Lewis & Grey

Privacy Policy (NSW, Australia)

Lewis & Grey International Pty Ltd
Registered office: Suite 477, 315 Castlereagh St, Sydney NSW 2000, Australia
Privacy contact: michael@lewisandgrey.com
Effective date: 14 August 2025

1) About this policy

This policy explains how Lewis & Grey International Pty Ltd (“Lewis & Grey”, “we”, “us”, “our”) manages personal information in Australia, including information collected through our websites, proposals and marketing, events, and when delivering services to clients. We manage personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy is governed by the laws of New South Wales (see §15).

2) Definitions (plain language)

Personal information means information or an opinion relating to an identifiable individual (or an individual who is reasonably identifiable), whether true or not and whether recorded in material form or not. This can include identifiers, contact details, online profiles, user profiles, online images of likeness, records relating to professional activity or presentation, and materials linked to a person’s identity or public profile.
Sensitive information includes certain categories such as health information and biometric identifiers (handled with additional care where applicable).
Services means our public relations and related advisory activities delivered to clients and prospects.
Proceed means we have made an internal decision that we may engage you (as a supplier, vendor, contractor, subcontractor or similar) now or in the future based on business needs, including where you are shortlisted, pre‑qualified, placed on a panel, or otherwise identified for prospective work.

3) Information we collect (user data)

We collect information needed to operate our business, communicate with you, and deliver services. Typical categories include:

Identification & contact (e.g., name, organisation, role, email, phone, postal address).
Interaction & preference data (e.g., enquiries, meeting notes, event RSVPs, newsletter preferences).
Transactional & engagement data related to our services (e.g., proposals, statements of work, feedback, billing contact details).
Online & device data (e.g., IP address, websites, online profiles, online profile images, device identifiers, pages viewed, timestamps, cookies—see §8).
Media & presentation materials you share online (e.g., professional profile materials or images).
Where we reasonably require sensitive information for a defined purpose, we will handle it in line with legal requirements and (where required) your consent. All content made public online is not considered sensitive.

4) How we collect information

We collect information directly from you (websites, online profiles, online profile images, forms, email, meetings, events), automatically via our online services (cookies, logs, analytics), and from third parties in limited contexts (e.g., your colleagues, public sources, or service providers acting on our instructions).

5) Why we handle information

We handle personal information for purposes reasonably necessary to our functions, including to:

Provide and improve services to clients and prospective clients;
Operate, secure and maintain our websites, platforms and records;
Communicate with you about updates, insights, and events (with easy opt‑out—see §9);
Comply with legal and regulatory requirements, and manage risk and disputes.
Where we rely on consent, you may withdraw it at any time using the contact details in §14.

6) Who we share information with

We disclose personal information to:

Service providers assisting our operations (e.g., hosting, storage, email, analytics, professional advisers) under confidentiality and privacy commitments;
Third parties as reasonably necessary to deliver work product and or prospect for new work engagements (for example, team credentials in a capability statement);
Regulators or courts where required by law; and
Related entities or potential transferees in connection with a business transaction.
Some recipients may be located outside Australia. We take reasonable steps in line with APP 8 before overseas disclosure.

7) Direct marketing

We may send newsletters, insights or event invitations that we think are relevant. You can opt out at any time (see any message or §14). We comply with the APPs and applicable marketing laws.

8) Cookies and analytics

We use cookies, tags and similar technologies to operate our sites, measure performance and improve content. You can adjust your browser to refuse cookies, noting some features may not function correctly without them. Where cookies involve personal information, they are handled under this policy.

9) Your choices

Marketing: unsubscribe via any message or contact us.
Browser controls: set preferences to manage cookies and trackers.
Consent: where we rely on consent, you can withdraw it for future use (see §14).

10) Security

We apply technical and organisational measures designed to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. We review these measures periodically in light of risk and regulatory guidance.

11) Retention and disposal

We retain personal information only as long as required for the purposes in §5 and applicable record‑keeping obligations, after which we will destroy or de‑identify it when it is reasonable to do so.

