We respect your privacy
Amaze Accounting respects your privacy and is committed to treating the personal information we collect in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act), the EU General Data Protection Regulation (GDPR) and APES 110 Code of Ethics for Professional Accountants (including Independence Standards).
This policy outlines the obligations Amaze Accounting has in managing the personal information we hold about our clients, potential clients, contractors, and others. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.
The privacy policy does not apply to acts or practices that are directly related to employee records of current or former employees.
Personal information we collect
As a provider of accounting, advisory, audit, business recovery, and wealth advisory services we are subject to certain legislative and regulatory requirements which necessitate us obtaining and holding detailed personal information.
In general, the main types of personal information we collect and hold include (but are not limited to):
• Names
• Contact details
• Gender
• Dates of Birth
• Employment details and employment history
• Tax File Numbers
• Details of your financial circumstances, including bank account details, your assets, and liabilities (both actual and potential), income, expenditure, insurance cover, and superannuation
• Health information (for some types of insurance cover)
• Details of your investment preferences and aversion or tolerance to risk (if a wealth advisory client)
We will not collect any personal information about you except when you have knowingly provided that information to us or authorized a third party to provide that information to us.
How we use your personal information
Amaze Accounting will use personal information only for the purposes that you consent to. This may include to:
a. Provide you with products and services during the usual course of our business activities.
b. Administer our business activities.
c. Manage, research, and develop our products and services.
d. Provide you with information about our products and services, invite you to event or distribute articles or publications.
e. Communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS, or mail; and
f. Investigate any complaints.
You have a right not to provide information that can identify you. If, however, you withhold your personal information, it may not be possible for us to provide you with our products and services, or alternatively, may affect the adequacy or appropriateness of advice or services provided.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non- personal information contained in those databases.
How we collect your personal information
Amaze Accounting collects personal information from you in a variety of ways, including when you interact with us electronically or in person. This includes, but is not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference(s), respond to surveys and/or promotions, provide financial or credit card information, or communicate with your advisor.
We may also receive personal information from third parties. If we do, we will protect it as set out in this Privacy Policy. You have a right to refuse us authorisation to collect information from a third party.
Sometimes you may provide us with someone else’s personal information, e.g., other members of your family group. You must not do this unless you have their consent to do so. You should also take reasonable steps to inform them of the matters set out in this Privacy Policy.
Sensitive information
Some of the personal information is “sensitive information” as defined by the Privacy Act. Sensitive information includes health information, information about your race, ethnic origin, political opinion, religion, trade union or other professional or trade association membership, sexual preference(s) and criminal record. We will only collect this information as permitted under the Privacy Act.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply (e.g., where required by law).
Unsolicited personal information
There may be times when we receive personal information that we do not solicit. If this occurs, we will determine if you have given your consent and the information is necessary for us to provide our services, or whether the collection is required or authorised by or under an Australian law or a court/tribunal order. If it is, the information will be dealt with in accordance with the Australian Privacy Principles as if the information had been solicited.
If it is determined that we could not have obtained this information, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
Disclosure of personal information
In providing our services we may need to disclose personal information to a third party. This will be done to the extent that it is permitted by law and set out in this Policy.
Examples of the types of third parties we may disclose personal information to include:
⎯ Member organisations of the Amaze Accounting and their related bodies corporate and other associated entities
⎯ Companies or individuals contracted to assist us in providing services or who perform functions on our behalf (such as mailing houses, specialist consultants, barristers and solicitors, contractors, or temporary employees to handle peak period workloads, information technology service providers, superannuation fund trustees, insurance providers, fund managers, market research organisations and other product providers)
⎯ Courts, tribunals, and regulatory authorities, as required or authorised by law and in accordance with the Code of Ethics for Professional Accountants
⎯ Auditors or compliance officers, as required by Law or Professional Associations
⎯ Anyone else to whom you consent, such as banks, accountants, and other financial institutions.
Our client files (including your files and documents) may be subject to review as part of the quality review programs of our Professional Associations, for example CAANZ, CPA Australia or the Financial Planning Association of Australia, that monitor our compliance with mandatory professional standards or our own quality monitoring program. The Corporations Act also provides the Australian Securities and Investments Commission with the authority to inspect our client files. Compliance with these programs may involve the disclosure of your personal information. The same strict confidentiality requirements apply under these programs as apply to us as your advisor, consultant, accountant, or auditor.
Where you engage us to attend to your tax affairs we will assume (unless you advise otherwise) that you have specifically authorised us to deal directly with the Australian Tax Office (ATO) regarding day-to-day type matters. If, during our dealings with these bodies, they request information regarding you that we believe is outside of such matters, e.g., tax office audit, we will request your specific authority before complying with their request.
If we are required by law or professional obligations to disclose information about you or your organisation, we must co-operate fully. However, where possible we will advise you of this fact
Credit information and our Credit Reporting Policy
The Privacy Act contains provisions regarding the use and disclosure of credit information, which applies in relation to the provision of both consumer credit and commercial credit.
