1. Meaning of terms used in this Privacy Policy

In this Privacy Policy:

• personal information means any information or an opinion about you (including information or an opinion forming part of a database), by which you may be identified directly or indirectly, whether on its own or in combination with other information, whether true or not, and which is submitted to and/or collected by us in an accessible form.
• sensitive information means personal information about things such as your membership of professional associations, race, ethnic origin, political affiliation, financial identifiers, religion, sexual orientation, biometric information and health information.

2. Privacy guidelines for our clients, potential clients and other individuals

2.1. What kinds of personal information do we collect and hold?

We collect and hold:

1. your contact details, such as office address, home address, telephone numbers and email address;
2. your personal details, such as date and place of birth, gender, TFN, and bank details;
3. your business details, including your accounting records and tax information;
4. information you make available on the Sites;
5. your client history information, including records of your accounting records, tax records and communications and other interactions with us.

2.2. How do we collect your personal information?

We collect personal information about you when it is reasonably necessary for one or more of our activities or functions. This personal information is collected in a number of ways, including:

1. through the Sites: We may collect personal information from the Sites, such as when you visit, use or register on our Websites, Apps or Social Media Pages, join (or request to join), post in or otherwise contribute to our Social Media Pages, or when you complete a survey;
2. from you: We may collect personal information from you when you contact, do business or interact with us by phone or email, apply for, enrol in or register for a program or activity, or enter into a competition;
3. from third parties: We may receive your personal information from other sources, such as public databases, acquired contact lists, professional bodies (for example under reciprocal arrangements), your employer (for example when your employer registers you in an activity or course), regulators and government and statutory bodies.

2.3. What would happen if we did not collect your personal information?

The provision of your personal information is voluntary. However, if you cannot, or will not, provide us with the personal information we reasonably require, we may not be able to contact you or otherwise interact with you, process your accounting records, tax return, perform our statutory functions, or provide you with some or all of our products and services.

2.4. How we use your personal information

We will not collect or use your personal information unless it is lawful for us to do so. We collect and use personal information for the following purposes:

1. fulfilling requests for information or services (with your consent, if required);
2. fulfilling our role as a professional accounting firm, including maintaining tax and related records, providing information to authorities such as the ATO or ASIC;
3. for promotional and marketing purposes, including communicating information about our products and services (with your consent, if required);
4. communicating to clients on matters relevant, such as changes in taxation law, or other business and personal financial matters;
5. monitoring, moderating and improving our Sites;
6. assessing suitability for employment or the provision of services by independent contractors;
7. processing and assessing staff and other applications;
8. fulfilling our contractual and other regulatory obligations, including external payment providers;
9. organising and hosting training and events (including with third parties);
10. providing products and services, or information relating to such products and services, including from our approved third party suppliers;
11. assessing or improving our products and services, as well as for training and quality purposes, including building profiles, monitoring, recording and analysing online interactions and communications between you and us; and
12. providing information to third parties as authorised or required by law or a court or tribunal.

We have a legitimate interest in using your information in these ways. It is also fundamental to the nature of the service we provide.

In some cases it will be lawful for us to collect and use your personal information, for example where it is necessary as part of our, or a third party’s statutory or public function or because the law permits or requires us to.

In addition to the specific circumstances above, we will only use your personal information with your consent (if required under applicable data protection laws) when we process your personal information in order to send you carefully selected marketing materials about our products and services by email, text or push notification, depending on your account or operating system settings. You have the right to opt out of receiving such direct marketing at any time.

However, in order to satisfy our professional and legal obligations to you, there are some communications that we are required to send you that you cannot opt of of.

If at any time you wish to stop receiving direct marketing messages from us, the easiest way to do so (for electronic messages) is to use the unsubscribe feature in the marketing message you have received. You can also let us know by contacting us using the contact details set out in the “How to contact us” section. In your request, please indicate that you wish to stop receiving marketing communications from us.

We will also rely on your consent where we use cookies other than those cookies that are necessary to provide our service for the purposes set out in our cookie policy below.

