Privacy policy.

Legal disclaimer text regarding privacy policy and data protection

1. Information we collect

We may collect personal information that is reasonably necessary for our professional activities, including:

  • Name, job title, organisation, and business contact details;

  • Information submitted through our website’s contact form or during engagements;

  • Billing and payment details;

  • Professional or employment data relevant to audits or advisory work;

  • Documents or evidence provided by clients that may contain personal or sensitive information (e.g. HR or health data);

  • Basic technical information such as browser type or aggregated website-usage analytics;

  • Your preferences or consent to receive news and updates (where you opt in).

We do not intentionally collect personal information we do not require.
If we receive information that is unnecessary for our purposes, we take reasonable steps to delete or de-identify it unless retention is legally required.

2. How we collect personal information

We collect personal information:

  • Directly from you via website forms, email, or meetings;

  • From your employer or authorised representatives during engagements;

  • Automatically through limited website analytics and cookies;

  • From publicly available sources when performing professional due-diligence.

3. Use of personal information

We use personal information to:

  • Deliver and manage assurance, audit, consulting, and advisory services;

  • Respond to enquiries and administer client relationships;

  • Issue invoices and manage payments;

  • Meet legal, regulatory, and contractual obligations;

  • Maintain internal records and improve service quality;

  • Comply with lawful requests from regulators or authorities;

  • Send news and updates where you have opted in to receive them.

You can opt out of news or update communications at any time by following the unsubscribe link in those messages or by contacting us through our website.
We do not sell, rent, or share subscriber information for marketing purposes.

4. Sensitive information

We may handle sensitive information if provided within client documentation (for example, personnel, health, or government records).
Such information is used only when required to perform our contractual obligations, stored securely, and deleted or de-identified when no longer needed.

5. Disclosure of information

We may disclose personal information to:

  • Service providers who support our business operations (e.g. secure IT hosting, accounting, or document management);

  • Auditors, regulators, or certification bodies when disclosure is required;

  • Other third parties with consent or as permitted by law.

Where information is disclosed to any third party—whether within Australia or overseas—we ensure equivalent security and confidentiality standards are maintained.

6. Data security

We apply administrative, technical, and physical safeguards to protect personal information against unauthorised access, alteration, misuse, or disclosure.
All storage systems employ encryption and access control. Access is limited to authorised personnel only.

7. Retention of information

Personal information is retained only for as long as necessary to meet legal, regulatory, and contractual obligations or to resolve disputes.
Once it is no longer required, we securely delete or de-identify the information.

8. Cookies and analytics

Our website uses limited cookies and built-in analytics to understand aggregated visitor activity. These tools do not personally identify users.
You may block cookies through your browser settings, although some site features may not function as intended.

9. Access and correction

You may request access to, or correction of, personal information we hold about you.
Requests can be submitted through the contact form on our website.
We will respond within a reasonable timeframe and, where lawful, provide access or make corrections.

10. Complaints

If you believe your personal information has been mishandled, you can lodge a complaint via the contact form on our website.
We will investigate and respond promptly.
If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
The most recent version will always appear on our website, identified by its effective date.

Effective Date: 21 October 2025

12. Contact us

Entity responsible: Assurance Bureau. For all privacy enquiries, please use the contact form on our website below.

By submitting this form, you consent to us using the information provided to respond to your privacy enquiry in accordance with our Privacy Policy.
We may request additional information to verify your identity before providing access or making corrections.