Privacy Policy

Last updated: 26 June 2026

1. About this Privacy Policy

STH Bookkeeping Pty Ltd, ABN 85 660 289 921, referred to in this Privacy Policy as STH Bookkeeping, STH, we, us or our, respects your privacy and is committed to protecting the personal information entrusted to us.

This Privacy Policy explains how we collect, hold, use, disclose and protect personal information when you:

visit our website;
contact or communicate with us;
request a quote or information;
engage us to provide bookkeeping, payroll, BAS agent or support services;
interact with us through social media, email, telephone or online forms;
are an employee, contractor, representative or client contact whose information is provided to us; or
otherwise deal with STH Bookkeeping.

We manage personal information in accordance with the Privacy Act 1988 (Cth), the Australian Privacy Principles where they apply, the Tax Agent Services Act 2009, the Tax Practitioners Board Code of Professional Conduct and other applicable Australian laws and professional obligations.

2. STH Bookkeeping and The Business & Wealth Collective

STH Bookkeeping is part of The Business & Wealth Collective, a connected ecosystem of specialist businesses providing bookkeeping, tax and compliance, business advisory, branding and marketing services.

STH Bookkeeping is a separate legal entity and remains responsible for the personal information it collects and holds.

Personal information provided to STH Bookkeeping is not automatically made available to Business & Wealth Collective Pty Ltd or to every business within the BWC ecosystem.

We may share relevant information with another BWC specialist business only where:

you have requested or consented to the referral or collaboration;
sharing is reasonably necessary to provide a service you have requested;
the other business is providing authorised administrative, technology or professional support to STH;
the disclosure is permitted or required by law; or
another permitted basis for disclosure applies.

Where information is referred to or collected directly by another BWC business, that business may handle the information under its own privacy policy and engagement terms.

We do not use confidential bookkeeping, payroll, tax or financial information to promote unrelated BWC services without an appropriate basis and, where required, your consent.

3. Personal information we may collect

The types of personal information we collect depend on the nature of our relationship with you and the services being provided.

Contact and identification information

This may include:

name;
residential, postal or business address;
email address;
telephone number;
date of birth;
position, occupation or job title;
business or employer details;
identification information required for client verification; and
details of authorised representatives, directors, employees or advisers.

Business and financial information

This may include:

business names, entity information and ABNs;
accounting files and transaction records;
invoices, receipts and expense information;
bank account and payment details;
financial statements and reports;
accounts payable and receivable information;
cash flow, budgeting and reporting information;
payroll and superannuation information;
BAS, IAS, GST and other taxation-related records;
information required for ATO dealings and lodgements;
previous accounting or bookkeeping records; and
information received from your accountant, tax agent, financial adviser or other authorised representative.

Payroll and employee information

Where we provide payroll or employment-related support to a client, we may process personal information about the client’s employees, workers or contractors, including:

names and contact details;
dates of birth;
employment commencement and termination information;
salary, wages, allowances and deductions;
timesheets, leave and entitlement information;
bank account details;
tax file numbers and tax declaration information;
superannuation fund and membership details;
Single Touch Payroll information;
employment classifications and payroll records; and
other information reasonably required to administer payroll and employment obligations.

Clients who provide us with personal information about employees, contractors or other individuals must ensure they are authorised to provide that information and have given any required privacy notices.

Government identifiers and verification information

We may collect tax file numbers, Australian business numbers and other government-related identifiers where necessary to provide our services or meet legal and professional obligations.

We do not adopt government identifiers as our own internal identifiers and only use or disclose them where permitted or required by law.

Where identity verification is required, we aim to collect and retain only the information reasonably necessary to record that the verification was completed. Copies of identity documents are not retained unless reasonably necessary or required.

Website and technical information

When you use our website or digital services, we may collect:

IP address;
browser and device information;
approximate location;
pages viewed and links selected;
referring website information;
session and interaction data;
cookie identifiers;
form submissions;
marketing preferences; and
information about how visitors use our website.

Communications and service records

We may retain:

emails, messages and correspondence;
telephone or meeting notes;
instructions and approvals;
engagement documents;
complaints and feedback;
records of advice and services provided; and
other information relevant to our professional relationship with you.

Sensitive information

In some circumstances, payroll, employment or client records may contain sensitive information, such as health information, professional or trade association information or other protected information.

