Privacy policy
Your privacy is our priority
This Policy was last updated in June 2026.
PKF Australia Limited (ACN 160 366 209) (we / us / PKF Australia), and its subsidiaries and affiliates (collectively referred to as PKF) acknowledge the importance of your privacy and are committed to protecting any personal information we collect about you by adhering to the Australian Privacy Principles (APP's) and the requirements of the Privacy Act 1988 (Cth) (the Act), the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act) and the Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 (Cth) (AML/CTF Rules). This Policy sets out PKF Australia’s approach to gathering personal information, and our approach to the use and dissemination of such information. We undertake to treat all client and other personal information in our possession in accordance with the requirements of the Act. This Policy does not apply to employee records, which are dealt with separately.
Application of Member Firm Requirements
This Policy establishes the minimum requirements and expectations applicable across the Network. Member Firms may implement policies, procedures, controls, or requirements that are more restrictive, comprehensive, or stringent than those contained in this Policy where considered necessary to meet local regulatory requirements, professional obligations, risk management objectives, or firm-specific circumstances.
Where a Member Firm adopts a requirement that exceeds the standards set out in this Policy, compliance with the more stringent requirement will not be considered a breach of, or deviation from, this Policy, provided that the objectives and minimum requirements of this Policy continue to be met.
In the event of any inconsistency between this Policy and a Member Firm policy, the higher or more stringent requirement shall apply, unless doing so would conflict with applicable laws, regulations, or professional standards.
About PKF Global
PKF is a global network of advisory and accountancy firms with over 220 members operating under the PKF brand in 150 countries across five regions.
About PKF Australia
In Australia, PKF has 15 offices and 800 staff located in Adelaide, Brisbane, Canberra, Darwin, Gold Coast, Melbourne, Newcastle, Rockhampton, Sydney, Townsville, Perth, Port Stephens, Tamworth, Upper Hunter, and Walcha. These offices are independently owned and operated.
PKF Australia is the central Australian body. It does not service clients directly but is responsible for ensuring brand compliance and facilitating the membership contracts of the individual offices with PKF Global. PKF Australia also owns and operates the website at www.pkf.com.au (website) and a customer relationship management (CRM) platform used by all the Australian offices.
Collection of personal information
By "personal information" we mean information or an opinion about an identified individual, or about an individual reasonably identifiable from the information.
There is a subset of “personal information” called “sensitive information”, which is afforded a higher degree of protection under the Act. This includes, for example, an individual’s health information, racial or ethnic origins, or religion.
PKF Australia collects and holds a range of personal information about its employees, job applicants, contractors we engage and each of the Australian offices. As the central PKF body in Australia, we also collect and hold personal information regarding the clients, potential clients and contacts within our communities of each of the Australian offices.
We collect this personal information so we can deliver the best possible services to our clients and offices, and to comply with our legal obligations.
Compliance with Anti-Money Laundering and Counter-Terrorism Financing Laws
PKF Australia may collect, use, verify and disclose personal information to comply with the AML/CTF Act and AML/CTF Rules. These obligations apply where PKF Australian offices provide ‘designated services.’ This may include customer due diligence (CDD), ongoing monitoring, and reporting obligations.
The personal information we collect and hold
Job applicants and contractors
We may collect and hold certain personal information about applicants for employment with us and contractors wishing to supply products and/or services to us as well as their employees. The information we collect may include your name, contact details, qualifications and work history. Generally, we will collect this information directly from you.
We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated). Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.
Clients, potential clients and community contacts
We collect a range of personal information about clients and potential clients of our Australian offices.
The kinds of personal information we may collect include your name and birth date; government identifiers such as tax file numbers and director identification numbers; information to meet our obligations under the AML/CTF Act such as identification documents such as passports or driver's licence, governance documents such as constitution or trust deeds, beneficial ownership information, information about the nature and purpose of business relationships, information relevant to assessing your money-laundering and terrorism financing risk, information related to whether you, your family members or associates are politically exposed person under the AML/CTF Act; your contact information, including postal and residential addresses, telephone numbers, and email addresses; details of prior enquiries you have made and our communications with you or work we have performed for you, which may include your financial information, and where relevant your ABN or registered business names.
