Hawkeye Financial Privacy Policy
Introduction and Commitment to Privacy
Hawkeye Financial (referred to as “we”, “us”, or “our”) is a Brisbane-based Chartered Accounting firm committed to protecting your personal information. We manage personal data in an open and transparent way in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). We also adhere to guidance from the Australian Competition & Consumer Commission (ACCC) by ensuring this Privacy Policy is clear, not overly complex, and easy to navigate. Our goal is to give you full and accurate information about how we handle your data, so you can make informed choices.
This Policy outlines what personal information we collect, how and why we collect it, how we use and disclose it, and how we secure it. It also explains your rights (such as access and correction) and how to contact us with any questions or concerns.
Scope: This Policy applies to all personal information we collect from clients and visitors within Australia. We only provide services to Australian residents (or non-residents who require Australian Tax Agent Services) and do not actively collect personal data from individuals outside Australia. (Any incidental information received from overseas will be handled in accordance with Australian privacy law.)
What Information We Collect
We only collect information that is reasonably necessary for our functions as a provider of accounting and financial services. The types of personal information we may collect include:
Financial Information: Financial records, bank account details, income, expenses, and other financial details necessary for accounting, taxation, or advisory services. This may include employment details, business financial statements, and transaction history needed to prepare accounts or lodge tax returns.
Communication Records: Information you provide in correspondence with us. For example, inquiries made through our website contact form, emails you send us, or information shared during meetings (including Google Meet video conferences as described later).
Communication Records: Information you provide in correspondence with us. For example, inquiries made through our website contact form, emails you send us, or information shared during meetings (including Google Meet video conferences as described later).
Online Usage Data: When you visit our website, we use Google Analytics and similar tools to collect information about your visit. This can include your IP address, device and browser type, pages viewed, and the date/time of your visits. We collect this data via cookies and tracking pixels (see Cookies & Analytics below) to understand how users interact with our site. This information is generally not used to identify you, but it may be considered personal information in some circumstances.
Social Media Data: If you engage with us on social media (Facebook, Instagram, YouTube, or X/Twitter), we may collect your public profile name and any contact details or content you provide when messaging or commenting. For instance, if you send us a Facebook message or comment on our posts, we receive whatever information you choose to share. We use a social media management tool (Metricool) to help manage and schedule our posts; however, this tool primarily gathers aggregated engagement data and does not extract additional personal details beyond your public profile and interactions.
We do not collect any sensitive information (such as health, racial, or religious data) unless it is necessary for our services and you have given explicit consent, or unless required by law. In general, the
personal information we require is limited to the categories above. If you choose not to provide certain details (for example, opting not to give your contact number), we will respect that choice – but it may affect our ability to provide some services. We will let you know if any information is optional. Where lawful and practical, you may deal with us anonymously or under a pseudonym (for example, making a general inquiry by phone without giving your name), but for most of our services we will need to identify you.
How We Collect Personal Information
Third-Party Services and Integrations: We use certain third-party platforms in delivering our services, which may involve collection of data on those platforms:
Xero Accounting Software: If you are our accounting client, you may have your financial data stored in Xero, a cloud accounting system, which we use to manage your accounts. Any personal or financial information entered into Xero (e.g. invoices, bank transaction feeds, payroll details) will be accessible to us for the purposes of providing our services. We only access or input data into Xero with your authorization, and Xero’s privacy and security measures apply to the storage of that data.
Email Campaigns (Mailchimp): If you subscribe to our newsletter or updates, we collect your name and email address for that purpose. We use Mailchimp (an email marketing service) to manage our mailing list and send emails. When you sign up, Mailchimp will store your contact details on its servers (which may be located outside Australia – see Data Storage & Security). Mailchimp also tracks email open rates and link clicks to help us gauge engagement. Every marketing email will include an “unsubscribe” option so you can opt out of further emails at any time.
Video Meetings (Google Meet): We sometimes conduct client meetings or consultations via Google Meet (video conferencing). By default, these meetings are not recorded. Recording will only occur if necessary (for example, to accurately capture complex discussions or with client permission for note-taking), and we will always inform you and obtain your consent before recording any Google Meet session. If you do not wish to be recorded, you may decline or ask us to stop the recording – we will fully respect that choice. (Google Meet notifies participants when recording is started or stopped as an added measure of transparency.) Recorded meetings, when they occur, are stored securely (typically in our Google Drive or transferred to our secure SharePoint storage) and used only for internal reference or quality assurance.
