Understanding our
Last updated: 14 November 2025
In this Policy, Settify means Settify Pty Limited (ABN 75 613 076 574) and any of its parents, subsidiaries, affiliates or related bodies corporate (collectively, We, Us, Our).
We provide online intake systems to Our Customers by providing them with an information collection application which can be embedded on its website or in its other forms of communications (Intake Form), for the purpose of collecting information from End Users. End Users are people who have completed the Intake Form (or part thereof) after it was supplied to them by one of Our Customers. Customers are law firms who enter into an agreement with Us for the provision of Our products and services. We collect the information provided to Us by the End Users in the Intake Form, process it, and then provide it to the relevant Customer/s. We also collect information about Our Customers, including its employees and representatives.
This Privacy Policy (Policy) sets out how Settify treats the personal information that We collect, use, maintain and disclose and Our procedures regarding the handling of personal and sensitive information, including the collection, use, disclosure and storage of information, as well as the rights of individuals in relation to that information.
This Policy applies to all websites, applications, and other services offered by Settify and its related subsidiaries where you are one of Our Customers or an employee of one of Our Customers (our Services).
By submitting your personal information to Us or by using Our Services, you acknowledge and agree to the processing of your personal information as set out in this Policy. If you do not agree to this Policy, you should not use the Services or interact with Our website.
If you use Our Services as an employee or representative of one of Our Customers, the terms of that Customer’s contract with Us for the Services apply to Our collection or use of your personal information through the Services and may restrict processing further than as set out in this Policy.
Where your personal information is provided directly to Settify, the controller of your personal information is the Settify entity in the country in which your personal information is collected. In the event there is no Settify entity in your jurisdiction, Settify Pty Limited, located at Level 8, 207 Kent Street, Sydney NSW 2000 will be deemed the data controller of your personal information.
Full details of each of our global subsidiaries and affiliates can be found here.
Where We act as a data processor or service provider on behalf of Our Customers, we will process personal information in compliance with the instructions of the Customer, who acts as data controller of such personal information and will handle your personal information in its systems in accordance with its privacy policy.
If you have any questions about this Policy, or how We collect, use or otherwise process your personal information please contact Us at: privacy@ati-global.com
When you use or access Our Services or otherwise interact with Us, we may collect a variety of information about you that contains information that identifies you or may be combined with other information to identify you (your Personal Information). We may collect this personal information directly from you, or from others (e.g your employer), from third parties, or automatically through use of the Services.
| Information Type | Purpose of Collection and Use | Legal Basis for Use |
| Customer information submitted to us via our website, or in discussions about Our Services including your name, email, phone number, and employer’s street address (Contact Data) and professional details such as your firm or employer (employer name, phone number, practice area). |
|
|
| Support information related to a request for assistance with the Services including Contact Data and usage information within the Services. |
|
|
| Event information including your disability, accessibility, or dietary requirements (that may include religious affiliation or health information) and Contact Data |
|
|
| Payment information associated with an event or contract for the Services |
|
|
| Survey information that you have provided Us by completing a survey |
|
|
| Marketing data, such as your preferences and a record of your participation in events. |
|
|
| Credentials, such as passwords, password hints or similar security information used for authentication and account access. |
|
|
| Information Type | Purpose of Collection and Use | Legal Basis for Use |
| Event information from Our event partners including Contact Data |
|
|
| Information regarding your interaction with Our campaigns, how you use Our website, and how you interact with Our communications e.g. emails through cookies and third-party analytics tools |
|
|
| Deidentified data about how you use Our Services |
|
|
| Information that is publicly available about you e.g. LinkedIn |
|
|
Security
To support investigations
Improvement of the Services
Compliance with legal obligation
Performance of contract
To understand usage of the Services and make improvements which are relevant to our customers and end users.
Legitimate interest (Service improvements)
For more information about Our use of cookies and tracking technologies, please see Our Cookie Notice.
Where permitted by applicable law and our obligations in contracts with Our customers, We may aggregate your non-personally identifiable data or anonymise your data and use this data to provide our Services, to analyse or improve our Services.
There are circumstances where We wish to share or are compelled to disclose your personal information to third parties. This will only take place in accordance with applicable law including for the purposes listed in this Privacy Policy. To the extent permitted by applicable law, we may share your personal information with the following third parties for the purposes listed in this Privacy Policy:
Law firms or other third parties to which you expressly request or consent that We disclose your information;
Our affiliated companies and offices, which are generally located in Australia, New Zealand, the United States, Canada, United Kingdom, Ireland, and Poland;
Our professional advisors, such as Our auditors, accountants and lawyers;
Trusted third-party service providers who perform services on Our behalf in connection with Our Services. The services provided by such third parties include:
Billing and processing payments;
Marketing communication providers;
Maintenance and support of the Services;
Hosting and backup of the Services;
Security of the Services;
Improvement of the Services; and
Analytics and reports on the Services.
