Privacy Policy

1. Introduction

Welcome to EI Legal! We value the trust you place in us when providing us with your Personal Data, and we aim to protect your data to the highest of standards as we provide our services to you.

EI Legal is an affiliate entity of the Employment Hero Group. 

2. Scope of this Privacy Policy

We collect Personal Data about you to provide specialised employment law services including legal advice and representation (“Services”). 

This Privacy Policy describes how we process the Personal Data of visitors of our websites, and existing and prospective clients who request or receive our Services, (“you” or “your”). It also describes your data protection rights. 

3. Who are we

EI Legal is a law firm specialising in employment law matters and is a member of the Employment Hero Group. In this policy, “EI Legal”, “we”, “us” or “our” means EI Legal Pty Ltd. EI Legal is a member of the Employment Hero Group, and you can find out more about who we are through this list of EI Legal affiliates here

4. Personal Data

Data Classification


Personal Data

Personal Data (also known as “Personal Information”) is any information relating to an identified or identifiable natural person, i.e. one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Special Categories of Personal Data

Special Categories of Personal Data (also known as “Sensitive Information”) include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

If you cannot be identified, then this notice does not apply to you. An example of this is when your Personal Data has been aggregated and/or anonymised.

5. Types of information that we collect

The Personal Data we collect and process will vary depending on your dealings with us and the Services we provide to you. 

The types of Personal Data we collect below from you may include:

  • Individual and contact information including name, date of birth and age, details regarding gender, sex, marital status, residential and/or postal address, email address, and telephone number. 
  • Employment related information including occupation or job title, information relating to your current employer, information relating to your former employer and role, key dates relating to your current role and/or past roles, superannuation information, salary details, citizenship and visa status for work eligibility purposes, and tax information.
  • Other information relating to your matter or issue including information about you or any other person involved in the matter or issue you bring to us in connection with your request for our Services.
  • Billing information including payment details such as banking, or debit/credit card details.
  • Special Categories of Personal Data including health or disability information, biometric information, immigration information, criminal history and background checks, and certain diversity related information. This information is only collected with explicit consent and on a as needed basis to provide our Services. 

6. How we collect your information

We may collect Personal Data in the process of offering and providing our Services to you, or through other means when we engage with you or third-parties. 

  • Through our Services – we will collect Personal Data through your interactions with us via online forms, email, phone call and in-person communications, and any other voluntary engagements that you have with us which result in your Personal Data being provided to us. 
  • Automatic collection – we may automatically collect usage information when you browse our websites. This information includes digital interactions data, i.e., how you use our digital properties (including our websites, third-party websites, social media sites, and electronic communications), and marketing and cookie preferences, including any consent you have given us.
  • General collection from third-parties – we may collect your Personal Data from third parties where you have provided consent, or where such Personal Data is provided to us under a legal basis and solely for the purpose of providing our Services to you. This also includes situations where Personal Data is collected during the entirety of any legal procedures like discovery and court hearing. 
  • Collection from affiliates – we may collect Personal Data about you through our affiliates, including, but not limited to, situation where you are referred to us by an affiliate or we support an affiliate entity in providing one of their services (e.g. we may support Employment Hero in providing its HR Advisory services to customers). 

Information we collect from you about third parties

From time to time, you may provide us, and we may collect from you, Personal Data of or about a third party (for example, information you provide to us as an employer about or on behalf of your employees). When you provide the Personal Data of a third party, it is your responsibility to ensure that the necessary consent has been acquired or other lawful basis is relied on, and that those individuals are aware of this Privacy Policy.

