Our answers to the big questions about data privacy which every business should be able to provide you. For our full privacy policy, please download the Word document at the end of this page.
Value
What will my data be used for?
Your data will be used to compile your financial statements and file your tax returns. We may also make recommendations to you to improve your business or expand your property portfolio, based on the information you've provided and the permissions you have given us.
What are the benefits and who will benefit?
The benefits are that you are helped to comply with tax, anti-money laundering and (if applicable) company law% in New Zealand, your tax and/or Companies Office returns will be filed, and maybe you'll get a nice tax refund. So it is principally for your benefit, as the client. We get paid, so that means there is a benefit for us too.
Who will be using my data?
The staff and contractors of the EpsomTax.com group, all of whom are required to sign confidentiality agreements, and comply with our cyber-security policy. We don’t sell your data to anyone.
Can I refuse to provide some types of personal information?
Absolutely! That just means we may not be able to offer you some or any services. Please feel free to contact our Privacy Officer by means of the form here with any questions about this.
Your data will be used to compile your financial statements and file your tax returns. We may also make recommendations to you to improve your business or expand your property portfolio, based on the information you've provided and the permissions you have given us.
What are the benefits and who will benefit?
The benefits are that you are helped to comply with tax, anti-money laundering and (if applicable) company law% in New Zealand, your tax and/or Companies Office returns will be filed, and maybe you'll get a nice tax refund. So it is principally for your benefit, as the client. We get paid, so that means there is a benefit for us too.
Who will be using my data?
The staff and contractors of the EpsomTax.com group, all of whom are required to sign confidentiality agreements, and comply with our cyber-security policy. We don’t sell your data to anyone.
Can I refuse to provide some types of personal information?
Absolutely! That just means we may not be able to offer you some or any services. Please feel free to contact our Privacy Officer by means of the form here with any questions about this.
Protection
Is my data secure?
As far as it is possible, we believe so. To the extent necessary to ensure that our services to the client are completed and in accordance with the law, we make every reasonable effort to protect the confidential information from misuse or unauthorised disclosure.
We have a strict cyber-security policy, that all staff have agreed to. We review our privacy policy every year or sooner.* Information can only be accessed with a username and password. We delete your financial information after seven years. We also annually review our PCI DSS compliance status. We use internet security products on all computers. All users have also signed a contract with confidentiality and non-disclosure clauses. As data is stored online, we take care to only use reputable and reliable commercial providers for electronic transmission and storage purposes. Sensitive ID data is stored with a separate provider to financial data.# We carry out regular scans of our websites and we recently organised some penetration testing.
To the best of our knowledge, at the time of writing none of our online service providers have experienced a major hack apart from our current website host (this occurred in 2016; see this article for more information); we believe that no client data was compromised, and we changed our passwords afterwards as per instructions from the host.
If there is a data or privacy breach, what happens?
As soon as we become aware of it, we will notify you and take all reasonable steps to mitigate potential harm, as well as examine what went wrong to prevent or minimise a recurrence. If a notifiable privacy breach occurs, we will notify the Privacy Commissioner and any affected people as soon as we are practically able.
Will my data be anonymous?
No, because our staff need to know who the data belongs to so that it can be compiled into your personal financial statements, and so that your tax returns can be filed.
Can I see and correct data about me?
Absolutely. We are happy to provide you with a copy of all data we hold, and if there is anything that needs correcting, we'd love to know. Please contact us for this or call 0800890132 line 2. A small fee may be payable to cover our costs in providing this to you.
As far as it is possible, we believe so. To the extent necessary to ensure that our services to the client are completed and in accordance with the law, we make every reasonable effort to protect the confidential information from misuse or unauthorised disclosure.
We have a strict cyber-security policy, that all staff have agreed to. We review our privacy policy every year or sooner.* Information can only be accessed with a username and password. We delete your financial information after seven years. We also annually review our PCI DSS compliance status. We use internet security products on all computers. All users have also signed a contract with confidentiality and non-disclosure clauses. As data is stored online, we take care to only use reputable and reliable commercial providers for electronic transmission and storage purposes. Sensitive ID data is stored with a separate provider to financial data.# We carry out regular scans of our websites and we recently organised some penetration testing.
To the best of our knowledge, at the time of writing none of our online service providers have experienced a major hack apart from our current website host (this occurred in 2016; see this article for more information); we believe that no client data was compromised, and we changed our passwords afterwards as per instructions from the host.
If there is a data or privacy breach, what happens?
As soon as we become aware of it, we will notify you and take all reasonable steps to mitigate potential harm, as well as examine what went wrong to prevent or minimise a recurrence. If a notifiable privacy breach occurs, we will notify the Privacy Commissioner and any affected people as soon as we are practically able.
Will my data be anonymous?
No, because our staff need to know who the data belongs to so that it can be compiled into your personal financial statements, and so that your tax returns can be filed.
Can I see and correct data about me?
Absolutely. We are happy to provide you with a copy of all data we hold, and if there is anything that needs correcting, we'd love to know. Please contact us for this or call 0800890132 line 2. A small fee may be payable to cover our costs in providing this to you.
Choice
Will I be asked for consent?
Yes, as part of the authorisation process, you are asked explicitly for consent.
Could my data be sold?
No. That would breach our code of ethics. We don’t sell your data to anyone.
Yes, as part of the authorisation process, you are asked explicitly for consent.
Could my data be sold?
No. That would breach our code of ethics. We don’t sell your data to anyone.
More Information
Please also see our terms and conditions and disclaimer, which contain further information as well as the Word document below. Feel free to contact us with any questions; please click here to file a complaint.
We do not have a Data Protection Officer, but the closest thing to that would be our Compliance & Privacy Officer, Garreth Collard. Garreth is qualified as a OneTrust Certified Privacy Management Professional.^ You can contact Garreth using the form here or by phone on 099730706 line 2. Our Assistant Compliance Officer, Marcel Burrows, can be contacted using the form on this page.
We do not have a Data Protection Officer, but the closest thing to that would be our Compliance & Privacy Officer, Garreth Collard. Garreth is qualified as a OneTrust Certified Privacy Management Professional.^ You can contact Garreth using the form here or by phone on 099730706 line 2. Our Assistant Compliance Officer, Marcel Burrows, can be contacted using the form on this page.
nz privacy act 1993 & gdpr
This document explains how we comply with the NZ Privacy Act 1993 and the General Data Protection Regulation of the European Union when dealing with personal information.
| privacy-policy.docx |
PCI DSS
We are a Level 4 merchant. Please click the Trustwave icon in the footer to find out about our PCI DSS status.
CCPA
Regarding the California Consumer Privacy Act: We have reviewed and amended our policy as required, and we believe it complies with the requirements of this Act.
LGPD
Regarding Brazil's Lei Geral de Proteção de Dados: We do not offer any services in Brazil, collect information from Brazil or process data in Brazil.
% The Income Tax Act requires tax agents to obtain written or electronic authority and to verify identity; the Anti-Money Laundering and Counter-Financing of Terrorism Act requires us to verify identity, address and in some cases, proof of wealth and source of funds; the Companies Act requires us to obtain written permission to act on behalf of the company
* This policy was last updated in May 2021
# We are in the process of separating out this data.
^ The Privacy Officer is at present studying the 12 data privacy principles supplied by the Privacy Commissioner.
* This policy was last updated in May 2021
# We are in the process of separating out this data.
^ The Privacy Officer is at present studying the 12 data privacy principles supplied by the Privacy Commissioner.