Evergrowth Consulting — Accounting & Tax Services
Last reviewed: 2026 / 2026.06

1. Our Commitment to Your Privacy

Evergrowth Consulting (ABN 27 433 203 612) is committed to protecting the privacy of your personal information. We comply with the Privacy Act 1988 (Cth) (Privacy Act) and the thirteen Australian Privacy Principles (APPs) set out in Schedule 1 of that Act.

As a registered tax practitioner, we also comply with the confidentiality obligations under Code item 6 of the Tax Agent Services Act 2009 (Cth) (TASA), which prohibits us from disclosing any information relating to a client’s affairs to a third party without the client’s permission or a legal duty to do so. Our obligations in relation to Tax File Number (TFN) information are further governed by the Privacy (Tax File Number) Rule 2015 (TFN Rule), which legally regulates the collection, storage, use, disclosure, security and disposal of TFN information.

Where applicable, we also comply with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act). From 1 July 2026, accounting firms providing designated services are required to enrol with AUSTRAC and implement an AML/CTF compliance program. Personal information collected under AML/CTF obligations is handled consistently with the Privacy Act and OAIC guidance.

2. What Personal Information We Collect and Hold

We collect and hold personal information that is reasonably necessary for the performance of our accounting, tax, advisory and compliance services (APP 3).

Personal information we typically collect includes:

• Full name, date of birth, residential and postal address
• Contact details (phone, email, fax)
• Australian Business Number (ABN), Tax File Number (TFN) — see section 5 for TFN-specific obligations
• Financial information: income, assets, liabilities, superannuation, bank account details
• Employment details and payroll records
• Company, trust and partnership details including beneficial ownership information
• Identity verification documents (e.g., driver’s licence, passport) — see section 5 for AML/CTF document retention obligations
• Information about your representatives, employees, beneficiaries or associates, where necessary to provide our services

Sensitive information (e.g., health information relevant to superannuation or insurance advice, information about criminal history where required for AML/CTF compliance) is only collected where you have consented or where permitted or required by law.

We do not knowingly collect personal information from persons under 18 years of age as part of our standard service delivery without parental/guardian consent.

3. How We Collect Personal Information

We collect personal information in several ways (APP 3 and APP 5):

• Directly from you — via engagement letters, onboarding forms, questionnaires, meetings, telephone, email, our website or a client portal
• From third parties, with your consent or as permitted by law — such as the ATO, ASIC, the Office of State Revenue, your employer, financial institutions, or referring advisers
• From public registers — such as ABN Lookup, ASIC Connect, land title registers or similar official databases
• Automatically via our website — we may collect usage data, IP addresses and cookie information when you visit our website; see section 10 (Website & Online Services)

We will take reasonable steps to notify you at or before the time of collection (or as soon as practicable after) of the matters required by APP 5, including the purposes of collection and how to access this Privacy Statement.

If we receive personal information about you that we did not solicit, we will determine whether we could have collected it under APP 3 and, if not, we will destroy or de-identify it as soon as practicable (APP 4).

4. Purposes for Collecting, Holding, Using and Disclosing Personal Information

We collect, hold, use and disclose personal information for the following primary purposes:

1. Providing accounting, taxation, bookkeeping, business advisory and compliance services to you
2. Preparing and lodging tax returns, activity statements and other statutory obligations with the ATO, ASIC, and other regulatory bodies
3. Administering the client relationship, including invoicing, fee recovery and communications
4. Complying with our legal and regulatory obligations under the TASA, Privacy Act, TFN Rule, AML/CTF Act, Corporations Act 2001 (Cth), and applicable state and territory legislation
5. Conducting customer due diligence (CDD) and identity verification under the AML/CTF Act, where applicable
6. Responding to complaints and queries
7. Maintaining practice quality and professional development

We may also use your information for secondary purposes that are related to the primary purpose and that you would reasonably expect, or where permitted or required by law.

We will not sell your personal information to third parties.

5. Tax File Number (TFN) Information

The handling of TFN information is subject to strict obligations under the Privacy (Tax File Number) Rule 2015 and ss 8WA and 8WB of the Taxation Administration Act 1953 (Cth) (TAA).

• We collect TFN information only where authorised by taxation law, personal assistance law or superannuation law
• TFN information is used or disclosed only for purposes authorised by those laws
• Access to records containing TFN information is restricted to personnel who need it for authorised purposes
• We will never transmit TFN information via unencrypted or unsecured email; where electronic transmission is necessary we use password protection, encryption or a secure client portal
• TFN information is securely destroyed or permanently de-identified when no longer required by law or for a lawful purpose

A breach of the TFN Rule constitutes an interference with privacy under the Privacy Act. Unauthorised use or disclosure may also be an offence under s 8WB of the TAA, attracting penalties including imprisonment and monetary fines

6. Disclosure of Personal Information to Third Parties

We may disclose your personal information to third parties only where necessary for the purposes in section 4, or as required or authorised by law (APP 6).

Third parties to whom we may disclose include:

Recipient Category	Purpose
Australian Taxation Office (ATO)	Lodgment of tax returns, activity statements and correspondence
ASIC, APRA, state/territory revenue offices	Statutory filings and compliance obligations
AUSTRAC	AML/CTF reporting obligations (where applicable)
Outsourced bookkeeping or specialist service providers	Service delivery on your behalf (under confidentiality obligations)
Cloud computing and document management providers	Secure data storage and practice management
Your authorised representatives or referral advisers	At your direction and with your consent
CPA Australia / Chartered Accountants ANZ	Practice quality review programs (where applicable) — personal information handled per their published privacy policies
Courts, tribunals, law enforcement agencies	Where required by law, court order or subpoena

We take reasonable steps to ensure any third-party service provider we engage handles your personal information consistently with the APPs and, where applicable, the TFN Rule.

