Privacy Policy.

What personal information we collect and hold.

The kinds of personal information we collect from you or about you depend on the transaction you have entered into with us, the services you or your organisation have contracted us to provide, and the services you or your organisation are interested in. The kinds of personal information that we commonly collect and hold from you or about you include: your name, company name, address, phone, fax and mobile numbers and email address. In the course of our advisory, financial planning, audit, accounting and taxation functions, we also commonly collect and hold personal information regarding: your family composition, you and your family members’ date/s of birth, gender/s, occupation/s and employment details (including resumes of job applicants), social media handles, income details, expenses details, asset listings, tax file number/s, visa or work permit status, taxation records, credit card and bank account details, photo identification, insurance policies, medical history (including medical records, ethnicity, genetic or biometric data), financial risk appetite and wealth goals etc. When you browse our website or contact us electronically, we may record: geographical tagging, IP address, cookies and data about usage of online services, support queries and testimonials, RFID tags and statistical data.

How we collect and hold personal information.

We aim to collect personal information only directly from you, unless it is unreasonable or impracticable for us to do so. For example, we collect personal information from you or about you from correspondence that you submit to us, meetings and interviews with us, telephone calls with us, and from your activity on our website. However, in some instances we may receive personal information about you from third parties, such as associated businesses and referrers (including financial planners and insurers). We may also receive personal information about you from your bank and from your family members.

You can be anonymous or use a pseudonym when dealing with us, unless:

Why we collect, hold, use and disclose personal information.

We collect, hold, use and disclose personal information from you or about you where it is reasonably necessary for us to carry out our firm’s functions and activities. For example, we collect, hold, use and disclose your personal information as necessary to provide our advisory, audit, financial planning, accounting and taxation services to you or your organisation. Our firm also works closely with other, external businesses, such as lawyers, banks, investment advisers and brokers, other financial planners, insurers, auditors and bookkeepers. We routinely disclose your personal information to these third parties for them to assist us in carrying out our primary business functions and activities, or to enable them to provide related service offerings that you have requested. We may collect sensitive information from you or about you where there is a legal requirement to do so, or where we are otherwise permitted by law. In all other situations, we will specifically seek your consent. If we do not collect, hold, use or disclose your personal information, or if you do not consent, then we may not be able to answer your enquiry, complete the transaction you have entered into, or perform the services that you or your organisation have engaged us to provide. We also collect, hold, use and disclose your personal information for related purposes that you would reasonably expect, such as our administrative and accounting functions, fraud checks, our professional quality assurance and accreditation audits, client audits and trust account audits, data back-ups and statistical collation. We will also use your personal information to provide you with ongoing newsletter communications, details about educational briefings and seminars, and any other events that we may conduct or host. Where we use your personal information for marketing, promotional, newsletter and briefing communications, you can opt out at any time by notifying us. Opt-out procedures are also included in our communications. Where we wish to use or disclose your personal information for other purposes, we will obtain your consent. We may also disclose your personal information to third parties (including government departments and enforcement bodies) where required or permitted by law. Commonly, we will disclose your personal information as required under taxation, superannuation and personal assistance laws, to third parties including the ATO, APRA and Centrelink.

How we hold and store personal information.

Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference and loss, and from unauthorised access, modification and disclosure.

Data held and stored on paper is stored in lockable filing cabinets within secure premises.

Data held and stored electronically (including “in the Cloud”) is protected by designated password access to systems and internal and external firewalls. We also require our IT contractors and other third parties to implement privacy safeguards.

Data stored or archived off-site is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.

Where we disclose personal information to third parties (including contractors and affiliated businesses located locally and overseas), our contractual arrangements with them include specific privacy requirements.

Our staff receive regular training on privacy procedures.

Destruction and De-identification.

We will retain your personal information whilst it is required for any of our firm’s functions, or for any other lawful purpose. We will also retain your personal information for the time periods required by law. We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed:

Data Breach.

A data breach occurs when personal information that an entity holds is subject to unauthorised access or disclosure or is lost. Examples include:

loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information.unauthorised access to personal information by an employee. inadvertent disclosure of personal information due to ‘human error’, for example an email sent to the wrong person. disclosure of an individual’s personal information to a scammer, as a result of inadequate identity verification procedures. In the unlikely event of an ‘eligible data breach’ (where the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates), we will undertake the following steps (in accordance with our data breach response plan):Contain the data breach to prevent any further compromise of personal information.Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, taking action to remediate any risk of harm.Notify the individuals, the Commissioner (if required) and other entities depending on the categories of information involved in the data breach.Review the incident and consider what actions can be taken to prevent future breaches.

• loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information.
• unauthorised access to personal information by an employee.
• inadvertent disclosure of personal information due to ‘human error’, for example an email sent to the wrong person.
• disclosure of an individual’s personal information to a scammer, as a result of inadequate identity verification procedures. In the unlikely event of an ‘eligible data breach’ (where the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates), we will undertake the following steps (in accordance with our data breach response plan):
  
  Contain the data breach to prevent any further compromise of personal information.
  
  Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, taking action to remediate any risk of harm.
  
  Notify the individuals, the Commissioner (if required) and other entities depending on the categories of information involved in the data breach.
  
  Review the incident and consider what actions can be taken to prevent future breaches.

Protecting children’s privacy.

We understand the importance of protecting children’s privacy, especially in an online environment. In particular, our website is not intentionally designed for or directed at children under the age of 13. It is our policy to never knowingly collect or maintain information about anyone under the age of 13, except as part of a specific engagement to provide services which necessitates such personal information be collected or for the purposes of ensuring compliance with our auditor independence policies.

Requests for access and correction.

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you. We understand your rights to access and rectification and in most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the information as requested, we will give you written reasons why. For further information, please see our Privacy Access, Correction & Complaints brochure or contact us. To assist us to keep our records up-to-date, please notify us of any changes to your personal information.

Complaints and Concerns.

We have procedures in place for dealing complaints and concerns about our practices in relation to the Privacy Act and the APPs. We will respond to your complaint in accordance with the relevant provisions of the APPs. For further information, please see our Privacy Access, Correction & Complaints brochure or contact us.

Contact.

Privacy Policy Updates.

This Privacy Policy is not a static document. We may, from time to time, make changes and updates to this Privacy Policy. The most current and up-to-date Privacy Policy will always appear on our website.