Skills Migration Pty Ltd (trading as Lucidian Law) ACN 636 600 863 (“SM”, “we”, “us” and “our”) will always protect the privacy of any individual or entity that we come into contact with. We adhere to all of the relevant privacy laws including, but not limited to, the Privacy Act 1988 (“the Act”), the Australian Privacy Principles (“APP”), and any privacy codes made in connection with the Act. 

The APP sets out 13 principles that SM must adhere to when dealing with ‘personal information’. Personal information is defined by section 6 of the Act as any:

“information or an opinion about an identifiable individual, or individual who is reasonably identifiable:

whether the information or opinion is true or not; and

whether the information or opinion is recorded in a material form or not.”

To find out more about the APP you can contact the Office of the Australian Information Commissioner (“OAIC”) by email at the following address: Specific information about the APP may be accessed via the following link:

This privacy policy sets out the way that we manage personal and other information that may be provided to us. It also details how you can make a complaint to the office of the OAIC, should you feel that we are not adhering to our privacy law obligations.

The kinds of personal information collected and held by us

We may collect and hold a range of personal information. This information may include the following:

Please note that this is not intended to be an exhaustive list, and there may be instances where we collect and hold forms of personal information that is not referred to above.

How we collect and hold your personal information

We may collect personal information via the following sources:

We may also use Google analytics to collect information about how visitors use our website. The information obtained is used to help us understand our website user’s needs so that we can offer a better user experience. Google analytics uses cookies to collect information about which pages have been visited, how long the visitor was on a website, how the visitor got there (for example from a search engine, a link, an advertisement, etc) and what selections are made on the website. Information collected by the cookies (including your IP address) is transmitted to and stored by Google on servers in Australia and overseas. You can opt out of Google analytics if you disable or refuse the cookie, disable JavaScript, or use the opt out service provided by Google.

Our online services may contain links to other websites. We cannot be held responsible for the privacy practices or policies of those sites and we recommend that you review their privacy policies before you use these sites.

Under the APP, you have the right to anonymity and pseudonymity in your dealings with us. However, if you fail to provide us with any personal information we have requested from you, then we may decline to engage with you any further.

We may hold your personal information in electronic and/or hard copy format, both at our head office, branch premises and with our agents and/or third-party service providers. We implement a range of reasonable measures to ensure the security and integrity of your personal information. Careful measures are also undertaken in respect of destroying personal information that is no longer required to be held or needed by us for any lawful purpose.

How we use your personal information

We collect and hold your information for the following reasons:

We will not use your personal information for marketing purposes if you expressly indicate that you do not wish it to do so.

We may disclose your personal information:

We may also disclose your information to your authorised representatives when you provide us with written authority to do so.

Access to and correction of personal information held by us

You may access information held by us about you by submitting a request in writing by email or hard copy using either of the following address:


The Privacy Officer
Lucidian Law
Suite 3, Level 2, 139-145 Charlotte Street, Brisbane City, QLD, 4000

You will need to provide us with sufficient proof of identity before we will respond to any request for access or correction.

We typically respond to any requests of this nature within 30 days. However, the requested information will only be supplied if:

If we decline your request, we will provide you with our reasons for this decision in writing.

We have the discretion to charge you any fees associated with obtaining and providing you with access to any of your personal information held by us. This includes the costs of locating, retrieving, compiling, copying, and delivering the requested information.

Requests to correct any errors and/or omissions regarding any of your personal information can also be made. These requests must be put in writing and sent to either of the addresses set out above. 

We will typically process your correction request within thirty (30) days and will notify you of the corrections made in writing once they are completed. If we decline to make any of the corrections requested, we will provide you with our reasons for this decision in writing.

Disclosure of personal information to third parties

We may need to disclose your personal information to third parties such as translators, the Department of Home Affairs, the Australian Federal Police, Bupa Migration Health Services, or any relevant Australian State or Territory Government agencies. We will always obtain your prior written consent before disclosing your personal information to these, or any other, third parties.

Disclosure of personal information to overseas recipients

The third parties to whom we disclose your personal information to may be located in Australia as well as overseas. We undertake steps to ensure that we only disclose personal information to overseas recipients that agree to protect the privacy and security of the personal information, and to use the information only for the purpose for which it is disclosed. 

How you may complain about an alleged breach of the Australian privacy principles or a registered privacy code by us

Should you wish to make a complaint about the way in which we have dealt with your personal information and/or our adherence to any relevant privacy laws, please make your complaint in writing to either of the following addresses:


The Privacy Officer
Lucidian Law
Suite 3, Level 2, 139-145 Charlotte Street, Brisbane City, QLD, 4000

We will typically respond to your complaint in writing within thirty (30) days unless your complaint requires us to obtain further information from you or to make enquiries with any related or unrelated third parties. We will endeavour to deal with your complaint as quickly as possible given the circumstances. If it is likely that a final response to your complaint will not be provided within thirty (30) days of receipt of your complaint, we will notify you of the reasons for this delay and provide you with a revised timeframe for our response.

If you are dissatisfied by our response to your complaint, you can make a complaint to the Office of the Australian Information Commissioner. For detailed information on how to make a complaint to the OAIC, please visit the following web link:

The contact information of the OAIC is also set out below.
Phone number: 1300 363 992
Fax: 02 9284 9666
Post: Sydney Office, GPO Box 5218 Sydney NSW 2001

How eligible data breaches are handled

Eligible data breaches happen where there is an unauthorised access to, unauthorised disclosure of, or loss of personal information held by us which may result in serious harm to an individual.

Pursuant to the Australian Privacy Protection Principles, we must take all reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, and disclosure.

Our data breach response plan outlines processes as to how a data breach will be contained, evaluated, and managed. The plan also outlines how we decide whether it is necessary to notify an individual of a data breach. 

Our data breach response plan is as follows:

When deciding whether an individual is required to be notified, the following factors will be considered:

If we reasonably believe there is a risk of serious harm to the individual due to a data breach, we will notify the Commissioner. In some situations, we may also notify other third parties, such as law enforcement officers.