We collect sensitive information only where it is reasonably necessary, you have consented, or the collection is otherwise authorised or required by law.

4. How we collect personal information

We may collect personal information:

directly from you;
through our website, forms, email, telephone, meetings or social media;
through letters of engagement, questionnaires and onboarding processes;
from your employees, authorised representatives or business partners;
from accountants, tax agents, financial advisers, lawyers, bookkeepers and other professional advisers;
from accounting, payroll, banking or document-management systems to which you have authorised access;
from the ATO or other government bodies where access or authority has been provided;
from another BWC specialist business where you have requested or consented to a referral;
from publicly available records and professional registers; and
through website cookies, analytics and similar technologies.

Where reasonable and practicable, we collect personal information directly from the individual concerned.

5. Why we collect, use and hold personal information

We may collect, use and hold personal information to:

respond to enquiries and requests for quotes;
assess whether we can provide appropriate services;
onboard and identify clients and authorised representatives;
provide bookkeeping, payroll, BAS agent and administrative support services;
prepare, review or lodge BAS, IAS, payroll and other authorised forms;
communicate with the ATO, superannuation funds, banks, accountants and other authorised parties;
process payroll and maintain financial records;
communicate about services, deadlines and client responsibilities;
issue invoices and manage payments;
administer our client relationships and engagements;
maintain professional client records and working papers;
meet legal, regulatory, insurance and professional obligations;
manage complaints, disputes, audits or investigations;
detect or prevent fraud, misuse, security threats and unauthorised access;
improve our website, systems, services and client experience;
operate and administer our business;
coordinate an authorised referral or service with another BWC specialist;
provide service updates or marketing communications where permitted; and
exercise or defend legal rights.

If required personal information is not provided, we may be unable to respond fully to an enquiry, verify an individual’s authority or provide some or all requested services.

6. Anonymity and pseudonyms

You may contact us anonymously or using a pseudonym where it is lawful and practicable to do so.

However, bookkeeping, payroll and BAS agent services generally require us to identify the client and relevant individuals. We may therefore be unable to provide professional services unless accurate identification and business information is supplied.

7. How we may disclose personal information

We may disclose personal information to:

our directors, employees and authorised contractors;
professional advisers, auditors, insurers and legal representatives;
accounting, payroll, practice-management, document-management and cloud software providers;
website, hosting, email, communications, security and IT providers;
payment processors, banks and financial institutions;
the ATO and other government or regulatory bodies;
the Tax Practitioners Board;
superannuation funds and payroll-related service providers;
your accountants, tax agents, advisers or other authorised representatives;
another BWC specialist business where you have authorised or requested a referral or coordinated service;
debt recovery, dispute-resolution or legal service providers;
a purchaser or adviser involved in a proposed restructure, merger or sale of the business, subject to appropriate confidentiality protections; and
other parties where you have consented or where disclosure is permitted or required by law.

As a registered BAS agent, we do not disclose confidential client information to a third party unless the client has given permission or we have a legal duty or other lawful basis to do so.

We do not sell or rent personal information.

8. Service providers and overseas processing

We use technology and cloud service providers to operate our website, communicate with clients, manage documents, deliver services and maintain business systems.

Some providers may store, process, back up or provide support access to personal information outside Australia. At the date of this policy, likely overseas locations include the United States, as well as other jurisdictions in which the relevant technology provider or its subcontractors operate.

The specific locations may depend on:

the software selected by STH or the client;
the provider’s hosting arrangements;
the client’s accounting or payroll platform;
backup and support arrangements; and
changes made by the relevant technology provider.

Where Australian privacy laws apply, we take reasonable steps to select reputable service providers and to ensure overseas disclosures are handled consistently with applicable privacy requirements.

We do not intentionally provide confidential client financial information to an offshore contractor or another overseas third party for professional work without appropriate safeguards and any permission required by our professional obligations.

You may contact us for more information about the service providers and likely overseas locations relevant to your information.

9. Website cookies, analytics and advertising technologies

Our website may use cookies, pixels, tags and similar technologies to:

operate essential website functions;
remember settings and preferences;
understand website traffic and visitor behaviour;
measure website and marketing performance;
improve website content and usability;
prevent fraud or security incidents; and
support advertising and remarketing activities.

