PRIVACY POLICY
Morgan Mac Lawyers
Last updated: June 2026
- Introduction
Morgan Mac Lawyers (“we”, “us”, “our”) are committed to protecting your personal information and handling it in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
This Privacy Policy explains how we collect, use, store, disclose and protect personal information, including information used to verify your identity.
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. A current version of this Policy is always available on our website at www.morganmac.com.au.
- What Personal Information We Collect
We may collect personal data from you or individuals working for or associated with your organisation in various circumstances, including in the provision of legal services.
The types of personal data we collect and the purposes for which we may use it include those set out below.
Anti-money laundering and counter-terrorism financing (AML/CTF) compliance
We may collect and hold personal information needed for the purposes of providing legal services and meeting our AML/CTF obligations, including, but not limited to:
- full name
- date and place of birth
- residential or business address
- email address and phone number
- Government-issued identification details, such as driver licence, passport, Medicare card or other ID document numbers
- biometric information, such as a facial image or short video used to verify your identity
- information about the services we provide to you and any related transactions
- background checks and associated details including sanctions screening and politically exposed person screening information
- sensitive information including criminal history details and information regarding political allegiances or affiliations
- other information that facilitates compliance with our anti-money laundering and counter-terrorism financing obligations.
We only collect personal information that is reasonably necessary to carry out our business activities in connection with the legal services we provide or for business purposes in order to engage with you.
Biometric Information
As part of identity verification, we may collect biometric information, such as a facial image or a short video of you holding your ID.
Biometric information may be used to:
- confirm that you are a real person and physically present
- match your image to the photograph on your identification document
- reduce the risk of fraud and identity theft.
Biometric information is treated as sensitive information under the Privacy Act 1988 (Cth). We only use it for identity verification and related compliance purposes, and only with your consent.
- Why We Collect Your Personal Information
We collect, use and disclose your personal information to:
- verify your identity
- provide and manage our legal services to you
- communicate with you about your matter with us
- meet our legal and regulatory obligations, including anti-money laundering and counter-terrorism financing (AML/CTF) requirements
- detect and prevent fraud, and keep our systems secure
- manage and improve our services and client relationships.
- Identity Verification and Government Data Matching (DVS)
To verify your identity, we may use electronic identity verification services, including the Australian Government’s Document Verification Service (DVS).
Where you have consented, your name, date of birth and identity document details will be securely sent to the relevant Commonwealth or State authority that issued your document. This may include passport offices, driver licence authorities, the Department of Home Affairs, Births Deaths and Marriages, or other authorised record holders.
These authorities check whether the details you have provided match the records they hold.
We do not receive a copy of your government records. The authority returns a match result only, confirming whether your details match (yes or no).
This process may be carried out through accredited identity verification providers, including APLYiD (APLYiD Pty Ltd, ABN 36 632 866 794) and its related-providers.
More information about the DVS is available at idmatch.gov.au.
- Consent to Collection and Identity Verification
By providing your personal information and completing the identity verification process, you consent to:
- the collection, use and disclosure of your personal information for identity verification, AML/CTF and related compliance purposes
- the collection and use of biometric information, such as a facial image or video, for identity verification
- your information being checked against records held by Commonwealth and State authorities through the DVS
- your information being shared with our authorised identity verification providers, including APLYiD.
Your consent is voluntary. You can withdraw your consent at any time by contacting us using the details set out in section 12 below.
If you do not consent, or do not provide the information we need, we may not be able to verify your identity electronically. In that case, we may need to verify your identity in another way, or we may not be able to provide our legal services to you.
- Disclosure of Personal Information
We may disclose your personal information to:
- identity verification providers, including APLYiD and its authorised related-providers
- Commonwealth and State authorities and official record holders, through the DVS
- our employees and authorised representatives, on a need-to-know basis
- our professional advisers, such as lawyers, accountants and auditors
- trusted technology and service providers that help us operate our business
- regulators, law enforcement or other third parties where required or authorised by law.
We do not sell your personal information.
- Overseas Disclosure
Some of our service providers may store or process personal information outside Australia.
Where this happens, we take reasonable steps to ensure that your personal information is handled in line with the Australian Privacy Principles, including through contractual protections with our providers.
- Data Security and Storage
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.
These steps include secure systems, access controls, and encryption in transit and at rest where appropriate.
We retain personal information only for as long as we need it for the purposes set out in this Policy, or as required by law. When we no longer need your information, we securely delete or de-identify it.
- Access and Correction
You have the right to ask for access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, incomplete or out of date.
To make a request, please contact us using the details set out in section 12 below. We will respond within a reasonable time.
- Direct Marketing
From time to time, we may use your contact details to send you information about our services that we think may be of interest to you.
You can opt out of marketing communications at any time by using the unsubscribe link in our messages, or by contacting us using the details in section 12 below.
- Privacy Complaints
If you have a complaint about how we have handled your personal information, please contact us at first instance at the details set out in section 12 below.
We will acknowledge your complaint, investigate it, and respond to you within a reasonable time.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
- Contact Details
If you have any questions about this Policy, or want to exercise any of your privacy rights, please contact us:
Morgan Mac Lawyers
Telephone: (07) 3221 2221
Email: info@morganmac.com.au
Address: Suite 27, Level 6/445 Upper Edward Street, Spring Hil QLD 4000
- Changes to this Privacy Policy
This Privacy Policy was last updated in June 2026. We may change this policy from time to time by updating this page.