7. Why we process your information


The legal basis we may rely on when processing Personal Data


  • Contractual performance – we have obligations under our contract with you. To fulfil those obligations, we will have to use your data.
  • Consent – in certain cases, we ask for your consent to use your data. Whenever we ask for your consent, we will explain the situations where we use your data, and the purposes for which the data will be used.
  • Legitimate interest – we can process your data when this is necessary for us to achieve a business purpose, or where this is necessary for someone else to achieve their purpose. We explain below what interests we, or others, are trying to achieve when we process your data. Where we process Personal Data on the basis of a legitimate interest, then to the extent required by data protection law, we carry out a balancing test to document our interests, to consider what the impact of the processing will be on individuals, and to determine whether individuals’ interests outweigh our interests in the processing activity taking place.
  • Legal obligation – as an organisation, we are obliged to comply with applicable legal and regulatory requirements. In certain cases, we will have to use your Personal Data to meet these obligations.


Purposes for processing Personal Data

In the table below, we have explained the reasons for which we process your Personal Data, the processing activity that we carry out, the legal basis that applies in each instance, and the categories of data that we use for such activities.

What We Do And Why

Legal Basis

Personal Data

Fulfilling our contract, or taking steps linked to our contractual obligations

Contractual performance, consent

Any types of data identified as is necessary for this purpose

Providing our Services, including ancillary Services such as client support 

Contractual performance, consent

Any types of data identified as is necessary for this purpose

Processing payments for our Services

Contractual performance

Billing information

Storing payment history information

Legal obligation

Billing information

Sending direct marketing

Consent, legitimate interest

Individual and contact information, Business contact information, Employment related information

Conducting surveys and other market research to ensure our Services are relevant to your needs

Consent, legitimate interest

Individual and contact information, Business contact information, Employment related information

Managing our use of tracking technologies such as cookies and analysing collected data to learn about our Services


Device data and data relating to the usage of Services

Sending service, technical and other administrative messages relating to our Services

Contractual performance, legitimate interest

Individual and contact information, Business contact information, Employment related information

Investigating, raising or defending ourselves from legal claims

Legitimate interest, legal obligation

Any types of data identified as is necessary for this purpose

Investigating any suspected breach of any of our terms and conditions or unlawful activity engaged in by you

Legal obligation

Any types of data identified as is necessary for this purpose

Responding to legal matters, including court orders, subpoenas, or other legal processes

Legal obligation

Any types of data identified as is necessary for this purpose

Complying with our compliance, regulatory, auditing, and investigative obligations (including disclosure of such information in connection with legal process or litigation) 

Legal obligation

Any types of data identified as is necessary for this purpose

Verifying your identity and/or your business, and carrying out credit report checks

Consent, legal obligation

ID verification and credit report information, Special Categories of Personal Data

Processing data when undertaking mergers, acquisitions, reorganisations, or disposals, as permitted/required in accordance with applicable law

Legitimate interest, legal obligations 

Any types of data identified as is necessary for this purpose

Direct marketing and other communications

When we send you direct marketing based on our legitimate interests or where you have provided us with explicit consent, these communications may be sent in various forms, including email, SMS, or social media. You may also receive direct marketing from our affiliates if you have subscribed to receive such content from them. 

You have an absolute right to opt out of direct marketing at any time. You can do this by following the instructions in the communication within the electronic message we send to you, or by contacting us via email at or 

We will still send you important service or transactional notices relating to our Services even after you have opted out of receiving direct marketing communications. 

Cookies and tracking technologies

The websites we provide use cookies and similar technologies on our websites. Cookies are small text files containing a string of alphanumeric characters which are sent to your computer that uniquely identifies your browser and lets us enhance your experience when using our websites. Cookies also convey information to us about how you use our websites.

When you use our websites, we may use cookies and similar technologies for the purpose of authenticating your use, remembering your preferences and settings, determining the popularity of content, and analysing and understanding your interactions with our websites.

The information that may be recorded includes information regarding your:

  • server address;
  • domain name;
  • date and time of visit;
  • previous websites visited;
  • use of our sites; and
  • browser type.

You can also read our Cookie Policy to further understand how cookies and similar technologies may be used to collect and use your Personal Data.

