Privacy Policy
-
O’Brien Burrell & Co Pty Ltd (we, us, our) is committed to protecting your personal information. We operate in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the professional standards set by the Tax Practitioner Board (TPB).
This Privacy Policy explains how we collect, use, store, disclose and protect personal and financial information, including information used to verify your identity.
A current version of this Policy is always available on our website at https://www.obrienburrell.com.au/
-
To provide accounting, taxation, and financial services, we must collect highly sensitive personal and financial data. This includes:
Identity Data: Full name, date and place of birth, gender. Government identifiers such as Tax File Numbers (TFN) and ABNs. Government-issued identification details, such as driver licence, passport, Medicare card, or other ID document numbers. Biometric information, such as a facial image or short video used to verify your identity.
Contact Data: residential or business address, email address, and telephone numbers.
Financial Data: bank account details, credit card numbers, shareholding portfolios, superannuation details, assets, liabilities, and loan information.
Employment & Income Data: Salary details, employment history, payslips, and fringe benefits details.
Any other information you choose to provide to us
We only collect personal information that is reasonably necessary for our business activities.
-
We collect and use your information solely for the following professional activities:
Preparing and lodging income tax returns, Business Activity Statements (BAS), and financial statements.
Providing corporate secretarial services and managing ASIC compliance.
Verifying your identity to comply with Anti-Money Laundering (AML) and Counter-Terrorism Financing (CTF) legislation.
Managing our business relationship, including billing and addressing enquiries.
Detect and prevent fraud, and keep our systems secure.
-
We collect personal information directly from you via various channels:
Client onboarding forms and questionnaires.
Face-to-face meetings, phone calls, and email correspondence.
Documents uploaded to our secure client portal.
Third Parties: With your explicit consent, we may collect data from banks, financial institutions, legal representatives, your employers, the Australian Taxation Office (ATO), or the Australian Securities and Investments Commission (ASIC).
-
We do not sell or rent your information. We disclose your data to third parties only in the following circumstances:
Government Agencies: Lodging returns with the ATO, ASIC, or other relevant state and federal regulatory bodies.
Professional Standards: Providing data to professional accounting bodies for mandatory quality control audits.
Regulators, law enforcement or other third parties: Where required or authorised by law
Software Providers: Sharing data with cloud-based accounting platforms (e.g., Xero, MYOB, QuickBooks) and with secure IT support providers who host our database.
Identity verification providers: This includes APLYiD and its authorised sub-providers, Commonwealth and State authorities and official record holders, via the DVS
-
Some of our service providers may store or process personal information outside Australia.
Where this occurs, we take reasonable steps to ensure that your personal information is handled in accordance with the Australian Privacy Principles, including contractual protections with our providers.
-
To verify your identity, we may use electronic identity verification services, including the Australian Government's Document Verification Service (DVS).
Where you have consented, your name, date of birth and identity document details will be securely sent to the relevant Commonwealth or State authority that issued your document. This may include passport offices, driver licence authorities, the Department of Home Affairs, Births Deaths and Marriages, or other authorised record holders.
These authorities check whether the details you have provided match their records.
We do not receive a copy of your government records. The authority returns only a match result, confirming whether your details match (yes or no).
This process may be carried out by accredited identity verification providers, including APLYiD (APLYiD Pty Ltd, ABN 36 632 866 794) and its sub-providers.
Further information about the DVS is available at idmatch.gov.au.
-
As part of identity verification, we may collect biometric information, such as a facial image or a short video of you holding your ID.
Biometric information may be used to:
Confirm that you are a real person and physically present
Match your image to the photograph on your identification document
Reduce the risk of fraud and identity theft
Biometric information is treated as sensitive information under the Privacy Act. We use it only for identity verification and related compliance purposes, and only with your consent.
-
By providing your personal information and completing the identity verification process, you consent to the following:
The collection, use and disclosure of your personal information for identity verification, AML/CTF and related compliance purposes
The collection and use of biometric information, such as a facial image or video, for identity verification
Your information being checked against records held by Commonwealth and State authorities through the DVS
Your information being shared with our authorised identity verification providers, including APLYiD
Your consent is voluntary. You can withdraw it at any time by contacting us using the details in section 13.
If you do not consent or do not provide the information we need, we may not be able to verify your identity electronically. In that case, we may need to verify your identity in another way, or we may be unable to provide our services to you.
We do not sell your personal information.
-
We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
These steps include secure systems, access controls, and encryption in transit and at rest, where appropriate.
We retain personal information only for as long as we need it for the purposes set out in this Policy, or as required by law. When we no longer need your information, we securely delete or de-identify it.
-
You have the right to request access to the personal information we hold about you and to ask us to correct it if it is inaccurate, incomplete or out of date.
To make a request, please contact us using the details in Section 13. We will respond within a reasonable time.
-
If you have a complaint about how we have handled your personal information, please contact us first using the contact details in section 13.
We will acknowledge your complaint, investigate it, and respond to you within a reasonable time.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
-
If you have any questions about this Policy or would like to exercise any of your privacy rights, please contact us:
Business name: O’Brien Burrell & Co Pty Ltd
Privacy contact: Susan Carr – Practice Manager/Director
Email: admin@obrienburrell.com.au
Phone: 02 9533 8350
Address: 47 Rocky Point Road, Kogarah NSW 2217
-
We may update this Privacy Policy from time to time to reflect changes to our practices or to the law.
The latest version will always be available on our website. If changes are significant, we will let you know.