Crestani Partners

Privacy Policy

Our Commitment  

The purpose of this Privacy Policy is to communicate to you how we manage, collect, deal with, protect and allow access to personal information in accordance with the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (the APPs). We understand the importance placed on the privacy of your personal information. We will endeavour to make you aware of the contents of this Privacy Policy before or as soon as reasonably practicable after collecting any personal information about you.

Through this Privacy Policy we have aimed to be as clear, open and transparent as possible about these matters, but if you have any questions, do not hesitate to contact us at privacy@crestanipartners.com.au

Please note that this Privacy Policy forms part of the Terms of Use document, which is displayed at the footer of our Website.

Scope 

This Privacy Policy applies to our management of the personal information of our clients, customers, suppliers and prospective employees. This Privacy Policy does not apply to our acts and practices which relate directly to the employee records of our current and former employees. 

Why do we collect, hold, use and disclose personal information? 

We collect, hold, use and disclose personal information for the following purposes: 

  • to provide professional services; 
  • to provide technology services and solutions; 
  • to respond to requests or queries; 
  • to maintain contact with our clients and other contacts; 
  • to keep our clients and other contacts informed of our services and industry developments; 
  • to notify of seminars and other events; 
  • to verify your identity; 
  • for administrative purposes, including processing payment transactions; 
  • for recruitment purposes; 
  • for purposes relating to the employment of our personnel, providing internal services or benefits to our partners and staff and for matters relating to Crestani Partners; 
  • when engaging service providers, contractors or suppliers relating to the operation of our business; 
  • to manage any conflict of interest or independence (including auditor independence) obligations or situations; 
  • to meet any regulatory obligations; or 
  • for any other business related purposes. 

Unless otherwise provided by law, we will not collect, hold, use or disclose sensitive information without your consent. 

If you would like to access any of our services on an anonymous basis or by using a pseudonym, please tell us. However, we will require you to identify yourself if: 

  • we are required by law to deal with individuals who have identified themselves; or 
  • it is impracticable for us to deal with you if you do not identify yourself or elect to use a pseudonym. 

Please be aware that your request to be anonymous or to use a pseudonym may affect our ability to provide you with the requested goods and/or services. 

What kind of personal information do we collect and use? 

The nature and extent of personal information that we collect varies depending on your particular interaction with us and the nature of our functions and activities. 

Personal information that we commonly collect, hold, use and disclose could include: 

  • names, title, job titles, employer, contact and address details 
  • information in identification documents (for example, passport, driver’s licence) 
  • tax file numbers and other government-issued identification numbers 
  • date of birth and gender 
  • bank account and credit card details, shareholdings and details of investments 
  • details of superannuation and insurance arrangements 
  • educational qualifications, employment history, salary and referee reports 
  • visa or work permit status 
  • your Internet Protocol (IP) address 
  • qualifications, memberships and other accreditations 
  • payment details  
  • nature of business 
  • personal information about your spouse and dependants 
  • racial or ethnic background, political or religious beliefs 
  • advice received from the client or prospective client that may contain additional personal information, such as family relationships and other business related connections 

It may be necessary in some circumstances for Crestani Partners to collect sensitive information about you to provide specific services or for recruiting purposes. Examples of the types of sensitive information that may be collected in such circumstances include professional memberships, ethnic origin, criminal record and health information. 

Unsolicited information

In the event Crestani Partners collects personal information from you, or a third party, in circumstances where we have not requested or solicited that information (known as unsolicited information), and it is determined by Crestani Partners (in its absolute discretion) that the personal information is not required, we will destroy the information or ensure that the information is de-identified.  

In the event that the unsolicited personal information collected is in relation to potential future employment with Crestani Partners, such as your CV, resume or candidacy related information, and it is determined by Crestani Partners (in its absolute discretion) that it may consider you for potential future employment, Crestani Partners may keep the personal information on its human resource records.  

How do we collect and hold personal information? 

Generally, we collect your personal information from you directly (for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey, or when you use our website or our social media). 

Sometimes it may be necessary for us to collect your personal information from a third party. For example, we may collect your personal information from your employer where they are our client, from your personal representative, a Crestani Partners related entity or a publicly available record. 

Prior consent will be sought from you prior to obtaining information from external sources such as direct feeds of financial information from banks or similar institutions as part of services provided to a client. 

We may also collect personal information about you from your use of our websites and information you provide to us through contact mailboxes or through the registration process on our websites. 

If you feel that the information that we are requesting, either on our forms or in our discussions with you, is not information that you wish to provide, please feel free to raise this with us. 

In some situations we may also obtain personal information about you from a third party source. If we collect information about you in this way, we will take reasonable steps to contact you and ensure that you are aware of the purposes for which we are collecting your personal information and the organisations to which we may disclose your information, subject to any exceptions under the Privacy Act. 

If we receive unsolicited personal information about you that we could not have collected in accordance with this Privacy Policy and the Privacy Act, we will within a reasonable period, destroy or de-identify such information received. 

We hold personal information in hard copy and electronic formats. We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. We also have document retention policies and processes in place in line with varying legislative and regulatory requirements. 

