ONDA Group Pty Ltd (ABN 56 619 693 417) (‘Onda 'we', 'us', 'our') are committed to protecting the Personal Information we collect and hold about you.
Onda understands the importance of keeping your Personal Information secure. Due to its nature as a personal administration firm, Onda collects and holds a large range of confidential personal and commercial information. That is why Onda places a high priority on the security of information held by our firm. This policy has been put in place to inform you of what Personal Information Onda collects, and how we manage it and maintain its integrity and security.
While Onda makes every effort to keep your Personal Information highly secure, we also believe that you have the right to be informed about how we handle your information. If, after reading this policy, you are unclear on any of the matters, or simply want more information, please do not hesitate to contact our Privacy Officer.
2. The Information We Collect and Store
Collection of Personal Information
Onda only collects the Personal Information that is necessary to provide the service you have requested from us. If you do not provide us with the Personal Information we have requested, we are unable to provide those services with efficiency and accuracy.
Generally, Onda collects and holds the following Personal Information:
• Name, address, contact details and job titles
• Date of birth
• Australian Company Numbers and Australian Business Numbers
• Bank account details
• Details of your expenses, assets and liabilities.
Naturally we collect and hold a broad range of Personal Information gathered during the course of providing our services. However, Onda strives to ensure that we collect and hold only that Personal Information which is relevant and necessary to deliver the specific services you have requested us to.
Onda will collect Personal Information only by lawful and fair means.
The Personal Information will usually only be collected from you, your authorised representatives or from publicly available sources. We will only collect Personal Information from a third party if you have consented to such collection or you would reasonably expect us to collect the Personal Information in this way.
We may also collect Personal Information about you through contact mailboxes or the registration process.
Occasionally, Onda may need to collect and hold sensitive information; this includes information about an individual’s racial or ethnic origin, membership of a political association, religious beliefs or affiliations, membership of a professional or trade association, membership of a trade union, or criminal record.
Sensitive information is subject to a higher level of privacy protection than other Personal Information, and may only be collected with consent, except in specified circumstances. Consent is generally not required to collect Personal Information that is not sensitive information. Sensitive information must not be used or disclosed for a secondary purpose unless the secondary purpose is directly related to the primary purpose of collection and within the reasonable expectations of the individual, and it cannot be used for the secondary purpose of direct marketing.
At times, Onda may ask you to provide details regarding certain government assigned identification numbers (e.g. tax file numbers, etc.) to assist us in providing your agreed services. We will only use these government identifiers where it is necessary and lawful to do so, and we will not otherwise use these identifiers within our own organisation.
Information the law requires us to collect
Onda is not required by law to collect any particular Personal Information.
Personal Information quality
Our aim is to ensure that at all times your Personal Information is accurate, complete and current. In order for us to accomplish this, you need to provide true, accurate, up-to-date and complete information about yourself where requested and inform us of any changes.
If you discover any inaccurate or incomplete information, please contact us so that we can correct the information.
3. How We Use Personal Information
Purposes of collection
We primarily collect Personal Information to allow us to provide the services you have requested.
However, Onda may also use the Personal Information to send newsletters concerning various financial and taxation matters, invite you to seminars or events, and to inform you of developments at the firm. If you would like to opt out of receiving this type of information, please contact us. Our contact details are listed at the end of this document.
We will never sell, rent or trade any of your Personal Information to a third party.
Unless you have given us prior consent, or it is required or authorised by law, we will never disclose Personal Information about you to a third party.
4. Information Sharing and Disclosure
You should be aware that Onda may have to disclose Personal Information to the following third parties: the Australian Taxation Office, ASIC, Centrelink, your solicitors, your bank and financial institutions, any related corporations or affiliate practices and any other organisations to which you normally disclose information of this kind.
In addition to the above-named parties, there are other third parties which may, on occasion, have access to your Personal Information, such as IT technicians working onsite, or potential buyers carrying out due diligence on our practice.
From time to time during the completion of your work, Onda may engage various staff and / or contract personnel including overseas contractors who we consider appropriate for the completion of your work. These personnel will have access to your accounting and taxation records only for the purpose of completing the accounting and taxation engagements agreed. In all cases these personnel will be subject to our supervision and control and are required to protect your Personal Information in a way that, overall, is at least substantially similar to the APPs.
Non-private or Non-Personal Information.
We may disclose your non-private, aggregated, or otherwise non-Personal Information, such as usage statistics of our service.
5. Accessing, Changing or Deleting Your Information
Accessing your Personal Information
You can ask Onda to provide you with access to all Personal Information that we hold about you. You will never be charged a fee for submitting a request to access to your Personal Information, though we reserve the right to charge you a fee for the access itself.
If, after you ask to see your Personal Information, we refuse your request, we will give you a reason for this decision.
Onda do not have to provide access where the Personal Information relates to existing or anticipated legal proceedings between Onda and an individual, and the information would not be
accessible by the process of discovery in those proceedings; where denying access is required or authorised by law; or when providing access would be unlawful.
To submit a request for access to your Personal Information, please contact us. Our contact details are listed at the end of this document.
Changing or Deleting your Personal Information
All Onda clients can request changes to, or deletion of, Personal Information by contacting your account manager or email@example.com. In some cases, we may retain copies of your information if required by law.
6. Data Retention We will retain your information for as long as your account is active or as needed to provide you services. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Consistent with these requirements, we will try to delete your information quickly upon request. Please note, however, that backed-up versions might exist after deletion.
Discarding your Personal Information
Onda will hold any Personal Information used in the provision of your services for up to seven (7) years after completion of those services, after which all available files will be destroyed or deleted securely.
Securing your Personal Information
Onda is committed to maintaining the security and confidentiality of the data you provide Onda and we will take all reasonable precautions to protect your Personal Information from unauthorised disclosure, use or alteration.
Your Personal Information will be held either physically in our offices or electronically.
In order to keep your Personal Information secure, we have a number of systems in place. All computer access is password-protected and provided through a firewall, and all computers run anti-virus software. Our offices are supplied with secure shredding bins, and our office is fully secured with security keys required for entry. Our practice management systems also provide access to client information only to those staff who are authorised to view it.
There are inherent risks in transmitting information across the internet and we do not have the ability to control the security of information collected and stored on third party platforms. We follow generally accepted standards to protect the information submitted to us, both during transmission and once we receive it. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security, you can contact us at firstname.lastname@example.org. Our website may include links to other websites whose privacy practices may differ from those of Onda. If you submit Personal Information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
Notifiable Data Breaches Scheme (NDB) and General Data Protection Regulation (GDPR)
From February 2018 companies covered by the Australian Privacy Principles (APPs) have clear obligations to report eligible data breaches. The NDB scheme implements changes to an existing law and the GDPR introduces a whole new regulation with global implications.
In Australia, the following link provides further information regarding the NDB scheme and the responsibilities of all parties: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
In Europe, the GDPR applies and information about the regulatory framework can be found here: https://www.eugdpr.org/ 8. Contacting Us
If you have any complaints about the Personal Information we hold or the way that we manage it, please get in touch with us. Our contact details are listed above. We will acknowledge your complaint within 7 days. We will provide you with a decision on your complaint within 30 days.
Issue date: 21/09/2019 Authorised by: ONDA Group CEO George Wilson Version: 2