1. COLLECTION OF PERSONAL INFORMATION
- Only necessary personal information will be collected from clients for purposes directly related to their bookkeeping contracts.
- Staff members of E-BAS Accounts will not attempt to collect personal information from clients in an unlawful or disrespectful manner.
- Staff members will not collect personal information from third party persons about clients information will only be collected directly from clients themselves. If circumstances prevent staff members from obtaining data from clients directly and third party persons must be engaged, then clients will be notified in due course of the collection process.
- Clients from whom information is collected will be informed of the purpose of the collection.
- Clients from whom information is collected will be informed that they may access that information at any time.
- Clients will be informed if any of their personal information will be disclosed to other person or agency and the reason for such disclosure.
- The principal and/or staff member of E-BAS Accounts will ensure that all information collected from clients is kept updated and current and that it continues to be relevant to the bookkeeping assignment concerned.
2. STORAGE AND SECURITY OF PERSONAL INFORMATION
- All collected information will be protected from loss, unauthorised access, use, modification or disclosure or any other misuse intended or unintended.
- Collected information which is disclosed to others (with clients permission) will be protected in the same fashion as per above.
- All client personal records and documents relating to the clients business will be returned to the client, removed from computers and filing systems and/or destroyed (depending on clients wishes) when the clients contract with E-BAS Accounts has been terminated.
3. ACCESS TO RECORDS CONTAINING PERSONAL INFORMATION
- Clients will have unrestricted access to their personal information at all times except in circumstances where upon the principal and/or staff members are required by law to withhold such information or if providing access would create a serious and imminent threat to the life and/or health of any individual.
- Clients will not be charged a nominal administrative fee to access their personal information but will be expected to cover postage costs etc. where necessary.
4. ALTERATION OF RECORDS CONTAINING PERSONAL INFORMATION
- The principal and staff members will ensure that all information collected from clients is accurate, relevant and complete.
- Corrections, deletions and additions to clients’ records may be made in order to ensure that the records are kept accurate, up-to-date and complete.
- The principal and/or staff members shall amend a client’s record at their request and will attach a statement of request from the client to their record as confirmation of that client’s request.
- Clients will be provided with reasons if it is found that any alterations to their records cannot be made.
5. USE OF INFORMATION COLLECTED
- All information collected from clients shall only be used for the purposes of maintaining the clients bookkeeping agreement.
- The principal and/or staff members must receive the clients consent before using any information pertaining to that client for any other purpose other than that of maintaining the bookkeeping agreement.
- The principal and/or staff members may use a client’s personal information for the purpose of satisfying the requirements of enforcing criminal law if necessary or to prevent or lessen a serious injury or threat to life pertaining to that client and/or any other individual.
6. LIMITS ON DISCLOSURE OF PERSONAL INFORMATION
- The principal and/or staff members may disclose a client’s personal information to other persons or agencies if that client has been informed of such disclosure and has previously consented to it.
- Disclosure of personal information to other persons or agencies may occur where it is impractical to contact the client. The client will be advised of the disclosure when it is again possible to contact that client.
- The principal and/or staff members may disclose a client’s personal information to other persons or agencies if he/they believe that the disclosure is necessary to prevent or lessen a serious injury or threat to life pertaining to that client and/or other individual.
- The principal and/or staff members may disclose a client’s personal information to members of law enforcing agencies for the purposes of enforcing criminal law.
- Where the principal and/or staff members disclose a client’s personal information to members of the law, a record of such disclosure must be kept with that client’s general information.
- If requested by a member of the general public, E-BAS Accounts will take reasonable steps to let that person know what sort of personal information it holds, for what purposes, and how it collects, holds, uses and discloses that information.
- If E-BAS Accounts is required by legislation to ask a client for government department (or other agencies) identifiers such as a Tax File Number or Medicare Number etc, those identifiers will be only be used in compliance with the appropriate legislation and will be stored securely in the clients information file. Note: Clients names or Australian Business Numbers are not classified as identifiers.
- Staff at E-BAS Accounts will not disclose any identifiers pertaining to clients to any agencies or third party persons unless the use or disclosure is necessary in order for E-BAS Accounts to fulfil its obligations to the agencies or third party persons concerned.
- Clients must identify themselves to staff at E-BAS Accounts in order for the bookkeeping agreement to be activated.
- Members of the general public do not have to identify themselves to staff when making general enquiries about the services provided by E-BAS Accounts.
10. TRANSBORDER DATA FLOWS
- E-BAS Accounts may disclose a client’s personal information to a foreign person or organisation only when:
- The client provides consent to do so;
- The client was not contactable but the client was likely to have given consent;
- The bookkeeping contract between the bookkeeper and the client requires such disclosure in order to enable or complete that contract;
- The foreign person or organisation has similar privacy laws as per the Privacy Act 1988 in Australia and staff at E-BAS Accounts have ensured that the foreign person or organisation will abide by the ten National Privacy Principles taken from the Privacy Act 1988.
11. SENSITIVE INFORMATION
- It is not anticipated that staff at E-BAS Accounts will need to collect sensitive information about clients. If this event becomes necessary, staff will only collect the information when:
- The client has consented to the collection;
- The collection is required by law;
- The collection is required to prevent serious and imminent threat to the life or health of a client or other individual.
12. TAX FILE NUMBER INFORMATION
- The principal and/or staff members may not collect record or disclose a client’s tax file number information in an unauthorised manner.
- The principal and/or staff members must be made aware of the client’s right to privacy in relation to his tax file number and the possible penalties which may be enforced if that client’s tax file number information is used in an unauthorised manner.
- The principal and/or staff members will ensure that every effort is made to protect a client’s tax file number information from loss, unauthorised access, modification and disclosure whether that information is stored in physical or electronic form.
- The principal will ensure that all staff members who have access to clients’ tax file number information will use such information only for the purposes of tax-related functions.
- The principal and/or staff members shall not cross-match tax file number information unless it is necessary to do so to satisfy obligations under a taxation law.
13. CREDIT CARD INFORMATION
- A code of conduct must be issued to explain the storage of, security of, access to, correction of, use of and disclosure of a client’s credit card information.
- The principal and/or staff members must adhere to that code of conduct when using a client’s credit card information.
- Personal information obtained from staff members in the normal recruiting process of their employment shall be obtained via the appropriate document/s and processes and with their express permission.
- Employee personal information will be kept securely and protected from loss and/or misuse.
- Employee personal records will be kept up to date, current and complete and will be altered or corrected at the request of the employee/s if required.
- Employees will have access to their personal records and/or information when and if required.
Employee personal information will not be disclosed to other agencies and/or persons except those expressly involved in the employment process such as the Australian Tax Office and/or employees’ superannuation funds. Employees will be informed if any of their personal details are to be disclosed to third party persons or agencies and the reasons for the disclosure.