On this page we list our policies for how we use your personal data, as well as policies for refunds, our anti-corruption policy and our risk-management policy. These policies apply to the EpsomTax.com Group i.e. EpsomTax.com Limited, Property Accountants Auckland Limited and Outsourced etc NZ Limited.



This privacy policy gives a general overview of how EpsomTax.com Group use and protect any information that you provide when you visit their websites or those of their subsidiaries or divisions.

EpsomTax.com Group is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be certain that it will only be used in accordance with this privacy statement.

EpsomTax.com Group may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.*

Who is our Privacy Officer?

The Privacy Officer for EpsomTax.com Group is Garreth Collard, our executive director. Please contact him on 099730706 line 2 or via this contact form.

What we collect

We may collect the following information:

  • name and job title
  • contact information including email address
  • demographic information such as postcode, preferences and interests
  • other information relevant to customer surveys and/or offers

Please note that when completing the following forms (and other forms on our website that are similar), then highly detailed and private financial and personal information is requested, including (on some forms) proof of identity (Driver's Licence) and bank account:

Our site is https (not just plain old http) so we do our best to make sure this is transmitted securely to us.

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Identity verification purposes as required by the Income Tax Act or other New Zealand legislation e.g. Anti-Money Laundering laws
  • Preparation of financial statements and submission of tax returns to Inland Revenue
  • To answer your queries
  • Internal record keeping
  • We may use the information to improve our products and services
  • We may use the information to customise the website according to your interests
  • From time to time, we may also use your information to contact you for market research purposes

Why we might contact you

In addition to the reasons listed above, we may also contact you about the following:

  • We may email you occasionally to update you on a tax or legal development which will impact your investments
  • We will contact you each year about AuditShield and your Companies Office obligations
  • Reminders about tax or GST payments which are due or overdue
  • Reminders about other legal obligations e.g. NZ Companies Office annual returns
  • Other similar matters not listed here

We may contact you by email, phone, fax or mail.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures and policies to safeguard and secure the information we collect, whether online, via courier or in person.

Data breaches are possible, due to activity such as hacking or simple human error.  Please scroll down for more detailed information on the this including our policy on reporting data breaches.

For security reasons, we have chosen not to publish the names of our storage providers, nor their type or location. However, we have confirmed that they meet the requirements of the NZ Privacy Act.

How we use cookies

We sometimes use cookies when we have a cup of coffee. Mmm, that sweet taste against the bitterness of the coffee is amazing.

But what you are more likely wondering about is website cookies. What is a cookie? A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. At least, that's the plan. We are not that sophisticated yet but we will get there. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, presumably cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website, but hey! We respect your choices.

How else might cookies affect you? Well, if you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.


Links to other websites and embedded content from other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


Controlling your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen. There is an opt-in box on the authorisation form for this purpose.

If you don't want us to contact you about:

  • improving our products and services
  • new products, special offers or other information which we think you may find interesting using the email address which you have provided
  • market research purposes

please let us know by contacting us, either by phone or by email.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee may be payable to cover our costs in providing it to you. If you would like a copy of the information held on you please contact us.

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect or incomplete.


For more detailed information on privacy, including compliance with the NZ Privacy Act and GDPR, please scroll down.





Our answers to the big questions about data privacy which every business should be able to provide you. For our full privacy policy, please download the Word document at the end of this page.


What will my data be used for?

Your data will be used to compile your financial statements and file your tax returns. We may also make recommendations to you to improve your business or expand your property portfolio, based on the information you've provided and the permissions you have given us.

What are the benefits and who will benefit?

The benefits are that you are helped to comply with tax, anti-money laundering and (if applicable) company law% in New Zealand, your tax and/or Companies Office returns will be filed, and maybe you'll get a nice tax refund. So it is principally for your benefit, as the client. We get paid, so that means there is a benefit for us too.

Who will be using my data?

The staff and contractors of the EpsomTax.com Group, all of whom are required to sign confidentiality agreements, and comply with our cyber-security policy. We don’t sell your data to anyone.

Do you obtain data about me from anywhere else?

Well yes. At times a friend of yours, or a mortgage broker, a financial advisor, a risk advisor etc may send us your details.We also receive data from third parties such as Inland Revenue, Companies Office, ACC, Xero.com, MYOB and similar.  All this sort of data can only be shared with us with your permission.

Can I refuse to provide some types of personal information?

Absolutely! That just means we may not be able to offer you some or any services. Please feel free to contact our Privacy Officer by means of the form here with any questions about this.


Is my data secure?

As far as it is possible, we believe so. To the extent necessary to ensure that our services to the client are completed and in accordance with the law, we make every reasonable effort to protect the confidential information from misuse or unauthorised disclosure.

We have a strict cyber-security policy, that all staff have agreed to. We review our privacy policy every year or sooner as needs be.* Information can only be accessed with a username and password. We delete your financial information after approximately seven years.  At times clients have asked us for data that is older than seven years so we are not strict about that timeframe. That's proven helpful when IRD have decided to dig up something in the distant past, and the only people who might have the records so that a client can defend themselves is us!