We collect personal information directly from you, such as when you meet with us, provide your information by document, telephone or facsimile, by forwarding us an email, or by submitting personal information by using our website.
In some cases, personal information may be provided by an entity/person or third party individual authorised by you to do so, such as one of our Australian offices, or your employer or a corporate or business entity with which you are involved either as a principal, member or beneficiary, for the purpose of providing services to or on your behalf. We may collect information from a client or a third party where it is unreasonable or impracticable to collect it from the individual, such as your employer or other organisations with which you have contact or dealing. We may also collect information from publicly available resources.
We will only collect personal information reasonably necessary for our services, functions and activities, including our AML/CTF obligations.
Australian offices
We may collect and hold certain personal information about the directors, officers, employees, contractors and agents of our Australian offices. The kinds of personal information we may collect include your name and birth date; your contact information, including postal and residential addresses, telephone numbers, and email addresses; your specialisation, capabilities and job title.
We collect personal information directly from you, such as when you meet with us, provide your information by document, telephone, by forwarding us an email, or by submitting personal information by using our website.
In some cases, personal information may also be provided by the Australian office on your behalf.
Our purpose for collecting personal information
We collect your personal information in order to conduct our business, to comply with relevant law such as our obligations under the AML/CTF Act, to provide and market our services to you, including purposes necessary or incidental to the provision of services to you by us or one of our Australian offices, or any purposes that you may reasonably expect, for any other purpose authorised by law or required to comply with our legal obligations, or for any other purposes disclosed to or authorised by you. This may include disclosure to organisations that provide us with and support services, and professional advice. The collection will be fair, lawful and not intrusive. The nature of this information will vary according to your relationship with PKF Australia.
Sensitive information
During the course of business, PKF Australia may at times be required to collect sensitive information about individuals. Collection of any sensitive information will be done in accordance with the Act and AML/CTF obligations permitted by the law. We will not collect sensitive information unless you have consented, it is required by law, or in other special specified circumstances, for example, relating to health services provision and individual or public health or safety.
Use and disclosure of personal information
We will hold your personal information for as long as is required to fulfill the purposes for which it was collected or as required by law. We will take reasonable steps to destroy or de-identify any personal information about you once the information is no longer required for the purposes for which it was collected or as authorised or required by law.
We will only use or disclose personal information for the purpose it was collected or as required by the AML/CTF Law and Rules, unless you have consented, or you would reasonably expect such use or disclosure, or the use is for direct marketing as outlined below. Where personal information is required to be disclosed under the AML/CTF Act, we may do so without your consent. PKF Australia offices may be restricted from notifying individuals about certain disclosures where doing so would contravene ‘tipping off’ provisions in the AML/CTF Act.
PKF Australia may use automated systems or third-party tools to verify client identity, screen clients, monitor transactions and assess money laundering and terrorism financing risks.
PKF Australia makes use of Artificial Intelligence (AI) and may use AI to make substantially automated decisions affecting individuals.
Job applicants and contractors
We may disclose personal information about job applicants and contractors to our Australian offices, professional advisors such as lawyers, auditors and recruiters, and government agencies , where this is necessary to assess their suitability to perform the duties required and deliver services to our clients or to meet our obligations under relevant laws.
Clients, potential clients and community contacts
Personal information collected about our clients, potential clients and community contacts of our Australian offices may be disclosed to:
- our Australian offices to facilitate marketing and the provision of services;
- our agents and contractors (e.g., to enable them to perform services under contract with us which may directly or indirectly benefit the client from whom the information was collected);
- marketing providers to facilitate our marketing of our services to current and prospective clients;
- government agencies where this is necessary for us to transact matters on behalf of our clients and/or comply with our legal obligations to notify the government and police of certain matters;
- our professional advisers, such as lawyers or auditors; and
- related organisations.
If you contact us because you are interested in engaging one of PKF’s Australian offices to provide services to you, we may pass on your contact details so that the appropriate office can get in contact with you directly. One of PKF’s Australian offices might also contact us on your behalf to identify the best office to assist you.
