Welcome to John Suta Legal - We're here to help

Privacy Policy

Privacy Policy & Collection Statement

Privacy Policy

John Suta Legal (ABN 15 212 199 863)

John Suta Legal (I, We, Us, Our) respect your privacy and aim to avoid interference with your privacy in your dealings with us. We will collect, handle and process your personal data with the utmost care and in accordance with the law.

How we handle and process information about you is governed by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (‘APP’) (collectively, the ‘Privacy Laws’). John Suta Legal is an APP regulated business and this statement explains our obligations and how we manage information about you.


1. Kinds of information we manage

We collect, receive, use, disclose and manage the following types of information:

Personal data‘ or ‘personal information

Which is information or an opinion about an identified natural person or reasonably identifiable natural person, whether true or not and whether it is recorded in a material form or not. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples include an individual’s name, date of birth, signature, address and contact details, occupation, employment history, family situations, bank account details, financial and tax information, IP address. Unless specified otherwise, ‘personal data’ or ‘personal information’ includes Government Related Identifiers (GRI).

Sensitive information‘ (also referred to as ‘special categories of personal information‘)

Is a subcategory of personal information and includes information or opinion about an individual’s racial or ethnic origin, political opinions and affiliations, religious or philosophical beliefs, membership of professional or trade associations or of a trade union, sexual orientation or practices, criminal record, health information including information about physical and mental health, notes on symptoms, diagnosis, disability and treatment, information about suitability for work and other health-related information.

Government Related Identifiers‘ (‘GRI’) are numbers, letters or symbols assigned by a State or Territory authority or agency to identify an individual or verify identity. Examples are Tax File Numbers, Medicare Numbers, Centrelink References, Driver’s License Numbers and Passport details. We only collect, receive, use, disclose or manage GRI in accordance with the law.

The words ‘information about you’ refers to personal and sensitive information (or special categories of information) and GRI managed by us.


2. Why we collect and process information about you

We collect, receive, use, disclose and otherwise process the kinds of personal information set out above only where it is reasonably necessary for us to do so. The general purposes for processing your personal information, the main consequences (if any) if the information is not provided and the legal basis for such processing are set out below:


Clients/Prospective Clients

If you are a client or prospective client we collect, receive, use, generate, disclose and otherwise process information about you that is reasonably necessary for the primary purpose of providing legal services.

Legal basis: where we provide legal services to you, we need to process your personal information in order to perform our contractual obligations to you in relation to such services.

If we are required to process special categories of personal information in order to provide legal services to you (for example, your medical records), we will obtain your consent prior to doing so.

Legal basis: consent.

We also process information about you for the following related purposes:

   •  determining if we are able to assist you with your legal matter;
   •  assessing and processing inquiries and requests for legal services;
   •  securing litigation and/or disbursement funding;
   •  market research and analysis;
   •  recovering moneys that you may owe us; and
   •  to inform you about any relevant legal services provided by us.


Legal basis: it is in our legitimate interest to use your personal information for the above related purposes in order to provide legal services and conduct and manage our legal services business.

We may also use or process your personal information to comply with legal requirements, such as taxation or financial reporting requirements.

Legal basis: we will process your information where necessary to comply with a legal obligation to which we are subject.

We may monitor and record telephone calls from prospective clients for training and security purposes.

You are not obligated to provide the requested information about you. However, if it is not given we will be unable to provide the legal services you require.


Service Providers

We may also collect information about our service providers engaged by us to perform services.

Legal basis: it is in our legitimate interests to engage third-party service providers to administer and manage our legal services business.

Where you provide us with personal information about someone else, you must have their consent to provide their personal information to us based on this privacy policy.


3. How we collect and hold information about you


Clients/Prospective Clients

Most information about you is collected directly from you either verbally, in writing or from documents provided by you. We also collect and receive information about you from the following third parties with your authority:

•  material provided under freedom of information, health records and other legislation;
•  taxation records from the Australian Taxation Office;
•  information from other government agencies;
•  medical records and information from treating doctors and other health professionals;
•  statements from policing authorities and witnesses, if relevant;
•  employment records and information from employers and former employers;
•  financial information from accountants and financial advisors;
•  claims records and other information from insurers; and
•  data from our website and the internet as a result of receiving subscription applications and emails.