We also annually review our PCI DSS compliance status. We use internet security products on all computers. All users have also signed a contract with confidentiality and non-disclosure clauses. As data is stored online, we take care to only use reputable and reliable commercial providers for electronic transmission and storage purposes. Sensitive ID data is stored with a separate provider to financial data.#

To the best of our knowledge, at the time of writing none of our online service providers have experienced a major hack apart from our previous website host (this occurred in 2016; see this article for more information); we believe that no client data was compromised, and we changed our passwords afterwards as per instructions from the host.

If there is a data or privacy breach, what happens?

As soon as we become aware of it, we will notify you and take all reasonable steps to mitigate potential harm, as well as examine what went wrong to prevent or minimise a recurrence. If a notifiable privacy breach occurs, we will notify the Privacy Commissioner and any affected people as soon as we are practically able.

Will my data be anonymous?

No, because our staff need to know who the data belongs to so that it can be compiled into your personal financial statements, and so that your tax returns can be filed.

Can I see and correct data about me?

Absolutely. We are happy to provide you with a copy of all data we hold, and if there is anything that needs correcting, we'd love to know. Please contact us for this or call 0800890132 line 2. A small fee may be payable to cover our costs in providing this to you.


Will I be asked for consent?

Yes, as part of the authorisation process, you are asked explicitly for consent.

Could my data be sold?

No. That would breach our code of ethics. ​We don’t sell your data to anyone.


Please also see our terms and conditions and disclaimer, which contain further information as well as the Word document below.  Feel free to contact us with any questions or to file a complaint.

We do not have a Data Protection Officer, but the closest thing to that would be our Privacy Officer, Garreth Collard. Garreth has previously qualified as a OneTrust Certified Privacy Management Professional.   You can contact him using the form here or by phone on 099730706 line 2. Our Anti-Money Laundering Compliance Officer, Asher Crossman, can be contacted on 0993069901 or by using the form on this page.


This document explains how we comply with the NZ Privacy Act 2020 and the General Data Protection Regulation of the European Union when dealing with personal information.

privacy-policy (April 2024).pdf

Download File


We are a Level 4 merchant. Please click the Trustwave icon on our Contact Page to find out about our PCI DSS status.


Regarding the California Consumer Privacy Act: We have reviewed and amended our policy as required, and we believe it complies with the requirements of this Act.


Regarding Brazil's Lei Geral de Proteção de Dados: We do not offer any services in Brazil, collect information from Brazil or process data in Brazil.

% The Income Tax Act requires tax agents to obtain written or electronic authority and to verify identity; the Anti-Money Laundering and Counter-Financing of Terrorism Act requires us to verify identity, address and in some cases, proof of wealth and source of funds; the Companies Act requires us to obtain written permission to act on behalf of the company
* These policies were last updated 1 June 2024
​# This data has been separated out and is stored with a separate provider. There is extremely limited access to this data, by design.





Company Incorporation

If you engage us to setup your LTC and then change your mind we will refund your money, less any fees already paid to the New Zealand Companies Office, provided that you notify us within 7 calendar days of our receipt of your payment. Please note that if work has already commenced we may charge a convenience fee of up to $135 plus GST to cover our time. Please also note that the 7 day period does not apply if the company has already been incorporated, i.e., there is no refund in this circumstance.

Other accounting services e.g. annual accounts preparation:

If you engage us to prepare your financial statements etc and then change your mind we will refund your money provided that you notify us within 7 calendar days of our receipt of your payment. Please note that if work has already commenced we may charge a convenience fee of up to $270 plus GST to cover our time​. If outside the 7 calendar day window, there is no refund available.





1. Purpose We are committed to upholding the highest standards of integrity, honesty, and transparency in all aspects of our operations. Corruption undermines trust, damages reputation, and erodes the foundation of our profession. This Anti-Corruption Policy outlines our firm stance against corruption and serves as a guide for all employees, contractors and stakeholders in maintaining ethical conduct.

2. Scope This policy applies to all employees, contractors, agents, and representatives of Epsomtax.com Limited and associated companies, including partners, managers, staff accountants, administrative personnel, and interns.

3. Definition of Corruption Corruption refers to any act of dishonesty, fraud, bribery, embezzlement, or abuse of power for personal or corporate gain. This includes, but is not limited to, offering, giving, receiving, or soliciting anything of value to influence a decision or action.

4. Compliance with Laws and Regulations We are committed to complying with all applicable laws and regulations related to anti-corruption, including but not limited to the New Zealand Crimes Act 1961 and the Foreign Corrupt Practices Act (FCPA). Employees are expected to be familiar with these laws and regulations and adhere to them at all times.

5. Prohibited Conduct The following activities are strictly prohibited and will not be tolerated:

  • Offering, giving, receiving, or soliciting bribes, kickbacks, or any other form of improper payment or inducement.
  • Making facilitation payments to expedite routine government actions.
  • Engaging in conflicts of interest without proper disclosure and approval.
  • Misusing company funds or assets for personal gain.
  • Falsifying records or engaging in any form of accounting fraud.
  • Offering or accepting gifts, hospitality, or entertainment that could reasonably be perceived as an attempt to improperly influence business decisions.