7. Disclosure of Personal Information Overseas

We may hold or process personal information using cloud computing services or software platforms where servers may be located overseas (APP 8). If we do so:

• We currently do not disclose personal information overseas
• Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure the recipient does not breach the APPs in relation to the information
• Where we are unable to take such steps, we will seek your consent, or the disclosure will be required by law

If you wish to know the specific countries to which your information may be disclosed, please contact us using the details in section 13.

8. How We Hold and Protect Personal Information

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification or disclosure (APP 11).

Our security measures include:

• Password-protected and encrypted electronic systems with role-based access controls
• Secure client portal for document exchange
• Multi-factor authentication on key practice management systems
• Physical security measures for paper-based records (locked filing, clean-desk policy)
• Staff training on privacy obligations and TFN handling
• A documented Data Breach Response Plan (see section 9)
• Regular review of security software, controls and access lists

We retain personal information for the period necessary to fulfil the purposes of collection and to meet our legal obligations. Under the TPB’s requirements, we retain records relating to a tax agent service for a minimum of 5 years after the service has been provided. Once the retention period has lapsed and there is no ongoing legal obligation to retain the information, we take steps to destroy or de-identify it in a secure manner.

9. Notifiable Data Breaches (NDB) Scheme

We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act (effective 22 February 2018).

An eligible data breach occurs where:

1. There is unauthorised access to, unauthorised disclosure of, or loss of personal information we hold; and
2. This is likely to result in serious harm to one or more individuals; and
3. Remedial action has not prevented the likely risk of serious harm.

Where an eligible data breach occurs, we will:

• Assess the suspected breach as quickly as possible
• Notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the NDB scheme
• Notify the ATO (where tax practitioner data is involved) via the Client Identity Support Centre on 1800 467 033
• Take steps to contain the breach and prevent recurrence
• Document the breach and our response

We also note the Privacy and Other Legislation Amendment Act 2024 (Cth), which received Royal Assent on 10 December 2024, introduces expanded OAIC enforcement powers (including civil penalties and infringement notices) and a new statutory tort for serious invasions of privacy (commenced by June 2025). Privacy policies must also disclose substantially automated decision-making that significantly affects individuals’ rights — those new obligations commence on 10 December 2026.

10. Website and Online Services

When you visit our website, we may collect certain technical information automatically, including:

• IP address and browser type
• Pages visited and time of visit
• Referring website address
• Any information you submit through contact or enquiry forms

This information is used to improve our website and communications, and is not used to identify you personally unless you submit your details directly.

Cookies: Our website may use cookies to improve user experience. You may disable cookies through your browser settings; however, some functionality may be affected.

11. Your Rights — Access and Correction

You have the right to request access to and correction of personal information we hold about you (APPs 12 and 13).

To make a request:

• Contact our Privacy Officer using the details in section 13
• Requests will be responded to within 30 days wherever possible
• We will require you to verify your identity before providing access
• In most cases, access will be provided free of charge; however, we may charge a reasonable administration fee for large or complex requests

We may decline access where permitted by the Privacy Act (for example, where access would be unlawful, would prejudice legal proceedings, or where exemptions apply). If we decline, we will give you written reasons and information about how to complain.

If you believe personal information we hold is inaccurate, out of date, incomplete or misleading, you may request a correction. We will take reasonable steps to correct the information and, where relevant, notify any third parties to whom the information has been disclosed.

12. Privacy Complaints

If you believe we have breached the APPs, the TFN Rule, or your privacy rights, you may make a complaint (APP 1.4(d)).

Step 1 — Complain to us directly:
Contact our Privacy Officer (see section 13). We will acknowledge your complaint within 5 business days and respond substantively within 30 days. If we need more time, we will tell you.

Step 2 — External complaint:
If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

OAIC
GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Website: www.oaic.gov.au
Online: www.oaic.gov.au/privacy/privacy-complaints

For complaints relating to our conduct as a registered tax practitioner, you may also contact the Tax Practitioners Board (TPB):

Website: www.tpb.gov.au
Phone: 1300 362 829

13. Contact Us — Privacy Officer

All privacy enquiries, access/correction requests and complaints should be directed to:

Privacy Officer
Evergrowth Consulting
P.O. BOX 4281, Knox City Centre, Vic 3152
Phone: +61 3 98870777
Email: info@evergrowthconsulting.com.au

14. Changes to This Privacy Statement

We will review and update this Privacy Statement periodically to reflect changes in our information handling practices and in the law. The current version is published on our website at [Privacy Statement | Evergrowth Consulting] and is available free of charge in paper form upon request (APP 1.5–1.6).

We encourage you to check this page regularly for updates. Where changes are material, we will take reasonable steps to notify existing clients.

This Privacy Statement was prepared with reference to the Privacy Act 1988 (Cth), Schedule 1 (Australian Privacy Principles); the Privacy (Tax File Number) Rule 2015; the Tax Agent Services Act 2009 (Cth), s 30-10 (Code of Professional Conduct); the Privacy and Other Legislation Amendment Act 2024 (Cth); OAIC, Guide to Developing an APP Privacy Policy (2014); OAIC, Australian Privacy Principles Guidelines (updated 2023); Tax Practitioners Board, Privacy – it’s everyone’s business (2025); CPA Australia, Privacy and digital correspondence guidance for public practitioners; and AUSTRAC/OAIC guidance on AML/CTF privacy obligations (2026).