1. Introduction
Mallesons (“Mallesons”, “we”, “us”, “our”) is committed to protecting your personal data. Please read this privacy notice carefully as it sets out how and why Mallesons uses your personal data when you access our website, services and/or otherwise engage with us, as well as explaining certain legal rights that you have under data protection laws.
If you have any questions or comments about this privacy notice, please find our contact details in section 9 “How can you contact us?”.
Note that we may change this privacy notice from time to time by updating this page. This privacy notice does not apply to any third-party websites, plug-ins or applications to which you may be directed from our website. Clicking on those links or enabling those connections may allow third parties to collect or share data about you and so we encourage you to read the privacy policies/notices on the other websites you visit. We do not accept any responsibility or liability for the privacy practices of such third parties and your use of them is at your own risk.
2. Who are we and who is responsible for your personal data?
Mallesons is the only top-tier independent law firm from Australia, but also has associated entities (e.g., Mallesons Kinetic, which provides digital products). It has offices in Australia and Singapore. Further details can be found on our website. Our contact details can be found in section 9 of this privacy notice.
Typically, the Mallesons entity or associated entity that is legally responsible for handling your personal data will be the entity in the country where you are accessing our services and/or otherwise engaging with us.
3. What personal data do we collect about you and for what purposes?
We may collect personal data from you or individuals working for or associated with your organisation in various circumstances, including in the provision of legal services, use of our website, attendance at one of our events and/or where we otherwise engage with you, e.g. to procure a service for Mallesons etc. The types of personal data that we may collect, the types of individuals about whom we may collect the personal data and the reasons for collecting and using it will depend on the nature of your relationship with us, but generally include information necessary to provide our services, perform contracts, comply with legal requirements, or develop our business and that of our associated entities.
In some cases, we may require your express consent to process certain sensitive personal data (for example health or religious information provided for event catering or accessibility needs). You may withdraw your consent at any time, although this may affect our ability to provide services or otherwise engage with you.
The types of personal data we may collect and the purposes for which we may use it include those set out below.
a. Contact Information
This includes personal data such as your name, title, position, the company you work for, your postal address, email address and phone number. We may also ask about your relationship to another person, for example to establish any conflict of interest that might exist. We require the above information in order to engage with you for business purposes.
b. Identification and Verification
We may ask for your passport or other official photographic document to verify your identity, as well as other information relating to your background such as any directorships/financial interests you have. Aside from the data you provide to us directly, and in accordance with the local laws of the country where you are accessing our services, we may also find information about you from other sources, such as from tax authorities, carefully selected third party background screening providers (see section 5 below for more information on Mallesons use of third parties), and/or from publicly available registers/websites where you have voluntarily made your personal data available (e.g. LinkedIn). We require this information as part of our business acceptance processes and to comply with our legal obligations to prevent against money laundering, terrorism and fraud.
c. Anti-money laundering and counter-terrorism financing compliance
We may be required to collect and use your personal data in order to comply with applicable anti-money laundering and counter-terrorism financing laws. These laws include, in relation to Australia, the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and Anti-Money Laundering and Counter-Terrorism Financing Rules 2025, and in relation to Singapore, the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act.
These obligations may require that we collect and verify information regarding you, your organisation and individuals associated with your organisation, or acting on yours or your organisation’s behalf. We may collect this information at the time when you first become a client and throughout our ongoing relationship. The information we obtain is required in order to meet our legal obligations and allow us to conduct our customer or client due diligence process.
Depending on how your organisation is structured, the personal data we collect may include personal data regarding directors, partners, beneficial owners and others. If we are unable to collect and verify such personal data, then we may not be able to comply with our obligations under applicable anti-money laundering and counter-terrorism financing laws, and therefore we may not be able to provide our services to you or your organisation.
The personal data we collect in order to comply with our anti-money laundering and counter-terrorism financing legal obligations may include:
- identity and contact details;
- information supporting verification of identity (such as drivers licences, passports or other government-issued identification);
- your role, position or relationship with your organisation or another organisation;
- directorships and other officeholder positions;
- background checks and associated details including sanctions screening and politically exposed person screening information;
- sensitive information including criminal history details and information regarding political allegiances or affiliations; and
- other information that facilitates compliance with our anti-money laundering and counter-terrorism financing obligations.
