Privacy Policy

Burrows Legal Pty Ltd ACN 138 544 199 (Burrows Legal, we or us) is a specialist legal executive search and selection consultancy. We are located at Level 40, 140 William Street, Melbourne, Australia.

To work with Burrows Legal, or to use our website and services, we may need to collect some information about you. We understand that some of this information may be sensitive, and we take your privacy and the protection of your personal information seriously.

While we are not currently bound by the Privacy Act 1988 (Cth), we believe in being transparent about how we handle personal information. This policy sets out how we collect, use, store and protect your personal information, and reflects our commitment to treating your data with care and respect.

1. How we engage with you

The types of personal information we collect, how we collect it, and why we collect, use and disclose it depend on how you interact with us. Our key interactions with individuals include:

Candidates	individuals who engage with us, or may engage with us in the future, to find suitable employment opportunities with our clients
Clients	individuals at organisations that engage us, or may engage us, to source and place candidates
Contractors and Employees	individuals who work with us, or may work with us, to help deliver our services
Referees	individuals who provide, or may be asked to provide, employment references for our candidates

 

2. Your choice

It’s always your choice whether to share personal information with us. However, if you choose not to provide certain details, we may not be able to deliver some of our services or communicate with you effectively.

For example, we may be unable to assess your suitability for a role, present you to potential employers, or engage you as a client, contractor, or referee without the necessary information.

If you have any concerns about the information we request, please contact us to discuss your options.

 

3. What personal information we collect

We aim to collect only what we reasonably need to deliver our services and operate our business. Types of personal information that we may collect about you include:

	Candidate	Client	Contractor & Employee	Referee
Identity Data – such as your name, age, date of birth, profession, or photographic identification.	✓	✓	✓	✓
Contact Data –  such as your email address, phone number, date of birth and postal address.	✓	✓	✓	✓
Financial Data – such as your bank account or payment card details	✓		✓
Transaction Data – such as details of payments made by or to you, and records of the services you’ve received from us (or we’ve received from you).		✓	✓
Technical and Usage Data – when you visit our website, we may collect your IP address, browser type, device info, geo-location data, search and click behaviour, and session statistics. This may occur through cookies and analytics tools.	✓	✓	✓	✓
Interaction Data – such as information you share with us through social media, surveys, forms, events, or other interactive features.	✓	✓	✓	✓
Marketing and Communications Data – such as your preferences for receiving updates or promotional materials from us or third parties, and how you prefer to communicate with us.	✓	✓
Professional Data – such as information related to your professional life, including interview notes, your CV, profile, academic transcripts, qualifications, past work experience, and any licences or authorisations you hold.	✓	✓		✓
Skills and Testing Data – such as outcomes of employment reference checks and employment related testing data such as results of online skills tests, psychometric tests, the results of any competency or medical test or performance feedback (whether positive or negative).	✓
Incident Data – such as any complaints from your workplace, any information about a workplace accident in which you are involved, and any information about any insurance investigation, litigation, registration or professional disciplinary matter, criminal matter, inquest or inquiry in which you are involved.	✓

For candidates and contractors and employees, the above personal information may include sensitive information.

 

4. How we collect your information

We may collect personal information about you from a range of different sources. These include:

	How we collect directly from you	How we collect indirectly
Candidates	Apply for a role through us or submit your CV Engage with us by phone, email, or in person Participate in interviews or assessments arranged by us Provide additional details to support your application, such as qualifications or work history	Referees you nominate Publicly available sources such as LinkedIn, job boards, or professional profiles Background screening providers (where authorised) Clients during the recruitment process (e.g. feedback following interviews)
Clients	Contact us to request recruitment or advisory services Engage with us by phone, email, or in person Participate in meetings, calls, or email exchanges about candidate needs Engage us under a services agreement or provide feedback on candidates	Company websites, professional directories, or business networking platforms such as LinkedIn Public registers or regulatory bodies (to verify details of your organisation or position) Referrals from mutual contacts or other professional advisers
Contractors & Employees	Apply to work with us or sign a contract of employment or engagement Engage with us by phone, email, or in person Provide identification, qualifications, or payroll information Use our internal systems and tools as part of your role	Referees, background screening providers, or professional bodies Government agencies or regulators (e.g. for right-to-work or superannuation purposes) Publicly available sources such as LinkedIn, job boards, or professional profiles
Referees	Engage with us by phone, email, or in person Provide a reference for a candidate we are assessing	The candidate who has nominated you as a referee Publicly available professional profiles or company websites (to verify your role and relationship to the candidate)