Automated Collection (Cookies & Pixels): Our website uses cookies and similar technologies to automatically collect certain technical data when you visit. This includes cookies set by Google Analytics and potentially by social media plugins or Metricool (if used for analytics). These small data files may track information about your browsing such as: your IP address and general location, browser type, pages you view on our site, the time spent on pages, and actions like clicking links. We use this information to understand aggregate user behaviour and improve our website and marketing. For example, Google Analytics helps us know which pages are most visited and how users find us, so we can enhance content.
(Note: We have enabled Google Analytics “Advertising Features” on our site to support targeted advertising; however, we configure these tools to avoid identifying you personally. For example, whenever possible we do not send your full IP address to Google, to further protect your anonymity. In addition, we have implemented a Facebook Pixel and Google Ads tags for advertising purposes, and this Privacy Policy clearly discloses their use (see the Cookies & Analytics and Advertising & Cookies sections below).
We will always collect personal information by lawful and fair means. We generally collect information directly from you, but in some cases we may receive information about you from third parties – for example, if another professional (like your financial adviser or a bookkeeper) provides us data at your request, or if we need to verify information with government agencies (such as the Australian Taxation Office). If we receive information about you that we didn’t request (unsolicited information), we will determine if it’s necessary for our purposes. If not, we will securely destroy or de-identify it.
Why We Collect Your Information (Purposes of Use)
Providing Accounting and Advisory Services: We use your information to perform the services you have engaged us for – such as preparing and lodging tax returns, financial statements, BAS/GST reporting, bookkeeping, audits, and financial or business advice. For example, we need your financial records and TFN to complete your tax lodgements, and your contact details to communicate with you about your accounts. We will use the information to carry out your instructions and our obligations accurately and efficiently. Client Communication: We use contact information (email, phone, address) to stay in touch with you. This includes sending appointment reminders, notifying you about important changes (e.g. tax law updates affecting you), responding to your inquiries, and providing customer support. If you reach out to us via email or social media, we will use the information provided to reply appropriately. Administration and Record-Keeping: Personal information is used internally for administrative purposes like maintaining client files, invoicing and billing, and keeping records required for our business operations or legal compliance. For instance, we may retain your engagement details and correspondence to have a history of services provided. We keep records as required by law (e.g. financial and tax records must be retained for certain periods).
Legal and Regulatory Compliance: As a financial services provider, we are subject to various legal obligations. We may use personal data to comply with laws such as taxation law, the Corporations Act, Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) laws, and our professional ethical obligations. For example, we might need to verify your identity under AML/CTF regulations if applicable, or provide information to the Australian Taxation Office and other government agencies as required by law.
Marketing (Opt-In Only): With your consent, we may use your name and contact details to send you newsletters, updates, or marketing communications about our services. For example, if you sign up on our website or ask to be added to our mailing list, we will email periodic newsletters such as tax tips, legislative updates, or information about new services we offer. We do not send spam, and you can unsubscribe from marketing emails at any time by clicking the “unsubscribe” link in the email or contacting us. We do not sell or share your personal details with other companies for them to market to you. Any direct marketing is only from Hawkeye Financial to you (and only if you’ve given consent or it’s otherwise permitted by law). If you opt out of marketing, we will remove you from the distribution list promptly as required by law. (under the Spam Act 2003).
We also want to be transparent about how you can control or opt out of this targeted advertising. You can opt out of Google’s use of advertising cookies by adjusting your Google Ads Settings or by using the Network Advertising Initiative’s opt-out page. Similarly, you can control how Facebook targets ads to you by changing your ad preferences in your Facebook account settings or by using industry opt‑out tools (such as those provided by the Digital Advertising Alliance). All of our advertising activities involving personal information are conducted in line with Google’s and Facebook’s policies and in compliance with Australian privacy law.
We will not use your personal information for purposes other than those listed above unless: (a) you consent to the new purpose, or (b) it is required or authorised by law. If we ever need to use your data for a secondary purpose that is not obvious to you, we will seek your consent first (for example, if we wanted to feature a testimonial from you on our website, we would ask your permission). In general, we do not engage in profiling or automated decision-making that could significantly affect you – any analyses we perform (e.g. analytics on website usage) are to inform business strategy and do not result in decisions without human review.