8. How we share your Personal Data


Sharing of information when providing our Services

We may share your Personal Data with our affiliates and with other third parties from time to time for the purposes of providing our Services. We may disclose your information to:

  • Members and personnel of EI Legal and its affiliates – we may share your information between across our business, including with our employees, and representatives for the purposes of the delivery and operation of our Services, and fulfilling requests by you, and we may occasionally and on a strictly as needed basis share information with certain affiliate entities;
  • Third party service providers – we may disclose your Personal Data to third parties who provide services, software, and content made available for use on or through our Services (including add-ons and integrated services);
  • Legal and regulatory authorities – we may share your information with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws;
  • Parties involved in a business sale – in the event that we undergo any reorganisation, restructuring, merger, sale, or other transfer of assets your information will be disclosed to our advisers and any prospective purchaser’s adviser and will be passed to any new owners of the business;
  • Event partners – we may share limited individual contact information with event or promotion partners for the purpose of delivering such event or promotion; and
  • Business partners – we may share your data with our existing or potential agents, business partners, or joint venture entities to enable us to perform our business activities in relation to our services.

9. International data transfers

We may disclose Personal Data outside of the country in which our clients are based in connection with the purposes identified in this Privacy Policy, and the Services described. International data transfers may occur when we share Personal Data with affiliates or third parties solely for the purpose of delivering our Services. 

We take measures to ensure that international data transfers take place in compliance with applicable laws relating to international data transfers and in accordance with at least the standards that apply in the country whose privacy or data protection laws apply to that Personal Data.


10. Third-party links

The Services may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website. Third-party websites are responsible for informing you about their own privacy practices and policies and you are encouraged to review the privacy notices.


11. Storage and security of Personal Data

Personal Data held by us will be stored and managed securely in Australia.

Please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure and we are unable to guarantee the absolute security of the Personal Data we have collected from you. We use secure systems and platforms to ensure protection of your Personal Data and confidential information. We also take strict security measures to ensure legal privilege is upheld.

You can learn more about how we keep your Personal Data secure by viewing our Security Centre and visiting our Security Portal.


12. Data retention

We store data for as long as necessary to provide our Services and in accordance with our internal Data Retention Policy. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs. You can request deletion of some Personal Data whenever you like, some data is deleted automatically, and some data we retain for longer periods of time.

Sometimes business and legal requirements oblige us to retain certain information, for specific purposes, and for an extended period of time. Reasons we might retain some data for longer periods of time include security, fraud prevention, legal record-keeping, financial record-keeping, complying with legal or regulatory requirements, and ensuring the continuity of our Services.

13. Your rights and choices

You have the right to access your Personal Data, or to correct, delete or restrict processing of your Personal Data. You can also obtain the Personal Data you provide to us on a contractual basis or with your consent.

In addition, you can object to the processing of your Personal Data in some circumstances, i.e., when we process your Personal Data based on our legitimate interests or where we are using the data for direct marketing.

These rights may be limited, for example, if fulfilling your request would reveal Personal Data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, including obtaining a copy of your legitimate interest balancing test, you can get in touch with us using the details set out below. If you have unresolved concerns, you have the right to complain to a data protection authority where you live, work or where you believe a breach may have occurred.

Where we rely on your consent, such as in relation to direct marketing communications, you will always be able to withdraw that consent at any time.

If you ask to withdraw your consent to our processing of your data, this will not affect any processing which has already taken place.


14. How to get in touch with us

If you have any questions or concerns about how we process your data, please contact us via email at or

15. Enforcement and complaints

If you have a complaint regarding this Privacy Policy or any breach of applicable data protections laws, please contact us in accordance with section 14 above. Once we receive a complaint, we will commence an investigation as soon as practicable. We may contact you during the process to seek any further clarification if necessary. We may also contact you to inform you of the outcome of the investigation.

We will aim to ensure that all questions and concerns are resolved in a timely and appropriate manner. 

16. Changes to our Privacy Policy

We reserve the right to make changes to this Privacy Policy from time to time to reflect changes in the laws or regulations, our practices, our Services, or our operational requirements. You may periodically review this Privacy Policy to stay up to date with the latest changes. In the event that we make any significant changes in terms of data processing operations or any other change that may be relevant to you or impact you, we may additionally notify you via email.