This policy details how we collect, use and disclose “personal information”, being information or an opinion (whether true or not, and recorded in a material form or not) about an identified, or reasonably identifiable, individual.
G+T is a leading independent corporate Australian law firm. The types of personal information that G+T collects will depend on the nature of your dealings with us. Please note that, while we seek to minimise the personal information we collect, if you do not provide us with the personal information we request, we may not be able to provide you with the services, information or other assistance you seek.
We may collect personal information from you in the following circumstances:
- you, or the company that you work for, engage our services (legal or otherwise);
- you, as the client, purchase or subscribe to client services offered on the G+T platform including “Smart Counsel”;
- you subscribe to or opt-in to receiving a G+T newsletter or other form of G+T update (such as our online publications);
- you subscribe to any of our websites (or sub-domains such as our Careers page) or to one of our mailing lists;
- you register for, or attend, a G+T seminar, webinar or other hosted event (virtual or in-person);
- you correspond with our employees or Partners;
- you have business dealings with us (whether as one of our suppliers, or as a regulator we deal with, or in the context of a transaction);
- in the course of conducting a matter for a client, including regulatory investigations, litigation proceedings or due diligence, where you are related to the matter in some capacity;
- you, or the company that you work for, is a counterparty, or provides services to a counterparty, of our client;
- you, or the company that you work for, engage us to provide services including when you supply Know Your Customer (KYC) information in response to our direct request;
- you attend an information session or recruitment event with us (e.g. a university careers event) (virtual or in-person);
- you apply, or register your interest for, employment or a work placement opportunity with G+T (see Section 8 of this policy);
- you otherwise provide your personal information to us, such as where you supply your business card to us; or
- it is required by law to do so.
For detailed information as to how we collect, use and disclose the personal information of job applicants, please refer to Section 8 of this policy.
The personal information we collect may include your name, title, address and e-mail address and contact numbers (telephone, fax, mobile). If necessary for the purposes of providing advice to you, or for providing you with other information (such as email updates) sometimes we may collect other personal information from you, such as the areas of our practice or related expertise which you are interested in. However, we endeavour not to collect personal information that we do not need.
Where personal information is collected for AML/CTF purposes, we do not retain copies of full identity documents (such as passports or driver licences). Instead, we retain only the specific information required by law, such as relevant identification details, the type of document relied upon, verification outcomes and AML/CTF risk assessments.
Generally, we endeavour to collect personal information directly from the individual concerned. However, if this is not practicable, we may collect personal information about individuals from third parties, including from publicly available sources. If we do, we will take reasonable steps to ensure that the individuals concerned are made aware of the collection of their information.
If you are one of G+T’s ‘business contacts’ (e.g. a person working for one of our clients or suppliers, or in a government agency or other company with which we deal when you correspond with one of our employees or Partners or a contact person in one of our suppliers, or in a government agency or company with which we deal) we may collect basic business contact information from you (e.g. your name, title and work contact details) automatically using the details in your email signature.
In respect of the AML/CTF Act, we may collect sensitive information, including your biometric information to perform identity verification. We will seek your consent and provide notice through our verification provider before the biometric verification process is undertaken, unless a specific legal exception applies. In addition to the circumstances described above, we may collect sensitive information without consent where this is required or authorised under the AML/CTF Act. This may include information relevant to determining whether an individual is a politically exposed person or subject to sanctions.
Personal information collected for AML/CTF compliance
Gilbert + Tobin is, or will be, a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). We are required by law under the AML/CTF Act to collect and verify certain personal information and may be prohibited from providing services if we cannot do so.
