Home / Privacy Policy

Privacy Policy


CoSec Consulting Pty Ltd ACN 150 499 442 and its affiliates (including but not limited to CoSec Directors Pty Ltd ACN 604 395 879 and CoSec Local Agent Services Pty Ltd ACN 604 391 611) (collectively known as “CoSec” and also referred to in this Policy as “us,” “we” and “our”) seeks to provide the best possible service to its clients.

We understand how important it is to protect your personal information. This Privacy Policy sets out our commitment in respect of personal information that you may provide to us.

We recognise that any personal information we collect about you will only be used for the purposes indicated in our policy, where we have your consent to do so, or as otherwise required or authorised by law. It is important to us that you are confident that any personal information we collect from you or is received by us will be treated with appropriate respect ensuring protection of your personal information.

Our commitment in respect of personal information is to abide by the Privacy Act 1988 (Cth) and any other relevant law or regulation (Privacy Law).


CoSec is a boutique firm of experienced and passionate governance professionals, offering end-to-end corporate, compliance and statutory secretarial services with physical offices in Melbourne and Brisbane but servicing clients virtually worldwide. CoSec respects the privacy of individuals and has current systems in place to protect personal information from misuse, loss and unauthorised access, modification or disclosure.


When we refer to personal information we mean information or an opinion about you, from which you are, or may reasonably be, identified. This information may include (but is not limited to) your name, date of birth, driver’s licence number, marital status, phone number, email address, address, nationality, employment history, income, assets liabilities and compliance information.

Due to the nature of the services provided by us, some of the information we collect may be sensitive information, including details about your race or ethnic background. We may also collect other sensitive information about you from time to time (such as information about your health, religion, trade union membership, political opinion, sexual preference or criminal record), but only if such information is required in order to provide services to you. We will only collect sensitive information about you with your consent.

We may collect your personal information in various ways, including by email, telephone enquiries made by you or on your behalf, information you make available to us, undertaking work with you and through our website (including where you submit information to us and/or through the use of features that automatically collect information (e.g. cookies) from the users of our website).


We collect and receive personal information about you in order to conduct our business and to provide our services. From time to time we may also use the personal information we hold about you for direct marketing of our services or for the purpose of providing you with information which may be of interest to you from time to time. This information will usually be in the form of a newsletter and is provided free of charge. Any such mail-out includes a provision which allows you to opt out of receiving further information by return mail.


Where reasonable and practical we will collect your personal information only directly from you with your consent. However, we may also obtain information about you from third parties, such as a party who contacts us on your behalf, from our contractors who supply services to us, through our referrers, from a publicly maintained record or from other individuals or companies authorised by you.

If you do not provide the information that we need, we may not be able to provide you with our services.
If you provide personal information to us about someone else, you must ensure that you are entitled to disclose that information to us and that, without us taking any further steps required by privacy laws, we may collect, use and disclose such information for the purposes described in this Privacy Policy. For example, you should take reasonable steps to ensure the individual concerned is aware of the various matters detailed in this Privacy Policy. The individual must also provide the consents set out in this Privacy Policy in respect of how we will deal with their personal information.

If you are contacting us for the first time by email and you think that your query may raise contentions issues, please only provide your name and the names of others involved, but do not include any confidential information about the substance of matter, so that we can undertake conflict checks. Unfortunately, should you disclose any details or the substance of the matter before we are formally engaged, we are unable to guarantee the confidentiality of the information provided.


Personal information about clients will only be used internally or disclosed on a confidential basis to other firms acting as our agent. Your personal information will not be forwarded to any third party without your express consent. If we need to forward personal information to any third party, such as an interstate or overseas agent, a lawyer, accountant or a government agency, we will first obtain your consent.

We use your personal information for the purpose for which it has been provided, for reasonably related secondary purposes, any other purpose you have consented to and any other purpose permitted under the Privacy Law. This may include using your personal information for the following purposes:

  1. to provide you with the products or services you requested;
  2. to verify your identity;
  3. to assess, process and manage your application for employment, or
  4. for complaints handling or data analytics purposes.

To enable us to maintain a successful relationship with you, we may disclose your personal information to:

  1. your guarantors, your professional advisors, your bank and any other organisation that may have or is considering having an interest in our business;
  2. companies and contractors who we retain to provide services for us, such as IT contractors, call centres, stationery printing houses, mail houses, storage facilities, lawyers, accountants and auditors, who will need to have access to your personal information to provide those services;
  3. people considering acquiring an interest in our business or assets;
  4. other individuals or companies authorised by you; and
  5. statutory or regulatory bodies which we consider it necessary or desirable to disclose such information to, for example, the Australian Securities and Investments Commission and the Australian Taxation Office.

