At Oculus we understand that you value your privacy and wish to have your personal information kept secure. As an accounting firm, we collect and hold a large range of highly sensitive personal and commercial information. For these reasons, we place a high priority on the security of information held by our firm. We have developed this policy to inform you how we manage your personal information to maintain its integrity and security.
We are bound by the Privacy Act 1988 (Privacy Act) and must comply with the Australian Privacy Principles (APP). You can find more information about the Privacy Act and the AAP on the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.
While we believe in keeping your personal information highly secure, we also believe that you have the right to be informed about how we deal with that information so if on reading this policy you are unclear on any of the matters or simply want more information, please don’t hesitate to contact us on the telephone number or address provided below.
Collecting Personal Information
We aim to collect only personal information which is relevant and necessary to providing the service you have requested from us.
In general, you can assume that we collect and hold the following information:
Naturally, we collect and hold a broad range of personal information gathered while providing our services. However as stated above, we strive to ensure that we collect and hold only that personal information which is relevant and necessary to advise on the specific matters you have requested us to address.
The methods we use for collecting personal information from you are:
- by webform questionnaires through our secure portal;
- in person at meetings;
- over the phone;
- by post;
- when you deliver documents to our office.
Occasionally we may collect information from you by email. This information will only be general in nature as email is not a secure form of communication. We will never ask you to supply bank details or personal identification numbers such as your tax file number by email.
Purposes of Collection
We primarily collect information to allow us to provide the services you have requested.
We may use the information:
- to send you newsletters concerning various financial matters which we believe would be of interest to you;
- to invite you to seminars or events that we conduct or host;
- to inform you of developments at Oculus and other services that we can provide; and
- to assist us manage our practice.
We will not sell, rent or trade any of your personal information to any person.
Otherwise, we will not disclose information about you unless the disclosure:
- is required by law;
- is authorised by law; or
- you have consented to our disclosing the information about you.
Information may be disclosed to the following third parties:
- Australian Taxation Office, APRA, ASIC, Centrelink, your bank;
- our solicitors; and
- any related corporations or affiliate practices of Oculus to whom information is disclosed.
The following third parties may have access to personal information at times:
- our security document shredding service (currently ShredX Document Destruction);
- IT technicians may have access when providing support;
- potential purchasers of our practice;
- trust auditors; and
- external consultants engaged from time to time.
Personal Information Quality
We aim to ensure that your personal information is accurate, complete and up to date. To assist us in this, you need to provide true, accurate, current and complete information about yourself as requested and to advise of any changes so that we can maintain and properly update the information to keep it true, accurate, current and complete.
If you find that the information is inaccurate or incomplete at any time, please contact us and we will use all reasonable effort to correct the information.
Securing Your Personal Information
The Oculus business systems are housed on the Microsoft 365 platform which is designed to comply with the European Union’s General Data Protection Regulation (GDPR) requirements and Australia’s Notifiable Data Breach laws.
Access to the system is by Multi Factor Authentication and Data Loss Prevention Tools block emails that may contain sensitive data such as tax file numbers or bank details. We receive a monthly report highlighting potential security risks and providing recommendations.
The Oculus document management system and portal are provided by Nimbus Portal Solutions. Nimbus is hosted and replicated across multiple secure world-class data centres and all data transmissions via the portal occur over encrypted channels. Access to the portal is via a unique login and digital signatures are further protected by a personal identification number (PIN).
The Oculus premises are regularly monitored by a security service and our employees all sign confidentiality agreements when beginning employment.
Accessing your Personal Information
You can ask us to provide you with access to all personal information that we hold about you. If we can, we will give you that access. In some cases, we may charge you a fee for access but in no cases will we charge you a fee for applying for access.
If we refuse your request for access, we will give you the reason for that refusal.
We are not required to provide access where:
- the information relates to existing or anticipated legal proceedings between ourselves and an individual, and the information would not be accessible by the process of discovery in these proceedings;
- where denying access is required or authorised by law; or
- providing access would be unlawful.
Information the Law Requires Us to Collect
We are not required to collect any information by law.
Changes to this Statement
- Telephone: 07 5536 3755
- E-mail: [email protected]
- Post: PO Box 306, Tweed Heads NSW 2485