Grenfell Murray Business Advisors and Accountants - logo

Privacy Collection Statement

1.              Privacy Commitment

Thank you for visiting our Website and for reviewing our Policy. We respect the importance of your privacy and the Personal Information in our care. We have created this Policy in order to demonstrate our firm commitment to your privacy.

We are subject to and seek to ensure that all Personal Information we collect is handled in compliance with the Australian Privacy Principles contained in the Act. This Policy sets out how we collect, hold, use and disclose information (including Personal Information) that we obtain from you. 

2.              Collection of personal information

2.1. We collect Personal Information as well as non-personally identifiable information that you voluntarily provide.

2.2. We will only collect Personal Information about you:

  • from you (including via online enquiry forms you submit, our direct discussions with you, any emails, blogs, letters, or other correspondence you send to us and when you subscribe to our online publications);
  • if you have created an online account with us, from your use of that online account;
  • from any entity within our Grenfell Murray Group;
  • from any person authorised by you to provide such Personal Information to us (such as your professional advisors or personal representatives);
  • if you are part of a Group, from any other member of that Group for so long as you have provided consent to the same and have not revoked that consent by written notice to us;
  • from third party contractors and suppliers we engage to help us provide services;
  • from external sources where the information is publicly and readily available; and
  • from third parties (for example, your spouse) where it is otherwise unreasonable or impractical to collect such Personal Information from you directly. In such cases, we will inform you before, or as soon as reasonably practicable after, we collect such Personal Information.

2.3. As an example, and without limiting the types of Personal Information we collect, we may collect the following Personal Information (a) name, address, and contact details such as telephone number and email address, (b) details of your interests in or ownership of entities or control of trusts, and (c) accounting information such as your tax file number, bank account details, credit card details and details of your investments.

2.4. We will only collect information relating to your tax file number for purposes authorised by law. You are not obliged to provide your tax file number to us but if you fail to do so, there may be financial consequences.

2.5. Through technology we may automatically record details including your internet address, domain name and the date and time of your visit to our Website (including the web pages viewed), your browser and operating system. If you link to our Website from another website then that information may also be recorded. We may also use cookies (small files exchanged between a website server and your computer) on our Website. If you do not want to allow cookies to be used to collect information, you can disable cookies on your computer by changing the security and privacy settings in your browser.

2.6. Where you provide us with Personal Information of third parties (for example, your spouse) you warrant to us that the relevant individuals have consented to you disclosing their Personal Information to us.

3.              Use and disclosure of Personal Information

3.1. How we use your Personal Information varies based on the services we are providing. Generally, we may use your Personal Information:

  • as necessary to provide services to you;
  • to perform due diligence and conflict checks prior to agreeing to provide services to you;
  • for customer relationship management purposes and to respond to your queries;
  • for recruitment purposes;
  • to analyse client needs and improve the services we provide;
  • for audit, regulatory and compliance purposes;
  • for industry accreditation purposes;
  • for accounting and administrative purposes (including to process transactions, provide accounting services, facilitate our internal business operations and comply with our legal or regulatory obligations); and
  • for other purposes related to our provision of business advisory services to you.

3.2. We will not use or disclose your Personal Information for a purpose other than for that which it was collected unless you have provided your consent or you would reasonably expect us to use or disclose the Personal Information for that other purpose. If you are part of a Group and have consented to our use of your Personal Information so we can perform the services in the Engagement Letter in respect of each and any Group member, we may use your Personal Information as part of performing those services for any Group member unless and until you provide us with a written notice revoking such consent.

3.3.  We may disclose your Personal Information:

  • to any other member of our Grenfell Murray Group to allow them to provide you with services or to provide information about the services they provide or so they can assist us in providing applicable services to you;
  • to our contractors, agents and service providers (for example, information technology contractors, debt collection agencies, event managers and recruitment and human resources consultants) but only (a) for the purpose of providing services to you, (b) as necessary to facilitate the operation of our business, and/or (c) for the purpose of storing your Personal Information;
  • to other entities in our Grenfell Murray Group to facilitate our and their internal business operations;
  • to the Australian Taxation Office, the Australian Securities and Investments Commission and other government bodies as required by law or as necessary to provide services to you;
  • to third parties with whom we are affiliated for the purpose of those third parties providing you with information about their services and promotions;
  • as required or authorised by law or to meet our professional standards;
  • to any person with your consent;
  • in connection with any sale of any member of our Grenfell Murray Group; and
  • to our professional advisers but only so they can advise us in respect of the same.

