Privacy Policy

Sierra Legal Pty Ltd ACN 140 725 060 recognises the importance of your privacy and is committed to the protection of your Personal Information in accordance with the Privacy Act 1988 (Cth) as updated or amended from time to time (“Privacy Act”) and the Australian Privacy Principles set out in the Privacy Act.

In this policy (“Privacy Policy”) the terms “Sierra Legal”, “we”, “us”, and “our” refers to Sierra Legal Pty Ltd ACN 140 725 060 and its associated entities.

This Privacy Policy applies to your dealings with any Sierra Legal product or service including via our websites.

Last updated: 22 June 2026

1. Application of our Privacy Policy

This Privacy Policy describes the way in which Sierra Legal collects, holds, uses and discloses your Personal Information in connection with the provision of legal services and related products or services.

This Privacy Policy also covers how Sierra Legal makes the Personal Information we hold available for access and correction by you and how you can make a complaint.

This Privacy Policy applies whenever you are interacting with us online via our websites at https://www.sierralegal.com.au and https://www.arreis.com.au (the “Websites”), through any products or services operated or made available to you by Sierra Legal via our Websites (“Sierra Legal’s Systems”), or with our staff as part of the provision of products or services, electronically or in person. By using these channels, whether using your mobile phone, personal computer, or any other means, or by otherwise providing Personal Information to us, you are taken to have agreed to the provisions of this Privacy Policy and you consent to the collection, use and disclosure of your Personal Information in accordance with this Privacy Policy.

What is Personal Information and Sensitive Information?

Personal Information is defined in section 6 of the Privacy Act and broadly means any information that identifies you or can be used to identify you, or from which you are reasonably identifiable, whether the information is true or not, and whether recorded in a material form or not. Common examples of Personal Information include your name, address, telephone number or date of birth.

Sensitive Information is a specific type of personal information that includes health information and information about an individual’s race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences and criminal history.

In this Privacy Policy, except as otherwise stated, all references to “Personal Information” include “Sensitive Information”.

2. What kinds of Personal Information we collect?

We only collect Personal Information about you that is necessary to provide our services to you and to perform our functions and activities. If you do not provide us with the Personal Information we request, we may not be able to provide you with the services, information or other assistance you seek. We may collect information including, but not limited to:

  • full name;
  • business name and address;
  • job title;
  • billing address;
  • mailing or street address;
  • email address;
  • social media information;
  • telephone number and other contact details;
  • date of birth;
  • payment information, including credit card information;
  • information about your legal requirements;
  • information about your business or personal circumstances;
  • legal services interactions;
  • responses from client surveys, questionnaires and promotions;
  • your device identity and type, IP address, geo-location information, page view statistics, advertising data and standard web log information;
  • details required to verify your identity, such as all names you have previously been known by, date of birth, and identity documents such as driver licence, passport, and Medicare card; and
  • any other information provided by you to us via our Websites or our online presence, or otherwise required by us or provided by you.

3. When and how does Sierra Legal use Personal Information?

We may collect Personal Information in the following situations:

  • when you ‘Book a demo’ on our Websites or submit information via the email addresses listed on our Websites;
  • when you, or the company that you work for, enquire about or engage our products or services (legal or otherwise);
  • when you, or the company that you work for, create a user account on Sierra Legal’s Systems for access to the Arreis Automation product;
  • when you, or the company that you work for, access or use the Arreis Automation product;
  • when you correspond with our employees or directors;
  • when you interact with us via social media or other digital platforms;
  • when you, or the company that you work for, is a counterparty, or provides services to a counterparty, of our client;
  • when you provide feedback, participate in a survey or give a testimonial for publication;
  • when you apply, or register your interest for, employment or a work placement opportunity with us (see section 10 of this policy);
  • when you provide us with your Personal Information online or at a Sierra Legal event; or
  • when required by law.

