Contact us

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd

McDonald Lawson Carter Pty Ltd ABN 83 649 397 491 & McDonald Lawson Pty Ltd ABN 63 060 820 939 (we, us, our) is committed to complying with its obligations under the Privacy Act 1988 (Cth) (the Act).

The Act allows personal information to be collected, used and disclosed for the purposes for which it was collected in accordance with the Act.

This Privacy Policy only applies to the extent we collect, use and disclose personal information in connection with this website and our businesses.

This Privacy Policy may be revised, updated or replaced from time to time and we may subsequently notify users of any changes to it by posting the revised, updated or replaced Privacy Policy on this website. Any changes to it take effect on the date on which the revised, updated or replaced Privacy Policy is posted to this website and held in our business premises.

Privacy Policy

 

 

The privacy policy utilised by McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd is designed to reduce the high risk of identity theft and data breaches.

  • Transparency: Agents must explicitly state how personal information is collected, used, disclosed and destroyed.
  • In-person Collection: Agents must reflect in-person data collection (e.g at open for inspections) and this data must be made easily accessible should a client request it. Be careful with paper registers as they can be a breach of APP11 because other people can take photographs of the register. If you do use paper registers, ensure that reasonable steps are taken so they are kept secure, and others cannot access the details. If someone does not consent to provide information you can bar access to the open for inspection. If they provide information, then you have obtained their voluntary consent.
  • Minimised Data Collection: Agents must only collect necessary information, reducing the collection of excessive details such as tattoos, relationship status, full social media history, or unnecessary financial details, such as excessive request for bank statements is prohibited.
  • Secure Destruction: Personal information must be destroyed or de-identified when no longer needed. To destroy information implies rendering it irretrievable, rather than merely archiving it. To de-identify information means to make it so that the identity of that individual can no longer be ascertained from that information. New standards require the destruction of unsuccessful tenant information. This data can no longer be kept “just in case” and stricter rules also apply for third-party CRM platforms.
  • Standardised Applications: New laws mandate a standard rental application form to clarify what information can and cannot be collected, aimed at preventing intrusive and non-essential requests.
  • AI Disclosure: AI-generated images in rental listings must be disclosed to prevent misleading advertisements.
  • Legal Obligations: Agents must comply with the 13 Australian Privacy Principles (APPs) if their turnover exceeds $3 million, including strict data breach notification requirements. This is irrespective of your business structure.
  • Consent & Use: Personal information must not be used or disclosed for any purpose other than what was originally authorised, including for marketing activities. Any “direct marketing” type of communication should have an easy to use “unsubscribe” functionality to comply with APP7 and the SPAM Act.
  • Request for personal information: You cannot charge a person for making a request to access their personal information, but you can charge them a fee for providing them access to the information. This fee cannot be excessive, and could include staff related costs of locating, sorting through and assembling the personal information as well as reproducing and sending it, and the costs associated with any material or postage required.

 

 

Compliance Steps

  • McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd reviews and updates company privacy policies on an annual basis to ensure compliance with legislation and to reflect the new restrictions on data collection, storage, and destruction.
  • McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd implements secure, permanent, and automated deletion methods for prospective tenant data, contractors and filenotes.
  • McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd trains and educates all staff on the implementation of privacy legislation as it affects daily practice within the agency.
  • McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd conducts reviews and due diligence on all third-party service providers, such as CRM and IT platforms (and has written agreements with these third-party companies) for compliance with data retention and deletion policies. 
  • McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd ensures that explicit, voluntary consent is obtained for marketing, particularly when using data collected at open homes.
  • McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd educates staff on the new privacy obligations and has created a formal Data Breach Response Plan that contains the identity and contact details of the organisation, a description of the data breach, the kinds of information affected,  recommendations for affected people and if it is notifiable to the Office of the Australian Information Commission (OAIC). (see proforma at the end of this policy)
  • McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd displays clear, updated collection notices at all open homes and on digital platforms, explaining why data is collected and how the data will be used.

 

 

What is Personal Information?

When used in this Privacy Policy, the term “Personal Information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address, credit information and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered Personal Information.

 

What type of Personal Information does McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd collect and hold about you?

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may collect any of the following information about you if you are a current or prospective vendor, purchaser or landlord of real estate or if you visit our website or make an enquiry with us via another method:

  • contact details (including, name, address, telephone number and email address);
  • driver’s licence number;
  • current property ownership and title details;
  • desired property ownership details; and
  • details of properties sold or acquired by you

 

If you are a current or prospective tenant for a rental property, McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may collect the following additional information from you:

  • contact details (including, name, address, telephone number and email address);
  • driver’s license number;
  • employment details such as your employment status, employer, salary, length of employment;
  • other sources of income; and
  • personal and financial referees whom we may contact about your application.

 

Sometimes McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may also need to ask you for other forms of Personal Information to enable us to provide services to you.

How does McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd collect Personal Information about me?