Disclosure of Personal Information
We respect the confidentiality of the information you provide us. We do not sell, trade, or rent your personal information to third parties for their own use. We will only disclose your information to third parties for the purposes explained in this Policy or as permitted/required by law. The types of third parties we may share information with include:
Service Providers (Processors): We use reputable third-party service providers to support our business operations and services. This can include: IT and Cloud Service Providers: We rely on Microsoft’s Office 365 suite (including Outlook email and SharePoint/OneDrive for file storage) to store and manage most of our documents and communications. Personal information (emails, documents, contact lists, etc.) is stored on Microsoft’s cloud servers rather than on local servers. Microsoft implements strong security and encryption measures to protect data, and we have access controls in place. (See Data Storage & Security below for more on cloud storage.) Similarly, if we store client data in Xero (cloud accounting) or share files via secure cloud links, those providers are handling your data on our behalf. We ensure that such providers have privacy and data security commitments consistent with our standards. Mailchimp: If you are on our email newsletter list, your name and email address are stored with Mailchimp (operated by Intuit). We provide Mailchimp only the information needed (typically name and email) to deliver the communications. Mailchimp may process this data on servers outside Australia (e.g. the United States).
We have taken steps to ensure Mailchimp handles your data securely and only for our instructions – for example, by agreeing to terms that protect your information. By subscribing, you acknowledge that your email will be transferred to Mailchimp for processing. (You can unsubscribe any time, as noted above, and we will then remove your data from the mailing list.) Analytics and Online Tools: As part of running our website and social media, some data may be disclosed to providers like Google (for Analytics) or Metricool. For instance, when your browser loads our website, Google Analytics scripts may collect usage data and log it on Google’s systems for our analysis. These providers might technically have access to some data about your site usage, but they generally only see pseudonymous data (like cookie IDs or truncated IP addresses). We do not receive your personal identity from analytics providers – just aggregated reports. We also configure these tools to limit data wherever feasible.
Professional Partners: In certain cases, we may work with other professionals or contractors to fulfill your needs – for example, a specialized tax consultant, auditor, or IT support technician. We will only share with them the information necessary for them to perform their function, and only with your consent or under confidentiality arrangements. For instance, if an external auditor is reviewing your accounts, they may need to see your financial records. We ensure such partners are also bound to confidentiality and privacy obligations.
Government Agencies and Law: We may disclose personal information to government authorities or law enforcement if required or authorized by law. For example: We provide necessary details to the Australian Taxation Office (ATO) and other relevant government bodies when lodging tax returns or other statutory filings on your behalf. This could include your TFN, income details, and other information on official forms, as the law mandates. If we receive a lawful subpoena, court order, or information request from a regulator (like ASIC or the TPB – Tax Practitioners Board), we may be compelled to provide relevant data. We will only do so after verifying the authority of the request and within the bounds of applicable law. We might disclose information to our professional indemnity insurers or legal advisors if required in the course of obtaining advice or defending a legal claim. In such cases, those recipients would be bound to confidentiality.
Business Transfers: In the unlikely event that Hawkeye Financial undergoes a major business change (such as a merger, acquisition, or sale of the practice), personal information held by us may be transferred to the new owner or entity as part of that transaction. If so, we will ensure the new entity is bound to protect your information in line with this Privacy Policy. We will also notify you or obtain consent where required by law in such scenarios. Client-Authorized Disclosures: We will disclose your information to third parties if you instruct or consent for us to do so. For example, if you ask us to liaise with your solicitor, banker, or another advisor and provide information to them, we will do so with your permission. Similarly, if you use our services to set up something that involves a third party (like helping you apply for a loan or insurance), we will only share the needed details with your knowledge. In all cases of data sharing, we follow the principle of data minimization – only sharing the specific information necessary for the purpose. Where personal information is disclosed to a third party (including those outside Australia), we take reasonable steps to ensure they handle it securely and in accordance with applicable privacy laws. This may include contractual arrangements with service providers to safeguard your data. (See Cross-Border Disclosure below regarding information stored overseas.)
We also want to reassure you of what we do not do: We do not sell mailing lists or personal details to advertisers. We do not disclose your TFN or sensitive financial info to any unauthorized party. And apart from the potential future advertising cookies noted earlier (which would not reveal your identity to us, only a code to show you ads), we do not currently share your browsing data with advertisers or social media companies for ad targeting.