We use your Personal Information for:

  • providing you with our products and services;
  • to verify your identity;
  • to fulfil legal or regulatory obligations;
  • to send legal or other updates relevant to the products and services that we provide you;
  • processing job applications;
  • pursuing legitimate interests that do not override your legal rights;
  • acting on the consent provided by you or the company that you work for;
  • performing contractual obligations with you or your company;
  • responding to any enquiries or complaints; and
  • conduct business operations.

We generally collect Personal Information directly from the individuals concerned. However, if this is not practicable, we may collect Personal Information about individuals from third parties, including from publicly available sources. If we do, we will take reasonable steps to ensure that the individuals concerned are made aware of the collection of their information.

If you are a business contact (e.g., from a client, supplier, government agency, or company), we may collect basic contact information automatically from your email signature.

Sierra Legal will not ask to collect Sensitive Information about you except where it is needed for the purposes of providing legal advice, as part of our equal employment opportunities policy, for the purpose of assessing dietary requirements or another reason for which we have your consent and collection is necessary for that purpose.

We also collect Personal Information to communicate updates, legal developments, and marketing information, including events. If you prefer not to receive these communications, please contact us using the details in section 13.

4. Information collected via our Websites

Except as otherwise provided for in this Privacy Policy, Sierra Legal will not collect any Personal Information from you when you use our Websites except when you knowingly provide it (e.g., if you submit a ‘Contact Us’ form or ‘Newsletter subscription’ request) or as otherwise described below.

Click Stream Data

When you visit and browse our Websites, our third party service providers may collect information (which may or may not include Personal Information) for statistical, reporting and maintenance purposes. The information may include:

  • the number of users visiting our Websites and the number of pages viewed;
  • the date, time and duration of a visit;
  • the IP address of your computer;
  • the path taken through our Websites; and
  • your behaviour on our Websites such as viewed pages or content.

Our third party service providers use this information to administer and improve the performance of our Websites.

Cookies

Our Websites use cookies to provide the functionality necessary to deliver our provide and services.

Cookies are small text files that are placed in your web browser when you visit a website. Cookies are used to personalise content and advertising, for security and session management, and to enhance your experience when using our Website.

Most web browsers are configured to accept cookies, however you may configure your browser to reject cookies or to notify you when a cookie is sent. If you reject all cookies, you may not be able to access our Websites or the functionality of our Websites may be reduced.

For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

Web Beacons

Web beacons are images that originate from a third-party site to track visitor activities. Sierra Legal and/or its third-party service providers may use web beacons to collect aggregate data and provide this information to our Website hosting providers to help administer and improve the performance of our Websites.

5. Information we collect from third parties

Sierra Legal may collect Personal Information about you from third parties (as described in this Privacy Policy). We are not responsible for how those third parties collect or process your Personal Information. Any information request regarding the disclosure to us of your Personal Information by a third party, should be directed to those third parties.

Third party services

If you connect, or log-in to our Websites or an Account through a third party service (e.g., Google, Facebook, etc.) the third party service may send us information such as your profile information from that service. This information varies and is controlled by that service or as authorised by you via your privacy settings with that service. The use of these technologies allows those third party services to evaluate your use of our Websites and other websites, deliver customised advertising content, measure the effectiveness of their advertising, and provide other services relating to website activity and internet usage.

Advertising services

If you click on an online advertisement for Sierra Legal (e.g., ads on Google or social media platforms), the third party service hosting that advertisement will collect certain information and will provide that information to us to allow us to measure the effectiveness of our advertising.

Background information

As required or permitted by applicable laws, Sierra Legal may obtain police, background, other checks on you. We may use your Personal Information, including your full name and date of birth, to obtain such reports.

6. Sensitive Information

The Australian Privacy Principles impose greater obligations on us regarding any collection, use or disclosure we make of your Sensitive Information.

We will only collect your Sensitive Information, if:

  • it is reasonably necessary to allow you to use our Websites or for you to receive our products or services;
  • you have consented to us doing so; or
  • we are required or authorised to do so by law.

