Roche Legal QLD Pty Ltd (ABN 91 678 444 052) (“we”, “us”, “our”)
Last updated: 4 July 2026
Roche Legal is a Queensland law firm practising in personal injury and TPD claims. We collect and handle personal information – including sensitive health information – in order to provide legal services. This policy explains what we collect, why, who we share it with, and your rights. We handle personal information in accordance with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth), and our professional obligations under the Australian Solicitors Conduct Rules and the Legal Profession Act 2007 (Qld).
1. What we collect
Identity and contact information: name, date of birth, address, phone, email, and identity verification documents.
Sensitive information, where relevant to your claim and with your consent:
- Health information, including medical records, diagnoses, treatment history, rehabilitation records, and medico-legal reports
- Criminal record information, where relevant to a matter
Claim-related information: accident and incident details, police reports, employment and income records, tax records, insurance and superannuation policy details, Medicare and Centrelink information, financial information relevant to your claim or our costs agreement.
Government-related identifiers such as Medicare numbers, only where required to conduct your matter (for example, Medicare notice of charge and NDIS/Centrelink clearances).
Website and communication data: information you submit through our website forms, call and message records, and technical data such as IP address, browser type, and pages visited (see section 10, Cookies).
2. How we collect it
We collect information:
- Directly from you – in person, by phone, email, SMS, or through forms on our website.
- From third parties where necessary for your matter, including your treating doctors and hospitals, insurers (such as CTP insurers and WorkCover Queensland), your employer, superannuation funds and their insurers, the Queensland Police Service (including through Right to Information processes), Medicare, Centrelink, the NDIA, courts and tribunals, barristers, and medico-legal experts.
- From publicly available sources where relevant to your matter.
If you give us personal information about another person (for example, a family member or witness), you should ensure they are aware of this policy.
You may deal with us anonymously or using a pseudonym for general enquiries, but we cannot act for you in a legal matter without identifying you.
3. Automated communications when you contact us
When you complete an enquiry form on our website, you will typically receive an automated response by SMS and email confirming receipt and providing next steps. By submitting the form with your phone number and email address, you consent to receiving these communications.
These automated messages are sent through third-party communication and workflow platforms acting as our service providers (see section 7 on overseas disclosure). Every commercial electronic message we send identifies Roche Legal as the sender and, where the message is marketing in nature, includes a functional unsubscribe facility as required by the Spam Act 2003 (Cth). You can opt out of SMS or email communications at any time by replying STOP to an SMS, using the unsubscribe link in an email, or contacting us directly. We will always retain the ability to contact you about an active legal matter.
4. Why we collect and use your information
We use personal information to:
- Provide legal advice and representation, including preparing, negotiating, and litigating your claim
- Comply with pre-court procedures under the Motor Accident Insurance Act 1994 (Qld), Workers’ Compensation and Rehabilitation Act 2003 (Qld), and Personal Injuries Proceedings Act 2002 (Qld), and with court rules and directions
- Verify your identity and conduct conflict checks
- Manage our costs agreements, trust accounting, and billing, in compliance with Queensland Law Society trust account requirements
- Respond to your enquiries
- Comply with our legal, regulatory, and professional obligations
- With your consent, send you information about our services and legal developments relevant to you
5. Direct marketing
We may send you updates or information about our services where you have enquired with us or been a client, and you would reasonably expect to receive them. Every marketing communication will include a simple way to opt out, and we will action opt-outs promptly. We do not sell, rent, or trade your personal information to third parties for their marketing.
6. Who we disclose your information to
We only disclose your information where necessary to run your matter or where required or authorised by law. Depending on your matter, this may include:
- Courts, tribunals, and registries
- Insurers and their representatives, including CTP insurers, WorkCover Queensland, public liability insurers, and superannuation fund insurers
- Barristers, medico-legal experts, and other consultants engaged on your matter
- Your treating health providers
- Government agencies including Medicare, Centrelink, the NDIA, the Australian Taxation Office, and the Queensland Police Service
- Superannuation trustees and administrators (for TPD claims)
- Litigation funders or cost assessors, where applicable and with your knowledge
- Our service providers, including practice management, document storage, accounting, IT support, and communication platforms, under obligations of confidentiality
- Any person you authorise us to share information with
We may also disclose information where we reasonably believe disclosure is required by law, court order, or to lessen or prevent a serious threat to life, health, or safety.
7. Overseas disclosure
Your information is primarily stored and processed in Australia, including our email and document systems and SMS delivery platform. However, some of our service providers store or process data overseas:
- Workflow automation services are hosted in the European Union (Germany)
- Our website chat assistant is operated by a provider that stores data in the United States
- Our SMS provider is part of a global group and some support functions may occur outside Australia
Where information is handled overseas, we take reasonable steps to ensure providers are subject to contractual and security obligations consistent with the Australian Privacy Principles. Your client file is not sent overseas for processing except through these infrastructure providers.
8. Artificial intelligence and automation
We use technology, including AI-assisted tools and workflow automation, to improve the efficiency and quality of our services – for example, in document drafting, legal research, and managing communications. Where we use these tools:
- All substantive legal advice and decisions about your matter are made and reviewed by a qualified legal practitioner – no decision affecting your legal rights is made solely by automated means.
- We take reasonable steps to ensure client information used with these tools is handled securely and confidentially, and we do not permit client information to be used to train publicly available AI models.
- You may ask us at any time how technology has been used in connection with your matter.
9. Storage, security, and retention
We store information in secured practice management and document systems, protected by access controls, encryption, and network security measures. Physical files are held securely at our offices.
We retain client files for a minimum of 7 years after your matter concludes, consistent with Queensland Law Society guidance and our professional obligations. Files for clients who were minors are retained at least until the client turns 21, or 7 years after the matter concludes, whichever is later. When information is no longer required, we destroy or de-identify it securely.
10. Cookies and website analytics
Our website uses cookies and analytics tools to understand how visitors use the site and to improve it. This data is generally aggregated and does not identify you personally. You can disable cookies in your browser settings, though some site features may not function fully. Our website may link to third-party sites; this policy does not apply to those sites.
11. Children and clients under 18
We regularly act for injured children and young people, through a parent, guardian, or litigation guardian. Where we hold personal information about a person under 18, it is collected and handled with the consent and involvement of their parent or guardian, subject to the same protections as all client information, and retained in accordance with section 9 (including extended retention reflecting limitation periods for minors). We do not knowingly collect information from children other than in connection with a legal matter or with parental consent.
12. Access and correction
You may request access to the personal information we hold about you, and ask us to correct it if it is inaccurate, out of date, or incomplete. Contact our Privacy Officer using the details below. We will respond within 30 days. We may need to verify your identity, and in limited circumstances may refuse access where the law permits (for example, where information is subject to legal professional privilege belonging to another client) – if so, we will tell you why in writing. We do not charge for making a request, though a reasonable fee may apply for retrieving and copying archived records.
13. Complaints
If you believe we have mishandled your personal information:
- Contact our Privacy Officer (details below) with the details of your concern
- We will acknowledge your complaint within 7 days and aim to resolve it within 30 days
- If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or 1300 363 992. You may also contact the Queensland Legal Services Commission regarding the conduct of a law practice.
14. Contact us
Privacy Officer
Roche Legal
Level 19, 10 Eagle Street
Brisbane QLD 4000
Phone: 1300 335 334
Email: privacy@rochelegal.com.au
15. Changes to this policy
We review this policy regularly and may update it from time to time. The current version will always be published on our website with the date of last update.