1.1 Power Tynan (being Power Tynan Pty Ltd ACN 605 475 849, PT Consolidated Pty Ltd ACN 606 605 681, PT Audit Pty Ltd ACN 606 605 967, PT Group Finance Pty Ltd ACN 126 335 224, PT Group Investments Pty Ltd ACN 605 252 588, PTCT Pty Ltd ACN 142 161 171, MagWealth (QLD) Pty Ltd ACN 616 916 851, PT 2.0 Pty Ltd ACN 627 038 108 and TAS Consulting Group Pty Limited ACN 618 613 835) (Power Tynan) offers accounting and financial services in Australia.
1.3 We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act) in relation to all personal information we collect. Our commitment is demonstrated in this policy. The Privacy Act incorporates the Australian Privacy Principles (APPs). The APPs set out the way that personal information must be treated.
1.5 This policy applies to any person in relation to whom we currently hold, or may in the future collect, personal information.
1.6 This policy applies to personal information. In broad terms, 'personal information' is information or opinions relating to a particular individual who can be identified.
1.7 Information is not personal information where the information cannot be linked to an identifiable individual.
2. HOW DO WE MANAGE THE PERSONAL INFORMATION WE COLLECT?
2.1 We manage the personal information we collect in numerous ways, such as by:
(a) implementing procedures for identifying and managing privacy risks;
(b) implementing security systems for protecting personal information from misuse, interference and loss from unauthorised access, modification or disclosure;
(c) providing staff with training on privacy issues;
(d) appropriately supervising staff who regularly handle personal information;
(e) implementing mechanisms to ensure any agents, contractors or service providers who deal with us comply with the APPs;
(f) implementing procedures for identifying and reporting privacy breaches and for receiving and responding to complaints; and
(g) appointing a privacy officer within the business to monitor privacy compliance.
2.2 Subject to our professional obligations, we will take reasonable steps to destroy or de-identify personal information if that information is no longer needed for the purposes for which we are authorised to use it.
2.3 In limited circumstances, it may be possible for you to use a pseudonym or remain anonymous when dealing with us. If you wish to use a pseudonym or remain anonymous you should notify us when making first enquiries or providing initial instructions. We will use our best endeavours to deal with your request, subject to our professional obligations and ability to perform the financial or accounting service for you without using your name. In most cases, our professional obligations will require you to deal with us using your real name.
3. WHAT KINDS OF INFORMATION DO WE COLLECT AND HOLD?
3.1 The personal information we may collect and hold about you differs, depending on whether you are a customer, service provider, contractor, agent or a prospective employee or prospective service provider or contractor, but may include:
(a) sensitive information (see below);
(b) contact information;
(c) financial information;
(d) date and place of birth;
(e) employment arrangements and history;
(f) tax returns and tax file numbers;
(g) insurance information;
(h) credit information;
(i) banking details; and
(j) any other personal information required to perform the financial or accounting service for you or engage you.
3.2 ‘Sensitive information’ is a subset of personal information and includes personal information that may have serious ramifications for the individual concerned if used inappropriately.
3.3 We may collect sensitive information if it is relevant in providing accounting or financial services (such as completing tax returns) or engaging you, which may include any of the following:
(a) health information;
(b) racial or ethnic origin;
(c) criminal records;
(d) membership of professional or trade associations;
(e) membership of trade unions;
(f) genetic information; and
(g) biometric information.
3.4 We will not collect sensitive information without the individual’s consent to which the information relates unless permitted under the Privacy Act.
4. HOW AND WHEN DO WE COLLECT PERSONAL INFORMATION?
4.1 Our usual approach to collecting personal information is to collect it directly from the individual concerned directly and through our website.
4.2 We may also collect personal information in other ways, such as:
(a) from government bodies (such as the Australian Taxation Office and the Australian Securities and Investment Commission);
(b) from paid search providers and public registers;
(c) through referrals from individuals or other entities;
(d) from your other advisers;
(e) from our related entities;
(f) from banks and financial institutions;
(g) from other credit providers;
(h) through marketing and business development events; and
(i) from third party providers, suppliers and creditors.
5. HOW DO WE HOLD PERSONAL INFORMATION?
5.1 Our usual approach to holding personal information includes holding that personal information:
(a) physically, at our premises; and
(i) on secure online servers;
(ii) on a private cloud;
(iii) by a third party data storage provider; and
(iv) on our website.