6. Reporting Procedures Employees are encouraged to report any suspected or actual instances of corruption or unethical conduct promptly. Reports can be made to the Executive Director, Garreth Collard. All reports will be treated with confidentiality, and no retaliatory action will be taken against individuals who make good faith reports.

7. Consequences of Non-Compliance Violations of this policy will result in disciplinary action, up to and including termination of employment or contract. Additionally, individuals found to have engaged in corrupt activities may be subject to civil or criminal prosecution.

8. Training and Awareness Regular training sessions will be conducted to ensure that all employees understand their obligations under this policy and are equipped to identify and report potential instances of corruption. Additionally, this policy will be communicated to all stakeholders and made available on our internal communication channels.

9. Review and Revision This policy will be reviewed periodically to ensure its effectiveness and relevance in addressing emerging risks and changing regulatory requirements. Any revisions will be communicated to all employees and stakeholders.

10. Conclusion We are committed to fostering a culture of integrity, accountability, and ethical behavior. By adhering to the principles outlined in this Anti-Corruption Policy, we demonstrate our dedication to upholding the highest standards of professionalism and serving the best interests of our clients, employees, and society as a whole.


Risk Management Policy

1. Purpose

The purpose of this Risk Management Policy is to establish a comprehensive framework for identifying, assessing, managing, and mitigating risks that could impact the achievement of EpsomTax.com Group's objectives. This policy ensures that risk management practices are integrated into all aspects of the firm's operations and decision-making processes.

2. Scope

This policy applies to all partners, employees, contractors, consultants, and stakeholders involved in the operations of EpsomTax.com Group. It encompasses all types of risks, including but not limited to strategic, operational, financial, compliance, and reputational risks.

3. Policy Statement

EpsomTax.com Group is committed to proactively managing risks to protect its assets, reputation, and stakeholders' interests. We will:

  • Identify and assess risks on an ongoing basis.
  • Implement risk management strategies to mitigate identified risks.
  • Monitor and review the effectiveness of risk management processes.
  • Foster a culture of risk awareness and continuous improvement.

4. Risk Management Objectives

The key objectives of this policy are to:

  • Promote a risk-aware culture throughout the firm.
  • Ensure a systematic approach to risk identification, assessment, and management.
  • Enhance decision-making processes through better understanding and management of risks.
  • Protect the firm’s assets and resources.
  • Ensure compliance with relevant laws, regulations, and professional standards.
  • Minimize potential negative impacts on the firm’s reputation and operations.

5. Risk Management Framework

The risk management framework involves the following key components:

5.1 Risk Identification

  • Conduct regular risk assessments to identify potential risks.
  • Utilize various methods such as risk workshops, interviews, and surveys to gather risk information.
  • Maintain a risk register to document identified risks, their sources, and potential impacts.

5.2 Risk Assessment

  • Evaluate identified risks in terms of likelihood and impact.
  • Prioritize risks based on their potential effect on the firm.
  • Use qualitative and quantitative methods to assess risks.

5.3 Risk Mitigation

  • Develop and implement risk mitigation strategies and action plans.
  • Assign responsibilities for risk mitigation to appropriate personnel.
  • Ensure adequate resources are allocated for effective risk management.

5.4 Risk Monitoring and Reporting

  • Continuously monitor risks and the effectiveness of mitigation strategies.
  • Regularly update the risk register and report significant risks to senior management and the partners.
  • Establish key risk indicators (KRIs) to track risk levels and trends.
  • Annually review (usually in July) our risk as part of regular Anti-Money Laundering compliance reviews

5.5 Risk Communication

  • Promote open communication about risks and risk management practices.
  • Ensure all employees are aware of their roles and responsibilities in managing risks.
  • Provide training and resources to enhance risk management skills.

6. Roles and Responsibilities

6.1 Partners

  • Provide oversight and ensure the effectiveness of the risk management framework.
  • Review and approve the risk management policy and major risk mitigation strategies.

6.2 Senior Management

  • Implement the risk management framework and policy.
  • Ensure that risk management practices are integrated into strategic planning and operations.
  • Report significant risks to the partners.

6.3 Risk Management Committee

  • Coordinate risk management activities across the firm.
  • Review risk assessments and mitigation plans.
  • Monitor the effectiveness of risk management processes and report to senior management.

6.4 Employees

  • Identify and report potential risks in their areas of responsibility.
  • Participate in risk assessments and the implementation of mitigation strategies.
  • Adhere to the risk management policy and related procedures.

6.5 Compliance Officer

  • Ensure the firm complies with relevant laws, regulations, and professional standards.
  • Monitor and report on compliance-related risks.
  • Provide guidance on compliance issues and risk mitigation strategies.

7. Review and Continuous Improvement

This policy will be reviewed annually or more frequently as necessary to ensure its continued relevance and effectiveness. Feedback from employees and stakeholders will be considered in the review process. The firm is committed to continuous improvement in risk management practices.

8. Approval and Implementation

This Risk Management Policy is approved by the Partners and is effective as of 1 June 2024. All contractors and employees are required to comply with the policy and support its implementation.