12) Access and correction

You can request access to personal information we hold about you and correction if it is inaccurate, out‑of‑date, incomplete, irrelevant or misleading. If we decline a request as permitted by law, we will explain why and how you can complain.

13.) Profile Disclosures

By accepting this Privacy Policy, you are agreeing to create a Profile with Lewis & Grey International Pty Ltd.

B1. Permission to prepare and disclose. If we proceed with you, you authorise Lewis & Grey International Pty Ltd (Suite 477, 315 Castlereagh St, Sydney NSW 2000) to collect, create, adapt, use and disclose your user data within third parties for the purpose of describing our delivery capability to clients and prospective clients. This may include preparing a short bio where none is provided and including a professional headshot.

B2. Licence and adaptations. You grant us a worldwide, royalty‑free, non‑exclusive licence to reproduce, host, distribute, crop, resize, re‑format and make minor edits to user data to ensure consistency with our house style, for the purposes in B1. We will take reasonable steps to ensure materials are accurate and current.

B3. Attribution descriptors (including “partner”). For clarity of roles in Promotional Materials, we may attribute your involvement using descriptors such as “partner”, “specialist partner”, “ecosystem partner”, “associate”, “collaborator” or similar terms. The “partner” descriptor is a branding shorthand only and does not create a partnership, joint venture, employment or agency relationship, confer authority to bind us, or imply profit‑sharing or fiduciary duties.

B4. Assurances about materials you supply. Where you provide any materials (including images), you warrant that you have all necessary rights and permissions for our use under this clause and that such use will not infringe another person’s intellectual property, privacy, publicity or confidentiality rights.

B5. Opt‑out for future use. You may withdraw permission for future use by emailing michael@lewisandgrey.com. We will act within a reasonable period to remove your profile from our website and cease new distributions. Withdrawal does not require recall of proposals or printed materials already distributed, but we will avoid further distribution and, where feasible, update versions going forward.

B6. Indemnity and release. To the maximum extent permitted by law, you release and indemnify Lewis & Grey International Pty Ltd from and against all losses, liabilities, damages, claims and costs (including legal costs on a full indemnity basis) arising from or connected with our preparation, adaptation and use of user data as permitted by this clause, including third‑party claims relating to privacy, publicity, intellectual property, defamation or confidentiality. Nothing in this clause excludes liability that cannot be excluded by law.

B7. No “holding‑out”; your own representations. You must not represent—outside of our Promotional Materials—that you are a legal partner, officer or employee of Lewis & Grey, or that you have authority to bind us, unless we agree in writing. Our use of the “partner” descriptor in Promotional Materials does not authorise you to make such representations.

B8. Data handling. We will handle user data in accordance with our Privacy Policy (NSW‑governed), including security, retention and access/correction practices.

B9. Survival. Sections B3–B7 survive any expiry or termination of discussions or engagements to the extent necessary to give them effect.

14) Data breaches

If a data breach is likely to result in serious harm, we will assess and, where required, notify affected individuals and the OAIC under the Notifiable Data Breaches (NDB) scheme. We may also provide guidance on steps you can take.

15) Contact and complaints

Questions, requests, or complaints can be sent to our privacy contact:
Email: michael@lewisandgrey.com
Postal: Privacy Officer, Lewis & Grey International Pty Ltd, Suite 477, 315 Castlereagh St, Sydney NSW 2000
We aim to respond within a reasonable time. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

16) Governing law

This policy is governed by the laws of New South Wales, Australia. You submit to the non‑exclusive jurisdiction of the courts of New South Wales.

17) Changes to this policy

We may update this policy to reflect legal, technical or business changes. The Effective date above shows when the latest version took effect. Where changes are material, we will provide appropriate notice.

Appendix A — Your privacy rights (summary)

Transparency: access to this policy and collection notices in clear terms.
Access & correction: request access to, or correction of, your information.
Opt‑out of marketing at any time.
Complaint routes: contact us first; if unresolved, you may contact the OAIC.

18) Full Force and Effect; Severability; Waiver; Amendment

18.1 Full force and effect. This document (including any incorporated schedules, appendices and policies) remains in full force and effect unless varied by a written instrument expressly stated to amend it and signed (including electronically) by both parties.