As we provide terms of payment of accounts which are greater than 7 days, we are considered a credit provider under the Privacy Act in relation to any credit we may provide you (in relation to the payment of your account with us).
We use credit related information for the purpose set out in Personal information we collect above and our Credit Reporting Policy.
We will store your credit information you provide us, or we obtain about you in accordance with our Credit Reporting Policy. Please refer to our Credit Reporting Policy if you wish to make a complaint about our handling of your credit information.
Security of your personal information
Amaze Accounting is committed to ensuring that the information you provide to us is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification, and disclosure.
Our employees are required to respect the confidentiality of personal information and the privacy of individuals, and privacy and data protection training is undertaken. As part of that training, all employees are required to read this policy and understand their obligations in respect to personal information.
Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the Privacy Act and GDPR and that have adequate measures in place to protect personal information against unauthorised use, loss, and theft.
The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.
We will retain your personal information only if necessary to fulfil the purpose for which it was collected, as required by law and the Australian Privacy Principles, or in accordance with our documentation retention policies.
Hosting and International Data Transfers
Depending on the nature of the engagement or circumstances of personal information collection, we may disclose your personal information to entities overseas to fulfil the purpose for which the personal information was collected or related purpose in accordance with the Privacy Act.
Data Transfers to this country will be protected by appropriate safeguards, these include one or more of the following:
⎯ The use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website.
⎯ The use of binding corporate rules, a copy of which you can obtain from the Privacy Officer at your local office (see contact details below).
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
There will be circumstances in which the disclosure of the information is required or authorised by Australian law or a court/tribunal order, the Code of Ethics for Professional Accountants, or where you have given your direct consent to disclose it.
Access to your personal information
You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act, and to the extent applicable the GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant, or misleading, please email us at the appropriate email address below.
We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law. If access is denied, we will explain the reason why it is denied. We will require you to verify your identity and to specify what information you require.
Keeping personal information up to date
We endeavour to ensure that the personal information we hold is accurate, complete, and up to date. Changes inevitably are required and unfortunately errors do occur from time to time. You should contact us immediately to update any changes to the personal information we hold about you.
General Data Protection Regulation (GDPR) for the European Union (EU)
Amaze Accounting complies with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use. We apply the general principles of GDPR to all individuals that we hold personal information on, regardless of nationality. Under these principles:
a. We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
b. We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
c. We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
d. We will process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
e. We will also process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
f. We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
g. You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. Amaze Accounting complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
a. To be informed how your personal information is being used.
b. Access your personal information (we will provide you with a free copy of it).
c. To correct your personal information if it is inaccurate or incomplete.
d. To delete your personal information (also known as “the right to be forgotten”).
e. To restrict processing of your personal information.
f. To retain and reuse your personal information for your own purposes.
g. To object to your personal information being used; and
h. To object against automated decision making and profiling.
Please contact us at any time to exercise your rights under the GDPR at the contact details in this Privacy Policy. We may ask you to verify your identity before acting on any of your requests.
Website and Cookies
When you come to our websites (https://amazeaccounting.com.au), we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
We may also collect personal information through subscription applications, event registration and emails. You are not required to provide personal information via our websites; however, you may choose to do so to receive communications on our services, apply for an employment position or receive invitations to events. Information collected via our digital marketing activities is treated in accordance with this privacy policy.
Cookies
We may from time to time use cookies on our websites. Cookies are very small files which a website uses to identify you when you come back to the site and to store details about your use of the site.
Cookies are not malicious programs that access or damage your computer. Most web browsers automatically accept cookies, but you can choose to reject cookies by changing your browser settings. However, this may prevent you from taking full advantage of our websites. Our websites may from time to time use cookies to analyse website traffic and help us provide a better visitor experience.
In addition, cookies may be used to serve relevant advertisements to website visitors through third party services such as Google AdWords. These advertisements may appear on our websites or other websites you visit.
Third party sites
Our websites may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that Amaze Accounting is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each website that collects personal identifiable information.
Social media platforms
You may wish to participate in the various social media platforms hosted by us and which we make available to you. These platforms are designed to facilitate and share content. We cannot be held responsible if you publicly share personal information on these sites that is subsequently used, misused, or otherwise appropriated by another party/entity.
Changes to Privacy Policy
Please be aware that this policy may be updated as and when required, for example, to consider new laws, changes to our operations and practices, changes in the business environment and technology. We may modify this Policy at any time, in our sole discretion and all modifications will be effective immediately upon our posting of the modifications on our websites. Please check back from time to time to review our Privacy Policy.
Complaints about privacy
If you have any complaints about our privacy practices, please feel free to send in details of your complaints to the relevant email address below. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
If you would like access to your personal information, or have any questions about privacy-related issues, you should contact the Privacy Officer in your local office at the email address below.