Our answers to the 9 big questions about data privacy which every business should be able to provide you. For our full privacy policy, please download the Word document at the end of this page.
Value
What will my data be used for?
Your data will only be used to compile your financial statements and file your tax returns. We may also make recommendations to you to improve your business or expand your property portfolio, based on the information you've provided.
What are the benefits and who will benefit?
The benefits are that you are helped to comply with tax laws in New Zealand, your tax return will be filed, and maybe you'll get a nice tax refund. So it is principally for your benefit, as the client. We get paid, so that means there is a benefit for us too.
Who will be using my data?
The staff and contractors of the EpsomTax.com group, all of whom are required to sign confidentiality agreements, and comply with our cyber-security policy. We don’t sell your data to anyone.
Your data will only be used to compile your financial statements and file your tax returns. We may also make recommendations to you to improve your business or expand your property portfolio, based on the information you've provided.
What are the benefits and who will benefit?
The benefits are that you are helped to comply with tax laws in New Zealand, your tax return will be filed, and maybe you'll get a nice tax refund. So it is principally for your benefit, as the client. We get paid, so that means there is a benefit for us too.
Who will be using my data?
The staff and contractors of the EpsomTax.com group, all of whom are required to sign confidentiality agreements, and comply with our cyber-security policy. We don’t sell your data to anyone.
Protection
Is my data secure?
As far as it is possible, we believe so. To the extent necessary to ensure that our services to the client are completed and in accordance with the law, we make every reasonable effort to protect the confidential information from misuse or unauthorised disclosure.
We have a strict cyber-security policy, that all staff have agreed to. We review our privacy policy every year or sooner.* We also annually review our PCI DSS compliance status. We use commercial-grade internet security products on all computers. All users have also signed a contract with confidentiality and non-disclosure clauses. As data is stored online, we take care to only use reputable and reliable commercial providers for electronic transmission and storage purposes. We carry out regular scans of our websites and we recently organised some penetration testing.
To the best of our knowledge, at the time of writing none of our online service providers have experienced a major hack apart from Weebly.com, who host our websites (see this article for more information); we believe that no client data was compromised, and we changed our Weebly.com passwords afterwards.
If there is a data breach, what happens?
As soon as we become aware of it, we will notify you and take all reasonable steps to mitigate potential harm. If legally required, we will also report it to the relevant government agency.
Will my data be anonymous?
No, because our staff need to know who the data belongs to so that it can be compiled into your personal financial statements, and so that your tax returns can be filed.
Can I see and correct data about me?
Absolutely. We are happy to provide you with a copy of all data we hold, and if there is anything that needs correcting, we'd love to know. Please contact us for this or call 0800890132 line 2. A small fee may be payable to cover our costs in providing this to you.
As far as it is possible, we believe so. To the extent necessary to ensure that our services to the client are completed and in accordance with the law, we make every reasonable effort to protect the confidential information from misuse or unauthorised disclosure.
We have a strict cyber-security policy, that all staff have agreed to. We review our privacy policy every year or sooner.* We also annually review our PCI DSS compliance status. We use commercial-grade internet security products on all computers. All users have also signed a contract with confidentiality and non-disclosure clauses. As data is stored online, we take care to only use reputable and reliable commercial providers for electronic transmission and storage purposes. We carry out regular scans of our websites and we recently organised some penetration testing.
To the best of our knowledge, at the time of writing none of our online service providers have experienced a major hack apart from Weebly.com, who host our websites (see this article for more information); we believe that no client data was compromised, and we changed our Weebly.com passwords afterwards.
If there is a data breach, what happens?
As soon as we become aware of it, we will notify you and take all reasonable steps to mitigate potential harm. If legally required, we will also report it to the relevant government agency.
Will my data be anonymous?
No, because our staff need to know who the data belongs to so that it can be compiled into your personal financial statements, and so that your tax returns can be filed.
Can I see and correct data about me?
Absolutely. We are happy to provide you with a copy of all data we hold, and if there is anything that needs correcting, we'd love to know. Please contact us for this or call 0800890132 line 2. A small fee may be payable to cover our costs in providing this to you.
Choice
Will I be asked for consent?
Yes, as part of the authorisation process, you are asked explicitly for consent.
Could my data be sold?
No. That would breach our code of ethics. We don’t sell your data to anyone.
Yes, as part of the authorisation process, you are asked explicitly for consent.
Could my data be sold?
No. That would breach our code of ethics. We don’t sell your data to anyone.
More Information
Please also see our terms and conditions and disclaimer, which contain further information as well as the Word document below. Feel free to contact us with any questions; please click here to file a complaint.
We do not have a Data Protection Officer, but the closest thing to that would be our Compliance & Privacy Officer, Garreth Collard. Garreth is qualified as a OneTrust Certified Privacy Management Professional. You can contact Garreth using the form here or by phone on 099730706 line 2. Our Assistant Compliance Officer, Marcel Burrows, can be contacted using the form on this page.
We do not have a Data Protection Officer, but the closest thing to that would be our Compliance & Privacy Officer, Garreth Collard. Garreth is qualified as a OneTrust Certified Privacy Management Professional. You can contact Garreth using the form here or by phone on 099730706 line 2. Our Assistant Compliance Officer, Marcel Burrows, can be contacted using the form on this page.
nz privacy act 1993 & gdpr
This document explains how we comply with the NZ Privacy Act 1993 and the General Data Protection Regulation of the European Union when dealing with personal information.
| privacy-policy.docx |
PCI DSS
We are a Level 4 merchant. Please click the Trustwave icon in the footer to find out about our PCI DSS status.
CCPA
Regarding the California Consumer Privacy Act: We have reviewed and amended our policy as required, and we believe it complies with the requirements of this Act.
LGPD
Regarding Brazil's Lei Geral de Proteção de Dados: We do not offer any services in Brazil, collect information from Brazil or process data in Brazil.
* This policy was last updated in July 2020