Policies

Privacy Policy

Objective

Four Twelve Accountants (FTA) is committed to protecting the privacy of personal information obtained through its operations as a professional services firm. FTA is bound by the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs) and any relevant privacy code registered under the Privacy Act. This policy relates to FTA’s collection and handling of personal information that the Privacy Act covers. It is not intended to cover categories of personal information that the Privacy Act does not cover.

 

Collection of personal information

FTA collects and holds personal information from clients, customers, employees and other individuals. Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances. We collect and hold this information when it is necessary for business purposes.

Nature of our work Because of the nature of our business, it is generally impracticable for us to deal with individuals on an anonymous basis or using an incognito, although sometimes this is possible (for example, when seeking feedback).

The type of personal information FTA collects and holds relate to the contact details and organisational roles of our clients, suppliers and other business contacts. Typically, this information includes names, birth dates, addresses, telephone numbers, e-mail addresses and job titles.

While providing professional services to our clients, we may collect and hold more detailed personal information such as:

  • government identifiers such as Tax File Number, drivers’ license, passport and Medicare numbers and visa/work permit status
  • where relevant to the services we are providing you, your financial information about your assets, occupation and income, bank account balances, account activities, payment history;
  • shareholdings and details of investments;
  • details of superannuation and insurance arrangements;
  • educational qualifications, employment history and salary;
  • personal information about your spouse and dependents.

 

In some circumstances, we may require collecting sensitive information to provide specific services or for recruiting purposes. Examples of the types of sensitive information that may be collected in such circumstances include professional memberships, criminal record and health information. We will only collect sensitive information with your consent, or where we are otherwise permitted to do so under the Privacy Act.

When we collect information from you, we will do everything we can to let you know: • how to contact us;

  • why we are collecting the information;
  • the organisation or types of organisations to which we usually disclose that kind of information;
  • if we are required by law to collect the information;
  • the consequences for you if the information is not provided;
  • how you may access and correct the information;
  • how to complain about a breach of the Australian Privacy Principles;
  • whether we will disclose your information to overseas recipients, and the countries in which such recipients are likely to be located; and
  • where you can access this Privacy Policy.

 

We collect most information directly from individuals when we deal with them. The personal information we collect may be provided in forms filled out by individuals, face to face meetings, email messages, telephone conversations, when you use our websites, social media, digital apps or tools, or by third parties. If you contact us, we may keep a record of that contact. There may also be occasions when we collect your personal information from other sources such as:

  • your employer where they are our client
  • your family members
  • your representatives
  • agents or referral partners
  • a related body corporate or business partner or associate of FTA
  • when you link or authorise the linking of third party services such as banking services to our digital apps or tools, and/or
  • a publicly available record.

 

Holding personal information

FTA will generally hold your personal information as either physical record, records on our servers, and in some cases, records on third party servers, which in some instances may be located overseas. We take security measures to protect the personal information we hold including physical (for example, security passes to enter our office) and technology (for example, restriction of access, firewalls, the use of encryption, passwords and digital certificates) security measures. We also have document retention policies and processes. In some cases, FTA engages third parties to host electronic data (including data in relation to the services we provide) on our behalf.

FTA retains personal information only for as long as it is required to fulfil the purposes for which it was collected or as required by law. Retention periods are determined by business needs, legal and professional obligations, and internal risk management policies.

 

Accessing and correction of personal information

We will take reasonable steps to ensure that your personal information is accurate, complete, up to date, and relevant whenever it is used, collected or disclosed. You may request access to your personal information by contacting the Privacy Officer within your local state via the form below. Subject to any legal restrictions (such as legal privilege or national security considerations), we would be happy to advise you what personal information we hold about you if you request this. When you make a request to access personal information, we will require you to provide some form of identification (such as a driver’s license or passport) so we can verify that you are the person to whom the information relates. We will respond to all requests within a reasonable period.

There may be some cost to you to cover the cost of retrieving and processing the information if it requires a significant amount of time to locate or collect your information or to present it in an appropriate form. We will let you know in advance if any charges will apply.

We rely on the accuracy of the information you provide to us. If you think that we may hold information about you that is incorrect in any way, please contact us and we will correct any errors or inaccuracies where required.

