Nuwaru Logo Glyph
2022 Finalists Fast-Growing Firm of the Year

Privacy Policy

Our Privacy Policy

Nuwaru Pty Limited is committed to treating the personal information we collect in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act). This policy sets out how Nuwaru handles personal information.

This privacy policy does not apply to personal information collected by Nuwaru that is exempted under the Privacy Act, for example employee records.

Our privacy policy will be reviewed regularly to take account of changes in legislation, technology, and our operations and practices. We aim to ensure the policy is appropriate to the changing environment. We will inform you of any changes we make to this privacy policy as necessary.

Our privacy policy is based on openness about how we use and protect your information.

Requesting a copy of Nuwaru Privacy Policy:

Our privacy policy is available on our website. However, on request, we may be able to provide you with a copy of the policy in an alternate format. If you have any enquiries or would like to make a request for a copy of the policy, please contact our Privacy Officer (refer to contact details below).

  1. Purposes for which Nuwaru collects, holds, uses and discloses personal information
    • We only collect, hold, use and disclose personal information which is reasonably necessary to ensure that we are able to provide you with the products and services that are appropriate to your needs. We will outline to you when you engage our services the purposes for which we will collect, hold, use and disclose your personal information.
  2. Kinds of personal information Nuwaru collects
    • Due to the nature of the products and services we provide, and the requirements of legislation and regulations, we ask for a range of personal information from our customers.
    • The types of personal information we may collect can include details such as:
      • Names, employment titles, contact details;
      • Date of birth and gender;
      • Information in identification documents (e.g. passport, driver’s licence);
      • Tax file numbers and other government related identifiers;
      • Assets and liabilities;
      • Educational qualifications and employment history;
      • Personal income;
      • Visa and work permit status;
      • Bank account details;
      • Shareholdings and details of investments;
      • Superannuation details;
      • Tax and financial statements;
      • Information regarding insurance;
      • Personal information about your spouse and dependants.
    • It may be necessary in some circumstances for Nuwaru to collect sensitive information about you in order to provide specific services. The types of sensitive information we may collect include:
      • Health status;
      • Ethnic origin;
      • Details of any membership/s to professional associations;
      • Criminal record.
    • You have a right to refuse to provide us with your personal information or to anonymity or the use of a pseudonym. However, if you do refuse to provide such information, or request the use of anonymity or a pseudonym we may be unable to complete or fulfil the purpose for which such information was collected, including providing you or our clients with the services we were engaged to perform.
  3. Collection, holding, using and disclosing of personal information
    • Collection – General
      • When we collect, hold, use and disclose personal or sensitive information it must be done through lawful and fair means. Consent must be obtained to collect, hold, use and disclose personal information. We are not required to obtain your consent to collect, hold, use of disclose your personal or sensitive information if the collection is required or authorised by or under an Australian law or a court/tribunal order. There are other exceptions to the requirement of obtaining your consent in accordance with the Australian Privacy Principles. If you would like more information on these requirements, please contact our Privacy Officer.
    • Methods of collection
      • Nuwaru use a variety of formats for the collection of personal and sensitive information. These include:
        • Requiring clients to complete a Client Profile or other forms;
        • Information provided by client in an engagement agreement or statement of work;
        • Receipt of emails, letters and other correspondence;
        • Telephone calls;
        • Appointments in person;
        • Publicly available records;
        • Through a customer’s personal representative;
        • Through use of our website, such as via contact mailboxes or online enquiry forms, or through the registration process (see more information about ‘web analytics’ in Clause 2).
      • In every circumstance we will attempt to obtain such personal and sensitive information directly from you. If that is unreasonable or impracticable, we will attempt to obtain such information from other sources in accordance with Clause 3(a) above.
    • Collection of someone else’s personal information
      • You should only provide us with someone else’s personal information where you have their express consent to do so and it is for the purpose of us providing services to you. Matters in this policy should be communicated to any person whose information you collect and provide to us. In providing such information you agree that you have obtained the relevant consent and are authorised to do so.
    • Unsolicited personal information:
      • There may be circumstances where we are provided with personal information which we did not actively seek. An example may be misdirected mail, or an excess of documents provided to us by clients.
      • In such situations, our Privacy Officer will make a determination on whether we could have obtained the information lawfully. If the information was not lawfully obtained it will be destroyed or de-identified. We will try to notify the relevant person, whose information has been mistakenly received, if this situation arises.
  4. Security of personal information
