Grange Business Partners
Contact Us Now

Privacy Policy

 Privacy Policy 

Grange Business Partners detailed Privacy Policy, including Online Privacy. 

Grange Business Partners (“GBP”) respects your privacy and your right to know how we handle your personal information. GBP complies with the Privacy Act 1988 (Cth), the Australian Privacy Principles, and where applicable or contractually required – the privacy laws of the various Australian states and territories. This Privacy Policy explains how we handle your personal information.

In this Privacy Policy, ‘GBP’, ‘we’, ‘us’ and ‘our’ refer to the Grange Business Partners Trust (“GBP Trust”) [ABN 48 834 461 387] and includes any entity carrying on business in Australia that is part of the GBP group of entities. 

We may need to update this Privacy Policy from time to time to reflect our current privacy practices or changes in the law, regulations and/or professional standards. When we make any changes to this Privacy Policy, we will post the updated policy on our website. 

 1. Personal information we collect 

We collect different types of personal information depending on the nature of our engagement with you. We may collect your personal information from several different sources including: 

  • directly from you or your authorised representatives 
  • when you use our products or services including our online services 
  • from outside sources and third parties –
    • where you have provided consent 
    • where a third party has notified you that they we provide your data to us, or 
    • where the collection of your information is permitted by law.

Examples of personal information we may collect include: 

  • General identification information such as names, job title, occupation, date of birth and gender. 
  • Contact details such as address, email address, phone and mobile phone number and Internet Protocol (IP) address. 
  • Usernames and passwords. 
  • Educational qualifications, employment history, salary, and background and referee reports. 
  • Payment details including PAYG Payment Summaries, payslips, and other income earning information, for example payment summaries from your employer and super fund, statements from banks and financial institutions showing interest received, employment termination payment summaries, receipts for gifts, donations and work-related expenses. 
  • Information contained in identification documents such as passport or driver’s licence. 
  • Government-issued identification numbers such as tax file numbers. 
  • Financial information such as credit card and bank account details, shareholdings and details of investments (e.g. if you have shares, units, managed funds or other investments, details of dividend payments and distributions from managed funds, any investment gains or losses from the disposal of shares, units and rental properties, including associated income and expenditure). 
  • Details of superannuation and insurance arrangements. 
  • Visa or work permit status and related information. 
  • Information about immigration status. 

It may be necessary in some circumstances for us to collect some forms of sensitive information about you in order to provide specific services to you. Sensitive information includes information about a person’s race, gender diversity, sexual orientation, disability, ethnic origin, political opinions, health, religious or philosophical beliefs and criminal history. We will only collect and use sensitive information with your consent, in accordance with applicable laws or in a de-identified aggregated manner. 

You might need to provide personal information about other individuals to us (e.g. about your spouse, dependants or other family members or employees). If so, we rely on you to have informed those individuals that you are giving their personal information to us, to have advised them about this Privacy Policy and how they can obtain a copy of it and that you have the necessary authority to provide that personal information to us. 

It is important to be aware that if you access another party’s website or application using one of our products or services or via our website, that other party will deal with your personal information in accordance with its own Privacy Policy. You will need to review those websites to view a copy of the relevant Privacy Policy. 

It is generally not practical to remain anonymous or to use a pseudonym when dealing with us as usually we need to use your personal information to provide specific services to you, or which relate to or involve you. 

2. Collecting personal information 

Generally, we collect your personal information from you directly, for example, when we deal with you in person or over the phone, when you send us correspondence (including via email), when you complete a questionnaire, form or survey or when you subscribe to our publications. 

Sometimes we will collect your personal information from public sources, third parties and other outside sources, in circumstances where you would reasonably expect us to collect this information. For example, we may collect your personal information from: 

  • your employer or previous employer, 
  • your referees, 
  • your personal representatives, 
  • another GBP member firm, 
  • a financial advisor, and/or 
  • where you have authorised disclosure to us, from banks, 
  • public registers, 
  • social media and networking sites if your posts, activities and/or profile information are public, 
  • where you have applied for a job or are a current employee – from other persons, such as law enforcement agencies, the Department of Home Affairs, education or other institutions or professional organisations, and with your consent – from background checking service providers. 

We may also collect personal information about you from your use of our websites and social media and information you provide to us through contact mailboxes. 

3. Holding and protecting personal information 

We store information in different ways, including on paper and electronically. In some cases, we engage third parties to host electronic data (including data in relation to the services we provide) on our behalf. 

Protecting your personal information matters to us, and we take all reasonable steps to secure it and protect it from misuse, corruption, loss, unauthorised access and unauthorised disclosure. 