7. Use of Personal Information

Sierra Legal uses the Personal Information we collect about you to provide our products and services and for our business functions and activities, which may include the following:

For our Websites

To maintain, operate and improve our Websites, including to:

  • enable you to access and use our Websites and associated products and services;
  • enable you to create and update your Arreis Automation account and profile;
  • operate, improve, and optimise our Websites and related products and services, such as by performing analytics and conducting research;
  • help us to provide effective customer support to clients;
  • process, manage and administer account payments, billing issues and invoice payments; and
  • send you emails, updates, account notifications and other service and product related communications.

For security and risk management

For security and risk management purposes, including to:

  • verify or authenticate information or documents provided by you;
  • detect and prevent fraud, spam, abuse, exploitation, neglect, and other harmful activity;
  • conduct security investigations and risk assessments;
  • resolve any disputes or issues with you;
  • enforce our agreements with you, including this Privacy Policy and our terms of use; and
  • comply with our legal obligations and protect our lawful interests.

For secondary purposes

Sierra Legal may use your Personal Information for a secondary purpose if:

  • that secondary purpose is related to the purposes listed above, and you would reasonably expect us to use it for that secondary purpose;
  • if we have your consent; or
  • if otherwise provided for under the Privacy Act.

For marketing

Sierra Legal may use your Personal Information to provide you with direct, targeted, or other marketing materials on an ongoing basis. Subject to and in accordance with applicable law, Sierra Legal may provide you with these materials by telephone, electronic messages (e.g. email), through social media sites and marketing platforms managed, used or owned by Sierra Legal and other means.

Sierra Legal will only provide you with direct marketing materials where you would reasonably expect us to, or if you consent to receive direct marketing materials. We will seek your consent to provide you with direct marketing materials if we have obtained your Personal Information from a third party.

Direct marketing communications may include promotional material about us or may relate to the services that we and our related entities provide and other products and services which may be of interest to you.

You may opt out of receiving direct marketing material by contacting us in any of the ways specified in the direct marketing materials or as set out in the “Contact us” section below.

Compliance with law

Generally, we will only collect and use your Personal Information in accordance with this Privacy Policy. In the event that we collect or use Personal Information in ways other than as stated in this Privacy Policy, we will ensure that we do so in accordance with the Privacy Act.

8. Disclosure of Personal Information

Who we may disclose Personal Information to

Depending on the nature of your engagement with Sierra Legal, we may disclose your Personal Information to our shareholders, officers, employees, contractors, consultants, advisers and agents of Sierra Legal, third parties that provide products and services to or through Sierra Legal or our Websites, directly to you (at your request), suppliers and other third parties, or otherwise as required by law.

We may also disclose your Personal Information to our Website host or software application providers in certain limited circumstances, for example when our Websites experience a technical problem or to ensure that it operates in an effective and secure manner.

We may also share non-personal, de-identified and aggregated information for research or promotional purposes. We will not sell your Personal Information to third parties for marketing purposes.

Unless otherwise specified in this Privacy Policy, Sierra Legal or our Website hosts will not disclose any of your Personal Information to any other organisation unless the disclosure is required by law or is otherwise permitted by the Privacy Principles.

Where we provide services that are “designated services” under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (“AML/CTF Act”), we may be required to disclose Personal Information to government agencies and regulators, including financial intelligence authorities. In some circumstances, we are prohibited by law from disclosing that such a report or disclosure has been made.

Overseas disclosure

We use every reasonable step to ensure data is stored onshore (within Australia). However, we cannot guarantee that data never leaves Australian shores due to technical limitations with internet routing systems. However, all data is encrypted in transit.

We will only consciously transfer your Personal Information overseas if:

  • we reasonably believe that the recipient of the information is subject to a law or a contract which effectively upholds privacy principles substantially similar to the privacy principles set out in the Privacy Act;
  • you have consented to the transfer; or
  • we are otherwise required or authorised by law.

