Privacy Policy
Atramentum Accounting & Consulting Trust (ABN: 88 787 654 524) (“Atramentum”, “we”, “us”, “our”) is committed to protecting the privacy of all individuals whose personal information we collect, hold, use, and disclose.
This Privacy Policy explains how we handle personal information in accordance with the Privacy Act 1988 (Cth) (“the Act”), the Australian Privacy Principles (“APPs”), and the Privacy and Other Legislation Amendment Act 2024 (Cth) (“POLA 2024”). It applies to all personal information we collect from clients, prospective clients, suppliers, employees, contractors, and website visitors, including via our website at atramentum.com.au.
1. About This Policy
We take our privacy obligations seriously. POLA 2024, which received Royal Assent on 10 December 2024, introduced significant reforms to Australia’s privacy framework — including stronger enforcement powers, a statutory tort for serious invasions of privacy (effective June 2025), civil penalties of up to $50 million for serious breaches, and new transparency requirements around automated decision-making.
This policy is reviewed annually and updated whenever relevant laws or our practices change. The current version is always available on this page.
2. What Personal Information We Collect
The types of personal information we collect depend on the services you engage us for. This may include:
- Contact details: full name, postal and email address, telephone number
- Identity information: date of birth, Tax File Number (TFN), Australian Business Number (ABN)
- Financial information: income, assets, liabilities, bank account details, tax records, superannuation details
- Employment information: employer name, occupation, payroll records
- Business information: company or trust details, financial statements, ATO correspondence
- Government-issued identifiers: where required by law (e.g., TFN for tax services, ACN for company matters)
- Website usage data: browser type, pages visited, and session data (see Section 9)
We collect only the information that is reasonably necessary for our business functions. We do not collect sensitive information (such as health, racial, or political information) unless required to provide a specific service and with your consent, or as permitted by law.
3. How We Collect Personal Information
We collect personal information directly from you wherever practicable. Collection may occur through:
- Completion of our client engagement forms or questionnaires
- Face-to-face meetings, telephone conversations, or video calls
- Email correspondence and document uploads
- Our website at atramentum.com.au
- Third parties such as the ATO, ASIC, financial institutions, or other professional advisers (with your authority)
Where we collect personal information from a third party, we will take reasonable steps to notify you of that collection as soon as practicable, unless doing so is impracticable or inconsistent with the law.
4. Why We Collect and Use Personal Information
We collect, hold, and use personal information for the following primary purposes:
- To provide accounting, tax, bookkeeping, business advisory, and ASIC agent services
- To comply with our legal and professional obligations, including under taxation laws and ASIC legislation
- To respond to your enquiries and maintain our client relationship
- To prepare and lodge tax returns, financial statements, activity statements, and company secretarial documents
- To verify your identity and obtain authorisations from the ATO and other government agencies
- To manage invoicing, payments, and account administration
- To communicate updates about relevant legislation, tax deadlines, and our service offerings
- For internal quality, risk management, and compliance purposes
We may also use your contact information to send you information about services or industry developments relevant to you. You may opt out of marketing communications at any time by contacting us.
We will not use or disclose your personal information for any purpose other than those described above, or as otherwise permitted or required by law.
5. Disclosure of Personal Information
We do not sell, rent, or trade personal information. We may disclose personal information to third parties in the following circumstances:
- The Australian Taxation Office (ATO) — for lodgement of tax returns, activity statements, and other statutory obligations
- ASIC — for company secretarial and registered agent obligations
- Other government agencies — where required or authorised by law
- Professional advisers — such as legal counsel or financial institutions, where necessary and with your authority
- Cloud software providers — document management and accounting software platforms used to provide our services, all bound by appropriate privacy and security obligations
- Succession or insolvency scenarios — where required in connection with a business sale, merger, or insolvency proceeding
Where we engage third-party service providers, we take reasonable contractual steps to require them to handle personal information consistently with the APPs.
