Skip navigation
  1. Home
  2. Privacy policy

Privacy policy

Climate Defenders Australia Limited

 

Effective date: 06/03/2026

Climate Defenders Australia Limited (ABN 81 685 527 020) (we, us, our) is Australia’s first dedicated legal service to protect, empower, and advance the rights of frontline environmental and climate defenders.

We are committed to managing your personal information in an open and transparent way, in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APP(s)), and protecting the privacy of our contacts, clients, suppliers and employees.

 

1. Scope

1.1. This Privacy Policy applies to all personal information we collect and hold in the course of undertaking our functions and activities, including:

(a) enquiries via our website, email, social media, telephone or in person;

(b) newsletter and update sign-ups;

(c) job applications and recruitment processes;

(d) donations; and

(e) legal services and consultations.

 

What is personal information?

1.2. ‘Personal information’ is defined in the Privacy Act. Broadly, it means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not.

1.3. ‘Sensitive information’ is also defined in the Privacy Act. Broadly, sensitive information is a subset of personal information which is generally afforded a higher level of protection. It includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, and criminal record. It also includes health information about an individual, genetic information about an individual that is not otherwise health information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification, and biometric templates.

1.4. For the purposes of this Privacy Policy, references to ‘personal information’ means ‘personal information’ (as defined in the Privacy Act) and includes ‘sensitive information’ (as defined in the Privacy Act).

 

2. Personal Information We Collect

2.1. We collect personal information that is reasonably necessary for us to carry out our functions and activities. The personal information we collect, and hold will depend on whether you are a client or potential client (or an employee, officer, shareholder, contractor, agent or related party of a client or potential client), consultant, service provider or employee (or potential consultant, service provider or employee) or otherwise. It may also depend on which services you use and/or what goods or services you provide to us.

Clients

2.2. Information that we collect about our clients and potential clients (and employees, officers, shareholders, contractors, agents or related parties of a client or potential client), may include (but is not limited to):

(a) name;

(b) contact details such as postal address, email address, telephone number;

(c) date of birth;

(d) employment details;

(e) education and professional;

(f) financial and billing information;

(g) information about the particular legal services the client is seeking and relevant background information;

(h) depending on the services engaged by our clients, other sensitive information such as health records or criminal history; and/or

(i) any other information you choose to provide in the course of our services.

 

Consultants, suppliers and employees

2.3. Information that we collect about consultants, suppliers and employees (and potential consultants, suppliers and employees) may include (but is not limited to):

(a) name;

(b) contact details such as postal address, email address, telephone number;

(c) date of birth;

(d) gender;

(e) employment details;

(f) education, professional qualifications, skills, and work experience;

(g) financial information such as bank account details and tax file number;

(h) other sensitive information such as health information and whether the person identifies as Aboriginal or Torres Strait Islander; and/or

(i) information about your business skills, services, products and prices if you are a current or prospective supplier.

 

Donors

2.4. We may also collect information about individuals who donate to support our work. This information primarily relates to funding agreements we have with our donors and may include identifying information about individuals party to the agreement and other information necessary to enact and enforce the agreement.

 

Other

2.5. We may also collect personal information of other individuals, such as persons involved in legal matters in which we act and representatives of third-party service providers, including (but not limited to):

(a) name;

(b) contact details such as postal address, email address, telephone number;

(c) education and professional qualifications;

(d) information related to the legal matter in which we act;

(e) other sensitive information such as health information, criminal history, and whether the person identifies as Aboriginal or Torres Strait Islander; and/or

(f) other information related to the nature of your relationship with us, for example if you are contacting us for media reasons.

 

3. How we collect personal information

3.1. We may collect personal information directly from you (in person, by phone, electronically or online) including (but not limited to) when you:

(a) request information about our services;

(b) contact us with a question or enquiry;

(c) subscribe to our newsletter or legal updates service;

(d) attend a seminar or event where we are hosting or presenting;

(e) donate to us;

(f) become our client;

(g) are employed by, or provide services to one of our clients;

(h) apply for employment with us or to provide services to us; and/or

(i) visit our website.