5.2 We secure the personal information we hold in numerous ways, including:
(a) using security cards/systems to limit access;
(b) using security cards to access printers and premises outside of business hours;
(c) using secure servers to store personal information;
(d) using unique usernames, passwords and other protections on systems that can access personal information; and
(e) holding certain sensitive documents securely.
6. WHY DO WE COLLECT, HOLD, USE OR DISCLOSE PERSONAL INFORMATION?
6.1 We take reasonable steps to use and disclose personal information for the primary purpose for which we collect it. The primary purpose for which information is collected varies, depending on the particular service being provided or the individual from whom we are collecting the information but is generally as follows:
(a) in the case of customers – to provide accounting or financial services to you or your business;
(b) in the case of contractors, service providers, and agents – to assist us in providing our services to our customers;
(c) in the case of potential employees and potential service providers and contractors – to assess your suitability for employment or engagement.
6.2 Personal information may also be used or disclosed by us for secondary purposes that are within an individual’s reasonable expectations and that are related to the primary purpose of collection.
6.3 We may also collect and use customers’ personal information:
(a) to keep records of transactions to assist in future enquiries and enhance our customer relationship with you;
(b) to verify your identity;
(c) to send you special offers in relation to our services;
(d) to provide you with updates and alerts that are relevant to you or your business;
(e) to refer you to other advisers; and
(f) to invite you to events.
6.4 We may collect and use contractors’, service providers’ and agents’ personal information:
(a) to conduct checks to ensure that the contractor, service provider or agent and prospective employee, contractor and service provider can perform or is performing the services to our standards; and
(b) for payment purposes.
6.5 We may disclose personal information to:
(a) contractors, service providers and agents including third party technology providers we engage from time to time, such as our data storage providers and email filter providers;
(b) employers of individuals;
(c) government bodies (such as the Australian Taxation Office and the Australian Securities and Investment Commission);
(d) our external auditors;
(f) your advisers or other referral partners in order to provide the accounting or financial service to you, or to assist our functions or activities (such as law firms);
(g) our related entities; and
(h) insurance providers and brokers.
6.6 Otherwise, we will only disclose personal information to third parties if permitted by the Privacy Act.
7. WILL WE DISCLOSE PERSONAL INFORMATION OUTSIDE AUSTRALIA?
7.1 We may disclose personal information outside of Australia if you provide specific instructions for us to do so or if we engage overseas entities to assist us to provide accounting or financial services to you in the most efficient way. We currently disclose personal information to service providers located in the Philippines and India.
7.2 Otherwise, we do not generally disclose your personal information to overseas recipients, apart from through the use of cloud providers or other outsourced information technology services with data centres located overseas.
7.3 For example, we may choose to use software providers including:
7.4 Your personal information will not be disclosed to overseas recipients unless we are satisfied that the recipient is subject to privacy protection laws that offer substantially similar levels of protection as those required under the Australian Privacy Principles or if we have taken reasonable steps to ensure this personal information is handled in a safe and secure manner and that overseas entity is aware of the obligations relating to the information under the APPs.
8. HOW DO WE MANAGE YOUR CREDIT INFORMATION?
What kinds of credit information may we collect?
8.1 In the course of providing accounting or financial services to you, we may collect and hold the following kinds of credit information:
(a) your identification information;
(b) information about any credit that has been provided to you;
(c) your repayment history;
(d) information about your overdue payments;
(e) if terms and conditions of your credit arrangements are varied;
(f) if any court proceedings are initiated against you in relation to your credit activities;
(g) information about any bankruptcy or debt agreements involving you;
(h) any publicly available information about your credit worthiness; and
(i) any information about you where you may have fraudulently or otherwise committed a serious credit infringement.
8.2 We generally do not collect credit information about contractors, service providers and prospective employees.
How and when do we collect credit information?
8.3 In most cases, we will only collect credit information about you if you disclose it to us and it is relevant in providing you with the accounting or financial service.
8.4 Other sources we may collect credit information from include:
(a) government bodies (such as the Australian Taxation Office and the Australian Securities and Investment Commission);
(b) our related entities;
(c) banks and other credit providers;
(d) other individuals and entities via referrals;
(e) your suppliers and creditors; and
(f) our subcontractors and agents.