Cookies & Analytics (Website Usage Tracking)
Our website uses “cookies” and similar tracking technologies to enhance your experience and analyze usage. A cookie is a small text file placed on your device when you visit a site, which can be read on subsequent visits. The cookies on our site may be set by us or by third-party services we use.
Why we use cookies: Essential Cookies: These are necessary for basic website functionality (for example, to remember your preferences or keep you logged in if our site had a client login area). Analytics Cookies: We use Google Analytics to gather information about how visitors use our site, as mentioned. Google Analytics cookies collect data on things like pages viewed, traffic source, and user interactions. This helps us compile reports and improve the site. The information collected is aggregated and not used to identify individuals. Google may also set its own cookies to distinguish
unique users and throttle request rates.- Social Media Widgets: Our site may include social media plug-ins (e.g. an embedded Instagram feed or YouTube video). These features might set cookies or use similar tech to track engagement (for instance, to show how many likes our Facebook page has, or to allow you to “like/share” content directly). Embedded content from third-party sites behaves as if you visited those sites.
A YouTube video embed might allow YouTube/Google to collect data about your viewing (per YouTube’s privacy policy). We do not control these third-party cookies. Please review the privacy policies of any third-party services for information on their cookies and data practices. Metricool and Other Tools: If we employ Metricool or other analytics/management tools, they may also use cookies to track website and social media performance. This could include measuring clicks from social posts to our site, etc. Again, any such data is used by us in aggregate form to monitor our online reach. Managing cookies: By using our site with cookies enabled in your browser, we assume you consent to our use of cookies. You can control or delete cookies via your browser settings at any time. Most
browsers allow you to block all cookies, or to block third-party cookies (which come from domains other than ours, such as Google’s or Facebook’s), or to prompt you before accepting cookies. You can also delete cookies that have already been set. Please note that if you disable all cookies, some features of our site might not function as intended. For example, embedded content or analytics might not load properly.
Additionally, our site uses advertising-related cookies (such as Google Ads tags and the Facebook Pixel) to support our online marketing. We provide clear information on how you can opt out of these advertising features: for instance, you can manage Google’s advertising cookies through Google’s Ads Settings, adjust your Facebook ad preferences in your Facebook account settings, or opt out of targeted ads via industry tools like the Digital Advertising Alliance’s consumer opt-out page. We clearly communicate these options so that you can control how your data is used for advertising.
We strive to uphold the OAIC’s guidance on use of tracking technologies – meaning we assess the necessity of any tracking and implement “privacy by design” measures. We configure our analytics
to collect the minimum data needed and avoid any collection of sensitive information via pixels. Our use of cookies is intended to be reasonable and proportionate to our business needs, and we are
transparent with you about it.
Data Storage & Security.
Security Measures: We take reasonable steps to protect personal information from misuse, loss, unauthorized access, modification, or disclosure.
Access Control: Only authorized personnel of Hawkeye Financial (and trusted contractors who have signed confidentiality agreements, if any) can access personal data relevant to their duties.
We use unique user IDs and strong passwords for all systems holding client data. Admin access to critical systems is limited to key individuals. Encryption & Network Security: Wherever possible, we enable encryption for data in transit and at rest. For example, our cloud services (Microsoft, Xero, Mailchimp) all transmit data over SSL/TLS encrypted connections (the same technology used in online banking). Our website is HTTPS-secured to encrypt information you submit through forms. We encourage you to only share sensitive documents via our secure channels (e.g. SharePoint link or encrypted email) which we can set up as needed.
Any physical documents containing personal data (e.g. copies of IDs or signed forms) are stored in cabinets and are shredded or securely disposed of when no longer required. Antivirus and Updates: All our computers and devices run up-to-date antivirus/anti-malware software. We promptly install security updates and patches for software and systems to guard against vulnerabilities.
Backup and Recovery: Our cloud services typically have their own backup processes to prevent data loss. We also perform periodic internal backups of critical data (stored securely) so that we can recover information in case of accidental deletion or technical failure. Training and Policies: Our team is trained on confidentiality and privacy best practices. We have internal policies that govern how personal info is handled (for example, not leaving sensitive information visible on screens, verifying identities before disclosing info over phone or email, etc.). We enforce this policy among all staff and regularly review our procedures to adapt to new security threats.
