Privacy policy.

Our Privacy Obligations

TC Law & Consulting is based in Australia. We provide legal, policy, governance and advisory services to clients across Australia and internationally.

To deliver these services effectively, we may collect, use, and store personal information. “Personal information” or “personal data” means information or an opinion about an identified individual, or an individual who is reasonably identifiable.

In Australia, the collection of personal information is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles.
When we work with clients or participants in other countries, we also comply with applicable local privacy laws. For example:

  • in the European Union (EU) or the United Kingdom (UK), we comply with the General Data Protection Regulation (EU GDPR / UK GDPR); and

  • in the United States of America (USA), we align with the California Consumer Privacy Act (CCPA) where applicable.

We may update this Privacy Policy from time to time. The most current version will always be available on our website.

When We Collect Personal Information

We collect personal information where it is reasonably necessary to:

  • provide our services to clients and partners,

  • manage our business operations,

  • comply with legal obligations.

This may include personal information about:

  • Clients and partners – names, roles, business contact details, and information shared to allow us to deliver services,

  • Suppliers and contractors – names, roles, and business contact details,

  • Employees, contractors or staff – contact details, payroll/financial information, and (where relevant) health or emergency details,

  • Program participants, research contributors, or stakeholders – information you choose to share with us in workshops, consultations, surveys, or other engagement activities.

We only collect personal information when you provide it to us, when required by law, or when necessary for our legitimate business interests. Where we rely on consent, you may withdraw that consent at any time.

How We Collect Personal Information

  • Directly from you: when you contact us, participate in our programs, complete surveys, attend workshops, or use our website/social media.

  • From third parties: such as referees, partner organisations, or publicly available sources (e.g., business registers).

  • Generated by us: for example, records of meetings, reports, evaluations, or project documentation.

  • Online interactions: our website may collect non-identifiable information (cookies, IP addresses) for analytics and performance monitoring.

 How We Use Personal Information

We may use your personal information to:

  • provide requested services, advice, or products,

  • communicate with you about our work,

  • manage employment, contractual, or supplier relationships,

  • evaluate and improve our services,

  • comply with legal and regulatory obligations, or

  • for other purposes with your consent.

We do not use personal information for unrelated purposes without your permission.

 Disclosure of Personal Information

We may share personal information with:

  • our service providers (such as IT, accounting, data hosting, and communication platforms),

  • clients or partners, where required to deliver agreed services,

  • regulators, courts or government agencies, where legally required,

  • overseas recipients, where our work involves international delivery (for example in the EU, UK, or USA).

Our service providers are required to handle your information securely and only in line with our instructions.

 Security of Your Information

We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes secure data storage, access controls, and encryption where appropriate.

We only keep your information as long as reasonably necessary for the purposes outlined in this policy or as required by law, after which it is securely destroyed.

Your Rights

You have the right to:

  • access the personal information we hold about you,

  • request correction of inaccurate or outdated information,

  • withdraw consent (where collection is based on consent),

  • opt-out of receiving marketing communications.

If you are located in the EU or UK, you may also request deletion of your data, restrict processing, or request a machine-readable copy of your data under the GDPR.