Privacy Policy for AML/CTF obligations
Our commitment
We are committed to protecting your privacy. We collect, use, share, process, and manage Personal Information only as reasonably necessary for carrying out our functions and activities.
If we prepare to provide, provide you with, or reasonably anticipate that we may provide you with, any Designated Services, we will handle your Personal Information provided in relation to those services in an open and transparent way, subject to our legal obligations, in accordance with this Privacy Policy.
What does this Privacy Policy cover?
This policy applies only to Personal Information handled in connection with our AML/CTF obligations under the AML/CTF Framework. Other parts of our legal practice may be outside the Privacy Act. We still handle that information confidentially under the legal profession legislation, including the Legal Profession Uniform Law Application Act 2014 (NSW), including the Legal Profession Uniform Law Australian Solicitors’ Conduct Rules 2015 (NSW).
Meaning of words used in this Privacy Policy
In this Privacy Policy the terms listed have the following meanings:
| AML/CTF Act | Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). |
|---|---|
| AML/CTF Framework | AML/CTF Act, AML/CTF Rules and AUSTRAC-issued guidance. |
| AML/CTF Rules | Anti-Money Laundering and Terrorism Financing Rules 2025 (Cth) made under the AML/CTF Act. |
| APP/s | The Australian Privacy Principles in Schedule 1 of the Privacy Act. |
| AUSTRAC | Australian Transaction Reports and Analysis Centre. |
| We, us, our | DKD LEGAL & CONVEYANCING PTY LTD ABN 15 622 074 168. |
| Privacy Act | Privacy Act 1988 (Cth). |
What privacy law applies to our relationship
We are a “small business operator” under s 6D of the Privacy Act and become subject to the Privacy Act, for the first time, only in relation to AML/CTF-related activities by operation of s 6E(1A) of that Act.
Accordingly, the Privacy Act, including the APPs, applies only to our collection, use, sharing, processing, and management of Personal Information required to comply with our obligations under the AML/CTF Framework.
How do we collect Personal Information?
We collect Personal Information only by lawful and fair means.
We may collect Personal Information when you, your organisation, or those acting on your or your organisation’s behalf:
- visit us or meet with our representatives;
- communicate with us, including by post, email, social media, telephone or text message;
- register to attend, present at or otherwise participate in a meeting, conference or event hosted or presented by us; and/or
- engage us to provide services, including when you supply KYC Information in response to our direct request.
What Personal Information do we collect?
We are required by law under the AML/CTF Act to collect and verify certain Personal Information and may be prohibited from providing services if we cannot do so. In particular, we collect KYC Information as required by the AML/CTF Act which may include names, addresses, location, contact details, job titles, services and transactions obtained, offered and supplied including usage history, including information about the time, place, and circumstances of our interactions with you.
We may infer information about you from your engagement with us and your activities. We may also collect Sensitive Information where required for compliance with the AML/CTF Framework or where otherwise permitted by law.
What happens if you don’t provide us with requested Personal Information?
If you do not provide requested Personal Information, we may be unable to provide Designated Services and/or comply with our legal obligations.
Purposes of collection of Personal Information
We collect and use Personal Information to carry out our activities and functions including providing you with Designated Services, complying with our regulatory obligations, and adhering to relevant legal and professional requirements.
Disclosure of Personal Information
Third parties
Subject to legal requirements, we do not share your Personal Information with any third parties except:
- with your express permission; and
- to contracted service providers to organise or facilitate the efficient and effective administration, management or delivery of our services.
Legal requirements
We may use or disclose your Personal Information in circumstances where required by law and/or expressly permitted by the Privacy Act, including to AUSTRAC and other government agencies where required under the AML/CTF Framework.
Business transactions
If we are involved in a merger, acquisition or asset sale, your Personal Information may be disclosed in confidence as part of a due diligence process and may be transferred to the new owner.
How do we protect your information?
We hold Personal Information in hard copy and electronic formats. We take reasonable steps to prevent unauthorised access, disclosure, alteration, destruction or loss of Personal Information using physical, operational and technological security measures.
- staff education and training;
- administrative and technical controls to restrict access;
- firewalls, encryption and anti-virus software.
Where a data breach is likely to result in serious harm, we will comply with the Notifiable Data Breaches scheme in the Privacy Act, including notifying the OAIC and affected individuals, as required.
Can your Personal Information be accessed offshore?
We maintain your Personal Information physically and electronically within Australia unless we have agreed with you to share your Personal Information with third parties offshore.
Some electronic services we use may process data, but those services are not entitled to access or use the Personal Information held by us except as required for delivery of the contracted service.
How you can access and correct your Personal Information
We will respond to inquiries from an individual regarding whether we hold any Personal Information relating to that individual and will allow access to and correction of any such Personal Information subject to the Privacy Act.
If you believe that the Personal Information we, or our contracted third party, hold about you is inaccurate, out-of-date, incomplete, irrelevant, or misleading, you may request that we correct it by contacting our Privacy Officer.
You can contact our Privacy Officer by email at [email protected].
How you can complain about our information handling practices
All privacy-related inquiries and complaints are handled by our Privacy Officer. If you have concerns regarding our management of your Personal Information, or if you believe we have breached the APP/s, please contact our Privacy Officer in writing setting out the details of your complaint.
- We will acknowledge receipt of your written complaint within a reasonable time, usually within seven days.
- Our Privacy Officer will conduct an internal investigation into your complaint.
- We will endeavour to complete our investigation and provide you with a written response within 30 days of receiving your complaint.
If you are not satisfied with our response, or if we do not resolve your complaint within 30 days, you are entitled to escalate your complaint by lodging a complaint with the Office of the Australian Privacy Commissioner.
Date reviewed: June 2026.