Despite our best efforts, it’s important to note that no method of transmission or storage is 100% secure. The internet by its nature has risks. However, we continually update our safeguards in line
with industry standards to minimize risks. If we detect or suspect any data breach involving your personal information, we will act swiftly in line with our data breach response plan. This may include
containing the breach, assessing its impact, notifying affected individuals and the Office of the Australian Information Commissioner (OAIC) as required by the Notifiable Data Breaches scheme, and
taking steps to prevent recurrence. If you have particular security concerns (for example, if you prefer us not to send certain documents via email), please let us know and we will discuss alternative arrangements.
Tax File Numbers and Sensitive Information.
TFN information you provide will be handled in accordance with the Privacy (Tax File Number) Rule 2015 under the Privacy Act. This means: We will only collect, use, or disclose your TFN for lawful purposes—primarily for fulfilling your taxation obligations or as otherwise authorised by taxation law or social security law. Typically, this means using your TFN on tax returns or sharing it with the ATO as required. We do not use your TFN to identify you in our own systems or for any non-tax related purpose. We securely store TFN information and limit access strictly to staff who need it for the relevant
service. TFNs in electronic form are stored in encrypted files or within secure systems (for example, if a TFN is included in a document on SharePoint, that document is access-controlled). Any TFNs on physical documents are blacked out or redacted in copies where not needed, and files containing TFNs are kept in locked storage. When disposing of records that contain TFNs (once they are no longer needed or legal retention requirements lapse), we will permanently destroy or de-identify that information in a secure manner. Shredding of paper files and secure deletion of electronic files is standard practice. A breach of the TFN rules is considered a serious privacy breach. We have procedures to immediately respond if any TFN data is compromised, and individuals may lodge complaints with the OAIC if they believe their TFN info has been mishandled.
Similarly, if we collect other sensitive information (for example, if as part of identity verification you provide a copy of a driver’s license or if in rare cases we need health or insurance information for a
your tax return), we will only do so with your consent and will protect it with a high level of security. We do not collect sensitive information about you unless it’s necessary for our engagement (which is
uncommon for accounting services, except for identification documents or certain financial context). If we ever hold information about your racial or ethnic origin, political or religious beliefs, health, or other sensitive matters, we treat it confidentially and use it only for the purpose for which you gave it to us or as required by law.
In summary, we understand the trust you place in us when you provide personal identifiers and financial details. We take our legal and ethical obligations seriously to keep that information safe and
use it only as appropriate.
Cross-Border Disclosure (Overseas Data Transfers).
As noted, Hawkeye Financial is an Australian firm serving Australian clients. We do not send your personal information to overseas recipients for processing by third parties except in the following
scenarios:
Cloud Data Storage and Services: Some of the third-party services we use to store or manage data are based overseas or may use servers located overseas. For example, using Mailchimp means your data is stored in the USA; using Microsoft 365 or Xero may involve backups or redundancy storage outside Australia. In these cases, technically an “overseas disclosure” of personal information occurs when data travels to those servers. We assure you that we select service providers with strong data protection practices. We also take reasonable steps to ensure that any overseas-hosted data is afforded protection equivalent to Australia’s privacy standards, either through contract or the provider’s adherence to frameworks (for instance, Microsoft and Intuit are large companies with commitments to GDPR and global privacy regimes). By using our services or providing us your information, you consent to this transfer and storage of your data on overseas servers when it’s for the purposes described in this Policy. If you have objections or wish to know more details about where your data might be stored, please contact us. We can often arrange for data to be stored solely in Australia if required (for instance, choosing Australian data center settings), although in general our current configurations already favor Australian storage where possible.
Your interactions via third parties: If you engage with our social media pages, your information is of course stored on those platforms’ servers (which might be overseas). For example, a message sent to us on Facebook is stored on Facebook’s system in (likely) the USA or other locations. By using those platforms to communicate with us, you are effectively consenting to that storage via the platform’s terms. We recommend reviewing Facebook’s and Google’s privacy policies for how they manage cross-border data.
No routine overseas disclosures for services: We do not presently outsource any accounting work overseas and do not transfer client files to overseas recipients in the course of our services. All our personnel handling your work are based in Australia. If this ever were to change (for example, if we engage an overseas consultant for a specialized task), we would only do so with your express consent and under strict data protection agreements.
