Introduction

Tilbrook Rasheed Pty Ltd and those entities controlled by Tilbrook Rasheed Pty Ltd, being Tilbrook Rasheed Services Pty Ltd, TR Financial Services Pty Ltd, Tilbrook Rasheed Audit Services Pty Ltd and Tilbrook Rasheed (together, ‘Tilbrook Rasheed’ ‘TR’) (referred to below as “we,” “us,” and “our”) respect and are committed to protecting your privacy and handling personal, sensitive and special categories of information in an open and transparent way.

This Policy outlines the obligations TR has in managing and protecting the personal information we collect, hold, use, store about our clients, potential clients, contractors and others, in order to comply with the Privacy Act. The Privacy Act does not apply to acts or practices that are directly related to employee records of current or former employees. In summary, ‘personal information’ is information or an opinion relating to an individual which can be used to identify that individual.

We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles set out in that Act. We also maintain an internal privacy policy, engagement letters and standard terms and conditions governing the delivery of professional services which also describe how we handle personal, sensitive and special categories of information. By providing your personal information to TR you are agreeing to bound by our Privacy Policy. If you have any questions or concerns regarding this privacy statement, please contact the Privacy Officer using the contact details below.

1. Information we collect
The main types of information we may collect and hold depends on the nature of our engagement with you. Personal information we collect may includes (but is not limited to) personal information relating to you, your spouse and dependants regarding:

• Names, dates of birth, gender, job titles, contact and address details;
• Information in identification documents (for example: passport or driver’s licence);
• Tax file numbers and other Government-issued identification numbers;
• Details of your financial circumstances, including bank account details, your assets and liabilities (both actual and potential), income, expenditure, insurance cover and superannuation;
• Educational qualifications, employment details and employment history, salary and referee reports;
• Visa or work permit status;
• Your Internet Protocol (IP) addresses and email addresses;
• Health information;
• Details of your investment preferences and aversion or tolerance to risk (if a wealth advisory client);
  • Information in relation to:
  • clients, business associates and potential clients and their employees
  • suppliers and their employees
  • prospective employees
  • contractors, and
  • other people who encounter us.

We may also collect sensitive and special categories of personal information directly from clients to provide professional services. The types of special categories of personal and sensitive information that we may collect includes, but is not limited to, health records, information regarding racial or ethnic origins, criminal convictions, and membership of a political association or membership of a trade union.

Sensitive and special category information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply (e.g. where required by law).

In some instances, it may be necessary to collect personal, sensitive and special categories of information from clients that relates to their employees, members, customers, third parties their spouse and dependants to provide professional services. In those circumstances we rely on clients to only provide us with information that they have handled in accordance with the Privacy Act, including obtaining any necessary consent for TR to collect, use and disclose that information.

We may also collect personal information from suppliers, contractors and third party service providers to operate our business such as contact details and account details.

We may also collect personal information that is publicly available.

As a provider of accounting, business and taxation advisory services we are subject to certain legislative and regulatory requirements which necessitate us obtaining and holding detailed information which personally identifies you and/or contains information or an opinion about you.

2. How we collect and manage personal information

2.1 Collection of personal information
We collect personal information in several different ways, for example:

• directly from you when you engage with us or we engage with youvia face to face meetings, virtual meetings or over the phone;
• through correspondence with us or when you subscribe electronically to our publications;
• you provide it to us via business cards;
• a third party provides it to us, for example, a report provided by a medical professional, fund manager, superannuation and other product issuer; or
• reference from another person, your personal representative or a publicly available record.

2.2 Your rights in relation to your personal information
You have the right to make general enquires about the services we provide, while remaining anonymous and therefore provide either little or no personal information, however without the personal information we request we will be unlikely to be able to provide our services to you.

You have a right to refuse us authorisation to collect information from a third party.

2.3 Where you provide us with personal information about someone else
From time to time you may provide us with someone else’s personal information, e.g. other members of your family group. You must not do this unless you have their consent to do so. You should also take reasonable steps to inform them of the matters set out in this Privacy Policy.

There may be times when we receive personal information that we do not solicit. If this occurs we will determine if you have given your consent and the information is necessary for us to provide our services, or whether the collection is required or authorised by or under an Australian law or a court/tribunal order. If it is, the information will be dealt with in accordance with the Australian Privacy Principles as if the information had been solicited. If it is determined that we should not have obtained this information, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.

2.4 Website collection of personal information
As a visitor to our website www.trca.com.au, you do not have to submit any personal information in order to use it. This website only collects personal information that is specifically and voluntarily provided by visitors. We may collect personal information from the web site through receiving subscription applications and emails. We may from time to time also use third parties to analyse traffic at our web site, which may involve the use of cookies. Cookies are primarily used to enhance the website capability.

Much of the information we collect is statistical and not personally identifiable.

Our website may also show links to third party websites who are not subject to our privacy policies and procedures. If you use these links, you will need to review those websites directly to view a copy of their privacy policies.

3. Purposes for collecting, holding, using and disclosing personal information

3.1 Use
We use personal, sensitive and special categories of information to provide agreed services to our clients and to operate our business, and all purposes related to the agreed services. We will only use your information for the purposes for which it was collected for, if this use would be reasonably expected by you, or otherwise, with your consent.

We may also use personal information to send promotional materials, or communications regarding services provided by us that we feel may be of interest. We may also seek feedback on our services or for market or other research purposes.

Personal information may also be used to protect our rights and that of our users and, where appropriate, to comply with legal process.

3.2 Disclosure
In the delivery of professional services, we may disclose personal, sensitive and special categories of information to other organisations where they are providing related services. Where this is to occur, and where possible, we may seek prior approval to do so.

