MSI Taylor is committed to protecting the privacy of personal information obtained through its operations as a professional services firm. MSI Taylor is bound by the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs) and any relevant privacy code registered under the Privacy Act.
The 13 Australian Privacy Principles apply to personal information, that is, information or an opinion (whether true or not) relating to an identified individual or which can be used to identify that individual. Please note that information about companies is not personal information. However, the principles will apply to an individual who is carrying on a business as a sole trader. All MSI Taylor offices in Australia are subject to policies and procedures that seek to ensure that the organisation complies with the Australian Privacy Principles.
MSI Taylor collects personal information that is reasonably necessary for, or directly related to, its functions or activities, e.g. audit services, taxation advice and services, finance, financial planning and similar business activities.
The specific types of personal information MSI Taylor may collect and hold includes the following:
As set out below, MSI Taylor also collects certain information that is not directly and specifically provided by third parties, such as an IP address, browsing pattern on the site, click stream, and the status of cookies placed on a computer. MSI Taylor does not collect any personal information other than information reasonably necessary for, or directly relating to, the primary purpose for which MSI Taylor has been engaged or may be engaged, or its other functions and activities.
MSI Taylor only collects personal information that has been directly provided to us by our clients or prospective clients, associates of clients, our suppliers or potential suppliers, our employees or potential employees, or is otherwise available in the public domain where this information will assist us with the provision of services to our current and prospective clients. Information may have been provided verbally or in writing (including by email or through web forms).
MSI Taylor may from time to time collect personal information concerning an associate of a client or a prospective client (e.g. a spouse or a child) where it is considered unreasonable or impracticable to seek this same information directly from the associate.
By way of example, we may at times seek personal information such as a name, address, date of birth and similar personal information directly from a client in relation to their associate (for example, their spouse, de-facto partner or their children) where we are satisfied that the associate would not object to the provision of that information to us in order for MSI Taylor to provide services involving that associate.
Information collected through such analysis is anonymous.
We may collect and hold information about individuals for the following purposes:
MSI Taylor may use and disclose personal information for the primary purposes for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and in other circumstances authorised by the Privacy Act.
We use and disclose personal information (excluding credit information) for the purposes outlined in section 4 above. Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless the individual agrees otherwise, or where certain other limited circumstances apply (e.g. if required by law).
We engage other people to perform services for us, which may involve that person handling personal information we hold. In these situations, we prohibit that person from using personal information about the individual except for the specific purpose for which we supply it. We prohibit that person from using your information for the purposes of direct marketing their products or services.
In relation to sensitive information held by us, wherever possible, MSI Taylor will attempt to de-identify the information. We also undertake to take reasonable steps to delete all personal information about an individual when it is no longer needed in accordance with our record keeping obligations.
Personal information is not disclosed to a third party unless the disclosure is necessary to support the delivery of the client services for which MSI Taylor has been, or is expected to be, engaged, or is required by law.
Examples where personal information may be disclosed to a third party include:
In certain circumstances, MSI Taylor may also disclose personal information to third party service providers (such as IT service providers) who assist us to administer our business.
Should it be necessary for MSI Taylor to forward personal information to third parties outside the firm, we will make every effort to ensure that the confidentiality of the information is protected.
The nature of our business activities may on occasion require that personal information be disclosed to overseas recipients in order to provide the services contemplated under the terms of our engagement or prospective engagement. The location of any overseas recipients of this information will depend upon the nature of the client assignment being conducted or contemplated.
In the event that personal information is disclosed to overseas recipients, MSI Taylor will take all reasonable steps to ensure that any personal information is secure and treated in accordance with the Australian Privacy Principles.
MSI Taylor will take all reasonable steps to protect against the loss, misuse and/or alteration of the information under its control, including through appropriate physical and electronic security strategies. Only authorised MSI Taylor personnel are provided access to personal information, and these employees are required to treat this information as confidential. We may need to maintain records for a significant period of time. However, when we consider information is no longer needed, we will destroy or de-identify these records.
Our policy is that all electronic records are only stored within Australia whenever this is commercially feasible. However, on occasion, a limited number of specialist software applications may involve the storage of personal data at an overseas location where a suitable alternative is not available.
MSI Taylor will only store data with an external provider if a technical assessment of a service provider’s security protocols are considered to meet or exceed the level of security that MSI Taylor could apply if the electronic data were to be stored in MSI Taylor’s own in-house systems and where we are satisfied that MSI Taylor is able to meet its commitments under Australian Privacy Legislation.
MSI Taylor does not use personal information for the purposes of direct marketing, unless:
In relation to sensitive information, MSI Taylor may only use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose. We will not use or disclose credit information for the purposes of direct marketing. Individuals have the right to request to opt out of direct marketing and we must give effect to the request within a reasonable period of time.
Individuals may also request that MSI Taylor provides them with the source of their information. If such a request is made, MSI Taylor must notify the individual of the source of the information free of charge within a reasonable period of time.
MSI Taylor will take all reasonable steps to make sure that any personal information collected, used or disclosed is accurate, complete and up to date.
If a person believes that the information we hold is inaccurate or out of date, they may contact our office and we will update the relevant information accordingly.
Under the Australian Privacy Principles, a person has the right to request access to any personal information that we may hold about them and to advise us if the information should be corrected. The Australian Privacy Principles set out the circumstances when we can refuse those requests. If we do refuse a request, we will provide the person with a written notice that sets out the reasons (unless it would be unreasonable to provide them).
Subject to our right to refuse access, MSI Taylor will provide the person with a report that lists any personal information that we may hold.
Our policy is to provide written acknowledgement of our receipt of any request for access to personal information or a request for correction of personal information within 7 days of the request being received. We will then provide a written response within 30 days of our receipt of the request.
In the event that an individual would prefer to submit a privacy request using a pseudonym or otherwise keep their identity secret, MSI Taylor will do its best to support that request if it is feasible to do so under the circumstances.
If you wish to make an enquiry about your personal information at MSI Taylor, or make a complaint because you believe that we may have breached the Australian Privacy Principles or a privacy code that applies to us, please email our nominated Privacy Officer at firstname.lastname@example.org or telephone 07 3512 8888.
We will respond to each request within a reasonable time.
If a party has lodged a complaint with MSI Taylor and is not satisfied with our response, they may contact the Commonwealth Information Commissioner.