Privacy Policy
Last updated: April 2, 2026
Effective Date: April 2, 2026
Firm: INNOVATIVE NATIONAL TAX & UPKEEP INTERNATIONAL TALLY PTY LTD
Contact: +61 447180277 | dpo@innovativenationaltax.com
Phone: +61 447180277
1. Our Commitment to Privacy
INNOVATIVE NATIONAL TAX & UPKEEP INTERNATIONAL TALLY PTY LTD("the Firm", "we", "us", "our") is bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We are also committed to maintaining the security of financial data in accordance with the Payment Card Industry Data Security Standard (PCI DSS) v4.0 where applicable.
This Privacy Policy describes how we manage your personal information, including sensitive financial data, and explains your rights regarding access, correction, and complaints.
2. What Personal Information We Collect
We collect only the information necessary to provide accounting, bookkeeping, tax, and business advisory services. The kinds of personal information we collect and hold include:
| Category | Examples of Information Collected |
|---|---|
| Identity & Contact | Full name, residential/business address, email, phone number, date of birth. |
| Financial & Tax | Tax File Numbers (TFN), Australian Business Number (ABN), bank account details, credit card numbers (PANs - truncated where possible), payroll records, BAS/IAS statements, superannuation details, asset registers. |
| Sensitive Information | Information about health (for payroll/leave entitlements), union membership, or criminal record (only if strictly required for a specific engagement or legal obligation). |
| Technical Data | IP address, browser type, and login audit trails when you access our client portals or cloud platforms. |
| Business Information | Company financials, shareholder details, director identification numbers. |
We generally do not collect government identifiers (e.g., driver's licence numbers) unless required by law (e.g., Anti-Money Laundering obligations).
3. How We Collect Information
- Directly from you: via engagement letters, forms, emails, meetings, or our secure client portal.
- From third parties: such as the Australian Taxation Office (ATO), your bank, payroll software providers, or regulatory bodies.
- From publicly available sources: ASIC registers or credit reporting bodies (where permitted).
If you provide us with personal information about another individual (e.g., an employee or director), you confirm that you have made them aware of this policy and obtained their consent.
4. PCI DSS Compliance – How We Protect Card Data
4.1 We Do Not Store Sensitive Authentication Data (SAD):
We never store the full magnetic stripe data, CVV2/CVC2 (the three-digit security code), or PIN data after transaction authorisation.
4.2 Truncation & Encryption of Primary Account Numbers (PANs):
- Where we store credit card numbers to reconcile client accounts, we truncate (mask) the PAN so that only the last four digits are visible.
- We apply strong cryptography to render stored PANs unreadable. We do not maintain "clear-text windows" of PANs in logs or temporary files.
4.3 Multi-Factor Authentication (MFA):
Any access to our cardholder data environment (CDE), including remote access to our practice management software and cloud storage, is protected by MFA.
4.4 Payment Gateways:
We use PCI DSS Level 1 validated third-party gateways (e.g., Stripe, Square). We use tokenisation – your card number is replaced with a unique token stored by the gateway, not on our servers.
5. Purposes for Collection, Use, and Disclosure
We collect, hold, use, and disclose your personal information for the following purposes:
- Preparing tax returns and financial statements.
- Liaising with the ATO, ASIC, and SROs.
- Liaising with State Revenue Offices.
- Identity verification (AML/CTF compliance).
- Invoicing and payment processing.
- Managing business operations & IT security.
- Professional standards compliance.
- TPB regulatory compliance.
6. Cross-Border Disclosure of Data
Crucial for International & Cloud-Based Business
We use cloud-based platforms (e.g., Xero, MYOB, QuickBooks, Microsoft 365, Google Workspace) to deliver our services. These platforms may store your personal information on servers located outside of Australia (e.g., United States, European Union, Singapore).
6.1 Overseas Recipients:
United States, New Zealand, Singapore.
6.2 APP 8 Accountability:
Under APP 8, we take reasonable steps to ensure overseas recipients do not breach the APPs, typically through Data Processing Agreements (DPAs) and verifying security certifications (ISO 27001, SOC 2).
By engaging our services, you consent to the disclosure of your personal information to overseas recipients as described. Note that under APP 8.1, overseas recipients may not be subject to the full range of Australian privacy obligations, though we contractually protect your data.
7. Data Security and Storage
| Security Measure | Implementation |
|---|---|
| Encryption | Data encrypted at rest (AES-256) and in transit (TLS 1.3). |
| Access Controls | Role-based access (Need-to-Know basis). No administrative access to CDE without approval. |
| MFA | Mandatory for all staff accessing remote systems, email, and practice management software. |
| Malware Protection | Automated anti-malware and behavioural analysis on all endpoints and removable media. |
| Audit Logging | Automated review of audit logs for all access to cardholder data environments. |
9. Notifiable Data Breaches (NDB)
We comply with the NDB scheme. If an eligible data breach occurs, we will conduct an assessment, notify affected individuals, and report to the OAIC.
11. Automated Decision-Making
Effective 10 December 2026
Currently, software (e.g., Xero, MYOB) automates transaction coding. However, all material financial and tax decisions are reviewed by a qualified human accountant.
13. Contact Us (Privacy Officer)
Privacy Officer
INNOVATIVE NATIONAL TAX & UPKEEP INTERNATIONAL TALLY PTY LTD
U905 6 Tonga Place, Parkwood 4214, QLD Australia
Phone: +61 447180277
Latest version available at our website. Significant changes will be notified via email.