9. Employee records

Employee records are not generally subject to the Privacy Act. As such this policy may not apply to the handling of officer, employee, contractor or consultant information. Please contact us directly for information about these information handling practices.

10. How do we handle the Personal Information of job applicants?

Sierra Legal collects information about and from individuals who apply for employment with Sierra Legal including job placements and internships. The information we collect may include an individual’s Personal Information, and includes the applicant’s:

  • contact details;
  • gender;
  • in some cases, racial background (see below);
  • educational and employment history, and relevant qualifications;
  • eligibility to work in Australia; and
  • referees’ contact details.

Additionally, Sierra Legal may collect any Personal Information that an applicant voluntarily discloses during the application process, which could include Sensitive Information.

This information may be collected directly from the applicant in response to a job listing or indirectly from third parties, such as recruitment agencies. If necessary, we may also obtain information from referees and public sources, such as professional networking sites like LinkedIn.

If an applicant advances to the interview stage, we may collect further details regarding their participation and performance during the interview.

Sierra Legal is committed to diversity and inclusion, and as part of this commitment, we collect information on whether a job applicant identifies as Aboriginal or Torres Strait Islander. This information is used solely for diversity purposes and will not be used for any other reason.

If you do not provide with us the information we request, we may not be able to process or assess your job application.

Sierra Legal uses the personal information of job applicants to evaluate their eligibility and suitability for specific roles. While our primary focus is on the role for which the application was made, we may retain and use the information to consider applicants for other positions within the company.

As required or permitted by applicable laws, Sierra Legal may obtain police, background, other checks on you. We may use your Personal Information, including your full name and date of birth, to obtain such reports. Personal Information may also be received from service providers who conduct background and eligibility checks on our behalf.

Sierra Legal will not ask to collect Sensitive Information about you except where it is needed as part of our equal employment opportunities policy, for the purpose of assessing dietary requirements or another reason for which we have your consent and collection is necessary for that purpose.

11. Access to Personal Information

How you can access your Personal Information

You have a right to access your Personal Information. If you would like to do so, please direct your request to Sierra Legal by email or post using the contact details set out in the “Contact us” section below.

Sometimes, we may not be able to provide you with access to all of your Personal Information. This may include where giving you access would be unlawful or would have an unreasonable impact on the privacy of other individuals. If we refuse you access, we will tell you why (except where we are prohibited from doing so by law, including under the AML/CTF Act).

We reserve the right to charge a fee for searching for and providing access to your Personal Information (but not for the request itself). We may need to verify your identity as part of this process.

Accuracy of Personal Information

We will take reasonable steps to ensure that the Personal Information that we hold is accurate, up-to-date and complete. You have a right to request that your Personal Information be corrected. If you think that the Personal Information we hold about you is not accurate, complete or up-to-date, please contact us using the contact details set out in the “Contact us” section below and we will take all reasonable steps to correct the information.

12. Security of Personal Information

Precautions taken

We understand the importance of protecting your Personal Information. We take all reasonable precautions to protect the Personal Information we hold about you from misuse, interference and loss, and from unauthorised access, modification or disclosure.

Our Websites, customer relationship management platform and another third-party platforms that support our operations are hosted on secure servers and have electronic security systems in place, including the use of firewalls and data encryption.

User identifiers and passwords are also used to control access to your Personal Information. Multi-factor authentication is utilised and access to your Personal Information is restricted to only those members of staff who require access for their role and job function.

Sierra Legal aims to keep your Personal Information secure and up to date. We will comply with our obligations under the Privacy Act in relation to any Personal Information that we handle, including information which is held on Sierra Legal’s Systems.

Personal Information that is held by Sierra Legal in hard copy is stored securely on our premises and is only disclosed or used for the purposes described in this Privacy Policy.

Personal Information that is held by Sierra Legal in an electronic format is stored within our secure network and is only disclosed or used for the purposes described in this Privacy Policy.