3.4. If you are part of a Group and have consented to our use of your Personal Information so we can perform the services in the Engagement Letter in respect of each and any Group member, we may disclose your Personal Information to any other Group member as part of performing those services (including disclosure in any document, financial reports or tax returns prepared by us) unless and until you provide us with a written notice revoking such consent.

3.5. Information other than Personal Information collected when you visit our Website may be used to monitor usage of and decide how to improve and promote our Website, products and services (including online advertising).

3.6. In addition, Grenfell Murray may:

  • where you have requested the provisions of services, disclose your Personal Information to a Grenfell Murray Group so they can consider your request and contact you in respect of such services; and
  • where you are an employee, contractor, consultant, director or partner of a Grenfell Murray Group, disclose your Personal Information to our third party affiliates so the same can provide you and the Grenfell Murray Group you work with, with online and other resources.

4.             Collection, use and disclosure of Sensitive Information

4.1. We will only collect Sensitive Information from you directly as reasonably necessary to provide services to you and with your consent.

4.2. As an example, and without limiting the types of Sensitive Information we collect, we may collect the following Sensitive Information (a) tax file number and (b) medical information.

4.3. We will not collect your tax file number unless you have signed an Engagement Letter. You may revoke your consent at any time in which case we will only retain your tax file number for any purpose required by law or under any contract.

4.4. We will only disclose Sensitive Information in accordance with the Act as follows: (a) for the primary purpose for which it was collected, (b) for a secondary purpose that is directly related to the primary purpose, or (c) as required by law.

4.5. We will not disclose Sensitive Information to other members in our Grenfell Murray Group without your prior consent.

4.6. Information regarding your tax file number will only be disclosed to you personally and according to relevant laws (including, where you are an individual, in compliance with the Privacy (Tax File Number) Rule 2015 made under section 17 of the Act).

5.              Direct marketing

5.1. We may use or disclose your Personal Information for direct marketing purposes, being:

  • to promote our services and provide you with information and marketing materials about other services that may be of interest to you including services provided by other members of our Grenfell Murray Group;
  • to provide information relevant to your type of business or other area of expertise or interest; and
  • to provide you with the opportunity to attend seminars, conferences or other events that may be of interest to you.

5.2. If you do not wish to receive direct marketing communications from us, you can ‘opt out’ by clicking the ‘Unsubscribe’ link in our emails or other electronic communications, or sending an email to us at the contact details below with your contact details requesting that you no longer receive direct marketing materials from us. We will remove you from our direct marketing database as soon as reasonably practicable after receiving a request but in any event, within 30 days of receiving such a request.

6.              Requirement to provide information

In general, you are not required to provide personal information to us. However, if you wish to receive information about our services, events, industry updates or to apply for employment, you acknowledge that it may not be practical for you to use a pseudonym or otherwise not identify yourself and that we may require you to provide certain Personal Information. If you do not provide some or all of the Personal Information requested, we may not be able to provide you with some or all of the services you request.

7.               Cross border disclosure           

7.1. It is possible (but not likely) that some of the Personal Information we collect may be disclosed to our contractors, agents and service providers located outside of Australia for storage purposes or for the purpose of completing a portion of the services. For example, we may disclose your Personal Information to contractors outside of Australia for processing.

7.2. We take such steps as are reasonably necessary in the circumstances to ensure that any overseas third party service providers we engage do not breach the Australian Privacy Principles. You consent to your information being disclosed to a destination outside Australia for this purpose, including but not limited to the United States, Canada and the United Kingdom.

10.          Identifiers

10.1  We will not adopt a government related identifier (including a Tax File Number) of you as our own identifier of you.