    • Safeguarding the privacy of your information is important to us. We hold personal information in a combination of secure cloud based computer storage facilities, and take steps to protect the personal information we hold from misuse, loss, interference, unauthorised access, modification or disclosure.
    • Nuwaru trains its employees and consultants carefully on handling personal information and confidentiality of such information.
    • Once we have no purpose for holding your personal information, we will take all reasonable steps to destroy or de-identify the information.
  5. Disclosure of personal information overseas and sharing personal information amongst and within the Nuwaru Group network
    • Disclosure amongst and within the Nuwaru Group
      • Nuwaru operates virtually through a network of contractors. Nuwaru also has a network of alliance firms, both in Australia and overseas, which assist in delivering requested services to clients.  We refer to Nuwaru and its network of contracted consultants and alliance firms collectively as the “Nuwaru Group”. To meet the purposes for which your personal information has been collected we may disclose your information to others in the Nuwaru Group.
    • Disclosure overseas
      • Nuwaru utilises some service providers overseas to process data and help deliver services to you. We may disclose your personal information to these providers from time to time. Such overseas disclosure could include but not be limited to service providers located in India, New Zealand, United Kingdom, United States, Ireland, Germany, China, Canada, Singapore, and Hong Kong. When required, your personal information will only be disclosed to an overseas person or business in the following circumstances:
        • Where the overseas recipient has signed a contract with us which creates legal obligations to comply with Australian Privacy Law;
        • If the recipient is subject to similar privacy law as Australian privacy law, and you are able to personally access avenues to enforce the protection of those laws;
        • If you provide written consent for Nuwaru to disclose the information after we provide you with full information; or
        • If the disclosure is required or authorised by or under an Australian law or a court/tribunal order.
      • On collection of your personal information, we will inform you whether it is likely we will disclose the information to an overseas recipient and, if so, where those recipients are likely to be located.
    • Disclosure to third party service providers
      • Nuwaru utilises third party providers (such as IT providers and market researchers) for its business and to deliver services to you. It may be necessary for us to disclose non-sensitive personal information to these providers from time to time. Such disclosure will be in accordance with this Privacy Policy and privacy laws.
  6. Privacy on our websites
    • The Nuwaru website may use Google Analytics or other third-party software to analyse user behaviour. Google Analytics and such other software may use cookies, which are text files placed on your computer for the purpose of anonymously identifying your session. These cookies are not used to grant Nuwaru access to your personally identifiable information. Non-identifiable information (such as the pages you visit) may be tracked. By directing your browser to delete your cookies, this data will be erased.
    • The information is collected using first party cookies, meaning that only Nuwaru is able to access your information. Your information may be aggregated with information from other users for the purpose of improving our website and offerings. We will not associate any data gathered from our website with any personally identifiable information, unless you explicitly submit that information (e.g. your email address) via our online information form.
    • Any links to third party websites on Nuwaru website are not covered by our privacy policy.
  7. Direct marketing
    • Nuwaru may engage in direct marketing to you from time to time.
    • When required, your personal information will only be used or disclosed for direct marketing where the information is not sensitive information, is collected directly from you and there is an easy means to opt out of such marketing (and such an opt out request has not been made) in the following circumstances:
      • Where you would expect Nuwaru to use or disclose the information for direct marketing purposes; or
      • You have consented to the use or disclosure of the information for direct marketing purposes.
    • If you do not wish to receive these materials, please contact our privacy officer.
  8. Access to personal information
    • You have the right to access any personal information regarding you that Nuwaru holds. This is subject to some limited exceptions, which the Privacy Officer can provide further information on.
    • Such requests should be made in writing to the Privacy Officer. We will acknowledge your request within 14 days and respond to it within a reasonable time.
    • Nuwaru may charge a fee only to cover the cost of locating, retrieving, reviewing and copying any material requested. We will not charge any fee to make the request or to for us to give effect to the request.
    • If your request is approved, we will provide you with access to the information in the manner requested if it is reasonable and practicable to do so.
  9. Correction of personal information
    • Nuwaru endeavours to ensure that the personal information it holds is accurate and up-to-date.
    • You are able to make a request to correct the information by contacting our Privacy Officer, or by telephoning or emailing us with your corrected information. In some limited circumstances your request may be refused or partially refused.
  10. 10. Procedure if your request to access or correct is refused
    • There may be limited circumstances where your request is refused or partially refused.
    • If this occurs we will give you a written notice that sets out:
      • The reasons for the refusal, including the reasons why access cannot be granted in an alternative way (except where it would be unreasonable to provide those reasons);
