The firm
Privacy policy.
Corvian Partners Pty Ltd (ABN 62 687 179 415) (“Corvian”, “the firm”, “we”, “us”)
This policy explains how Corvian collects, uses, discloses, and protects personal information. It is prepared with reference to the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It applies to the firm’s website at corvian.com.au and to the firm’s dealings with enquirers, clients, and other individuals.
By using this website or corresponding with the firm, you acknowledge the practices described here. This policy should be read together with the firm’s Cookie Policy and Website Terms of Use.
1. The firm’s approach
Corvian is a strategic advisory firm. We collect personal information only where it is reasonably necessary for the firm’s functions, and we collect no more than we need. We do not buy or rent contact lists and we do not send direct marketing. We use a third-party analytics service (Google Analytics) with Google’s advertising features enabled to measure site performance and support measurement and remarketing through Google Ads, as described in the Cookie Policy; we do not use this information to identify you individually.
2. The personal information we collect
Enquiries and engagement. When you contact the firm, we collect the contact and professional details you provide – name, role, organisation, email address, and any telephone or messaging contact you choose to share – together with the information reasonably necessary to screen for conflicts of interest before any substantive discussion. You may be asked for the names of parties before detail is exchanged.
Advisory mandates. In the course of a mandate we hold the information necessary to carry out and document the engagement. That information is additionally governed by the confidentiality terms of the relevant engagement and, where applicable, by legal professional privilege.
Website usage. When you visit the site, our hosting and security infrastructure and our analytics service generate technical information – IP address, browser and device characteristics, pages viewed, referring pages, and approximate location. Google Analytics 4 does not log or store full IP addresses, and we do not use analytics to identify individuals. The analytics service’s advertising features (Google Signals and ad personalisation) are enabled, which support cross-device and demographic reporting and remarketing through Google Ads and set additional cookies on Google and DoubleClick domains. In regions where consent is required, these cookies are set only with your consent (see the Cookie Policy for detail and choices).
Correspondence and scheduling. Where you email the firm, message it on Signal, or book a briefing, the email, secure-messaging, and calendaring services we use process the information you submit on the firm’s behalf.
Firm records. The firm maintains client, matter, and billing records in access-controlled practice-management, document, and accounting systems. These hold the professional contact information and matter records reasonably necessary to conduct and document engagements and to meet the firm’s record-keeping obligations.
We do not seek to collect sensitive information (as defined in the Privacy Act) through the website. Where sensitive information is necessarily disclosed to the firm in the course of a mandate, it is handled under the confidentiality terms of that engagement and the security measures described below.
3. How we collect it
We collect personal information directly from you – by email, by secure message, through this website, or in the course of an engagement – and automatically through the website technologies described above. Where it is reasonable and practicable, we collect personal information from you rather than from a third party. In the ordinary course of a mandate we may also receive personal information about third parties from a client; where we do, we rely on the client having authority to provide it.
4. Why we collect, hold, and use it
We collect, hold, and use personal information to:
- respond to and assess enquiries, including conflict screening;
- conduct advisory mandates and meet our obligations under them;
- communicate with clients, counterparties, and advisers on a matter;
- maintain firm records, including records the firm is required to keep by law;
- operate, secure, measure, and understand the use of this website, including through analytics and advertising-measurement features described in the Cookie Policy;
- meet the firm’s legal, regulatory, and professional obligations; and
- detect, prevent, and respond to fraud, misuse, and security incidents.
We do not use personal information for automated decision-making that produces legal or similarly significant effects, and we do not send direct marketing.
5. Disclosure
We do not sell or trade personal information. We disclose personal information only:
- with your consent, or where you would reasonably expect us to;
- to professional advisers and service providers engaged on a matter, under confidentiality obligations;
- to the third-party service providers that operate the firm’s website, analytics, communications, scheduling, and practice systems, for those purposes only and under contractual obligations of confidentiality and security; and
- where disclosure is required or authorised by law, or is reasonably necessary to protect the firm’s lawful interests, including in connection with actual or anticipated legal proceedings.
Categories of service provider
The firm relies on a small number of reputable service providers, which may change from time to time. The current categories are:
- Hosting, content delivery, and security – the infrastructure that serves and protects the website (Cloudflare).
- Website analytics and advertising measurement – a cookieless first-party analytics service and Google Analytics, with Google’s advertising features (Google Signals and ad personalisation) enabled subject to region-scoped consent (see the Cookie Policy).
- Email, calendaring, and secure messaging – the services used to receive enquiries and schedule briefings.
- Practice management, document storage, and accounting – the access-controlled systems in which client and matter records are held.
A current list of the specific providers in each category is available on request to the contact below.
6. Cross-border disclosure
Some of the firm’s service providers store or process data outside Australia, including in the United States and the European Union. Where personal information is disclosed to an overseas recipient, the firm takes reasonable steps to ensure the recipient handles it consistently with the Australian Privacy Principles, including through the recipient’s contractual commitments and recognised data-protection frameworks. By providing personal information to the firm you acknowledge that it may be handled by service providers located outside Australia.
7. Security
Information relating to client matters is held in secure, access-controlled systems. Highly sensitive material is handled over end-to-end encrypted channels. The firm applies technical and organisational measures appropriate to the sensitivity of the information, including transport encryption for the website, access controls, and the practice of collecting and retaining only what is necessary. No system can be guaranteed completely secure; the firm maintains an incident-response process to address any compromise.
8. Retention
We retain personal information only for as long as it is needed for the purposes set out in this policy, or for as long as the firm is required to retain it by law or professional obligation. Records connected to a mandate are retained for the period the firm is required to keep them and for the period during which a claim may arise, after which they are securely destroyed or de-identified in accordance with the firm’s retention practices. Enquiries that do not proceed to engagement are retained only as long as necessary to document the conflict position and then destroyed or de-identified.
9. Access and correction
You may request access to, or correction of, the personal information the firm holds about you by writing to the contact below. We will respond within a reasonable period. We may need to verify your identity before acting on a request. Access may be limited where the Privacy Act permits or requires – for example, where disclosure would reveal information subject to confidentiality or legal professional privilege owed to another person, or would prejudice an investigation. Where we decline a request, we will explain why and how you may complain.
10. Notifiable data breaches
The firm assesses suspected eligible data breaches under the Notifiable Data Breaches scheme in Part IIIC of the Privacy Act. Where a breach is likely to result in serious harm, the firm notifies affected individuals and the Office of the Australian Information Commissioner (OAIC) as required.
11. Complaints
If you have a concern about how the firm has handled your personal information, please raise it with the firm in the first instance, using the contact below. We will acknowledge your complaint and respond within a reasonable period. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner at oaic.gov.au.
12. Changes to this policy
The firm may update this policy from time to time. The current version is published on the firm’s website, and the date below is revised when a material change is made.
13. Contact
Privacy enquiries and requests may be directed to:
Corvian Partners Pty Ltd
Contact page
The firm operates from Sydney, Australia by appointment; no street or postal address is published. For active, time-critical matters, Signal is the appropriate channel (see the Contact page).
Last updated: July 2026