The Priory Books & Tax

Privacy Policy

Effective date: 1 July 2025 · Last updated: May 2026 · Version 2.0

● thepriorybooks.com.au● Registered Tax Agent 26113206● Privacy Act 1988 (Cth) compliant
SOC 2 TYPE IIGDPR COMPLIANTPRIVACY ACT 1988END-TO-END ENCRYPTIONENTERPRISE-GRADE SECURITYXERO PARTNER
At The Priory Books & Tax, protecting your personal and financial information is not an afterthought — it is a core operational commitment. All client data is stored in SOC 2 Type II and GDPR-compliant, privacy-protected infrastructure with end-to-end enterprise-grade security. This policy explains what we collect, why, how we protect it, and your rights under Australian law.

1. Who We Are

The Priory Books & Tax is an Australian bookkeeping and tax practice operating as a registered Tax Agent (Tax Agent Registration No. 26113206) and a member of the Institute of Certified Bookkeepers (ICB). We deliver online bookkeeping, payroll, BAS lodgement and tax services to Australian businesses and individuals.

Principal: Stuart Lowry
Website: thepriorybooks.com.au
Phone: 0402 949 277
Email: stuart@thepriorybooks.com.au
Registered address: Mandurah, Western Australia, Australia

This Privacy Policy applies to all personal information collected by The Priory Books & Tax through our website, services, consultations and communications. We are bound by the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) contained in Schedule 1 of that Act. As a registered tax agent we are also subject to the Tax Agent Services Act 2009 (Cth).

2. Information We Collect

2.1 Personal information

We may collect the following categories of personal information:

  • Full name, date of birth and contact details (phone, email, postal address)
  • Tax File Number (TFN) and Australian Business Number (ABN)
  • Business name, structure and registration details
  • Financial records including income, expenses, invoices, bank statements and payroll data
  • Employment and payroll records (for payroll clients)
  • Superannuation fund details
  • Government-issued identity documents where required for verification
  • Login credentials for cloud accounting platforms (provided via secure, access-controlled channels only)

2.2 Website information

When you visit thepriorybooks.com.au, we may automatically collect:

  • IP address and device/browser type
  • Pages visited, time on site and referring URLs
  • Cookie data (see Section 11)
  • Information submitted via contact forms, consultation booking forms or lead generation forms

2.3 Sensitive information

As a tax and financial services practice, some of the information we handle may constitute sensitive information under the Privacy Act (for example, information about financial hardship or health circumstances relevant to tax deductions). We only collect sensitive information where it is directly relevant to the service being provided, with your explicit consent, and handle it with the highest standard of care.

3. How We Collect Information

We collect personal information directly from you through:

  • Consultation bookings and discovery calls
  • Onboarding forms and engagement letters
  • Secure document upload portals
  • Email and phone communications
  • Cloud accounting platforms (Xero, MYOB, QuickBooks) where you have granted us access
  • Website contact and lead generation forms
  • ATO Online Services for Agents (used only for authorised lodgement purposes)

We do not collect personal information without your knowledge or consent, except where permitted or required by law (for example, where the ATO provides information to us in our capacity as your registered tax agent).

4. Why We Collect and Use Your Information

We collect and use your personal information for the following purposes:

  • Provision of services — to deliver bookkeeping, payroll, BAS, tax return preparation and advisory services
  • ATO lodgements — to prepare and lodge tax returns, BAS, IAS, STP and other statutory filings with the ATO on your behalf
  • Identity verification — to verify your identity as required under anti-money laundering and tax agent obligations
  • Communication — to respond to enquiries, send appointment reminders, provide service updates and notify you of deadlines
  • Billing and administration — to process invoices, payments and maintain engagement records
  • Compliance — to meet our legal, regulatory and professional obligations as a registered tax agent and ICB member
  • Service improvement — to analyse how our services are used and improve client experience (using de-identified or aggregated data only)
  • Marketing — with your consent, to send information about relevant services, tax deadlines and offers (you may opt out at any time)

We do not use your personal information for any purpose not listed above without your prior consent, except where required by law.

5. How We Store and Protect Your Information

Enterprise-Grade Security Commitment

All client information held by The Priory Books & Tax is stored within infrastructure certified to the highest internationally recognised security and privacy standards. We apply enterprise-grade controls across every system that touches client data — the same frameworks used by large financial institutions, applied to every engagement regardless of size.

  • All data is encrypted in transit using TLS 1.2 or higher
  • All data is encrypted at rest using AES-256 encryption
  • Multi-factor authentication (MFA) is enforced on all systems
  • Role-based access controls limit data access to authorised personnel only
  • Internal controls and segregation of duties are applied to all client accounts
  • Regular security reviews and access audits are conducted
  • Incident response procedures are in place for any suspected data breach

5.1 Platform security

The primary platforms used to store and process client financial data — including Xero, MYOB and QuickBooks — each maintain their own industry-leading security certifications, including SOC 2 Type II. Links to their respective privacy policies and security documentation are available on their websites.

5.2 Staff access controls

Access to client data is restricted to authorised team members on a need-to-know basis. All staff and contractors are bound by confidentiality obligations. Access rights are reviewed regularly and revoked immediately upon changes in employment status.