Links

Sierra Legal’s Websites and systems may link to other websites which are outside our control, and other websites outside our control may link to Sierra Legal’s Websites and systems. We are not responsible for the protection and privacy of any Personal Information which you provide while you are visiting or using those other sites, online products or services. Those websites are not governed by this Privacy Policy. You should exercise caution and review the privacy policies applicable to those other sites.

How long we keep your Personal Information for

Sierra Legal will keep your Personal Information only for as long as required for the purposes described in this Privacy Policy and otherwise as required by Australian law.

Personal Information collected for the purposes of the AML/CTF Act is retained for 7 years following the end of our relationship with you or 7 years after the date of the last relevant transaction, as required by that Act.

Where we no longer need to keep your Personal Information in accordance with this Privacy Policy, we will take reasonable steps to destroy or de-identify your Personal Information.

If you wish to have your Personal Information destroyed or de-identified, please let us know using the “Contact us” form on our Websites, or by using the contact details listed in the “Contact us” section below, and we will take reasonable steps to do so (unless we need to keep it for legal, auditing or internal risk management reasons).

13. Anonymity and pseudonymity

Where practicable, you may choose to interact with us anonymously or by using a pseudonym. However, in most circumstances, we may not be able to provide our services or respond to your inquiries unless you provide certain personal information. For example, identification may be required by law or so that we can provide our products and services to you.

14. Anti-Money Laundering and Counter-Terrorism Financing

Sierra Legal may provide legal services that constitute “designated services” under the AML/CTF Act. Where this applies, we are a “reporting entity” under that Act and are required to comply with the Privacy Act in connection with our AML/CTF obligations.

Customer due diligence

Before providing designated services, we are required by the AML/CTF Act to collect and verify Personal Information about you. This may include your full name, date of birth, residential address, identity document details, and (where applicable) information about beneficial ownership structures. If you do not provide this information, we may not be able to provide the relevant service.

Identity verification

Where we use a credit reporting body to assist with identity verification under the AML/CTF Act, we will notify you of this before doing so and obtain your express consent. An alternative means of verification will always be available.

Disclosures

We may disclose Personal Information to third-party identity verification and onboarding service providers to assist with our AML/CTF obligations. We may also be required to make reports or disclosures to government agencies and regulators under the AML/CTF Act. In some circumstances, we are prohibited by law from disclosing to you that such a report has been made. Where this applies, we may be unable to confirm or explain why access to your Personal Information has been refused.

Retention

Records collected for AML/CTF purposes are retained for 7 years following the end of our relationship with you or 7 years after the date of the last relevant transaction, as required by the AML/CTF Act. Copies of identity documents are not retained beyond what is required under that Act.

15. Contact us

If you have any questions or would like further information about our privacy policies or practices, please contact us by any one of the following means:

16. Data breaches or complaints

If you wish to report a data breach or make a complaint about the way we have collected, used, held or disclosed your Personal Information, please contact us using the contact details listed in the “Contact us” section above.

Under the Privacy Act, we are required to notify you and the OAIC if we become aware of a data breach that is likely to result in serious harm to you (a “notifiable data breach”). In some circumstances, our obligation to notify may be limited where notification would be inconsistent with our obligations under the AML/CTF Act.

Any complaint should be first made in writing and include the date, details of your complaint or the alleged breaches, and how you would like your complaint resolved.

We aim to resolve all enquiries and complaints within a reasonable period. Some complaints can be resolved quickly, but more complex complaints may take longer. You may withdraw your complaint at any time.

If we do not resolve your complaint to your satisfaction and no other complaint resolution procedures are agreed or required by law, we will inform you that your complaint may be referred to the Office of the Australian Information Commissioner (OAIC) for further investigation and will provide you with the OAIC’s contact details.

17. Changes to our Privacy Policy

We reserve the right to change our Privacy Policy at any time. We will notify you about changes to this Privacy Policy by posting an updated version on our Websites.