We do not disclose personal information to overseas recipients unless you have consented, the disclosure is required by law, or we are satisfied the recipient is subject to privacy laws substantially similar to the APPs.
6. Storage and Security
We take the security of your personal information seriously. In accordance with APP 11 and the enhanced obligations under POLA 2024, we implement both technical and organisational measures to protect personal information from misuse, interference, loss, unauthorised access, modification, or disclosure:
- Secure, encrypted storage of electronic records with access controls and multi-factor authentication
- Role-based access — only staff who need information to perform their duties can access it
- Confidentiality obligations — all staff are subject to confidentiality agreements and privacy training
- Secure document management systems with audit logging
- Regular review of our security practices in line with current industry standards
We retain your personal information for as long as required by law (taxation laws require a minimum of five years) or as necessary for our business purposes. Once no longer required, information is securely destroyed or de-identified.
While we take all reasonable precautions, no data transmission or electronic storage system can be guaranteed completely secure. You provide information to us at your own risk. If you believe your information has been compromised, please contact us immediately.
7. Notifiable Data Breaches
We are subject to the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Act. If we have reasonable grounds to believe an eligible data breach has occurred — that is, a breach likely to result in serious harm to any affected individual — we will:
- Contain the breach and assess its severity as quickly as practicable
- Notify the Office of the Australian Information Commissioner (OAIC) as soon as practicable
- Notify all affected individuals directly, or via our website if direct notification is not practicable
We maintain an internal data breach response plan and will act promptly in the event of any breach.
8. Your Rights
You have the following rights in relation to your personal information:
- Access (APP 12): Request access to the personal information we hold about you. We will respond within 30 days. A reasonable retrieval fee may apply.
- Correction (APP 13): Request correction of inaccurate, out-of-date, incomplete, or misleading information. We will respond within 30 days.
- Complaints: Lodge a complaint if you believe we have breached your privacy. We will investigate and respond within 30 days.
- Opt-out of marketing: Withdraw from receiving marketing communications at any time.
- Withdrawal of consent: Where we rely on your consent, you may withdraw it — though this may affect our ability to provide certain services.
From June 2025, individuals also have a statutory right to take legal action for serious invasions of privacy under POLA 2024. We are committed to handling all information in a way that means this right is never triggered.
9. Website and Cookies
Our website (atramentum.com.au) may collect non-personally identifiable data through standard web analytics tools, including pages visited, browser type, and session duration. This data is used solely to improve the functionality and content of our website.
We do not use cookies to track individuals across third-party websites. Any contact information you submit via our website is collected only with your knowledge and handled in accordance with this policy.
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.
10. Automated Decision-Making
In accordance with transparency requirements under POLA 2024, we disclose that we do not currently use automated systems to make decisions that have a significant effect on individuals. All substantive decisions relating to our services are made by qualified staff members. Should we introduce any automated decision-making processes in the future, we will update this policy and notify affected individuals accordingly.
11. Government Identifiers
We collect and use government identifiers such as Tax File Numbers (TFNs) and ABNs only where required by taxation law or other legislation, and strictly in accordance with APP 9. We do not use government identifiers as our own client identifier.
12. Complaints and Contact
If you have a question, concern, or complaint about how we have handled your personal information, please contact our Privacy Officer in the first instance:
Privacy Officer — Atramentum
PO Box 354, Claremont WA 6910
P: (08) 9200 3465
E: office@atramentum.com.au
We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may escalate to the OAIC:
Office of the Australian Information Commissioner (OAIC)
W: www.oaic.gov.au
P: 1300 363 992
GPO Box 5218, Sydney NSW 2001
13. Policy Changes
We reserve the right to update this Privacy Policy at any time. Where changes are material, we will notify you by email or via a notice on our website. The current version will always be available at atramentum.com.au.
This policy supersedes all previous versions, including v1.4 dated 01/10/2018.

