Purpose of the policy

This is the privacy policy of Vincents Chartered Accountants ABN 69 984 359 704 (“Vincents”) and our related entities.

In this document, the expressions “we”, “us” and “our” are a reference to Vincents. The term “you” and “your” refers to the website user or reader of this document.

The purpose of this policy is to clearly express an up-to-date policy about our management of personal information.

We are committed to protecting your personal information. By submitting your personal information to us, or by using our services, you acknowledge and consent to us using your personal information in accordance with this policy.

This policy is intended to enhance the transparency of our firm’s operations, notify you of your rights and our obligations, and provide you with information regarding:

  1. the kinds of personal information which we will collect and hold;
  2. how we will collect, hold, use and disclose personal information;
  3. the purpose for which we collect, hold, use and disclose personal information;
  4. how you may access personal information that is held by us and seek correction of such information;
  5. how you may complain about a breach of the Australian Privacy Principles (APP) or registered APP code (if any) that binds us and how we will deal with such complaint;
  6. whether we are likely to disclose personal information to overseas recipients;
  7. if we are likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located.

This Privacy Policy sets out how we comply with our obligations under the Privacy Act 1988 (Act).

Acknowledgement

We acknowledge that we must take reasonable steps when handling personal information.

Whilst we cannot warrant that this policy will be followed in every instance we will endeavour to follow this policy on each occasion. Similarly, while we cannot warrant that loss, misuse or alteration of information will never occur, we will take all reasonable steps to prevent these things from occurring.

Our firm has taken reasonable steps to endeavour to comply with the APPs and the Act, some examples are noted below.

  1. Implementation of this privacy policy.
  2. Staff training and education.
  3. Use of checklists to ensure that all APPs are complied with.
  4. Clear and transparent procedures regarding the handling of complaints and disclosure of information.

Our policy is available on our website however should you require a hardcopy please contact Gemma Davidson, our People and Culture Manager, on (+61) 7 3228 4000 and she will provide you with a copy.

  1. The kinds of personal information which we will collect and hold

Collection

It is our usual practice to collect personal information directly from the subject individual or their authorised representative(s), such as a solicitor or another accountant.

Personal information means information or an opinion (including information or an opinion forming part of a database), whether true or not, and whether or not recorded in a material form, about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Sensitive information means any information about your health, race, ethnic origin, sexual orientation or practices, professional or trade memberships, and political, religious, and philosophical beliefs.

Some examples of some personal information we might collect are:

  1. name;
  2. address;
  3. contact details (such as telephone numbers, addresses, and email addresses etc.);
  4. date of birth;
  5. job title;
  6. tax file number declaration;
  7. identification details (such as visa and work permit status, driver’s license, and/or passport details;
  8. financial information; and
  9. payment details.

We use different types of technology to collect your personal information, including tracking technologies such as cookies.

Identification

You may choose to interact with us using a pseudonym and/or not identify yourself.

In circumstances where we are required to do so, or are authorised by law, a court or tribunal to ask for your identification, we will request your personal information.

Further it is likely that it will be impractical for us to interact with you without some form of identification, and therefore we will request identification details from you at the beginning of each transaction.

If you do not consent to the collection of your personal information, in accordance with this privacy policy, we may be unable to efficiently respond to a request, answer a query or provide the services requested.

How we will collect and hold your personal information

We only collect and hold personal information by lawful and fair means.

We may collect personal information about you in a range of different ways, including when you:

  1. liaise with us on the telephone;
  2. send us correspondence;
  3. visit and interact with us through our website;
  4. apply for a position within our firm;
  5. provide information for the purposes of financial services our firm provides;
  6. have contact with us in person (e.g. via general networking, via attendance at our education events, or one-on-one meetings).

In some circumstances, we may collect and hold personal information that has been collected from a third party or publicly available source (such as social media platforms). This will likely occur in instances where:

  1. you have consented for this collection (which would usually be via our privacy statement and/or credit application form); or
  2. you would reasonably expect us to collect your personal information in this way and it is necessary for us to collect this information for a specific purpose (such as investigation of a complaint).

We will take steps to hold personal information in a manner which is secure and protected from unauthorised access.

Your information may be held in either a physical form or in electronic form on our IT system.

Where stored in electronic form on our IT system, we will take steps to protect the information against modification, disclosure or misuse by including such things as physical restrictions, password protections, internal and external firewalls, intrusion detection, site monitoring processes, and anti-virus software.

We will also endeavour to ensure that our service providers have protection for electronic IT systems and other necessary restrictions.

We will endeavour to ensure our staff are trained with respect to the security of the personal information we hold and we will restrict any access where necessary.

While we retain information for as long as necessary in relation to the purposes for which it is collected, we will endeavour to destroy and de-identify the personal information once it is no longer required, except as required for business record purposes.