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd collects your Personal Information directly from you unless it is unreasonable or impracticable to do so. When collecting Personal Information from you, McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may collect in various ways, including emails, letters, telephone calls.

 

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may collect information about you from the following third party sources:

  • databases in the public domain such as telephone indexes, Australia Post database, Titles Office or other property databases; and
  • referrals and recommendations from existing clients of <<insert name of agency>>.

 

As part of the process of entering into lease or rental agreements with you, McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may disclose your information to authorised credit or tenant checking agencies.

 

Does McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd use automated decision-making tools?

Automated decision-making refers to when an organisation uses technology (like algorithms or AI systems) to make decisions about individuals with no human involvement or minimal human review.  For example:

  • automatically approving or rejecting tenancy applications based on credit score checks.
  • auto-calculating rent increases based on market data.
  • using AI chatbots to decide maintenance request prioritisation.
  • AI generated email responses for email enquiries.

 

Currently, the Privacy Act 1988 does not contain a specific right for individuals to know when decisions about them are made solely by automated means. However:

  • the Australian Privacy Principles (APPs) still apply. So, organisations must:
    • be transparent about how personal information is collected and utilised (APP 1)
    • not collect more data than necessary (APP 3)
    • take reasonable steps to ensure the data is accurate (APP 10)

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd does NOT use any automated decision-making AI tools.  If the agency does commence to utilise such services, this Privacy Policy will be amended accordingly.

OR

Like many strata and property agencies, McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd utilises AI tools, including automated tenant vetting, and smart building management systems (include any other tools used by the agency). This means:

  • clients will be informed when AI tools are being utilised for decisions such as tenant screening, rent adjustments, or maintenance prioritisation
  • you will be informed about whether decisions are fully automated or substantially assisted by computer programs, including AI or machine learning systems
  • you will receive information about how your personal information is provided to the AI tool
  • you may have the opportunity to request a human review if you believe that automated decisions significantly affect your rights.

 

There is currently no express legal right under the Privacy Act to have a human review of automated decisions - but the general APPs do apply to any system that handles personal data.

 

What happens if we can’t collect your Personal Information?

If you do not provide McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd with the Personal Information described above, some or all of the following may happen:

  • we may not be able to provide our services to you, either to the same standard or at all; or
  • we may not be able to provide you with information about services that you may want, including information about new properties that are available for lease or purchase.

 

Why does McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd collect, hold, use and disclose your Personal Information?

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd collects information for a range of purposes including:

  • enable our agency to provide you with the services and/or products you may require;
  • to comply with local, state and federal legislation or regulations, and those specifically related to real estate property sales, rental and administration;
  • to enable our agency to assist you with related services, as required;
  • for our internal administrative, marketing, planning, product development and research requirements;
  • to update our agency’s records and keep your contact details up to date;
  • to deal with your queries or customer service issues promptly, whether by email, telephone or mail;
  • to conduct relevant business processing functions; and
  • to process and respond to any complaint made by you.

 

Your Personal Information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.

 

How does McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd use the Personal Information held about you?

Any Personal Information about you that our agency collects and records will only be used or disclosed by our agency for the purpose of:

  • compliance with obligations under real-estate regulations and laws applicable for all states in Australia;
  • for our agency’s administrative, planning, product or service development, quality control and research purposes; and
  • complying with any other relevant laws or regulations.

 

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may also use or disclose the information it collects for any other purpose specified to you at the time of collection.

 

Direct marketing?

Our agency may send you direct marketing communications and information about our services that we consider may be of interest to you. These may include:

  • offering to provide you with products or services provided by our agency and third-party providers; or
  • sending you news and other information about our agency’s activities and general promotional material which we believe may be of interest to you.

 

These communications may be sent in various forms, including mail, SMS and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). When our agency does this, we will provide you with the opportunity to opt-out from receiving any further communication from our agency.

 

You may at any time request not to receive direct marketing from McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd by contacting our agency or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

 

The McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd website

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd privacy policy also applies to our website at www.mcdlc.com.au.

When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website.  Our cookies do not collect Personal Information, although they do identify your browser. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them.

 

As our website is linked to the Internet, and the Internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Accordingly, any Personal Information or other information, which you transmit to us online, is transmitted at your own risk.

 

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third-party website. Third party websites are responsible for informing you about their own privacy practices.

 

 

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd does not utilise any services that are located outside of Australia”.

 

 

What happens if I want to access or correct the Personal Information held about me?

You may request access to your Personal Information held by our agency, at any time by contacting us.  We will try to provide you with suitable means of accessing your Personal Information (for example, by mailing or emailing it to you). We will respond to your request for access within 7 days and endeavour to provide the requested information within 21 days.

There may be instances where McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd cannot grant you access to the Personal Information we hold. For example, we may not be able to provide access to information in the following situations:

  • where in our opinion providing the information your request, may create a serious threat to the life or health of any individual or may be an unreasonable intrusion into the privacy of another individual;
  • where your request for access is, in our agency’s opinion, frivolous or vexatious; or
  • where providing access would be unlawful, may prejudice an investigation of possible unlawful activity, may prejudice enforcement of law, or denying access is specifically authorised by law.

