Privacy Policy

Who we are

Business Advisory Services Australia
ABN: 22 952 174 418
Website: https://bas-au.com.au/
Email: melinda@bas-au.com.au

Copyright

Last updated November 2025

About This Policy

The Privacy Act 1988 (“Privacy Act”) requires entities bound by the Australian Privacy Principles (“APPs”) to have a privacy policy. This privacy policy outlines the personal information handling practices of Business Advisory Services Australia (“BAS-AU”).

This policy is written in simple language. We may modify or amend this Privacy Policy from time to time, as we alter the way we use information, new features are added to our website, or the legislation changes. To let you know when we make change to this Privacy Policy, we will amend the revision date at the top of our Privacy Policy. Therefore, we encourage you to periodically review this Privacy Policy to be informed about how we are protecting your information.

What Is Personal Information?

Personal information includes a broad range of information, or an opinion, that could identify an individual. What is personal information will vary, depending on whether a person can be identified or is reasonably identifiable in the circumstances.

Personal information may include:

  • an individual’s name, signature, address, phone number or date of birth;
  • sensitive information;
  • credit information;
  • employee record information;
  • photographs;
  • internet protocol (IP) addresses;
  • voice print and facial recognition biometrics (because they collect characteristics that make an individual’s voice or face unique); and
  • location information from a mobile device (because it can reveal user activity patterns and habits)

Personal information may also include ‘sensitive information’.

What is Sensitive Information?

Sensitive information is personal information that includes information or an opinion about an individual’s:

  • racial or ethnic origin;
  • political opinions or associations;
  • religious or philosophical beliefs;
  • trade union membership or associations;
  • sexual orientation or practices;
  • criminal record;
  • health or genetic information; and
  • some aspects of biometric information.

Sensitive information may be required to be collected in some circumstances. BAS-AU will only collect sensitive information if it is necessary for business purposes. BAS-AU will generally only collect sensitive information with your consent (unless otherwise permitted or required by law).

All information collected will be used and disclosed by BAS-AU only in accordance with this policy and the law. BAS-AU will take reasonable steps to ensure that all personal information is held securely.

Collection of Personal Information

BAS-AU collects personal information that is reasonably necessary for one or more of its functions or activities or if BAS-AU has received consent to collect the information. If BAS-AU collects sensitive information, BAS-AU must also have obtained consent in addition to the collection being reasonably necessary. The main way BAS-AU collects personal information about you is when you provide it.

BAS-AU collects and stores data on the following individuals and entities in accordance with the APPs:

  • employees and/or contractors of BAS-AU;
  • clients of the BAS-AU;
  • potential clients of BAS-AU; and
  • suppliers to BAS-AU

The type of information that BAS-AU collects and holds may depend on an individual’s relationship with BAS-AU.

How BAS-AU Collects and Holds Personal Information

BAS-AU (and any employees/contractors acting on BAS-AU’s behalf) must collect personal information only by lawful and fair means.  

BAS-AU may collect personal information in a number of ways, including without limitation:  

  • through application forms (e.g. job applications, VIP and loyalty program applications); 
  • by email or other written mechanisms; 
  • over a telephone call; 
  • in person; 
  • through transactions; 
  • through BAS-AU’s website; 
  • through lawful surveillance means such as a surveillance camera;  
  • by technology that is used to support communications between individuals and BAS-AU;  
  • through publicly available information sources (which may include telephone directories, the internet and social media sites); and 
  • direct marketing database providers. 

When BAS-AU collects personal information about an individual through publicly available information sources, it will manage such information in accordance with the APPs.  

