Privacy Policy

TAG Legal Pty Ltd

VETERANS RIGHTS MATTER

 

Privacy Policy

ABN 44 695 235 146  |  Incorporated Legal Practice

Regulated under the Legal Profession Uniform Law (NSW) 2014 and the Corporations Act 2001 (Cth)

Effective Date: 22 May 2026  |  Version 1.0

1.  About This Policy

1.1  TAG Legal Pty Ltd ABN 44 695 235 146 (TAG Legal, we, us, our) is an incorporated legal practice regulated in New South Wales, Australia. We are committed to protecting the privacy of your personal information and complying with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).

1.2  TAG Legal operates two service streams: (a) legal services, including Total and Permanent Disability (TPD) claims, costs disclosure and retainer matters, and legal advice on DVA entitlements; and (b) non-legal advocacy services on behalf of veterans in connection with physical and mental health claims before the Department of Veterans’ Affairs (DVA). This Privacy Policy applies to both service streams.

1.3  This Privacy Policy explains how we collect, hold, use and disclose personal information in connection with our services and our website at www.taglegal.com.au (Website). It also explains how you can access and correct your personal information and how to make a privacy complaint.

1.4  By using our Website, engaging us or otherwise providing personal information to us, you acknowledge that you have read and understood this Privacy Policy.

 

2.  What Personal Information We Collect

2.1  The types of personal information we collect and hold will depend on our dealings with you and may include:

•       Identification details — name, title, date of birth, gender and occupation.

•       Contact details — postal address, email address, telephone number and preferred contact method.

•       Matter-related information — information about your legal issue or DVA claim, background facts, counterparties and related persons.

•       DVA-specific information — service history, discharge details, conditions accepted by DVA, impairment ratings, Gold Card or White Card status, and any other information relevant to your veterans’ entitlements.

•       Government identifiers — driver licence number, passport details, Medicare number and, where legally permitted and reasonably necessary, tax file number (TFN).

•       Financial information — bank account details, payment-related information and, for some matters, information about assets, liabilities, income and expenditure.

•       Sensitive information — health information, criminal history, racial or ethnic origin, political opinions or memberships, religious beliefs, sexual orientation or union membership, where relevant to your matter and you consent, or where we are otherwise permitted by law to collect.

•       Recruitment information — CVs, academic records, work history, references and background-checking information.

•       Website usage information — IP address, browser type, device identifiers, pages viewed, time and date of visits and referring website, collected using cookies and similar technologies.

 

2.2  Where you provide us with personal information about another individual (for example, a spouse, witness, opposing party, employee or director), you must ensure that the individual is aware of this Privacy Policy and that you have their authority to provide that information to us.

 

3.  How We Collect Personal Information

3.1  We collect personal information in a variety of ways, including:

•       Directly from you — for example, when you contact us, complete our online enquiry form, subscribe to updates, attend meetings or events, or provide instructions to us.

•       Via electronic communications, including email and videoconference platforms.

•       From third parties — such as referrers, other legal practitioners, experts, counterparties, the DVA, regulators, government agencies, courts and tribunals, and publicly available sources, where reasonably necessary for your matter and permitted by law.

•       Automatically through your use of the Website, including via cookies and analytics tools.

 

3.2  If you choose not to provide certain personal information, we may be unable to provide you with some or all of our services or respond to your enquiries.

 

4.  Purposes for Which We Collect, Use and Disclose Personal Information

4.1  We collect, hold, use and disclose personal information for purposes that include:

•       Providing legal and related advisory services, including taking instructions, giving advice, preparing documents, representing you in negotiations, dispute resolution, courts or tribunals, and managing your matters.

•       Providing non-legal DVA advocacy services, including preparing and lodging claims for physical and mental health conditions and representing you in DVA review processes.

•       Conducting conflict checks and other professional due diligence.

•       Managing our client relationships, including billing, responding to enquiries and providing updates.

•       Complying with our legal, regulatory and professional obligations, including under the Legal Profession Uniform Law (NSW) 2014, Legal Profession Uniform Rules, anti-money laundering and counter-terrorism financing laws, tax laws and court orders.

•       Managing our business operations, including risk management, insurance, quality assurance, training, audits and file reviews.

•       Sending you legal alerts, publications, marketing communications or event invitations where you have requested or consented to this, or where permitted by law, with the opportunity to opt out at any time.

•       Recruiting and managing personnel and contractors.

•       Monitoring and improving our Website, services and user experience, including through analytics and security monitoring.

 

4.2  We will only use or disclose your personal information for the purposes for which it was collected, for related purposes that you would reasonably expect, or as otherwise permitted or required by law.

 

5.  Legal Basis for Handling Personal Information

5.1  Depending on the circumstances, our legal basis for handling personal information includes:

•       Your consent, which may be express or implied from your dealings with us.

•       The performance of a contract or taking steps at your request prior to entering into a contract.

•       Our legitimate interests in operating and improving our legal practice, managing risk and complying with regulatory requirements, where those interests are not overridden by your privacy interests.

•       Compliance with legal obligations, including those under the Privacy Act, corporations, tax, anti-money laundering, legal profession and court and tribunal regimes.