Website and Cookies

We also collect information about you from our website or social networking service and we use that information and feedback to improve our services and web content.

Legal basis: it is in our legitimate interests to use your personal data which may be collected or generated on our website to improve our services and enhance the user experience on our website. We also use third parties to analyse web browsing and traffic on our website, which may involve the use of software, such as cookies, to collect information.


4. Usual use or disclosure of information about you

We disclose information about you to the following third parties or entities outside of John Suta Legal where it is reasonably necessary for the purposes set out in the above section:

•  courts, tribunals, ombudsmen, commissions and regulatory authorities (information provided to courts and tribunals may be made available to other parties to the litigation and will be on the public record);
•  other parties involved in your matter and their solicitors (for example, counter parties to litigation or a transaction);
•  third parties or entities who assist us in providing legal services or who provide services to you, or who provide services to us including recruitment services, data storage, distribution and mailing services, direct marketing, technology support services, and business development services;
•  insurers;
•  litigation and disbursement funders;
•  unions;
•  market researchers and analysts;
•  any entity or person with your authority.


We have contractual arrangements with our service providers which require them to protect your personal information in accordance with the Privacy Laws, including that they only use it for the purpose for which it is disclosed.


5. Additional uses of information about you

We may also use information about you to inform you of matters that may be of interest to you, such as changes to the law or potential legal claims that you may have. Your name and address may be provided to a mailing house for those purposes. If you do not want us to use information about you in this way, please advise the Mr John Suta who will be handling your matter on (03) 5721 3084 or by emailing Mr John Suta jsuta@johnsutalegal.com.au


6. Your rights (Australian privacy principles)

Access and Corrections of Information about you (in Australia)

You have the right to access and/or request corrections of information about you held by us in accordance with the APP. A request can be made by contacting Mr John Suta on

(03) 5721 3084 or emailing Mr John Suta jsuta@johnsutalegal.com.au


Complaints (in Australia)

If you are dissatisfied with how we have managed information about you or if you believe that we have breached the APP, you may make a written complaint to us. Please address any privacy complaint to Mr John Suta or by emailing jsuta@johnsutalegal.com.au or by sending correspondence to 28 Faithfull Street, Wangaratta, Victoria, 3677. We will respond as soon as reasonably possible. If your concerns have not been resolved by that time, you may refer the matter to the Office of the Australian Information Commissioner on 1300 363 992 or enquiries@oaic.gov.au.


Obtaining a copy of this Privacy Policy

A copy of this Privacy Policy regarding the management of personal information can be obtained by requesting a copy from Mr John Suta in person, over the telephone on

(03) 5721 3084 or by writing to us at 28 Faithfull Street, Wangaratta, Victoria, 3677.


7. Destruction, de-identification and putting beyond use

Once we are no longer legally obligated or contractually obliged to retain information about you for any lawful purpose we will either destroy or de-identify it. If you are a client, we are required by law to retain information collected to progress your legal matter for seven (7) years once your case is closed. In some cases we may be required to retain documents for a longer period of time (for example, the making of a Will).

Where information about you is held electronically and it is not possible to irretrievably destroy or de-identify without compromising other information that we are entitled or obliged at law to retain we will restrict access or put the information about you beyond use.


Collection Statement

1.1 You agree that John Suta Legal may use the personal information it collects from you or about you in the course of providing Legal Services as set out in our Privacy Policy which is included with the Agreement. The Privacy Policy may also be viewed above.

1.2 John Suta Legal may also use the information to maintain ongoing contact with you (including by electronic communication) and to keep you informed of legal developments or service offerings that may be of interest to you or to notify of events that the Firm is holding. John Suta Legal may also use your personal information in accordance with any consents you may have given.

1.3 We will respect the confidentiality and privacy of the personal information provided or obtained, subject to our legal obligations. Your personal information may be disclosed to other individuals and organisations for the provision of Legal Services in connection with the operation of John Suta Legal, but only under strict privacy controls.

1.4 If you do not provide the personal information when requested, John Suta Legal may not be able to provide you with its full range of services.

1.6 Your privacy rights and our privacy obligations survive the completion, expiration or termination of the Agreement.

Who we are

Our website address is: https://johnsutalegal.com.au.

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements