The policy applies to any personal information that you provide to Vincents in the course of your dealings with us. It also applies to any information about you that is provided to us by someone else such as a solicitor or another accountant. It does not apply to employee records, which are generally exempt from the legislation.
This policy is regularly updated and available to view on our website at vincents.com.au or in the event you do not have access to the internet you can request a copy from us by calling Gemma Davidson on 07 3228 4000.
“Personal information” is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
“Sensitive information” is a subset of personal information such as a person’s medical history, criminal record or professional organisation membership.
What personal information we collect and hold
Vincents collects and holds personal information that is necessary to the provision of services by us or a contractor or subcontractor, the recruitment and selection process and for marketing activities.
The types of personal information that we collect from you or about you will depend on the circumstances of collection and on the type of services you request from us. For example, we may collect details such as your name, date of birth, job title, email address, Tax File Number declaration, street and/or postal addresses, telephone number, visa and work permit status, drivers licence or passport details, bank account details, credit/debit card details and financial information relevant to any job or matter you engage Vincents to work on.
We may collect sensitive information if it is reasonably necessary in the circumstances. We understand you consent to the collection of all information provided to us for use in accordance with this policy, unless you tell us otherwise.
Personal information may also be collected where we are required to do so by law (for example child protection, work health and safety laws or other legislation in Australia).
How we Collect Personal Information
Vincents may collect personal information about you in a range of ways, including when you:
- Liaise with us on the telephone;
- Send us correspondence (whether by letter, fax or e-mail);
- Visit and interact with us through our website;
- Apply for a position within our firm;
- Provide information for the purposes of the financial services our firm provides as listed on our website www.vincents.com.au
- Have contact with us in person e.g. via general networking, attendance at our education events or one-on-one meetings.
Individuals do not have to reveal their identity or otherwise provide us with any personal information when dealing with us. However, if a person remains anonymous or goes by a pseudonym, we may be unable to efficiently respond to a request, answer a query or provide the services requested.
Cookies may be used in some areas of our website. These enable us to see how many times a page has been viewed and when and for how long, thus enabling us to make improvements for the benefit of our website visitors. Cookies are not used to determine or track the identity of any user of the site.
If a person contacting us via our website is concerned about Cookies, most browsers recognise when a cookie is offered and allow the user to opt out. If a person does this, they can still navigate on our website.
Similarly, we use Google Analytics to analyse our website usage so that we can make improvements for the benefit of users.
As well as collecting information directly from you, there may be occasions when we collect information about you from a third party.
- Legal counsel acting on your behalf;
- Another accountant, financial or business professional acting for you or who has previously acted on your behalf;
- From other service providers who collect information on our behalf;
- From market research companies contracted by us to obtain information so that we may improve and market our products and services;
- Referees provided by you for employment purposes;
- Credit references from your suppliers.
The Privacy Act prohibits us from obtaining credit references from credit reporting agencies without the consent of the party concerned. Like most businesses, we reserve the right to obtain credit reports on our clients. If you instruct us to act for you, you consent to us obtaining a credit report in relation to you. We will not disclose the contents of that report to anyone else. Unless expressly authorised by you.
Our staff are trained in the use and handling of personal information in accordance with the National Privacy principles. We advise we have internal policies in place to manage risks of disclosure and maintain your personal information safely. We undertake regular audits of our systems to maintain that we accord with the Privacy Act (1988).
Why we use your personal information
Vincents collects, holds, uses and discloses personal information from or about you or your organisation where it is reasonably necessary for the purposes of providing our suite of services; being Assurance & Risk Advisory, Business Advisory, Financial Advisory, Forensic Services, Taxation Advisory, Insolvency & Reconstruction, Corporate Advisory, and Lending Solutions, and in conducting our business and communications.
- To service and administer your accounting and business matters;
- To facilitate your participation in education and networking events held by Vincents and other affiliated organisations which you may be invited to via your email address
- To conduct marketing activities and market research; and
- Dealing with enquiries regarding prospective employment with us
Specific examples of the related purposes for which Vincents may collect, hold, use and disclose personal information include our administrative and accounting functions, processing your payments, providing you with information about other services provided by us, client satisfaction surveys, newsletter communications and statistical collations.
We may also use your personal information for marketing and promotional activities and for maintaining your subscription to our online newsletters.
Where we use your personal information for marketing and promotional communications, you can opt out at any time by following the ‘unsubscribe’ link provided or by contacting the firm’s marketing team.
