Privacy Policy

Effective Date: 27 November 2025

1. Introduction
This Privacy Policy outlines how AMD Accounting & Business Advisory (ABN 32 692 121 878) a trading business of AMD Advisory Group Pty Ltd (ACN 692 121 878) and AMD AA Tax (ABN 93 671 788 355) a trading business of The Accounting Academy Services Pty Limited (ACN 671 788 355) (“we”, “us”, “our”) collects, uses, and protects personal information submitted through our website or provided during the course of our professional services.

We are a member of Chartered Accountants Australia and New Zealand (CA ANZ), and professional liability is limited by a scheme approved under Professional Standards Legislation.

2. Collection of Personal Information
We may collect personal information including, but not limited to:

  • Name, email, phone number, and company details submitted via contact forms or email;

  • Information provided during the provision of professional services;

  • Technical information automatically collected via the website (IP address, browser type, device information, and analytics data);

  • Payment details if the Client chooses to pay electronically (note: credit card information is processed securely by third-party payment providers).

3. Use of Personal Information
We may use personal information to:

  • Respond to inquiries and requests;

  • Provide accounting, tax, business advisory, and other professional services;

  • Process payments, including passing on any applicable merchant/payment processing fees;

  • Send updates, newsletters, or marketing communications where consent is given;

  • Comply with legal, regulatory, or professional obligations.

4. Disclosure of Personal Information
We do not sell, trade, or rent personal information. We may disclose personal information to:

  • Third-party service providers assisting in delivering our services (e.g., IT, cloud storage, payment processors). Some of our third-party service providers (such as cloud accounting or storage platforms) may store data on servers located outside of Australia. We take reasonable steps to ensure these providers comply with privacy standards equivalent to the Australian Privacy Principles.;

  • Government, regulatory, or legal authorities where required by law;

  • Any other party with your consent or as permitted by law.

5. Storage and Security

  • We implement reasonable technical, administrative, and organizational measures to protect personal information from unauthorized access, use, disclosure, or destruction.

  • Personal information collected electronically is stored securely on our servers or with third-party providers who maintain appropriate safeguards.

  • In the event of a data breach that is likely to result in serious harm to individuals, we will notify the affected individuals and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches (NDB) scheme.

6. Retention of Personal Information

  • Personal information is retained only for as long as necessary to provide services or comply with legal obligations.

  • When no longer required, personal information is securely deleted or de-identified.

7. Access and Correction

  • You may request access to, or correction of, your personal information by contacting us at hello@amdadvisory.com.au.

  • We will respond to requests in a timely manner and in accordance with applicable privacy legislation.

8. Cookies and Analytics

  • Our website may use cookies or other tracking technologies to improve user experience and site functionality.

  • No personally identifiable information is collected via analytics without your consent.

  • You may manage cookie preferences through your browser settings.

9. Third-Party Links

  • Our website may contain links to third-party websites. We are not responsible for their privacy practices or content.

10. Merchant Payment Fees

  • Payment details are securely processed via third-party providers; we do not store complete credit card information on our servers.

11. Changes to this Privacy Policy

  • We may update this Privacy Policy from time to time.

  • Updates will be posted on this page with the revised effective date.

12. UK GDPR Supplement - United Kingdom Clients and Personal Data

  • This section applies in addition to the Australian Privacy Policy where personal data relates to individuals located in the United Kingdom.

  • For individuals located in the United Kingdom, personal data is processed only where a lawful basis applies under the UK General Data Protection Regulation (UK GDPR). The lawful bases relied upon include:

    • Performance of a contract – where processing is necessary to provide accounting, tax, advisory, CFO/COO or related professional services requested by the client;

    • Legal obligation – where processing is required to comply with taxation, regulatory, anti‑money laundering, or professional obligations;

    • Legitimate interests – where processing is necessary for the operation, security, and improvement of our business, provided those interests are not overridden by the rights of individuals; and

    • Consent – where required by law, including for marketing communications.

  • In addition to rights under Australian privacy laws, individuals located in the United Kingdom have the following rights under the UK GDPR:

    • the right to access personal data held about them;

    • the right to request correction of inaccurate or incomplete personal data;

    • the right to request erasure of personal data (“right to be forgotten”), subject to legal limitations;

    • the right to restrict processing of personal data in certain circumstances;

    • the right to object to processing, including processing based on legitimate interests;

    • the right to data portability, where applicable;

    • the right not to be subject to automated decision‑making, including profiling (note: we do not undertake automated decision‑making); and

    • the right to withdraw consent where processing is based on consent.

    Requests may be made using the contact details set out below.

  • Individuals located in the United Kingdom also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

  • Where a personal data breach involves United Kingdom‑related personal data and triggers notification obligations under the UK GDPR, the relevant UK supervisory authority will be notified without undue delay and, where feasible, within 72 hours of becoming aware of the breach. Affected individuals will also be notified where the breach is likely to result in a high risk to their rights and freedoms.

  • Where personal data relating to UK individuals is transferred outside the United Kingdom, we take reasonable steps to ensure appropriate safeguards are in place, including contractual protections and security standards consistent with UK data protection requirements.

  • UK Representative

    AMD Advisory does not have a permanent establishment in the United Kingdom.

    Based on the nature, scope and context of the services provided, which are business‑to‑business professional advisory services provided on an occasional basis, AMD Advisory considers that the requirement to appoint a UK representative under Article 27 of the UK GDPR does not apply at this time.

    This position is kept under review and will be reassessed if the nature or scale of UK‑related services changes.

13. Contact Us
For questions about this Privacy Policy or your personal information:
AMD Accounting & Business Advisory (ABN 32 692 121 878) a trading business of AMD Advisory Group Pty Ltd (ACN 692 121 878) and
AMD AA Tax (ABN 93 671 788 355) a trading business of The Accounting Academy Services Pty Limited (ACN 671 788 355)
Email: hello@amdadvisory.com.au
Phone: (02) 9059 8257
Address: 18 Hannah Street, Beecroft, NSW 2119