Privacy Policy

Collection of Personal Information

The information is collected either directly from client or provided by a professional services firm, like Accounting or Financial planning firms.

The information we collect include:

• Name, Address, Date of Birth and Place of Birth
• ABN, TFN and Employment details
• Family member’s information such as spouse details and children details
• Personal health and insurance information
• Financial information – such as income, expenses, superannuation and investment details.

Use of personal information collected

Personal information collected will be solely used for providing services to clients or as consented by clients, unless otherwise required by or authorised by law.

Disclosure of Personal Information

We will only provide the information to our staff and associated providers that relate specifically to the tasks requested by clients.

The information will not be provided or sold to other institutions, if it is not incidental to services being provided to client. If there is a legal situation, the information may be provided in accordance with the law.

Access to Personal Information

Clients and their staff can access the personal information that we have about them. We will take necessary steps to identify that you are our client, before we can provide any information to you.

Information is never shared with third parties as we never use third party contractors to complete any work.

Trans-Border Data Flow

Data is securely stored in encrypted cloud services, which can be accessed only by our staff from our processing centre in India. Our processing centre is solely owned by us and hence no third party would have access to the information.

Storage and Data Security

We have taken the necessary measures to ensure our data integrity is not compromised. The data is stored for seven years for compliance, auditing purposes and removed thereafter.

Our secure delivery centre in India is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.

Only authorised personnel are allowed to enter the office in Australia and processing centre in India. Staff is prohibited from bringing personal physical documents, books and other devices in the processing centre. Saving and storing data on the local hard drives is prohibited. This is ensured by weekly review of local hard drives and deleting any data found. CD Rom and other drives (USB) have been removed. Access to physical/removable drives (external hard drives) have been disabled. Our staff is not allowed to take any stationery or device out of our processing centre.

Internet activity is heavily controlled with regular monitoring of logs and staff activity. All computers include screen snapshots and are regularly audited to ensure staff are following security guidelines. Access to our internal software is password protected with strength measurement. Passwords are also required to be updated on a regular basis.

All our computers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks. Our security software is kept updated at all times and when required. All PC’s within our organisation have an auto-lock feature to ensure PC’s are not kept unlocked.

Reporting of data breach

If there is a data breach that is likely to result in serious harm, we will take the following action:

• Contain the information leak and asses the actual damage caused by the breach.
• Prepare a statement detailing the breach.
• Immediately after providing the statement, notify each individual to whom the information relates to, or who are at risk.
• If this is not possible, then we will:
  
  • Publish a copy of the statement on the website, &
  • Take reasonable steps to publicise the contents of the statement.
• Review and change our systems and processes to ensure they are further secured against future breaches.