Our Privacy Policy
Effective Date: Sep 20, 2025
Last Updated: Sep 20, 2025
1. Introduction
Shiom Tax Professionals (“we”, “us”, “our”) is committed to protecting the privacy of individuals whose personal information we collect, hold, use, or disclose in providing tax, accounting, advisory and related professional services.
This Privacy Policy explains how we manage personal and sensitive information in compliance with:
the Privacy Act 1988 (Cth) (including the Australian Privacy Principles, or APPs), as in force in 2025;
the Privacy and Data Protection Act 2014 (Vic);
relevant regulations or codes applicable to tax practitioners;
other applicable state or federal legislation.
2. Scope
This policy applies to all personal and sensitive information collected in the course of our business, including information we hold about clients, service users, employees, contractors, suppliers, website users and others with whom we have dealings.
3. What is Personal Information
“Personal information” means information or an opinion about an identified person, or a person who is reasonably identifiable, whether the information is true or not, recorded in any form. This may include:
Names, addresses, email, phone numbers;
Tax File Numbers (TFNs) or other identifiers;
Financial information (e.g. bank account, credit card numbers);
Health or personal sensitive details (if collected);
Other information relevant to providing our services.
4. Collection of Personal Information
4.1 What we collect
We may collect personal and sensitive information necessary for us to provide our services, including but not limited to:
Identity and contact details (name, address, email, telephone);
Financial and tax information (income, deductions, bank account, business turnover, etc.);
Information about employment or business operations;
Information required by law (e.g. TFNs, statutory declarations);
Information from third parties (with your consent, or where law allows) such as accountants, banks, government agencies.
4.2 How we collect
We collect information:
Directly from you (e.g. via forms, meetings, emails, telephone);
From third parties (with consent, or where required or permitted by law);
From publicly available sources;
Through our website (e.g. via cookies, contact forms) when you interact with us online.
4.3 Purpose of collection
We only collect personal information for purposes such as:
Providing tax, accounting, auditing, advisory, and related services;
Complying with legal and regulatory obligations;
Billing and debt recovery;
Communication about our services, updates, or changes;
Improving our services, business operations, and internal systems;
Identity verification as required;
Responding to enquiries or complaints.
5. Use and Disclosure of Personal Information
We will use personal information only for the purposes for which it was collected (or reasonably related purposes), unless you agree otherwise or the law permits or requires otherwise.
We will not disclose personal information to third parties except:
‑ where it is necessary to fulfil the service (e.g. to external service providers or partners);
‑ where required by law (e.g. regulators, Tax Practitioners Board, ATO);
‑ where you have consented;
‑ to prevent or investigate possible unlawful activity or to protect someone’s rights or safety.We may share information with subcontractors or partners (such as IT providers, cloud services) under confidentiality arrangements and ensuring security of the information.
6. Storage, Security, Retention
We will take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure. This includes use of secure IT systems, access controls, encryption, staff training and physical security for any paper records.
We retain personal information only for as long as needed for the purposes for which it was collected, or as required by law. After that, information will be securely destroyed or de-identified.
When personal information is stored overseas (for example via cloud service providers), we ensure that overseas recipients comply with similar privacy obligations, or we have appropriate mechanisms in place (contracts, data transfer agreements, etc.).
7. Access, Correction, and Individual Rights
You have a right to request access to personal information we hold about you. We will respond to access requests within the timeframe required by law.
You may also request correction of any information that is inaccurate, out-of-date or incomplete. If we refuse, we will provide reasons and allow you to include a statement of correction.
You have the right to withdraw consent for certain uses / disclosures of your information (where consent is the lawful basis), subject to any legal or contractual restrictions.
If you believe we have breached your privacy, you can make a complaint to us, and if the matter remains unresolved, to the Office of the Australian Information Commissioner (OAIC), or other relevant authority.
8. Contact
You can direct any questions or complaints about our privacy practices to our listed email.
9. Data Breach Notification
We maintain a data breach response plan.
If a data breach occurs that is likely to result in serious harm, we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act, including notifying affected individuals and the OAIC as required.
10. Cookies and Website
Our website may use cookies or other tracking technologies. Cookies help us improve usability, analyze site usage, manage content, etc.
You can disable cookies via your browser settings; this may affect functionality.
We will collect only limited technical information from website users (e.g. IP address, browser type, pages visited) for analytics and to improve our services.
11. Sensitive Information
Where we collect sensitive information (e.g. health details, criminal records, racial or ethnic origin etc.), we will do so only with your consent, or where required by law, or where reasonably necessary for our functions and you are clearly informed.
We will apply stricter controls to protect sensitive information.
12. Overseas Data Transfers
If we transfer your personal information outside Australia (for example via cloud storage, service providers etc.), we ensure that appropriate safeguards are in place, such as:
‑ the overseas entity is subject to foreign privacy laws comparable to the APPs, or
‑ contractual clauses, encryption, or other legal mechanisms to safeguard the data.
13. Compliance with Laws & Regulatory Requirements
We comply with obligations under the Tax Agent Services Act 2009, the Code of Professional Conduct, and other regulations for tax practitioners, including the confidentiality requirements set out in Code Item 6 (client confidentiality). Tax Practitioners Board
We comply with the Australian Privacy Principles under the Privacy Act. OAIC+1
In Victoria, to the extent applicable, we observe the requirements under the Victorian PDP Act. Sprintlaw+1
14. Changes to this Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website and/or otherwise communicated. The “Last Updated” date at the top will reflect the change.
We encourage you to review this policy regularly.
15. Definitions
Term | Meaning |
---|---|
“Personal information” | As defined under the Privacy Act 1988 (Cth): information or an opinion about an identified individual, or an individual who is reasonably identifiable. |
“Sensitive information” | Includes information about race or ethnicity, health, criminal record etc., as defined under law. |
“You / your” | The individual whose information we collect or hold. |