financial Data

●     AML/CTF Data

●     Transaction Data

●     Profile Data

●     To process payments for our services, including through our third-party payment processor, and to operate our trust account in accordance with applicable trust accounting rules ●     Identity Data

●     Contact Data

●     Financial Data

●     Transaction Data

●     To administer and protect our business and IT systems (including troubleshooting, data analysis, testing, system maintenance, security monitoring, support, reporting and hosting of data) ●     Identity Data

●     Contact Data

●     Technical Data

●     Usage Data

●     To operate our Site and any associated platforms, deliver relevant content to you, and to measure or understand the effectiveness of our content and communications

●     For analytics (including profiling on our Site), market research and business development, including to operate and improve our Site, services and associated platforms

●     Identity Data

●     Contact Data

●     Technical Data

●     Profile Data

●     Usage Data

●     Marketing and Communications Data

●     To use data analytics to improve our website, platform and Services, and to develop Aggregated Data in accordance with our Ethical Data Policy ●     Technical Data

●     Usage Data

●     Marketing and Communications Data

 

  • Please note that Financial Data collected and processed for billing and payment purposes is not stored on our servers or other equipment. Payment processing is handled by our third-party payment processor in accordance with their own privacy and security policies.
  • We may also use your Personal Information (however collected) where processing is necessary:
    • to record your preferences (e.g. marketing) to ensure that we comply with applicable data protection laws;
    • to interact with governmental, regulatory or other authorities in relation to you, including in connection with your matter or our legal or professional obligations (including our AML/CTF obligations);
    • where we are required to assist government and law enforcement agencies or regulators;
    • where we retain information to enable us to resolve disputes, enforce our terms, costs agreements and to bring or defend legal claims; and/or
    • where we are required to assist government and law enforcement agencies or regulators, including in relation to any eligible data breach declarations by any of them.
  • The APPs permit use of Personal Information for secondary purposes when those secondary purposes are related to the primary purpose of providing services to you.
  • Where permitted under the APPs, we will use and share Personal Information we hold about you for the following secondary purposes:
    • Adding your details to our mail-out list to inform you of products and services which may affect or interest you;
    • Notifying you of any changes to our business or other news which may be relevant to your circumstances; and
    • Contacting you for sales purposes.
  • If you choose not to provide Personal Information we have asked you for, we may not be able to provide legal services to you or may be limited in the services we can provide.
  • Anonymised and aggregated data
    • We may anonymise or de-identify the Personal Information we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data (“Aggregated Data”). Aggregated Data helps us identify trends, improve our Services, and train our staff and for quality management purposes. Our use of Aggregated Data is governed by our Ethical Data Policy. Aggregated Data is not Personal Information and may be used by us for any lawful purpose.
  • Use of cookies
    • Cookies are small text files that are stored on your browser or device when you visit our Site. They contain information that is transferred to your device.
    • We use our own cookies and third-party cookies on our Site. When you first visit our Site, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies. You can also manage your cookie preferences at any time through the cookie preference centre accessible via the link in the footer of our Site. The following categories of cookies may be used on our Site:
      • Necessary cookies. These are cookies that are required for the operation of the Site. These essential cookies are always enabled because the Site will not work properly without them. They include, for example, cookies that enable certain security functions.
      • Preference cookies. These enable us to recognise you when you return to the Site, to personalise our content for you and remember your preferences.
      • Statistics cookies. These help us to understand how visitors interact with the Site. They include cookies that tell us how long people spend on the Site and the number of times they visit.
      • Marketing cookies. These are used to record your visit to the Site, to make the Site more relevant to your interests.
    • Security measures
      • We hold Personal Information electronically in secure cloud-hosted environments, and may also hold Personal Information locally, including but not limited to on desktop computers, laptops and back-up hard drives, and physical files at our office. We implement and maintain reasonable administrative, technical and organisational safeguards designed to protect the security, confidentiality and integrity of the Personal Information we process.
      • We take all reasonable steps to ensure that your Personal Information is secure from any unauthorised access, misuse or disclosure. However, no system can be guaranteed to be completely secure, and the transmission of information via the internet carries inherent risks. We cannot guarantee the absolute security of your Personal Information at any stage of its handling by us, including in the course of collection, transmission, storage, processing, or disclosure to authorised third parties.
      • Our security measures include:
        • access controls and user authentication (including multi-factor authentication)
        • internal IT and network security
        • regular testing and review of our security measures
        • staff policies and training
        • incident and breach reporting processes
        • business continuity and disaster recovery processes
        • other industry standard safeguards
      • Notifiable Data Breach Scheme (NDBS)
        • If there is a data breach that we are required to notify under the Notifiable Data Breaches Scheme under Part IIIC of the Privacy Act, we will take all reasonable steps to contain the breach and will notify the Office of the Australian Information Commissioner (“OAIC”) and affected individuals in accordance with the requirements of the Privacy Act. We will also keep you informed as appropriate.
        • If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of becoming aware of the suspected breach, or sooner where possible. We will follow guidance published by the OAIC (if available) in making this assessment. If we reasonably determine that the data breach is not likely to result in serious harm to any individuals involved, or that any remedial action we take is effective in preventing serious harm from becoming likely, then we will not notify the affected individuals or the OAIC.
      • How long we keep your Personal Information
        • We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for, including to comply with our legal, regulatory and professional obligations.
        • To decide how long to keep Personal Information (also known as its retention period), we consider the volume, nature, and sensitivity of the Personal Information, the potential risk of harm to affected individuals if an incident were to happen, whether we require the Personal Information to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using Aggregated Data instead), and any applicable legal and professional requirements (e.g. minimum accounting records for tax authorities and file retention obligations under applicable legal profession rules).
        • We apply the following tiered indicative periods by data category, subject to longer retention where required by law or our professional obligations:
Data category Retention period
●    Identity Data

