We respect your privacy
William Buck respects your privacy and is committed to treating the personal information we collect in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth) (Privacy Act) , the EU General Data Protection Regulation (GDPR) and APES 110 Code of Ethics for Professional Accountants (including Independence Standards).
This policy outlines the obligations William Buck has in managing the personal information we hold about our clients, potential clients, contractors and others. This includes information such as your name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.
Personal information we collect
As a provider of accounting, advisory, audit, business recovery and wealth advisory services we are subject to certain legislative and regulatory requirements which necessitate us obtaining and holding detailed personal information.
In general, the main types of personal information we collect and hold includes (but is not limited to):
- Contact details
- Dates of Birth
- Employment details and employment history
- Tax File Numbers
- Details of your financial circumstances, including bank account details, your assets and liabilities (both actual and potential), income, expenditure, insurance cover and superannuation
- Health information (for some types of insurance cover)
- Details of your investment preferences and aversion or tolerance to risk (if a wealth advisory client)
We will not collect any personal information about you except when you have knowingly provided that information to us or authorised a third party to provide that information to us.
How we use your personal information
William Buck will use personal information only for the purposes that you consent to. This may include to:
- Provide you with products and services during the usual course of our business activities;
- Administer our business activities;
- Manage, research and develop our products and services;
- Provide you with information about our products and services, invite you to events or distribute articles or publications;
- Communicate with you by a variety of measures including, but not limited to, by telephone, email, SMS or mail; and
- Investigate any complaints.
You have a right not to provide information that can identify you. If, however, you withhold your personal information, it may not be possible for us to provide you with our products and services, or alternatively, may affect the adequacy or appropriateness of advice or services provided.
If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.
How we collect your personal information
William Buck collects personal information from you in a variety of ways, including when you interact with us electronically or in person. This includes, but is not limited to, when you provide feedback, when you provide information about your personal or business affairs, change your content or email preference(s), respond to surveys and/or promotions, provide financial or credit card information, or communicate with your advisor.
Some of the personal information is “sensitive information” as defined by the Privacy Act. Sensitive information includes health information, information about your race, ethnic origin, political opinion, religion, trade union or other professional or trade association membership, sexual preference(s) and criminal record. We will only collect this information as permitted under the Privacy Act.
Sensitive information will be used and disclosed only for the purpose for which it was provided or a directly related secondary purpose, unless you agree otherwise, or where certain other limited circumstances apply (e.g. where required by law).
Unsolicited personal information
There may be times when we receive personal information that we do not solicit. If this occurs, we will determine if you have given your consent and the information is necessary for us to provide our services, or whether the collection is required or authorised by or under an Australian law or a court/tribunal order. If it is, the information will be dealt with in accordance with the Australian Privacy Principles as if the information had been solicited.
If it is determined that we could not have obtained this information, we will destroy or de-identify the information as soon as practicable, provided it is lawful and reasonable to do so.
Disclosure of personal information
In providing our services we may need to disclose personal information to a third party. This will be done to the extent that it is permitted by law and set out in this Policy.
Examples of the types of third parties we may disclose personal information to include:
- Member organisations of the William Buck Network and their related bodies corporate and other associated entities
- Companies or individuals contracted to assist us in providing services or who perform functions on our behalf (such as mailing houses, specialist consultants, barristers and solicitors, contractors or temporary employees to handle peak period workloads, information technology service providers, superannuation fund trustees, insurance providers, fund managers, market research organisations and other product providers)
- Courts, tribunals and regulatory authorities, as required or authorised by law and in accordance with the Code of Ethics for Professional Accountants
- Auditors or compliance officers, as required by Law or Professional Associations
- Anyone else to whom you consent, such as banks, accountants and other financial institutions.
Our client files (including your files and documents) may be subject to review as part of the quality review programs of our Professional Associations, for example CAANZ, CPA Australia or the Financial Planning Association of Australia, that monitor our compliance with mandatory professional standards or our own quality monitoring program. The Corporations Act also provides the Australian Securities and Investments Commission with the authority to inspect our client files . Compliance with these programs may involve the disclosure of your personal information. The same strict confidentiality requirements apply under these programs as apply to us as your advisor, consultant, accountant or auditor.
Where you engage us to attend to your tax affairs we will assume (unless you advise otherwise) that you have specifically authorised us to deal directly with the Australian Tax Office (ATO) and the New Zealand Inland Revenue regarding day to day type matters. If, in the course of our dealings with these bodies, they request information regarding you that we believe is outside of such matters, e.g. tax office audit, we will request your specific authority before complying with their request.
If we are required by law or professional obligations to disclose information about you or your organisation, we must co-operate fully. However, where possible we will advise you of this fact.
Credit information and our Credit Reporting Policy
The Privacy Act contains provisions regarding the use and disclosure of credit information, which applies in relation to the provision of both consumer credit and commercial credit.
As we provide terms of payment of accounts which are greater than 7 days, we are considered a credit provider under the Privacy Act in relation to any credit we may provide you (in relation to the payment of your account with us).
We use credit related information for the purpose set out in Personal information we collect above and our Credit Reporting Policy.
We will store your credit information you provide us or we obtain about you in accordance with our Credit Reporting Policy. Please refer to our Credit Reporting Policy if you wish to make a complaint about our handling of your credit information.
Security of your personal information
William Buck is committed to ensuring that the information you provide to us is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure information and protect it from misuse, interference, loss and unauthorised access, modification and disclosure.
Our employees are required to respect the confidentiality of personal information and the privacy of individuals, and privacy and data protection training is undertaken. As part of that training, all employees are required to read this policy and understand their obligations in respect to personal information.