Where required to comply with the AML/CTF Act and associated Rules, we may collect, hold, use and disclose personal information for purposes including customer due diligence, ongoing customer monitoring, risk assessment, reporting to regulators and record keeping. In particular, we may collect KYC Information as required by the AML/CTF Act, including:
- the identity of our customer and contact details;
- any information to support the verification of a person’s identity (government-issued identity document details, images of identity documents, facial images, liveness information, biometric information and verification metadata);
- the identity of any person on whose behalf our customer is receiving the service;
- the identity of any person acting on behalf of the customer including their authority to act;
- if the customer is not an individual, the identity of any beneficial owners;
- whether the customer, beneficial owner, or any person acting on their behalf is a politically exposed person or a person designated for targeted financial sanctions;
- information regarding source of wealth and source of funds;
- the nature and purpose of the business relationship or transaction; and
- information regarding any other matter specified in the AML/CTF Rules.
Personal information (including sensitive information) for AML/CTF purposes is collected only where reasonably necessary to comply with our legal obligations and only in connection with matters where a designated service is, or is reasonably likely to be, provided. Not all legal engagements require the collection of personal information for AML/CTF purposes.
Where we use electronic or biometric identity verification, we may also use third-party verification providers to verify identity information, assess whether a person matches an identity document, conduct liveness or fraud checks, and provide verification outcomes.
Where required by law, or where reasonably necessary, having regard to ongoing risks related to AML/CTF purposes, the verification method used, auditability, fraud risk, disputes, regulatory enquiries, enhanced due diligence, suspicious matter assessment or ongoing customer due diligence, we may retain limited copies or images of identity documents, facial images or related verification artefacts to ensure compliance with the AML/CTF Act or other obligations pursuant to the AML/CTF Act and related Rules.
G+T’s policy is only to use personal information collected from business contacts for the business purpose for which it was collected, or as otherwise provided for in this policy. Personal information collected from other persons (such as prospective employees, subscriber to our knowledge services, etc) is similarly used to fulfil the purposes for which information was collected in the first place, or occasionally for reasonably related purposes.
G+T uses your personal information:
- to provide you or a client with our products and services, including the provision of legal advice and management of our client’s legal matters;
- in connection with the fulfilment of a legal or regulatory obligation;
- to comply with obligations under the AML/CTF Act and AML/CTF Rules, including customer due diligence, monitoring, reporting and record keeping, and to disclose information to regulators such as AUSTRAC where required or authorised by law.
- to send legal or other updates relevant to us or you and to market our products and services to you;
- in connection with your job application (see Section 8 of this policy);
- where we have a legitimate interest that is not overridden by your rights under the law;
- for any reason that you (or your organisation) has provided consent;
- for the performance of a contract with you or your company;
- to respond to any enquiries or complaints; and
- to conduct our business.
We also collect personal information so that we can communicate new legal or firm developments, including advertising products or services (including events) that we offer, to our clients and to those people who have subscribed to our website, alert services or mailing lists.
If, at any time, you do not wish to receive these kinds of communications, please let us know using the contact details set out in Section 9 below.
G+T does not sell or trade personal information about you to or with third parties. Personal information may be disclosed to others by G+T in the circumstances described below:
3.1 Disclosures to external service providers
G+T may disclose personal information to external service providers who provide services to you or us, including those who help us operate our business. Examples of our external service providers include: third party data storage providers; IT and other software and systems providers; companies who provide photocopying and archiving services; advertising and marketing agencies who assist us with our campaigns and programs, and research organisations and consultants who conduct research on our behalf. If G+T engages external service providers, G+T takes steps to ensure that those external service providers: comply with the APPs when they handle personal information about you; and are authorised only to use personal information that we provide to them for the purposes specified in our agreement with them.
G+T may also disclose personal information to external service providers to organise or facilitate the efficient and effective administration, management or delivery of our services. This may include service providers that support our due diligence processes associated with complying with our AML/CTF obligations.
3.2 Nexl and Swift Digital
G+T uses a third-party customer records management system, Nexl, and marketing automation platform, Swift Digital, for certain information that we collect (which may contain personal information), including:
- Nexl is integrated with our firm’s mail server. This integration enables Nexl to identify the sender and recipient of emails without accessing the content or subject of the emails (this does not include personal email domains, EAP programs or internal email domains);
- details in online forms where clients can subscribe to G+T information and/or events;
- where clients opt into marketing communications;
- where clients sign up to events via the G+T website;
- where clients attend an event and provide their contact details at the event;
- where clients access webinars (using their name and email address), including those who have been forwarded an online seminar link from a third party; and
- where clients manually request to add or update their details and areas of interest in Nexl and Swift Digital.
