Sinclair Wilson Privacy Policy

Effective date: 17 November 2025

1. Introduction

Sinclair Wilson (referred to as “we,” “us,” or “our”) is committed to protecting your privacy and the confidentiality of your personal information.

This Privacy Policy outlines how we collect, use, store, and disclose your information in compliance with the Privacy Act 1988 (Cth), the Australian Privacy Principles (APPs), and the Notifiable Data Breach (NDB) scheme.

As a professional accounting and advisory firm, we also adhere to:

APES 110 Code of Ethics for Professional Accountants
APES 305 Terms of Engagement
The Tax Agent Services Act 2009 (Cth) and the TPB Code of Professional Conduct
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
Relevant requirements of the Australian Securities and Investments Commission (ASIC) and the Australian Taxation Office (ATO)

2. What Information We Collect

Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.

We may collect the following types of personal information:

Personal details: Name, address, date of birth, and contact information (phone number, email address).
Financial details: Tax File Numbers (TFNs), bank account details, superannuation information, investment data, and other financial records.
Business information: ABN, business financial statements, payroll and accounting records, and other documents related to your business operations.
Other information: Details of your interactions with us, such as service preferences or feedback, and online interactions that may include IP address, device identifiers, browser type, and usage data.

We may also collect sensitive information (for example, health information related to taxation or insurance purposes) with your consent or as required by law.

3. How We Collect Your Information

We collect personal information directly from you through:

Forms you complete (online or physical)
Website submissions, online portals, or social media interactions
Emails, phone calls, or face-to-face meetings
Documents provided for accounting, audit, or taxation purposes

We may also collect information from:

The ATO, ASIC, superannuation funds, banks, or other financial or government bodies (where authorised by you)
Your authorised representatives such as lawyers, financial advisers, or auditors
Publicly available sources or business registers (e.g. ABN Lookup, ASIC)

Unsolicited information:

If we receive personal information that we did not request, we will determine whether it is necessary and relevant for our business purposes. If not, it will be securely destroyed or de-identified as soon as practicable, in accordance with the Privacy Act 1988 (Cth).

4. Why We Collect Your Information

We collect and use your personal information to:

Provide accounting, audit, taxation, and advisory services
Verify your identity and comply with Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations
Meet legal and professional obligations under taxation, corporate, and financial laws
Communicate with you regarding services, updates, and obligations
Conduct internal reviews, staff training, and quality assurance
Improve our client services, systems, and website functionality
Send relevant updates, invitations, or marketing communications (see Section 5)

We are required by law to collect and retain certain information to comply with AML/CTF laws, including identification and beneficial ownership details. These records are held in accordance with statutory retention periods.

Anonymity and pseudonymity:

You may choose to deal with us anonymously or under a pseudonym, but this may limit the services we can provide. Accounting and taxation services generally require verified identification.

5. Direct Marketing

We may use your personal information to send you marketing communications about our services, industry updates, and other information we believe may be relevant to you.

Opting Out:

You can opt out at any time by:

Clicking the “unsubscribe” link in marketing emails
Contacting us using the details in Section 12
Selecting the opt-out box in your Engagement Terms and Conditions

Third-Party Marketing:

We will not disclose your personal information to any non-Sinclair Wilson entity for their own marketing purposes without your explicit consent.

All marketing activities comply with the Spam Act 2003 (Cth) and related legislation.

6. Disclosure of Your Information

We may disclose your personal information to:

Government and regulatory bodies, such as the ATO, ASIC, AUSTRAC, or law enforcement
Sinclair Wilson related entities, where relevant and necessary to provide our services
Third-party service providers, including:
- Cloud and IT service providers
- External auditors, legal advisers, and contractors, bound by confidentiality
- Secure electronic signature and document-exchange providers
Your authorised representatives or advisers
Financial institutions or insurers, where authorised
Other parties as required by law or with your consent

We may engage independent contractors, IT providers, or administrative support personnel (including those offshore) who access client data under strict confidentiality and security controls.

We will never sell your personal information.

7. Storage, Security, and Retention

We take all reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure.

Our information-security framework includes:

Multi-factor authentication and role-based access control
Encryption of data both in transit and at rest
Monitoring and patching consistent with the Australian Cyber Security Centre’s Essential Eight
Staff and contractor confidentiality agreements
Regular cybersecurity audits, penetration testing, and vendor risk assessments
Annual privacy and data-security training for all staff

Data Retention:

Client information is retained for a minimum of seven (7) years after engagement completion, or longer if required by taxation, corporate, or professional standards, before secure destruction or de-identification.

Protection against doxxing and online disclosure:

We treat any unauthorised online publication or sharing of personal or identifying information (doxxing) as a serious privacy incident.

Any such event is managed under our Data Breach Response Plan and, if required, will be notified to affected individuals and regulators.

8. Notifiable Data Breach Scheme

We comply with the Notifiable Data Breach (NDB) scheme under the Privacy Act 1988 (Cth).

If a data breach occurs that is likely to result in serious harm:

We will promptly investigate, contain, and assess the breach
Where notification is required, we will inform affected individuals and the Office of the Australian Information Commissioner (OAIC)
Notifications will include details about the breach, its potential impact, and recommended protective actions

We maintain a documented Data Breach Response Plan and staff training program to ensure swift and compliant response to incidents.

9. Access to and Correction of Personal Information

You have the right to access the personal information we hold about you and to request corrections if it is inaccurate, incomplete, or out-of-date.

Requests should be made in writing to our Privacy Officer (see Section 12). We may require verification of your identity before releasing information and will respond within a reasonable time, generally within 30 days.

10. Cross-Border Data Transfers

In certain cases, your personal information may be stored or processed overseas (for example, by cloud storage providers located in New Zealand, Singapore, or the United States).

We take reasonable steps to ensure overseas recipients:

Maintain data-protection standards comparable to the APPs or equivalent frameworks (e.g. GDPR, NZ Privacy Act)
Are bound by contractual obligations requiring the safeguarding and restricted use of your data

11. Use of Cookies, Online Tools, and Automation

Our website may use cookies and similar technologies to improve user experience and analyse traffic. You can manage or disable cookies through your browser settings.

Sinclair Wilson and its related entities are the sole owners of information collected via our website. We are not responsible for privacy practices of external websites linked to or from ours.

We also use secure client portals, document-sharing, and e-signature platforms that comply with Australian data-security standards.

Use of Automation and Artificial Intelligence Tools:

From time to time, we may use secure digital or artificial-intelligence (AI) tools to assist with data analysis or document processing. These tools operate within approved, privacy-compliant environments, and no information is shared with public or non-contracted AI services.

For further information on cookies, visit www.aboutcookies.org.

12. Complaints, Contact, and Updates

Complaints:

If you believe we have breached your privacy or the APPs, please contact our Privacy Officer with details of your concern.

We will investigate and respond within 30 days.

If you are not satisfied with our response, you may contact:

The Office of the Australian Information Commissioner (OAIC) – www.oaic.gov.au
The Tax Practitioners Board (TPB)
Your professional accounting body (e.g. CPA Australia or CA ANZ)

Privacy Governance:

We maintain internal privacy governance, including annual compliance reviews, mandatory staff training, and designated Privacy Officers responsible for oversight and reporting.

Updates:

This Policy is reviewed at least annually, or earlier if required by legislative or operational changes. The latest version is always available on our website, and material updates are communicated via our client newsletter.

13. Contact Details

Privacy Officer
Sinclair Wilson
Phone: 03 5564 0555
Email: privacy@sinclairwilson.com.au

By engaging and using our services, you acknowledge that you have read and understood this Privacy Policy.