In the event we hold personal information that is unsolicited, and we were not permitted to collect it, the personal information will be destroyed as soon as practicable.

If we collect personal information about you from someone else, we will advise you as soon as practicable that this information has been collected and the circumstances which surround the collection.

Cookies and the collection of personal information via our website

When you visit our website, we may collect information about the session between your computer and our website through the use of cookies.

Cookies are text files which are stored on your computer or mobile device (by your web browser) that record specific information, such as which pages you visit, the information you have searched for, or the device you are using to access our website.

We use cookies for the purposes of managing and improving our website, improving our business functions, gathering demographic information about the persons who visit our website, displaying ads on websites and social media platforms based upon your browsing history, and displaying content of interest specific to you, among other things.

The following third parties store the following cookies on our website:

  1. Google Analytics (provided by Google Inc.) to enable us:
    1. to perform statistical analyses (e.g. number of visitors, information on gender, age, location, interests and the like to learn about our visitors); and
    2. to improve the website friendliness and usability (e.g. on the basis of website traffic measurements).
  2. Youtube (provided by YouTube LLC.) to store session preferences (e.g. language) and suggest other content based on your previous uses (only activated when you are logged in to Youtube when visiting our website and only when clicking the YouTube button).
  3. Facebook (provided by Facebook, Inc.) to identify users logged in to Facebook for the purpose of sharing content on Facebook (only when you are logged in to Facebook when visiting our website and only when clicking the Facebook button).
  4. LinkedIn (provided by LinkedIn Corp.) to enable the “follow” and “share” features of LinkedIn (only when you are logged in to LinkedIn when visiting our website and only when clicking the LinkedIn button).
  5. Instagram (provided by Instagram Inc.) to enable the “pin” and “share” features of Instagram (only when you are logged in to Instagram when visiting our website and only when clicking the Instagram button).
  6. Twitter (provided by Twitter, Inc.) to enable the “tweet” feature of Twitter (only when you are logged in to Twitter when visiting our website and only when clicking the Twitter button).
  7. PHPSESSID is used to store and identify a users’ unique session ID for the purpose of managing user session on the website. The cookie is a session cookie and is deleted when all the browser windows are closed.
  8. ga (provided by Google Analytics) to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
  9. _gat (provided by Google Universal Analytics) to throttle the request rate. These cookies are used to collect information about how visitors use our website. We use this information to compile reports and to help us improve the website.
  10. _gid (provided by Google Analytics) to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form.
  11. wj_reg_track_195236 (provided by WebinarJam) to track the number of visitors to a website page which have a webinar registration button.
  12. wordpress_test_cookie (provided by WordPress) to check if the cookies are enabled on the browser to provide appropriate user experience to the users.
  13. IDE (provided by Google DoubleClick) to store information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
  14. VISITOR_INFO1_LIVE (provided by Youtube) to track the information of the embedded YouTube videos on a website.
  15. YSC (provided by Youtube) to track the views of embedded videos.
  16. GPS (provided by Youtube) to register a unique ID for tracking users based on their geographical location.
  17. NID contains a unique ID Google uses to remember your preferences and other information, such as your preferred language, how many search results you wish to have shown per page, and whether or not you wish to have Google’s SafeSearch filter turned on.
  18. reduxPersist:compliance (provided by Anchor) to remember whether the user has minimised or closed chat-box or pop-up messages on the website.
  19. reduxPersist:localStorage (provided by Anchor) to implement audio-files on the website, and determines how many and who have listened to these files.
  20. reduxPersistIndex (provided by Anchor) to maintain website settings across multiple visits.
  21. AWSELB (associated with Amazon Web Services) for managing sticky sessions across production servers.
  22. AWSELBCORS registers which server-cluster is serving the visitor. This is used in context with load balancing, in order to optimize user experience.

You may elect to disable or turn off cookies in your web browser, however, this may impact upon the services we are able to offer you on our website and may impact upon your ability to access certain features of our website.

Our server will also automatically record your Internet Protocol address (IP address).

An IP address is a numerical designation assigned to each device connected to a computer network by your internet service provider. While IP addresses can be used to identify the general physical location of a computer, they are otherwise anonymous, and we will not use your IP address to identify you.

The purpose for which we collect and hold personal information

We will endeavour to only collect and hold personal information which is relevant to the operation of our firm.

Our purpose for collecting or holding personal information about you is so that it may be used directly for our firm’s functions or activities.

We may use your personal information for the functions or activities of our firm, which include, among other things:

  1. providing our suite of services, which include, among other things, assurance & risk advisory, business advisory, financial advisory, forensic services, taxation advisory, insolvency and reconstruction, corporate advisory, and lending solutions;
  2. reviewing existing credit terms;
  3. assessing credit reports and credit worthiness;
  4. assessing credit guarantees (current and prospective);
  5. collecting overdue payments;
  6. internal management purposes;
  7. administering accounts;
  8. facilitating service reviews and surveys;
  9. education and networking events;
  10. business development and marketing purposes (including our newsletter communications);
  11. sales and billing;
  12. insurance purposes; and
  13. training and recruitment.