Client details that are added into Nexl and Swift Digital are used to market G+T services to them, such as future seminars or webinars that may be of interest to that client. If, at any time, you do not wish to receive these kinds of communications, please let us know using the contacts details set out in Section 9 below.
3.3 Disclosures overseas
Where G+T engages external service providers, we ensure that wherever possible, our data is stored within Australia. Some of our vendors do, however, store data in overseas locations, such as the UK, New Zealand, USA, and South Africa. In applicable situations, G+T takes reasonable steps to ensure that any overseas recipient does not breach the APPs in relation to that information. Such overseas disclosures are only made in connection with the primary purpose for which the personal information has been collected.
In respect of identity verification conducted through our verification provider for AML/CTF purposes, verification data is hosted in Australia unless otherwise notified.
3.4 Disclosures required or authorised by law
G+T may use or disclose personal information where required or authorised by law, including under the Privacy Act, the AML/CTF Act or AML/CTF Rules. This may include disclosures to AUSTRAC and other regulators where legally required or authorised. Certain disclosures and restrictions on disclosure may apply under AML/CTF secrecy and tipping off provisions. In these circumstances, we are prohibited from notifying you of disclosures to AUSTRAC and may be prohibited from notifying you of disclosures to other government agencies or authorities.
G+T is also bound by professional obligations of confidentiality, including in relation to personal information.
G+T takes reasonable steps to ensure the security of your personal information. Our premises are in secure buildings with access restricted to pass card holders. Our IT systems are secured against external threats by various means, password protected and tested through regular audit and data integrity checks. We frequently update our anti-virus software to protect our systems (and the data contained in those systems) from computer viruses. In addition, all G+T employees are required, as a condition of employment, to treat personal information held by G+T as confidential.
Personal information collected for AML/CTF purposes, including KYC information, is retained only for the period required by law. Once no longer required for AML/CTF or other permitted purposes, personal information is securely destroyed or de-identified in accordance with applicable legal requirements.
Under the Privacy Act, you have the right to:
- seek access to your personal information handled by G+T;
- ask us to update or correct your personal information when it is inaccurate, incomplete or out of date; and
- opt-out of receiving direct marketing communications from us.
If you wish to access the personal information that G+T holds about you, please set out your request in writing, and forward this to our Privacy Officer, using the contact details set out at the end of this policy.
To provide you with access to your personal information held by us on our current records, G+T can provide you with a copy of the relevant personal information (ordinarily, an electronic print-out or a photocopy). G+T will not charge you for the cost of providing this type of access to these current records.
Access to, and correction of, personal information may be limited or refused where required or authorised by law, including where providing access or information would breach obligations under the AML/CTF Act, such as secrecy or tipping off provisions. In such circumstances, G+T may be unable to provide reasons for refusal.
For legal and administrative reasons, G+T may also archive non-current records containing personal information, such as back up data files and offsite storage. Please note that if we do provide access to old records, we may charge you for the cost of providing such access.
Additional information about how G+T handles personal information for AML/CTF compliance is set out in this Privacy Policy under the sections dealing with regulatory obligations.
If you are of the view that personal information about you is inaccurate or out of date, or if you have any other queries about access and correction, please contact our Privacy Officer using the contact details set out in Section 9 below.
6.1 Use of cookies
When you visit our website, a small data file called a "cookie" may be stored on your internet enabled device. We use cookies or similar digital markers to maintain user sessions and track the behaviour of website visitors. This enables us to keep our site relevant and useful. However, generally this information will not identify you. We do not link this information back to your identity or other information that you have provided to us.
