sales@mdconsultants.com.au Mon - Fri : 9am - 5pm

Privacy Policy

Privacy Policy

Last updated: 25 Feb 2025

MD Consultants Pty Ltd (we, us, our) respects your privacy and is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), where applicable.

1. Scope

This Privacy Policy applies to personal information we collect through our website, email, phone calls, online forms, meetings, and in the course of providing accounting, bookkeeping, payroll, compliance, and related services.

If you become a client, any service-specific privacy or confidentiality terms in our engagement documents will also apply.

2. What personal information do we collect

The personal information we collect will depend on how you interact with us. It may include:

  • identity and contact details, such as your name, business name, email address, phone number, postal address, and job title;
  • business and financial information relevant to the services you request, including payroll, bookkeeping, accounting, BAS, GST, superannuation, tax and compliance records;
  • information you provide in enquiry forms, emails, consultation bookings, feedback, or support requests;
  • website and device information, including IP address, browser type, pages viewed, and cookies or similar technologies;
  • any other information you choose to provide to us.

Where reasonable and practicable, we collect personal information directly from you. We may also receive information from your authorised representatives, your employer or business, regulatory bodies, accounting platforms, or other third parties where you have asked them to provide it or where permitted by law.

3. Why we collect and use personal information

We collect, hold, use and disclose personal information for purposes including:

  • providing our accounting, bookkeeping, payroll, compliance, advisory and related services;
  • responding to enquiries and communicating with you;
  • verifying identity and authority;
  • preparing reports, lodgements, reconciliations, and other service deliverables;
  • meeting legal, tax, professional, record-keeping and regulatory obligations;
  • managing our business operations, billing, administration, quality control and client relationship management;
  • improving our website, systems and services;
  • sending service updates or other communications relevant to our services.

We may also use personal information for related purposes that you would reasonably expect, or for any other purpose permitted or required by law.

4. Disclosure of personal information

We may disclose personal information to:

  • our employees, contractors and professional advisers;
  • service providers that help us operate our business and deliver services;
  • cloud and software providers, including Xero, MYOB, Microsoft 365, and our CRM platform/provider;
  • government agencies, regulators, courts and tribunals, where required or authorised by law;
  • your authorised representatives or other third parties at your direction or with your consent.

Some service providers may store or process data outside Australia. Where this occurs, we take reasonable steps to ensure appropriate protections are in place, subject to applicable law and the nature of the service.

5. Storage and security

We store personal information electronically and, where necessary, in paper form. We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure. These steps may include access controls, password protection, encryption, staff confidentiality obligations, secure backup systems, and limiting access to people who need the information for their work.

No method of transmission or storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security.

6. Retention and destruction

We retain personal information for as long as reasonably necessary for the purposes for which it was collected, and for any longer period required by law, professional obligation, contract, or legitimate business need. When personal information is no longer required and we are not legally required to keep it, we will take reasonable steps to destroy or de-identify it.

7. Access, correction and deletion requests

You may request access to the personal information we hold about you, or ask us to correct it if you believe it is inaccurate, out of date, incomplete, irrelevant or misleading.

You may also request that we delete or de-identify your personal information where we are permitted to do so. Please note that we may be required to retain certain records for legal, tax, accounting, insurance, dispute resolution, or professional compliance reasons.

To make a request, please contact us using the details in the ‘Contact us’ section below. We may need to verify your identity before acting on your request. We will respond within a reasonable time and, where required by law, within the relevant statutory timeframes.

8. Cookies and analytics

Our website may use cookies, analytics tools and similar technologies to improve performance, understand usage, and support security and functionality. You can usually control cookies through your browser settings, but some website features may not work properly if cookies are disabled.

9. Direct marketing

We may send you direct marketing communications about our services where permitted by law. You may opt out at any time by using the unsubscribe function or by contacting us directly.

10. Complaints

If you have a privacy complaint, please contact us first so we can try to resolve it. Please provide as much detail as possible. We will investigate and respond within a reasonable time. If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC).

11. Data breach response

If we suspect an eligible data breach, we will promptly assess the incident, contain and mitigate harm where possible, and determine whether the breach is likely to result in serious harm. If notification is required under the Notifiable Data Breaches scheme, we will notify affected individuals and the OAIC as required by law and provide recommended steps to reduce risk.

We may also take remedial action to reduce the likelihood of serious harm and document our response in line with our internal incident procedures.

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will be published on our website with the effective date shown above.

13. Contact us

MD Consultants Pty Ltd

Email: sales@mdconsultants.com.au

Website: https://mdconsultants.com.au