Another legal entity, on a temporary or permanent basis, as required for the purposes of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.
A successor organisation or other legal entity, in the case of a merger, financing, acquisition or dissolution, transition, or proceeding involving the sale, transfer, divestiture, or disclosure of all or a portion of Our business or assets. Except to the extent required by applicable law, we do not guarantee that any entity receiving your information in connection with one of these transactions will comply with all of the terms of this Policy following such transaction.
We may disclose personal information to public authorities and other third parties, to comply with the law, applicable regulations, governmental requests, court orders or subpoenas, to protect Our rights, property or safety or the rights, property or safety of Our users or others or as otherwise permitted by applicable law. Except to the extent prohibited by applicable law, We reserve the right to disclose information that We collect to law enforcement or other government officials, as We, in Our sole and absolute discretion, deem necessary or appropriate.
We may also share with third parties aggregated or anonymous information that does not identify you. For example, we may share the number of visitors to Our platform and what features were used.
Your personal information is stored in a security enabled AWS cloud service for only as long as it is required for the uses described this Privacy Policy and for up to 2 years from the date it is submitted, after which it will be permanently deleted.
Our Services are not directed to individuals under the age of 18 (referred to within as a child or children).
If you become aware that an individual under the age of 18 has directly provided us with personal information, please contact us using the details in the “Contact Us”.
If we become aware that an individual under the age of 18 has directly provided us with personal information, or believe (in Our sole opinion) that valid consent under applicable law has not been provided by a child to share their personal information, we will take steps to delete such information from Our systems.
We may process the personal information of children in the course of delivering Services when information is provided by a user of the Services.
Our Services are hosted and operated in Australia, New Zealand, the United States, Canada, the United Kingdom, Ireland and Poland, and your personal information is stored in the location closest to your law firm as follows:
Australia / New Zealand
Europe / Great Britain
Canada
USA
By using Our Services you acknowledge that your personal information may be accessed by Us or transferred to Us in those jurisdictions, and accessed by or transferred to Our personnel, affiliates, partners, and service providers who are located around the world.
As required by applicable laws, We take industry standard measures to protect your personal information when it is transferred internationally and, if necessary, seek your prior consent. For example, if you are located in the European Economic Area (EEA), when we transfer personal information to a third party in a country located outside the EEA that is not recognised by the European Commission, or another relevant body, as ensuring an adequate level of protection, We will take appropriate steps, such as implementing Standard Contractual Clauses recognised by the European Commission(SCCs), to safeguard such personal information.
We are committed to protecting the personal information we hold about you and take steps to protect your personal information against loss, unauthorised access, use modification or disclosure. These steps include, for example:
The use of password protection measures and access privileges to monitor and control access to our IT systems;
Firewalls implemented across all office networks and sites;
Anti-virus software deployed on all workstations;
Cyber security training for all employees at point of onboarding and throughout the year;
Requiring any third parties engaged by Settify to provide appropriate assurances to handle your personal information in a manner consistent with applicable law;
Taking reasonable steps to destroy or de-identify personal information after We no longer need it for our business or to comply with the law; and
Imposing restrictions on physical access to paper files and offices.
Despite the high level of information security we employ to protect the security of your personal information, due to the nature of the internet we are unable to provide an absolute assurance that the personal information will remain secure at all times. Settify therefore does not accept any responsibility for incidences of unauthorised access to personal information, which is provided at your own risk. Settify does not guarantee the security or privacy compliance of any websites that are accessible through links provided on any of its websites, or the security or privacy compliance of the third parties (including any law firm) to which your personal information is provided. In the event of a security incident, we have in place procedures to promptly investigate the incident and determine if there has been a data breach, and if so, to assess if it is a breach that would require notification. If it is, we will notify affected parties in accordance with the applicable privacy law requirements.
You should notify us as soon as possible using the Contact Us section at the beginning of this Policy if you become aware of any misuse of your password, or compromise of the security of the Services, and immediately change your password within the Services.
You have the option to not share your personal information with Us. If you chose not to share your personal information this may mean you may be unable to take advantage of Our Services. Please note, some information may still be collected about You automatically in accordance with the above clauses. You may have rights under data protection laws in relation to the personal information we hold about you, depending on which laws are applicable (e.g. the European General Data Protection Regulation (GDPR) or the UK Data Protection Act 2018) such as:
Access: the right to request information regarding our processing of your personal information, and access to a copy of the personal information which we hold about you (subject to the privacy rights of other people and the information already provided to you in applicable privacy notices).