Our Sites may contain hyperlinks to websites operated by third parties. We are not responsible for the content of such websites, or the manner in which those websites handle any personal information you provide. In some cases, we may use a third party service provider, in these cases, your personal information may be collected by this third party and not by us and will be subject to the third party’s privacy policy, rather than this Privacy Policy.  We have no control over, and are not responsible for, this third party’s use or disclosure of your personal information.

2.5 Use and disclosure of personal information

We do not use your personal information or disclose it to another organisation unless:

1. it is reasonably necessary for one of the purposes described above;
2. having regard to the nature of the information or the circumstances of collection we believe you would expect us to use the information or make the disclosure;
3. required or authorised by law or court or tribunal;
4. it is necessary to protect the rights, property, health or personal safety of a client, the public or our interests, and it is unreasonable or impracticable to obtain your consent;
5. the disclosure is necessary to assist any entity, body or person to locate a person who has been reported missing;
6. we have reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, is being or may be engaged in, and we believe that the collection, use or disclosure is necessary in order for us to take appropriate action;
7. the assets and operations of our business are transferred to another party as a going concern;
8. it is necessary to obtain third party services, for example to carry out data analysis or provide information processing services (where use of your information by third parties is strictly controlled);
9. it is for one of the purposes expressly permitted under applicable data protection and privacy laws; or
10. you have provided your consent.

For avoidance of doubt, we may disclose your personal information to:

1. any of our related and associated companies, affiliates and subsidiaries, including those established in the future;
2. any data processors processing your information on our behalf;
3. where applicable, third parties who provide related services or products in connection with our business such as our vendors, business partners, and any party assisting us in carrying out the purposes described above;
4. parties which participate in joint marketing schemes with us;
5. any agent, contractor or service provider who provides administrative, order processing, payment clearing, credit reference, debt collecting or other services necessary to the operation of our business;
6. any person to whom we are, in our belief in good faith, under an obligation to make disclosure as required by any applicable law;
7. government agencies, statutory authorities and industry regulators;
8. our auditors, consultants, accountants, lawyers or other financial or professional advisers; and / or
9. our sub-contractors or third party service or product providers as may be determined to be necessary or appropriate.

To suppress or limit our use of your personal information that has been previously provided to us, please email, call or write to us using the contact information listed below in the “How to contact us” section.

We will not sell your personal information to third parties.

Overseas disclosures

If you are a client, we may also use the services of certain third party service providers which may have offices or other operations outside of Australia. As a result, your personal information may be disclosed to recipients in those foreign countries.

All service providers that have access to personal information held by us are required to keep the information confidential and not to make use of it for any purpose other than to provide services in accordance with their engagement. We will take all steps that are reasonably necessary to ensure your personal information is treated securely and in accordance with this Privacy Policy as well as applicable data protection laws, including, where relevant, by entering into EU standard contractual clauses (or equivalent measures) with the party outside the European Economic Area.

2.6 Access and correction of personal information

Individuals may request access to their personal information unless we are permitted by law to withhold that information. Individuals may also request the correction of any personal information which is inaccurate. Any requests for access or correction of your personal information should be made in writing to info@dfkeveralls.com.

We will in most cases provide an individual with access to their personal information.  To the extent permitted by law, there are some exceptions where this access may be denied, namely where:

1. providing access may have an unreasonable impact on the privacy of other individuals;
2. providing access would be unlawful or would be likely to prejudice one or more enforcement related activities conducted in relation to local law by, or on behalf of, us or an enforcement body;
3. providing access would reveal our intentions in relation to negotiations with the individual in such a way as to prejudice those negotiations;
4. we have reason to suspect that unlawful activity, or misconduct of a serious nature, relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter;
5. giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process;
6. we reasonably believe that giving access would pose a serious threat to the life, physical or mental health or safety of any individual, or to public health or public safety;
7. the request for access is frivolous or vexatious; or
8. where we are otherwise permitted by applicable data protection and privacy laws to do so.