The measures we take to protect your information while we hold it or can access it include: 

  • Security measures to control access to our systems and physical premises 
  • Ensuring third parties engaged by us comply with our privacy standards, obligations, processes and requirements 
  • Privacy and confidentiality requirements, obligations and training applying on a mandatory basis to our staff and contractors
  • Restricting access to personal information 
  • Document storage and security policies 
  • Technological controls such as firewalls, the use of encryption, passwords and digital certificates 
  • Data retention, de-identification, pseudonymisation, and destruction processes 
  • Processes and policies governing the identification, mitigation, management and where appropriate the notification of privacy events and breaches. 

We endeavour to ensure that personal information is kept as current as possible, and that all reasonable steps are taken to ensure that irrelevant or excessive data is deleted or de-identified as soon as reasonably practicable. However, some personal information may be retained for varying time periods in order to comply with legal and regulatory obligations and for other legitimate business reasons. 

4. Purpose for collecting, holding, using and disclosing personal information 

We will only collect, use, hold and disclose your personal information if we have a permitted or lawful reason to do so, or you have otherwise consented. 

The reasons we may collect, hold, use and disclose your personal information include: 

  • To provide our services to you or to our client in accordance with the terms of any engagement letter, service agreement or employment agreement including any related reasons such as payroll, tax, superannuation and accounting services. 
  • To provide, improve and properly manage our products and services and those of other GBP member firms including: o developing new products, 
    • responding to requests or queries, 
    • verifying your identity, 
    • to conduct surveys, and 
    • seeking your feedback. 
  • To maintain contact with our clients and other contacts (including alumni), and keep them informed of our services, industry developments, seminars and other events. 
  • For administrative purposes, including: o processing payment transactions, 
    • charging and billing, 
    • detecting or preventing fraud, and 
    • identifying breaches of our terms and conditions of engagement. 
  • For purposes relating to the employment of our personnel (including Partners), or our clients’ personnel, contractors and sub-contractors including: o recruitment purposes such as pre-employment screening, contacting referees, processing applications, administering psychometric testing, assessment for suitability for future positions, background checks and ongoing analytic purposes such as ensuring we are reaching a diverse range of candidates, 
    • ongoing probity checks for existing personnel, including monitoring of the use of GBP systems, and the use and location of GBP devices, 
    • personnel retention purposes such as workplace diversity, wellbeing and cultural safety checks and initiatives, 
    • providing internal services or benefits to our Partners and staff, and 
    • matters relating to the GBP Trust. 
  • For governance and compliance purposes including: o managing any quality, conduct or risk management issues including conflict of interest or independence (including auditor independence) obligations or situations, 
    • meeting regulatory obligations, and 
    • where we are required to or authorised by legislation or industry code, direction or standard to do so. 
  • For business purposes such as part of an actual (or proposed) acquisition, disposition, merger or de-merger of a business (including GBP’s business) or entering into an alliance, joint venture or referral arrangement. 
  • For development and analytics purposes to develop our expertise and know how, including: o for benchmarking purposes, 
    • development, analytics and business intelligence functions including web site trend and performance analysis. 
    • quality assurance and thought leadership, and 
    • other purposes related to our business. 

We may also use non-personal, de-identified and aggregated information for several purposes including for data analytics, research, submissions, thought leadership and promotional purposes. Any output is anonymised or aggregated so that no personal information or information relating specifically to you is reasonably identifiable. 

GBP may also use your personal information for the purpose of marketing its products, services and offerings to you. This may include products, services and offers provided by our alliance partners. If you do not want to receive marketing material from us, you can contact us as detailed below: 

  • for electronic communications, you can click on the unsubscribe function in communications, 
  • for hard copy communications, you can email GBP unsubscribe@grangebp.com.au , or write to us: 

The Privacy Officer
Grange Business Partners
PO Box 1871
North Sydney NSW 2059 

5. Sharing personal information 

We may share your personal information with other parties including: 

  • Your authorised representatives, advisors and referees, 
  • Personnel within GBP and our professional advisors, 
  • Experts or other third parties contracted as part of an engagement, 
  • Our agents, third party contractors and suppliers that assist us with providing our business processes and products and services, 
  • Nominated superannuation funds, 
  • Other GBP member firms (which includes entities they wholly or dominantly own and control) or GBP International Limited and its affiliates, 
  • Third parties as part of an actual or proposed acquisition, disposition, merger or de-merger of a business (including GBP’s business) or to enter into an alliance, joint venture or referral arrangement, 
  • Other parties including government or regulatory bodies (for example, the Australian Taxation Office, the Australian Securities Investment Commission and The Department of Home Affairs), professional or industry bodies or agencies, as part of an engagement or as required by or in accordance with any industry code or industry standard including foreign authorities or regulators relevant or applicable for the purposes of our provision of services, or 
  • Other parties when you ask us to do so or when you consent to that disclosure. 

