This document sets out the policy of Atodaka relating to the protection of the privacy of personal information and is intended to enable those who interact with Atodaka to understand what types of personal information we collect, and what we do with such information in performing our functions.

We are committed to protecting the privacy of the personal information we collect and receive. This Privacy Policy seeks to explain how Atodaka collects, uses, discloses and otherwise handles personal information.

We are committed to complying with the laws of jurisdictions in which Atodaka operates

Personal information means information that identifies an individual.

Examples include an individual’s name, address, contact number and email address.

Atodaka complies with the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth) (Privacy Act). The APPs regulate the manner in which personal information is handled throughout its life cycle, from collection/receipt to use and disclosure, storage, accessibility and disposal.

We collect, hold, use and disclose your Personal information to provide the Services you have requested, to manage risk and to help us manage the availability and connectivity of services and communications.

In Australia and around the world, Atodaka needs personal information to be able to perform its services. The main purposes for which we collect, hold, use and disclose personal information are to provide quality services and benefits to our clients, to alert them to issues and opportunities in which they might be interested, and to maintain and extend our client relationships.

• Business consulting and professional services

• Business Management and Administrative services

• Liaising with clients, affiliates and service providers to facilitate and implement strategy

• Tax agency services

• Corporate secretarial services

• Accounting and bookkeeping

• Accounting information systems review and implementation

• conducting surveys and market research for product and service improvement purposes and to compile statistics and analyse trends

• receiving, investigating and taking action on complaints about how Atodaka has collected or handles personal information

• recruiting

• processing payments

• answering queries and resolving complaints; and

• using aggregated information for business analysis.

Atodaka may also collect, hold, use and disclose personal information for other purposes explained at the time of collection or:

• which are required or authorized by or under law (including, without limitation, privacy legislation); or

• for which the individual has provided their consent.

Atodaka may to let people know about the services offered by the Atodaka partners and service providers to Atodaka, where we have recipient consent. Under Australian law, we not permitted to do so unless we have recipient consent. Other jurisdictions have different restrictions on direct marketing. Where permitted by law to do so, we may contact persons for direct marketing purposes in a variety of ways, including by mail, email, SMS, telephone, online advertising or facsimile.

Under Australian law, you may communicate your consent use of your personal data for Direct Marketing by:

• when providing your personal data through our website, clicking on the button indicating your consent

• when providing your personal data through a form, signing on the form indicating your consent; or

where you have consented to receiving direct marketing communications, your consent will remain current until you advise us otherwise. However, you can, at no cost, opt out at any time, in the following ways:

• • send a letter to Atodaka Privacy Officer, PO Box 1151 Woodford Qld 4514, Australia

  • send an email to manager@atodaka.com.au

  • If receive a marketing call advise no longer wish to receive these calls; and

  • use the unsubscribe facility included in our electronic messaging

If Atodaka has collected the personal information that we use to send you direct marketing material from a third party (for example a direct mail database provider), under Australian law you can ask us to notify you of our source of information.

The type of personal information that the CPA Australia Group collects and holds about you depends on the type of dealings that you have with us.

• we collect information including your name, address, contact number, gender, date of birth, address, email address, proof of identity details, employment details, business details including your primary focus, for example taxation

In each case, we seek to keep the personal information we need updated and accurate.

Under Australian law, sensitive information is a subset of personal information that is generally afforded a higher level of privacy protection. Sensitive information includes health and genetic information and information about racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record and some types of biometric information.

Atodaka’s policy is only to collect sensitive information where it is reasonably necessary for our functions or activities and either:

• the individual has consented; and

• we are required or authorised by or under law (including applicable privacy legislation) to do so.

Our policy is not to use sensitive information except for a purpose which is directly related to the primary purpose for which the information was collected.

Atodaka uses cookies. A cookie is a small string of information that a website transfers to your browser for identification purposes. Depending on the surrounding circumstances, the cookies used by Atodaka may or may not identify individual users who log into the website. If they do reveal your identity, they constitute personal information, and thus are the subject of the Privacy Act.

Most internet browsers are set to accept cookies. If you prefer not to receive them, you can adjust your internet browser to reject cookies, or to notify you when they are being used.

There are also software products available that can manage cookies for you. Rejecting cookies can, however, limit the functionality of our website (such as preventing users from logging on and making purchases).

Atodaka sometimes uses cookies to deliver third party partner or sponsor advertising on various websites you may visit. Atodaka also uses online behavioral advertising as part of optimizing email campaigns based on audience behavior – for example reaction or no reaction to a campaign.

The Atodaka’s policy is to provide individuals with the option of not identifying themselves, or of using a pseudonym, when dealing with us if it is lawful and practicable to do so. In some cases, however, if you don’t provide us with your personal information when requested, we may not be able to respond to your request or provide you with the product or service that you are seeking.

Atodaka is required by the Privacy Act to collect personal information only by lawful and fair means. If it is reasonable and practicable, we will collect personal information we require directly from you.

Atodaka collects personal information in a number of ways, including:

• by email

• over the telephone

• through written correspondence (such as letters, faxes and emails)

• on hard copy forms

• in person

• through our website

• at seminars and functions

• electronic systems such as applications

• through surveillance cameras in our premises (which we use for security purposes); and

• from third parties, including:

  • the ATO

  • ASIC

  • public sources, such as telephone directories, membership lists of business, professional and trade associations, public websites, ASIC searches, bankruptcy searches and searches of court registries.

