General Data Protection Regulation Privacy Notice

When working with an accounting firm like Forvis Mazars, clients have certain rights and obligations they should be aware of. This article provides an overview of some of the key things individual and business clients of Forvis Mazars need to know.

Identity and contact details of data controller

This GDPR Notice (the Notice) applies to the collection and processing of your personal information by or on behalf of Forvis Mazars Australia and its related entities (the Forvis Mazars Group SC) if you are an individual in a country that is a member of the European Economic Area (EEA) and we offer or provide goods or services to you.

In this Notice, we, us and our means each member of the Forvis Mazars Group SC.

This Notice tells you how we collect and process your personal information (personal data and personal information are used interchangeably) and the legal basis for processing it, what we use it for and who we share it with. It also explains particular rights you have in relation to the processing of your personal information and reflects some key features of our Privacy Policy available at: https://www.forvismazars.com/au/en/legals/data-and-privacy/privacy-policy 

The member of the Forvis Mazars Group SC that you contract with is the data controller for the purposes of processing your personal information.

Contact us

Please contact us if you have any questions or comments about this Notice, our Privacy Policy and procedures, or you wish to exercise the rights you have under applicable privacy laws, which are explained further below.

We have a Privacy Officer who will also be appointed as a Data Protection Officer if we have a legal obligation to do so.  The Privacy Officer's contact details can be found at the end of this Notice.

Categories of people about whom we collect personal information

We may collect personal information about:

  • clients, business associates and potential clients and their personnel;
  • individuals in the course of acting for clients;
  • suppliers and their employees;
  • our employees, partners, contractors, former employees, former partners, former contractors or prospective employees, contractors or partners; and
  • other people who come into contact with a member of the Forvis Mazars Group SC.

Categories of personal information collected

In general, the personal information we may collect and hold includes name, date of birth, contact details (including email addresses, mailing address and phone number), occupation, company name, personal preferences, payment details, employment history, education and qualifications, testimonials and feedback, and other information which assists us in conducting our business, providing and marketing our services and meeting our legal obligations.  In some cases we may also collect and process sensitive information, such as information about political opinions or trade union membership.

Personal information collected from other sources

Sometimes we collect information about you from sources other than you. We may collect information about you that is publicly available or made available by third parties (including, but not limited to: online search tools, publicly available registers, or from our clients, suppliers and service providers and their websites).

We may do this where:

  • we cannot contact you and need to update your contact details; and
  • we need information about individuals from third parties to help us provide our services to clients.

We may use or disclose information about you in order to combine the information that we hold with information collected from or held by external sources. We do this in order to enable us to provide our services.

Purposes of data processing

In connection with our legitimate interests in carrying on our business

We may use and process your information for our legitimate interests (where we have considered these are not overridden by your rights and which you have the right to object to as explained below) in:

  • identifying opportunities to improve our service to you;
  • conducting market research to serve you better by understanding your preferences to ensure we send you appropriate promotions and campaigns;
  • assisting in arrangements with other organisations in relation to a product or service we make available to you;
  • allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing); and
  • verifying identity, preventing or investigating any fraud or crime, or any suspected fraud or crime.

Where processing is necessary for the performance of a contract

We may use and process your personal information in connection with a contract to which you are a party (for example, verification of identity checks).

Under a legal obligation

We may also use and process your personal information where we are authorised or required by applicable laws, regulations or codes that bind us, in particular as an accounting and consulting services firm.

With your consent

Where required, we will only use your personal information for the purpose for which you have given your valid or explicit consent, which we will ensure we have obtained before we process your information.

Some information you provide us in connection with your instructions to us for providing or administering a product or service we provide you, may be more sensitive and therefore falls within a special category of personal information, such as information about political opinions or trade union membership. We will collect and process this information only with your explicit consent.

For direct marketing

With your prior express consent (opt-in) we may communicate with you (through the preferred communication channel(s) you have selected, which may include by email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums) to, amongst other things, tell you about products, services, event and offers that may be of interest to you.

If you have provided your consent to receive direct marketing, you can withdraw it at any time without detriment, we will process your request as soon as practicable.

If you no longer wish to receive direct marketing communications you can email our Privacy Officer (details below).

Recipients of the personal information

We may share your information with other organisations consistent with the purposes for which we use and process your information as described above. This includes with the entities described below.

Sharing with the Forivs Mazars Group SC

We may share your personal information with other Forvis Mazars Group SC members. This could depend on the product or service you have applied for and the Forvis Mazars Group SC member you are dealing with. Where appropriate we integrate the information we hold across the Forvis Mazars Group SC to provide us with a complete understanding of you and your needs in connection with the product or services we are providing you.

Sharing at your request

At your request, we will share your personal information with your representative or any person acting on your behalf (for example, financial advisers, lawyers, settlement agents, executors, administrators, trustees, guardians, brokers or auditors).