●    Contact Data

Retained for the duration of our relationship with you and for up to 7 years after its conclusion, to comply with Australian limitation periods and regulatory requirements.
●    Financial Data Not stored on our servers (processed by our third-party payment processor).
●    Transaction Data Retained for 7 years after the relevant transaction for tax, audit and legal compliance purposes.
●    Technical Data

●    Usage Data

Retained for up to 2 years from collection, unless required for legitimate security, troubleshooting or compliance purposes.
●    Matter Data Retained for at least 7 years after the closure of the matter, in accordance with our professional obligations. Files relating to wills, deceased estates, trusts and certain family law matters may be retained for substantially longer periods having regard to the nature of the matter.
●    Marketing and Communications Data Retained until you withdraw your consent or opt out, and for a reasonable period thereafter to action your request.

 

  • If you have asked for information from us or you have subscribed to our mail-out list, we keep your details until you ask us to stop contacting you.
  • After the relevant retention period, we will take reasonable steps to destroy or de-identify the Personal Information in accordance with APP 11.2 and our professional obligations.
  • Who we share your Personal Information with
    • We may share your Personal Information with the following categories of third parties, for the specified reasons:
    • When we share your Personal Information with third parties who process it on our behalf, we take reasonable steps to ensure that those third parties are bound by appropriate contractual obligations regarding the handling, security and confidentiality of Personal Information.
Category of third party Reason for sharing your Personal Information
Our personnel, including employees, contractors and counsel we engage on your matter To perform our services and to run our business
Other parties to your matter, their legal representatives, courts, tribunals, mediators and other dispute resolution practitioners Where reasonably necessary for the conduct of your matter, or where required by law or by an order or rules of a court or tribunal
Service providers, including providers of cloud hosting, document management, practice management, conveyancing platforms (such as PEXA), payment processing, AV conferencing, IT and security services, and marketing agencies We rely on these providers to conduct our business
Any authorised government or regulatory or self-regulatory authority or enforcement agency Where we are required or authorised by law to disclose Personal Information or to protect the rights, property or safety of our business, our clients or others

 