      • How to make a complaint about the refusal;
      • Any other matter as prescribed by the regulations.
    • If your request to correct is refused you have the option of submitting a statement associated with your personal information. For more information contact the Privacy Officer.
  11. How to make a complaint
    • If you consider that any action of Nuwaru breaches this policy or the Australian Privacy Principles, you are able to make a complaint. Once we have received your complaint, it will be assessed and acted upon within a reasonable time.
    • To make a complaint please contact our Privacy Officer. If you are not satisfied with our response to your complaint, you may contact the Office of the Privacy Commissioner.
  12. General Data Protection Regulation (European Union)
    • This section applies if the General Data Protection Regulation being Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) applies to our dealings with you including because we provide services to you and you reside in the European Union.
    • Where the GDPR applies (a) we confirm that we will comply with our obligations under the same, (b) you have all of the additional rights set out in in the GDPR as well as the rights set out in the rest of this Policy. Where the GDPR applies to our dealing with you any provision in this Policy which is contrary to the GDPR will be deemed not to apply.
    • We will store your Personal Information for (a) the period we require it to provide services to you and generally for a period of 7 years after the end of our engagement in respect of such services, and (b) any longer period which the law or good business practice requires.
    • Where you have consented to the processing and use of your Personal Information under Article 6.1(a) or 9(2)(a) of the GDPR, you may withdraw such consent at any time.
    • You have a right to require us to erase your Personal Information as allowed under Article 17 of the GDPR including where (a) the Personal Information is no longer necessary for the purposes for which it was collected, or (b) you withdraw your consent and there is no legal grounds for the continued use or processing of the Personal Information by us.
    • You have a right to obtain from us a restriction on the use and processing of your Personal Information as set out in Article 18 of the GDPR where (a) the accuracy of your Personal Information is contested by you, (b) the use or processing is unlawful, you oppose the erasure of the Personal Information and request we restrict the use of the same instead, or (c) we no longer need the Personal Information but you require the same for the exercise or defence of a legal claim.
    • Where you have consented to the processing and use of your Personal Information under Articles 6.1(a) or 9(2)(a) of the GDPR and the processing of your Personal Information is carried out by automatic means you have a right (a) to receive your Personal Information in a structured, commonly used and machine-readable format, and (b) to transmit that Personal Information to another person or entity without hindrance from us.
    • You have a right to obtain from us without undue delay the rectification of inaccurate Personal Date concerning you.
    • Subject to the restrictions in Article 14(5) of the GDPR, where we do not collect the Personal Information from you we will provide you with the information required under Article 14(1) and 14(2) within the time required by Article 14(3).
    • Where we are providing services to you the provision of Personal Information will be a contractual obligation so we can provide the services and, where applicable, so we can meet any statutory obligations. Failure to provide such Personal Information may mean we are unable to provide the services to you in whole or in part.
    • If at any time the GDPR requires us to have a data protection officer, then the Privacy Officer referred to below will be our data protection officer.
    • We will transfer your Personal Information outside of the European Union where you have expressly consented in writing or it is necessary for the performance of a contract with you (e.g. so we can provide services to you). We note New Zealand and Canada are recognised by the European Union as being countries outside of the European Union which offer an adequate level of data protection for the purposes of the GDPR. However, currently Australia is not recognised by the European Union as being a country outside the European Union which offers an adequate level of data protection for the purposes of the GDPR.
    • You have a right to receive and obtain from us confirmation as to whether or not Personal Information concerning you is held or being used or processed by us, and if so, (a) the purposes of the use and processing, (b) the categories of Personal Information concerned, (c) the recipients or categories of recipients to whom your Personal Data has been disclosed including recipients in third countries, (d) where possible, the envisaged period we will store your Personal Information, or if this is not possible, the criteria we use to determine that period, (e) your right to request we rectify or erase your Personal Information or restrict the use and processing of your Personal Information (see other paragraphs of this clause as to details of your rights in respect of these matters), (f) information as to your rights to lodge a complaint with the independent public authority in the country in the European Union in which you reside, (g) where we do not collect your Personal Information from you, any available information as to the source of the same, and (h) the existence of automated decision making (including profiling) and meaningful information as to the logic involved, as well as the significance and envisaged consequences of such processing and use for you.
  • First implemented: 13 February 2020
  • Last updated: 13 February 2020
  • Current Privacy Officer: David Early
  • Phone: 0400 625 964
  • Email:

Recent News