PKF also operates a central customer relationship management platform which is accessible by all the Australian offices. Basic details of all clients and potential clients will be uploaded to this platform and shared with the Australian offices for service and marketing purposes. The types of personal information uploaded to the system will be limited to key details such as your name, contact details, the nature of your inquiry, details of the services that have been provided to you, events you have attended and a history of our communications with you. The platform will not contain your confidential records, such as financial records or tax file numbers.
Australian offices
Personal information about the directors, officers, employees, contractors and agents of our Australian offices may be disclosed to:
- our other Australian offices to facilitate cooperation and the provision of services;
- our agents and contractors (e.g., to enable them to perform services under contract with us which may directly or indirectly benefit the Australian office from whom the information was collected);
- our professional advisers, such as lawyers or auditors; and
- related organisations.
We will provide personal information to third parties where we are required to by law, where it is reasonable for us to do as part of providing services to you, where our advisors request it or where you have expressly asked us to do so.
We will never sell your personal information.
Direct marketing
PKF Australia may use or disclose your personal information for the purpose of informing you about PKF services, upcoming promotions and events, or other opportunities that may interest you. You might receive communications directly from us or our marketing agency, or from one of the Australian offices. If you do not want to receive direct marketing communications, you can opt-out at any time by contacting us using the contact details below and we will notify all the Australian offices. There will also be a simple “unsubscribe” (opt out) method in the direct marketing material itself.
If you opt-out of receiving marketing material from us, the office you have been dealing with may still contact you in relation to its ongoing relationship with you.
We will not use personal information collected for the purposes of complying with our AML/CTF Act obligations for direct marketing.
Sale or merger of PKF Australia
Personal information about individuals we have collected, and hold may be disclosed to third parties on a strictly confidential basis in the event we offer to sell and/or sell our business and/or assets, at or before the time of a merger, acquisition or sale.
Website collection of personal information
We may record your IP address and details of your access to our sites, we may place cookies on your computer to enable your web browser to search and find us efficiently. We use cookies to monitor the traffic to the various pages on our website, for statistical and website improvement purposes only. This information is anonymous and will not enable you to be identified. You are able to disable cookies and applets via your computers web browser however this may restrict access to some webpages and services within our website.
However, if you submit your personal information to us via our website, for example, if you submit a query, request to be added to a newsletter mailing list, or subscribe for an event or program, then we may record your details in our customer relationship management system so that PKF Australia or one of our offices can respond to your query or inform you about PKF services, upcoming promotions and events, or other opportunities that may interest you.
There will always be a simple means by which you can opt out of receiving marketing communications, whether that is by clicking the “opt out” option on the website or in the marketing material itself, or by contacting us using the contact details below. We will notify all the Australian offices of your request.
Data security of personal information
We have taken reasonable steps to protect the personal information we hold from misuse and loss and from unauthorised access, modification or disclosure. Staff are required to sign a confidentiality clause as a part of their contracts of employment. They are also required to adhere to and comply with our Privacy Policy. There are a range of physical and electronic procedures to ensure that privacy is safeguarded. However, the internet is not secure, and we cannot guarantee the security of any information sent to us via the internet. Sometimes breaches of personal information occur, which can range from non-threatening to serious. When a data breach is considered serious it is likely to cause harm to the individual that the personal information is about. This is called an eligible data breach. If a circumstance arises that is considered an eligible data breach, we will notify the individual and the Office of the Australian Information Commissioner. In this notification we will make recommendations to the individual on the steps they should take in order to protect themselves in relation to the breach of information. We may not notify you of a data breach if, and to the extent, doing so would breach a secrecy provision contained in the AML/CTF Act. We have also appointed a Privacy Officer who is responsible for the application of PKF Australia's Privacy Policy to ensure that the practices, procedures and systems adopted by PKF Australia are applied in an open and transparent manner.
We do not retain copies of identification documents such as driver’s licences or passports, for the purpose of meeting our record keeping obligations under the AML/CTF Act. We record the details of identity documents in order to meet our record keeping obligations under the AML/CTF Act. We may retain copies of identification documents where it is for the purpose of providing our professional services or complying with our legal obligations.
