In this document, the expressions “we”, “us” and “our” are a reference to The Little CFO. The term “you” and “your” refers to the website user or reader of this document.
The purpose of this policy is to clearly express an up-to-date policy about our management of personal information.
Your Rights in Relation to Privacy
The Little CFO understands the importance of protecting the privacy of an individual’s personal information and adopts the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (Act).
Kinds of Personal Information
During the provision of our services or through your use of our website, The Little CFO may collect your personal information. Personal information is information or an opinion about an identified, or reasonably identifiable, individual, whether or not the information or opinion is true and whether or not it is recorded in a material form.
If you’re a client (or potential client), it is highly likely that you will share some personal information with us. This includes:
· contact details such as your name, business or personal addresses, email addresses, phone and fax numbers;
· your employment or professional details;
· details of your company’s ABN and/or ACN;
· financial information including bank account and credit card details.
We don’t usually collect sensitive personal information like marital status, religion or sexual orientation. Although if you feel like sharing wedding photos with us, we’re always down.
Please notify us as soon as you can of any changes to the information provided to us or if you are aware of any inaccurate, out of date, misleading or false information.
Collection of Personal Information
Generally, The Little CFO will collect your personal information through:
· direct contact with you, whether in person or over the phone, email, or mail;
· the completion of online contact forms or booking forms on our website;
· information services providers, including social media, or publicly available information.
When you use our website, the following information may be logged for statistical purposes and for the purposes of marketing and advertising to you:
· the date and time of your visit to our website;
· your IP address;
· pages that you accessed and documents downloaded; and
· the type of browser you were using.
Cookies may be used on our website. Not to be confused with the edible kind, cookies are pieces of information that a website transfers to a computer’s hard drive for record keeping purposes. Most web browsers are set to accept cookies and do not personally identify the user.
Purpose of Collection
The Little CFO may need your personal information for the following reasons:
· to respond to your enquiries or consultation request via our website;
· so that we or our related entities can provide you with professional or legal services;
· for accounting, billing and other internal administrative purposes;
· to invite you to events, functions or training events and provide you with updates and publications;
· to add you to our mailing list where you have subscribed to our newsletter;
· any other legal requirements.
The Little CFO may also use and disclose your personal information in order to inform you of products and/or services that may be of interest to you. In the event you do not wish to receive such communications, you may, at any time, request not to receive direct marketing communications from us or use any opt-out mechanism provided - and we promise not to be offended.
Disclosure of Personal Information
Generally, The Little CFO and associated entities will only disclose your personal information for the purpose of providing professional and or legal services. This may include disclosing your personal information to third parties engaged to perform administrative or other business management services, such as our outsourced accounting team. This disclosure is always on a confidential basis or otherwise in accordance with law.
The Little CFO may also disclose your personal information with your consent or if disclosure is required or authorised by law.
We will not generally disclose your personal information outside Australia, as we like to work with local businesses. We might disclose your personal information to overseas entities if it is requested by you or you have provided consent (either express or implied). Before disclosing any personal information to an overseas recipient, The Little CFO will take reasonable steps to ensure that the overseas recipient complies with a similar privacy scheme, but cannot guarantee or make any warranties that they will.
Security of Your Personal Information
We will always do our best to ensure that the personal information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. We do this by password protecting our information and using two-factor authentication where possible, having virus protection software and not clicking on suspicious-looking emails.
Being a paperless practice, The Little CFO holds your personal information electronically, but when it absolutely can’t be avoided, we may from time to time hold your information in paper form also.
The Little CFO will destroy your personal information in circumstances where it is no longer required, unless required by law to retain the information.
All staff are responsible for protecting the confidentiality of client information and business information. Refer any data breaches, or suspected data breaches, to the customer services team as soon as possible.
What is an eligible data breach?
An eligible data breach, defined in s 26WE(2) of the Act, is when:
(a) both of the following conditions are satisfied:
(i) there is unauthorised access to, or unauthorised disclosure of, the information;
(ii) a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the
individuals to whom the information relates; or
(b) the information is lost in circumstances where:
(i) unauthorised access to, or unauthorised disclosure of, the information is likely to occur; and
(ii) assuming that unauthorised access to, or unauthorised disclosure of, the information were to occur, a reasonable person
would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the
If there is a suspicion of a breach
If we suspect that there has been an eligible data breach, a reasonable and expeditious assessment will be conducted within 30 days.
If we believe or have reasonable grounds to believe there has been a breach then a statement will be prepared setting out:
the business’s details;
a description of the breach;
the kind or kinds of information concerned; and
recommendations about the steps that we will take in response to it.
If practicable, we will advise the contents of the statement to each of the affected clients who may be at risk from the breach. If this is not practicable we will publish the statement on our website and take other reasonable steps to publicise its contents. Communications with individuals will be via their preferred communication method.
The statement will be submitted to the Privacy Commissioner.
Exception to reporting
Mandatory notification requirements are waived if remedial action can be taken that results in a reasonable person concluding that the access or disclosure is not likely to result in serious harm to any of those individuals.
How You May Access Your Personal Information
Under the Privacy Act, you have a right to access and seek correction of your personal information that is collected and held by The Little CFO.
If at any time you would like to access or correct the personal information that The Little CFO holds about you, please contact our privacy officer:
level 54, 111 Eagle Street. Brisbane Q. 4000
To obtain access to your personal information:
you will have to provide proof of identity to ensure that personal information is provided only to the correct individuals and that the privacy of others is protected;
you will need to be reasonably specific about the information you require; and
The Little CFO may charge you a reasonable administration fee, which reflects the cost to us for providing access in accordance with your request.
If The Little CFO refuses your request to access or correct your personal information, we will provide you with written reasons for the refusal and details of complaint mechanisms.
Please direct all privacy complaints to our privacy officer. We will take any privacy complaints seriously and deal with them in a prompt and confidential manner.
You will be informed of the outcome of your complaint following completion of the investigation, which will take no more than 30 days.
In the event that you are dissatisfied with the outcome of your complaint, you may refer the complaint to the Office of the Australian Information Commissioner.