Our commitment to your privacy
, trading as “taxfilenumber.org” (“tax file number org”, “tax file number online”, “tfn australia org”, “we”, “us”) takes its obligations under the Privacy Act seriously and will comply with the Australian Privacy Principles (APPs) to protect the privacy of the personal information that we hold.
This policy sets out how we intend to do so. We are committed to ensuring your security and privacy in all your dealings with us. It is also important that you understand how we protect your privacy as well as how, when and where we may use your details.
Legislation Relevant to our organisation regarding Privacy and Information Protection:
As an Australian Privacy Principles (‘APP’) bound entity, we adopt and are bound to carry out our functions or activities under the Australian Privacy Principles (APPs), as detailed in schedule 1 of the Privacy Act 1988 (Privacy Act).
The APP’s outline how most Australian and Norfolk Island Government agencies, large private sector and not-for-profit organisations, private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use and manage personal information. These APP’s cover:
- an individual having the option of transacting anonymously or using a pseudonym where practicable
- the collection of solicited personal information and receipt of unsolicited personal information including giving notice about collection
- how personal information can be used and disclosed (including overseas)
- maintaining the quality of personal information
- keeping personal information secure
- right for individuals to access and correct their personal information
Additional to these requirements and guidelines, we maintain an active involvement and engagement with the Office of the Australian Information Commissioner (OAIC), whose function is in managing privacy advice, facilitating investigations, complaints and administration with regards to the application of the Privacy Act.
We will also comply with the European Union’s General Data Protection Regulation 2016/679 (‘GDPR’) to the extent to which this regulation may apply to us and our use of your information.
What types of personal information do we collect?
Personal information means any information or opinion about an identified individual, or an individual who is reasonably identifiable. If you are a customer, the personal information we may collect about you might include, but not limited to:
- Your Name and surname(s)
- Your contact details (phone, email address)
- Addresses, present and past
- Employer or employment details
- Copy of your identity documents
- Credit card and other payment details
- Your Australian Business Number (ABN)
In addition, we will collect demographic information such as:
- Your gender
- Your age
- Your marital status
- Your Date of Birth
We may also collect any other information provided by you to us via this website or our online presence, or otherwise required by us or provided by you.
In all cases, the personal information that we collect will depend on the nature of your interaction with us and will only be information necessary for one of our functions and activities.
How do we collect and store your personal and/or sensitive information?
We collect your personal information electronically, through our secure web form accessible on our website. We do not collect information using paper forms or accept any applications by regular mail.
Where it is reasonable and practicable to do so, we collect your personal information directly from you when complete and submit your application, enter arrangements with us, correspond with us or provide feedback to us.
We will record, collect, and hold information in relation to your transactions with us. We may monitor and record your communications with us (including email and telephone) for security, dispute resolution and training purposes. We store personal information and data electronically, in a secured, controlled and classified manner, using a secured environment provided by third party data storage providers (OVH and/or Amazon AWS).
All information and data are stored in Australia. We implement a wide range of measures to protect the security of that personal information including, but not limited to:
- Secure Sockets Layer (SSL) to establish an encrypted connection between our web server and your browser
- STARTTLS- encryption for all outgoing communication
- Multi-level authentication
- Secured, password-protected servers with additional 2fa and brute force protection
- Secured hardware at our premises, protected by 256 bits AES encryption
- Role-based access control, restriction on user privileges for our staff on a strict “need to know” basis.
We also take measures in respect of destroying or de-identifying personal information that is no longer needed for any lawful purpose. We implement a wide range of measures to protect the security of that personal information. We also take measures in respect of destroying or de- identifying personal information that is no longer needed for any lawful purpose. We will reasonably ensure that personal information we collect, use or disclose is accurate, complete and up to date.
Why do we collect your personal and/or sensitive information?
As your Tax Agent, we collect personal information about you to be able to provide our goods, services or information to you, including:
- To register an Australian Business Number for you on your behalf;
- To register a Tax File Number for you on your behalf
- To register a Business Name for you on your Behalf
- To register you or your entity for Good and Sales Tax (GST).