We and our service providers also use cookies and other digital markers (e.g. Clear GIFs’) to assist us with our online marketing services and advertise to our website visitors on other third-party websites or platforms (e.g. Google Ads Services or LinkedIn). Cookies placed on third party websites help us to monitor the efficacy of our business relationships with third parties, improve performance as well as personalise your experience when you visit our and our service providers’ websites. When you visit other websites or platforms, you may see an advertisement for Gilbert + Tobin’s products or services because you have previously visited our website. Gilbert + Tobin may disclose the information collected via use of cookies on our websites to third parties for marketing purposes.
By using our website(s) and not opting-out of cookies, you consent to our use of cookies in accordance with the terms of this Privacy Policy.
- Most web browsers are set by default to accept cookies. However, if you do not wish to receive cookies you may set your browser to either prompt or refuse cookies (including Gilbert + Tobin’s cookies). If you use your browser settings to block all cookies, you may not be able to access and/or use all or parts of our website.
6.2 Access to other websites
Sometimes our website contains links to other websites, for your convenience and information. When you access a website other than www.gtlaw.com.au, please understand that G+T is not responsible for the privacy practices of that site. We suggest that you review the privacy policies of each site you visit.
If you wish to make a complaint about how G+T handles your personal information, please contact us setting out your complaint in writing, and forward it to our Privacy Officer, using the contact details in Section 9 of this policy.
We will deal with all requests for access to personal information or complaints as quickly as possible and will endeavour to get back to you within a reasonable timeframe.
If you are not satisfied with our response to your complaint you can make a formal complaint to the Office of the Australian Information Commissioner through their website at https://www.oaic.gov.au/, by emailing enquiries@oaic.gov.au or by calling 1300 363 992.
G+T collects information about and from individuals who apply for employment with G+T, including job placements and internships. The information we collect may include an individual’s personal information, and includes the applicants:
- contact details;
- gender;
- in some cases, racial background (see below);
- educational and employment history, and relevant qualifications;
- eligibility to work in Australia; and
- referees’ contact details.
In addition, G+T may collect any personal information that an individual chooses to disclose during the process of an application, which could include sensitive information.
We may collect this information directly from the job applicant, such as via the G+T platform, including “G+T Talent Community” in response to an advertised job listing, or indirectly from a third party, including from a recruitment agency. If necessary, we will also collect information about applicants from referees and from other public sources, such as professional social networking sites like LinkedIn.
If the applicant proceeds to the interview stage, we will collect further information about the applicant’s participation in and performance during any interview.
G+T is committed to a policy of diversity and inclusion. For this reason, we also collect information as to whether a job applicant identifies as Aboriginal or Torres Strait Islander. We collect this information for the sole purpose of monitoring the implementation of our equal employment opportunities policy. G+T will not use this information for any other purpose.
If you do not provide us the information we request, we may not be able to process or assess your job application.
G+T uses the personal information we collect about job applicants to assess their eligibility and suitability for employment with the firm. Generally, our assessment of applicants’ personal information will relate to a particular role. However, we may also retain and use applicants’ personal information to assess their suitability for other roles with the firm. We may disclose personal information to service providers that conduct background and eligibility checks on our behalf. In some cases, we may send details of your application to our clients if they are looking to fill a role internally that we believe an applicant may be eligible for.
G+T stores all personal information relating to our job applicants in Australia and that information is not accessible to third parties located outside Australia.
This G+T Privacy Policy may change from time to time. The G+T Privacy Policy will be made available to anyone who requests it, whether at our offices or by use of our website.
If you have any questions or comments about the G+T Privacy Policy, please set out your request in writing, and forward this to our Privacy Officer, using the contact details below.
Email: GTPrivacy@gtlaw.com.au
Audience: Privacy Officer and Delegates
Post: Gilbert + Tobin, GPO Box 3810, Sydney NSW 2001
Telephone: + 61 2 9263 4000
Fax: + 61 2 9263 4111
This Privacy Policy applies to:
- The Gilbert + Tobin partnership
- The G+T Services Company Pty Limited.
Our Privacy Policy was last reviewed on 17 June 2026