Privacy Policy
Last updated: 21 April 20261. Overview
Brockwell Strategy Pty Ltd (ABN 85 675 736 259) trading as Brockwell (“we”, “us”, “our”) respects your privacy and is committed to handling personal information in a careful, lawful, and transparent way.
This Privacy Policy explains how we collect, use, store, and disclose personal information in connection with our website, services, recruitment, events, and business operations.
Brockwell is a registered lobbyist on the Australian Government Register of Lobbyists and the Western Australian Register of Lobbyists. We are also listed on the Foreign Influence Transparency Scheme. Information about our activities is publicly available on those registers.
2. What is “personal information”?
“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable.
3. What personal information we collect
The personal information we collect depends on your relationship with us (client, stakeholder, job applicant, supplier, event participant, website visitor). It may include:
Identity and contact details
Name, email address, phone number, role/title, organisation, postal address.
Professional information
Employment history, qualifications, professional affiliations, referee details (for applicants).
Information relevant to client work (for example, stakeholder context, communications history, project inputs).
Identification
Government-issued ID (for example, driver’s licence or passport) only where reasonably necessary (for example, verification for specific engagements).
Online information
Device and browser information, IP address, pages viewed, date/time of visits, referring URLs, and similar website usage data via cookies and analytics tools.
Stakeholder information
In the ordinary course of our strategic communications, government relations and policy work, we may collect and hold professional information about stakeholders relevant to a client’s engagement. This includes government officials and their staff, ministers, party officials, industry body representatives, academics, think tank personnel, media contacts and analysts, among others. The information may include professional contact details, publicly available political, party or role affiliations, and opinions expressed in public or professional settings. We collect this information from public sources (including public registers, media, organisational websites, LinkedIn and government publications) and in the course of client engagements. We use it only in connection with Brockwell’s core business and client’s advocacy or policy purposes, under confidentiality obligations.
Sensitive information
We do not seek to collect sensitive information unless it is reasonably necessary for our work and you have consented, or the collection is otherwise permitted by law. Where we hold information about stakeholders’ professional political affiliations (for example, current or former political party membership, advisory roles or publicly stated positions), that information is held only where directly relevant to the client’s advocacy or policy purpose, handled under confidentiality, and retained for no longer than necessary.
You can choose not to provide personal information. If you do, we may not be able to provide certain services or respond properly.
4. How we collect your information
We collect personal information in several ways, including:
Directly from you when you:
Contact us (email, phone, web forms)
Engage our services or provide services to us
Apply for a role
Attend or register for an event, briefing, or workshop
Subscribe to updates or interact with our communications
Participate in meetings, briefings or calls that are recorded or transcribed using AI-enabled tools (see AI and data handling below)
From third parties where reasonably necessary, including:
Referees (job applications)
Recruitment or background-check service providers (where used)
Professional advisers (for example, legal or accounting), clients, or counterparties in a project context
Public sources (for example, organisational websites, media, public registers, LinkedIn) for stakeholder and communications work
Unsolicited information
If we receive personal information we did not request, we will assess whether it is necessary for our work. If not, we will take reasonable steps to delete or de-identify it (where lawful and reasonable).
Anonymity and pseudonymity
Where lawful and practicable, you may interact with us anonymously or using a pseudonym. In many professional contexts (client services, recruitment, invoicing), this won’t be practical.
5. Why we collect your information
We collect and use personal information for purposes such as:
Providing and improving our services (strategy, communications, policy and stakeholder work)
Communicating with clients, stakeholders, suppliers, and applicants
Recruiting and managing applications
Organising and delivering events, briefings, and workshops
Managing our business operations (invoicing, payments, record-keeping, internal administration)
Protecting our systems and preventing fraud or misuse
Complying with legal and regulatory obligations
6. Disclosure of personal information
We may disclose personal information to third parties where reasonably necessary to operate our business or deliver services, including:
Productivity, collaboration and CRM platforms (currently including Google Workspace, Microsoft 365, Notion and Slack)
Cloud hosting and storage providers
Accounting, billing and finance systems (currently Xero)
AI tools used under our direction (see AI and data handling below)
Recruitment partners, referees and background-check providers (for hiring)
Professional advisers (legal, accounting, insurance)
Clients or counterparties where disclosure is required to deliver agreed services (for example, in stakeholder engagement work), and where appropriate
Regulators, courts, or law enforcement where required or authorised by law
Any successor to Brockwell’s business or assets
We do not sell or rent personal information.