As part of our information security, quality assurance and system management processes, we may engage internal personnel or third-party specialists to perform IT reviews, security assessments, vulnerability assessments and penetration testing. In conducting these activities, authorised personnel may have incidental access to personal or confidential information stored within our systems. Any such access is strictly limited to what is necessary to perform the review and is subject to appropriate confidentiality, security and privacy obligations.
Accessing and correcting your personal information
It is important that the information we hold about you is accurate. Except in certain situations, you have the right to access your personal information and ask us to correct it. We will take reasonable steps to update or correct, as soon as possible, any information in our possession that is inaccurate, incomplete, out-of-date, irrelevant or misleading. We may update or amend customer due diligence information we collect about you on an ongoing basis as required by the AML/CTF Act.
We may refuse to grant you access where this is allowed or required by law, for example, where this would have a negative impact on someone else’s privacy or it would contravene a “tipping-off” provision under the AML/CTF Act. If we do refuse to grant access, we will give you written reasons.
If you would like to access your personal information, please contact us via the contact form below or by contacting:
Steve Meyn, Privacy Officer, PKF Australia
755 Hunter Street, Newcastle West, NSW 2302
+61 2 4962 2688
[email protected]
We may charge you a small fee for accessing your personal information, as permitted by law.
Complaints
You have the right to complain if you believe we have breached this Policy or your rights under the Act. Should you have any complaints about our treatment of your personal information please contact us via the contact form below or by contacting:
Steve Meyn, Privacy Officer, PKF Australia
755 Hunter Street, Newcastle West, NSW 2302
+61 2 4962 2688
[email protected]
We will treat any complaint about a breach of privacy legislation or any relevant registered code seriously and will investigate any breach of which we become aware - including how it occurred and how best to prevent such a breach occurring again.
We will promptly acknowledge receipt of your complaint, and we will endeavour to deal with your complaint and to provide you with a response within a reasonable time period following receipt of your complaint (generally within 30 days of receipt). Where a complaint requires a more detailed investigation, it may take longer to resolve. If this is the case, then we will provide you with progress reports.
We reserve the right to verify the identity of the person making the complaint and to seek (where appropriate) further information from the complainant in connection with the complaint.
Where required by law, we will provide our determination on your complaint to you in writing.
Please note that we may refuse to investigate or to otherwise deal with a complaint if we consider the complaint to be vexatious or frivolous.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner:
Further information can be found at https://www.oaic.gov.au/privacy/privacy-complaints/lodge-a-privacy-complaint-with-us.
Commonwealth Government identifiers
We will not use Commonwealth government identifiers (Identifiers) as an identifier of individuals. Identifiers will only be used or disclosed in the circumstances permitted by the Act.
Anonymity
In many cases, you will need to provide your real name when interacting with us. You may however - wherever lawful and practicable – use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about any of our services, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with this information, we may not be able to fully provide you with our services or respond adequately to you. For clarification on when you must identify yourself, please contact our Privacy Officer. You may use a pseudonym – or simply not identify yourself – when making such an enquiry.
Transborder data flows
There may be occasions when personal information is transferred outside of Australia within our global network. Generally, this will occur in the provision of services to you and the transfer of this information outside of Australia will have been disclosed to, and authorised by, you as part of the terms of our engagement. When transferring personal information outside Australia within our global network, we will comply with the requirements of the Act that relate to transborder data flows. Unless we have your consent, or an exception under the Act applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to your personal information.
From time to time, we will engage IT service providers to assist us to collect, store and manage your personal information. For example, we may upload personal information to cloud-based data management systems. Some of those IT service providers may be located outside Australia but we will take reasonable steps to ensure they comply with the Australian Privacy Principles or are otherwise subject to a law that has the effect of protecting your personal information in a way that is substantially similar to the way the APPs protect the information, and that you can access mechanisms to enforce the protection of that law.
Updating privacy policy
We will review our Privacy Policy from time to time to ensure that it is in line with best practice and remains current with any legislative requirements. Any changes to our Privacy Policy will be incorporated into a new version of this Policy, stating the date from which it will operate. Our commitment to your personal information will be governed by the most recent and up-to-date policy in place.
Contacting us
PKF Australia welcomes your comments regarding this Privacy Policy. If you have any questions about this Privacy Policy and would like further information, please contact us via the contact form or by calling us during business hours.