Sharing with third parties

We may disclose your personal information to third parties outside of the Forvis Mazars Group SC. For instance:

  • to entities who assist us in providing our services (including hosting and data storage providers and debt collectors);
  • in confidence, to our advisers and insurers;
  • in confidence, to third parties to improve our services and obtain feedback; and
  • where the use or disclosure is authorised or required by or under an Australian law or court/tribunal order.

Transferring your information overseas

We may send and process your personal information to Forvis Mazars Group SC members in Australia. We may also need to share some of the information we collect about you from the EEA with organisations both inside and outside Australia, and sometimes we may need to ask you before this happens.

We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it is not always practicable to know in which country your information may be accessed or held.

If we or our service providers transfer any of your personal information we collect from you outside the EEA or onwards to a third country from Australia, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. We will do this by one of the following approaches:

  • where the country has been approved by the European Commission as having adequate protections for personal information;
  • where a valid Privacy Shield certification exists (in the case of a data transfer to a Privacy Shield certified US recipient -https://www.privacyshield.gov/welcome; or
  • by adopting appropriate EC approved standard contractual clauses (see https://ec.europa.eu/info/law/law-topic/data-protection_en); or
  • obtaining your explicit and informed consent to the proposed transfer

If you wish to know whether or not the country to which the overseas disclosure is intended to be made has been deemed adequate by the European Commission, please refer to this link:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu.

Overseas organisations may be required to disclose information we share with them under an applicable foreign law.

What happens when we no longer need your information?

We will only keep your information for as long as we require it for our purposes. We are required to keep some of your information for certain periods of time under applicable law. When we no longer require your information, we will ensure that your information is destroyed or de-identified.

In relation to the provision of financial and business advisory services, we are required to keep your information for at least 5 years and as any as 10 years or otherwise as required for our business operations or by applicable laws.

We may need to retain certain personal information after we cease providing you with products or services to enforce our terms, for fraud prevention, for audit or insurance purposes, to identify, issue or resolve legal claims and/or for proper record keeping

We may also retain a record of any stated objection by you to receiving marketing for the purpose of ensuring we can continue to respect your wishes and not contact you further.

How to access or correct your information

Subject to applicable laws, you have the right to access your personal information and to receive a copy of that information. You have the right to request the correction (rectification) of personal information if you think there is something wrong with the information we hold about you.

You can ask us to access or correct your personal information that we hold by writing to our Privacy Officer (see contact details below).

We may need to verify your identity to respond to your request. We will respond to any request within a reasonable period permitted under applicable privacy laws and will generally give access or make a correction unless an exemption applies to certain information.

We will give you access to your information in the form you want it where it’s reasonable and practical. We may charge you a small fee under certain circumstances to cover our costs when giving you access but we will always confirm this with you first.

Your personal information rights

In addition:

  • You have in certain circumstances the right to request that the personal information that we collect from you is erased without undue delay.
  • You have the right to request that further processing of your personal information is restricted in certain circumstances, including while we investigate your concerns with this information or if we are processing for direct marketing purposes (we may be legally entitled to refused that request).
  • You have in certain some circumstances, the right to request that the further processing of your information is restricted or to object to its processing and the right to data portability (to receive and have transferred the information you provided).
  • You can let us know at any time if you no longer wish to receive direct marketing offers from us. We will process your request as soon as practicable. Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately.
  • You may also withdraw your consent to the further processing of your personal information (but we may be able to continue processing without your consent if there is another legitimate reason to do so).  The withdrawal of your consent will not affect the processing of your information that you had consented to.
  • You can lodge a complaint with the relevant European data protection authority if you think that any of your rights have been infringed by us.

If we refuse any request you make in relation to your personal information rights, we will write to you to explain why and how you can make a complaint about our decision.

How do you make a privacy query or complaint?

If you have any questions about privacy-related issues or wish to complaint about a breach of your privacy or the handling of your personal information by us, please refer to our Complaints Page here or contact

Privacy Officers

Brisbane – Mark Sheridan

Level 11, 307 Queen Street
Brisbane Qld 4000

GPO Box 2268
Brisbane Qld 4001

Phone: +61 7 3218 3900

Email: mark.sheridan@mazars.com.au

Melbourne – Greg Hudswell

Level 15, 390 St Kilda Road
Melbourne Vic 3004

Phone: +61 9252 0800

Email: greg.hudswell@mazars.com.au

Sydney – Paul Collins

Level 12 Arthur Street
North Sydney NSW 2060

PO Box 1994
North Sydney NSW 2059

Phone: +61 9922 1166

Email: paul.collins@mazars.com.au

You have the right to make a complaint to the relevant data protection authority (for example in the place you reside or where you believe we breached your rights).

Need more help?

Office of the Australian Information Commissioner
Online: www.oaic.gov.au/privacy
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

Office of the UK Information Commissioner
Online: https://ico.org.uk/
Phone: 0303 123 1113
Live chat: https://ico.org.uk/global/contact-us/live-chat