- to provide information about you to our contractors, employees, consultants, agents or other third parties for the purpose of providing goods or services to you, including third party providers or bodies which provide registrations, certifications, accounts and similar to you as part of the goods or services we provide to you;
- to comply with our legal obligations, resolve disputes or enforce our agreements with third parties, including to identify potential fraud or other criminal activity and complying with any government body or law enforcement agency in that regard, or storing information in case such circumstances arise in future
In addition, we collect personal information about you to:
- for proof of identity purposes;
- to process payments for our services;
- to provide you with the best possible service in supplying you with our goods and services;
- to check and verify that the information you have provided, and the personal information located from other sources is correct;
- to communicate with you, our customer;
- to understand the needs of our customers and continuously develop and improve our products and services;
- to protect against fraud or other misuse or loss of data; and
- to ensure your security when visiting our website and to learn which areas of the site are of most interest to you (see the section ‘cookies’ below).
- for any purpose that is related to these purposes (or, with respect to sensitive personal information, directly related to these purposes) that would reasonably be expected by the individual
- to improve our internal processes
- to improve our systems
Your data and personal information may also be used as part of our internal processes such as audits and quality controls.
Do we disclose personal information to overseas recipients?
Disclose of personal information to overseas recipients may happen on a strictly “need to know” basis in order to be able to properly deliver our services to you.
Also, no personal data gathered for the purpose of the service will be stored outside Australia.
We might engage third- party organisations to be able to provide our services.
Some of said organisations and/or service providers with whom we have contractual agreements with may provide their services from overseas locations.
In order to effectively deliver our services to you, we may need to grant access to your personal information to said providers.
Your personal information may be disclosed to service providers with who we have agreements with and are located in Poland, France Bulgaria, the USA and Vietnam.
Also, we may engage the services of third parties located overseas who provide us with the tools to communicate with you in an effective matter, including ingoing and outgoing emails and tickets.
We may engage the services of third parties located overseas for the purposes of improving and maintaining our IT infrastructure and website. Such parties may have, on a strict “need to know” basis, access to your personal information.
taxfilenumber.org has implemented mechanisms to ensure that your personal information remains protected at all times even when accessed by a third party provider overseas, and such accesses to your personal information will be performed on a very strict “need to know” basis.
Should you not wish to receive communications from us, you will have the option to unsubscribe on any email you receive from us or to indicate your communication preferences to us. Alternatively, you can contact our Data Protection Officer, set out above, to unsubscribe from our communications.
Direct communication of offers and information
The details you give us may be used to inform you about any offers or promotions we think will be of interest to you and to update you on new products and services or changes to our website. We may also send you details of offers or services provided by our business partners and related entities. You may at any time choose not to receive these communications. Doing so will not cost you anything and we will aim to ensure you stop receiving any unwanted communications as soon as possible.
How can you access to your personal information and correct it if it is wrong?
If necessary, you may request access to the personal information that we hold about you or them (as applicable), under Australian Privacy Principles 12 and 13.
We will provide this information upon request or otherwise as required by law. You may obtain this information by contacting us using the details set out below. Under freedom of information (FOI) you have a right, with limited exceptions, to access documents held by our entity. A FOI request can take up to 30 days to process. The Freedom of Information Act 1982 (FOI Act) may give any person the right to:
- access copies of documents (except exempt documents) we hold;
- ask for information we hold about you to be changed or annotated if it is incomplete, out of date, incorrect or misleading; and
- seek a review of our decision not to allow you access to a document or not to amend your personal
We may require you to identify and specify what information and documents you require access to. You can ask to see any document that we hold. We may refuse access to some documents, or parts of documents that are exempt. Exempt documents may include those relating to national security, documents containing material obtained in confidence, or other matters set out in the FOI Act. Other occasions when we may deny access to personal information include where release of the information would have an unreasonable impact on the privacy of others.
While we endeavor to ensure that the personal information collected from you is up to date accurate and complete, we will assume that any personal information provided by you is free from errors and omissions.
If the applicant can establish that the information, we hold about them is not accurate, complete or up to date, and the applicant requests us in writing to correct this information, we will then take reasonable steps to correct the information. You may request that we update or vary personal information that we hold about you, using the contact details listed below.
If you wish to access information, we hold about you please put your request in writing and send it to: Data Protection Officer:
Suite No180 1/44 Mountain St.
UltimoNSW 2007, Australia
Our Data Protection Officer can also be contacted on: Email: email@example.com
How safe and secure is the information we hold about you?
