top of page

PRIVACY STATEMENT 

Introduction

​

FIRSTCOUNSEL and our affiliates ("we", "us", or "our") are committed to protecting and respecting your privacy. This Privacy Statement explains how we collect, handle and/or process personal data about individuals who engage with our services, visit our website(s), or otherwise interact with us. This Privacy Statement outlines our commitment to the Australian Privacy Act 1988 (Cth) and the UK's implementation of the General Data Protection Regulation ("UK GDPR") and to data security. 

​

About Us

FIRSTCOUNSEL is a group of companies providing  consulting and legal services, with operations in Australia and the United Kingdom. For the purposes of applicable UK data protection legislation, FIRSTCOUNSEL will generally be the first data controller of your personal data.

​

Personal Data We Collect

We may collect, handle and/or process the following categories of personal data:

​

Client Data

  • Identity data: name, title, date of birth, gender, nationality

  • Contact data: address, email address, telephone numbers

  • Financial data: bank account details, payment details, billing information

  • Professional data: job title, company, business sector

  • Matter data: information relevant to your legal or consulting matter or other query

  • Due diligence data: identification documents, background check information

  • ​

Website Visitor Data

  • Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform

  • Usage data: information about how you use our website, products and services

  • Marketing preferences: your preferences in receiving marketing from us

  • ​

Recruitment Data (for job applicants)

  • Identity and contact data

  • Professional and education data: CV, qualifications, employment history, references

  • Interview data: notes from interviews, assessment results

 

How We Collect Your Personal Data

We collect personal data through various channels:

  • Direct interactions: information you provide when you engage our services, create an account on our website, subscribe to publications, request marketing materials, apply for a job, or otherwise communicate with us

  • Automated technologies: as you interact with our website(s), we may automatically collect technical data about your equipment, browsing actions and patterns through cookies and similar technologies (see our "Cookies and Similar Technologies" section below)

  • Third parties: we may receive personal data about you from various third parties such as credit reference agencies, client referrals, or publicly available sources

​

Legal Basis for Processing (UK GDPR)

Under the UK GDPR, we rely on the following legal bases for processing your personal data:

  • Performance of a contract: processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract

  • Legitimate interests: processing necessary for our legitimate interests or those of a third party, provided your fundamental rights do not override these interests

  • Legal obligation: processing necessary for compliance with a legal obligation

  • Consent: where you have given consent to the processing of your personal data for specific purposes

​

Purposes for Processing

We collect, handle and/or process your personal data for the following purposes:

  • To provide legal, consulting, corporate and other services to you or your organization

  • To manage our relationship with you

  • To comply with legal and regulatory obligations

  • To manage and administer our business

  • To conduct due diligence and conflict checks

  • To process payments and maintain accounting records

  • To communicate with you about our services

  • To improve our services and website

  • To provide tailored marketing, if you have consented

  • To recruit and assess potential employees

​

Cookies and Similar Technologies

Our website(s) use cookies and similar tracking technologies to distinguish you from other users. This helps us provide you with a good experience when browsing our website and allows us to improve our site.

Cookies are small text files that are placed on your device when you visit our website. We use the following types of cookies:

  • Strictly necessary cookies: required for the operation of our website

  • Analytical/performance cookies: allow us to recognize and count visitors and analyze website traffic

  • Functionality cookies: used to recognize you when you return to our website

  • Targeting cookies: record your visit to our website, the pages you visit, and the links you follow

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

​

Marketing Communications

We may use your personal data to form a view on what legal services or information we think may be of interest to you. You will receive marketing communications from us if you have:

  • Requested information from us

  • Engaged our services

  • Provided us with your details when registering for an event, promotion, or publication

  • Explicitly consented to receive such communications

You have the right to opt out of receiving marketing communications from us at any time by:

  • Clicking the "unsubscribe" or "opt-out" link in any marketing email we send

  • Contacting us directly using the details provided in the "Contact Us" section below

  • Updating your communication preferences through our website or your account settings

​

Disclosure of Your Personal Data

We may share your personal data with:

  • Other FIRSTCOUNSEL affiliates and partners, and their entities or offices

  • Professional advisers working on your matters, including barristers, expert witnesses, accountants, tax and other specialist advisors

  • Service providers who provide IT, system administration, platform services, marketing, and other business support

  • Regulators, law enforcement bodies, government agencies, courts, or other third parties where required by law or regulation

  • Potential buyers in the event of a proposed sale or restructuring of our business

 

International Transfers

We may transfer your personal data to countries outside Australia and the UK/European Economic Area (EEA). When we do so, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:

  • Transferring data to countries that have been deemed to provide an adequate level of protection

  • Using specific contracts approved by relevant authorities (such as the Standard Contractual Clauses)

  • Implementing additional technical and organizational measures to protect your personal data

​

Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

​

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

In determining appropriate retention periods, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, as well as applicable legal requirements.

​

Your Legal Rights

Under the Australian Privacy Act 1988 (Cth) and UK GDPR, you have various rights in relation to your personal data, including rights to:

  • Access your personal data

  • Correct inaccurate personal data

  • Request erasure of your personal data

  • Object to processing of your personal data

  • Request restriction of processing your personal data

  • Request transfer of your personal data

  • Withdraw consent where we rely on consent to process your personal data

 

To exercise any of these rights, please contact us using the details provided in the "Contact Us" section below. You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, or we may refuse to comply with your request in these circumstances.

​

Changes to This Privacy Statement

We reserve the right to update this Privacy Statement at any time. Any changes will be posted on our website with an updated revision date. We encourage you to review this Privacy Statement periodically to stay informed about how we are protecting your personal data.

​

Contact Us

If you have any questions about this Privacy Statement or how we handle your personal data, please contact our Data Protection Officer:

Email: info@firstcounsel.au

​

Complaints

If you are concerned about how we have handled your personal data, please contact us in the first instance. If you remain unsatisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority:

In Australia: Office of the Australian Information Commissioner (www.oaic.gov.au) In the UK: Information Commissioner's Office (www.ico.org.uk)

​

Last Updated: 27 March 2025

​

 

​

​

bottom of page