6. Sharing Your Information

We do not sell, rent or trade your personal information to any third party. We only share your information in the following circumstances:

  • The ATO and other government agencies — as required to lodge tax returns, BAS statements and other statutory filings on your behalf as your authorised tax agent
  • Cloud accounting platforms — Xero, MYOB or QuickBooks as required to perform bookkeeping services. These platforms maintain their own privacy and security standards
  • Payroll and superannuation systems — where required to process payroll and remit superannuation contributions
  • Professional referral partners — only with your express consent, for example referring you to a lawyer or financial planner where your needs extend beyond our scope of services
  • Legal requirement — where we are required to disclose information by law, court order, or to comply with a request from a law enforcement agency or regulatory authority

When we share information with third-party platforms and service providers, we take reasonable steps to ensure those parties maintain appropriate privacy and security standards.

6.1 Overseas disclosure

Some of the platforms we use (including Xero, which is headquartered in New Zealand with data hosted in Australia and internationally) may store data on servers located outside Australia. Where data is transferred or stored overseas, we take reasonable steps to ensure it receives protections comparable to those under the Australian Privacy Principles. By engaging our services, you consent to such transfers where necessary for the provision of your requested services.

7. Your Privacy Rights

Under the Privacy Act 1988 and applicable privacy law, you have the following rights in relation to your personal information:

Right of Access
Request a copy of the personal information we hold about you.
Right to Correction
Request correction of inaccurate, incomplete or out-of-date information.
Right to Erasure
Request deletion of your information, subject to our legal retention obligations.
Right to Object
Object to the use of your information for direct marketing at any time.
Right to Portability
Request your data in a portable format where technically feasible.
Right to Complain
Lodge a complaint with us or with the OAIC if you believe your privacy rights have been breached.

To exercise any of these rights, contact us at stuart@thepriorybooks.com.au. We will respond within 30 days.

8. Data Retention

We retain personal information for as long as necessary to provide our services and comply with legal obligations. Specific retention periods include:

  • Tax records — minimum 5 years from the date of lodgement, as required by the ATO and Tax Agent Services Act 2009
  • Business financial records — minimum 5–7 years depending on the record type and applicable legislation
  • Payroll records — minimum 7 years under the Fair Work Act 2009
  • Client engagement records — for the duration of the engagement plus 7 years
  • Marketing contact information — until you opt out or request removal

When information is no longer required, it is securely deleted or de-identified in accordance with our data destruction procedures.

9. Tax File Numbers (TFN)

The collection, storage and use of Tax File Numbers is governed by the Privacy Act 1988 (Cth) and the Tax File Number Guidelines. We collect TFNs solely for the purpose of providing registered tax agent services and lodging returns with the ATO on your behalf. We do not disclose TFNs to any third party except the ATO as required for lodgement purposes. TFNs are stored in encrypted, access-controlled systems at all times.

10. Direct Marketing

With your consent, we may use your contact information to send you information about our services, tax deadline reminders, relevant offers and educational content. You may opt out of marketing communications at any time by:

Opting out of marketing communications will not affect the delivery of service-related communications, which are necessary for the provision of your engaged services.

11. Cookies and Website Tracking

Our website uses cookies and similar technologies to improve user experience, analyse website traffic and support our marketing activities. Cookies we use include:

  • Essential cookies — required for core website functionality (cannot be disabled)
  • Analytics cookies — used to understand how visitors use our website (e.g. Google Analytics). Data is aggregated and anonymised.
  • Marketing cookies — used to deliver relevant advertising on third-party platforms including Meta (Facebook) and Google, where you have consented

You may control or disable non-essential cookies through your browser settings or a cookie consent tool. Disabling analytics or marketing cookies will not affect your ability to use our services.

12. Children's Privacy

Our services are directed at adults and business operators. We do not knowingly collect personal information from individuals under the age of 18 without verifiable parental or guardian consent. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete that information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements or for other operational reasons. When we make material changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Notify existing clients by email where the change materially affects how we handle their data
  • Post the updated policy on our website at thepriorybooks.com.au

Your continued use of our services after a policy update constitutes acceptance of the revised terms.

14. Complaints

If you have a concern or complaint about how we have handled your personal information, please contact us in the first instance:

The Priory Books & Tax — Privacy Enquiries

Email: stuart@thepriorybooks.com.au

Phone: 0402 949 277

Website: thepriorybooks.com.au

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Post: GPO Box 5218, Sydney NSW 2001

15. Contact Us

The Priory Books & Tax

Principal: Stuart Lowry

Registered Tax Agent No. 26113206

Member — Institute of Certified Bookkeepers (ICB)

Xero Partner

Phone: 0402 949 277
Email: stuart@thepriorybooks.com.au
Website: thepriorybooks.com.au

Note: This Privacy Policy was last reviewed in May 2026. The Priory Books & Tax recommends that all clients read this policy in full. This policy does not constitute legal advice. If you require specific legal advice regarding data protection or privacy law, please consult a qualified legal practitioner. The term "GDPR" refers to the EU General Data Protection Regulation (Regulation (EU) 2016/679). The Priory voluntarily adheres to GDPR principles as a mark of international best practice, regardless of whether the GDPR applies as a matter of strict legal obligation.