Privacy Policy
Hart Partners Pty Ltd
ABN 54 610 503 029
Last updated: 3.7.26
Hart Partners Pty Ltd (‘Hart Partners’, ‘we’, ‘us’ or ‘our’) is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, hold, use and disclose personal information, how you can access or correct the personal information we hold about you, and how you can make a privacy complaint.
This Privacy Policy applies to personal information we collect and handle in the course of providing accounting, taxation, bookkeeping, payroll, company secretarial and related professional services, including in connection with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act).
We handle personal information in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs), including in respect of our AML/CTF-related activities, regardless of any small business exemption that may otherwise apply to other aspects of our business.
- Collection Notice
When we collect personal information about you, we are required by the Privacy Act 1988 (Cth) to notify you of certain matters at or around the time of collection. This clause sets out those matters.
Who we are: Hart Partners Pty Ltd, Sunshine Coast, Queensland. Contact: Paula Hart, 0413 222 922, paula@hartpartners.com.au.
What we collect and why: When you engage Hart Partners, we collect personal information including your name, date of birth, address, contact details, tax file number, financial information, bank account numbers and identification documents. We collect this to provide accounting, taxation, and related services to you, and to meet our legal obligations — including as a registered tax agent under the Tax Agent Services Act 2009 (Cth) and, where applicable, as a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). The kinds of personal information we collect are described in more detail in clause 2.
How we collect it: We generally collect your personal information directly from you. We may also collect it from third parties where you have authorised this, or where we are otherwise permitted by law. See clause 3 for further detail.
Required by law: Some of the information we collect is required by law. In particular, where we are providing a designated service under the AML/CTF Act, we are legally required to verify your identity and the identity of any beneficial owners before providing that service. We use InfoTrack to conduct this verification, including screening against sanctions and politically exposed persons lists. We retain a record of the verification outcome — not a copy of your identification document. See clause 7 for further detail.
What happens if you don’t provide it: If you do not provide the information we request, we may not be able to provide our services to you, or to meet our legal and regulatory obligations.
Who we share it with: We may disclose your personal information to the ATO, ASIC, AUSTRAC, the Tax Practitioners Board, CPA Australia, our overseas contractors, and cloud-based software providers (some of whom store data outside Australia). In limited circumstances, we may also be required by law to disclose information to AUSTRAC without notifying you — for example, where a suspicious matter report has been submitted. See clauses 4, 5, and 7 for further detail.
Overseas disclosure: Some of our service providers store data outside Australia, including in the United States. See clause 6 for further detail.
Access, correction and complaints: You have the right to access and correct the personal information we hold about you, and to make a privacy complaint. See clauses 10 and 11 for further detail.
2. The kinds of personal information we collect and hold
The personal information we collect and hold depends on the nature of the services we provide to you, but may include:
- identity information, such as your name, date of birth, residential and postal address, and contact details;
- government-issued identifiers, such as your Tax File Number (TFN), Australian Business Number (ABN), driver’s licence, passport, or other identification documents;
- financial information, such as bank account and payment details, income, assets, liabilities, transaction records, and superannuation information;
- employment information, including payroll, salary, leave, and Single Touch Payroll (STP) data, where we assist with payroll services;
- information about your business, including company and trust structures, shareholdings, directorships, and beneficial ownership information;
- information collected for the purposes of customer due diligence under the AML/CTF Act, including identity verification documents, source-of-funds information, and information about politically exposed persons or sanctions screening, where applicable; and
- any other personal information you, or a third party on your behalf (such as your bank, employer, or another adviser), provide to us in connection with our services.
We do not seek to collect sensitive information (such as health information) except where it is directly relevant to the services we provide, and where required or authorised by law.
3. How we collect personal information
Wherever practicable, we collect personal information directly from you — for example, when you engage us, provide instructions, or supply documents and records for the preparation of your accounts, tax returns, or other services.
We may also collect personal information from third parties, including:
- your employees, business partners, or representatives;
- your bank, financial institution, or superannuation fund;
- the Australian Taxation Office (ATO), the Australian Securities and Investments Commission (ASIC), and other government or regulatory bodies;
- an Accredited Data Recipient under the Consumer Data Right (CDR), where you have authorised us as your Trusted Adviser to receive your data via a Trusted Adviser Insight; and
- publicly available sources, where reasonably necessary — for example, to verify identity or beneficial ownership information for AML/CTF purposes.
4. Purposes for which we collect, hold, use and disclose personal information
We collect, hold, use and disclose personal information for the following purposes:
- to provide accounting, taxation, bookkeeping, payroll, company secretarial, and related professional services to you;
- to prepare and lodge documents with the ATO, ASIC, and other government or regulatory bodies on your behalf, where authorised;
- to meet our obligations as a registered tax agent under the Tax Agent Services Act 2009 (Cth) (TASA);
- to meet our obligations as a reporting entity (or an authorised agent of a reporting entity) under the AML/CTF Act, including customer due diligence, ongoing monitoring, and reporting obligations;
- to communicate with you about your engagement, including invoicing and account management;
- to comply with our professional, ethical, and legal obligations, including under APES 110, APES 305, and the CPA Australia Best Practice Program; and
- for other purposes you would reasonably expect, or for which you have given consent.
5. Who we may disclose your personal information to
We treat your personal information as confidential. We may disclose personal information to:
- the ATO, ASIC, AUSTRAC, the Tax Practitioners Board, and other government or regulatory bodies, where required or authorised by law;
- third-party contractors located overseas who assist us in delivering our services (see clause 5 below);
- cloud-based software and AI-based service providers we use to deliver our services (see clause 5 below);
- CPA Australia, for the purposes of the CPA Australia Best Practice Program quality review;
- other professional advisers (such as financial planners, lawyers, or other accountants), where you have authorised us to do so;
- a debt-collection agency or our legal advisers, where necessary to recover outstanding fees; and
- any other third party with your consent, or as required or authorised by law.