3.2. We may also collect personal information from third parties about you, including (but not limited to) from:

(a) our clients;

(b) other legal representatives and third parties involved in legal matters in which we are involved;

(c) third parties provided as part of current or anticipated litigation;

(d) third parties who have provided referrals to us;

(e) courts and government authorities and agencies, including ASIC or a relevant State, Territory or Commonwealth police service;

(f) publicly available records, including LinkedIn or other social media websites;

(g) state registration boards and professional associations;

(h) your employer or advisers;

(i) personal referees or references;

(j) third party recruitment providers, such as Thompson Reuters (professional) Australia Ltd(www.bigredsky.com.au);

(k) your medical and health practitioners;

(l) financial or educational institutions; and/or

(m) other persons or entities who provide services to us, including (but not limited to) market research companies, webmasters and website administrators and psychometric testing service providers.

3.3. These third parties may, and are likely to, have their own privacy policies that apply to your personal information. You should review the privacy policies of any third party before disclosing personal information to any third party. We do not accept any responsibility for information disclosed by you to third parties.

3.4. Where practicable we collect personal information about you directly from you. However, we may have collected information about you from a third party such as a client, a third party information provider, the courts or a person responding to our questions or enquiries. Where we collect information from third parties we do so in accordance with the Privacy Act.

3.5. We are required to collect the full name and address of our clients by the Solicitors Rules made under the Legal Profession Uniform Law 2014 (NSW). Accurate name and address information must also be collected in order to comply with the trust account record keeping requirements in the Legal Profession Uniform Law Application Regulation 2015 (NSW) and to comply with our duty to the courts.

3.6. If you are a client or potential client and do not provide us with name and address information we cannot act for you.

3.7. If you do not provide us with accurate personal information we may not be able to carry out our instructions or achieve the purpose for which the information has been sought.

 

4. Purposes of collection, use and disclosure

4.1. We may collect, use, hold and disclose personal information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act.
Purposes of collection

4.2. Generally, we collect personal information to:

(a) undertake our functions and activities;

(b) provide legal services and related products and services to our clients, including for use in current or anticipated litigation;

(c) send you newsletters, updates, invitations and other communications you have opted into;

(d) help us inform and educate clients and individuals about the law;

(e) communicate with you, and build and maintain our relationship with you;

(f) to purchase goods or services;

(g) promote our products and services and identify new products and services that you maybe interested in;

(h) manage job applications and recruitment processes;

(i) administer, maintain, support and provide upgrades to our services and website;

(j) enable billing and payments in exchange for services we provide (where applicable);

(k) to comply with legal obligations, including reporting and record-keeping requirements; and

(l) protect, exercise or defend our legal rights.

 

Disclosure

4.3. We may also disclose your information to:

(a) other persons and entities who assist us in providing our services or who perform functions on our behalf (including barristers and other third-party service providers, agents and contractors);

(b) our contractors and service providers who assist us with communications, information and communication technology, data hosting and professional services;

(c) regulators, courts or other authorities where required or authorised by law; and/or

(d) any third party where you authorise us to do so or where:

(i) your health and safety or that of others in the community is at risk;

(ii) if it is permitted, required or authorised to do so under the Privacy Act, Australian law or court/tribunal order; and/or

(iii) on a de-aggregated or de-identified basis.

4.4. We may also disclose your personal information to individuals to whom you have granted authority to act on your behalf. For example, any attorney under a power of attorney, legal representatives or other persons you authorise.

4.5. You may authorise us to disclose your personal information to specific persons or entities (for example, to your family members or your employer) by notifying us of the name and contact details of those persons/entities to whom you consent to your personal information being disclosed. This notification must be made in writing to us by letter signed by you or by way of email from you.

4.6. Some of the entities to whom we disclose personal information may be located overseas and may not be bound by the Privacy Act or other Australian law. These include countries where our cloud providers and digital platforms are hosted (notably servers in Australia and the United States).

4.7. In addition to the Privacy Act, we are also bound to our clients by professional obligations of confidentiality and legal professional privilege and will not disclose information in a way that waives legal professional privilege without clear and direct instructions from our clients to do so.

 

5. Holding and securing your information

5.1. In line with our obligations under the Privacy Act, we take reasonable steps to protect your personal information from misuse, interference, loss and unauthorised access, modification and disclosure.