8.5 We do not collect and hold credit information from credit reporting bodies unless it is incidentally collected in providing the accounting or financial service to you.
How do we store and hold the credit information?
8.6 We store and hold credit information in the same manner as outlined in section 5 of this policy.
Why do we collect the credit information?
8.7 Our usual purpose for collecting, holding, using and disclosing credit information about you is to enable us to provide you with the accounting or financial service.
8.8 We may also collect the credit information:
(a) to process payments;
(b) assess eligibility for credit; and
(c) for other purposes incidental to our accounting and financial services.
Overseas disclosure of the credit information
8.9 We disclose limited information to service providers located in the Philippines and India, however, this is generally not credit information. Further, some software providers we use may store information in public clouds with data centres located overseas. We have outlined this in detail in section 7 of this policy.
How can I access my credit information, correct errors or make a complaint?
8.10 You can access and correct your credit information, or complain about a breach of your privacy in the manner set out in section 9 of this policy.
9. HOW DO WE HANDLE DATA BREACHES?
9.1 A data breach occurs when personal information is lost or subjected to unauthorised access, use, modification or disclosure or other misuse or interference.
9.2 We have implemented a data breach response plan to assist us to effectively contain, evaluate and respond to data breaches in order to mitigate potential harm to any persons affected by a data breach.
9.3 In summary, our data breach response plan:
(a) directs our staff as to the steps they should take in the event of an actual or suspected data breach;
(b) appoints a team to handle data breaches;
(c) specifies a strategy for assessing and responding to data breaches;
(d) sets out the process for notifying any affected persons, the Privacy Commissioner and other relevant parties; and
(e) outlines the review process to help prevent data breaches in the future.
9.4 We will generally notify you if we reasonably believe that your personal information has been subjected to a data breach if:
(a) there is a risk of serious harm to you;
(b) notification could enable you to avoid or mitigate serious harm;
(c) the compromised personal information is sensitive or likely to cause humiliation or embarrassment to you; or
(d) we are required to notify you by law.
9.5 We will also notify the Privacy Commissioner if we reasonably believe that your personal information has been subjected to a data breach that is likely to result in serious harm to you.
9.6 Where appropriate, we may also notify other third parties of a data breach.
10. HOW DO YOU MAKE COMPLAINTS OR ACCESS AND CORRECT YOUR PERSONAL OR CREDIT INFORMATION?
10.1 It is important that the information we hold about you is up-to-date. You should contact us if your personal information changes.
Access to information and correcting personal information
10.2 You may request access to the personal information held by us or ask us for your personal information to be corrected by using the contact details in this section.
10.3 We will grant you access to your personal information as soon as possible, subject to the request circumstances.
10.4 In keeping with our commitment to protect the privacy of personal information, we may not disclose personal information to you without proof of identity.
10.5 We may deny access to personal information if:
(a) the request is unreasonable;
(b) providing access would have an unreasonable impact on the privacy of another person;
(c) providing access would pose a serious and imminent threat to the life or health of any person; or
(d) providing access would compromise our professional obligations; or
(e) there are other legal grounds to deny the request.
10.6 We may charge a fee for reasonable costs incurred in responding to an access request. The fee (if any) will be disclosed before it is levied.
10.7 If the personal information we hold is not accurate, complete and up-to-date, we will take reasonable steps to correct it so that it is accurate, complete and up-to-date, where it is appropriate to do so.
10.8 If you want to complain about an interference with your privacy, you must follow the following process:
(a)The complaint must first be made to us in writing, using the contact details in this section. We will have a reasonable time to respond to the complaint.
(b)If the privacy issue cannot be resolved, you may take your complaint to the Office of the Australian Information Commissioner.
Who to contact
10.9 A person may make a complaint or request to access or correct personal information about them held by us. Such a request must be made in writing to the following address:
Privacy Officer: Lauren Guymer
Telephone number: (07) 4688 8400
Email address: firstname.lastname@example.org
11. CHANGES TO THE POLICY
11.2 This policy is effective from 17 April 2019. If you have any comments on the policy, please contact our privacy officer using the contact details in section 10 of this policy.
17 April 2019