The Accounting Department Terms and Conditions

Privacy Policy

PRIVACY POLICY

Introduction

The Accounting Department is committed to promoting an organisational culture and maintaining effective systems and processes, which
respect and protect the privacy of the Personal Information that we hold.
The purpose of this policy is to ensure consistent principles and processes on correct data management procedures on the collection and
usage of data and to ensure that all Personal Information is protected against being used for unlawful purposes or purposes for which they
were not intended.

Definitions

APP - Australian Privacy Principles as set out in the Privacy Act 1988 (Privacy Act), as amended
Client - A person or organisation using the Company’s professional services
Company - Book Builders Pty Ltd trading as The Accounting Department
De-identification - Involves removing or altering information that identifies an Individual or is reasonably likely to do so
Individual - Any identifiable person and includes employees, contractors and any member of the public
IT - Information Technology
OAIC - Office of the Australian Information Commissioner
Permitted General Situation - Are those situations in which an exception applies regarding the collection of Sensitive Information, the use
   or disclosure of Personal Information and the use or disclosure of government related identifiers. There are five Permitted General
   Situations that apply to an APP entity that is an organisation:

  • Lessening or preventing a serious threat to life, health or safety of any Individual or to public health or safety.
  • Taking action in relation to suspected unlawful activity or serious misconduct
  • Locating a person reported as missing
  • Asserting a legal or equitable claim
  • Conducting an alternative dispute resolution process

Personal Information - All information concerning or relating to any identifiable Individual. This includes personal data held in electronic
   and manual records.
Privacy Act - Privacy Act 1988 (Cth) and the The Privacy Amendment (Enhancing Privacy Protections) Act 2012 (Cth)
Privacy Officer - Person representing the Company on privacy by managing and maintaining issues of confidentiality.
Sensitive Information - Any information in relation to or an opinion about an Individual’s:

  • Racial or ethnic origin
  • Political opinions
  • Religious beliefs or affiliations
  • Philosophical beliefs
  • Membership of a professional or trade association
  • Membership of a trade union
  • Sexual preference or practices
  • Health

Service Providers Third-party organisations that provide the Company with services such as software products, website hosting, data
   back-up, security management services, and others.

Privacy Policy

This Privacy Policy details how we protect your privacy and how we comply with the requirements of the Privacy Act and the 13 Australian
Privacy Principles (APP). This policy also describes:

  • who we collect information from;
  • the types of Personal Information collected and held by us;
  • how this information is collected and held;
  • the purposes for which your Personal Information is collected, held, used and disclosed;
  • how you can gain access to your Personal Information and seek its correction;
  • how you may complain or inquire about our collection, handling, use or disclosure of your Personal Information;
  • how that complaint or inquiry will be handled; and
  • whether we are likely to disclose your Personal Information to any overseas recipients.

1 Collection of Personal Information

We collect and hold Personal Information that is reasonably necessary to provide our services. We may collect information from or about
individuals including our Client’s employees and Client contacts.
In most cases, we collect Personal Information about employees and payment recipients directly from the Client that employs the relevant
employee.
Where possible, the Company uses specifically designed forms to standardise the collection of Personal Information. However, given the
nature of our operations, we often also receive Personal Information by email, letters, reports, through financial transactions and through
surveillance activities such as email monitoring.
We may also collect Personal Information from other people or independent sources (e.g. a telephone Directory), however we will only do
so where it is not reasonable and practical to collect the information from you directly.
Sometimes we may be provided with your Personal Information without having sought it through our normal means of collection. We
refer to this as “unsolicited information”. Where we collect unsolicited information, we will only hold, use and/or disclose that information
if we collected it by normal means. If that unsolicited information could not have been collected by normal means, then we will destroy,
permanently delete or de-identify the information as appropriate.

2 Type of Personal Information

The kinds of Personal Information we collect and hold is largely dependent upon whose information we are collecting and why we are
collecting it, however in general terms; but not limited to, the Company may collect:

  • General Personal Information including Individual’s name, address, e-mail address, user ID, banking details, date of birth, payroll
    details, and employment-related information such as salary details, superannuation contributions, Tax File Number,
    relevant awards and PAYG withholding tax.
  • Sensitive Information including nationality, country of birth, languages spoken at home, and professional or union memberships.

3 Use of Personal Information

We only use or disclose Personal Information that is reasonably necessary for one or more of our functions or activities (the primary
purpose) or for a related secondary purpose that would be reasonably expected by you, or to which you have consented.
Our primary uses of Personal Information include but are not limited to:

  • providing Accounting and Payroll services;
  • keeping Clients informed as to their Accounting and Payroll matters;
  • internal business operations including planning, staff training, systems development, program and service development,
    marketing, research, and statistical analysis;
  • managing the Company’s everyday business needs, such as administration, billing, customer service, payment processing
    and financial account management, account and contract management, support and training, website administration,
    security and fraud prevention, corporate governance, reporting, and legal compliance
  • Company administration including for insurance purposes;
  • We only collect Sensitive Information reasonably necessary for one or more of these functions or activities, if we have the consent of the
  • Individuals to whom the Sensitive Information relates, or if the collection is necessary to lessen or prevent a serious threat to life, health
  • or safety, or another Permitted General Situation (such as locating a missing person).

