Privacy Policy

 

1. Purpose of the Policy

 This Privacy Policy applies to Accountants & Business Improvement Solutions Pty Ltd (ABN: 51 150 232 287) T/A TCA Accountants and Bookkeepers (“TCA”) and describes the personal information that may be collected by us, the choices you make about your personal information and how we protect your information.

 TCA is bound by the Privacy Act 1988 (Cth) (“Privacy Act”), including any relevant privacy code registered under the Privacy Act. TCA is committed to complying with the Privacy Act in relation to all personal information we collect and committed to protecting the privacy of personal information obtained through its professional service operations.

 The Privacy Act incorporates the Australian Privacy Principles (APPs) which set out the way in which personal information must be treated.  Disclosure of such information may be compelled by law (for example, under the Social Security Act 1991 (Cth)).

 This Privacy Policy governs the TCA business and applies to any person for whom we currently hold, or may in the future collect, personal information (whether or not a client of TCA). This policy does not apply to matters which relate directly to the employee records of our current and former employees. In general terms, ‘personal information’ is information or opinions relating to a particular identifiable individual. Information or opinions are not personal information where they cannot be linked to a particular individual.

 

2. Acknowledgement of TCA’s Privacy Policy

 By accessing the website you accept the terms of this Privacy Policy and you understand that this Privacy Policy applies to information provided to us whether via the website or through any other means. By using the TCA website, you acknowledge to have read and understood this Privacy Policy. This Privacy Policy does not extend your rights or TCA’s obligations beyond those defined by the Privacy Act.

 By your use of the website and our professional services, you consent to the collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy and as otherwise permitted under the Privacy Act

 Should there be any inconsistencies between this policy and the Privacy Act, this Privacy Policy shall be interpreted to give effect and comply with the Privacy Act.

 The TCA website contains links to non TCA websites. TCA is not responsible for the Privacy Policies of those other websites and TCA recommends that you should review the Privacy Policies of those other websites.

 

3. Collection of personal information

 TCA collects personal information that is reasonably necessary for, or directly related to, its professional services. The types of personal information that TCA may collect and hold includes the following:

  •  Name

  • Contact number

  • Personal or Business email address

  • Personal or Business mailing address

  • Title

  • Nature of business

  • Financial records

  • Financial information (including information about assets and investments, banking and credit card information)

  • Tax File Numbers

  • Qualifications, memberships and other accreditations and

  • Advice received from client or prospective client that may contain additional personal information, such as business-related connections and familial relationships.

 TCA only collects personal information that has been directly provided to TCA by clients or prospective clients, associates of clients, suppliers or potential suppliers, TCA employees or potential employees or otherwise personal information available in the public domain where such information will assist TCA with the provision of services to TCA’s current or prospective clients. Personal information may have been provided in writing or verbally.

 If clients or prospective clients do not provide personal information when requested, TCA may not be able to deliver the service that is required. TCA will endeavour to make this as clear as possible for each service. TCA will collect personal information from the user by lawful and fair means. 

 We manage the personal information we collect by implementing appropriate privacy management systems when dealing with your personal information, reviewing our privacy compliance from time to time and implementing security measures (such as unique usernames and passwords on our computer systems) to safeguard the personal information we collect. We will comply with our professional obligations (including confidentiality obligations) in dealing with your personal information at all times.

 It is generally impracticable for TCA to deal with individuals on an anonymous basis or through the use of a pseudonym (an alias), although sometimes this is possible where it is lawful.

 ‘Sensitive information’ is a subset of personal information includes personal information that could have serious ramifications for you if used inappropriately. You consent and agree that the sensitive information that we collect and hold about you will include any information necessary so that we can provide our professional services to you. This may include professional or trade associations, racial or ethnic information, political opinions, any sensitive information required to be disclosed by law and any other sensitive information that we require to perform the professional services that you require. We will not collect sensitive information without your consent unless permitted under the Privacy Act or in accordance with law.

 

 4. How we use personal information

 The main purpose for which TCA collect, hold and use personal information are:

 For TCA to provide service;

  • to maintain contact with clients;

  • to keep clients and contacts informed of the services that TCA offers and of any current developments and updates such as changes of business hours;

  • for administration and management purposes;

  • to provide users with information about other services that TCA offers and that may be relevant to the user; and

  • other purposes that is related to TCA’s business.

 If TCA collects, holds or uses personal information in ways other than as stated in this Privacy Policy, TCA will ensure to collect, hold or use personal information pursuant to the requirements of the Privacy Act.