To request access and seek the correction of personal information held by us, please email, call or write to us using the contact information listed below in the “How to contact us” section.

We will endeavour to respond to any access or correction request within 20 working days of receipt.

3. Residents in the European Economic Area

If you are a resident in the European Economic Area, you have the following rights in relation to your personal information (where applicable):

1. Access. You have the right to request a copy of the personal information we are processing about you. For your own privacy and security, at our discretion we may require you to prove your identity before providing the requested information.
2. Rectification. You have the right to have incomplete or inaccurate personal information that we process about you rectified.
3. Deletion. You have the right to request that we delete personal information that we process about you, except we are not obliged to do so if we need to retain such data in order to comply with a legal or professional obligation or to establish, exercise or defend legal claims.
4. Restriction. You have the right to restrict our processing of your personal information where you believe such data to be inaccurate; our processing is unlawful; or that we no longer need to process such data for a particular purpose unless we are not able to delete the data due to a legal, professional or other obligation or because you do not wish for us to delete it.
5. Portability. You have the right to obtain personal information we hold about you, in a structured, electronic format, and to transmit such data to another data controller, where this is (a) personal information which you have provided to us, and (b) if we are processing that data on the basis of your consent or to perform a contract with you.
6. Objection. Where the legal justification for our processing of your personal information is our legitimate interest, you have the right to object to such processing on grounds relating to your particular situation. We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise or defence of a legal claim.

Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time. This includes cases where you wish to opt out from marketing messages that you receive from us.

To make a request to exercise any of these rights in relation to your personal information, please email, call or write to us using the contact information listed below in the “How to contact us” section.

4. How long do we keep your personal information?

We will only retain your personal information for as long as is necessary for the purpose for which that personal information was collected and to the extent required by our professional obligations and/or permitted by applicable laws.

5. Security of Personal Information

We use reasonable organisational, technical and administrative measures and security safeguards to protect, as is reasonable in the circumstances, the personal information we hold from misuse, loss, interference and/or unauthorised access, use, disclosure or alteration of information under our control. Where practicable, we implement measures to require organisations to whom disclosure is made to comply with applicable data protection and privacy laws. If a third party is given access to personal information we take reasonable steps to ensure that the information is held securely and used only for the purpose of providing the relevant service or activity.

Unfortunately, no data transmission over the internet or data storage system can be guaranteed to be 100% secure.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), please immediately notify us of the problem using the contact information listed below in the “How to contact us” section.

6. Other information

6.1. What other information do we collect?

The Sites collect other information that may or may not be personal information.  Other information includes information that does not reveal your identity, such as:

(a) browser and device information;
(b) server log file information;
(c) App usage data;
(d) demographic information;
(e) location information;
(f) aggregated information.

6.2 How do we collect other information?

Through your use of an App: When you download and use an App, we and our service providers may track and collect App usage data, such as the date and time the App on your device accesses our servers and what information and files have been downloaded to the App based on your device number.

Using cookies: Cookies allow a web server to transfer data to a computer or device for recordkeeping and other purposes. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to decline the use of cookies. For detailed information about the cookies we use and the purposes for which we use them, please see our cookies policy below.

6.3 How do we use other information?

Please note that we may use and disclose such other information which is not personal information for any purpose, except where we are required to do otherwise under applicable law; for example, if we are required to treat that information as personal information under applicable law.

In some instances, we may combine other information with personal information.  If other information can be combined with personal information or can be used to build a profile of an individual (in a way which could be reasonably used to identify that individual), such other information will be treated by us as personal information.

7. Privacy concerns

If you would like any further information about our handling of personal information or to make a complaint about our handling of your personal information, please lodge a written complaint addressed to our Privacy Officer using the contact details below. Once we receive your complaint, we will respond to you within a reasonable period of time, usually within 20 working days.

If you are unsatisfied with the outcome of your complaint, you may contact us further to advise of your concerns and, if we are unable to reach a satisfactory resolution, you may wish to take your complaint to the local data protection authority.