Where the Atodaka collects personal information directly from you, the CPA Australia Group’s policy is to take reasonable steps to notify you, including:

• our identity and how to contact us

• the purposes for which we are collecting the information;

• whether the collection is required or authorised by or under an Australian law or a court or tribunal order;

• the third parties (or types of third parties) to whom we would normally disclose information of that kind;

• whether any of those third parties are located overseas and, if practicable to specify, the countries in which they are located; and

• the fact that this Privacy Policy contains information about how to access and correct personal information and make privacy complaints (and how we will deal with those complaints).

We do this at or before the time of collection, or as soon as practicable afterwards.

The CPA Australia Group will generally include these matters in a collection notice. For example, where personal information is collected on a paper or

Under Atodaka’s policy, personal information may be disclosed to the following third parties where appropriate for the purposes set out under heading 2 above:

• financial institutions

• insurers

• persons and agencies involved in external dispute resolution

• CPA Australia, Atodaka Partners and Service Providers, including I.T. providers, lawyers, auditors, bookkeepers

• Internal management and accounting departments and employees

• regulatory bodies for Anti-Money Laundering and Counter-Terrorism, and combatting fraud and other crime, in compliance with legislative requirements

• bodies such as the Financial Ombudsman Service for the resolution of complaints and disputes

• ASIC and similar bodies to comply with our legal obligations

• ATO and State Office’s of Fair Trading and Revenue for compliance processing and fulfil legal obligations

• as required or authorized by or under an Australian law or the order of an Australian court or tribunal

In the case of contracted service providers, Atodaka may disclose personal information to the service provider and the service provider may in turn provide us with personal information collected from you in the course of providing the relevant products or services.

Storage and disclosure of personal information may occur in the normal course of Atodaka’s business. Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.  We and our third-party service providers store and process your Personal Data in Australia and elsewhere in the world. Atodaka’s policy is to comply with the requirements of the Privacy Act, as well as with any legal requirements applicable in the relevant jurisdiction.

The Atodaka holds personal information in a number of ways, including in electronic databases, email contact lists, and in paper files held in drawers and cabinets, locked where appropriate. Paper files may also be archived in boxes and stored offsite in secure facilities. Atodaka’s policy is to take reasonable steps to:

• make sure that the personal information that we collect, use and disclose is accurate, up to date and complete and (in the case of use and disclosure) relevant; and

• protect the personal information that we hold from misuse, interference and loss and from unauthorized access, modification or disclosure.

You can also help us keep your information up to date; by letting us know about any changes to your personal information, such as your email address or phone number.

The steps we take to secure the personal information we hold include ICT security (such as encryption, firewalls, anti-virus software and login and password protection), secure office access, personnel security and training and workplace policies.

Atodaka strives to protect the personal information and privacy of website users but you disclose that information at your own risk.

You can also help to protect the privacy of your personal information by keeping passwords secret and by ensuring that you log out of the website when you have finished using it. In addition, if you become aware of any security breach, please let us know as soon as possible.

Links to third party websites that are not operated or controlled by the Atodaka are provided for your convenience. Atodaka is not responsible for the privacy or security practices of those websites, which are not covered by this Privacy Policy. Third party websites should have their own privacy and security policies, which we encourage you to read before supplying any personal information to them.

Individuals have a right to request access to the personal information that Atodaka holds about them and to request its correction.

If you ask Atodaka to correct personal information that we hold about you, or if we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, Atodaka’s policy is to take reasonable steps to correct that information to ensure that, having regard to the purpose for which it is held, the information is accurate, up-to-date, complete, relevant and not misleading. Except in the case of more complicated requests, Atodaka will endeavor to respond to access and correction requests within 30 days.

If you have a complaint about how Atodaka has collected or handled your personal information, please contact our Privacy Officer (details under heading 12 below).

Our Privacy Officer will endeavor in the first instance to deal with your complaint and take any steps necessary to resolve the matter within one week.

If your complaint can’t be resolved at the first instance, we will ask you to complete a Privacy Complaint Form, which details (for example) the date, time and circumstances of the matter that you are complaining about, how you believe your privacy has been interfered with and how would you like your complaint resolved.

We will endeavour to acknowledge receipt of the Privacy Complaint Form within five business days of receiving it and to complete our investigation into your complaint in a timely manner. This may include, for example, gathering the facts, locating and reviewing relevant documents and speaking to relevant individuals.

In most cases, we expect that complaints will be investigated and a response provided within 30 days of receipt of the Privacy Complaint Form. If the matter is more complex and our investigation may take longer, we will write and let you know, including letting you know when we expect to provide our response.

Our response will set out:

• whether in the Privacy Officer’s view there has been a breach of this Privacy Policy or any applicable privacy legislation; and

• what action, if any, Atodaka will take to rectify the situation.

If you are unhappy with our response, you can refer your complaint to the Office of the Australian Information Commissioner.

All personal data that has been collected from you by Atodaka will only be kept for a limited duration that is relevant to the purpose for which your personal data is to be used and for as long as required by applicable law.

Please contact Atodaka if you have any queries about the personal information that we hold about you or the way we handle that personal information. Our contact details for privacy queries and complaints are set out below.

Privacy Officer

Atodaka

PO Box 1151

Woodford Qld 4514

Australia

E: manager@atodaka.com.au

P: + 61 417 615 581

We may amend this Privacy Policy from time to time. The current version will be posted on our website.