If you wish to have your personal information deleted, please let us know and we will take all reasonable steps to delete, de-identify or destroy it immediately (unless we need to keep it for compliance, legal or internal risk management reasons, or compliance with our professional obligations). FTA will in any case destroy or de-identify personal information and records relating to you or services provided to you if the services have been completed or if the information or records are no longer required for any services and provided that FTA has no other legal or professional obligation to retain the information or records concerned.

If we are unable to provide you with access to your information, or make any amendments which you have requested, we will advise you of the reason(s).

 

Use of personal information

The main purposes for which we collect, hold and use personal information are:

  • to provide our services
  • to respond to an individual’s request
  • to keep clients and other contacts informed of the services we offer and industry developments that may be of interest to them, and to notify them of service offerings, seminars and other events we are holding
  • for general management and reporting purposes, such as invoicing and account management
  • for purposes related to the employment of our personnel and providing internal services to our staff
  • to protect our rights or property and that of our users and, where appropriate, to comply with legal processes, which may include disclosures to law enforcement, regulatory or government agencies
  • other purposes related to our business.

If you choose not to provide us with personal information, we may be unable to do such things.

We may collect, hold and use personal information about individuals to market our services, including by email. However, individuals always have the opportunity to elect not to receive further marketing information from us by contacting the Privacy Officer within your local state via the form below. Alternatively, if we have contacted you by email, you may use the unsubscribe function in that email to notify us that you do not want to receive further marketing information from us by email.

If we collect, hold or use personal information in ways other than as stated in this policy, we will ensure we do so pursuant to the requirements of the Privacy Act.

Employee records are not generally subject to the Privacy Act and therefore this policy may not apply to the handling of information about employees by FTA. This exemption applies only to current and former employees in relation to their employment. For contractors, job applicants or other individuals, this policy and the APPs continue to apply. For information about our practices relating to employee information, please contact us directly.

 

Disclosure of personal information

Generally, we will only disclose your personal information for a purpose set out in this Privacy Policy. We do not routinely disclose personal information to other organisations, unless: • we believe it is necessary to provide you with a product or service which you have requested (or, in the case of a partner, employee or contractor of FTA, it is necessary for maintaining or related to your role at FTA);

  • to protect the rights, property or personal safety of any member of the public or a customer of FTA or the interests of FTA;
  • some or all of the assets or operations of FTA are or may be transferred to another party as part of the sale of some or all of FTA’s business;
  • use or disclosure is permitted by this policy;
  • you give your consent; or
  • such disclosure is otherwise required or permitted by law, regulation, rule or professional standard.

We may also share non-personal, de-identified and aggregated information for research or promotional purposes. Except as set out in this policy, we do not sell to or trade personal information with third parties.

FTA uses a range of service providers to help us maximise the quality and efficiency of our services and our business operations (including internal business requirements, such as recruitment and human resource requirements). This means that individuals and organisations outside of FTA will sometimes have access to personal information held by us and may collect or use it from or on behalf of FTA. This may include, but is not limited to, independent contractors and consultants, mail houses, off-site security storage providers, information technology providers, event managers, credit managers and debt collecting agencies.

We require our service providers to adhere to our privacy guidelines and not to keep, use or disclose personal information we provide to them for any unauthorised purposes.

If FTA’s staff obtain products or services offered by a third party pursuant to an agreement or arrangement between that third party and FTA, such as a credit card provider, we may provide your personal information to that third party, including information that relates to your use of such services.

 

Transfer of information outside Australia

In addition to disclosures permitted under this policy, we may disclose your personal information to FTA contractors within the FTA International network. This is outlined in your engagement.

FTA and FTA contractors are not Australian entities or regulated by the Privacy Act, and may not be subject to privacy laws that provide the same level of protection as Australia’s. FTA will take reasonable steps in these circumstances to ensure the overseas recipient complies with the Australian Privacy Principles or is bound by a substantially similar privacy scheme, unless you consent to the overseas disclosure or it is otherwise required or permitted by law. The countries in which such recipients may be located include, but are not limited to, New Zealand, Singapore, and the United Kingdom.

Any such disclosure or transfer of information does not change any of our commitments to safeguard your privacy and the information remains subject to existing confidentiality obligations.

 

Privacy on our website sites and applications

This policy also applies to any personal information we collect via our websites, including fourtwelve.com.au, and applications including mobile applications, in addition to personal information you provide to us directly – such as where you make a request or complete a registration form.

