Privacy Policy
Version 2.0 - June 2026
At Theng & Associates Pty Ltd (we, our or us), we are committed to protecting your privacy and handling your personal information under the Privacy Act 1988 (Cth) (Privacy Act) in accordance with the Australian Privacy Principles (APPs).
This Privacy Policy explains how we collect, hold, use, disclose, and protect your personal information.
1. What is Personal Information
Personal information means any information, or an opinion about, an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
2. What Personal Information We Collect
We may collect personal information that is reasonably necessary for the provision of our professional services and to comply with our obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) and Tax Agent Services Act 2009 (TASA).
The Personal Information we collect about you depends on the nature of your dealings with us or what you choose to share with us.
The types of personal information we collect may include:
-
name, gender and date of birth;
-
contact details including addresses, email address and phone numbers;
-
identification documents;
-
Tax File Numbers (TFNs);
-
Director Identification Number (Director ID);
-
employment and income details;
-
financial and banking details relating to your tax and accounting affairs;
-
superannuation details.
3. Collection of Sensitive Information
We generally do not collect sensitive information unless it is reasonably necessary for the provision of our services and permitted by law. This might include information about your political association, membership of a trade union or professional body, criminal record, health information, or biometric information for identity verification.
Where sensitive information is required, we will obtain your consent where required under applicable privacy laws.
4. How We Collect Personal Information
We may collect personal information:
-
Directly from you;
-
Through client engagement/onboarding forms and questionnaires;
-
Through email, telephone, meetings, and correspondence;
-
Through our website and online portals;
-
From government agencies, including the Australian Taxation Office (ATO) and Australian Securities and Investments Commission (ASIC), where authorised;
-
From your financial advisers, solicitors, banks, accountants, and other parties where authorised by you to deal on your behalf with us.
Where reasonable and practicable, we will collect personal information directly from you, but we may also collect personal information from third parties or through publicly available sources.
5. Why We Collect, Hold and Use Personal Information
We only collect, hold and use personal information which is reasonably necessary for purposes including:
-
Providing services that you request from us including accounting, taxation, audit, advisory, bookkeeping and corporate secretarial services;
-
Verifying your identity;
-
Complying with legal and professional obligations;
-
Communicating with you regarding our services;
-
Improving our services and business operations.
6. Disclosure of Personal Information
We may disclose personal information to third parties where reasonably necessary for the purposes described in this policy, including to:
-
external auditors;
-
government agencies such as the ATO and ASIC or as required by law;
-
our professional services and legal advisers;
-
banking and financial institutions;
-
cloud service providers and software providers;
-
other third parties with your written authorisation.
We take reasonable steps to ensure that third-party service providers handle personal information appropriately and dealt with in accordance with their own privacy policies. Regardless of the above, we do not adopt and we do not disclose any government related identifiers such as tax file numbers unless required by or authorised under law or a court/tribunal order.
Where practicable, we will allow you to use a pseudonym or not identify yourself unless it is required under the law. We will also redact certain personal information before sharing it with our service providers. However, given the nature of services we provide, if you choose not to provide us with the information requested or provide us with incomplete or inaccurate information, we may not be able to provide you with the relevant service or information and may elect to terminate any arrangements we have with you.
7. Overseas Disclosure
Some of our service providers may be based in or store / process information outside Australia. The countries in which our service providers may be located, or store information include New Zealand, Singapore, and USA.
Where we disclose personal information overseas, we will take reasonable steps to ensure the recipient handles the information in a manner consistent with the Australian Privacy Principles, unless an exception under the Privacy Act applies. By providing us with your personal information, you consent to your personal information being used, stored and disclosed overseas.
8. Direct Marketing
We may occasionally use your personal information to send marketing information about our services. If you do not wish to receive direct marketing offers, please contact us with the details included at the end of this policy.
We will not use or disclose personal information to third party or external providers for direct marketing.
9. How We Store and Secure your Personal Information
We take all reasonable steps to protect your personal information collected from misuse, interference, loss, unauthorised access, modification, or disclosure.
We may store your personal information in both hard copy and electronic form. We store this data on secure systems accessible only to authorised personnel, and we implement industry best practices to keep your information confidential and secure.
In the event you cease to be our client, your personal information will be retained for a period of not less than 7 years to comply with legal and professional requirements after which we will take reasonable steps to securely destroy or de-identify your personal information.
10. Notifiable Data Breaches
If an eligible data breach occurs, we will comply with our obligations under the Notifiable Data Breaches Scheme, including notifying the affected individuals and the Office of the Australian Information Commissioner (OAIC) where required. If you receive a notification from us of an eligible data breach, you should read and implement the steps recommended to you.
11. Websites and Cookies
Our website may use cookies to improve user experience and analyse website traffic. Cookies generally do not identify individuals directly but may collect information such as IP address, browser type, device information and website usage statistics. You may disable cookies through your browser settings, although some website functionality may be affected.
Our website may include links to other websites operated by third parties who may collect personal information. We make no representations or warranties for the privacy practices of any third-party provider or website, and we are not responsible for the privacy policies or content of any third-party provider or website. These third parties are responsible for informing you about their privacy practices and we encourage you to read their privacy policies.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our business practices, legal obligations, or regulatory requirements.
The current version will always be available on our website, or you can request a copy by contacting us.
13. Access to and Correction of Personal Information
You may request access to personal information we hold about you subject to certain limitations under the Privacy Act and we will respond within a reasonable time to your request. A request must be made in writing to our Privacy Officer. A fee may apply to cover our costs for retrieving and copying.
You are responsible for ensuring that your personal information is accurate, up to date and complete, and we encourage you to contact us should your personal information change. If you believe any of your personal information we hold about you is incorrect or incomplete, you may contact us to correct the information without a fee.
We may decline access or refuse to correct your personal information in certain circumstances permitted under the Privacy Act and we will provide you with a written notice for the reason. You have a right to make a complaint below if you disagree with our decision on this matter.
14. Complaints
If you believe we have breached the APPs or want to make a complaint on how we handled your personal information, please contact our Privacy Officer using the details below. We will investigate your complaint and respond within a reasonable timeframe (usually 30 days).
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
You can contact our Privacy Officer at:
Theng & Associates Pty Ltd
PO Box 951, South Perth WA
Telephone: 08-9367 7166
Email: admin@theng.com.au