18.2 Severability. If any provision (or part of a provision) is held unlawful, invalid or unenforceable in any jurisdiction, that provision is severed to the minimum extent necessary, and the remainder continues in full force and effect. This clause applies notwithstanding any rule of construction to the contrary.

18.3 No waiver. A failure or delay to exercise a right, power or remedy is not a waiver of that right, power or remedy. A waiver must be in writing and is effective only in the specific instance and for the specific purpose for which it is given.

18.4 Cumulative rights. Rights, powers and remedies under this document are cumulative and do not exclude any rights, powers or remedies provided by law, in equity or otherwise.

18.5 Further assurances. Each party must do all things reasonably necessary (including executing documents) to give full effect to this document and the transactions it contemplates.

18.6 Order of precedence. If there is any inconsistency between this document and any schedule, appendix, policy or statement of work, this document prevails unless expressly stated otherwise.

19) Force Majeure

19.1 Definitions. In this clause:

Business Day means a day other than a Saturday, Sunday or public holiday in New South Wales, Australia.
Force Majeure Event means an event or circumstance beyond the reasonable control of the affected party that materially impedes or delays performance, including: acts of God; flood; fire; earthquake; extreme weather; epidemic or pandemic (and related public‑health directions); war; terrorism; civil commotion; industrial dispute not caused by the affected party; embargo; sanctions; acts or orders of government or regulators; change in law; national or regional outage of utilities, transport or key telecommunications; widespread or targeted cyberattacks (including DDoS and ransomware) not attributable to the affected party’s failure to implement reasonable security safeguards; and material outages or failures of third‑party hosting, cloud or platform providers on which the services reasonably rely.

19.2 Suspension of obligations. The affected party is excused from and not liable for any failure or delay in performing the impacted obligations for the duration and to the extent the Force Majeure Event prevents performance. Obligations to pay money that has already fallen due are not excused; recurring charges attributable to services that are not provided during the Force Majeure period are suspended or equitably abated.

19.3 Notice and updates. The affected party must promptly notify the other party of the Force Majeure Event (and in any event within 5 Business Days of becoming aware), give reasonable details of its expected impact, and use reasonable efforts to mitigate and resume performance. The affected party must provide periodic updates on progress.

19.4 Allocation and workarounds. Where resources are constrained, the affected party may allocate capacity fairly and reasonably among customers and projects and implement workarounds (including remote delivery, substitute resources or alternative providers) where commercially reasonable.

19.5 Extended events. If a Force Majeure Event continues for more than 45 consecutive days, either party may terminate the affected order or engagement on written notice without fault, charges or liability (other than for amounts properly due for goods/services delivered before termination).

19.6 Carve‑outs. Nothing in this clause excuses a party from complying with confidentiality, privacy/data protection, or IP ownership/licensing obligations to the extent compliance is reasonably achievable despite the Force Majeure Event.

20) Survival of Rights and Obligations

20.1 Survival. The following obligations survive expiry or termination of this document, together with any other provision which by its nature is intended to survive:
(a) confidentiality and privacy/data protection obligations;
(b) intellectual property ownership, licence grants and restrictions (including moral‑rights consents where applicable);
(c) permissions and licences to use Professional Profile Materials (including bios, credentials and headshots) to the extent necessary to: (i) honour uses already made or committed in proposals or printed materials, and (ii) retain archival copies and records;
(d) warranties, disclaimers, indemnities and limitations/exclusions of liability;
(e) payment obligations accrued up to termination and any obligations regarding taxes, records and audits;
(f) governing law, jurisdiction, dispute resolution, interpretation and notices provisions; and
(g) any clause expressed to survive or to apply after termination/expiry.

20.2 Duration of survival. Survival continues for the period specified in the relevant clause or, if no period is specified, for so long as reasonably necessary to give the clause business efficacy, subject to any mandatory limitation periods under applicable law.

20.3 No prejudice to accrued rights. Termination or expiry does not affect any rights, remedies, obligations or liabilities of the parties that have accrued up to the date of termination/expiry, including any right to claim damages for antecedent breach.