Where we employ data processors to process personal information on our behalf, we only do so on the basis that such data processors comply with the requirements under the Privacy Act and GDPR and that have adequate measures in place to protect personal information against unauthorised use, loss and theft.
We will retain your personal information only as long as necessary to fulfil the purpose for which it was collected, as required by law and the Australian Privacy Principles, or in accordance with our documentation retention policies.
Hosting and International Data Transfers
Depending on the nature of the engagement or circumstances of personal information collection, we may disclose your personal information to entities overseas to fulfil the purpose for which the personal information was collected or related purpose in accordance with the Privacy Act. These may include, but are not limited to Australia, New Zealand, the Philippines and India.
William Buck has offices and/or facilities in Australia, New Zealand, the Philippines and India. Our suppliers and contractors are situated in Australia, New Zealand, the EU, the UK, USA, the Philippines and India. The hosting facilities for our website are situated in Australia. We may also store, process or back up your personal information on servers that are located overseas (including through third party service providers). These servers are commonly located in (but are not limited to) USA, the UK, The Netherlands, Ireland & Singapore.
Data Transfers to each of these countries will be protected by appropriate safeguards, these include one or more of the following:
- The use of standard data protection clauses adopted or approved by the European Commission which you can obtain from the European Commission Website;
- The use of binding corporate rules, a copy of which you can obtain from the Privacy Officer at your local office (see contact details below).
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
There will be circumstances in which the disclosure of the information is required or authorised by Australian law or a court/tribunal order, the Code of Ethics for Professional Accountants, or where you have given your direct consent to disclose it.
Access to your personal information
You may request details of personal information that we hold about you in accordance with the provisions of the Privacy Act, and to the extent applicable the GDPR. If you would like a copy of the information which we hold about you or believe that any information we hold on you is inaccurate, out of date, incomplete, irrelevant or misleading, please email us at the appropriate email address below.
We reserve the right to refuse to provide you with information that we hold about you, in certain circumstances set out in the Privacy Act or any other applicable law. If access is denied, we will explain the reason why it is denied. We will require you to verify your identity and to specify what information you require.
Keeping personal information up to date
We endeavour to ensure that the personal information we hold is accurate, complete and up-to-date. Changes inevitably are required and unfortunately errors do occur from time to time. You should contact us immediately in order to update any changes to the personal information we hold about you.
General Data Protection Regulation (GDPR) for the European Union (EU)
William Buck complies with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use. We apply the general principles of GDPR to all individuals that we hold personal information on, regardless of nationality. Under these principles:
- We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
- We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
- We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purpose. We will keep your data safe and secure.
- We will process your personal information if it is necessary for our legitimate interests, or to fulfil a contractual or legal obligation.
- We will also process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
- We do not collect or process any personal information from you that is considered “Sensitive Personal Information” under the GDPR, such as personal information relating to your sexual orientation or ethnic origin unless we have obtained your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
- You must not provide us with your personal information if you are under the age of 16 without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. William Buck complies with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
- To be informed how your personal information is being used;
- Access your personal information (we will provide you with a free copy of it);
- To correct your personal information if it is inaccurate or incomplete;
- To delete your personal information (also known as “the right to be forgotten”);
- To restrict processing of your personal information;
- To retain and reuse your personal information for your own purposes;
- To object to your personal information being used; and
- To object against automated decision making and profiling.
We may ask you to verify your identity before acting on any of your requests.
Website and Cookies
When you visit our websites
When you come to our websites (www.williambuck.com, www.williambuck.com/nz and www.therealcfo.com), we may collect certain information such as browser type, operating system, website visited immediately before coming to our site, etc. This information is used in an aggregated manner to analyse how people use our site, such that we can improve our service.
In addition, cookies may be used to serve relevant advertisements to website visitors through third party services such as Google AdWords. These advertisements may appear on our websites or other websites you visit.
Third party sites
Our websites may from time to time have links to other websites not owned or controlled by us. These links are meant for your convenience only. Links to third party websites do not constitute sponsorship or endorsement or approval of these websites. Please be aware that William Buck is not responsible for the privacy practises of other such websites. We encourage our users to be aware, when they leave our website, to read the privacy statements of each and every website that collects personal identifiable information.
Social media platforms
You may wish to participate in the various social media platforms hosted by us and which we make available to you. These platforms are designed to facilitate and share content. We cannot be held responsible if you publicly share personal information on these sites that is subsequently used, misused or otherwise appropriated by another party/entity.
Complaints about privacy
If you have any complaints about our privacy practices, please feel free to send in details of your complaints to the relevant email address below. We take complaints very seriously and will respond shortly after receiving written notice of your complaint.
If you would like access to your personal information, or have any questions about privacy-related issues, you should contact the Privacy Officer in your local office at the email address below.
Contact Details for each office
The Privacy Officer
William Buck (NSW) Pty Ltd
66 Goulburn Street
Sydney NSW 2000
(02) 8263 4000
The Privacy Officer
William Buck (SA) Pty Ltd
211 Victoria Square
Adelaide SA 5000
(08) 8409 4333
The Privacy Officer
William Buck (VIC) Pty Ltd
181 William Street
Melbourne VIC 3000
(03) 9824 8555
The Privacy Officer
William Buck (QLD)
307 Queen Street
Brisbane QLD 4000
(07) 3229 5100
The Privacy Officer
William Buck (WA) Pty Ltd
15 Labouchere Road
(Cnr Mill Point Road)
South Perth WA 6151
(08) 6436 2888
The Privacy Officer
William Buck (NZ) Limited
21 Queen Street
Auckland NZ 1010
+64 9 366 5000
Last Updated – May 2020