TR may also be required to disclose personal and sensitive information to law enforcement, regulatory, or other government agencies, or to other third parties, to comply with legal or regulatory obligations or requests.

Information provided to third parties will be dealt with in accordance with that entity’s privacy policy.

It may be necessary, in certain limited situations, in order to perform our services to send your personal information to recipients such as third party software providers who outsource elements of their services to external service providers outside of Australia, in the United States, Singapore, India, the Philippines, New Zealand and other countries. In this case we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information.

4. Outsourced Service Providers
Tilbrook Rasheed does not engage any outsourced service providers to assist in the delivery of our client services. Should we wish to do so in the future we will contact you to obtain authority to do so and provide the terms of the respective supplier’s own privacy policy which you will be then covered under.

Where external service providers are used for provision of related services, or in conjunction with our engagement, such as audit services, legal services, stockbroking, financial planning, or actuarial while those providers may be referred by us, they will be engaged directly by you and you will be covered under their respective privacy policies.

Outsourced Service Providers can include cloud computing services. Many of our clients already directly utilise cloud-based accounting software programs such as Xero, and MYOB for their own internal accounting requirements, and generally provide us remote access to their files

5. Cloud Computing Services
Tilbrook Rasheed uses some cloud-based computer services for its own internal use and for some client service functions. Prior to Tilbrook Rasheed utilising any cloud-based software programs, we conduct a thorough due diligence review of the providers, including who they are, what and how they provide their services, and how and where data is stored, protected and backed up in order to reasonably ensure they have the appropriate privacy policies to manage those risks.

Where Tilbrook Rasheed directly engages those cloud computing service providers we are then covered under the respective third party’s own privacy policy. The cloud-computing services we use who, depending on your engagement with us, may or may be used to assist deliver our services to you, with links to their privacy policy, are as follows:

• MYOB
• Xero
• Reckon
• Class
• Microsoft 365
• Adobe
• Dropbox

6. Information Security
We have in place reasonable commercial standards of technology and operational security to protect all information provided from misuse, unauthorized access, disclosure, alteration, or destruction for example by use of physical security and restricted access to electronic records, firewalls, the use of encryption, passwords and digital certificates.

Our employees are required to respect the confidentiality of personal information and the privacy of individuals, and privacy and data protection training is undertaken. All employees are required to read this policy and understand their obligations regarding personal information.

7. Holding Personal Information
We hold personal, sensitive and special categories of information in hard copy and electronic formats. We have in place reasonable commercial standards of technology and operational security to protect the information we hold.

8. Gaining access to personal information we hold
You may access your personal, sensitive and special categories of information, which we hold, and seek to correct that information where necessary. Your access to this information is subject to the exceptions set out in the Privacy Act.

These exceptions would include where:

• it is a frivolous or vexatious request
• information relates to a commercially sensitive decision-making process
• access is unlawful
• information would prejudice enforcement activities relating to criminal activities and other breaches of law, or
• denial of access is required or authorised by or under law.

If access is denied we will explain the reason why it is denied.

To request access to or correct your personal information, you can contact TR’s Privacy Team (privacy@trca.com.au). We will require you to verify your identity and to specify what information you require. A reasonable fee may be charged for providing access.

9. Changes to our Privacy Statement
We may modify or amend this privacy statement from time to time as required, and at our discretion, and may be supplemented or amended by privacy statements that are specific to certain areas of this website (e.g. recruitment, social media etc). When we make changes to this statement, we will amend the revision date at the top of this page. You will be notified of any amendments to this Privacy Policy by posting an updated version to our website and accordingly we encourage you to periodically review our website and our policy to be informed about how we are protecting your information.

10. Children’s Privacy Protection
We understand the importance of protecting children’s privacy in the interactive online world. Our website is not designed for or directed at or intentionally targeted at children 13 years of age or younger. It is not our policy to intentionally collect or maintain information about anyone under the age of 13, except as part of a specific engagement to provide services which necessitates such personal information be collected, for the purposes of ensuring compliance with our auditor independence policies, or as otherwise required by law

11. Keeping personal information current
If you believe that any personal information TR has collected about you is inaccurate, not up-to-date, incomplete, irrelevant or misleading, you may request correction. To do so, please contact TR immediately and we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act.

12. Questions & Complaints
If you have any questions or concerns regarding your privacy, or you would like to make a comment on the effectiveness of this policy, please direct them to the Privacy Officer at:

Privacy Officer
Tilbrook Rasheed Pty Ltd
GPO Box 1243
ADELAIDE SA 5001
Phone: +61 (08) 8378 9500
Fax: +61 (08) 8378 9599
privacy@trca.com.au

For all other enquiries, please contact us at:

Tilbrook Rasheed Pty Ltd
GPO Box 1243
ADELAIDE SA 5001

We will endeavour to reply to you within 30 days of receipt of your complaint and, where appropriate, will advise you of the general reasons for the outcome of the complaint. If you believe that the Privacy Officer has not adequately handled your query or issue, you may refer your complaint to the Complaints Officer whose contact details are as follows:

Complaints Officer
Quality & Risk
Tilbrook Rasheed Pty Ltd
GPO Box 1243
ADELAIDE SA 5001
Phone: +61 (08) 8378 9500
Fax: +61 (08) 8378 9599
complaints@trca.com.au

If you believe that Tilbrook Rasheed has not adequately handled your privacy complaint, you may refer your complaint to the Office of the Australian Information Commissioner whose contact details are as follows:

Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
1300 363 992
enquiries@oaic.gov.au

13. Additional Information
For further information about privacy and the protection of privacy, visit the Office of the Australian Information Commissioner’s website at www.oaic.gov.au.

Policy Review
Annual Review due: August 2022