What personal information do we collect?
The personal information that we collect will depend on your relationship with us and the service(s) you or your organisation have engaged us to provide or are interested in. It may include:
- Name and contact information (including telephone and mobile number, email address and residential and postal address);
- Individual information (including racial or ethnic origin(s), language(s) spoken, religious belief(s) and affiliation(s), date of birth, age, place of birth, gender(s), occupation(s), employment and qualification details, financial records, income details, asset listings, taxation records, bank account details, insurance policies, medical history, disability status, criminal record and Court records);
- Payment and transactional information (including banking and credit card details);
- Other personal or sensitive information (including information contained in communications or documents, any information required due to the nature of your matter, or information we are required to or permitted to collect by law).
Collecting personal information
How We Collect Personal Information
We may collect your personal information directly from you or in the course of our dealings with you. For example, we collect personal information from you or about you from:
- Correspondence between you and us;
- Meetings and interviews with us, telephone calls with us, the instructions you provide to us;
- Visits to and submissions you make on our website;
- Your interactions with our electronic direct mail and/or emails from our marketing campaigns (such as clicks on links included in these emails); and
- Registration and forms you may fill in for our marketing-related activities and events.
In some instances, we may receive personal information about you from third parties, including entities within the BlueRock Group, associated businesses, government agencies, regulatory authorities and referrers (such as other accountants, law firms, real estate agents, financial planners, insurers and business consultants). We may also receive personal information about you from your authorised third parties and publicly available sources.
Why We Collect, Hold and Use Personal Information
We collect and hold your personal information for a variety of purposes, and you permit us to use it:
- To provide you with our services and carry out our business functions;
- For purposes related to the provision of our services such as planning, performance reporting, file research, internal investigations, our own internal administrative and accounting functions, our professional and reporting obligations, data backups, marketing and promotions, educational briefings and other service offering updates, conducting client satisfaction surveys and feedback requests, statistical collation and website traffic analysis;
- For disclosure to third parties (such as government departments and agencies, other accountants, law firms, real estate agents, financial planners, insurers, local business and industry networks, Chambers of Commerce, business and industry alliances, auditors and other consultants and banking institutions) where it is reasonably necessary for them to assist us to provide our services to you, or to enable them to provide related service offerings you have requested;
- For disclosure to any entity within the BlueRock Group as necessary for the provisions of our services, enabling them to provide service offerings you have requested and conflict checks.
- Disclosure to third parties where required or permitted by law;
- Where you are a prospective employee of BlueRock Group, for purposes related to your prospective recruitment. In some cases, our recruitment activities are managed by a third party recruitment agency.
In addition to the above, you permit us to use your personal information:
- Where you have consented to its use or disclosure;
- Where we reasonably believe that use or disclosure is necessary to lessen or prevent a serious, immediate threat to someone's health or safety or the public's health or safety;
- Where we reasonably suspect that unlawful activity has been, is being or may be engaged in and the use or disclosure is a necessary part of our investigation or in reporting the matter to the relevant authorities;
- Where such use or disclosure is required under or authorised by law (for example, to comply with a subpoena, a warrant or other order of a court or legal process);
- Where we reasonably believe that use or disclosure is necessary for the prevention, investigation, prosecution and punishment of crimes or wrongdoings or the preparation for, or conduct of, proceedings before any court or tribunal (or the implementation of orders of a court or tribunal or on behalf of an enforcement body);
- To develop and improve our business, products and services; and
- For any lawful purpose.
Where we wish to use or disclose your personal information for other purposes, we will obtain your consent.
How We Hold and Store Personal Information
Your personal information is held and stored on paper, by electronic means or both. We have physical, electronic and procedural safeguards in place for personal information and take reasonable steps to ensure that your personal information is protected from misuse, interference, loss and unauthorised access, modification and disclosure:
Data held and stored on paper is stored in secure key-card premises.
Data held and stored electronically is protected by internal and external firewalls, high encryption and all access to electronic data including databases requires password access that meets Microsoft complexity standards.
Access to personal information is restricted to staff and contractors whose job description requires access. Our employees and contractors are contractually obliged to maintain the confidentiality of any personal information held by us.
Data stored or archived off-site is contained within secure facilities. We also require our storage contractors to implement privacy safeguards.
We undertake regular data backups, with the data copied and backed up to multiple locations for redundancy purposes.
Our staff receive regular training on privacy procedures.
Destruction of Personal information
We will retain your personal information whilst it is required for any of our business functions or for any other lawful purpose. We will also retain your personal information for the time periods required by law (commonly, seven years).
We use secure methods to destroy or to permanently de-identify your personal information when it is no longer needed. Paper records are sent for secure destruction. In some instances, paper records and original documents will be returned to you and/or relevant third parties.
Electronic records retained for longer than 7 years may be archived to alternative storage and are subject to the procedural safeguards described above.
Access to and Correction of Personal Data
You have a right to request access to or correction of your personal information held by us.
If you wish to access, correct or update any personal information that we hold about you, please contact us via the details below.
We will respond to your request within a reasonable time of you making the request and give you access in the manner you requested, unless it is unreasonable or impracticable for us to do so.
There may be reasons why we cannot give you access to the information that you have requested, or we refuse to correct your personal information. If this is the case, we will let you know these reasons in writing.
To assist us to keep our records up to date, please notify us of any changes to your personal information.
Data Breach
We will take seriously and deal promptly with any accidental or unauthorised loss, use or disclosure of personal information.
We are subject to the Notifiable Data Breaches Scheme (“NDB Scheme”) under the Privacy Act. In assessing and responding to suspected notifiable data breaches, we will act in accordance with:
- Our applicable policies which incorporate the requirements of the NDB Scheme; and
- The guidance of the Office of the Australian Information Commissioner (“OAIC”).
Feedback and surveys
From time to time, you may have the option to participate in surveys or provide feedback intended to improve the services offered by us which may involve providing additional personal information. Your participation in such activities is subject to your consent.
iP Addresses
An Internet Protocol (“IP”) address is a small set of numbers automatically assigned to your computer when you log onto the internet. We may use general information about your visit to the website, including your IP address, the date and time of your visit, pages viewed and the type of browser you use. This assists us in improving the quality and usability of our website.
If you use social media, we may collect any information that you allow the social media site to share with us.
Direct Marketing
We may use and disclose your personal information for the purpose of direct marketing to you via direct mail, email, SMS, MMS, targeted digital advertising or any other means of marketing communication, where:
- You have consented to us doing so; or
- It is otherwise permitted by law.
You may opt out of direct marketing communications at any time by contacting us or by using opt-out facilities set out in the direct marketing communications.
Changes to this privacy policy
We may update our Privacy Policy from time to time. Our Privacy Policy was last updated on 23 June 2021. By continuing to use our website or otherwise continuing to deal with us, you accept this Privacy Policy as it applies from time to time.
complaints
We have procedures in place for dealing with complaints and concerns about our practices in relation to the Privacy Act, the APPs, and any alleged breach of this Privacy Policy. We will respond to your complaint in accordance with the relevant provisions of the APPs. For further information, please contact us.