 Employee records are not generally subject to the Privacy Act and therefore this policy may not apply to the handling of information about employees of TCA.

 

5. Unsolicited Information

 “Unsolicited” personal information is personal information about an individual that TCA has unintentionally received. This is not a common occurrence for TCA but when it does occur, TCA will seek to ensure to protect such personal information with same rigor to those personal information that TCA intended to collect.

 

6. Disclosure of Personal Information

 Personal information is not disclosed to any third party unless the disclosure is:

·      required by law, rules and regulations and/or professional standards;

·      necessary to provide the client or prospective clients with the product or service requested;

·      to protect the rights, property and personal safety of a TCA client, prospective client, the public and the interests of TCA; and

·      given with consent.

 Should it be necessary for TCA to forward personal information to third parties, TCA will make every effort to ensure that the confidentiality of the information is protected.

 

7. Overseas, Interstate and Data Retention Disclosures

 TCA’s Administration, Business improvement Accounting & Bookkeeping operations may occur interstate and/or overseas and TCA may use the following contractors and their facilities: My Cloud People Inc. and Upwork Global Inc, Elva Li, Muhammad Adnan Ayub, Ninnett Panfir, Amjad Majed & Sarah Ahmad on behalf of Desol Int., Commercial Credit Services Pty Ltd, Melanie Fortez, Maricel Valeros, RSM Australia. All outsourced consultants who may require access to client records in order to carry out their duties are required to sign a host agreement before beginning any work on our behalf, and are bound by the Australian Privacy Principles as set out in section 7 of our privacy policy which is accessible at the bottom of our website home page www.tcadarwin.com.au.

As a result, TCA may at times require the exchanges of personal information of TCA’s clients and/or prospective clients between locations and firms. In the event that personal information is disclosed to overseas recipients, TCA will take all reasonable steps to ensure that any personal information is secure and is treated in accordance with the Australian Privacy Principles. The personal information may be transferred to countries whose privacy laws do not provide the same level of protection as compared to Australia’s privacy laws. In the event that personal information is disclosed to overseas recipients, TCA will take all reasonable steps to ensure that any personal information is secure and is treated in accordance with the Australian Privacy Principles.

We hold, or may hold your personal information electronically, physically, on our premises, in off-site storage facilities in Australia (in any account held by us or held by or owned by any Company or Trust or legal entity from whom we lease commercial premises), by a third party data storage facilitator and/or provider in Australia and/or overseas (including but not limited to international cloud computing services in overseas countries including but not limited to Philippines and the United States Of America), through various third party providers such as: G-suite, AcuityScheduling, Xero suite, Airtable, Miro, MailerLite, Slack, Quickbooks, Teamwork Projects & Chat, SignNow, Docusign, Now Infinity, BGL, MYOB, Integrapay, Loom, Adobe, Office 365, Hubspot, Hubdoc, Dropbox, airtable, Practice Ignition, Integromat, UiPath, JustCall.io, Dialpad Phone and Meetings, by an email filtering host in Australia and/or overseas, through internal servers, our website, private cloud, as well as on electronic storage devices, including DVD and USB. If you send an email to us, the information in your email (including any personal information) may be retained on our systems in accordance with our procedures.  Whilst we take reasonable steps to ensure that all personal information that we hold is secure from any unauthorised access, misuse or disclosure, no data transfer over the internet is ever one hundred percent (100%) secure and we cannot guarantee that personal information cannot be accessed by an unauthorised person (for example, a hacker) or that unauthorised disclosures will not occur. Information you send to us, from your workplace, for example, may possibly be accessed by your employer or an intermediate service provider. If you send any information (including personal information) to us through the internet or through any other electronic means, you do so at your own risk. Some of the methods we use to store and secure personal information include using security cards to access areas that contain personal information, using designated areas (that do not contain personal information) to meet with clients and non-employees of TCA, using customised usernames, passwords and other protections on computer and other systems that can access personal information, as well as using lockable storage devices for storing some more sensitive information, other important documents or financial records.

