Privacy Policy

 At Deduct Tax Accountants, we are committed to protecting the privacy of our clients’ personal information. This privacy disclosure statement explains how we collect, use, and manage your personal data in accordance with the Australian Privacy Act 1988 and other applicable regulations. By engaging our services, you consent to the collection and use of your information as outlined below.

We collect personal information that you provide to us directly, including your tax file number, name, address, contact details, spouse details and financial details required for tax preparation and accounting services. Additionally, we may collect information indirectly through the ATO, your employer or authorised representatives, such as payroll data or financial records necessary for business reporting.

The personal information we collect is used to provide accounting and tax preparation services. We may also use your information to comply with legal obligations, such as reporting to the Australian Taxation Office. Your information will not be used for marketing purposes without your explicit consent.

All personal information is stored securely in encrypted databases and physical records are kept in locked cabinets with restricted access. We use multi-factor authentication for all digital systems and regularly monitor our networks for potential security breaches. Personal data is retained until business closure and for up to 5 years after business closure, after which it is securely deleted.

At Deduct Tax Accountants, we may disclose your personal information to third parties to deliver our services effectively and comply with legal obligations. These disclosures are limited to what is necessary and are carried out under strict confidentiality agreements and data protection measures.

Types of third parties:

• Government agencies:
  We may disclose your tax file number (TFN) and financial details to the Australian Taxation Office (ATO) to fulfill tax reporting obligations.
• Cloud service providers:
  Client records are stored on secure, ISO-certified cloud platforms (Amazon Backup Services). These providers comply with data protection regulations, including the Australian Privacy Act and GDPR.
• Financial software vendors:
  We use Xero, to process financial data. Xero is contractually required to maintain the confidentiality and security of your information.

Circumstances for disclosure:

• Legal compliance:
  We may share your data with regulatory bodies or law enforcement agencies when required by law, such as during audits or investigations.
• Service delivery:
  Personal data may be shared with third-party contractors, such as external auditors or financial consultants, to provide specialised services. For example, if you engage us for business advisory services, we may share financial summaries with a consultant specialising in business valuations.

Security measures in data sharing:

• We ensure documents are sent securely via DropboxSign and tax returns or documents involving tax file numbers are password protected. 
• For cloud storage, all data is encrypted during transmission and at rest, and access is restricted to authorised personnel.

Disclosure with consent:

• Certain data disclosures require your explicit consent. For instance, if you are obtaining finance and your broker contacts us for copies of your tax documents, you will need to provide express consent. 
• You can provide or withdraw consent at any time by contacting us at springfield@deduct-tax.com.au.

At Deduct Tax Accountants, we respect your rights to access and correct the personal information we hold about you. Ensuring the accuracy of your data is a priority for us, and we have established simple processes to help you exercise these rights.

Access to personal information

You have the right to request access to the personal information we hold about you, including details about how it is being used and shared. For example, if you would like to review your tax return, you can submit a written request via email to springfield@deduct-tax.com.au or contact us by phone on 07 3418 4802.

Process:

• Submit your request in person, along with valid proof of identity OR via phone or email and verify your identity by answering several identity security questions. Document will be provided in person OR sent via password protected method.
• We will acknowledge your request within five business days and provide the requested information within 30 days, as required by the Australian Privacy Act.

Correction of personal information

If you believe the information we hold is inaccurate, incomplete, or outdated, you can request corrections. For instance, if your address has changed, notify us to update our records.

Process:

• Submit your correction request in writing, specifying the incorrect data and providing any supporting documents.
• We will review your request and update the information within 30 days. If we are unable to make the correction, we will explain why and add a note to our records indicating the requested change.

Limitations on access or corrections

There may be circumstances where we cannot fulfill your request for access or correction. For example:

• If granting access would compromise another person’s privacy.
• If the information is part of an ongoing legal investigation or regulatory compliance process.
• If we are legally required to retain the information in its current form.

In such cases, we will inform you of the reasons for our decision and provide details on how you can escalate your concerns.

At Deduct Tax Accountants, we are committed to protecting your personal information and ensuring that it is handled securely. However, in the unlikely event of a data breach, we have robust processes in place to assess and manage the situation promptly, minimising any harm to affected individuals.

What constitutes a data breach?

A data breach occurs when personal information is accessed, disclosed, or lost without authorisation.

Examples include:

• Unauthorised access to client tax records due to a phishing attack.
• Accidental disclosure of payroll information to the wrong recipient.
• Loss of unencrypted client data stored on a stolen laptop.

How we assess a breach

When a breach is identified, our team will conduct an immediate assessment to determine:

• The nature and extent of the breach (e.g., types of data involved, number of individuals affected).
• The likelihood of serious harm to affected individuals, such as identity theft or financial fraud.
• Whether the breach requires notification under the Notifiable Data Breaches Scheme (NDBS) or other applicable laws.

Notification obligations

If a breach is likely to result in serious harm, we will notify:

• Affected individuals: You will be informed as soon as possible about the breach, including details of what occurred and steps you can take to protect yourself. For example, if your bank account details are compromised, we may advise you to monitor transactions and change your account credentials.
• Regulatory authorities: For Australian clients, we will notify the Office of the Australian Information Commissioner (OAIC) within the required timeframe. For clients in the European Union, we will comply with GDPR requirements to report breaches to the appropriate supervisory authority within 72 hours.

Information included in the notification

Notifications will include:

• A description of the breach and the data involved.
• The potential impact on you, such as the risk of identity theft or financial loss.
• Steps we have taken to contain the breach and prevent further incidents.
• Recommendations for protecting yourself, such as changing passwords or contacting your financial institution.
• Contact details for our Privacy Officer, who can provide further assistance.

Steps to mitigate harm

Following a breach, we will:

• Secure our systems and data to prevent further unauthorised access.
• Offer support, such as credit monitoring services, to individuals whose financial information has been compromised.
• Review and update our security practices to address vulnerabilities and prevent similar incidents in the future.

Artificial Intelligence (AI) not used and not welcome

At Deduct Tax Accountants, we do not utilise AI software to store or process your information. All work, correspondence and processing is undertaken by a tax accountant or tax agent. We do not utilise AI technology to store or process your information due to information security, confidentiality, compliance and insurance reasons. 

We recommend that our clients do not utilise AI to generate or falsify records. In the event that we become aware of utilisation of AI by customers, we will report the incident to the Australia Taxation Office and to Anti Money Laundering/Counter Terrorism Financing agencies.