This Policy sets out our approach in dealing with your personal information including without limitation the collection, use, storage, access to and dissemination of such information. We undertake to treat all client and other personal information in our possession in accordance with the requirements of the Act.
By “personal information” we mean information or an opinion about an identified individual, or about an individual reasonably identifiable from the information and includes sensitive information.
Collection of your information
The kind of personal information we may collect includes your name and birth date; your contact information, including postal and residential addresses, telephone and facsimile numbers, and email addresses; where relevant your financial information as well as government identifiers such as your tax file number, ABN or registered business names.
We collect personal information directly from you, such as when you meet with us, provide your information by document, telephone or by forwarding us an email.
In some cases, personal information may be provided by an entity/person authorised by you to do so, such as your employees or a corporate or business entity with which you are involved either as a principal, member or beneficiary, for the purpose of providing services to or on your behalf. Your personal information may also be provided by a trade reference or credit reporting agency, for the purpose of us determining whether or not to grant you credit. We may also collect your personal information from other publicly available means (such as by obtaining governmental or semi-governmental searches) or through websites (such as Google or social media sites) who disclose to their users that the user’s personal information is provided to businesses such as ours. The privacy of any personal information collected in this manner will be treated in accordance with the APP’s.
Where it is reasonable and practical to do so we will only collect personal information about you from you. You have no obligation to provide any information requested by us. However, if you choose to withhold personal information and sensitive information from us it may prevent us from being able to provide you with the services that you have requested.
Provision of personal information about another person
Use and disclosure of personal information
Personal information is collected in order to conduct our business, to provide and market our services to you, including purposes necessary or incidental to the provision of services to you, or any purposes that you may reasonably expect, for any other purpose authorised by law or required to comply with our legal obligations, or for any other purposes disclosed to or authorised by you. This may include disclosure to organisations that provide us with support services and professional advice. The collection will be fair, lawful and not intrusive. The nature of this information will vary according to your relationship with the firm and the work we are performing.
We will only disclose personal information for the purpose it was collected unless you have consented, or you would reasonably expect such use or disclosure, or the use is for direct marketing where we expect the information may be of interest to you. Should you receive such direct marketing material and do not want to receive it in the future, we will provide you with a simple “unsubscribe” (opt out) method in the direct marketing material. If you receive hard copy marketing material and wish to unsubscribe, you can email us at: firstname.lastname@example.org.
We will provide personal information to third parties where we are required to by law, where it is reasonable for us to do so as part of providing services to you, where our advisors request it or where you have expressly asked us to do so.
We will hold your personal information for as long as is required to fulfill the purposes for which it was collected or as required by law. We will take reasonable steps to destroy or de-identify any personal information about you once the information is no longer required for the purposes for which it was collected or as authorised or required by law.
We will never sell your personal information.
Personal information is held in paper archives, by electronic or computer data base and remotely in cloud based storage systems.
Unless you specify an expiry date when you provide the personal information to us, we will hold the information for a period of time determined by us in our discretion.
Website collection of personal information
Data security of personal information
Notifiable Data Breaches
We take the security of your personal and sensitive information very seriously. However, sometimes a data breach can occur. Under the Act, an Eligible Data Breach is where there is an unauthorised access or disclosure of, personal information, or loss of personal information that has the potential to cause serious harm to the individual that the data pertains to and we have not been able to prevent the likely risk of serious harm with remedial action. If we have reasonable grounds to believe that an Eligible Data Breach has occurred, we will notify you and the Office of the Australian Information Commissioner.
Access to and correction of personal information
You may request access to your personal information by contacting the Privacy Officer. Except where some legal restrictions might apply you will be provided access to any personal information we have collected or hold about you. If we refuse to allow you access to your personal information held by us, we will explain why. We will deal with all requests to access to personal information as quickly as possible but may charge you a fee where access is provided.
We will endeavour to take reasonable steps to keep information about you accurate and up to date. If at any time you discover that information held about you is incorrect, you may contact us to request a correction and we will update that information.
Anonymity and Complaints
You can choose to deal with us anonymously. We will do our best to action any request or complaint that you supply to us anonymously. However, without providing your identity, we may be limited in the action that we can take in relation to your enquiry or complaint.
Should you have any complaints about our treatment of your personal information please direct this by email to our Privacy Officer on: email@example.com. We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously, and will investigate any breach of which we become aware – including how it occurred and how best to prevent such a breach occurring again.
If you believe that we have not adequately addressed your complaint, you may complain to the Office of the Australian Information Commissioner.
Commonwealth Government identifiers
We will not use Commonwealth government identifiers (Identifiers) as an identifier of individuals. Identifiers will only be used or disclosed in the circumstances permitted by the Act.
Transborder data flows
We currently use contracted cloud personnel based in Philippines who have access to your information in order to assist us in performing services for you. The ways in which these contractors assist us (and so may have access to your information) include in accounting and administrative services only.
There may be other occasions when personal information is transferred outside of Australia within our network, or such as where we engage a third party to provide services or an element of the services to you. Generally, this will occur in the provision of services to you and the transfer of this information outside of Australia will have been disclosed to, and authorised by, you as part of the terms of our engagement. When transferring personal information outside Australia within our network, we will comply with the requirements of the Act that relate to transborder data flows. Where the international transfer of personal information is to countries whose privacy laws may be considered not to provide the same level of protection as Australia, our commitment to safeguard your privacy will not change and remains subject to existing obligations and this Policy.
We will use reasonable endeavours to ensure that our server hosts do not have access to, and use the necessary level of protection to safeguard, your personal information and otherwise comply with the APPs. If you do not want your personal information to be transferred to a server in the location listed in the previous paragraph or to any other international locations, you should not provide us with your personal information or use our services.