1.2 We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. This commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way in which personal information must be treated.
1.3 This policy applies to any person for whom we currently hold, or may in the future collect, personal information.
1.4 This policy does not apply to acts and practices which relate directly to the employee records of our current and former employees.
1.5 In broad terms, ‘personal information’ is information or opinions relating to a particular identifiable individual.
1.6 Information or opinions are not personal information where they cannot be linked to a particular individual.
2. HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?
2.1 We manage the personal information we collect by:
(a) providing team members manuals and training on privacy issues;
(b) implementing procedures such as providing privacy statements when dealing with a client’s personal information;
(c) regularly reviewing our privacy compliance, including privacy audits;
(d) implementing security measures to keep the personal information we collect safe, including using unique usernames and passwords on systems that can access personal information; and
(e) appointing a designated privacy officer to monitor privacy compliance and be a contact for any privacy complaints and access or correction requests.
2.2 In limited circumstances, it may be possible for an individual to use a pseudonym or remain anonymous when dealing with us. If an individual wishes to use a pseudonym or remain anonymous they should notify us when making first enquiries or providing initial instructions. We will use our best endeavours to deal with the individual as requested, subject to our professional obligations and ability to perform the legal service without using the individual’s name. In most cases, our professional obligations will require the individual to deal with us using their real name.
2.3 We must comply with our professional obligations (including confidentiality obligations) in dealing with an individual’s personal information at all times.
3. WHAT KINDS OF PERSONAL INFORMATION DO WE COLLECT AND HOLD?
3.1 We are a full-service accounting firm and hold different information depending on the type of the services provided to clients or, in the case of prospective employees, the information needed to assess future employment with us. Generally, the types of information that we may collect and hold include:
(a) taxation information;
(b) financial information;
(c) business circumstances;
(d) family circumstances;
(e) information about assets and investments;
(f) loan information,;
(g) date and place of birth;
(h) Income protection insurance ;
(i) banking and credit card details;
(j) superannuation details;
(k) tax file numbers;
(l) ABN & ACN information;
(k) any other personal information required to perform the service required by clients..
3.2 Where possible, we will only collect the personal information required to provide the accounting service to the individual, or as required by our professional obligations.
4. WHAT SENSITIVE INFORMATION DO WE COLLECT AND HOLD?
4.1 ‘Sensitive information’ is a subset of personal information and includes personal information that could have serious ramifications for the individual concerned if used inappropriately.
4.2 The sensitive information that we collect and hold about an individual will include any information necessary to provide accounting services to the individual. This may include:
(a) family information;
(b) will information;
(c) membership of professional or trade associations or unions;
(d) any sensitive information required to be disclosed by law; and
(k) any other sensitive information required to perform the accounting service to the individual.
4.3 We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.
5. HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?
5.1 Where reasonable and practicable, we will collect personal information directly from the individual to whom the personal information relates.
5.2 However, we have a large referral network and also collect personal information from numerous other sources. It is not possible to provide an exhaustive list of these sources, but they may include:
(a) professional advisors or agents for individuals who we act for;
(b) banks and financial institutions;
(c) government bodies;
(d) law firms;
(e) businesses about their employees, contractors, customers or suppliers;
6. HOW DO WE HOLD PERSONAL INFORMATION?
6.1 We hold personal information:
(i) on our premises; and
(ii) by third party data storage providers in Brisbane.
(i) through internal servers and websites and a private cloud;
(ii) on electronic storage devices, including DVD and USB;
(iii) by a third party data storage provider in Australia;
(iv) by an off-side data replication provider in Australia; and
(v) by an email filtering host in other countries..
6.2 We will take all reasonable steps to ensure that all personal information we hold is secure from any unauthorised access, misuse or disclosure. However, we do not guarantee that personal information cannot be accessed by an unauthorised person (e.g. a hacker) or that unauthorised disclosures will not occur.
6.3 Some of the methods we use to store and secure information include:
(a) using security cards to access areas that contain personal information;
(b) having designated areas to meet with clients;
(c) using unique usernames, passwords and other protections on systems that can access personal information;
7. FOR WHAT PURPOSES DO WE COLLECT, HOLD, USE OR DISCLOSE PERSONAL INFORMATION?
7.1 We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected. The primary purpose for which information is collected varies, depending on the particular service being provided, but is generally to provide accounting advice and services to an individual or their business.
7.2 In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us.
7.3 Personal information may also be used or disclosed by us for secondary purposes which are within the individual’s reasonable expectations and related to the primary purpose of collection.