Professional advisers or contractors, such as our auditors, accountants, or lawyers or other professional consultants, and other contractors To obtain relevant advice and services in running our business
As part of or in connection with a sale of our business, or a merger, reorganisation, investment, change in control, transfer of substantial corporate assets, liquidation or similar transaction For the purposes of the relevant transaction
Affiliates and related companies To provide the services
  • Confidentiality and Legal Professional Privilege
    • Our handling of client information is overlaid by our professional obligations of confidentiality at general law, under the rules of the legal profession in each jurisdiction in which we practise. Much of the information we hold about clients and their matters is also subject to legal professional privilege (also known as client legal privilege). Nothing in this Privacy Policy is intended to waive or derogate from legal professional privilege, and we will take reasonable steps to preserve privilege in our handling and disclosure of client information.
    • Family law matters are subject to particular restrictions on publication of identifying information under Australian family law legislation. We handle Personal Information relating to family law matters with those restrictions in mind, and we will not disclose information in a manner that would contravene them.
  • Direct marketing
    • By providing us with your Personal Information, you consent to us using it for direct marketing purposes in accordance with Australian Privacy Principle 7. We may contact you with information about our products, services, events and other matters that may be of interest to you. All marketing communications will include a clear and easy mechanism to opt out.
    • You may at any time opt out of receiving marketing communications by clicking the “unsubscribe” or “opt-out” link in any marketing email we send you, or by contacting us using the details in the “Contacting us” section below.
    • If you directly signed up to marketing communications in the course of your engagement, we will provide those marketing communications to you. We will not send direct marketing communications to individuals whose Personal Information we hold solely because they are connected to a matter we are conducting (for example, counterparties, witnesses, beneficiaries, or other third parties whose information forms part of Matter Data). However, in the course of acting on a matter, we may send non-marketing communications to such individuals where necessary to progress the matter or to comply with our professional obligations, including (without limitation) correspondence, requests for information, service of documents, scheduling communications, and other operational correspondence sent in connection with the matter.
  • Transfers of Personal Information out of Australia
    • Your Personal Information may be transferred to, or stored in, locations outside Australia for a variety of reasons, including where our cloud hosting providers, payment processors, or other service providers are located overseas. A current list of these providers and the countries in which they operate is available on request by contacting our Privacy Officer.
    • Before transferring your Personal Information overseas, we take reasonable steps to ensure that the overseas recipient handles it in accordance with the Australian Privacy Principles, or that the recipient is subject to a law or binding scheme that is substantially similar to the Australian Privacy Principles (as required by Australian Privacy Principle 8).
    • However, if we transfer your Personal Information to a recipient in a country with data protection laws which are at least substantially similar to the Australian Privacy Principles (“APP”), and where there are mechanisms available to you to enforce protection of your Personal Information under that overseas law, we will not be liable for a breach of the APPs if your Personal Information is mishandled in that jurisdiction.
  • Your rights under the Australian Privacy Principles and the Privacy Act
    • Under the Privacy Act and the Australian Privacy Principles, you have the following rights in relation to your Personal Information:
      • Access to Personal Information.
        • You can request access to your Personal Information, subject to certain exceptions. For example, we may, in accordance with the APPs, refuse to provide you with access if, for instance, granting you such access would have a negative impact on the privacy of another person.
        • We will endeavour to provide access in the manner requested by you if it is reasonable and practicable to do so, otherwise we will take such steps as are reasonable to provide access in a way that meets both your and our needs.
        • We may charge you for providing access to your Personal Information. You will be advised of the relevant charge and asked to make payment prior to access being provided.
        • If we refuse your request for access on any ground permitted by law, we will give you written notice in accordance with the Privacy Act, setting out the ground/s of the refusal (except to the extent that it would be unreasonable to do so) and the mechanisms to complain about the refusal.
      • Correction of Personal Information
        • You can request corrections to any inaccurate, outdated, incomplete or misleading information regarding your Personal Information. If you request correction, we will address it within a reasonable timeframe and notify you of the outcome.
