This is the data privacy policy for Epsomtax.com group, which includes Epsomtax.com Limited, Property Accountants Auckland Limited, and Outsourced etc NZ Limited. Your responsibilities under the subheading "If there is a data breach, what happens?" are also outlined in your contract.
Value
What will client data be used for?
Client data will only be used to compile client financial statements and file client tax returns. Epsomtax.com group may also make recommendations to the client to improve their business or expand their property portfolio, based on the information they have provided.
What are the benefits and who will benefit?
The benefits are that the client is helped to comply with tax laws in New Zealand, their tax return/s will be filed, and maybe they will get a nice tax refund. So it is principally for the client's benefit. Epsomtax.com group charges for their services, which means you as an employee or contractor get paid, so that means there is a benefit for you too.
Who will be using client data?
The staff and contractors of the EpsomTax.com group, all of whom are required to sign confidentiality agreements, and comply with Epsomtax.com group cyber-security policy. Epsomtax.com group does not sell client data to anyone
Client data will only be used to compile client financial statements and file client tax returns. Epsomtax.com group may also make recommendations to the client to improve their business or expand their property portfolio, based on the information they have provided.
What are the benefits and who will benefit?
The benefits are that the client is helped to comply with tax laws in New Zealand, their tax return/s will be filed, and maybe they will get a nice tax refund. So it is principally for the client's benefit. Epsomtax.com group charges for their services, which means you as an employee or contractor get paid, so that means there is a benefit for you too.
Who will be using client data?
The staff and contractors of the EpsomTax.com group, all of whom are required to sign confidentiality agreements, and comply with Epsomtax.com group cyber-security policy. Epsomtax.com group does not sell client data to anyone
Protection
Is client data secure?
As far as it is possible, we believe so. To the extent necessary to ensure that our services to the client are completed and in accordance with the law, we make every reasonable effort to protect the confidential information from misuse or unauthorised disclosure.
We have a strict cyber-security policy, that all staff must agree to. We review our privacy policy every year or sooner.* We also annually review our PCI DSS compliance status. We use commercial-grade internet security products on all computers. All staff and contractors must sign a contract with confidentiality and non-disclosure clauses. As data is stored online, we take care to only use reputable and reliable commercial providers for electronic transmission and storage purposes. We carry out regular scans of our websites and we recently organised some penetration testing.
To the best of our knowledge, at the time of writing none of our online service providers have experienced a major hack apart from Weebly.com, who host our websites (see this article for more information); we believe that no client data was compromised, and we changed our Weebly.com passwords afterwards.
If there is a data breach, what happens?
As soon as you become aware of it, you as a contractor or staff member will immediately notify the Managing Director (Garreth Collard) by email. If you do not receive a response within 15 minutes, you will need to call Garreth on Viber, and leave a voice message: even if out of NZ business hours!
Garreth will then coordinate the response to the client and take all reasonable steps to mitigate potential harm. If legally required, we will also report it to the relevant government agency.
Will client data be anonymous?
No, because Epsomtax.com group staff need to know who the data belongs to so that it can be compiled into the client's personal financial statements, and so that client tax returns can be filed.
Can a client see and correct data that we hold about them?
Absolutely. We are happy to provide clients with a copy of all data we hold, and if there is anything that needs correcting, we'd love to know. Clients should use the contact us form for this or call 0800890132 line 2. A small fee may be payable to cover Epsomtax.com group's costs in providing this to the client.
As far as it is possible, we believe so. To the extent necessary to ensure that our services to the client are completed and in accordance with the law, we make every reasonable effort to protect the confidential information from misuse or unauthorised disclosure.
We have a strict cyber-security policy, that all staff must agree to. We review our privacy policy every year or sooner.* We also annually review our PCI DSS compliance status. We use commercial-grade internet security products on all computers. All staff and contractors must sign a contract with confidentiality and non-disclosure clauses. As data is stored online, we take care to only use reputable and reliable commercial providers for electronic transmission and storage purposes. We carry out regular scans of our websites and we recently organised some penetration testing.
To the best of our knowledge, at the time of writing none of our online service providers have experienced a major hack apart from Weebly.com, who host our websites (see this article for more information); we believe that no client data was compromised, and we changed our Weebly.com passwords afterwards.
If there is a data breach, what happens?
As soon as you become aware of it, you as a contractor or staff member will immediately notify the Managing Director (Garreth Collard) by email. If you do not receive a response within 15 minutes, you will need to call Garreth on Viber, and leave a voice message: even if out of NZ business hours!
Garreth will then coordinate the response to the client and take all reasonable steps to mitigate potential harm. If legally required, we will also report it to the relevant government agency.
Will client data be anonymous?
No, because Epsomtax.com group staff need to know who the data belongs to so that it can be compiled into the client's personal financial statements, and so that client tax returns can be filed.
Can a client see and correct data that we hold about them?
Absolutely. We are happy to provide clients with a copy of all data we hold, and if there is anything that needs correcting, we'd love to know. Clients should use the contact us form for this or call 0800890132 line 2. A small fee may be payable to cover Epsomtax.com group's costs in providing this to the client.
Choice
Will the client be asked for consent?
Yes, as part of the authorisation process, the client is asked explicitly for consent.
Could client data be sold?
No. That would breach our code of ethics. We don’t sell client data to anyone.
Yes, as part of the authorisation process, the client is asked explicitly for consent.
Could client data be sold?
No. That would breach our code of ethics. We don’t sell client data to anyone.
More Information
Please also see our terms and conditions and disclaimer, which contain further information as well as the Word document below. Feel free to contact us with any questions; please click here to file a complaint.
We do not have a Data Protection Officer, but the closest thing to that would be our Compliance & Privacy Officer, Garreth Collard.You can contact Garreth using the form here or by phone on 099730706 line 2. Our Assistant Compliance Officer, Marcel Burrows, can be contacted using the form on this page.
We do not have a Data Protection Officer, but the closest thing to that would be our Compliance & Privacy Officer, Garreth Collard.You can contact Garreth using the form here or by phone on 099730706 line 2. Our Assistant Compliance Officer, Marcel Burrows, can be contacted using the form on this page.
nz privacy act 1993 & gdpr
This document explains how we comply with the NZ Privacy Act 1993 and the General Data Protection Regulation of the European Union when dealing with personal information.
| privacy-policy.docx |
PCI DSS
We are a Level 4 merchant. Please click the Trustwave icon in the footer to find out about our PCI DSS status.
CCPA
Regarding the California Consumer Privacy Act: We have reviewed and amended our policy as required, and we believe it complies with the requirements of this Act.
LGPD
Regarding Brazil's Lei Geral de Proteção de Dados: We do not offer any services in Brazil, collect information from Brazil or process data in Brazil.
* This policy was last updated in July 2020