We may collect this information from you or your organisation, from publicly available sources and from third party service providers who assist us with conducting identity checks, background screening, verification checks and other due diligence processes.
Learn more about our approach and commitment to AML/CTF compliance here.
d. Payment details
Where we enter into a contract for our legal services directly with you rather than the corporate entity you work for/are associated with, we will need to collect and use your payment information, including your credit/debit card details. This type of personal data is processed strictly in accordance with relevant payment card industry standards.
e. Meetings/events
We may collect basic contact information from you when you attend a meeting/event hosted at one of our offices. We use this information to identify you for building security and safety reasons, and so that we can invite you to future events/meetings (see section 3(g) on marketing below).
However, you may also wish to inform us of any specific dietary requirements and/or tell us about any disabilities you have so that we can make the reasonable adjustments you require to facilitate your attendance at the meeting/event. In certain countries, such details fall into the category of personal data that data protection law considers to be inherently sensitive, as it relates to your health/disability and/or potentially your religion (where you request a kosher food option for example). This type of information is purely optional, so you do not have to provide it to us if you do not wish to. If you have a food allergy and choose not to disclose it we cannot be responsible for any harm caused.
f. Use of cookies and similar technologies
As you interact with our website, we may automatically collect personal data from your device by using cookies and other similar technologies. Processing such information is necessary for us to improve our website, enhance its functionality to give you a better browsing experience and and provide a more relevant service to our clients.
We may also allow third party service providers, such as Google Analytics, Google Ads, Eloqua or Hotjar, to use cookies and similar technologies on our website. These technologies enable us to gather analytics to better understand how visitors interact with our content, deliver more relevant advertising and optimise website services. You can manage your cookie preferences through your browser settings. If you do not wish to receive marketing communications from us, you can opt out at any time. For further information on how to opt out, please see section 8 of this privacy notice.
g. Marketing and information gathered through our website
Certain sections of our website, including our blogs, invite you to request publications, newsletters and alerts, subscribe to receive invitations to events, seminars and webinars, take part in client surveys and to receive Mallesons announcements. If you do so, we may collect information such as your name, business email address, job title, organisation name and company address, and other relevant details depending on the nature of your interaction. Our systems will recognise you as a user and based on the content you view/request, we will strive to provide material that is relevant to you and your interests, which could include information relating to our associated entities (e.g., Mallesons Kinetic). We may also collect this information about you where you have physically attended an event, meeting or seminar hosted by Mallesons, so that we can invite you again in the future.
Note that you can opt out of receiving marketing communications at any time. For further information, please see section 8, “What are your rights over your personal data?”, of this privacy notice.
h. Recruitment
Mallesons will collect and use your personal data when you apply for a job with us. We may receive information about you through a recruitment agency or directly from you where you complete an online job application form via the careers section of the Mallesons website. The personal data will include information relating to your education, employment history and other background information such as your right to work in the country where you are applying to work etc. For further information about how Mallesons collects and uses your personal data in the recruitment context, please see our applicant privacy notice.
i. Indirect collection of personal data
Sometimes we may have access to and use personal data of individuals with whom we do not have any direct contact. For example, if we are providing advice to a client relating to the acquisition of another company, we may use personal data relating to the seller’s employees. In circumstances such as these, it may not be appropriate for us to provide the individuals concerned with a privacy notice that sets out how we use their personal data as doing so may breach client confidentiality. Nevertheless, Mallesons handles such personal data in accordance with applicable data protection laws.
j. Profiling
The term “profiling” refers to where your personal data is used for solely automated processing to evaluate or predict certain aspects about you without human assessment. Mallesons does not currently do any profiling using personal data. Should Mallesons decide to use completely automated processes in the future, e.g. to market its services more efficiently, we will notify you if it is likely to have a significant effect on you and you will have the right to object to this type of processing (see section 8 “What are your rights over your personal data?” below).
k. Personal data provided to Mallesons Kinetic
Mallesons also offers digital products for businesses via its associated entity, Mallesons Kinetic Pty Ltd (“Mallesons Kinetic”). Mallesons Kinetic will collect and use your personal data when you sign up to use its services and purchase its digital products. The personal data may include basic contact information provided on sign-up, login details when creating an account and payment information. Mallesons Kinetic collects this information so that it can provide its digital products to you.