7. Overseas disclosure and cross-border handling
We use third-party service providers (including cloud, productivity, AI and software providers) whose infrastructure may store or process information outside Australia.
The primary overseas jurisdictions where personal information we hold may be processed are the United States, the United Kingdom, the European Union and Singapore, depending on the provider. Where personal information is processed overseas, we take reasonable steps appropriate to its sensitivity to ensure it is handled with appropriate privacy and security protections, including through contractual commitments with our providers and assessment of their privacy and security practices.
8. Direct marketing and communications
We may send you updates about Brockwell (for example, insights, briefings, newsletters, event invitations) where it is reasonably connected to your relationship with us, or where you have asked to receive them.
Opt out anytime by using the unsubscribe option (where provided) or emailing us. We will honour opt-out requests.
9. Cookies, analytics, and website activity
Our website may use cookies and similar technologies to:
Operate and secure the site
Understand how visitors use the site
Improve performance and content
This may involve collecting information such as IP address, device or browser type, pages visited, and time spent on pages.
You can control cookies through your browser settings (including blocking or deleting cookies). Blocking some cookies may affect site functionality.
10. Storage, security, and retention
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. These steps include:
Role-based access controls and need-to-know restrictions
Multi-factor authentication on core systems
Use of reputable enterprise cloud platforms for storage and collaboration (currently including Google Workspace, Slack and Notion)
Confidentiality obligations applied to our people and contractors
Ongoing review of our information-handling practices
We keep personal information only for as long as needed for the purposes set out in this policy, or as required by law. As a general guide:
Financial and tax records: 7 years from completion of the relevant transaction (consistent with Australian Taxation Office requirements).
Client engagement records: for the duration of the engagement, plus 7 years.
Unsuccessful job applicant records: up to 12 months from the decision, unless you consent to longer retention.
Stakeholder and CRM records: regularly reviewed and deleted or de-identified when no longer relevant to current or anticipated client work.
Marketing contact lists: until you unsubscribe or remain inactive for 2 years.
When personal information is no longer required, we take reasonable steps to securely delete or de-identify it.
11. Data breaches
We have processes in place to detect, assess, contain and respond to data breaches. Where we become aware of a suspected or actual data breach involving personal information, we will assess it promptly and take steps appropriate to the circumstances, which may include notifying affected individuals and relevant authorities where we consider the breach is likely to result in serious harm.
12. Access and correction
You may request access to the personal information we hold about you and request corrections if it is inaccurate, out of date, incomplete, irrelevant, or misleading.
Please contact us using the details in section 17 below. We will acknowledge your request and aim to respond in writing within 30 days. We may need to verify your identity before providing access. In limited circumstances permitted by law, we may decline a request — in that case we will explain why and, where appropriate, provide alternative access.
13. Privacy complaints
If you have a concern or complaint about how we handle personal information, please contact us with:
Your name and contact details
What happened, and any relevant dates or communications
What outcome you’re seeking
We will acknowledge your complaint and aim to respond in writing within 30 days (or sooner where possible). If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
14. AI and data handling
We may use artificial intelligence (AI) tools to support the delivery of our services, including drafting, research, analysis, summarising meetings and similar tasks. AI tools are used under our direction and oversight, and are intended to assist (not replace) our professional judgment.
Our standards for AI use include:
We use enterprise and individual-tier AI tools whose terms commit to not using user or client data for model training or improvement. Tools may include Claude, ChatGPT, Google Gemini, Google NotebookLM and Notion AI, among others as necessary from time to time.
We do not opt in to any voluntary model training arrangements in relation to client or stakeholder data.
Client and stakeholder information is processed securely and only to support the specific task at hand.
Outputs generated with AI assistance are always subject to human review before they leave Brockwell.
We review our AI tools and practices regularly.
15. Automated decision-making
We do not currently use automated decision-making to make decisions about individuals that could reasonably be expected to significantly affect their rights or interests. If this changes, we will update this policy and provide relevant information about the process to those who may be directly affected.
16. Changes to this policy
We may update this Privacy Policy from time to time. The latest version will be available on our website and can be provided on request.
17. Contact us
Privacy questions, access or correction requests, and complaints can be directed to:
Brockwell Strategy Pty Ltd t/a Brockwell
Email: privacy@brockwell.com.au
If you are not satisfied with our response to a privacy concern or complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.