Privacy Policy

Introduction

During the course of carrying on our business, there are circumstances where we collect Personal Information. This privacy policy has been developed to ensure that such information is handled appropriately. We are committed to complying with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles (APPs), in relation to personal information we collect.

This policy does not apply to personal information that is directly related to the employee records of current or former employees, to information that cannot be linked to an identifiable individual, or to the collection and handling of personal information otherwise not covered by the Privacy Act.

In this Privacy Policy, "the Firm", "our", "us", "we" and similar expressions mean and refer to Accounting and Advisory Pty Limited ACN 602 380 325 and the various trading names under which we provide services, including Cake Accounting.

Why do we collect the information and how is it used by us?

The primary purpose for which we collect information about you is to provide our services as engaged at the best possible quality of service to you.

While providing these services, we may be required to forward information relevant to you that we have received from third parties (including on your behalf).

We may use your information to send product information and promotional material to you. We may also notify you of new services, events, articles or updates we think may be of interest to you. If you would rather not receive this information, please notify us at info@accountingandadvisory.com.au.

We may also collect details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries.

We are also required by law to collect and verify certain identity information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). This may include copies of identity documents (such as a driver's licence or passport) and information about beneficial ownership of entities we act for.

We will only collect, maintain, and use the information for the purpose provided unless you have consented to alternate use of the information, or the use or disclosure is otherwise permitted or required by law.

What sort of information do we collect?

Depending on the circumstances of your engagement, we may collect and hold a range of information about you. This includes (but is not limited to) your name, date of birth, contact details (including address, email address and phone number), occupation, TFN, ABN, family situation and banking details. We may also collect accounting information, including information regarding your assets, liabilities, income, expenditure, employment details and history, and identity verification documents collected under the AML/CTF Act.

To whom do we disclose your personal information?

We use a range of software and service providers to ensure you receive quality and efficient services and to run our internal business systems. This means that external individuals and organisations will at times have access to Personal Information held by us and may collect and use it on our behalf and with our permission.

Examples of these individuals and organisations include independent contractors and consultants, information technology and software providers, and debt collection agencies.

The key software and service providers we use to deliver our serices are:

  • Microsoft - provides cloud hosting, productivity, communication, identity, security and document-management services used in our practice, including Microsoft Azure, Microsoft 365, Office 365, Microsoft Office applications, SharePoint, OneDrive, Exchange Online, Outlook, Teams, Entra ID and related Microsoft security and administration services;
  • Xero - our accounting and practice management platform, which holds client accounting records;
  • Artificial intelligence and automation providers, including Anthropic - provides artificial intelligence services we use to assist with the delivery of our services (see "How we use artificial intelligence" below); and
  • Twilio SendGrid - delivers our transactional emails and receives documents that clients send to us by email.

Each of these providers has access only to the information needed to perform its function, and each has a justifiable functional purpose in the delivery of our services.

We do not sell your personal information, and we do not provide third parties with access to your information other than as described in this policy or as required by law.

How we use artificial intelligence

We may use artificial intelligence and automation tools to assist with the delivery of our services, including to help review, extract, summarise, classify or verify information contained in documents and records provided to us. Where we use these tools, personal information may be processed by our technology providers for that purpose.

We do not knowingly provide passwords, login credentials or accounting-system access tokens to artificial intelligence providers, and we do not rely solely on automated processing to make decisions that have a significant effect on clients. Outputs from these tools are reviewed as part of our normal professional and quality-control processes.

How do we collect the information?

We collect Personal Information about you in several ways, including collecting information directly in face-to-face meetings, from documentation provided by you, through our secure client portal and website, and from correspondence received from you. We may also confirm information held with external data providers.

How and where do we hold personal information?

Your Personal Information is held on secure cloud-based servers. All systems under our direct control - including our client portal and practice records — are hosted in Australia (on Microsoft Azure infrastructure located in the Australia East region, and Microsoft 365 services).

Some of the third-party software providers we use to deliver our services store or process data outside Australia. In particular, Xero Limited hosts its service on servers located in the United States, and Anthropic PBC and Twilio SendGrid process data on servers located in the United States. Where a provider stores or processes data offshore, we take reasonable steps to ensure that the provider handles personal information in a manner consistent with the Australian Privacy Principles.

We take all reasonable steps to protect the personal information that we hold from misuse, interference, loss, and unauthorised access, modification or disclosure. These measures include encryption of data in transit and at rest, multi-factor authentication, role-based access controls (so staff can only access information needed for their role), firewalls, audit logging, and encryption on staff devices.

Our website and client portal

Our website and client portal use cookies and similar technologies for essential functions such as keeping you signed in securely. Access to the client portal is protected by multi-factor authentication. We do not use this information for any purpose other than operating and securing these services.

Data breaches

We have procedures in place to identify, contain, assess and respond to suspected data breaches. If a data breach occurs that is likely to result in serious harm to any individual, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme under the Privacy Act. If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately using the contact details below.

What happens if you do not provide this information?

We require certain information from our clients in order to provide them with the service(s) for which we are engaged. Only necessary information will be sought. If this information is not provided, we may not be able to provide the services, or we may be required to qualify advice provided to you.

How do you access, correct, or update your personal information held with us?

You may gain access to information that we have collected about you by contacting us.
We aim to ensure that the personal information we collect is accurate, complete, and up-to-date. It is our clients' responsibility to inform us if their personal information is not correct. If you believe that any information that we hold is inaccurate or out of date, please contact us and we will review and correct the relevant information.

Will this privacy policy change?

We may, from time to time, review and update this policy, including taking account of new or amended laws, new technology or changes to the way we operate. All personal information held by us will be governed by the most recently updated policy. Any changes to this privacy policy will be updated on our website.

Who do you contact with questions about this privacy policy?

To contact us with a compliment, complaint, or privacy question, you can:
Write to us at:
Privacy Officer
Accounting and Advisory Pty Limited
45 Nerang Street
SOUTHPORT QLD 4215

Email us at: info@accountingandadvisory.com.au
Call us on: 07 5613 2620

We will acknowledge your complaint and respond to you within a reasonable period. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or by calling 1300 363 992.

Last Updated: July 2026