11.           Holding and security of your Personal Information 

11.1. We may store your Personal Information in hard copy or electronic format, in storage facilities that we own and operate ourselves, or that are owned and operated by our service providers.

11.2. We take reasonable steps to:

  • ensure that any Personal Information we hold or disclose about you is up to date, complete and correct; and
  • protect your Personal Information from misuse, interference, loss, and unauthorised access, modification and disclosure using electronic and physical security measures such as:
    (a) securing our premises by requiring security codes to enter our offices after hours;
    (b) placing passwords and varying access levels on databases to limit access and protect electronic information;
    (c) the use of firewalls, encryption, passwords and digital certificates; and
    (e) requiring our staff to undertake privacy and data protection training.

11.3. We will destroy or delete any of your Personal Information which we no longer need to retain noting that we are required by law to retain certain information for a number of years after we have ceased providing the services. If you email us any information (including Personal Information), it is sent at your own risk as it may not necessarily be secure against interception.

12.          Accessing and correcting Personal Information 

12.2. On your request, except to the extent that we are lawfully able to refuse such a request, we will provide you with access to Personal Information that we hold about you. All requests about the Personal Information that we hold should be made by email or in writing to us (see below for our contact details). We will try to respond to your request within a reasonable period.

12.3. If you satisfy us that Personal Information that we hold about you is misleading, inaccurate, out of date or incomplete, except to the extent that we are lawfully able to refuse such a request, we will correct the Personal Information that we hold about you. If it is reasonable and practicable to do so, we will give you access to your Personal Information in the manner that you request. We do not generally charge for providing such access but may do so in certain circumstances.

12.4. In the event that we deny access to or refuse to correct your Personal Information that we hold, we will provide you with written reasons and the mechanisms available to complain about such refusal.

13.           Third party websites 

When you leave our Website, you will be going to websites that are beyond our control. Our Policy does not apply to third party websites. Our Policy only governs the handling of your personal information by Grenfell Murray. We encourage you to read the privacy policies of third party websites before disclosing any Personal Information.

14.           Changes to policy and complaints

We may amend this Policy from time to time without notice to you. The revised Policy will take effect when it is uploaded on our Website. If you believe that we have breached our privacy obligations under the Act, you can make a complaint by emailing or writing to us (see below for our contact details). We will attempt to complete our investigation and resolve your complaint within 14 days from the date you lodge your complaint. If we think it will take longer to resolve your complaint, we will inform you. If we do not resolve your complaint to your satisfaction or you are dissatisfied with the action we have taken, you can make a complaint to the Office of the Australian Information Commissioner. For further information about how to do this, please contact the Office of the Australian Information Commissioner on 1300 363 992 or visit www.oaic.gov.au.

15.           General Data Protection Regulation (European Union)

15.1. This clause applies if the GDPR applies to our dealings with you including because we provide services to you and you reside in the European Union.

15.2. Where the GDPR applies (a) we confirm that we will comply with our obligations under the same, (b) you have all of the additional rights set out in in the GDPR as well as the rights set out in the rest of this Policy. Where the GDPR applies to our dealing with you any provision in this Policy which is contrary to the GDPR will be deemed not to apply.

15.3. We will store your Personal Information for (a) the period we require it to provide services to you and generally for a period of 7 years after the end of our engagement in respect of such services, and (b) any longer period which the law or good business practice requires.

15.4. Where you have consented to the processing and use of your Personal Information under Article 6.1(a) or 9(2)(a), you may withdraw such consent at any time.

15.5. You have a right to require us to erase your Personal Information as allowed under Article 17 including where (a) the Personal Information is no longer necessary for the purposes for which it was collected, or (b) you withdraw your consent and there is no legal grounds for the continued use or processing of the Personal Information by us.

15.6. You have a right to obtain from us a restriction on the use and processing of your Personal Information as set out in Article 18 where (a) the accuracy of your Personal Information is contested by you, (b) the use or processing is unlawful, you oppose the erasure of the Personal Information and request we restrict the use of the same instead, or (c) we no longer need the Personal Information but you require the same for the exercise or defence of a legal claim.