 We take reasonable steps to use and disclose personal information for the primary purpose for which it is collected. The primary purpose for which information is collected varies, but is generally for the relevant TCA to provide the professional services to you. In the case of potential employees, the primary purpose the information is collected is to assess the individual’s suitability for a position with us or to consider an enquiry made with us, in respect of potential employment with us. You authorise and provide your consent to TCA that you have made an enquiry with or that you have Retained to collect, hold, use and disclose such personal information to any other TCA Business and/or to others in furtherance of your matter (including overseas recipients in countries including but not limited to Philippines) and/or to other service providers, in order to provide the relevant professional service to you (for example, other solicitors, barristers, experts, accountants, financial institutions, insurers, in Court during Court proceedings or as the context of the relevant professional service requires), as well as to third party agents, contractors or service providers to which TCA have contracted out or outsourced any administrative, financial, information technology, marketing or other services (such as but not limited to bulk mailing, client marketing research, company audits and Information Technology and Marketing support). You also agree that we may also disclose your personal information in circumstances where disclosure is permitted by law (including under the Privacy Act, under Court Orders or Statutory Notices to produce documents under laws relating to Anti-Money Laundering, Bankruptcy, Counterterrorism, Social Security, Taxation and the management of incorporated entities) or where disclosure is required to investigate suspected fraud or other unlawful activity, or otherwise where disclosure may prevent or lessen a serious or imminent threat to someone’s life or health. If information has to be disclosed overseas, the overseas recipient may not be subject to privacy obligations or to any rules similar to the rules of legal professional privilege or the Australian Privacy Principles. The overseas recipient may also be subject to a foreign law which could compel the disclosure of personal information to a third party (such as, for example, an overseas government or regulatory authority). You hereby consent to the disclosure in the knowledge that we will not take any steps to ensure that the overseas recipient deals with your personal information in accordance with the Australian Privacy Principles and accordingly should such overseas recipient handle the information in breach of the Australian Privacy Principles, then you may not be able to seek redress in the overseas jurisdiction and we will not be accountable under the Privacy Act.

 Personal information may also be used or disclosed by us for secondary purposes which are within your reasonable expectations and related to the primary purpose of collection and you hereby authorise us to use any email address or any other contact or personal information that you provide to us at any time, for these secondary purposes. For example, you provide your consent for us to use your personal information for the following secondary purposes: to comply with our contractual and other legal obligations; for the purposes of sending you information about products, services, special offers and updates by post, telephone or any form of electronic communication (such as email); for the purposes of taking a message or telephone number so that we might call you back or contact you; for insurance and/or or professional indemnity purposes; to add your details to our Newsletter register, to inform you of updates and changes to the law or financial services that may affect you and to invite you to legal or financial events relevant to your industry (which you can unsubscribe from at any time); or to collect moneys owed to us; or to agents or third parties from time to time, to help us with the provision and/or marketing of our services to you. We may also contact you by email, telephone or mail from time to time regarding marketing offers and/or by providing you with marketing material, brochures, communications or other documentation (hereinafter “jointly and/or severally referred to as “direct marketing”) in relation to any of the related business. By engaging TCA you consent and agree to us contacting you by email, telephone or mail regarding direct marketing in relation to TCA and your consent will survive and remain after the termination and/or completion of any services provided to you pursuant to your Retainer with TCA. If you do not wish to receive any direct marketing, please advise us in writing by email at admin@tcadarwin.com.au or by post to GPO Box 2058, Darwin, NT, 0801. Please note that if you chose to not receive any direct marketing, we may still contact you in relation to (without limitation) your matter and the services provided by us.

 Apart from the primary and/or secondary purposes specified above, we will only disclose your personal information to third parties with your consent or if the disclosure is permitted by law or the Privacy Act.  

 

 8. Accessing your personal information

 Users have the right to request access to the personal information that TCA holds about such user. This right is subject to certain exceptions allowed by law.

 Upon your request and subject to applicable privacy laws, TCA will provide you with access to your personal information that is held by TCA. You must thoroughly identify the types of information you are requesting. TCA will deal with your request within a reasonable time – usually within 30 days from the date of the request. TCA may also recover from you any reasonable costs incurred in supplying you with access to your personal information.

 

9. Exceptions under Law

 You do not have absolute right to access personal information. The law permits TCA to refuse your request to provide you with access to your personal information, such as circumstances where:

 ·      access would be unlawful;

·      access would pose a serious threat to the life or health of any individual;

·      access would have an unreasonable impact on the privacy of others; and

·      access may prejudice enforcement activities, a security function or commercial negotiations.

 

 10. Information Security

 TCA will take all reasonable steps to protect against the loss, alteration and/or misuse of any personal information under TCA’s control. TCA is committed to keeping your trusts by protecting your personal information.

 TCA employs the most appropriate technical, administrative and physical procedures to protect the security of your personal information. TCA only keeps personal information for as long as it is required for business purposes or by the law.

