1. Introduction

VAAS GROUP PTY LTD (ABN 16 647 302 449), trading as The Weft Advisory (“The Weft Advisory”, “we”, “us” or “our”), respects your privacy and is committed to protecting the personal information entrusted to us. This Privacy Policy explains how we collect, hold, use, disclose, protect and otherwise manage personal information.

We handle personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Privacy (Tax File Number) Rule 2015, the Spam Act 2003 (Cth) and other applicable Australian laws and professional obligations.

This Privacy Policy applies to personal information collected through:

  • our website;
  • enquiries, appointments and consultations;
  • our accounting, bookkeeping, taxation, payroll and advisory services;
  • client onboarding and identity-verification processes;
  • downloadable guides, newsletters and other website resources;
  • email, telephone, video meetings, client portals and other communications;
  • recruitment and employment enquiries; and
  • dealings with clients, prospective clients, suppliers, contractors and professional partners.

2. What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

Some personal information may also be classified as sensitive information. Sensitive information can include information about a person’s health, racial or ethnic origin, religious beliefs, professional memberships or other matters protected under Australian privacy law.

3. The personal information we collect

The kinds of personal information we collect depend on your relationship with us and the services you request.

Identity and contact information

We may collect:

  • your full name;
  • date of birth;
  • residential, postal or business address;
  • email address;
  • telephone number;
  • signature;
  • occupation and employment details;
  • business ownership or directorship information; and
  • details of authorised representatives, employees, beneficiaries, dependants or related parties.

Government and identification information

Where reasonably necessary or required by law, we may collect:

  • Tax File Numbers;
  • Australian Business Numbers;
  • Australian Company Numbers;
  • Director Identification Numbers;
  • driver licence details;
  • passport details;
  • Medicare or other identification information;
  • visa or residency information; and
  • documents used to confirm your identity.

We will only collect, use and disclose Tax File Number information and other government-related identifiers where permitted or required by law. We will not use a government-related identifier as our own identifier unless legally permitted to do so.

Financial, taxation and accounting information

We may collect:

  • bank account and payment details;
  • income and expenditure information;
  • assets, liabilities and investment information;
  • tax returns, assessments and taxation records;
  • Business Activity Statements;
  • payroll, employment and superannuation information;
  • invoices, receipts, transaction records and bank statements;
  • accounting software records;
  • business forecasts and financial reports;
  • insurance information;
  • trust, company, partnership and superannuation fund information; and
  • other records necessary to provide our services.

Business information

We may collect information about:

  • your business structure and operations;
  • shareholders, directors, officeholders and beneficial owners;
  • employees, contractors and suppliers;
  • customers and business relationships;
  • business performance and cashflow;
  • licences, registrations and regulatory obligations; and
  • commercial plans and objectives.

Information relating solely to a business may not always be personal information. However, we will manage it securely and confidentially.

Sensitive information

We may occasionally collect sensitive information where it is relevant to the services we provide. For example, certain taxation, estate-planning, payroll, insurance or advisory matters may involve information about health, disability, family circumstances or professional memberships.

We will only collect sensitive information with your consent or where its collection is otherwise permitted or required by law.

Website and technical information

When you access our website, we or our technology providers may collect:

  • your Internet Protocol address;
  • browser type;
  • device type and operating system;
  • referring website;
  • pages viewed;
  • the date and time of your visit;
  • interactions with website forms or content;
  • approximate geographic location; and
  • cookie, analytics and similar technology information.

Communications

We may retain records of:

  • emails and correspondence;
  • telephone conversations and messages;
  • meeting notes;
  • enquiries and complaints;
  • instructions and approvals; and
  • documents uploaded to our website or client systems.

We will notify you before recording a telephone or video conversation where notification or consent is required.

4. How we collect personal information

We generally collect personal information directly from you when you:

  • submit an enquiry or contact form;
  • request an appointment;
  • download a guide or other resource;
  • subscribe to our communications;
  • speak with us by telephone or video conference;
  • communicate with us by email;
  • engage us to provide services;
  • provide documents or access to accounting systems;
  • complete an onboarding, identification or authority form;
  • attend an event or consultation; or
  • apply for employment or contracting opportunities.

We may also collect personal information from:

  • your authorised representatives;
  • your employees, employer, business partners or related entities;
  • the Australian Taxation Office;
  • the Australian Securities and Investments Commission;
  • the Australian Business Register;
  • AUSTRAC and other government or regulatory bodies;
  • banks, superannuation funds and financial institutions;
  • accounting, payroll and practice-management software;
  • identity-verification service providers;
  • lawyers, financial advisers, auditors, insurers and other professional advisers;
  • publicly available registers and databases;
  • referral partners; and
  • other parties where you have authorised the collection or where collection is permitted by law.