Under Australian Privacy Principle 8.1, before disclosing personal information to an overseas recipient, we must either take steps to ensure they will protect it to the standard required by the APPs, or inform you and obtain your consent to the disclosure (with awareness that the overseas entity may not be subject to Australian law). In our case, the main overseas disclosures are to our cloud IT providers. We have reviewed these providers’ privacy and security measures. For instance, Mailchimp is subject to US laws, and by consenting to our use of Mailchimp, you acknowledge APP 8.1 may not apply to that particular transfer. However, note that Mailchimp’s terms contractually require it to safeguard our data, and it has security certifications in place. For other providers like Microsoft or Xero, they either have Australian servers or are under agreements that align with APP obligations.
If you do not want your information stored or processed overseas in any capacity, please discuss this with us. We can explain what, if any, data could be held offshore and perhaps find alternative solutions (for example, not using Mailchimp for you, or storing your documents only in an Australia-only location). Our aim is to be transparent about where your data might reside so you have control.
Google Meet Recordings and Consent
meetings are not recorded. On occasion, we may wish to record a meeting – for example, if a lot of complex information is being discussed, a recording can help ensure we don’t miss details when
reviewing later. We will always ask for your consent before recording any meeting, and we completely understand if you prefer not to be recorded. When a Google Meet session is recorded, all participants are typically notified via Google’s on-screen notification. We will verbally confirm at the start of recording that everyone is aware and consents. If you do not consent, we will simply not record, or we can stop an ongoing recording and proceed without it. There is no obligation for you to agree to recording; it’s entirely optional. If a meeting is recorded with your consent, the recording will be used strictly for internal purposes such as preparing meeting minutes, recalling your instructions, or training/supervising staff (if, say, a junior accountant sits in). We treat recordings as highly confidential. They are stored securely just like any other personal information (on encrypted cloud storage). We do not share the recording with anyone outside our firm unless required by law or unless you ask us to (for example, if you want a copy or want us to share it with another advisor). We also do not keep recordings longer than necessary. Once it has served its purpose (for example, after we’ve extracted the needed information or completed the related task), we will delete the recording to protect your privacy. By participating in a video meeting with us, you acknowledge that this policy on recordings has been communicated to you. If you have any concerns about recordings or prefer to communicate in person or via unrecorded calls, we are happy to accommodate that. Your comfort is important to us.
(On a related note: If you ever have an in-person meeting at our office and would like to record the conversation for your own reference, please inform us. We generally don’t object if a client wants to record their own session, but we’d like to mutually agree on it.)
Retention of Personal Information
We retain personal information only for as long as it is needed for the purposes for which we collected it, or as required by law or our record-keeping policies. How long that is can vary:
Client Files: If you become a client, we will retain your information for the duration of our engagement and for a period after its conclusion. For example, tax legislation and professional guidelines often require us to keep copies of working papers, lodged returns, and advice provided for at least 5 to 7 years. We may keep files longer than the minimum if we believe it’s necessary (e.g. for continuity if you return as a client or for our internal reference to answer queries). However, we won’t keep personal data indefinitely unless there’s a continuing purpose. When records are no longer required, we will securely destroy or de-identify them. Prospective Client Inquiries: If you contact us but do not end up engaging our services, we might keep your inquiry information for a short period in case you come back or for our own analysis of inquiries. Typically, we would not retain such data beyond a year if there’s no further interaction. You can also request us to delete your info if you decide not to proceed – we will honor that (unless legal considerations like conflict-of-interest checks require retention). Marketing Lists: We keep your contact details on our marketing list until you unsubscribe or
until we learn that the contact is no longer valid. Once you opt out, we may keep a suppression record (your email address) just to ensure we don’t accidentally re-add you, but we won’t continue to send you emails.
When destroying physical records, we use secure bins or cross-cut shredders. For electronic records, we delete files in a way that they cannot be easily recovered (and ensure cloud trash folders are
emptied). We also may anonymize data – for instance, instead of deleting a record entirely, we might strip out personal identifiers and keep the rest for statistical purposes. If you have specific questions about our retention of certain types of records, please contact us (contact details are at the end of this Policy). We can provide more precise info based on your circumstances.
Your Rights and Choices
Under Australian privacy law, you have rights in relation to the personal information we hold about you:
Access: You have the right to request access to the personal information we hold about you. This means you can ask us to provide you with a copy of your personal data (subject to some exceptions under the law). For example, you can request copies of documents, emails, or file notes that we have in your client file. We will need to verify your identity before granting access to ensure we don’t inadvertently share someone else’s information. Access requests are generally free of charge, but if your request is complex or requires significant resources (e.g. retrieving archived data), we may charge a reasonable fee for the cost of supplying it – we will let you know in advance if that’s the case. We aim to respond to access requests within a reasonable time (typically within 2-3 business days for simple requests, or up to 30 days if it’s more involved).