8. Variations to the Privacy Policy

We reserve the right to modify this Privacy Policy at any time by publishing an updated version of this Privacy Policy on our Website and taking any further action as required by law, after which, your continued use of the Website or your provision of any further personal information will indicate your acknowledgement to the modified terms of this Privacy Policy.

9. How to contact us

Privacy Officer / Data Protection Officer 
DFK Everalls Pty Ltd
Level 5, 224 Bunda St
Canberra City ACT 2601
P: 02 6232 4588
E: info@dfkeveralls.com

10. Cookies Policy

10.1 What is a cookie?

A cookie is a small text file that is placed on your device (such as your computer, smartphone or other internet-enabled device) when you visit a site or page to collect data about the usage of our Websites at a later date. The cookie will help the website, or another website, to recognise your device the next time you visit the site. Most web browsers are set by default to accept cookies.

In addition to cookies, we also use web beacons and other storage technologies to collect information from our Websites. Like cookies, web beacons and similar storage technologies collect data about the usage of our Websites and can recognise your device the next time you visit.

10.2 Why we use cookies

We use cookies to personalise your browsing experience (for example, by remembering your preferences and recognising you as a repeat visitor to our Websites), and to track statistics about the usage of our Websites. This allows us to better understand our users (including valued clients) and improve the layout and functionality of our Websites. This tracking is generally conducted in such a way as to ensure the anonymity of visitors to our Websites. While the cookie may identify your computer, it should not identify you unless you are registered with the Website (for example, because you are a client) or logged in using your social media profile. In that case, the cookie will be linked to your profile so that we can identify you and provide more relevant content.

10.3 The types of cookies we use

Specifically, we use the following cookies:

• Strictly necessary cookies that are required for the operation of our Websites, such as cookies that enable you to log into secure areas of our Websites (for example, clients only areas) or to comply with the law (for example, to keep your information safe). If a user opts to disable these cookies, the user may find that certain sections of our Websites do not work properly for them (for example, the user may not be able to access all of the content that clients are able to access).
• Performance cookies which recognise and count the number of users to our Websites and help us see how users move around our Websites. These cookies do not collect information that identifies a visitor. We only use such information to improve our website. This information helps us to find out how well the website is working and highlights where it can be improved.
• Functionality cookies which are used to recognise you when you return to our Websites and assist us to personalise your content and Website experience by remembering your preferences. These cookies are also used to provide services you have asked for. Information collected by functionality cookies may or may not be anonymised, but they cannot track your browsing activity on other websites.
• Targeting cookies which are used to record your visit to our Websites, the pages you have visited and the links you have followed. These cookies are used to advertise relevant products to you on other websites, based on the products and categories you looked at on dfkeveralls.com.

10.4 Third party cookies and technologies

Third party cookies are cookies that are set by a domain other than the one being visited by you. If you visit one of our Websites and a separate company sets a cookie through that Website this would be a third party cookie.

To try to bring you offers and advertisements that are of interest to you, we have relationships with third party companies including, Google, Facebook, LinkedIn and other providers (Third Party Providers) that allow them to place cookies on our Websites.

These Third Party Providers may:

• use Third Party Cookies, web beacons, and other storage technologies to collect or receive information from our Websites and elsewhere on the internet;
• compare de-identified information from us with information collected elsewhere on the internet; and
• use that information to provide measurement services and target ads to you.

10.5 How long cookies will be stored on your device

Session cookies are temporary. They allow website operators to link the actions of a user during a browser session, the time period between a user opening a browser window and closing it. Once closed, the cookies are deleted. Persistent cookies remain on a user’s device for the period of time specified in the cookie.

10.6 How you can manage your cookies

If you do not wish to receive any cookies (other than those which are strictly necessary) you may set your browser (such as Firefox, Google Chrome, Internet Explorer or Safari) to either prompt or refuse cookies. Please note that rejecting cookies may mean that not all the functions on our Websites you visit will be available to you.