In order to properly manage our websites and applications, we may log certain statistics about the users of the facilities, for example the users’ domains and browser types. None of this information specifically identifies an individual and it is used solely to ensure that our websites and applications provide the best possible navigational experience for users.

Cookies and web beacons are used on this website.

Cookies are small text files that are placed on your computer by the websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site. In most cases, you can refuse a cookie and still fully navigate our website.

A web beacon is a clear picture file used to keep track of your navigation through a website. Along with cookies, web beacons help us gain an understanding of how users of FTA websites navigate through and process the content contained in those websites. On occasion FTA will advertise on third party websites. As part of the tracking process for advertising campaigns we may at times use web beacons to count visitors who have come to our website after being exposed to advertising on a third party site.

We do not use this technology to access your personal information.

If you have registered an account with us, you will be identified by a user name and password when you log into our website or applications. The information we collect about members’ use of our websites may be used for measuring use and performance and in assisting to resolve any technical difficulties.

Because FTA wants your user experience to be as informative and resourceful as possible, we provide a number of links to websites and embedded content operated by third parties that may also set cookies and web beacons. FTA is not responsible for the privacy practices or policies of those sites. We encourage you to review each website’s privacy policy, especially if you intend to disclose any personal information via that site. A link to another non-FTA website is not an express or implied endorsement, promotion or warranty of the products or services offered by or accessible through that site or advertised on that site.

 

Security of Personal Information

Depending on the purpose for which we have collected personal information (for example, registration for an FTA event or a request for particular information or material), we may store some of the information electronically in our customer relationship management system. Some or all personal information may be available to partners and authorised staff of FTA for use in accordance with this policy.

We require our employees and data processors to respect the confidentiality of any personal information held by FTA.

FTA endeavours to protect personal information in line with the terms provided by Australian Privacy Principle 11 (APP 11). This includes taking steps reasonable within the circumstances to ensure that the personal information it holds is protected from misuse, interference, and loss and from unauthorised access, modification or disclosure. We also endeavour to take all reasonable steps to keep secure any

 

information that we hold about you, whether electronically or in hard copy, and to keep this information accurate and up to date.

FTA has in place practical commercial standards of technology and operational security and takes all reasonable steps to ensure the security of personal information which it holds.

In accordance with Privacy Act 1988 (Cth), FTA will destroy or de-identify personal information in circumstances where it is no longer required unless we are otherwise required or authorised by other laws to retain the information.

 

Data Breach

A data breach occurs when personal information that an entity holds is subject to unauthorised access or disclosure or is lost. Examples include:

  • loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information
  • unauthorised access to personal information by an employee
  • inadvertent disclosure of personal information due to ‘human error’, for example an email sent to the wrong person
  • disclosure of an individual’s personal information to a scammer, because of inadequate identity verification procedures.

In the unlikely event of an ‘eligible data breach’ (where the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates), FTA will undertake the following steps (in accordance with their data breach response plan):

  1. Contain the data breach to prevent any further compromise of personal information.
  2. Assess the data breach by gathering the facts and evaluating the risks, including potential harm to affected individuals and, where possible, taking action to remediate any risk of harm.
  3. Notify the individuals, the Commissioner (if required) and other entities depending on the categories of information involved in the data breach as soon as practicable.
  4. Review the incident and consider what actions can be taken to prevent future breaches.

 

Protecting children’s privacy

We understand the importance of protecting children’s privacy, especially in an online environment.

In particular, our websites are not intentionally designed for or directed at children. It is our policy to never knowingly collect or maintain information about anyone under the legal working age, except as part of a specific engagement to provide services which necessitates such personal information be collected or for the purposes of ensuring compliance with our auditor independence policies.

 

Questions and complaints      

If you have any questions or concerns regarding your privacy, or if you would like to make a complaint about a possible breach of this Privacy Policy or the Australian Privacy Principles, you may direct your correspondence to the Privacy Officer within your local state via the form below.

We take all complaints seriously and will respond to your complaint within a reasonable period.

If you believe that we have not adequately handled your complaint, you may complain to the

Office of the Australian Information Commissioner:

  1. Website: www.oaic.gov.au
  2. Phone: 1300 363 992
  3. Mail: GPO Box 5218, Sydney NSW 2001

 

Additional Information

For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.