We may also collect personal information (including sensitive information) for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.

We may also collect personal information from other credit providers, Credit Reporting Bodies (CRB) and any other third parties for the purposes of our firm’s functions and activities including, but not limited to, credit, services, marketing and administration.

The purpose for which we use and disclose personal information

We will endeavour to only use and disclose personal information for the primary purposes noted above in relation to the functions or activities of our company.

In addition, we may also use and disclose personal information (including sensitive information) for both the primary purposes specified herein and purposes other than the primary purposes, including the purpose of direct marketing.

Unless one or more of the below scenarios has occurred, we will take necessary steps to prevent personal information from being given to government agencies or other organisations.

  1. You have provided your consent.
  2. You would reasonably expect that your information would be so disclosed.
  3. We have informed you that that your personal information will be provided to a third party.
  4. We are required by law to provide your personal information to a government agency or other organisation.
  5. The disclosure of the information will prevent a serious threat to somebody’s life or health.
  6. The disclosure of the information reasonably necessary for the enforcement of criminal law.

Further we will endeavour to only disclose personal information for the purpose in which it was collected, unless disclosure is reasonably necessary to:

  1. assist in locating a missing person;
  2. lessen or prevent a serious threat to life, health or safety;
  3. take appropriate action with suspected unlawful activity or serious misconduct;
  4. facilitate or assist with diplomatic or consular functions or activities;
  5. assist certain defence force activities outside Australia;
  6. establish or exercise a defined legal or equitable claim; or
  7. facilitate or assist confidential alternative dispute resolution activities.

Direct Marketing

We will take steps not to disclose personal information for direct marketing purposes unless consent has been provided.

In any event you will be provided with an opt out option with respect to direct marketing should you wish to be excluded from direct marketing.

If you do not elect to ‘opt out’ to receiving direct marketing material from us, you consent to us using personal information (other than sensitive information) provided to us for direct marketing purposes.

We may however use sensitive information for direct marketing purposes if you provide your consent to do so.

You may at any point in time, request to no longer receive direct marketing material from us by opting out or by following the ‘unsubscribe’ link provided in our electronic communications, or by contacting our firm’s marketing manager:

Victoria Cole
Email: 

We will record this information on our opt out register.

Direct Marketing and Third Parties

We may also from time to time, if we have received your consent, provide your personal information to a third party for the purposes of direct marketing.

You may at any time request the source of the personal information that has been disclosed.

Government Related Identifiers

We will endeavour not to use or disclose a government related identifier unless:

  1. the use or disclosure of the identifier is reasonably necessary for us to verify your identity for the purposes of our activities or functions; or
  2. the use or disclosure of the identifier is reasonably necessary for us to fulfil our obligations to an agency or a State or Territory authority; or
  3. the use or disclosure of the identifier is required or authorised by or under an Australian law or a court/tribunal order; or
  4. a permitted general situation (as that term is defined in the Act) exists in relation to the use or disclosure of the identifier; or
  5. we reasonably believe that the use or disclosure of the identifier is reasonably necessary for one or more enforcement related activities conducted by, or on behalf of, an enforcement body.

Disclosure to CRBs

As indicated above, we may disclose personal information to a CRB in accordance with the permitted disclosures as defined under the Act.

We may disclose your Credit Information to a CRB, including the following listed below:

Equifax

Level 15, 100 Arthur Street

NORTH SYDNEY NSW  2060

Tel: 138 332

Illion

Level 2, 143 Coronation Drive

MILTON QLD 4064

Tel: 1300 735 806

Experian

Level 6, 549 St Kilda Road

MELBOURNE VIC 3004

Tel: 1300 783 684

A copy of the credit reporting policy for the CRBs listed above will be available on their website or will be provided in hard copy upon request.

How you may access your personal information

You are entitled to access your personal information held in our possession.

We will endeavour to respond to your request for personal information within a reasonable time period or as soon as practicable in a manner as requested by you. We will normally respond within 30 days.

You can make a request for access by sending an email or letter addressed to Gemma Davidson, our People and Culture Manager, details specified below.

Gemma Davidson
People and Culture Manager
Vincents Chartered Accountants
Level 34, Santos Place
32 Turbot Street
Brisbane QLD 4000
Phone: (+61) 7 3228 4000
Fax: (+61) 7 3228 4099
Email:

With any request that is made we will need to authenticate your identity to ensure the correct person is requesting the information.

We will not charge you for making the request, however if reasonable we may charge you with the costs associated with your request.

You will only be granted access to your personal information where we are permitted or required by law to grant access. We are unable to provide you with access that is unlawful.

