Client Login

Privacy Policy

Privacy Statement

Apiary Financial (ABN: 67 945 835 387) Apiary Financial Pty Ltd (ABN: 95 694 420 936 ), Apiary Financial Planning Pty Ltd (ABN: 18 010 821 360) and Apiary Financial Planning Pty Ltd ATF McGarry (Brisbane) Unit Trust (ABN: 41 909 177 441) (“Apiary Financial”) respect and value our professional relationships with our clients and are committed to protecting the privacy and confidentiality of information we collect from you.

We are bound by, and committed to supporting, the Privacy Act 1988 (Cth), including all amendments up to and including the 2024–2025 reforms, and the Australian Privacy Principles (APPs), which set the standards for accessing, collecting, storing, and using personal information.

Collection of Information

We will take all reasonable steps to ensure that when collecting personal information about you, you are aware of:

  • Our identity and contact details
  • The purpose for which we are collecting the information
  • Your ability to access the information collected
  • Any third-party organisations to which that information may be disclosed
  • Any law that requires the information to be collected
  • The consequences (if any) for you if the information is not provided
  • That you have a right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe your information has been mishandled.

Collection of Sensitive Information

We take particular care when collecting sensitive information and will not use or disclose such information unless you have expressly consented or it is required or authorised by law. Where practicable, we will offer you the ability to withhold sensitive information and explain any consequences of doing so.

Use and Disclosure of Information

Apiary Financial will not use or disclose any personal information if a request has been made not to do so.

We will not use your personal information for purposes unrelated to the provision of our services without your explicit consent, unless permitted by law.

 

Regulatory Disclosures

In addition to disclosures described elsewhere in this policy, we may disclose personal information where required or authorised by Australian law or a court/tribunal order. This can include obligations under financial services, taxation and anti-money laundering/counterterrorism financing laws.

Automated Decision Making and Profiling

We may use analytical tools to help us evaluate risks, service quality and client needs. We do not rely solely on automated decisionmaking to make decisions that have legal or similarly significant effects for you. Where automated processes are used to inform decisions, you may request an explanation of the process and a review by a human.

Security of Personal Information

  • Firewalls
  • Secure computer network
  • Secure electronic document transfer facilities
  • Password protection on all personal computers
  • Multi-factor authentication
  • Regularly updated virus protection software
  • Controlled access to the premises
  • 24 hour security system
  • Data Loss Prevention (DLP) tools and encryption for all portable storage and transmission

Access to Personal Information

If you require access to your personal information, please contact us in writing. For security purposes, we will require proof of your identity before releasing any information.

We aim to respond to all access requests within 30 calendar days, in accordance with OAIC best practice.

Types of Personal Information We Collect

We may collect personal information such as identification and contact details (e.g., name, postal address, email, phone), financial and investment information, employment and income details, taxation and superannuation information, identity verification information (e.g., driver licence or passport details), and information contained in statements, application forms and supporting documents you provide to us.

We may also collect sensitive information where necessary and permitted by law (for example, health or medical information relevant to insurance or claims), and we take additional care when handling such information.

Information About Children and Vulnerable Persons

Our services are primarily directed to adults. Where we collect personal information about a minor or a person who may require a representative, we will seek the consent of a parent, guardian or authorised representative where appropriate, and we will take particular care in how we handle that information.

Third Party Service Providers

We may utilise outsourced service providers and cloud computing service providers, including:

  • XERO, FYI Docs, Class Super, Xero, QuickBooks Online, Annature, MYOB, CAS360 and others, with servers hosted by AWS in various locations as our platform for invoicing, accessing your Xero ledger, workflow management and also storing client information
  • IGNITION with servers hosted by AWS in various locations as our client engagement, invoicing, payment and service management tool
  • and other third parties from time to time and as separately notified to you
  • Our firm utilises an outsourcing service based in India for the basic compilation of annual financial statements and tax returns. All work is performed on servers hosted within Australia and is monitored, reviewed, and completed by us. Signing this engagement is an acceptance of the use of our outsourcing services for this engagement.