 

6.  Storage and Security of Personal Information

6.1  We hold personal information in both hardcopy and electronic form. This may include physical files stored in secure premises in Australia and electronic records stored on our own systems and on secure cloud-based platforms located in Australia and/or overseas.

6.2  We take reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure, including by:

•       Using access controls, role-based permissions and authentication measures.

•       Encrypting data in transit and at rest where appropriate.

•       Maintaining firewalls, threat-detection and security-monitoring tools.

•       Using reputable cloud service providers subject to contractual confidentiality and data-protection obligations.

•       Implementing physical security measures in our offices and secure off-site storage where required.

•       Requiring staff, contractors and service providers to comply with confidentiality obligations, and providing training about privacy and information-security requirements.

 

6.3  We retain personal information for as long as it is needed for the purposes for which it was collected, to comply with legal and professional obligations (including file-retention obligations applicable to legal practices), to resolve disputes and to enforce our agreements. We then take reasonable steps to destroy or de-identify it in a secure manner.

 

7.  Overseas Disclosure of Personal Information

7.1  In providing our services and operating our business, we may disclose personal information to recipients located outside Australia, including:

•       Cloud and IT service providers who host or process data in other jurisdictions.

•       Overseas counsel, experts or other professionals engaged in your matter.

•       Counterparties and their advisers located overseas, where necessary to conduct your matter.

 

7.2  Where we disclose personal information overseas, we will take reasonable steps to ensure that the recipient handles your personal information in a manner consistent with the APPs, or is otherwise subject to privacy laws that provide comparable protections, or we will obtain your informed consent to the disclosure.

 

8.  Cookies and Website Analytics

8.1  Our Website uses cookies and similar technologies to help us understand how visitors use the site, to improve performance and security, and to personalise content where appropriate.

8.2  The information collected may include your IP address, browser type, device identifiers, pages visited, time and date of visits and referring URLs. This information is generally de-identified, but may be considered personal information in some circumstances.

8.3  You can usually configure your browser to accept or reject cookies or to notify you when a cookie is being used. If you disable cookies, some features of our Website may not function properly.

 

9.  Notifiable Data Breaches Scheme

9.1  We comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act. A data breach occurs when personal information that we hold is lost or is accessed or disclosed without authorisation.

9.2  If we suspect that a data breach has occurred, we will assess the circumstances in a timely manner to determine whether it is likely to result in serious harm to any individual whose personal information is involved, having regard to the guidance of the Office of the Australian Information Commissioner (OAIC).

9.3  Where a data breach is likely to result in serious harm and is not otherwise exempt, we will:

•       Take reasonable steps to contain and remediate the breach.

•       Prepare and provide a statement to the OAIC including the required information.

•       Notify affected individuals as soon as practicable, using the most appropriate method of communication and providing information to help them manage or mitigate potential harm.

 

9.4  We maintain and periodically review internal data-breach response procedures to support compliance with the NDB scheme and broader information-security obligations.

 

10.  Direct Marketing

10.1  We may use your contact details to send you legal updates, newsletters, event invitations or other information that we consider may be of interest to you, in accordance with the Privacy Act 1988 (Cth) and the Spam Act 2003 (Cth).

10.2  You may opt out of receiving marketing communications from us at any time by using the unsubscribe facility in the communication or by contacting us using the details in section 12. If you opt out, we may still contact you for non-marketing purposes, for example about your matter or our engagement.

 

11.  Access to and Correction of Personal Information

11.1  You may request access to personal information that we hold about you, and you may request that we correct personal information that you believe is inaccurate, out of date, incomplete, irrelevant or misleading.

11.2  We will respond to your request within a reasonable time and, where reasonable and practicable, provide access in the manner you have requested. We may need to verify your identity before giving you access or making corrections.

11.3  In some circumstances, we may refuse access or correction where we are permitted or required to do so by law, including where giving access would have an unreasonable impact on the privacy of others, would prejudice legal proceedings or negotiations, or would be inconsistent with our professional obligations (for example, where documents are subject to legal professional privilege). If we refuse your request, we will provide you with a written explanation and information about how you may complain.

 

12.  Complaints and Enquiries

12.1  If you have any questions about this Privacy Policy or wish to make a complaint about how we have handled your personal information, please contact our Principal

•       Principal, TAG Legal

•       Postal address: Suite 59, Level 11, 88 Pitt Street, Sydney NSW 2000

•       Telephone: 1300 229 050

•       Website: www.taglegal.com.au

 

12.2  We will acknowledge your complaint within a reasonable time and will aim to investigate and respond substantively within 30 days. If you are not satisfied with our response, you may raise your complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

 

13.  Changes to This Privacy Policy

13.1  We may update this Privacy Policy from time to time to reflect changes in law, technology or our practice. The most current version will be available on our Website and will apply to your dealings with us.

13.2  We recommend that you review this Privacy Policy periodically to stay informed about how we handle your personal information.

 

14.  Contact Details

If you have any questions about how we handle personal information, please contact our Principal using the contact details in section 12.

 

 Liability limited by a scheme approved under Professional Standards Legislation.

TAG Legal Pty Ltd is an Incorporated Legal Practice regulated by the Law Society of NSW under the Legal Profession Uniform Law (NSW) 2014 and registered with ASIC under the Corporations Act 2001 (Cth).

© TAG Legal Pty Ltd 2026. All rights reserved.