In some cases, we engage third parties cloud service providers for the use of their software programs or to host electronic data (including data in relation to the services we provide) on our behalf. 

Our internet service provider may record details of visits to our site and when visiting our site your visit may be logged and the following information may be collected: 

  • your server address, domain name and browser type; 
  • the date and time of your visit to the site; 
  • the pages accessed and the documents downloaded; 
  • the previous website visited; 
  • your operating system; and 
  • the links you followed from other sites to get to our site. 

The information listed above will only be used by us internally for statistical and research purposes. 

Sensitive information 

Sensitive information is a subset of personal information.  It means information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates. 

Our policy is that we attempt not to collect sensitive information about our clients or prospective clients, however that may not always be possible. If any of our clients or prospective clients elects to provide us with any sensitive personal information, we will take all reasonable steps to ensure that the sensitive information is securely protected. 

In the event we propose to use such personal information other than for the reasons set out in this policy, we will first notify you or seek your consent prior to such use. 

When do we use and disclose your personal information? 

We will only use and disclose your personal information: 

  • if we get your consent; or 
  • for purposes which are related to the purposes for which the information was collected, in accordance with this Privacy Policy and the Privacy Act. 

For the purposes referred to in this Privacy Policy, we may disclose your personal information to other parties including: 

  • your referees; 
  • your former employers; 
  • credit agencies; 
  • our professional advisors, including our auditors and lawyers; § government or regulatory bodies or agencies, as part of an engagement or otherwise, (for example, the Australian Taxation Office). 
  • our contractors and suppliers. 

In certain circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where a client would reasonably expect us to and the purpose is related to the purpose of collection). 

For tax clients, tax file numbers: 

  • can be collected by tax agents and accountants; 
  • can be used only to conduct client’s affairs; and 
  • can be disclosed only to client and the Australian Tax Office. 

We will only use or disclose your personal information for the purposes of direct marketing if: 

  • we collected the information from you; 
  • it is reasonable in the circumstances to expect that we would use or disclose the information for direct marketing purposes; 
  • we provide you with a simple means to ‘opt-out’ of direct marketing communications from us; and 
  • you have not elected to ‘opt-out’ from receiving such direct marketing communications from us. 

Crestani Partners will ordinarily make the following disclosures of your personal information where it is necessary to support the delivery of the client services or other related activities: 

  • third party service providers utilised in connection with any administrative matters; 
  • service providers (including IT service providers and consultants) who assist Crestani Partners in providing or marketing our services; 
  • third parties in connection with the sale of any part of Crestani Partners business; 
  • our contractors and agents; 
  • superannuation details to a fund administrator; 
  • Tax File Number Declaration to the Australian Taxation Office; 
  • where Crestani Partners is required by law to provide personal information so that Crestani Partners complies with court orders, subpoenas or other legislation that requires us to provide personal information (for example, a garnishee order). 
  • your superannuation company; and 
  • the Australian Taxation Office. 

We may also provide a client’s or prospective client’s personal information to credit reporting bodies and other credit providers. Our separate credit reporting policy sets out how we deal with credit-related information. 

We may also use or disclose your personal information and in doing so we are not required to seek your additional consent: 

  • when it is disclosed or used for a purpose related to the primary purposes of collection detailed above and you would reasonably expect your personal information to be used or disclosed for such a purpose; 
  • if we reasonably believe that the use or disclosure is necessary to lessen or prevent a serious or imminent threat to an individual’s life, health or safety or to lessen or prevent a threat to public health or safety; 
  • if we have reason to suspect that unlawful activity has been, or is being, engaged in; or 
  • if it is required or authorised by law. 

Should it be necessary for Crestani Partners to forward personal information to third parties outside the firm, we will make every effort to ensure that the confidentiality of the information is protected. 

In the event we propose to disclose such personal information other than for the reasons set out in this policy, we will first notify you or seek your consent prior to such disclosure. 

If you have received communications from us and you no longer wish to receive those sorts of communications, you should contact us via email or contacting our office. 

Do we send information overseas? 

It is unlikely that we will disclose personal information to overseas recipients. 

If we disclose personal information to overseas recipients, we will take reasonable steps to ensure that such recipients do not breach the Privacy Act and the APPs unless: 

  • we believe that the overseas recipient is subject to a law that has the same effect of protecting personal information in a way that, overall, is at least substantially similar to the way in which the Privacy Act and the APPs protect personal information and there are mechanisms available for you to access to take action to enforce that protection of law; or 
  • we obtain your express consent to the disclosure of personal information to overseas recipients. 

Access to and correction of your personal information 

You have a right to access your personal information. 
We are not obliged to allow access to your personal information if: 

  • we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; 
  • giving access would have an unreasonable impact on the privacy of other individuals; 
  • the request for access is frivolous or vexatious; 
  • the information relates to existing or anticipated legal proceedings between you and us and would not ordinarily be accessible by the discovery process in such proceedings; 
  • giving access would reveal our intentions in relation to negotiations with you in a way that would prejudice those negotiations; 
  • giving access would be unlawful; 
  • denying access is required or authorised by or under an Australian law or a court/tribunal order; 
  • we have reason to suspect that unlawful activity, or misconduct of a serious nature relating to our functions or activities has been, is being or may be engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; 
  • giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or 
  • giving access would reveal internal evaluative information in connection with a commercially sensitive decision-making process. 