These technologies may be provided by Wix, Google, Meta and other website or marketing service providers.

You can restrict or delete cookies through your browser settings. Blocking certain cookies may affect how some parts of the website operate.

Where required, we will provide additional choices or consent mechanisms for non-essential tracking technologies.

10. Direct marketing

We may send information about STH services, events, resources or relevant BWC services where:

you have expressly consented;
consent can reasonably be inferred in the circumstances;
the communication is otherwise permitted by law; or
the communication is a non-marketing service message relating to an existing engagement.

Marketing emails or messages will identify the sender and include a method to unsubscribe where required.

You may withdraw your marketing consent at any time by:

selecting the unsubscribe option in the message;
contacting us using the details below; or
updating your communication preferences where that option is available.

Withdrawing marketing consent will not prevent us from sending essential communications relating to an active engagement, legal obligation, invoice, deadline or requested service.

11. Security of personal information

We take reasonable administrative, physical and technical steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure.

Depending on the nature of the information and relevant systems, these measures may include:

access permissions and role-based controls;
multi-factor authentication;
password and account-management controls;
secure cloud platforms;
encryption and secure transmission methods;
device and network security;
backups and recovery processes;
confidentiality obligations;
staff training and internal procedures;
service-provider assessments; and
secure destruction or de-identification processes.

No electronic transmission or storage system can be guaranteed to be completely secure. Clients should avoid sending highly sensitive information through unsecured channels and should contact us if they require an alternative secure method.

12. Retention and disposal

We retain personal information for as long as it is reasonably required to:

provide services;
manage an active or former client relationship;
comply with taxation, corporate, employment and professional record-keeping requirements;
respond to disputes, complaints, audits or legal proceedings;
maintain insurance records; and
protect our legitimate legal interests.

Records relating to BAS agent or tax agent services are generally retained for at least five years after the relevant service has been completed, or for a longer period where another legal or professional requirement applies.

When information is no longer required and there is no legal or professional reason to retain it, we take reasonable steps to securely destroy it or de-identify it.

13. Accessing or correcting personal information

You may request access to personal information we hold about you or ask us to correct information that is inaccurate, out of date, incomplete, irrelevant or misleading.

Requests should be sent to our Privacy Officer using the contact details below.

We may need to verify your identity and authority before responding. In some circumstances, access may be refused or limited where permitted by law, including where providing access would unreasonably affect another person’s privacy or reveal legally privileged or confidential information.

Where access or correction is refused, we will provide reasons where required.

14. Data breaches

A data breach may occur if personal information is lost, accessed or disclosed without authorisation.

We maintain processes for assessing and responding to suspected privacy and security incidents. Where a breach is likely to result in serious harm and the Notifiable Data Breaches scheme applies, we will notify affected individuals and the Office of the Australian Information Commissioner as required.

15. Privacy complaints

You may contact us if you have a question, concern or complaint about how we have handled personal information.

Please provide enough information for us to understand and investigate the matter. We will acknowledge the complaint and aim to respond within a reasonable period, ordinarily within 30 days.

If you are not satisfied with our response, you may make a complaint to the Office of the Australian Information Commissioner.

A complaint about STH’s conduct as a registered BAS agent may also be made to the Tax Practitioners Board where relevant.

16. Third-party websites

Our website may contain links to third-party websites, platforms or services.

We are not responsible for the privacy, content or security practices of third parties. You should review their privacy information before providing personal information to them.

17. Automated processing and artificial intelligence

We may use automation or artificial intelligence-assisted tools for administrative support, document processing, communication preparation, workflow management, analytics or other internal assistance.

At the date of this policy, we do not use personal information in a wholly automated system to make decisions that could reasonably be expected to significantly affect an individual’s legal rights or interests without appropriate human oversight.

We will update this policy if our use of automated decision-making materially changes.

18. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to our services, systems, legal obligations or information-handling practices.

The current version will be published on our website with the date it was last updated. Material changes may also be communicated directly where appropriate.

19. Contacting us

Questions, access or correction requests, marketing opt-outs and privacy complaints may be directed to:

Privacy Officer
STH Bookkeeping Pty Ltd
ABN 85 660 289 921
2/5 Kelletts Road
Rowville VIC 3178

Email: admin@sthbookkeeping.com.au
Phone: (03) 5644 3003