 

If for any reason our agency does not allow you to access your Personal Information, we will provide you with reasons in writing for our decision.

 

If you believe that Personal Information that our agency holds about you is incorrect, incomplete or inaccurate, then you may request that we amend it.  McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd will consider if the information requires amendment. If our agency does not agree that there are grounds for amendment, then we will add a note to the Personal Information stating that you disagree with it.

 

To whom does McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd disclose my Personal Information?

We may disclose your Personal Information:

  • to employees of our agency and our contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide services to you;
  • if you are a tenant of any property that we are managing, to a National Tenancy Database;
  • to suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and
  • to any organisation for any authorised purpose with your express consent.

There are some instances when our agency may need to provide your Personal Information to third parties.   McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd may be bound by law to provide your details to government-related bodies, including the Titles Office or the Residential Tenancies Bond Authority.

 

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd does not sell your personal details to other organisations. We may however use the information about you to assist us with internal marketing and research.

 

We may disclose your Personal Information to entities located outside of Australia, including our data hosting and other IT service providers, who may pass information to secondary data hosting providers located outside of Australia.

 

How does McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd keep my Personal Information secure?

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd will take reasonable steps to ensure information collected, used or disclosed is stored in a secure environment that is accessed only by persons authorised by our agency so as to prevent interference, misuse, loss, unauthorised access, modification or disclosure.

 

If the Personal Information is no longer needed for any purpose, our agency will take reasonable steps to destroy or permanently de-identify the Personal Information.

 

McDonald Lawson Carter Pty Ltd & McDonald Lawson Pty Ltd endeavours to provide a secure environment and a reliable system but you should be aware that there are inherent risks associated with the electronic storage and transmission of information (particularly via the Internet) which cannot be guaranteed to be 100% secure.

 

Who do I contact for further information?

Grant William Lawson or Peter Vincent Mitchell can assist you with any enquiries you have about the information that we hold about you.

 

What if I have a complaint or concern?

If you have a complaint or concern you can email, admin@mcdlc.com.au or phone our agency. We will do our best to try and resolve your complaint within 30 days.

 

What if you are unable to resolve my complaint or concern?

If we are unable to resolve your complaint within this time, or you are unhappy with the outcome, you may refer your complaint to the Australian Information Commissioner. The Australian Information Commissioner can be contacted at the below details:

 

The Office of the Australian Information Commissioner

GPO Box 5218

Sydney NSW 1042

Phone: 1300 363 992

E-mail: enquiries@oaic.gov.au

 

This privacy property was last updated on <<insert date of most recent update>>.

 

 

Data Breach Response Plan (Proforma)

 

  1. Organisation Details & Responsibilities
  • Data Breach Response Team (DBRT): (Grant William Lawson or Peter Vincent Mitchell, Privacy Officer Peter Mitchell.
  • Internal Reporting Procedure: Staff must immediately report suspected breaches to Licencee in Charge.
  1. Step 1: Containment and Preliminary Assessment
  • Containment Action: Immediately isolate affected systems, change passwords, or revoke access to prevent further data loss.
  • Preliminary Assessment:
    • Date, time, and location of the breach.
    • Type of information involved (e.g., personal, health, financial).
    • Cause of the breach (e.g., cyberattack, human error, lost device).
    • Number of individuals affected. 

 

  1. Step 2: Evaluate the Risk (Serious Harm Assessment)
  • Assess whether the breach is likely to result in serious harm (physical, psychological, emotional, financial, or reputation) to individuals.
  • If remedial action successfully mitigates the risk, notification may not be required. 

 

  1. Step 3: Notification
  • Notify OAIC: If it is an "Eligible Data Breach," report to the Office of the Australian Information Commissioner using the online form. https://webform.oaic.gov.au/prod?entitytype=DBN&layoutcode=DataBreachWF
  • Notify Individuals: Clearly communicate to affected individuals what happened, what information was involved, and steps they should take. 

 

  1. Step 4: Prevention and Review
  • Prevent Re-occurrence: Implement long-term security measures (e.g., encryption, training, system updates).
  • Review Plan: Evaluate the response effectiveness to improve future security. 

 

Key Considerations

  • Timeline: The assessment should ideally be completed within 30 days of discovering a suspected breach.
  • Documentation: Keep detailed records of all actions taken, even if the breach did not require notification.
  • Legal Advice: Engage external legal or IT experts if needed. 

 

Thankyou so very much for all you did in assisting us with the sale of our property and it's clear out. Your advice and friendly professional approach to the property sale and auction was very much appreciated and gave us the confidence that the best outcome would and was attained. Jan 

Thank you so much for showing us around the cattle yards and we all appreciate you greeting us at the sale yards. Thank you for for taking up you working time to show us around. The price of Bluey the steer was unbelievable!