4 Storage and Security of Personal Information

The security of your Personal Information is of the utmost importance to us and we take all reasonable steps to protect the Personal
Information we hold about you from misuse, loss, unauthorised access, modification or disclosure.
These steps include:

  • Maintaining up-to-date IT and Communication systems, policies and procedures designed to protect Personal Information storage
    on our systems, including password management.
  • Maintaining up-to-date Administration and HR systems, policies, procedures, training and education designed to support this policy.
  • Maintaining quality Work Processes designed to ensure compliance with this policy.
  • Restricting access to information on the Company databases on a need to know basis with different levels of security being
    allocated to staff based on their roles, responsibilities and security profile.
  • Implementing physical security measures around Company facilities to prevent break-ins.
  • Undertaking due diligence with respect to our third-party Service Providers who may have access to Personal Information,
    including cloud Service Providers, to ensure as far as practicable that they are compliant with the Australian Privacy Principles or a
  • similar privacy regime.

Personal Information we hold that is no longer needed is destroyed in a secure manner, deleted or de-identified as appropriate.
Our website may contain links to other websites. We do not share your Personal Information with those websites and we are not responsible
for their privacy practices. Please check their Privacy Policies.

5 Personal Information Disclosure

We only use Personal Information for the purposes for which it was given to us, or for purposes which are related (or directly related in
the case of Sensitive Information) to one or more of our functions or activities. We may disclose your Personal Information to government
agencies such as the Australian Taxation Office and other governmental agencies as required by law, banks/financial institutions,
superannuation funds, health funds, contracted service providers, business partners, and related bodies corporate of the Company only if
one or more of the following apply:

  • you have consented;
  • you would reasonably expect us to use or disclose your Personal Information in this way;
  • we are authorised or required to do so by law;
  • disclosure will lessen or prevent a serious threat to the life, health or safety of an Individual or to public safety;
  • where another Permitted General Situation exception applies;
  • disclosure is reasonably necessary for a law enforcement related activity.

We may share Personal Information with our service providers, who are bound by law or contract to protect the Personal Information
and only use the Personal Information in accordance with our instructions.
We may disclose Personal Information where needed to affect the sale or transfer of business assets, to enforce the Company’s rights,
protect Company’s property, or protect the rights, property or safety of others, or as needed to support external auditing, compliance and
corporate governance functions. We may also disclose Personal Information when required or authorised to do so by law.
We may disclose Personal Information about an Individual to overseas recipients in certain circumstances. We will however take all
reasonable steps not to disclose an Individual’s Personal Information to overseas recipients unless:

  • we have the Individual’s consent (which may be implied); or
  • we have satisfied ourselves that the overseas recipient is compliant with the Australian Privacy Principles, or a similar privacy
    regime; or
  • we form the opinion that the disclosure will lessen or prevent a serious threat to the life, health or safety of an Individual or to
    public safety; or
  • we are taking appropriate action in relation to suspected unlawful activity or serious misconduct.

The collection, use and disclosure of Personal Information may be required or authorised under various Commonwealth and State laws,
including:

  • The Income Tax Assessment Acts
  • Superannuation Guarantee (Administration) Act 1992 (Cth)
  • Fair Work Act 2009 (Cth)
  • Payroll Tax Acts
  • Long Service Leave Acts
  • Occupational Health & Safety Acts
  • Workers Compensation Acts
  • Tax Agent Services Act 2009 and Tax Agent Services Regulations 2009
  • Privacy Act 1988 (Cth)
  • Corporations Act 2001 (Cth)
  • Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
  • Any secondary legislation pursuant to primary legislation referred to above.

6 Personal Information Quality

We take all reasonable steps to ensure the personal information we hold, use and disclose is accurate, complete and up-to-date. On an
ongoing basis, we maintain and update personal information when we are advised by individuals or when we become aware through other
means that their Personal Information has changed.

7 Accessing Personal Information

You may request access to the Personal Information we hold about you, or request that we change the Personal Information, by contacting
us.
If we do not agree to provide you with access, or to amend your Personal Information as requested, you will be notified accordingly in
writing and where appropriate, we will provide you with the reason/s for our decision. If the rejection relates to a request to change your
Personal Information, you may make a statement about the requested change and we will attach this to your record.

How to Contact Us

You can contact us for access or change to your Personal Information by:

8 Privacy Complaints

If you wish to make a complaint about a breach of the APP by us, you may do so by providing your written complaint by email, letter, fax
or by personal delivery to any one of our contact details as noted below. You may also make a complaint verbally. If practical, you can
contact us anonymously (i.e. without identifying yourself) or by using a pseudonym. However, if you choose not to identify yourself, we
may not be able to give you the information or provide the assistance you might otherwise receive, if it is not practical to do so.

How to Contact Us

You can contact us about this Policy or about your Personal Information by:

The Company’s Privacy Officer will investigate any complaint and will respond within a reasonable time (usually no longer than 30 days),
however we may seek further information from you in order to provide a full and complete response. Your complaint may also be taken
to the Office of the Australian Information Commissioner (www.oaic.gov.au)

9 Changes to Our Privacy Policy

This Privacy Policy is subject to change at any time. Our most recent policy will always be available on our website
http://www.theaccountingdepartment.com.au/.