Disclosure of personal information to third parties
Vincents may use the services of third parties as part of our business processes, to obtain certain services or to back up our information. In these circumstances personal information, we have collected may be disclosed as would reasonably be expected. In the course of providing services to you, we may also share your personal information with third parties including your staff, family members, your associated entities, government departments and other professional advisers. Currently we engage the services of accountants and bookkeepers in the Philippines and this may be extended to other locations in the future. As such, your personal information may be shared with them. We take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to personal information we disclose in the course of providing our services to you. Our
commitment to safeguarding the privacy of your personal information and our obligations under the Privacy Act and that we abide by the Australian Privacy Principles do not change as a result of such a transfer of personal information.
We also engage third party contractors to perform other services for us such as IT support and Systems Administration, which involves the handling of personal information we hold and disclose to them.
- To provide email and mail handling services;
- To provide electronic funds transfer services, credit card account processing and related services;
- To conduct market research;
- To provide catering and events services;
- To provide courier services; and
- To assist with obtaining payment from debtors.
In these situations, we will prohibit the third party contractor from using personal information except for the specific purpose for which we supply it. These contractors will only be supplied with the information necessary to provide the relevant service.
Other than the above, we will not disclose your personal information without your consent unless disclosure is either necessary to prevent a threat to life or health, authorised or required by law, reasonably necessary to enforce the law or necessary to investigate a suspected unlawful activity.
How we Store your Personal Information
We store your personal information on paper, by electronic means or both. Electronic means includes physical servers which are located on site at our premises, servers maintained by cloud service providers directly engaged by Vincents Xero, Intuit Quickbooks and MYOB , laptops, desktop computers, tablets and other mobile devices.
Personal information may also be stored on servers located outside our premises and may be located on servers outside Australia such as Singapore and The USA in order to provide a fast and secure connection with our team in the Philippines.
Electronically stored personal information is protected from misuse, loss or unauthorised access by ensuring our IT systems feature appropriate password protections, firewalls, intrusion detection and site monitoring processes. Data stored ‘in the cloud’ is protected by internal and external firewalls, limited access via file passwords, files designated read only or no access.
Your personal information is retained by us for as long as it is required for our business functions or any other lawful purpose. We use secure methods to destroy or permanently de-identify personal information we no longer need. The destruction of any personal information is destroyed in accordance with the terms you have engaged us upon and we have provided to you advice. We advise that the destruction of personal information is de-identified, thus protecting your personal information.
Notifiable Data Breaches Scheme
Though we make all reasonable efforts to reduce the risk of a data breach, Vincents has in place processes that ensure an effective response to any data breach that does occur to reduce or remove the risk of harm to individuals. Individuals In the event Vincents has a potential or notifiable breach, it abides by the 4 step approach in such situations endorsed by the Office of the Australian Information Commissioner which are to:
- Contain the breach; and
- Assess the width and depth; and
- Notify the appropriate authorities and affected clients and parties; and
- Review the breach and ensure further measures are enforced.
Access to and Correction of Information we hold about you
We will, on request, provide you with access to the information we hold about you, including for the purpose of correcting or updating that information, unless there is an exception under the APPs. A request for this personal information or to correct any information we may hold for you, can be made to:
We may recover from you our reasonable costs of supplying you with access to this information. Your request to provide access to this information will be dealt with in a reasonable timeframe.
If we refuse to provide you with access to the information, we will provide you with reasons for the refusal and inform you of any exceptions relied upon under the APPs.
Keeping your personal information up-to-date
We will take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect or use it.
If the personal information we hold about you is inaccurate, incomplete or out-of-date, please contact us and we will take reasonable steps to either correct this information, or if necessary, discuss alternative action with you. Please email to update information.
Resolving your Concerns
We will respond to any issue or complaint you raise in relation to your privacy including the collection, storage, use and disclosure of your personal information. Any issue and/or complaint we will undertake to provide a response to it in a reasonable time. We confirm that Vincents are bound by the Australian Privacy Principle code.
Complaints and Concerns
A complaint or concern can be mailed or emailed to the below:
- Gemma Davidson – People and Culture Manager
- Vincents: Level 34, 32 Turbot Street, Brisbane, QLD, 4000
We advise that on the receipt of a complaint or concern that:
- We will acknowledge receipt of the complaint within seven (7) days of it been received;
- Upon our response to you and should you convey to us you remain unsatisfied at our response, we will provide the complaint and our response to it, to an independent arbiter or conciliator that both parties agree to hear the dispute;
- Should this fail to resolve the dispute it will then be remitted to the Office of the Australian Information Commissioner for determination.
If a person is dissatisfied with our response to a complaint, they can contact the Office of the Australian Information Commissioner (OAIC). Information about how to make a complaint is accessible via the OAIC website at www.oaic.gov.au