Effective Date: 1 November 2025 | Last Updated: 4 November 2025
SimplyBooks Pty Ltd ABN 35 688 753 577 is committed to protecting your privacy and handling your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal information.
1. About This Privacy Policy
1.1 Application: This Privacy Policy applies to all personal information collected by SimplyBooks in the course of providing bookkeeping, accounting, payroll, BAS/IAS preparation, CFO services, and related professional services to Australian businesses.
1.2 Related Documents: This Privacy Policy should be read in conjunction with our Terms and Conditions and Service Agreements. Where there is an inconsistency, the Terms and Conditions prevail to the extent of that inconsistency.
1.3 Changes to This Policy: We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be notified to you via email or prominently on our website at least 30 days before they take effect.
2. What Personal Information We Collect
2.1 Types of Information: Depending on the services we provide to you, we may collect the following categories of personal information:
| Category | Examples |
|---|---|
| Identity Information | Name, date of birth, gender, driver's licence, passport details |
| Contact Information | Email address, phone number, residential and postal addresses |
| Financial Information | Bank account details, credit card information, payment history, invoice details, financial statements, transaction records |
| Employment Information | Position, salary, superannuation details, tax file number (TFN), employment history, leave records, performance data |
| Tax Information | ABN, ACN, TFN, tax residency status, BAS/IAS records, PAYG withholding information |
| Business Information | Company details, directorship information, shareholder data, business structure, trading history |
| Technical Information | IP address, browser type, device information, usage data, cookies (if using our website) |
2.2 Sensitive Information: We only collect sensitive information (such as health information for payroll purposes or membership of a professional association) where it is reasonably necessary for our functions and you have consented, or we are required or authorized by law to collect it.
3. How We Collect Personal Information
3.1 Direct Collection: We collect most personal information directly from you when you:
- Engage our services and provide information in service agreements, onboarding forms, or proposals
- Provide source documents (invoices, receipts, bank statements, employment records, etc.)
- Communicate with us via email, phone, video conference, or in person
- Grant us access to your accounting software, payroll systems, or bank feeds
- Complete forms on our website or through client portals
- Subscribe to our newsletter or request information
3.2 Third Party Collection: We may collect personal information from third parties including:
- Your accountant, tax agent, or other professional advisors (with your consent)
- Government agencies (e.g., ATO, ASIC, Fair Work) where necessary for our services
- Banks and financial institutions (via authorized bank feeds or statements you provide)
- Your employees or contractors (for payroll processing)
- Publicly available sources (e.g., ABN Lookup, ASIC register)
3.3 Automatic Collection: When you visit our website, we may automatically collect technical information using cookies, web beacons, and similar technologies. You can control cookie settings through your browser.
4. Why We Collect Personal Information
4.1 Primary Purposes: We collect and use personal information for the following purposes:
- Service Delivery: To provide bookkeeping, accounting, payroll, BAS/IAS, CFO services, and other professional services as agreed
- Compliance: To comply with legal obligations including taxation law, superannuation law, Fair Work requirements, anti-money laundering obligations, and record-keeping requirements
- Communication: To respond to inquiries, provide updates, send invoices, and communicate about your services
- Relationship Management: To manage our business relationship with you, process payments, and maintain accurate records
- Quality Assurance: To review and improve the quality of our services
4.2 Secondary Purposes: With your consent or where permitted by law, we may use personal information for:
- Marketing our services, sending newsletters, or providing information about new offerings
- Conducting surveys or seeking feedback
- Improving our website, systems, and business processes
- De-identified data analysis and research
4.3 Direct Marketing: You may opt out of receiving marketing communications at any time by clicking the "unsubscribe" link in emails or contacting us at info@simplybooks.au.
5. How We Disclose Personal Information
5.1 Disclosure to Third Parties: We may disclose your personal information to:
| Recipient | Purpose |
|---|---|
| Offshore Team Members | Our offshore delivery teams in Sri Lanka who assist in providing bookkeeping, data processing, and related services under strict confidentiality and security protocols |
| Cloud Service Providers | Accounting software providers (Xero, MYOB, QuickBooks), file storage (SharePoint, Dropbox), communication platforms (Microsoft Teams, Zoom), and CRM systems |
| Professional Advisors | Registered tax agents, accountants, lawyers, and other advisors engaged in connection with your services (with your consent) |
| Government Agencies | ATO (for BAS/IAS, PAYG, STP), Fair Work Ombudsman, ASIC, and other regulatory bodies as required by law |
| Financial Institutions | Banks and payment processors for payment processing and bank reconciliation |
| IT Service Providers | Website hosting, email services, cybersecurity providers, and IT support |
| Auditors & Insurers | Our auditors and professional indemnity insurers as required |
5.2 Legal Requirements: We may disclose personal information where required or authorized by law, including:
- In response to subpoenas, court orders, or other legal processes
- To comply with taxation, superannuation, or other statutory obligations
- To protect our legal rights or defend against legal claims
- To prevent fraud, illegal activity, or threats to safety
5.3 Business Transfers: If SimplyBooks is involved in a merger, acquisition, sale of assets, or other business restructuring, personal information may be transferred to the acquiring entity, subject to the same privacy protections.
