Commitment to Privacy, Quality & Security

​

We are committed to safeguarding personal information in line with:

• Australian Privacy Principles under the Privacy Act 1988

• ASQM1 quality objectives for information, communication and resources

• ISO 9001 requirements for documented information and continual improvement

• Australian Cyber Security Centre (ACSC) guidance, including the Essential Eight

​

Our approach ensures that privacy, security, and data integrity are embedded into our operational culture, aligning with our Quality Management System (QMS) and audit obligations.

Information We Collect

​

We may collect the following categories of information:

• Personal identification – name, date of birth, contact details

• Government identifiers – tax file number, driver’s licence, passport

• Employment records – current and historical

• Financial details – bank accounts, shareholdings, loans, assets, liabilities, superannuation, insurance, credit reports

• Client-provided documents – for SMSF, tax, or audit purposes

• Digital interactions – website forms, client portal usage, cookies, IP addresses

• Survey or feedback responses

​

Sensitive information will only be collected with consent or as otherwise permitted by law.

Collection & Use of Information

​

We collect information via:

• In-person or virtual meetings and telephone discussions

• Client questionnaires and onboarding forms

• Secure client portals and encrypted email exchanges

• Liaison with authorised third parties such as the ATO or ASIC

• Publicly available sources relevant to our engagement

• Website tracking tools (cookies) to enhance user experience and security

​

Information is used strictly for:

• Providing SMSF audit and related professional services

• Meeting compliance obligations with regulatory bodies

• Managing client relationships and service improvements

• Internal quality reviews, in line with ASQM1 and ISO 9001

Disclosure of Information

​

We may disclose personal information to:

• Australian Government agencies (ATO, ASIC, OAIC) for compliance or audit purposes

• Professional associations (e.g. SMSF Association) when required

• Trusted third-party service providers under binding confidentiality and security agreements

• Parties authorised by you in writing

• Courts, tribunals, or regulators in accordance with legal requirements

​

Sensitive information will only be disclosed for the primary purpose it was collected or where otherwise permitted by law.

Data Security & Cyber Protection

​

We implement layered security measures in line with Australian Cyber Security Centre best practice and Essential Eight mitigation strategies, including:

• Multi-factor authentication for all critical systems

• Encryption of sensitive data in transit and at rest

• Access controls and role-based permissions under ASQM1 resource management principles

• Secure offsite backups and disaster recovery planning

• Continuous monitoring for unauthorised access attempts

• Employee training on cyber risk awareness and phishing prevention

​

In accordance with ISO 9001 Clause 7.5 and ASQM1, all documented information is stored in secure systems with version control, retention policies, and regular integrity checks.

Notifiable Data Breaches

​

If a data breach is likely to cause serious harm, we will:

1. Immediately activate our Data Breach Response Plan

2. Contain and assess the breach within 30 days

3. Notify the Office of the Australian Information Commissioner (OAIC) and affected individuals, as required under the Privacy Act

4. Document remedial actions for QMS continuous improvement

Access, Updates & Corrections

​

You may request access to, or correction of, personal information by contacting us in writing. We will respond within a reasonable period, usually within four weeks. Proof of identity will be required prior to release of information.

Complaints & Inquiries

​

Complaints regarding privacy or data security can be made in writing to:

Security & Privacy Officer
Dinesh Nanayakkara – Director of Strategic Partnerships
Email: office@dsauditservices.com
Phone: 1300 372 669
Mail: PO BOX 173, Endeavour Hills, VIC 3802
In Person: Suite 212, 148 Logis Boulevard, Dandenong South, VIC 3175

​

If you are not satisfied with our response, you may contact the OAIC via www.oaic.gov.au.

Policy Review

​

This Policy will be reviewed annually in line with:

• ISO 9001 Clause 9.3 Management Review

• ASQM1 monitoring and remediation requirements

• Changes to Australian privacy and cyber security legislation

​

Effective Date: 1 July 2025