Correction: the right to request that we correct the personal information we hold about you if it is inaccurate or incomplete (by informing Us to make the necessary changes).
Erasure/Deletion: the right to request the deletion of your personal information in certain circumstances (such is where this is not lawful justification for Us to retain it).
Restriction: the right to object to, and requesting that we restrict, our processing of your personal information in certain circumstances.
Transfer: the right to request transfer of your personal information directly to a third party where this is technically feasible.
To submit a request or complaint regarding our processing of your personal information, please contact Us via the details outlined in “Contact Us” above.
For Us to facilitate your request, please ensure that your request specifies the type of request in the subject line and contains the information we need to investigate the request. We may require additional information from you to verify your identity or understand your request before providing additional information or actioning your request.
We will grant your request to exercise the above-mentioned rights to the extent required or permitted (as the case may be) by applicable law and in accordance with the timeframes (if any) in that applicable law.
You will generally not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances in accordance with applicable law.
If you consider that your information has been handled incorrectly, please contact Our Privacy Officer at privacy@ati-global.com.
The following section applies to residents of California only.
The California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act 2020 (CPRA) provide California residents with specific rights regarding their personal information in certain circumstances, referred to in this section as California Privacy Rights.
Disclosure Requests: related to Our information collection and sharing of personal information or to your specific personal information collected in the previous 12 months;
Do Not Sell or Share Requests: request that We not sell or share personal information about you in accordance with the regulations; and
Deletion Requests: request that We delete (and direct our service providers to delete) your personal information subject to certain exceptions.
Information collected, sources, and business purpose for collecting information is disclosed above in the "Information we collect, how we use it, and the legal basis we rely on to do so" section.
To make a Disclosure Request, Do Not Sell or Share Request, or a Deletion Request as a California resident, please contact Us by emailing Us at privacy@ati-global.com and making it clear within the subject and body of the email the type of request you are making.
The following section applies to residents of Nevada and Virginia only.
We may transfer personal information for monetary consideration. If you would like to exercise your opt-out right, please email Us at privacy@ati-global.com with your name and the email address associated with your use of the Services with “Nevada do not sell” in the subject line.
To exercise your Virginia Consumer Data Protection Act (VCDPA) rights, please email us at privacy@ati-global.com with your name and the email address associated with your usage of the Services with “VCDPA Request” in the subject line.
We may make update this Policy from time to time. When we do so we will place our changed Privacy Notice on the website www.settify.com/privacy. We will make clear any changes We have made to our changed Privacy Notice. We will always put the date of Our Privacy Notice on the document so that you can easily find this information.
You can opt-out of receiving certain marketing communications from Us at any time, by clicking the unsubscribe link in the email communications we send, or by contacting Us using the details contained in the “Contact Us” section. We may continue to send you non-promotional communications, such as service-related emails, billing information, and certain product updates via email.
If you believe that we have not complied with Our obligations under this Policy or applicable data protection law, please contact us via the details outlined in the Contact Us section above.
When you make the complaint please identify yourself, including your contact details, provide a brief description of the matter and why you think We have mishandled your personal information, and how you would like us to resolve the matter. We will then acknowledge, investigate and respond to any complaint as soon as practicable.
We would appreciate the opportunity to help you resolve any concerns you may have regarding our processing of your personal information, but if we are unable to assist you with your issue or you wish to make a complaint, you may have the right to make a complaint to an authority responsible for data protection in your jurisdiction:
Australia - the Office of the Australian Information Commissioner at www.oaic.gov.au.
Canada - you have the right to lodge a complaint with the privacy authority responsible for the privacy law in effect in your province of residence:
Alberta: The Information and Privacy Commissioner of Alberta at www.oipc.ab.ca.
British Columbia: The Information and Privacy Commissioner for British Columbia at www.oipc.bc.ca.
Québec: la Commission d’accès à l’information du Québec at www.cai.gouv.qc.ca/english/.
All other provinces and territories: The Privacy Commissioner of Canada at www.priv.gc.ca/en.
New Zealand - the Office of the Privacy Commissioner (New Zealand) at www.privacy.org.nz.
United Kingdom - the UK Information Commissioner’s Office at www.ico.org.uk/.
European Union - the Supervisory Authority of the EU Member State in which you live or work, or where the alleged infringement took place should you prefer.