Where you are a customer, an employee, a contractor or supplier of services to one of our clients, then we may disclose your personal information as part of providing services to that client. 

We do not disclose personal information to third parties for the purpose of allowing them to send marketing material to you. However, we may share non-personal, de-identified or aggregated information with select third parties for research, development, analytics or promotional purposes other than direct marketing. 

In some cases, the organisations that we may disclose your personal information to may be located in other countries, in particular, the United States, India, The Phillipines and those countries in which our member firms are located or for which GBP has retained service providers and providers which host data on our behalf. 

GBP will transfer personal information to someone who is in a foreign country where: 

a) GBP reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the Australian Privacy Principles; 

b) the individual doesn’t object (thereby consents) to the transfer; 

c) where the person or persons to whom the transfer is taking place is/are directly employed by GBP or by an associated entity of GBP; 

d) where the occurrence of off shoring of services is relative to performing services for client affairs. 

Where we do this, we require these parties to substantively comply with the privacy standards, privacy obligations and privacy laws applicable to GBP, to protect your information and to restrict how your information may be used. 

6. Visiting our website and online 

6.1 Automatic collection of personal information 

Together with our service providers we use cookies, web beacons and other technologies on some of our websites and through email to automatically collect certain types of information. 

The collection of this information allows us to customise and personalise your online experience (including tailoring our online presence) and enhancing your future online experience. We may also use this information for development and analytics purposes. You can tailor your experience with these technologies via the privacy and browser settings on your device or by rejecting the associated cookies. 

6.2 Analytics Tools 

We use analytics tools, such as Google Analytics and Adobe Analytics. To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. More information about how we use Google Analytics can be found at the Google Analytics Terms of Service opens in a new tab page. Adobe also provides a range of opt-out options for Adobe Analytics. 

6.3 Social media widgets and applications 

Some of our websites and services may include functionality to enable information sharing via third party social media applications, such as the Facebook Like button and Twitter widget. 

These social media applications may collect and use information regarding your use of our websites. Any personal information that you provide via such social media applications may be collected and used by members of that social media application separate to us and are subject to the privacy policies of the relevant 

Any personal information that you provide on any GBP social media feature may be shared with other users of that social media feature (unless otherwise stated at the point of collection), over whom we may have limited or no control. 

7. The GBP member firm network associates | business partners 

GBP is a member firm of the Macquarie National Network [www.macquarienational.com.au] and procures the services of Macquarie National Group Pty Limited (“MNG”) and its associates | business partners SR Legal Pty Limited (“SRL”) [www.srlegal.com.au], as represented in our Engagement Letter for client retention. 

8. Children 

We understand the importance of protecting the privacy of children, especially in an online environment. In particular, our websites, products and services are not intentionally designed for, or directed at, children under the age of 13. 

It is our policy to never knowingly collect or maintain information about any person under the age of 13, except as part of a specific engagement to provide services which necessitates such personal information be collected, for example, for the purposes of ensuring compliance with our assurance independence policies, or as otherwise required by law. 

9. Access to personal information 

It’s important that you make sure the personal information we hold about you is accurate, up to date and complete. If any of your details change or if you believe that any personal information GBP has collected about you is inaccurate you can contact us by email and we will take reasonable steps to correct it in accordance with the requirements of the Privacy Act. 

You can request access to your personal information that we hold about you. We may charge reasonable costs for providing you access to your personal information. 

10. Complaints 

You can notify us of any complaint you may have about our handling of your personal information via email or by writing to us. 

Following your initial contact, you will be asked to set out the details of your complaint in writing in a form provided. 

We will endeavour to reply to you within 30 days of receipt of the completed complaint form and, where appropriate, will advise you of the general reasons for the outcome of the complaint. 

While we hope that we will be able to resolve any complaints you may have without needing to involve third parties, if you are not satisfied with the outcome of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner. 

11. Credit Card Information 

Where you choose to pay tax invoices by way of credit card, your credit card details will immediately be entered into the ‘PayWay’ payment facility operated by Westpac Banking Corporation, or another financial institution from time to time. The PayWay facility uses a 128-bit Secure Socket Layer encryption technology as part of its security mechanism. 

