Privacy Policy

Finacco (we, us, our) is an Australian accounting and advisory practice based in Melbourne, Victoria. This policy explains how we handle personal information in line with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

By providing personal information to Finacco — through this website, by email, by phone, or in the course of an engagement — you consent to its collection, use, storage, and disclosure on the terms set out below.

We collect personal information you provide directly: typically your name, email address, phone number, business name, role, and any details you share through our contact form, in correspondence, or in the course of an engagement.

We may also collect information from third parties where you have authorised it or where it is reasonable in the circumstances. This includes referrers, business partners, your other professional advisers, publicly available sources, and identity-verification or anti-money-laundering providers where required.

We collect technical information when you visit our website (such as browser type, device, pages viewed, referring URLs, and approximate location) via standard server logs and, where enabled, privacy-respecting analytics tools.

You do not have to provide personal information to us, but if you choose not to, we may be unable to respond to your enquiry or deliver some or all of our services to you.

We use your information to respond to enquiries, provide and administer our services, meet our regulatory and professional obligations, manage our internal records and quality assurance, and improve our website and communications.

Where you have opted in or where the law otherwise permits, we may also use your information to send you updates, content, and offers about our services. You can opt out of marketing communications at any time using the unsubscribe link in the email or by contacting us.

We do not sell your personal information. We only disclose it where reasonably necessary — for example, to reputable software, cloud, payment, identity-verification, and professional-services providers we use to deliver our services; to your other professional advisers where you have authorised it; or where disclosure is required or permitted by law.

Some of the platforms and providers we use may store or process data on servers located outside Australia (for example, in the United States, the European Union, or other jurisdictions where reputable cloud providers operate). Where this occurs, we take reasonable steps to ensure those providers handle your information in a manner consistent with the APPs.

We store your information using reputable cloud and accounting platforms with industry-standard security controls, including access controls, encryption in transit, and provider-side encryption at rest. Access within Finacco is limited to team members who need it to perform their role.

While we take reasonable steps to protect your information, no method of transmission or storage is completely secure. You provide your information at your own risk and, to the extent permitted by law, we do not warrant or guarantee that your information will not be accessed, disclosed, altered, or destroyed by unauthorised third parties.

If we become aware of an eligible data breach affecting your personal information, we will respond in accordance with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth).

Our website may use cookies, similar tracking technologies, and privacy-respecting analytics to understand how visitors use the site, remember preferences, and improve the user experience. You can disable cookies in your browser at any time. Disabling cookies may affect how parts of the site work.

You can request access to the personal information we hold about you, or ask us to correct it, via our contact form. We will respond within a reasonable timeframe and may need to verify your identity before doing so.

We may decline a request where the law permits — for example, where granting access would unreasonably affect the privacy of others, be unlawful, or prejudice an investigation. Where we decline, we will give written reasons.

We keep records for as long as required to provide our services and to meet our legal, tax, and professional obligations — generally at least seven years for client engagement records, and longer where a specific law or regulator requires it. When information is no longer required, we take reasonable steps to destroy or de-identify it.

This website and our services are directed to business owners, operators, and professional advisers. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, please contact us and we will take reasonable steps to delete it.

We may update this policy from time to time. The latest version will always be available on this page with the updated date noted at the top. Your continued use of our website or services after an update constitutes acceptance of the updated policy.

If you have a question, concern, or complaint about how we handle your information, please reach out via our contact form. We take privacy complaints seriously and will respond as soon as reasonably practicable.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.