If we cannot give you certain information (for example, if it includes someone else’s personal data or is subject to legal privilege), we will explain the reasons. Correction: We strive to keep your personal information accurate, up-to-date, and complete. If you believe any information we hold about you is incorrect, incomplete, or outdated, you have the right to request that we correct it. Simply contact us with the details of what needs updating (for instance, a new address or correcting a misspelled name). We will take reasonable steps to amend our records. If for some reason we disagree that the information is wrong (which is rare), we will let you know our reasons and note your request on file. Deletion (Erasure): Australian privacy law doesn’t grant an absolute “right to be forgotten” as in some jurisdictions, but we are generally happy to accommodate requests to delete personal information that we no longer need. If you cease to be a client and want us to erase certain data, please let us know. We will do so provided there’s no lawful requirement to retain it. Keep in mind, due to legal and professional obligations, we might need to retain certain records for a period (e.g. as mentioned, tax files for 5+ years) and cannot delete those until that period passes. However, we can certainly remove you from marketing lists and ensure no active use of your data once our services conclude.
Withdraw Consent: If you have given consent for a particular activity (for example, receiving our newsletter, or to record a meeting), you can withdraw that consent at any time. Just inform us, and we will stop the related activity. Note that withdrawing consent will not affect any use or disclosure that had already occurred with your permission but will stop future use. Anonymity/Pseudonymity: As noted, you have the option to deal with us anonymously or under a pseudonym where practical (e.g. initial inquiries). However, for most professional engagements, we will need your real identity information.
To exercise any of these rights, please contact us using the details in the Contact Us section. We may ask you to put your request in writing for clarity and record-keeping. We may also need to verify your identity (to ensure we are dealing with the right person). We will not charge you for making a request or for correcting your data. In case of access requests, as mentioned, a minimal fee could apply if it’s resource-intensive, but we’ll discuss that with you first. If you request access or correction and are not satisfied with how we handle it, you can utilize our complaints process (below) or ultimately complain to the OAIC. But of course, we encourage you to engage with us first as we are eager to resolve any issues cooperatively.
Complaints and Queries
How to Contact Us with Privacy Issues:
Email:
[email protected] – You can email our Privacy Officer or managing partner at this address. Please provide details of your question or complaint, and any relevant
background.
Phone: You may call our office at (+61) 458 852 324 and ask to speak with the Privacy Officer. (If your issue is urgent, a phone call can alert us quickly, though we might still request a written
summary for a formal complaint so we don’t miss any details.)
Postal Mail: If you prefer, you can send a letter to: The Privacy Officer, Hawkeye Financial, 104 Chelford Street, Brisbane QLD 4053. Please mark the envelope “Private and Confidential – Privacy
Concern”.
Our process for complaints: Once we receive your complaint, we will:
(1) Acknowledge it within a reasonable time (usually within 2 business days).
(2) Investigate the matter – this might involve reviewing relevant records, speaking to the staff members involved, and assessing what happened.
(3) Respond to you with the outcome or interim updates. We aim to provide a resolution or substantive response within 30 days. If the matter is complex or requires more time (e.g. consulting a third party or legal counsel), we will let you know and keep you informed of progress. If we find we did not meet our obligations or your expectations, we will take steps to address the issue. This may include apologizing, correcting any mistake, and updating our procedures to prevent future occurrences. If the issue involves a data breach or serious misconduct, we will take immediate steps to
contain it and comply with any legal notification requirements.
If you are not satisfied with our response or how we handle your complaint, you have the right to escalate the matter. You can contact the Office of the Australian Information Commissioner (OAIC).
The OAIC can investigate privacy complaints and has the authority to make determinations. The OAIC’s contact details are:
Website: oaic.gov.au (there is an online complaint form available)
Telephone: 1300 363 992
Email: [email protected]
Post: GPO Box 5218, Sydney NSW 2001
We certainly hope it never gets to that – our aim is to resolve any issues directly and amicably. We welcome feedback at any time about our privacy practices.
Updates to This Policy
Contact Us
please contact us:
Hawkeye Financial – Privacy Officer
Address: 104 Chelford Street, Alderley, QLD 4053 or via Phone: (+61) 458 852 324 Email: [email protected]
We value your trust and cooperation. Thank you for taking the time to read our Privacy Policy.