By providing us with your personal information, you consent to us disclosing your information to such entities without obtaining your consent on a case by case basis.

Sometimes we are required or authorised by law to disclose your personal information. Circumstances in which we may disclose your personal information would be to a Court, Tribunal or law enforcement agency in response to a request or in response to a subpoena or to the Australian Taxation Office.

CoSec does not intend to disclose your personal information to overseas recipients. If we elect to send your personal information offshore, we will notify you and obtain your consent prior to doing so.

Some of our third party service providers are located in countries outside of Australia (mostly in United States, Europe or the United Kingdom). We may also store your personal information in the cloud. We may transfer information about you to these jurisdictions for a relevant purpose described above. Although we will require our non-Australian service providers to comply with the Privacy Law and our Privacy Policy, the privacy law in some jurisdictions may not afford the same level of protection as the laws of Australia.


From time to time we may use your personal information to provide you with current information about our services or services being offered by us or any company we are associated with. By providing us with your personal information, you consent to us using your information to contact you on an ongoing basis for this purpose, including by mail, email, SMS, social media and telephone.

If you do not wish to receive marketing information, you may at any time decline to receive such information by contacting our Privacy Officer on the contact details below. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.


It is important to our relationship that the personal information we hold about you is accurate and up to date. During the course of our relationship with you we will ask you to inform us if any of your personal information has changed.
If you wish to make any changes to your personal information (including your credit related personal information) that we hold about you, you should contact us to have it updated. We will generally rely on you to assist us in informing us if the information we hold about you is inaccurate or incomplete.


We will provide you with access to the personal information we hold about you, subject to limited exceptions in the Privacy Law as outlined below. You may request access to any of the personal information we hold about you at any time.

To access personal information that we hold about you, use the contact details specified below. We may charge a fee for our reasonable costs in retrieving and supplying the information to you.


There may be situations where we are not required to provide you with access to your personal information. For example, such a situation would be information relating to an existing or anticipated legal proceeding with you, or if your request is vexatious.

An explanation will be provided to you if we deny you access to your personal information we hold.


In most circumstances it will be necessary for us to identify you in order to successfully do business with you, however, where, it is lawful and practicable to do so, we will offer you the opportunity of doing business with us without providing us with personal information. Such a situation would be where you make general inquiries about our services.


CoSec has physical, electronic and procedural safeguards to protect the personal information it collects, from unauthorised access, modification and disclosure. Our offices are secured by a security system and physical files are kept locked on site. Digital files are stored electronically on Google Inc.’s G Suite Core Services, which are audited using industry standards such as ISO 27001, ISO 27017, ISO 27018, and SOC 2 and SOC 3 Type II audits, which are the most widely recognised internationally accepted independent security compliance audits.
Electronic personal information is stored in databases requiring logins and passwords for access, and is restricted to staff who require access.

As disclosed in our letter of engagement to clients, files that contain client’s personal information are retained for no more than seven years. We destroy all client files and documents seven years after the date of the final bill rendered by us in relation to each client matter. Access Records Management securely destroys documents by pulping or shredding and issues a certificate of destruction once the documents have been destroyed. Internal paper-based documents containing personal information are pulped before being recycled.


CoSec has implemented Privacy Compliance Programs to ensure our compliance with the notifiable data breaches obligations under the Privacy Law.

However, in the event of a serious data breach, we will take all steps required of us under the law, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) if necessary.


CoSec welcomes the EU General Data Protection Regulation (GDPR) as an important step forward in streamlining data protection requirements across the EU.

Where you are located in the EU, or CoSec offers its services within the EU, CoSec will comply with the GDPR in the delivery of its services, in addition to or in replacement of its compliance with the Privacy Law (as required by relevant law).


You may request further information about the way we manage your personal information or lodge a complaint by contacting our Privacy Officer(s) on the contact details below.

We will deal with the complaint by investigating the complaint, and providing a response to the complainant within 15 business days, provided that we have all necessary information and have completed any investigation required. In cases where further information, assessment or investigation is required, we will seek to agree alternative time frames with you.


Our Privacy Officer is Blair Lucas. If you have a question regarding the personal information that CoSec holds about you, please contact [email protected].

A copy of our Privacy Policy will be available on our website at all times. However, if you would prefer a printed copy of our Privacy Policy, or if you would like us to send you a copy of our Privacy Policy by email, please contact our Privacy Officer as set out above.

We are constantly reviewing all of our policies and attempt to keep up to date with market expectations. Technology is constantly changing, as is the law and market place practices.

As a consequence we may change this Privacy Policy from time to time or as the need arises.
This Privacy Policy was last updated July 2018.