 

11. Data retention

 When you visit our website, our internet service provider may make a record of your visit and may record, amongst other things, matters such as your personal domain name (if relevant); and/or the time and date of your visit to our website; and/or your internet address. Usually, but not always, this information is applied for statistical purposes. When you visit the website, the server may attach a “cookie” to your computer’s memory. Your browser stores cookie messages in a text file and sends these back to our website each time the browser requests a page from the website. From time to time, we may use cookies to measure usage periods accurately, as well as to obtain an idea of which areas of our website attract traffic. If you do not wish to receive cookies, you may be able to alter your browser settings accordingly. The website may link directly to websites operated by third parties (“third party sites”), which third party sites you acknowledge are not operated by us. We encourage you to review the Privacy Policy (if any) of any third party sites, especially because you agree that we are not responsible for the content or practices of those third party sites or their Privacy Policies regarding the collection, storage, use and disclosure of your personal information.

 

12. Cloud Computing Services & Storage

 We use or may use international cloud computing services and storage providers described within section 7. Access to such cloud service providers is encrypted (effectively, access can only be obtained through a secure username and password system - some of which require multi factor authentication), so that data and the personal information contained in such services is protected from unauthorised access.

 Countries in which such e-mail, calendar and contact data may be stored include (but are not limited to) Australia, United States of America and the Philippines. We conduct due diligence on proposed cloud computing service providers, prior to engaging them and as part of this due diligence, we satisfy ourselves and accordingly reasonably believe that the overseas recipient is subject to a law, or binding scheme, that has the effect of protecting the personal information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the information and also that there are mechanisms that you can access to take action to enforce that protection of the law or binding scheme. We also satisfy ourselves that we will possess effective control over the data. We also use the enterprise version of lastpass to restrict staff from knowing what the passwords are for the cloud based applications they are given access to. We have also locked down their access to TCA’s IP address to prevent the staff from accessing any cloud services from outside the organisation.

 

13. Loss of personal information

 Despite TCA’s effort to protect your personal information, there remains the possibility for a breach of security to occur. In accordance with the recommendations set out by the Tax Practitioners Board, TCA has established a data breach response plan and will follow the steps outlined in the plan in the event of loss of personal information. The response plan outlines the following:

A data breach occurs when the personal information that TCA holds of their clients is lost, accessed by unauthorised people, disclosed outside due to the malicious action (external and internal), human error and from certain unforeseen circumstances.

  • Step 1: Report and Contain - Client and Australian Information Commissioner (OAIC)

  • Step 2: Assessment of the breach

  • Step 3: Notifying the breach

  • Step 4: Reviewing and Documenting

 

14. Website Security and Privacy

 TCA will take all reasonable steps to have systems in place to ensure the security of your dealings with TCA at all times.

 

15. Credit Reporting

 This section of Privacy Policy details how we manage credit information and credit reporting and has been developed in accordance with the Privacy Act and the Credit Reporting Code (CRC). During the course of providing professional services to you, we may collect credit information that is necessary to provide you with the relevant professional service. The main kind of credit information that we collect is your identification information; however, in the course of providing the relevant professional service to you, we may be given (and subsequently hold) other kinds of credit information, including but not limited to any publicly available information about your credit worthiness; and any information about you where you may have fraudulently or otherwise committed a serious credit infringement; and information about any credit that has been provided to you; and your repayment history; and information about your overdue payments; and if terms and conditions of your credit arrangements are varied; and if any Court proceedings are initiated against you in relation to your credit activities; information about any bankruptcy or debt agreements involving you; information including information about payments made to us in connection with credit provided to you or in relation to which you are a guarantor, overdue for more than 60 days (and if you subsequently repay any such overdue payment, the fact that you have made that repayment); information about whether you have entered into arrangements with us or other credit providers in connection with credit provided to you; and certain administrative information relating to credit, such as account and customer numbers.  In most cases, we will usually (but not always) collect credit information about you if you disclose it to us or it has been provided to us by others on your behalf and it is relevant in providing you with the professional service.  Other sources we may collect the credit information include from the public domain; from banks and other credit providers, other individuals and entities via referrals; and your suppliers and creditors. However, in most cases you will be aware that this credit information is being collected as part of the professional service we are providing to you. We hold and store credit information in the same manner as we collect and hold and store personal information. Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to provide you with the professional service, to process payments, for our business purposes or otherwise as permitted by the Privacy Act or law. These purposes may include (jointly and/or severally), to the extent permissible by law: so that we can form a view as to whether to provide you, or an entity associated with you, with credit or to accept you as a guarantor; to seek to assist you to avoid defaulting your credit-related obligations; to undertake debt recovery and enforcement activities, including in relation to guarantors, as well as deal with serious credit infringements; or so that we may otherwise deal with complaints and satisfy compliance requirements. You may request that we not use or use disclose credit information for the purposes of direct marketing, by making such request in writing to GPO Box 2058 Darwin, NT, 0801.  We may disclose your credit information to Credit Reporting Bureaus (CRBs) for purposes such as those described above and where we are permitted by the Privacy Act to do so.  For the purposes of this Credit Reporting Policy, reference can be made to the Privacy Act, for the definition of a CRB.  We will give you at least fourteen (14) days written notice of our intention to disclose your information to a CRB. You have the right to request the above CRBs not to: use credit reporting information for the purposes of pre‑screening of direct marketing by a credit provider; or use or disclose credit reporting information if you believe on reasonable grounds that you have been, or are likely to be, a victim of fraud. If you would like more information about how CRBs manage credit related information you can contact the CRBs directly. We commit to advising the relevant CRB of payment information within a reasonable timeframe once the amount reported has been paid.  We will not disclose your credit information to overseas entities unless you expressly request that we do so, with the exception that we may disclose your credit information to overseas entities where it is contained in emails which are filtered by any overseas filtering host and other than to the extent that is necessary or desirable to make such a disclosure to obtain payment of money owed to us.

