top of page

PRIVACY POLICY

A legal disclaimer

Kamana Legal and Advisory (“we”, “us”, “our”) is committed to handling personal information in a responsible way.

​

This Privacy Policy explains how we collect, hold, use and disclose personal information in connection with our legal services, advisory services, recruitment, events, publications, and website. We are guided by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

​

This Privacy Policy does not limit our separate obligations regarding client confidentiality and legal professional privilege.

​

Last updated: 2 February 2026

Privacy Policy - the basics

1) What is “personal information” and “sensitive information”?

“Personal information” is information or an opinion about an identified individual (or an individual who is reasonably identifiable). Some personal information is also “sensitive information”, which includes (for example) information about health, racial or ethnic origin, political opinions, religious beliefs, membership of professional or trade associations or unions, sexual orientation, and criminal record.

​

2) What personal information we collect and hold

The kinds of personal information we collect depends on how you interact with us (as a client, witness, referrer, counterparty, service provider, subscriber, job applicant, or website visitor). It may include:

  • Identity and contact details: name, address, phone, email, date of birth

  • Professional details: role/title, employer/organisation, work contact details

  • Matter-related information: documents, instructions, correspondence, records and notes relevant to legal or advisory work

  • Financial and billing details: invoicing, payment and transaction information

  • Government-related identifiers (limited): where necessary and lawful for a matter (for example, identity verification)

  • Sensitive information: only where reasonably necessary for our work and where required/authorised by law, or with your consent (e.g., health information relevant to a matter)

We aim to collect only what we need to provide our services and to meet our legal and professional obligations.

​

3) How we collect personal information

We may collect personal information:

  • Directly from you (for example, when you contact us, engage us, complete a form, subscribe to updates, attend an event, or apply for a role)

  • From our clients or others involved in a matter (for example, counterparties, witnesses, consultants, counsel, experts, agencies, courts/tribunals, or referrers)

  • From publicly available sources (for example, public registers, websites, published decisions, or professional directories)

  • From service providers who help us operate our business (for example, IT, cloud, document management, and communications providers)

In some legal and advisory matters, it can be impractical or unreasonable to collect certain information directly from the individual concerned (for example, where information is provided by our client or obtained from official sources).

​

4) Why we collect, use and disclose personal information

We may collect, use and disclose personal information to:

  • provide legal services and advisory services, including giving advice, preparing documents, and supporting negotiations or engagements

  • communicate with you and manage relationships

  • verify identity and manage conflicts, risk and compliance

  • issue invoices, process payments, and manage accounts

  • improve our services and website experience

  • send publications, updates, and invitations (where permitted)

  • recruit and manage personnel

  • comply with laws, professional obligations, and lawful requests

​

5) Disclosing personal information

We may disclose personal information to:

  • you (and people you authorise)

  • our professional advisers and service providers (e.g., barristers, experts, consultants, IT providers, insurers) where necessary to provide services

  • third parties involved in a matter (e.g., counterparties, agencies, courts/tribunals) as required to progress instructions, comply with legal obligations, or protect rights

  • regulators or law enforcement where required or authorised by law

We take reasonable steps to ensure disclosures are limited to what is necessary for the relevant purpose.

​

6) Overseas disclosures

Some matters (or our service providers) may involve overseas recipients. Where we disclose personal information overseas, we take reasonable steps to protect the information and to comply with applicable privacy requirements, including by using contractual and security measures appropriate to the circumstances.

​

7) Direct marketing and communications

If permitted, we may send you updates such as insights, invitations, and firm news. You can opt out at any time using the unsubscribe option (where applicable) or by contacting us (see “Contact us” below).

Australia’s spam rules require commercial electronic messages to include a functional unsubscribe option and to honour unsubscribe requests within required timeframes.

​

8) Website, cookies and analytics

When you visit our website, we (and our service providers) may collect certain information automatically, such as:

  • IP address, device type, browser type

  • pages visited, time and date of visit, referring pages

  • cookies and similar technologies (to help the site function, measure traffic, and improve experience)

You can usually manage cookies through your browser settings. Blocking cookies may affect how the website works.

 

9) Security and retention

We take reasonable steps to protect personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure. This includes administrative, physical and technical safeguards appropriate to the sensitivity of the information.

We keep personal information only for as long as needed for the purposes described in this policy, and to meet legal, professional, and record-keeping obligations.

 

10) Data breaches

If a data breach involving personal information is likely to result in serious harm, the Notifiable Data Breaches (NDB) scheme may require us to notify affected individuals and the Office of the Australian Information Commissioner.

 

11) Access and correction

You may request access to personal information we hold about you, and you may request correction if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading. We will respond within a reasonable time and may need to verify your identity before providing access or making changes.

There are circumstances where access may be refused (for example, where required or permitted by law). If we refuse access, we will explain why where we can.

 

12) Anonymity (where practical)

Where lawful and practical, you may contact us anonymously or using a pseudonym (for example, for a general enquiry). In many cases, however, we will need identifying information to provide legal services, manage conflicts, or meet professional obligations.

 

13) Complaints

If you have a complaint about how we handle personal information, please contact us using the details below. We will acknowledge your complaint and respond within a reasonable timeframe.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner.

 

14) Updates to this policy

We may update this Privacy Policy from time to time to reflect changes to our practices or legal requirements. The latest version will be published on our website. (The OAIC has also flagged additional future privacy policy content requirements in specific circumstances, and we will update our policy if/when those apply.)

 

Contact us

Privacy Contact: Sonja Kama
Email: admin@kamanalegal.com
Address: Unit 5, 161 London Circuit, Canberra City, ACT 2601

bottom of page