Privacy Policy

Last Updated: August 29, 2025
Effective Date: August 29, 2025
Company: Xactify Accounts

1. Introduction

Xactify Accounts ("we", "us", "our") is committed to protecting your privacy and personal information in accordance with the Australian Privacy Act 1988 (Privacy Act) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store and protect your personal information when you use our services or visit our website.

By using our services or providing us with your personal information, you consent to the collection, use and disclosure of your personal information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Name, address, phone number, email address
  • Australian Business Number (ABN), Tax File Number (TFN) when required for services
  • Business information and financial records
  • Bank account details for direct debit arrangements
  • Payment and billing information
  • Communication records (emails, phone calls, consultation notes)
  • Website usage data and cookies

2.2 How We Collect Information

  • Directly from you when you contact us or use our services
  • Through our website contact forms and booking systems
  • During consultations and service delivery
  • From third parties with your consent (e.g., accountants, financial institutions)
  • Through cookies and analytics on our website

3. How We Use Your Information

We use your personal information for the following purposes:

  • Providing bookkeeping, accounting and business registration services
  • Processing TFN, ABN and company registration applications
  • Communicating with you about our services
  • Managing client relationships and service delivery
  • Processing payments and billing
  • Maintaining accurate financial records as required by law
  • Improving our services and website functionality
  • Complying with legal and regulatory obligations
  • Marketing our services (with your consent)

4. Use of Identity Documents

We collect and store identity documents (e.g., driver licence, passport, Medicare card) solely to lodge government applications you request (TFN, ABN, ASIC company registration, GST). We store them securely and delete them on request once your job is completed unless the law requires retention.

5. Information Disclosure

We may disclose your personal information to:

  • Government agencies (ATO, ASIC) as required by law
  • Third-party service providers who assist in delivering our services
  • Professional advisors (lawyers, accountants) when necessary
  • Cloud software providers (Xero, MYOB, QuickBooks) for service delivery
  • Payment processors for billing purposes
  • With your express consent for other purposes

Important Note

We will never sell, rent, or trade your personal information to third parties for marketing purposes without your explicit consent.

6. Data Security and Storage

We implement appropriate technical and organizational measures to protect your personal information:

  • Encrypted data transmission and storage
  • Secure cloud-based accounting platforms
  • Regular security audits and updates
  • Limited access controls and staff training
  • Secure document storage with backup systems

Data Retention: We retain your personal information for as long as necessary to provide services and comply with legal obligations. Financial records are maintained for 7 years as required by Australian law.

7. Your Privacy Rights

Under Australian privacy law, you have the right to:

  • Access your personal information
  • Request correction of inaccurate information
  • Request deletion of personal information (where legally permissible)
  • Withdraw consent for marketing communications
  • Lodge a complaint about privacy breaches
  • Request information about how your data is used
  • Opt-out of direct marketing
  • Request data portability where applicable

8. Data Breach Procedures

Notifiable Data Breach Compliance

In accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) within 72 hours of becoming aware of an eligible data breach
  • Notify affected individuals if the breach is likely to result in serious harm
  • Maintain detailed records of all data breaches and our response
  • Implement immediate containment and remediation measures
  • Conduct thorough investigation and implement preventive measures

9. Cookies and Website Analytics

8.1 Types of Cookies We Use

Essential Cookies

  • Website functionality and security
  • Form submission and booking systems
  • Session management

Analytics Cookies

  • Google Analytics for website performance
  • User behavior analysis
  • Service improvement insights

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality. For analytics opt-out, you can use browser extensions or Google Analytics opt-out tools.

10. Third-Party Services

We use trusted third-party services to deliver our offerings. Your information may be shared with:

Accounting Software

  • Xero (Australia) - Cloud accounting
  • MYOB - Business management
  • QuickBooks (Intuit) - Financial management

Other Services

  • Payment processors for secure transactions
  • Email service providers for communications
  • Cloud storage for document management
  • Analytics services for website improvement

All third-party providers are carefully selected and comply with privacy and security standards comparable to our own.

11. International Data Transfers

Some of our third-party service providers may store data outside Australia. When this occurs, we ensure:

  • The overseas recipient is subject to privacy laws substantially similar to the APPs
  • Appropriate contractual protections are in place
  • Data transfer is necessary for service delivery
  • You are informed of any countries where your data may be stored

Countries where data may be processed: USA (Google, Microsoft), New Zealand (Xero), Singapore (regional data centers).

12. Exercising Your Privacy Rights

How to Make Requests

  • Submit requests in writing via email
  • Include sufficient detail to identify you
  • Specify the type of request clearly
  • Allow up to 30 days for response

Verification Process

  • Identity verification required for all requests
  • Additional documentation may be requested
  • Third-party requests require written authorization
  • Some requests may incur reasonable charges

13. Contact Us About Privacy

If you have questions about this Privacy Policy or wish to exercise your privacy rights, contact us:

Contact Details:

Phone: 0438 846 858
Address: Geelong, Victoria, Australia

External Complaints:

Office of the Australian Information Commissioner (OAIC)
Website: www.oaic.gov.au
Phone: 1300 363 992