This privacy statement is subject to change without notice to the user. Please read this statement each time you visit the site so that you will be fully informed of the privacy policies and procedures of PurpleQuay.
The purpose of this privacy statement is to inform the user of this site, of the procedures and practices utilized by PurpleQuay to keep your personal information private once you access this site. We believe that your privacy is very important.
For statistical purposes, PurpleQuay collects certain quantitative information about each user in order to analyze, improve and customize our site content in order to make the site more responsive to the user's needs. PurpleQuay may collect certain personally identifiable information about each user by using cookies. A cookie or small file may be placed on the user's browser to save useful information about the user's use and visit to PurpleQuay’ site. Examples of such collected information may include the home server of visitors but not the names or addresses of the users, unless logged on special invitation. PurpleQuay does not sell, rent, or otherwise provide any personally identifiable information about you to any third party. PurpleQuay will not knowingly disclose information collected about each user to parties not affiliated with PurpleQuay unless required to do so by law.
Our privacy statement only addresses the use and disclosure of information that PurpleQuay may collect from you. By accessing this site, you are giving your consent and approval to our privacy policies. This Privacy statement is incorporated into and subject to the terms and conditions of this site as though set forth in full.
PurpleQuay complies and works in accordance with the National Privacy Principles and the Privacy Act 1988. PurpleQuay is committed to ensure the safekeeping and collection of personal information.
The information is collected via the Accounting or Financial planning firm.
The information we are provided include:
Names, Address, DOB and POB
ABN’s, TFN’s and Employment details
Annual Cash Flow Forecast & Profit Plan
Personal health and insurance information
Financial information – such as income, expenses, superannuation and investment details.
The collection and use of personal information is only to facilitate the services we provide to your firm as requested by you.
Only uses personal information for the purpose(s) for which it was given to us and for directly related purposes (unless otherwise required by or authorised by law) or as consented to by you or your firm.
PurpleQuay will only provide the information to their staff and associated providers that relate specifically to the tasks requested by your firm.
The information will not be provided or sold to other institutions. If there is a legal situation, the information may be provided in accordance to the law.
Your firm and staff can access the personal information that you provide. PurpleQuay will take the necessary steps to identify you are a client of PurpleQuay before they provide the information to you.
Depending on the nature of the services that we provide you or circumstances of collection, we may disclose your personal information to following organizations or individuals:
Our staff located overseas to fulfil the purpose for which the personal information was collected, or a related or ancillary purpose or otherwise in accordance with the Privacy Act.
Independent contractors, consultants, and service providers.
We require our service providers to adhere to our privacy guidelines and not to keep, use or disclose personal information we provide them for any unauthorized purposes.
We have taken the necessary measures to ensure our data integrity is not compromised.The data is stored for 10 years for compliance, auditing purposes and removed thereafter.
Our secure delivery centre is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.
Our group companies are ISO certified, this means our offices and systems are on par with international best practices for information security management. We do not use third-party contractors to complete any work.
Biometric scanners and access cards are required to enter our offices. Only authorised personnel are allowed to enter the office and processing centre. Physical documents, books and other devices are prohibited in the processing centre. The entire office is monitored by CCTV. All PC’s are desktops running a ‘dumb terminal system’. Ability to save and store data on the PC is disabled.CD Rom and other drives (USB) have been removed.Access to physical/removable drives (external hard drives) have been disabled. Printers and scanners are also not available within the processing centre. Staff is required to keep personal belongings including bags, books or mobile devices in secure lockers provided outside the main processing centre.
Internet activity is heavily controlled with websites required to be added to a “whitelist” before they can be accessed. Staff is unable to access personal emails from the office and work emails are unable to send data outside the office. Our intranet, internal portals, software and sites have IP Authentication in place so that no one can access these records outside our office premises. Access to our internal software is password protected with strength measurement. Passwords are also required to be updated regularly. All terminals include screen snapshots and are regularly audited to ensure staff is following security guidelines.
All our terminals and servers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks.Our security software is kept updated at all times and when required. All PC’s within our organisation have an auto-lock feature to ensure PC’s are not kept unlocked. Wireless connections are prohibited within our back-office in India and Australia.
If there is a data breach that is likely to result in serious harm, we will take the following action:
Contain the information leak and assess the actual damage caused by the breach.
Prepare a statement detailing the breach.
Immediately after providing the statement, notify each individual to whom the information relates to, or who are at risk.
If this is not possible, then we will:
1.Publish a copy of the statement on the website, &
2.Take reasonable steps to publicise the contents of the statement
Review and change our systems and processes to ensure they are further secured against future breaches.
If you have any complaints in relation to privacy, please contact us via the email address or phone number given on our website. We take privacy complaints very seriously. We will contact you within five working days of receiving your complaint and we will endeavour to resolve your privacy concerns within 30 working days. If you are not satisfied with the way we handled your privacy concerns, you are entitled to contact the Office of the Australian Information Commissioner who may investigate your complaint further.
Complaints to the Office of the Australian Information Commissioner (OAIC) must be made in writing to the following address:
Director of Compliance
Office of the Australian Information Commissioner
GPO Box 5218
Phone 1300 363 992
Website – www.oaic.gov.au