At or before the time or, if it is not reasonably practicable, as soon as practicable after, BAS-AU collects personal information, BAS-AU must take such steps as are reasonable in the circumstances to either notify the individual or otherwise ensure that the individual is made aware of the following: 

  • the identity and contact details of BAS-AU; 
  • that BAS-AU has collected personal information from someone other than the individual or if the individual is unaware that such information has been collected;  
  • that collection of personal information is required by Australian law, if it is; 
  • the purpose for which BAS-AU collects the personal information; 
  • the consequences if BAS-AU does not collect some or all of the personal information; 
  • any other third party to which BAS-AU may disclose the personal information collected by BAS-AU; 
  • BAS-AU’s privacy policy contains information about how an individual may access and seek correction of personal information held by BAS-AU and how an individual may complain about a breach of the APPs; and 
  • whether BAS-AU is likely to disclose personal information to overseas recipients, and the countries in which those recipients are likely to be located.  

Indirect Collection

BAS-AU may also collect personal and sensitive information about an individual indirectly, for example, through a third-party such as a referral.

Surveillance

BAS-AU may collect, use and disclose your personal information, including CCTV video and still images, in line with the Privacy Act, State and Territory workplace surveillance laws and any other relevant legislation as applicable.

Unsolicited personal information

Unsolicited personal information is personal information that BAS-AU receives which it did not solicit. Unless BAS-AU determines that it could have collected the personal information in line with the APPs or the information is contained within a Commonwealth record, it must destroy the information to ensure it is de-identified unless BAS-AU determines that it is acceptable for BAS-AU to have collected the personal information.

Information Provided by a Third Party

As part of the recruitment process, where relevant, and with the candidate’s consent, BAS-AU may seek information about a candidate through a third-party such as a recruitment service provider or a former employer.

With the candidate’s consent, BAS-AU may also seek information regarding:

  • prior employment history through reference checks;
  • eligibility to work in Australia through a visa status check;
  • educational qualifications by requesting confirmation of qualifications or results from an academic institution;
  • interview records and details of any pre-employment assessments, including aptitude or other psychometric testing; and
  • ability to perform the inherent requirements of the role, through medical and other allied health professionals, or criminal history check and/or working with children check.

BAS-AU may also access personal information through publicly available networking sites such as Facebook or LinkedIn. 

Information Collected Through BAS-AU’s Website

BAS-AU’s public website, www.bas-au.com.au, is hosted in Australia. There are a number of ways in which BAS-AU collects information through its website, including via numerous online tools, including:

  • cookies;
  • Google Analytics;
  • Google reCAPTCHA;
  • Social Networking Services.

Cookies

Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to improve the website user’s experience.

Most browsers allow the user to choose whether to accept cookies or not. If a user does not want cookies placed on their computer, they must set their browser preferences to reject all cookies before accessing BAS-AU’s website. It is important to note, however, that some data may still be collected separately by tools such as Google Analytics, even though the user has set their browser preferences to reject all cookies.

The information collected about the user using cookies will not ordinarily be personal information, because the user will not be identified or reasonably identifiable BAS-AU from it.

Google Analytics

BAS-AU uses Google Analytics as a website analytics tool to collect data about how you interact with BAS-AU’s website, including:

  • your apps, browsers and devices;
  • your activity; and
  • your location information.

For further information, refer to Google’s Privacy Policy.

Google reCAPTCHA

BAS-AU uses Google reCAPTCHA as a means to eliminate spam attacks and be able to distinguish users from bots. The tool may collect data about how you interact with the website’s smart forms, including:

  • mouse movements;
  • device IP address;
  • date and time when pages were accessed;
  • device type, operating system and browser information;
  • device screen size; and
  • geographic location (city).

This information will be stored on Google’s servers outside of Australia. Content that you enter in BAS-AU’s web forms will not be collected through the use of this tool.

For further information, refer to Google’s Cloud Data Processing Addendum and Google’s Privacy Policy.

Social Networking Services

BAS-AU uses LinkedIn and other social networking platforms to communicate with the public. When a user communicates with BAS-AU using these services, BAS-AU collects the personal information that the user provides to it by engaging in that communication.

Facebook, Instagram, YouTube and LinkedIn each have their own privacy policies.