5.2. We hold personal information in secure electronic systems and, where necessary, in locked physical storage. Our security controls include:

(a) access controls restricting data to authorised personnel on a need-to-know basis;

(b) encryption of sensitive data in transit and at rest;

(c) regular audits and monitoring of system access and activity;

(d) holding health records in accordance with the health records legislation of the relevant jurisdiction in which we operate;

(e) restricted access to our premises in the secure buildings in which we operate;

(f) frequent updating of our anti-virus software in order to protect our systems (and the datacontained in those systems) from computer viruses;

(g) privacy and security training for staff who are required to treat personal information asconfidential as a condition of employment; and

(h) retention periods aligned with legal requirements and our service needs – data no longer needed is destroyed or de-identified in accordance with APP 11.

5.3. However, despite these measures, the security of electronic methods of provision, storage (including cloud-based storage) and disclosure of personal information cannot be guaranteed by us and may be out of our reasonable control.

 

Overseas disclosure

5.4. Personal information collected by, or provided to, us may be stored on physical computer servers or storage devices within Australia, or by using cloud-based storage facilities (such as Microsoft cloud storage systems) whose servers may be located outside Australia.

5.5. We do not otherwise store any personal information outside Australia.

 

6. Access and correction

6.1. You have the right to:

(a) request access to the personal information we hold about you; and

(b) request correction of any errors in your personal information.

Access

6.2. Where you make a request to access your personal information, we will respond within a reasonable period. Unless we are subject to confidentiality obligations or some other restriction on giving access to the information and we are permitted to refuse you access under the Privacy Act, we will endeavour to make your information available to you within 30 days.

6.3. Examples of circumstances where we may refuse to give you access to your personal information include where:

(a) giving access would be unlawful;

(b) we reasonably believe that giving you access would pose a serious threat to the life, health or safety of any individual or to public health or public safety;

(c) giving access would have an unreasonable impact on the privacy of others;

(d) the information could reveal the intentions of a party in negotiations;

(e) giving access could prejudice the taking of appropriate action in relation to unlawful activity;

(f) giving access could reveal evaluative information in a commercially sensitive decision-making process.

6.4. If we refuse to give you access to your personal information, we will advise you in writing of our reasons and how you can complain about the decision.

6.5. You will not be charged for making an access request. However, we may need to charge for the reasonable cost of processing your access request, including photocopying, administration and postage.

 

Correction

6.6. Where you request that we correct your personal information that we hold we will correct it. However, there may be circumstances in which we may have to refuse a request for correction. We will advise you of any refusal in writing and our reasons and how you can complain about our decision. In such a case you can also request that we associate a statement with that personal information that you believe should be corrected.

6.7. You will not be charged for making request for a correction or requesting us to associate a statement with your information.
Contact

6.8. Requests to access or correct your personal information can be made by contacting a customer relations representative using the contact information in the “Contact us” section below.

 

7. Direct marketing

7.1. We use and disclose personal information to communicate with our clients and potential clients (e.g., by mail, telephone, email and/or sms) about current and new services we offer.

7.2. We also send newsletters, updates, invitations and other communications where you have opted into receiving these communications.

7.3. You can ask us at any time to stop sending you direct marketing from any particular channel or at all, by contacting us using the “Contact us” section below or clicking the unsubscribe link in our newsletter.

 

8. Updates to this Privacy Policy

8.1. We regularly review and update our Privacy Policy to ensure it remains accurate and reflects our current practices. The “Effective date” at the top of this Policy indicates when it was last revised. Any material changes will be published on our website and notified to subscribers where appropriate.

 

9. Contact us

9.1. For enquiries about this Privacy Policy or our privacy practices, or if you wish to compliment us or make a complaint, please send your enquiry, complement or complaint to:

Mail: Climate Defenders Australia Limited

Level 3, Salesforce Tower

80 George Street

SYDNEY NSW 2000

Attention: Executive Director

OR

Email: [email protected]

9.2. Alternatively, you may contact us by telephone on 02 8044 48709.3. We will endeavour to respond to any complaint within 30 days.
Office of the Australian Information Commissioner

9.4. If you are not satisfied with the result of your complaint to us, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC). Contact details for the OAIC are as follows:

Mail: Office of the Australian Information Commissioner

GPO Box 5218 SYDNEY NSW 2001

Phone: 1300 363 992

Website: www.oaic.gov.au

Email: [email protected]