6. Overseas Disclosure
6.1 Sri Lanka Operations: We disclose personal information to our offshore delivery teams located in Sri Lanka. By engaging our services, you expressly consent to this overseas disclosure.
6.2 Cloud Services: Some of our cloud service providers may store or process data on servers located overseas (including USA, Ireland, Singapore, and other jurisdictions). We select providers who comply with privacy standards equivalent to the APPs.
6.3 Your Consent: You acknowledge that:
- Overseas recipients may not be subject to the Privacy Act 1988 (Cth) or APPs
- We take reasonable steps to ensure overseas recipients handle personal information in accordance with the APPs
- You consent to overseas disclosure on the basis that we may not be able to take steps to ensure compliance and you may not be able to seek redress under the Privacy Act
7. How We Store and Protect Personal Information
7.1 Security Measures: We implement robust physical, technical, and administrative safeguards including:
- Encryption: 256-bit encryption for data in transit (TLS/SSL) and at rest
- Access Controls: Multi-factor authentication (MFA), role-based access, principle of least privilege
- Network Security: Secure VPN connections, firewalls, intrusion detection systems
- Physical Security: Secure office premises with access controls and surveillance
- Personnel: Confidentiality agreements, background checks, regular security training
- Monitoring: Regular security audits, vulnerability assessments, penetration testing
- Standards: ISO 27001-aligned information security management practices
7.2 Data Retention: We retain personal information for as long as:
- Required to provide services to you
- Required by law (e.g., 7 years for financial records under taxation law)
- Necessary for legal, regulatory, or internal business purposes
After the retention period, we securely destroy or de-identify personal information.
7.3 Data Breach Response: In the event of a data breach that is likely to result in serious harm, we will:
- Notify affected individuals within 72 hours
- Notify the Office of the Australian Information Commissioner (OAIC) as required
- Provide details of the breach, potential consequences, and steps being taken
- Implement remediation measures to prevent recurrence
8. Your Rights and Choices
8.1 Access: You have the right to request access to the personal information we hold about you. We will provide access within 30 days unless an exception applies (e.g., legal privilege, law enforcement, security risk).
8.2 Correction: You have the right to request correction of inaccurate, incomplete, or out-of-date personal information. We will take reasonable steps to correct the information within 30 days.
8.3 How to Request Access or Correction: Submit a request to:
- Email: info@simplybooks.au
- Subject line: "Privacy Access Request" or "Privacy Correction Request"
- Include: Your name, contact details, description of the information, and verification of identity
We may charge a reasonable fee for providing access (but not for making a request or correcting information).
8.4 Marketing Opt-Out: You may opt out of marketing communications at any time by:
- Clicking "unsubscribe" in marketing emails
- Emailing info@simplybooks.au with subject "Unsubscribe"
- Calling +61 451 845 206
Note: Opting out of marketing does not affect service-related communications (invoices, service updates, etc.).
8.5 Anonymity and Pseudonymity: Where practicable, we will allow you to deal with us anonymously or using a pseudonym. However, this is generally not possible for our services as we require personal information to comply with legal obligations and provide bookkeeping/accounting services.
9. Cookies and Website Tracking
9.1 Use of Cookies: Our website uses cookies and similar technologies to:
- Ensure website functionality and improve user experience
- Analyze website traffic and usage patterns (Google Analytics)
- Remember your preferences and settings
- Enable marketing and retargeting (if you consent)
9.2 Cookie Management: You can control cookies through your browser settings. Blocking cookies may affect website functionality.
9.3 Third Party Links: Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites. We recommend reviewing their privacy policies.
10. Complaints and Disputes
10.1 How to Complain: If you believe we have breached the APPs or handled your personal information inappropriately, you may lodge a complaint:
- Email: info@simplybooks.au (Subject: "Privacy Complaint")
- Mail: Privacy Officer, SimplyBooks Pty Ltd, Unit 1 / 27 Dilke Road, Padstow Heights NSW 2211
- Phone: +61 451 845 206
Include: Your contact details, description of the issue, and desired resolution.
10.2 Our Response: We will:
- Acknowledge your complaint within 7 days
- Investigate and respond within 30 days
- Provide reasons for our decision and any corrective action taken
10.3 External Complaints: If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Email: enquiries@oaic.gov.au
- Mail: GPO Box 5218, Sydney NSW 2001
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:
SimplyBooks Pty Ltd
ABN: 35 688 753 577
Privacy Officer
Address: Unit 1 / 27 Dilke Road, Padstow Heights NSW 2211, Australia
Email: info@simplybooks.au
Phone: +61 451 845 206
12. Definitions
Personal Information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not and whether recorded in material form or not.
Sensitive Information: A subset of personal information including health information, racial or ethnic origin, political opinions, religious beliefs, sexual orientation, criminal record, biometric information, and membership of professional associations.
Australian Privacy Principles (APPs): The 13 privacy principles contained in Schedule 1 of the Privacy Act 1988 (Cth) that regulate the collection, use, disclosure, and handling of personal information.
ACKNOWLEDGMENT: By engaging SimplyBooks' services or providing personal information to us, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, disclosure, and overseas transfer of your personal information as described in this policy.