To perform the services, we may provide these third parties with access to your data to the extent this is required to perform the services.

Your data will be stored in servers physically located in Australia (unless otherwise specified) and in accordance with the security practices of the third-party service provider and our Privacy Policy. 

Cloud Hosting and Data Location

We may store personal information in cloud-based systems operated by reputable providers. Data may be hosted in Australia or in other countries. Where information is stored or accessed overseas, we take reasonable steps to ensure that appropriate contractual, technical and organisational safeguards are in place so that the information is handled in a manner consistent with the Australian Privacy Principles.

Data Retention and Destruction

We only keep personal information for as long as it is reasonably necessary for the purposes described in this policy, or as required by law or professional standards (for example, financial services and taxation recordkeeping obligations).

When information is no longer required, we will take reasonable steps to securely destroy or deidentify it. Secure destruction may include shredding of physical records and digital erasure methods designed to prevent recovery.

Website

Our ISP also collects anonymous information only used for statistical and website development purposes.

We do not use website analytics or cookies to identify individual users unless required for fraud prevention, cyber security, or where authorised by law.

Cookies and Website Analytics

For more details about how we use cookies, a copy of our Cookie Policy is available upon request or via our website: https://apiaryfinancial.com.au/cookie-policy/

You have the right to opt out of non-essential cookie tracking, and we will provide clear options to manage these preferences.

Direct Marketing and Opt Out

We may use your contact details to provide you with information about products and services that may be of interest to you. You may opt out of receiving direct marketing communications at any time by using the unsubscribe link in our emails or by contacting us using the details in the ‘Complaints Resolution’ section. We will action your request as soon as practicable. We do not sell personal information for marketing purposes.

Sending Information Overseas

We will take reasonable steps to ensure the recipient is subject to laws or privacy principles similar to the APP, and that your personal information will not be used or disclosed by the recipient in a way that contravenes the APP.

Where data is transferred overseas, we will include appropriate contractual safeguards and conduct a risk assessment of the destination country, in accordance with OAIC cross-border disclosure guidelines.

Employee and Pre‑Employment Background Checks

We may collect, use, and disclose personal information about current and prospective employees for the purpose of recruitment, employment, and workforce management. This may include conducting background checks such as verification of identity, qualifications, employment history, professional registrations or memberships, and, where permitted by law and relevant to the role, criminal history checks. Background checks are only conducted with the individual’s consent, and the information collected is limited to what is reasonably necessary for assessing suitability for employment or ongoing engagement. All personal information obtained through this process is handled confidentially and in accordance with applicable Australian privacy and employment legislation.

Staff Training and Access Controls

Access to personal information is restricted to personnel who require it to perform their roles. We maintain role-based access controls, multifactor authentication for privileged systems, and logging and monitoring of access where appropriate. All staff receive periodic privacy and cybersecurity training and must comply with our internal policies and codes of conduct.

Data Breach Response

We take suspected data breaches seriously. If we become aware of unauthorised access to, disclosure of, or loss of personal information that is likely to result in serious harm, we will assess the incident promptly and notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches scheme. We will also provide guidance on steps you can take to protect yourself.

Complaints Resolution

If you have any queries, concerns or complaints regarding any aspect of this policy, please contact us in writing:


Email: info@apiaryfinancial.com.au


Mail: PO Box 1144, Milton QLD 4064

You may also submit a complaint directly to the Office of the Australian Information Commissioner (OAIC) using their online form at: www.oaic.gov.au/privacy/privacy-complaints/

Further Information

Should you wish to obtain further information about the privacy legislation or the Australian Privacy Principles, we recommend that you visit the Office of the Australian Information Commissioner (OAIC) website at www.oaic.gov.au.

 

Consent

By using our website, you consent to the collection, use, and storage of your information by us in the manner described in this Privacy Policy.

Amendments to this Policy

We constantly review policies and procedures to ensure our standards reflect any changes in law, technology, or the market.

This version was last updated on 25 February 2026 and reflects the current requirements under the Privacy Act 1988 (Cth).