In the course of our business in Australia (Barea Pty. Ltd. ACN 010 157 436 as trustee for the H&H Service Trust trading as CGW Structures), there may be circumstances where we collect personal information. Our privacy policy has been developed to ensure that such information is handled appropriately.

We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. This commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way in which personal information must be treated.

Who does this privacy policy apply to?

This policy applies to any person for whom we currently hold, or may in the future collect, personal information.

This policy does not apply to acts and practices which relate directly to the employee records of our current and former employees.

What information does this privacy policy apply to?

In broad terms, ‘personal information’ is information or opinions relating to a particular identifiable individual.

Information or opinions are not personal information where they cannot be linked to a particular individual.


We manage the personal information we collect by:

(a) providing staff manuals and training on privacy issues;

(b) implementing procedures such as providing privacy statements when dealing with a client’s personal information;

(c) regularly reviewing our privacy compliance, including privacy audits;

(d) implementing security measures to keep the personal information we collect safe, including using unique usernames and passwords on systems that can access personal information and security cards to access on-site information; and

(e) appointing a designated privacy officer to monitor privacy compliance and be a contact for any privacy complaints and access or correction requests.

In limited circumstances, it may be possible for an individual to use a pseudonym or remain anonymous when dealing with us (for example, when making a general enquiry by telephone).  In most other cases, our professional obligations or the nature of the work will require you to deal with us using your real name.


CGW Structures is primarily an entity that establishes structures such as trusts, companies and superannuation funds and any personal information collected will be to assist in establishing those structures. For example, we may collect and hold:

(a) contact information;

(b) financial information;

(c) tax file numbers;

(d) date and place of birth;

(e) employment history;

(f) any other personal information required to perform the service to the individual.

CGW Structures is also an associated entity of Cooper Grace Ward Lawyers, and may refer calls made to the CGW Structures line to Cooper Grace Ward employees. Cooper Grace Ward is  a full-service commercial law firm, and holds different information depending on the services provided to clients or, in the case of prospective employees, the information needed to assess future employment with us. Generally, the types of information that Cooper Grace Ward may collect and hold include:

(a) contact information;

(b) financial information;

(c) business circumstances;

(d) family circumstances;

(e) information about assets and investments;

(f) employment history;

(g) date and place of birth;

(h) insurance history;

(i) banking and credit card details;

(j) expertise and interests;

(k) tax file numbers;

(l) driver’s licence and other photographic information;

(m) video or photographic footage given by clients to us for legal advice;

(n) information otherwise required by law; and

(o) any other personal information required to perform the legal service to the individual.

We only collect the necessary personal information to provide the service to the individual.


‘Sensitive information’ is a subset of personal information and includes personal information that could have serious ramifications for the individual concerned if used inappropriately.

CGW Structures does not generally collect sensitive information about individuals. Cooper Grace Ward may collect sensitive information about individual if it is necessary to provide legal services to the individual. This may include:

(a) health information;

(b) racial or ethnic origins;

(c) political opinions and membership of political associations;

(d) religious beliefs or affiliations;

(e) philosophical beliefs;

(f) membership of professional or trade associations or unions;

(g) sexual preferences or practices;

(h) criminal records;

(i) genetic information;

(j) any sensitive information required to be disclosed by law; and

(k) any other sensitive information required to perform the legal service to the individual.

We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.


We will generally be given your personal information from your accountant or advisor, or in some circumstances we will collect it directly from you.


We hold personal information:

(a) physically,

(i) on our premises; and

(ii) by third party data storage providers in Brisbane.

(b) electronically,

(i) through internal servers and websites and a private cloud;

(ii) by a third party data storage provider in Australia;

(iii) by an off-side data replication provider in Australia; and

(iv) by an email filtering host in Singapore.

We will take all reasonable steps to ensure that all personal information we hold is secure from any unauthorised access, misuse or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.

Some of the methods we use to store and secure information include:

(a) using security cards to access areas that contain personal information;

(b) having designated areas to meet with clients and non-CGW employees that do not contain personal information;

(c) using security cards to access printers;

(d) using unique usernames, passwords and other protections on systems that can access personal information;

(e) using our document retention system (locked storage area with only authorised access) for important documents such as Wills and other original documents; and

(f) using lockable compactuses for storing more sensitive information, other important documents or financial records.