We will also take reasonable steps to correct personal information to ensure that, having regard to the purpose for which it is held, it is accurate, up-to-date, complete, relevant and not misleading if: 

  • we are satisfied the information is inaccurate, out-of-date, incomplete, irrelevant or misleading, having regard to a purpose for which it is held; or 
  • you request us to correct the information. 

If you make a request for access to or correction of personal information, we will: 

  • respond to your request within a reasonable period; and 
  • if reasonable and practicable, give access to or correct the information in the manner requested. 

If we refuse to give access to the personal information because of an exception or in the manner requested by you, we will give you a written notice that sets out at a minimum: 

  • our reasons for the refusal (to the extent it is reasonable to do so); and 
  • the mechanisms available to complain about the refusal. 

If we refuse a request to correct personal information, we will: 

  • give you a written notice setting out the reasons for the refusal and how you may make a complaint; and 
  • take reasonable steps to associate a statement with personal information it refuses to correct 

We reserve the right to charge you reasonable expenses for providing access or making a correction to personal information, for example, a fee for photocopying any information requested by you. 

Nothing in this Privacy Policy replaces other informal or legal procedures by which an individual can be provided with access to or to correct personal information 
Integrity of your personal information 

We will take reasonable steps to: 

  • ensure that the personal information that we collect is accurate, up to date and complete; 
  • ensure that the personal information we hold, use or disclose is, with regard to the relevant purpose, accurate, up to date, complete and relevant; and 
  • secure your personal information. 

We will take reasonable steps to protect personal information from: 

  • misuse, interference and loss; and 
  • unauthorised access, modification or disclosure. 

We will take reasonable steps to destroy or de-identify personal information that we hold if we no longer need the information for the primary purpose for which the information was collected and we are not otherwise required by law to retain the information. 

Crestani Partners will take all reasonable steps to make sure that any personal information collected, used or disclosed is accurate, complete and up to date. As the accuracy of personal information largely depends on the information that you provide to us, we request that you advise us of any errors in or updates require to your personal information. If you believe that the information we hold about you is inaccurate or out of date, they may contact our Privacy Officer  and we will update the relevant information accordingly. 

How we store your personal information 

Once we collect your personal information, we will either hold it securely and store it on infrastructure owned or controlled by us or with a third party service provider who have taken reasonable steps to ensure they comply with the Privacy Act. 

Crestani Partners will take all reasonable steps to protect against the loss, misuse and/or alteration of the information under its control, and that the information it holds is accurate, complete and up to date including through appropriate physical and electronic security strategies. 

Only authorised Crestani Partners personnel are provided access to personal information, and these employees are required to treat this information as confidential. We may need to maintain records for a significant period of time. However, when we consider information is no longer needed, we will destroy or permanently de-identify these records. 

Our policy is that all electronic records are only stored within Australia whenever this is commercially feasible. However, on occasion, a limited number of specialist software applications may involve the storage of personal data at an overseas location where a suitable alternative is not available. We presently disclose some information to the jurisdictions in personal information disclosure of this policy in limited circumstances. 

Crestani Partners will only store data with an external provider if a technical assessment of a service provider’s security protocols is considered to meet or exceed the level of security that Crestani Partners could apply if the electronic data were to be stored in Crestani Partner’s own in-house systems and where we are satisfied that Crestani Partners is able to meet its commitments under Australian Privacy Legislation. 

Access to personal information 

Under the Australian Privacy Principles, you have the right to request access to any personal information that we may hold about you and to advise us if the information should be corrected. The Australian Privacy Principles set out the circumstances when we can refuse those requests. If we do refuse your request, we will provide you with a written notice that sets out the reasons (unless it would be unreasonable to provide them to you). 

Subject to our right to refuse access, Crestani Partners will provide you with a report that lists any personal information that we may hold about you. 

Our policy is to provide written acknowledgement of our receipt of any request for access to personal information or a request for correction of personal information within 7 days of the request being received. We will then provide a written response within 30 days of our receipt of the request. 
If you would prefer to submit a privacy request using a pseudonym or otherwise keep your identity secret, Crestani Partners will do its best to support that request if it is feasible to do so under the circumstances. 

Complaints 

If you would like to make a complaint about the way we collect, use, disclose, store or administer your personal information, or otherwise consider there may be a breach of the Privacy Act or the APPs, you can contact the Privacy Officer as set out in the ‘How to contact us’ section. 

All complaints will be treated seriously and dealt with promptly. 

You may also make a complaint directly to the Office of the Australian Information Commissioner (OAIC) online, by mail, fax or email. Please visit the OAIC website at https://www.oaic.gov.au/privacy/making-a-privacy-compaint for more information. 

How to contact us 

If you would like more information on privacy or have any questions in relation to this policy please contact our Privacy Officer. 

Privacy Officer 
Crestani Partners 

Suite 1 80-82 Bathurst Street 

Liverpool NSW 2170 

Phone 02 9600 9444 

Policy Approved – August 2025