We take great care with the information we hold about you. All information stored electronically is either password protected and/or encrypted at rest using 256-bit encryption algorithms. In order to ensure we maintain a continuous improvement approach to information security; we maintain and regularly update an Information Security Policy.
The purpose of this policy is to support the management, and ongoing compliance of our organisation to a set of standards and systems to facilitate protection of personal information. The Information Security Policy sets out to ensure that any details are securely protected from misuse, loss, and unauthorised access, modification or disclosure by way of maintaining:
- Dedicated privacy, information security, and ICT roles across our team members;
- Physical (hard copy, media and soft copy) security by preventing unauthorised access to our premises;
- Computer network security including password security to prevent unauthorised access;
- Incident prevention and management reporting structures;
- Strong password policies, including use of two-factor authentication and password managers to adopt best practices;
- Communication security;
- Undertaking regular staff training regarding security best practices, and prevention measures;
- Limiting access to authorised staff and contractors and undergoing background clearances for all staff with access to personal details
When the information is no longer needed, we will take destroy personal information.
What are ‘cookies’ and how do they work?
Cookies are small data files that are downloaded from our web servers and stored on your hard drive. A cookie is a string of letters and numbers that uniquely identify the computer you are using and the Username and password you may have used to register at the site. Two types of cookies are used on taxfilenumber.org website. The first tracks a visitor’s journey through our site. This allows us to see briefly which pages and information is of most interest to visitors. This type of cookie contains no personal information at all; it is simply a record of your journey through the site.
The second type of cookie exists only for the actual time you are logged on. These cookies ensure greater security for you by authenticating and identifying whether you are registered for the secure areas of the site – without the need for you to re–enter information. Most browsers can be configured to refuse to accept cookies. You can also delete cookies from your hard drive. However, doing so may hinder your access to valuable areas of information within our site.
If you have a complaint about our dealings with personal information, this policy or an alleged breach of the Australian Privacy Principles you have the right to expect that we will handle it in a friendly and professional way. When we receive a complaint, we look on it as valuable feedback that may help us to improve the services we offer and to ensure your needs are met in a satisfactory and appropriate manner.
If you wish to complain at any time about the handling, use or disclosure of your personal information just write to us at the following address:
Suite No180 1/44 Mountain St.
UltimoNSW 2007, Australia
Our Data Protection Officer can also be contacted on: Email: firstname.lastname@example.org
We will make all efforts possible to investigate your complaint within 20 days and advise you of the outcome as soon as possible within 40 days of you making the complaint. If the matter is not resolved to your satisfaction you can then refer your complaint to the Director of Compliance (Investigations) at the Office of the Australian Information Commissioner who can be contacted at:
Office of the Australian Information Commissioner
GPO Box 5218 Sydney NSW 2001
to investigate your complaint and advise you of the outcome as soon as possible.
If the matter is not resolved to your satisfaction you can then refer your complaint to the Office of the Australian Information Commissioner who can be contacted through the following website: OAIC Website.
We use Google to advertise and remarket our website and/or services
Google’s advertising requirements can be summed up by Google’s Advertising Principles. They are put in place to provide a positive experience for users.
We have implemented the following:
- Remarketing with Google AdSense
- Demographics and Interests Reporting
We, along with third-party vendors such as Google use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) or other third-party identifiers together to compile data regarding user interactions with ad impressions and other ad service functions as they relate to our website.
California Online Privacy Protection Act
According to CalOPPA, we agree to the following:
Can change your personal information:
- By emailing us
How does our site handle Do Not Track signals?
We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking?
It’s also important to note that we allow third-party behavioral tracking
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
- Send information, respond to inquiries, and/or other requests or questions
- Process orders and to send information and updates pertaining to orders.
- Market to our mailing list or continue to send emails to our clients after the original transaction has occurred.
To be in accordance with CANSPAM, we agree to the following:
- Not use false or misleading subjects or email addresses.
- Identify the message as an advertisement in some reasonable way.
- Include the physical address of our business or site headquarters.
- Monitor third-party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly.
- Allow users to unsubscribe by using the link at the bottom of each email.
You can request further information about the way we manage the personal information that we hold by writing to:
Data Protection Officer