Home ● Privacy

Privacy Policy

Last updated: 4 May 2026

1. About this policy

Archer Indigo Transaction Law Pty Ltd ACN 665 273 012 (we, us, our) is committed to protecting personal information and complying with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

This policy explains how we collect, hold, use, and disclose personal information.

This policy does not deal with our duties of confidentiality and legal professional privilege owed to clients. Those duties are governed by the Legal Profession Uniform Law, the Australian Solicitors’ Conduct Rules, the common law, and the terms of our client engagement letters. Where information is both personal information and client-confidential information, the more protective rule applies, and in practice, that is almost always our duty of confidentiality.

We may update this policy from time to time. The current version is always available at https://archerindigo.com.au/privacy.

2. What personal information we collect

We collect personal information that is reasonably necessary to provide legal services and run our practice. Depending on your relationship with us, this may include:

  • name, job title, employer, contact details, and business interests;
  • identity verification information required under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) and applicable rules, including full legal name, residential address, date of birth, copies of identification documents (such as passport or driver licence), and, where the verification method requires it, biometric verification information;
  • for entities and trusts: beneficial ownership, control structure, source of funds, and source of wealth information;
  • information about transactions and matters in which you are involved (including counterparties, target-company personnel, advisers, and other deal participants);
  • billing and payment details;
  • correspondence and instructions;
  • information collected via our website (see section 8);
  • if you apply to work with us: CV, references, qualifications, right-to-work information, and similar.

We try to avoid collecting sensitive information (as defined in the Privacy Act). Where we do, we will only collect it with your consent or where the Privacy Act otherwise permits or requires.

3. How we collect personal information

Wherever practicable, we collect personal information directly from you. We may also collect it from:

  • the client or organisation that has instructed us, where you are a counterparty, employee, director, adviser, or other party to a matter;
  • public registers and publicly available sources (including ASIC, PPSR, land titles, and court records);
  • identity-verification service providers used for AML/CTF customer due diligence;
  • professional networking platforms (such as LinkedIn) where you connect with us or contact us;
  • referrers, recruiters, and your nominated referees;
  • regulators, government agencies, and courts.

4. Why we collect, use, and disclose personal information

We use personal information to:

  • provide legal services and run matters, including conducting conflict checks and AML/CTF customer due diligence;
  • communicate with you and respond to enquiries;
  • issue invoices and manage our financial records;
  • comply with our legal, regulatory, and professional obligations, including reporting to AUSTRAC (such as suspicious matter reports and threshold transaction reports), responding to OAIC and Legal Services Commissioner enquiries, and complying with court orders;
  • protect, exercise, or defend our legal rights;
  • recruit and manage personnel;
  • send you administrative messages relating to our services, including matter updates, reminders, notices, and security alerts (these are not marketing communications and you cannot unsubscribe from them while we are acting for you);
  • send you legal updates, client alerts, and event invitations where you have subscribed (see section 9).

5. Who we disclose personal information to

We may disclose personal information to:

  • other parties to your matter (counterparties, their advisers, courts, tribunals, regulators, and government agencies), as required to act on your instructions;
  • barristers, expert witnesses, and other professional advisers we engage on your matter;
  • other Australian law firms or solicitors we engage under contract or agency arrangements to assist us with your matter (we will tell you in advance if this is proposed for your matter);
  • our IT and cloud service providers (see section 6);
  • identity-verification and KYC service providers used to meet our AML/CTF obligations;
  • our auditors, insurers, banks, and professional regulators;
  • AUSTRAC, the OAIC, the courts, and other authorities where required or authorised by law.

In every case, our duties of confidentiality and legal professional privilege continue to apply to client information. We are also subject to “tipping-off” and other secrecy provisions under the AML/CTF Act, which may limit what we can tell you about certain reports or investigations.

6. Cloud storage and overseas disclosure

We use Microsoft 365 (including OneDrive and Outlook) for our files and email. Microsoft hosts our customer data primarily in its Australian data centres, but certain support, telemetry, and backup processing may occur in the United States or other countries where Microsoft operates.

We use DocuSign for electronic signing. DocuSign is a US-headquartered company that may process signing data in the United States and other countries where its services operate.

We use Cloudflare for website delivery and analytics. Cloudflare is a US-headquartered company that operates a global edge network and may process limited technical data (such as IP addresses and request metadata) outside Australia.

In the course of M&A and other cross-border work, we may also disclose personal information to advisers, counterparties, and their representatives located in the United Kingdom, the United States, and other jurisdictions where the matter requires it.

Before disclosing personal information overseas, we take steps that are reasonable in the circumstances to ensure the recipient handles it consistently with the APPs, except where you have consented to the disclosure on a different basis or the disclosure is otherwise permitted by the Privacy Act.

7. How we hold, protect, and retain personal information

We hold personal information in electronic form in our cloud-based systems. We protect it using a combination of multi-factor authentication, role-based access controls, encryption in transit and at rest (as provided by our cloud platforms), staff training, and confidentiality obligations on all personnel.

We retain personal information for as long as we need it for the purpose for which it was collected and as required by:

  • the Legal Profession Uniform Law and our professional indemnity insurer (typically a minimum of seven years from the end of the matter);
  • the AML/CTF Act and rules (which require records of customer identification, due diligence, and reports to be kept for at least seven years);
  • the Income Tax Assessment Act and other applicable record-keeping laws.

When personal information is no longer required, we destroy or de-identify it, except where retention is required by law.

While we take these steps, no system or transmission method is completely secure. We cannot guarantee the security of personal information transmitted to us over the internet, and any transmission is at your own risk.

8. Our website

Our website uses Cloudflare’s privacy-focused web analytics, which provides us with aggregated traffic statistics without setting cookies on your device or tracking individual visitors across sessions. The information processed includes your IP address, device and browser type, the pages you visit, the time and date of your visit, and the approximate geographic location derived from your IP address. We do not currently use marketing or advertising cookies. If we add cookies or similar tracking technologies in future, we will update this policy and provide appropriate notice.

If you complete a contact or enquiry form on our website, we collect the personal information you provide so we can respond to you.

9. Direct marketing

We send legal updates, client alerts, and event invitations only to people who have subscribed to receive them. You can unsubscribe at any time using the link at the bottom of any of our emails, or by emailing us at the address in section 11. We comply with the Spam Act 2003 (Cth).

10. Access, correction, and complaints

You can ask for access to, or correction of, the personal information we hold about you by contacting our Privacy Officer (details in section 11). We will respond within a reasonable time. We may need to verify your identity, and there are limited grounds on which we may decline access; we will explain if this happens.

If you are concerned that we have breached the Privacy Act or the APPs, please contact our Privacy Officer first. We will investigate and respond. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner: [email protected], 1300 363 992, or oaic.gov.au.

11. Contact us

Privacy Officer
Archer Indigo Transaction Law Pty Ltd
Email: [email protected]