        • Where Personal Information which has previously been disclosed to another organisation in accordance with the Privacy Act and this Privacy Policy has been corrected you may ask us to notify the other organisation of the correction. We will take such steps as are reasonable to give that notification unless it is impracticable or unlawful to do so.
        • If we refuse your request to correct your Personal Information we will give you written notice in accordance with the Privacy Act, setting out the ground/s of the refusal (except to the extent that it would be unreasonable to do so) and the mechanisms to complain about the refusal.
        • If we refuse your request to correct your Personal Information, you may request that we associate with your Personal Information in a statement that in your view the information is inaccurate, out of date, incomplete, irrelevant or misleading. We will take such steps as are reasonable to associate the statement with your Personal Information in such a way that the statement will be apparent to users of the information.
        • We have an independent obligation to take reasonable steps to correct Personal Information that is inaccurate, out-of-date, incomplete, irrelevant or misleading.
      • You can ask us to delete or de-identify your Personal Information if there is no good reason for us to continue holding it.
      • You can ask to have your Personal Information, where technically feasible, sent to another organisation, where we hold this Personal Information with your consent or for the performance of a contract with you.
      • You can ask us not to send you any marketing materials. However, we may still send you newsletters and updates about your account, if you are a business contact.
      • If you are unhappy with the way we collect and use your Personal Information, you can complain to the OAIC, but we would encourage you to contact us first so that we can try to address your concerns.
    • To contact us or submit requests in relation to any of the above, please contact our Privacy Officer. Please note that we may ask you to verify your identity before responding to such requests. If your request is complex or involves a large amount of Personal Information, we may need up to 30 days to respond.
  • Use of artificial intelligence and automated decision making
    • We may use artificial intelligence and machine learning technologies, including those provided by third parties (which may include AI features integrated into the software and platforms we use to deliver our services) (together, “AI Technologies”), in the course of running our business and delivering legal services to you. We will only use AI Technologies where we are legally permitted to do so, where doing so is consistent with our professional obligations of confidentiality and legal professional privilege, and where we consider it necessary, expedient or beneficial for those purposes.
    • We may use AI Technologies for purposes including:
      • to support, improve, and optimise the delivery of our legal services and the operation of our business;
      • to automate certain processes and communications, including administrative or routine tasks such as document drafting assistance, summarisation, research, note-taking, and correspondence drafting;
      • to enhance and personalise your experience with us; and
      • for quality assurance purposes.
    • Where we use AI Technologies, we will take reasonable steps to ensure your Personal Information is handled with due care and in accordance with applicable privacy laws and our professional obligations.
    • We will not input your Personal Information (or any Matter Data) into any publicly available AI Technologies (meaning commercially or freely available AI models that are not subject to confidentiality and data-use restrictions appropriate to legal practice), and we will take reasonable steps to ensure that your Personal Information is not used to train any AI Technologies datasets.
    • To the extent we do input your Personal Information into any AI Technologies, we will only do so through tools that are subject to appropriate confidentiality, security and data-use restrictions, and we will use that information only to deliver legal services to you and to improve our internal business processes. Your Personal Information will not be used to train or improve any publicly available AI models, and access will be restricted to our personnel and authorised service providers.
    • Our use of AI Technologies, and the other automated tools we use in our practice, are intended to assist our lawyers and other personnel and do not replace independent professional judgment. None of our AI Technologies or other automated tools make decisions that produce legal effects concerning you or that similarly significantly affect you. You continue to receive legal services from us under the supervision of qualified legal practitioners, and we retain full responsibility for the legal work product and advice we provide to you.
  • Contacting us and complaints
    • If you have questions, requests or concerns about your Personal Information or this Privacy Policy, please contact our Privacy Officer at [email protected]. We will take such steps as are reasonable to investigate any issue and respond to you within a reasonable time (and in any event within 30 days of receiving your request).
    • If you are not satisfied with our response to a privacy complaint, you are entitled to lodge a complaint with the Office of the Australian Information Commissioner (OAIC). We would encourage you to contact us first so that we can try to address your concern. The OAIC can be contacted at www.oaic.gov.au or by telephone on 1300 363 992.