l. Personal data provided to Owl Advisory by Mallesons
Mallesons also offers compliance and governance risk advisory services for businesses via its associated entity, Owl Advisory Pty Ltd (“Owl Advisory by Mallesons”). Owl Advisory by Mallesons will collect and use your personal data to provide its risk advisory services to you or otherwise engage with you to develop its business. For example, Owl Advisory by Mallesons may collect and use personal data of staff, customers and/or other third parties such as name, title, position and email address to perform a contract with you or your organisation.
4. Who do we share your personal data with?
We may share information that you have provided to us with certain third parties such as service providers acting on our behalf as part of providing our services to our clients. These may include insurers, IT service providers, background screening providers, barristers, translators, accountants, tax advisers and catering service providers etc. It may also include serviced providers that support our client or customer due diligence processes such as background screening providers and other service providers associated with providing information, personal data or otherwise conducting checks in support of our anti-money laundering and counter-terrorism financing legal obligations. We will ensure that any third-party service provider that we use commits to an appropriate level of security and confidentiality to protect your personal data.
We may also share your personal data with a purchaser or potential purchaser of our business and in some circumstances, we may have to disclose your personal data for legal or regulatory purposes, such as where a court, the police or other law enforcement agency or regulatory body has asked us for it.
5. Is your personal data transferred overseas?
Mallesons do not regularly transfer personal data overseas. However, it may be necessary to send your personal data to other overseas Mallesons offices or third parties (as per section 4 “Who do we share your personal data with?” above), unless we have specifically agreed to retain your personal data within a particular jurisdiction. This may be the case where your instructions require an opinion from a local law expert in another jurisdiction.
Some of the countries where your personal data is transferred have a different standard of data protection than the country in which you are situated. However, we have put in place contractual or other appropriate protections to ensure that your information is safeguarded to the same standards globally.
6. How do we keep your personal data secure?
We are committed to ensuring that any personal data that we hold about you is kept securely in accordance with our policies and procedures. These include appropriate physical and technological security measures, such as access controls, logging and monitoring, regular penetration testing of our systems and careful selection of staff and third-party service providers.
7. How long will we keep your personal data?
Your personal data will be retained in line with legal and regulatory retention periods. At the end of any retention period, your personal data will either be securely deleted in its entirety or anonymised so that you can no longer be identified from that data. We aggregate such anonymised data for statistical analysis and business planning.
8. What are your rights over your personal data?
Depending on the country where you are based and subject to certain exceptions and limitations you may have various legal rights in relation to your personal data, as set out in this section.
Such rights may allow you to ask Mallesons to:
- provide a copy of your personal data and information about the ways in which such personal data has been or may have been used or disclosed within a year before the date of the request (subject to the privacy rights of other people and the information already provided to you in applicable privacy notices);
- correct any inaccuracies in your personal data by informing us to make the necessary changes;
- modify or withdraw your consent for the collection, use and disclosure of your personal data
You also may have the right to opt out of receiving direct marketing communications from Mallesons. If you wish to opt out of receiving direct marketing, Mallesons will simply stop processing your personal data for marketing purposes (and any associated profiling).
You may exercise or enquire about the above rights by contacting Mallesons data protection team (see section 9 “How can you contact us?” below).
9. How can you contact us?
We hope this privacy notice has been helpful in setting out the way we handle your personal data and your rights to control it. This privacy notice sets out most of your rights under relevant laws, but not necessarily every right you have.
If you have any concerns, requests related to, among others, the exercise of your rights, complaints or questions that haven’t been covered, please contact us by completing this form.
10. Complaints
You may have a right to make a complaint to the relevant data protection authority (“DPA”) at any time. We would appreciate the chance to understand your concerns in the first instance before your contact the DPA, however.
Click on the relevant country below to access the website of the DPA responsible for overseeing that country’s data protection compliance:
Australia: Office of the Australian Information Commissioner (OAIC)
Singapore: Personal Data Protection Commission
12. Changes to this privacy notice
This privacy notice was last updated in 30 March 2026. We may change this privacy notice from time to time by updating this page.