 

 

5. Why we collect your information

We collect, use and disclose personal information for purposes that are reasonably necessary for our functions and activities. These purposes differ depending on your relationship with us.

Candidates	assess your suitability for employment opportunities with our clients, including carrying out criminal record and bankruptcy checks communicate with you about available roles, recruitment processes and career opportunities provide our recruitment and placement services to you and our clients register you as a member of our alumni network
Clients	provide recruitment and related advisory services to your organisation manage our business relationship, including communications, billing and performance reporting
Contractors & Employees	engage and manage your employment or contracting relationship with us administer payroll, superannuation, compliance and workplace health and safety obligations evaluate and manage performance, development and conduct matters
Referees	verify information provided by candidates assess a candidate’s suitability for employment opportunities

Other business purposes

We may also collect, use and disclose personal information for purposes such as:

• complying with legal, regulatory, professional and insurance requirements;
• responding to complaints, claims or investigations;
• conducting audits, quality assurance and business improvement activities; and
• maintaining appropriate business and accounting records.

Secondary purposes

We’ll only use or disclose your personal information for a different purpose (other than why we originally collected it) if:

• you’ve given your consent, or
• the new purpose is related to the original reason we collected it, and you would reasonably expect us to use it in that way.

For sensitive information, we’ll only use or disclose it for a different purpose if:

• you’ve given your express consent, or
• the new purpose is directly related to the original reason we collected it, and you would reasonably expect us to use it in that way, or
• we are required or authorised to do so by law.

 

6. Who we share your personal information with

We may share your personal information with trusted third parties when it’s necessary to deliver our recruitment and staffing services, operate our business, or meet legal obligations. This may include:

• Clients – for candidates, we may share your information with potential employers for the purpose of assessing your suitability for roles, arranging interviews, and managing placement outcomes.
• Candidates and Referees – for clients, we may share candidate information (including CVs, qualifications and interview feedback) and may contact referees to verify candidate information.
• Our employees, contractors and professional advisers – who assist in providing recruitment, HR, legal, accounting or business support services.
• External service providers – who help us run our business, such as IT providers, cloud-hosting services (e.g. Microsoft), website or email platform providers, payroll processors and data storage partners and providers who conduct criminal record and bankruptcy checks.
• Analytics, data and AI technology providers – such as Google Analytics and trusted AI platforms that support our service delivery (for example, document drafting, summarisation or workflow automation), always with appropriate safeguards in place.
• Government agencies, regulators, courts or law enforcement bodies – where required or authorised by law.
• Other third parties – where you have authorised us to share your information, or where disclosure is otherwise required or permitted by law.

We do not sell or rent your personal information to anyone. We only disclose it where reasonably necessary to provide our services, manage our operations or comply with our legal obligations.

Disclosure of Personal Information Outside Australia

Some of our trusted service providers may store or process personal information overseas, particularly where we use cloud, analytics or AI-based platforms to support our operations. These providers are mainly located in the United States of America.

When we share information with overseas providers, we take reasonable steps to ensure your information is handled securely and in accordance with this Privacy Policy.

 

7. How we store your personal information

We’re committed to keeping your personal information safe.

Your information is primarily stored in the following secure cloud environments:

• Microsoft 365 (https://learn.microsoft.com/en-us/microsoft-365/security/?view=o365-worldwide)
• Dropbox (https://www.dropbox.com/business/trust); and/or
• Bullhorn (https://www.bullhorn.com/security/).