Your credit card details are not retained or stored by GBP, unless you request and we facilitate same, therefore, GBP will be required to obtain such information from you each time you choose to make a payment for services by way of credit card. 

Whilst GBP make reasonable endeavours to ensure security of your personal information, it is a preference that you telephone the relevant contact at GBP to provide your credit card details, appose to by way of written communication. 

12. Collection of Third-Party Information 

During your relationship with GBP, it may be necessary for you to disclose personal information about someone else (eg Your spouse) or perhaps an entity to which you are related (eg a Company, Partnership, Trust or Self-Managed Superannuation Fund) (the “Third Party Information”). 

Should you provide GBP with Third Party Information you must ensure that you are authorised by that third party to provide such information and you must take all reasonable steps to ensure that the third party concerned is aware of same. 

Any Third-Party Information will be afforded the same protection under this Privacy Policy. 

13. Use and disclosure of your personal information 

GBP may use your personal information to: 

a) supply to you the services that you request; receive and/or access information from third party providers for the provision of services to you; 

b) contact you regarding your use of the services or services offered by GBP; 

c) contact you in relation to comments, complaints, enquiries or dispute resolution; collect payments from you; 

d) communicate with third party providers or associate parties with respect to the provision of the services; and 

e) send you marketing communications. 

The types of marketing communications GBP may distribute to you include, but are not limited to: 

f) newsletters; 

g) bulletins and alerts regarding changes to legislation; 

h) invitations to seminars, functions and events; 

i) updates for typical matters | issues; 

j) review and or a synopsis of the matters of affect for the Australian Budget 

k) updates following any Reserve Bank if Australian press release; 

l) general announcements at both a state and federal kevel for any proposed legislative issues that may be the subject of review and or legislation; and 

m) information about changes to the services provided. 

From time to time, GBP may engage a third-party marketing organisation or organisations to undertake marketing on their behalf and it may be necessary to provide them with your personal information. In these circumstances, GBP will use reasonable endeavours to ensure that the third-party organisation engaged will accept the obligations conferred on GBP under this Privacy Policy as their own obligation. 

GBP will not disclose personal information about you, unless it is required, incidental or otherwise related to the primary purpose of providing services to you. 

However, GBP may disclose your personal information to its member firm network associates | business partners who can assist them to provide services to you as a client. 

14. Use and disclosure of your personal information that is required to do so by law 

GBP to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend its legal rights. 

GBP is not liable for how a third party uses your personal information if the personal information has been disclosed in accordance with this Privacy Policy. 

GBP may be compelled by law to disclose your personal information and be required to not inform you of the compulsion. 

15. Use and disclosure of your personal information that is required to pursuant to professional standards 

GBP quality control procedures have been established and maintained in accordance with APES 320 Quality Control for Firms and, as a result, GBP files may be subject to review under the Chartered Accountants Australia and New Zealand [“CAANZ”] Quality Control Review Program which monitors compliance with professional standards by its members. 

If requested, our files will be made available to the CAANZ under this program. 

We will advise you if this should occur. 

A CAANZ Quality Review Programme [QRMP”] is a practice review program for members holding a Certificate of Public Practice (“CPP”) to assess their quality management systems, ensure compliance with mandatory standards and ethical codes, and maintain high professional standards for clients. Members are selected randomly for these reviews, which involve an experienced reviewer examining engagement files and firm manuals to identify areas for improvement and generally occur in five (5) year intervals for a CPP member. 

If you have any questions in relation to this Privacy Policy or our management of your personal information you can contact us by email or write to us. 

The Privacy Officer
Grange Business Partners
PO Box 1871
North Sydney NSW 2059 

16. Privacy Policy Updates 

This Privacy Policy was updated in November 2024 and more recently (last update) in October 2025. 

17. Privacy Policy GBP Right of Change – Privacy Notice 

This Privacy Policy may change from time to time, and you agree to any future changes to this Privacy Policy as posted on the GBP website. GBP will reasonably endeavour to notify you of such changes, nevertheless, it is recommended that you keep a copy of this Privacy Policy and any subsequent versions for your own records. 

“Personal Information” is information GBP holds which is identifiable as being about you. 

We may update this Privacy Policy at any time by publishing an updated version on our website: https://grangebp.com.au/privacy-policy/ and as such, any updated version remains the exclusive right of GBP for update. 

We recommend that you check this page (website) from time to time to inform yourself of any changes in this Privacy Notice. 

Grange Business Partners (C) 2025 All Rights Reserved.