Where practicable, we will obtain your consent before collecting personal information from a third party.

5. Remaining anonymous or using a pseudonym

You may browse general areas of our website without identifying yourself.

However, it will generally not be practical for you to remain anonymous or use a pseudonym when engaging us for accounting, taxation, bookkeeping, payroll, advisory or other professional services. We may need to verify your identity and obtain accurate information to comply with taxation, professional, regulatory and anti-money laundering obligations.

6. Why we collect, hold, use and disclose personal information

We may collect, hold, use and disclose personal information to:

  • respond to enquiries;
  • arrange consultations and appointments;
  • determine whether we can provide the requested services;
  • onboard and identify clients;
  • provide accounting, taxation, bookkeeping, payroll, business advisory and related services;
  • prepare tax returns, Business Activity Statements, financial statements and other reports;
  • communicate with the Australian Taxation Office, ASIC, AUSTRAC and other authorities;
  • administer payroll and superannuation obligations;
  • provide cashflow forecasting, Virtual CFO and business advisory services;
  • manage client relationships and instructions;
  • verify identity, beneficial ownership and sources of funds where required;
  • conduct customer due diligence and ongoing monitoring where required under AML/CTF laws;
  • prevent fraud, misconduct, money laundering and other unlawful activity;
  • process payments, issue invoices and recover debts;
  • maintain our business and professional records;
  • comply with legal, professional, insurance and regulatory obligations;
  • manage complaints and disputes;
  • protect our legal rights and the security of our systems;
  • improve our website, services and client experience;
  • provide resources, updates and marketing communications where permitted;
  • assess employment and contractor applications; and
  • undertake internal administration, quality assurance, training, auditing and business planning.

Where we collect personal information for a specific purpose, we will generally use it for that purpose or a related purpose that you would reasonably expect.

7. What happens if you do not provide information?

You are not required to provide us with personal information simply to browse our website.

However, if you do not provide information reasonably requested by us, we may be unable to:

  • respond fully to your enquiry;
  • verify your identity;
  • determine whether we can act for you;
  • provide accurate advice or professional services;
  • prepare or lodge documents;
  • comply with our legal or professional obligations; or
  • continue providing services to you.

8. Disclosure of personal information

We may disclose personal information to:

  • the Australian Taxation Office;
  • ASIC, the Australian Business Register and AUSTRAC;
  • Revenue NSW and other state or territory revenue authorities;
  • other government agencies, courts, tribunals or regulators;
  • banks, superannuation funds and financial institutions;
  • accounting, taxation, payroll and practice-management software providers;
  • cloud storage, email, communications and information-technology providers;
  • identity-verification and fraud-prevention providers;
  • document-signing and client-portal providers;
  • payment processors;
  • auditors, insurers, lawyers and other professional advisers;
  • contractors, consultants and team members who assist us in delivering services;
  • referral partners or other professionals where you have authorised a referral;
  • debt-recovery and dispute-resolution providers;
  • prospective purchasers or advisers in connection with a proposed business sale, restructure or merger; and
  • other parties where you have consented or where disclosure is permitted or required by law.

We do not sell or rent personal information to third parties.

We require people and organisations handling information on our behalf to maintain appropriate confidentiality, privacy and security standards.

9. Overseas access and disclosure

Some of our team members, contractors and technology service providers may be located outside Australia or may process information using systems located overseas.

Overseas recipients may be located in countries including Bangladesh and the United States, as well as other countries in which our cloud, communications and technology providers operate.

Where personal information is disclosed to an overseas recipient, we will take reasonable steps to ensure the information is handled in a manner consistent with applicable Australian privacy requirements, unless an exception under Australian law applies.

Overseas recipients may also be subject to the laws of their own jurisdictions, which may allow government authorities to access information in certain circumstances.

10. Direct marketing

We may use your name and contact details to send you:

  • newsletters;
  • taxation and regulatory updates;
  • invitations;
  • business resources;
  • service information; and
  • other communications that may be relevant to you.

We will only send electronic marketing communications where we have your consent or are otherwise permitted to do so.

You may unsubscribe at any time by:

  • using the unsubscribe function in the communication;
  • replying with an unsubscribe request; or
  • contacting us using the details at the end of this Privacy Policy.

We will process unsubscribe requests within the period required by law. Unsubscribing from marketing will not prevent us from sending communications necessary to provide services or administer our relationship with you.