Information on the technical security controls in place for each product are set out at the websites above.

Except for Bullhorn, our systems are hosted on Australian infrastructure. Bullhorn is hosted in the United States of America.

We apply a combination of technical and organisational measures to protect personal information from misuse, interference, unauthorised access, modification, or disclosure. These include:

• restricting access to personal information on a need-to-know basis;
• monitoring and logging system access;
• using secure work environments and encrypted communications;
• enforcing strong access controls and endpoint protections; and
• reviewing and updating our security practices.

We also maintain secure Network Attached Storage backups of our data in addition to our cloud-based systems. These backups are stored on encrypted drives within controlled premises and are used solely for data recovery and business continuity purposes. Access to backup data is restricted to authorised personnel only, and we apply the same security and confidentiality safeguards that apply to our live systems.

Where physical files are necessary, they will be kept securely on site in lockable storage facilities.

While we take reasonable steps to protect your information, no system or transmission over the internet is completely secure. Once we receive your information, we take active steps to safeguard it.

 

8. How long we retain your personal information

We keep personal information only for as long as necessary to fulfil the purposes for which it was collected. In most cases, this means retaining it for the duration of your relationship with us and for up to seven years after your last contact with us.

We may retain information for longer if required by law, regulation, or a court or government directive.

When personal information is no longer needed and we are not legally required to keep it, we take reasonable steps to securely destroy or de-identify it.

 

9. How to access and update your personal information

If you would like to see or update the personal information we hold about you, please contact us using the details at the end of this policy.

We’ll take reasonable steps to verify your identity and respond within a reasonable timeframe. If we update your information, we can also take steps to notify any third parties we’ve shared the original information with, where appropriate.

If we’re unable to provide access or make the changes you request, we’ll explain why and outline any available options to address your concerns.

 

10. Privacy and data breaches

If you become aware of, or suspect, any unauthorised access to, misuse of, or loss of personal information in connection with Burrows Legal, please contact us immediately.

If we have reasonable grounds to believe that a data breach involving personal information has occurred, we will act promptly. We are committed to protecting your personal information and responding to incidents with transparency and care.

 

11. Cookies, Pixels and Tracking Technologies

When you visit our website, we may collect certain information automatically using cookies, pixels, and similar technologies. These tools help us understand how visitors use our site, improve functionality, and deliver relevant content or marketing.

They may collect details such as your browser type, device information, pages viewed, time spent on the site, referring websites, and general location data. This information usually does not identify you personally but may be linked with other details if you’ve interacted with us in other ways.

You can manage or block cookies through your browser settings, although some features of our website may not work properly if you do.

 

12. Third party websites and content

Our website may contain links to websites operated by third parties. These links are provided for your convenience, but we don’t control and are not responsible for the content, privacy practices, or security of those third-party sites.

We make no representations or warranties about how third parties handle your personal information. If you follow a link to another site, we recommend reviewing that site’s privacy policy before providing any personal information.

 

13. Questions or complaints

If you have any questions about this Privacy Policy or are concerned about how we’ve handled your personal information, please contact us at:

Privacy Contact
Email: [email protected]
Phone: +61 3 9614 5522

If you’re making a complaint, please include details of your concern and any supporting information. We may ask for proof of identity to ensure we’re responding to the right person.

We take privacy concerns seriously and aim to acknowledge and respond within 30 days of receiving your complaint.

If you’re not satisfied with our response, you may wish to raise your concern with the Office of the Australian Information Commissioner (OAIC), although we are not formally regulated under the Privacy Act, the OAIC can still provide general information about privacy rights and handling practices.

 

14. Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, practices, or business operations. The most current version will always be available on our website.

We encourage you to check our website periodically to stay informed of any updates. If we make a material change to how we handle personal information, we will highlight it on our website or notify you directly where appropriate.