15.7. Where you have consented to the processing and use of your Personal Information under Articles 6.1(a) or 9(2)(a) and the processing of your Personal Information is carried out by automatic means you have a right (a) to receive your Personal Information in a structured, commonly used and machine-readable format, and (b) to transmit that Personal Information to another person or entity without hindrance from us.

15.8. You have a right to obtain from us without undue delay the rectification of inaccurate Personal Date concerning you.

15.9. Subject to the restrictions in Article 14(5), where we do not collect the Personal Information from you we will provide you with the information required under Article 14(1) and 14(2) within the time required by Article 14(3).

15.10. Where we are providing services to you the provision of Personal Information will be a contractual obligation so we can provide the services and, where applicable, so we can meet any statutory obligations. Failure to provide such Personal Information may mean we are unable to provide the services to you in whole or in part.

15.11. If at any time the GDPR requires us to have a data protection officer, then the person specified in Annexure A for our Grenfell Murray Group will be our data protection officer.

15.12. We will transfer your Personal Information outside of the European Union where you have expressly consented in writing or it is necessary for the performance of a contract with you (e.g. so we can provide services to you). We note New Zealand and Canada are recognised by the European Union as being countries outside of the European Union which offer an adequate level of data protection for the purposes of the GDPR. However, currently Australia is not recognised by the European Union as being a country outside the European Union which offers an adequate level of data protection for the purposes of the GDPR.

15.13. You have a right to receive and obtain from us confirmation as to whether or not Personal Information concerning you is held or being used or processed by us, and if so, (a) the purposes of the use and processing, (b) the categories of Personal Information concerned, (c) the recipients or categories of recipients to whom your Personal Data has been disclosed including recipients in third countries, (d) where possible, the envisaged period we will store your Personal Information, or if this is not possible, the criteria we use to determine that period, (e) your right to request we rectify or erase your Personal Information or restrict the use and processing of your Personal Information (see other paragraphs of this clause as to details of your rights in respect of these matters), (f) information as to your rights to lodge a complaint with the independent public authority in the country in the European Union in which you reside, (g) where we do not collect your Personal Information from you, any available information as to the source of the same, and (h) the existence of automated decision making (including profiling) and meaningful information as to the logic involved, as well as the significance and envisaged consequences of such processing and use for you.

15.14. In this clause: (a) Article means an article in the GDPR, and (b) GDPR the General Data Protection Regulation being Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

16.           Meanings

In this Privacy Policy (Policy):

16.1. a reference to us, our or we is to the applicable member of the Grenfell Murray Group.

16.2. Act means Privacy Act 1988.

16.3. Grenfell Murray means Grenfell Murray Pty Ltd (ACN 666 556 743).

16.4. Grenfell Murray Group means each of the entities as specified in Annexure A;

16.6. Engagement Letter means the letter of engagement issued by us outlining the services to be provided by us to members of a Group which is accepted by a member of the Group.

16.7. Group means the individuals, entities and/or companies defined as “the Group” in an Engagement Letter.

16.8. Personal Information means information (including an opinion) about an individual whose identity is apparent or can reasonably be ascertained from the information whether true or not and whether or not recorded in a material form;

16.9. Sensitive Information has the meaning given by the Act and includes Personal Information which relates to an individual’s racial or ethnic origins, religious beliefs or affiliations, trade association, trade union membership, sexual orientation, criminal record and information as to an individual’s health or biometric information.

16.10. Website means all of the pages located on the website you are currently viewing, being www.grenfellmurray.com.au which is operated and maintained by Grenfell Murray.

17.           Contact us

If you have any queries in respect of our Policy or to request access to your information or make a complaint, please contact us by email or in writing to the privacy officer as detailed in Annexure A.

Version 1.1: 17 July 2023

ANNEXURE A

Grenfell Murray
Grenfell Murray Pty Ltd (ABN 43 659 242 106)

Privacy Officer:
Attention: Peta Grenfell, Partner
PO Box 1677, Buddina Q 4575
T: +61 7 5436 0300
E: info@grenfellmurray.com.au

Scroll to Top