We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected. The primary purpose for which information is generally to establish entities, including companies, self-managed superannuation funds and trusts for an individual or their business.

In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us.

Personal information may also be used or disclosed by us for secondary purposes which are within the individual’s reasonable expectations and related to the primary purpose of collection.

For example, we may use personal information for the following secondary purposes:

(a) to add an individual’s details to our legal alerts list, to inform the individual  of updates and changes to the law that may affect them and to invite them to legal events relevant to their industry (which can be unsubscribed from at any time); or

(b) to refer to Cooper Grace Ward Lawyers for legal advice.

We may disclose personal information:

(a) to your accountant or advisor;

(b) to Cooper Grace Ward Lawyers, our affiliate; or

(c) to third party contractors where we contract out any financial, administrative, information technology or other services.

Otherwise, we will only disclose personal information to third parties with the relevant individual’s consent or if the disclosure is permitted by the Privacy Act.


We do not disclose personal information to overseas recipients apart from our email filtering host in Singapore.


What kinds of credit information may we collect?

We do not use an individual’s personal information to assess their credit eligibility. However, we may collect identification information and credit card details for payment purposes.

We do not collect your credit information from credit reporting bodies, banks or other credit providers other than your accountant or your advisor who may provide us with your details.

How and when do we collect credit information?

In most cases, we will only collect credit information about you if you disclose it to us and it is relevant in providing you with the legal service.

Other sources we may collect the credit information from include your accountant or advisor.

However, in most cases you will be aware that this information is being collected as part of the service we are providing to you.

How do we store and hold the credit information?

We store and hold credit information in the same manner as outlined in section 6 of this policy.

Why do we collect the credit information?

Our usual purpose for collecting, holding, using and disclosing credit information about you is to process a payment for our services.

Overseas disclosure of the credit information

We will not disclose your credit information to overseas entities unless you expressly advise us to, apart from the following circumstances:

(a) to the extent that your credit information is contained in emails which are filtered by our email filtering host in Singapore; or

(b) to the extent that it is necessary or desirable to make such a disclosure to obtain payment of money owed to us.

How can I access my credit information, correct errors or make a complaint?

You can access and correct your credit information, or complain about a breach of your privacy in the same manner as set out in section 10 of this policy.


It is important the information we hold about individuals is up-to-date. Individuals should contact us if their personal information changes.

Individuals may request access to the personal information we hold or ask for their personal information to be corrected.

A request by an individual to access or correct personal information about the individual must be made to the following contact officer:

Contact person:   Privacy Officer (Chief Operating Officer)
Telephone number:  +61 7 3231 2444
Email address:
Postal address:   GPO Box 834, Brisbane Qld 4001

We will grant an individual access to their personal information as soon as possible, subject to the request circumstances.

In keeping with our commitment to protect the privacy of personal information, we will not disclose personal information to an individual without proof of identity.

We may deny access to personal information if:

(a) the request is impractical or unreasonable;

(b) providing access would have an unreasonable impact on the privacy of another person;

(c) providing access would pose a serious and imminent threat to the life or health of any person; or

(d) there are other legal grounds to deny the request.

We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.

If an individual is able to establish that personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.


If a person wishes to complain about an interference with their privacy, they must follow the following process:

(a) The complaint must be firstly made to us in writing. We will have a reasonable time to respond to the complaint.

(b) In the unlikely event the privacy issue cannot be resolved between us and the individual, the individual may take their complaint to the Office of the Australian Information Commissioner.

A person can complain about a breach of privacy by contacting us using the contact details below:

Contact person:   Privacy Officer (Chief Operating Officer)
Telephone number:  +61 7 3231 2444
Email address:
Postal address:   GPO Box 834, Brisbane Qld 4001


We may update, modify or remove this policy at any time without prior notice. Any changes to the privacy policy will be published on our website.

This policy is effective March 2014. If you have any comments on the policy, please contact our privacy officer on the contact details in section 11 of this policy.