7.4 For example, we may use personal information for the following secondary purposes:
(a) to add an individual’s details to our newsletter list, to inform the individual or business of updates and changes to the taxation law and court decisions that may affect them and to invite them to any events relevant to their business (which can be unsubscribed from at any time); or
(b) to provide a referral.
7.5 We may disclose personal information:
(a) to other service providers or referral partners, in order to provide the accounting & structure service to the business or individual (for example, solicitors, bankers, experts, accountants, insurers etc. as the context of the accounting service requires);
(b) with the consent of the individual to whom the information relates;
(c) to BTACS financial Services Pty Ltd, our affiliate; or
7.6 Otherwise, we will only disclose personal information to third parties with the relevant individual’s consent or if the disclosure is permitted by the Privacy Act.
8. DO WE DISCLOSE INFORMATION OVERSEAS?
8.1 We do not disclose personal information to overseas recipients apart from our email filtering host in other countries.
9. HOW DO WE MANAGE YOUR CREDIT INFORMATION?
9.1 We do not use an individual’s personal information to assess their credit eligibility. However, during the course of providing the accounting service to the business or individual, we may collect credit information.
What kinds of credit information may we collect?
9.2 The main kind of credit information we collect is an individual’s or business’s identification information.
9.3 However, in the course of providing accounting services to you, we may be given (and subsequently hold) the following other kinds of credit information:
(a) information about any credit that has been provided to you;
(b) your repayment history;
(c) information about your overdue payments;
(d) if terms and conditions of your credit arrangements are varied;
(e) information about any bankruptcy or debt agreements involving you;
9.4 We do not collect your credit information from credit reporting bodies, banks or other credit providers unless it is necessary to provide you with the accounting service or you have expressly asked us to.
How and when do we collect credit information?
9.5 In most cases, we will only collect credit information about you if you disclose it to us and it is relevant in providing you with the accounting service.
9.6 Other sources we may collect the credit information from include:
(a) banks and other credit providers;
(b) other individuals and entities such as the Australian Taxation Office; and
(c) your suppliers and creditors.
9.7 However, in most cases you will be aware that this information is being collected as part of the accounting service we are providing to you.
How do we store and hold the credit information?
9.8 We store and hold credit information in the same manner as outlined in section 6 of this policy.
Why do we collect the credit information?
9.9 Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to provide you with the accounting service.
9.10 We may also collect credit information to process payments.
Overseas disclosure of the credit information
9.11 We will not disclose your credit information to overseas entities unless you expressly advise us to, apart from the following circumstances:
(a) to the extent that your credit information is contained in emails which are filtered by our email filtering host in other countries; or
(b) to the extent that it is necessary or desirable to make such a disclosure to obtain payment of money owed to us.
How can I access my credit information, correct errors or make a complaint?
9.12 You can access and correct your credit information, or complain about a breach of your privacy in the same manner as set out in section 10 of this policy.
10. HOW YOU CAN ACCESS AND CORRECT YOUR PERSONAL INFORMATION?
10.1 It is important the information we hold about individuals is up-to-date. Individuals should contact us if their personal information changes.
10.2 Individuals may request access to the personal information we hold or ask for their personal information to be corrected.
10.3 A request by an individual to access or correct personal information about the individual must be made to the following contact officer:
Contact person: Privacy Officer (Chief Operating Officer)
Telephone number: 07 3391 6444
Email address: firstname.lastname@example.org
Postal address: P O Box 7500, East Brisbane Qld 4169
10.4 We will grant an individual access to their personal information as soon as possible, subject to the request circumstances.
10.5 In keeping with our commitment to protect the privacy of personal information, we will not disclose personal information to an individual without proof of identity.
10.6 We may deny access to personal information if:
(a) the request is impractical or unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person;
(d) providing access would compromise our professional obligations; or
(e) there are other grounds to deny the request.
10.7 We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed prior to it being levied.
10.8 If an individual is able to establish that personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
11. HOW CAN A PERSON COMPLAIN ABOUT A BREACH OF PRIVACY?
11.1 If a person wishes to complain about an alleged privacy breach, they must follow the following process:
(a) The complaint must be firstly made to us in writing. We will have a reasonable time to respond to the complaint.
(b) In the unlikely event the privacy issue cannot be resolved between us and the individual, the individual may take their complaint to the Office of the Australian Information Commissioner.
11.2 A person can complain about a breach of privacy by contacting us using the contact details as per item 10.3.
12. CHANGES TO THE POLICY
12.2 This policy was last updated in March 2014. If you have any comments on the policy, please contact our privacy officer on the contact details in section 10.3 of this policy.
Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, email address, phone number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
Web browser cookies
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.
Our Site is in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for Users.
Third party websites
Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website’s own terms and policies.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
This document was last updated on March 24, 2014