Further we are not required to and will not, give access to personal information to the extent that:

  1. we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
  2. giving access would have an unreasonable impact on the privacy of other individuals; or
  3. the request for access is frivolous or vexatious; or
  4. the information relates to existing or anticipated legal proceedings and the information would not be accessible in normal discovery procedures; or
  5. giving access would reveal the intentions of us in relation to negotiations and this disclosure would prejudice those negotiations; or
  6. denying access is required or authorised by or under an Australian law or a court/tribunal order; or
  7. we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, or may be engaged in;
  8. giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
  9. giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or
  10. giving access would reveal evaluative information generated within us in connection with a commercially sensitive decision-making process.

If we refuse access to the information, written notice will be provided to you setting out:

  1. the reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so); and
  2. the mechanisms available to complain about the refusal; and
  3. any other matter prescribed by the regulations.

Correction

Should we hold personal information and it is inaccurate, out of date, incomplete, irrelevant or misleading, or incorrect you have the right to make us aware of this fact and request that it be corrected.

If you would like to make a request to correct your information, please contact our People and Culture Manager on the details above.

In assessing your request, we need to be satisfied that the information is inaccurate, out of date, incomplete, irrelevant or misleading.  We will then take all reasonable steps to ensure that it is accurate, up-to-date, complete and not misleading.

It is our normal policy to resolve any correction requests within 30 days. If we require further time, we will notify you in writing and seek your consent.

Should we refuse to correct your personal information written notice will be provided to you setting out:

  1. the reasons for the refusal (except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so); and
  2. the mechanisms available to complain about the refusal; and
  3. any other matter prescribed by the regulations.

We will endeavour to notify any relevant third parties of the correct personal information where necessary and required.

Notifiable Data Breaches

A Notifiable Data Breach is an event where access to your personal data has been gained and there is a risk of serious harm or it is suspected that there is a serious risk to you.

In the event of a Notifiable Data Breach, we will notify you. Examples of Notifiable Data Beaches include:

  1. loss or theft of physical devices (such as laptops and storage devices) or paper records that contain personal information;
  2. unauthorised access to personal information by an employee; and
  3. inadvertent disclosure of personal information due to ‘human error’, for example an email sent to the wrong person.

The purpose of this notification is to allow you to change your access details such as passwords to protect your identifiable data.

In the event of a potential or notifiable breach, Vincents abides by the 4-step approach endorsed by the Office of the Australian Information Commissioner, which are to:

  1. contain the breach;
  2. access the width and depth of the breach;
  3. notify the relevant authorities and affected clients and parties; and
  4. review the breach and ensure further measures are enforced.

Complaints

In the event that you wish to make a complaint about a failure of us to comply with our obligations in relation to the Act or the APPs please raise this with either:

Jonathan Dooley

Executive Chairman

Vincents Chartered Accountants

Level 34, Santos Place

32 Turbot Street

Brisbane QLD 4000

Phone: (+61) 7 3228 4000

Fax: (+61) 7 3228 4099

Email:

Rebecca McGough

Operations Manager

Vincents Chartered Accountants

Level 34, Santos Place

32 Turbot Street

Brisbane QLD 4000

Phone: (+61) 7 3228 4000

Fax: (+61) 7 3228 4099

Email:

We will provide you with a receipt of acknowledgment as soon as practicable, or, in any event, within 7 days.

We will then endeavour to respond to your complaint and attempt to resolve the issues within 30 days.

In dealing with your complaint we may need to consult another credit provider or third party.

If you are not satisfied with the process of making a complaint to our Executive Chairman or Operations Manager, you may make a complaint to the Information Commissioner. Details of which are below.

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Email:
Telephone: 1300 363 992
Facsimile: (02) 9284 9666

The Information Commissioner can decline to investigate a complaint on a number of grounds including, among other things, where the complaint wasn’t made at first to us.

For more information about privacy in general, you can visit the Australian Information Commissioner’s website: https://www.oaic.gov.au/.

Disclosure to overseas recipients

We may choose to, if permitted by law, share and/or disclose your personal information with recipients outside of Australia.

We are required to notify you with a list of any countries which personal information may be transmitted to or disclosed where it is practical for us to do so.

At present, personal information may be stored on servers located outside our firm’s premises and may be located on servers outside of Australia, in countries such as Singapore and the United States of America, in order to provide a fast and secure connection with our firm’s team in the Philippines.

Queries

If you have any queries regarding our credit reporting policy or wish to find out more regarding any of our privacy policies, please contact our People and Culture Manager on the details list above.

Changes to this privacy policy

We will update this privacy policy from time to time. We therefore recommend that you read it each time you visit our website. If you do not agree with the privacy policy at any time, please do not continue to use our website. If you do continue to use our website, you are deemed to have accepted the terms of the privacy policy as they appear at the time of use.