What Information BAS-AU Collects

BAS-AU may collect personal information about customers necessary for business operations and in accordance with the APPs, including, but not limited to:

  • name;
  • business name;
  • address;
  • email address;
  • phone number;
  • credit card number, expiry data, and CVC; and
  • banking details.

Use and Disclosure of Personal Information

The main purposes for which BAS-AU may use and/or disclose personal information may include, but are not limited to:  

  • to establish, maintain and manage relationships, including to serve functions such as recruitment, payroll, appraisals, and any disciplinary action (including any termination of any employment or engagement) and managing employees’ work and any claim in relation to any injuries or illnesses;
  • to assess or respond to claims, complaints, or conduct, or co-operate with investigations when required;
  • to obtain professional services as required including legal, human resources, industrial relations, accounting and insurance services;
  • work-related administrative purposes;
  • to finalise the terms of a contract, including pay rates;
  • to confirm eligibility to work in Australia;
  • to carry out a contract including, where relevant, its termination;
  • to pay and provide other benefits in accordance with a contract;
  • to make travel bookings on an individual’s behalf;
  • to reimburse expenses claimed;
  • to operate any share scheme including the granting of share options;
  • to operate schemes relating to sick leave, maternity leave, paternity leave, adoption leave, and parental leave;
  • deducting and paying appropriate tax and superannuation contributions;
  • to monitor and protect workplace health and safety;
  • to provide a reference upon request from another employer;
  • for direct marketing purposes (see Direct Marketing);
  • monitoring compliance with BAS-AU policies and BAS-AU’s contractual obligations;
  • to comply with all applicable law;
  • to liaise with any insurers in respect of any insurance policies that relate to you;
  • running BAS-AU’s business and planning for the future;
  • the prevention and detection of fraud or other criminal offences;
  • to defend BAS-AU in respect of any investigation or litigation and to comply with any court or tribunal orders for disclosure;
  • otherwise as permitted or required by law; or
  • otherwise with your consent.

BAS-AU may also collect, hold, use and/or disclose personal information if an individual consents or if required or authorised under law. 

Artificial Intelligence

BAS-AU may use automated decision-making technologies, including Artificial Intelligence (“AI”) systems, to assist with tasks such as content creation, internal workflows or data analysis. These tools may process limited personal information.

BAS-AU will ensure that any use or disclosure of personal information will align with the APPs, including the principles of transparency, purpose limitation, and data minimisation.

Where automated systems are used in decision-making that may materially affect individuals, human review will be maintained where required.

Direct marketing  

BAS-AU may use or disclose personal information (other than sensitive information) about an individual for the purpose of direct marketing (for example, advising a customer about new goods and/or services being offered by BAS-AU). All direct marketing activities will be conducted in accordance with the Do Not Call Register Act 2006 (Cth) Spam Act 2003 (Cth) (“Spam Act”).

BAS-AU may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.

Overseas Disclosure

BAS-AU may share personal information with employees located in countries outside of Australia, where some employees may be based. BAS-AU will not share personal information with any entities based outside of Australia.

Where personal information is transmitted between systems, including those accessed by personnel located overseas, BAS-AU ensures that such disclosures are managed in accordance with the APPs.

Do Not Call Register and Spam Act

BAS-AU will meet the requirements of the Do Not Call Register (“DNCR”) and the Spam Act as set out below.

Do Not Call Register

BAS-AU cannot make direct telemarketing calls to a number listed on the DNCR unless the individual has consented.

BAS-AU must ensure that all agreements for the purpose of making telemarketing calls include an express provision that requires compliance with the DNCR Act.

Any telemarketing activities will be conducted in accordance with the Telecommunications (Telemarketing and Research Calls) Industry Standard 2017.