 

 16. Updating your information

 It is important that the personal information or credit information that we hold about you is up-to-date. TCA will take all reasonable steps to ensure that all personal information held by TCA remains accurate. If you advised TCA of any change of details, TCA will amend your records accordingly. Where a third party disclosed your personal information, TCA will take all reasonable steps to notify the third party of any correction. Where TCA is unable to update your information, TCA will provide an explanation as to why the information cannot be corrected.

 

17. Privacy Enquiries

 If you wish to make an enquiry about your personal information that TCA collected, used or held, or make a compliant because you believe that TCA may have breached the Australian Privacy Principles, you can:

 ·      write to TCA at GPO Box 2058, Darwin, NT, 0801; or

·      call TCA on 08 8981 3330

 We will usually (but not always) grant you access to your personal information or credit information as soon as possible. To the extent permissible by law, we may deny access to personal information or credit information if: your request is impractical or unreasonable; providing you with access would have an unreasonable impact on the privacy of another person; providing you with access would pose a serious and imminent threat to the life or health of any person; providing you with access would mean that there is a possibility that we might compromise our professional duty or obligations; or there are other appropriately justified and/or legal grounds upon which to deny the request (such as for example, on the basis of any exemption or exemptions under the Privacy Act or, by way of a further example, where you are indebted to TCA and we retain a lien over your file until outstanding costs have been paid or appropriate arrangements have been made in respect of same). 

If you are able to establish that personal information or credit information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.TCA is committed to working with clients to obtain a fair resolution of any complaint or concern about privacy.

 

18. Privacy Complaints

 If you wish to complain about an alleged privacy breach, you should follow the following process:

1. The complaint must be firstly made to us in writing. We will have a reasonable time to respond to the complaint; and 

2. In the unlikely event that the privacy issue cannot be resolved between us and yourself, you may take your complaint to the Office of the Australian Information Commissioner.  You may complain about a breach of privacy by contacting us using the contact details below:

 

·      Write to TCA at GPO Box 2058, Darwin, NT, 0801; or

·      Call TCA on 08 8981 3330

 

 19. Further information on privacy

 You can obtain further general information about your privacy rights from the Office of the Australian Information Commissioner by:

 

  • calling their Privacy Hotline on 1800 005 610;

  • visiting their website;

  • emailing them at infocomm@nt.gov.au; or

  • writing to:

 

The Australian Information Commissioner

GPO Box 3750

Darwin NT 0801

 

20. Changes to this Privacy Policy

 We may update, modify or remove this policy at any time without prior notice, with any updated version of our privacy policy being posted on our website. You should review this Privacy Policy regularly to ensure that you are at all times aware of any variations made to this Privacy Policy. You agree that you will be deemed to have consented to such variations of this Privacy Policy by your continued use of the website or our services following any such change or changes to our Privacy Policy being made. If you have any comments on the policy, please contact our privacy officer on the contact details mentioned above. 

 

Updated: 20/12/2023