11. Cookies and website analytics

Our website may use cookies, analytics tools, pixels and similar technologies to:

  • operate website functions;
  • remember website preferences;
  • understand how visitors use our website;
  • measure website performance;
  • identify technical issues;
  • improve our website and content; and
  • measure the effectiveness of campaigns, where applicable.

Cookies are data files stored on your device. You can manage or disable cookies through your browser settings. Disabling cookies may affect the availability or performance of some website features.

Our website may use third-party tools that collect information directly from your browser or device. Information collected by a third party will also be governed by that party’s privacy practices.

Where required, we will seek consent before using non-essential cookies or tracking technologies.

12. Third-party websites

Our website may contain links to websites, portals or services operated by third parties.

We are not responsible for the privacy, security or content practices of external websites. You should review the privacy policy of a third-party website before providing it with personal information.

13. Storage and security

We may hold personal information in:

  • electronic files and databases;
  • cloud-based systems;
  • accounting and practice-management platforms;
  • secure client portals;
  • email and communications systems; and
  • physical records.

We take reasonable steps to protect personal information against misuse, interference, loss, unauthorised access, modification and disclosure.

Our security measures may include:

  • access controls and user permissions;
  • multi-factor authentication;
  • password and account-management requirements;
  • encryption where appropriate;
  • secure backups;
  • confidentiality obligations;
  • staff training;
  • information-technology security controls;
  • vendor and contractor due diligence; and
  • procedures for identifying and responding to data breaches.

No electronic transmission or storage system is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

Please contact us promptly if you believe personal information provided to us has been lost, misused or accessed without authorisation.

14. Data retention and disposal

We retain personal information for as long as it is reasonably required to:

  • provide services;
  • maintain appropriate business and professional records;
  • comply with taxation, corporations, AML/CTF and other legal obligations;
  • satisfy professional and insurance requirements; and
  • manage complaints, disputes or potential legal claims.

When personal information is no longer required and we are not legally required to retain it, we will take reasonable steps to securely destroy or de-identify it.

Tax File Number information will be retained, protected and disposed of in accordance with the Privacy (Tax File Number) Rule 2015 and other applicable laws.

15. Data breaches

We maintain processes for responding to suspected or actual data breaches.

Where a data breach is likely to result in serious harm and notification is required under the Notifiable Data Breaches scheme, we will notify affected individuals and the Office of the Australian Information Commissioner as required by law.

We may also notify other regulators, authorities, insurers or affected organisations where required or appropriate.

16. Accessing your personal information

You may request access to personal information we hold about you by contacting us.

Before providing access, we may need to verify your identity. In some circumstances, Australian law may permit or require us to refuse access. If we refuse an access request, we will generally provide written reasons unless it would be unlawful or unreasonable to do so.

We will not charge you for making an access request. We may charge a reasonable amount for the costs involved in locating, preparing or providing access to information, where permitted by law. We will notify you of any proposed charge in advance.

17. Correcting personal information

We take reasonable steps to ensure personal information is accurate, complete, current, relevant and not misleading.

You may ask us to correct or update personal information by contacting us. We may request evidence to verify the requested correction.

Where appropriate, we may also notify third parties to whom we previously disclosed incorrect information.

18. Privacy complaints

You may contact us if you believe:

  • we have interfered with your privacy;
  • personal information has been handled improperly;
  • we have not responded appropriately to an access or correction request; or
  • we may have breached this Privacy Policy or applicable privacy law.

Please provide sufficient information for us to understand and investigate the complaint.

We aim to:

  • acknowledge a privacy complaint within five business days;
  • investigate the matter fairly and confidentially; and
  • provide a response within 30 calendar days, where reasonably practicable.

If additional time is required, we will let you know.

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner.

19. Children’s information

Our website and services are not directed primarily at children.

Where information about a person under 18 is required for taxation, payroll, estate-planning or another legitimate service, we will collect and manage that information in accordance with applicable law and, where appropriate, through a parent, guardian or authorised representative.

20. Changes to this Privacy Policy

We may update this Privacy Policy to reflect:

  • changes to our services;
  • changes to our website or technology;
  • changes to our information-handling practices; or
  • changes to legal, regulatory or professional requirements.

The updated version will be published on our website with a revised “Last updated” date.

We encourage you to review this Privacy Policy periodically.

21. Contact us

For privacy enquiries, access or correction requests, complaints or requests for a copy of this policy in another format, contact:

Privacy Officer
The Weft Advisory
VAAS GROUP PTY LTD
ABN 16 647 302 449
Campbelltown NSW 2560
Email: info@theweft.com.au
Phone: 0405 552 426