GCS Agile Pty Ltd (ABN 61 104 639 063) (we or us) is a provider of seamless technology services to its financial services clients. The services we provide through our website www.crs-fatca-reporting.com.au (the Website) are designed to generate electronic reports (from data uploaded by our clients) in a format complying with international tax reporting requirements (Compliance Reports). These services (Services) involve the processing and storage of data about a company or individual – which may include your personal information.
If you represent a client of ours using the Services (Client), then:
We may change this policy at any time by posting the amended policy on this Website. We will make every effort to notify you by email, or notice on the Website, if the changes are significant, but you should also check the Website regularly to ensure that you are aware of any changes to this policy.
Personal information includes information or an opinion about an identifiable individual. In providing the Services to our Clients, we may collect the following types of personal information about you:
We may collect personal information about you when:
If you (as a Client Representative) provide personal information to us about a Client Customer or any other another person, you must:
You can choose not to provide your personal information to us, but if you are Client Representative, that will make us unable to provide the Services to you.
A cookie is a packet of information sent by a server to an Internet browser and then returned by the browser each time it accesses the server. Cookies are used to remember visitors within a session and to facilitate transaction functions. You can deactivate cookies through your browser, but this may interfere with this Website’s performance.
Web beacons (also known as web bugs, pixel tags or clear GIFs) are transparent graphic images on a web site. They are typically used by a third party to monitor the activity of a site. Information collected by web beacons may include the Internet Protocol address of the computer that retrieved the image or the time the web beacon was viewed and for how long.
We may collect, store, use and disclose your personal information to:
We store all personal information collected by us through this Website or the Services, using Amazon Web Services (AWS) hosting services. Such information is stored only in AWS data centres located in Sydney, Australia and is not transferred overseas.
We retain your personal information only for so long as required for the above purposes. You acknowledge that we may need to keep some of your personal information for a period required by law, including under corporations, money laundering, and financial reporting legislation.
We may disclose your personal information for the purposes described in this policy to:
As mentioned, details of any credit card nominated/used by you to pay for the Services are supplied direct to our payment processor, NAB. We do not receive or store such information.
We hold your personal information in electronic form. We engage AWS to store your information securely. AWS provides a network of secure data centres and takes very seriously the confidentiality, integrity, and availability of customer data and the maintenance of customer trust and confidence. For more details of AWS's security processes, please refer to the AWS Security White Paper and the AWS Security Web Pages. The IT infrastructure used by AWS is designed and managed in alignment with security best practices including (among other standards), SOC1, SOC 2, SOC3, ISAE 3402, PCI DSS Level 1, the EU Model Clauses and ISO 27001.
NAB, as our third party payment processing provider (who holds your credit card details used to pay for the Services), also treats security of personal information with the utmost importance and maintains PCI DSS Compliance and compliance with a range of other industry best practice security standards. See www.nab.com.au for more details.
Otherwise, we are committed to protecting the security of your information and we take all reasonable steps to protect it from misuse, interference and loss and unauthorised access, modification or disclosure. We apply safeguards at a physical, administrative, personnel and technical level to protect your information, including using strong encryption.
We cannot, however, guarantee that your information will be secure at all times, as the Internet is not a secure environment. You therefore transmit personal information over the Internet at your own risk and should only upload personal information to the Services from within a secure environment. If you are a Client Representative, you must also ensure that you keep your log-in credentials (including user name and password) safe and secure. You must notify us as soon as possible if you become aware of any misuse of those credentials, and immediately change them (which you may do when you are logged in).
We will notify you as soon as reasonably possible if we discover a security breach which causes your personal information to be lost or stolen, or accessed, used, disclosed, copied, modified, or disposed of by any unauthorised person or in any unauthorised way.
We do not disclose your personal information outside Australia.
Our Website may contain links to other websites, which are provided for your convenience only. We do not endorse (and are not responsible or liable for) the operation of, or security measures applied to, those websites. If you choose to access them, you do so at your own risk and subject to the relevant third party’s terms and conditions and privacy policies.
You must ensure that personal information you provide to us is accurate, complete and current. If you are a Client Representative, you can access and update some of your personal information through the "Account" page when logged into the Website. You may also request access to information we hold about you, or request that we update or correct it, by sending a written request (see our contact details below).
We will process your request as soon as practicable, so long as we are not prevented from doing so by legal impediments. If we cannot process your request (or do so promptly), we will tell you why. For example, if you are a Client Customer, we may need to liaise with the relevant Client to verify the updates. We may also need to verify your identity when you request access or updates to your personal information.
Sometimes, we may not be able to provide you with access to all of your personal information. If that’s the case, we will again tell you why.
We may send you notices, alerts, marketing material, service updates, administrative messages, and other information from time to time in relation to the Services. You can opt out of communications that are not important to our ability to provide the Services, by following the instructions in the communication, or contacting us (see our contact details below).
To report an actual or suspected privacy breach, or to lodge a complaint about our handling of your personal information, please provide full details (along with any supporting documentation and your full contact details) using our contact details below.
We will take all reasonable steps to:
If you believe we have not resolved your issue satisfactorily, we will inform you of further steps you may take.
If you have any queries about this policy please contact us:
For more information about your privacy rights, or protecting / making a complaint regarding your privacy, visit the Office of the Australian Information Commissioner website at https://www.oaic.gov.au/.