We do not sell, rent, or trade your personal information to any third party for marketing purposes.
6. Overseas disclosure of personal information
We engage third-party contractors located overseas to assist us in delivering our services, including client correspondence, compilation of income tax returns, preparation of workpapers, reconciliation and review of source documents, processing of Single Touch Payroll, document management, and processing of company annual reviews. We take reasonable steps to ensure these contractors are subject to confidentiality and data-handling obligations consistent with the Australian Privacy Principles.
We also use cloud-based software platforms and AI-based tools as part of our service delivery, some of which store or process information on servers located outside Australia. This may include service providers with infrastructure located in the United States and other overseas jurisdictions. A current list of the principal software platforms we use, and their data hosting locations (where known), is available on request.
By engaging us, you consent to the disclosure of your personal information to these overseas recipients for the purposes described in this policy and in our Terms of Engagement.
7. AML/CTF customer due diligence
Where we provide a ‘designated service’ within the meaning of the AML/CTF Act, we are required to undertake customer due diligence before providing that service, and on an ongoing basis. This may include verifying your identity, the identity of any beneficial owners, and the source of funds, and screening for politically exposed persons and targeted financial sanctions. Personal information collected for this purpose is handled in accordance with this Privacy Policy and our obligations under the Privacy Act, the AML/CTF Act, and OAIC guidance for AML/CTF reporting entities.
We only collect the personal information that is reasonably necessary to meet our AML/CTF obligations and to provide our services to you. We do not retain copies of full identification documents (such as a passport or driver’s licence) for AML/CTF record-keeping purposes once we have verified your identity. Instead, we retain only the specific details required to demonstrate compliance — for example, your name, date of birth, address, the type and number of the document sighted, and the outcome of our verification and risk assessment.
We retain records collected for AML/CTF purposes for the period required by law, currently a minimum of seven years following the end of our business relationship with you, or seven years after the date of a relevant occasional transaction. We will destroy or de-identify personal information collected for AML/CTF purposes once it is no longer required for that purpose, or any other purpose for which we are permitted to hold it under the Privacy Act.
In limited circumstances, the law restricts us from telling you that we have made, or intend to make, a report to AUSTRAC about a matter (this is known as ‘tipping off’). Where this applies, we will not disclose that information to you, even where this Privacy Policy would otherwise suggest we would.
8. How we hold and secure personal information
We store personal information in a combination of secure cloud-based systems and, where applicable, physical records. We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure, including by:
- using reputable, secure cloud computing service providers;
- applying password protection and two-factor authentication to our systems;
- limiting access to personal information to staff and contractors who require it to perform their role; and
- requiring staff and contractors to comply with confidentiality obligations.
No method of electronic storage or transmission is completely secure. While we take reasonable steps to protect your personal information, we cannot guarantee its absolute security.
9. Use of artificial intelligence
We may use artificial intelligence (AI) tools as part of our service delivery, including for tasks such as meeting notes and summaries, tax research, and drafting and administrative assistance. Some of this processing may occur on servers located outside Australia. We take reasonable steps to assess the security and privacy practices of the AI tools we use. AI tools are used to support, and do not substitute for, the professional judgement of our staff, and any output generated with the assistance of AI is reviewed by a qualified member of our team before being relied upon or provided to you.
10. Access to, and correction of, your personal information
You may request access to the personal information we hold about you, or ask us to correct it if you believe it is inaccurate, out of date, incomplete, irrelevant, or misleading. We will respond to your request within a reasonable time.
There may be circumstances in which we are unable to provide you with access to, or correct, your personal information — for example, where to do so would unreasonably impact the privacy of others, or where access is prohibited by law. If we refuse your request, we will explain why.
We do not charge a fee for receiving a request for access or correction, but may charge a reasonable fee for giving access if doing so requires a substantial amount of work.
11. How to make a privacy complaint
If you believe we have breached the Privacy Act or the Australian Privacy Principles, please contact our Privacy Officer:
| Privacy Officer | Paula Hart |
| Phone | 0413 222 922 / 03 9600 3220 |
| paula@hartpartners.com.au | |
| Post | PO BOX 172, Palmwoods QLD 4555 |
Please provide as much detail as possible, including what happened, when it happened, and the outcome you are seeking. We will acknowledge your complaint and aim to respond within 30 days.
If you are not satisfied with our response, or do not receive a response within a reasonable time (generally 30 days), you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
| Phone | 1300 363 992 |
| Website | www.oaic.gov.au |
| Post | GPO Box 5288, Sydney NSW 2001 |
Note: a complaint to the OAIC must be made in writing, and the OAIC generally requires you to have first given us a reasonable opportunity (generally 30 days) to respond to your complaint before it will investigate.
12. Website cookies and marketing communications
Our website may use cookies and similar technologies to help it function and to understand how visitors use our site — for example, to remember session information or measure visits. You can adjust your browser settings to refuse cookies, though this may affect how parts of our website function.
With your consent, we may send you marketing communications about our services, newsletters, or relevant updates. You can withdraw your consent and opt out of marketing communications at any time by contacting us using the details in clause 10, or by using any unsubscribe link included in the communication itself. Withdrawing consent to marketing communications does not affect our ability to contact you about the services we are otherwise engaged to provide.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The current version of this policy will always be available on our website, or on request.
14. Contact us
If you have any questions about this Privacy Policy or how we handle your personal information, please contact us using the details in clause 10 above.