Spam Act

Any direct marketing activities using a commercial electronic message, such as an email, instant message, SMS or MMS, will be conducted in accordance with the Spam Act. This requires:

  • commercial electronic messages to be sent with the consent of the recipient
  • accurate sender identification including the sender’s contact information
  • a functional unsubscribe mechanism

A partial exemption from these requirements applies with respect to certain messages (such as messages of a factual nature only, without a commercial element).

Disclosure of Personal Information

BAS-AU may disclose personal information for any of the purposes for which it is was collected, or where it is under a legal duty to do so.  

Disclosure will usually be internally and to related entities or to third parties such as contracted service suppliers.  

If an employee discloses personal information to a third party in accordance with this policy, the employee must take steps as are reasonable in the circumstances to ensure that the third party does not breach the APPs in relation to the information. 

Access to Personal Information

If BAS-AU holds personal information about an individual, the individual may request access to that information by putting the request in writing and sending it to the Privacy Officer. BAS-AU will respond to any request within a reasonable period (within 30 days), and a charge may apply for giving access to the personal information where BAS-AU incurs any unreasonable costs in providing the personal information.  

There are certain circumstances in which BAS-AU may refuse to grant an individual access to personal information. In such situations BAS-AU will provide the individual with written notice that sets out:  

  • the reasons for the refusal; and 
  • the mechanisms available to you to make a complaint. 

If you would like to make an enquiry or complaint about how BAS-AU has handled your personal information, of if you wish to request access or correction to your personal information, or if you have questions or comments about this privacy policy, you can contact:

Name: Privacy Officer

Phone number: 0447 136 246

Email address: melinda@bas-au.com.au

Mailing address: Suite 1239, 68-72 Cameron Street, Launceston TAS 7250

Correction of Personal Information

If BAS-AU holds personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, it must take steps as are reasonable to correct the information. 

If BAS-AU holds personal information and an individual makes a request in writing addressed to the Privacy Officer to correct the information, BAS-AU must take steps as are reasonable to correct the information and BAS-AU will respond to any request within a reasonable period. 

There are certain circumstances in which BAS-AU may refuse to correct the personal information. In such situations BAS-AU will give the individual written notice that sets out:  

  • the reasons for the refusal; and 
  • the mechanisms available to the individual to make a complaint. 

If BAS-AU corrects personal information that it has previously supplied to a third party and an individual requests BAS-AU to notify the third party of the correction, BAS-AU will take such steps as are reasonable to give that notification unless impracticable or unlawful to do so. 

Integrity and Security of Personal Information

BAS-AU will take such steps (if any) as are reasonable in the circumstances to ensure that the personal information that it collects is accurate, up-to-date and complete.  

Employees must take steps as are reasonable in the circumstances to protect the personal information from misuse, interference, loss and from unauthorised access, modification or disclosure. 

If BAS-AU holds personal information and it no longer needs the information for any purpose for which the information may be used or disclosed and the information is not contained in any Commonwealth record and BAS-AU is not required by law to retain the information, it will take such steps as are reasonable in the circumstances to destroy the information or to ensure it is de-identified.  

Anonymity and Pseudonymity

Individuals have the option of not identifying themself, or using a pseudonym, when dealing with BAS-AU in relation to a particular matter. This does not apply:  

  • where BAS-AU is required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or 
  • where it is impracticable for BAS-AU to deal with individuals who have not identified themselves or who have used a pseudonym. 

However, in some cases if an individual does not provide BAS-AU with the personal information when requested, BAS-AU may not be able to respond to the request or provide you with the goods or services that you are requesting.  

Complaints

Individuals have a right to complain BAS-AU’S handling of personal information if the individual believes BAS-AU has breached the APPs.  

Complaints will be dealt with in accordance with BAS-AU’S complaints procedure and BAS-AU will provide a response within a reasonable period.  

Individuals who are dissatisfied with BAS-AU’S response to a complaint, or who do not receive a response to a complaint within a reasonable period, may refer the complaint to the Office of the Australian Information Commissioner.