IDA Logo

Privacy Policy

Privacy and Data Use Policy

Digital Audit Australia Pty Ltd (ABN 51 636 898 685) (“we”, “us” or the “Company”) is committed to privacy protection. We understand the importance of keeping personal information private and secure. This policy (“Policy”) describes generally how we manage personal information and safeguard privacy. If you would like more information, please don’t hesitate to contact us.

This Policy forms part of and is subject to the provisions of our Terms of Use (

The Australian Privacy Principles

We will treat all personal information in accordance with any and all obligations that are binding upon us under the Privacy Act 1988 (Cth) (“Privacy Act”). The Privacy Act lays down 13 key principles in relation to the collection and treatment of personal information, which are called the “Australian Privacy Principles”.

What is "personal information"?

Personal information held by the Company may include:
  • name and date of birth;
  • residential and business postal addresses, telephone/mobile/fax numbers and email addresses;
  • bank account and/or credit card details for agreed billing purposes;
  • any information that you provided to us by you during your account creation process or added to your user profile;
  • preferences and password for using this site and your computer and connection information; and
  • any information that you otherwise share with us.

How we may collect Personal information

We only collect personal information that is necessary for us to conduct our business as a Provider of Digital Audit Services.

Information that you provide to us

We may collect personal information that you provide to us when you:

  • Use our website, including (without limitation) when you:
    • create a user account;
    • add information to your user profile;
    • purchase any products and/or services through this site;
    • register for access to premium content or request certain premium features; or
    • complete an online contact form to contact us;
  • provide information to us by telephone or through marketing or application forms; or
  • send us an email or other communication.

IP addresses

We may also collect Internet Protocol (IP) addresses. IP addresses are assigned to computers on the internet to uniquely identify them within the global network. The Company collects and manages IP addresses as part of the service of providing internet session management and for security purposes. The Company may also collect and use web log, computer and connection information for security purposes and to help prevent and detect any misuse of, or fraudulent activities involving, this site.

How we may use Personal information

Personal information may be used in order to:

  • verify your identity;
  • process any purchases of products and/or services that you may make through this site, including charging, billing and collecting debts;
  • make changes to your account;
  • respond to any queries or feedback that you may have;
  • conduct appropriate checks for credit-worthiness and for fraud;
  • prevent and detect any misuse of, or fraudulent activities involving, this site;
  • conduct research and development in respect of our products and/or services;
  • gain an understanding of your information and communication needs or obtain your feedback or views about our products and/or services in order for us to improve them; and/or
  • maintain and develop our business systems and infrastructure, including testing and upgrading of these systems,

and for any other purpose reasonably considered necessary or desirable by the Company in relation to the operation of our business.

From time to time we may email you with information and offers relating to our own products/services or those of selected partners. Personal information may also be collected so that the Company can promote and market products and services to you. This is to keep you informed of products, services, and special offers we believe you will find valuable and may continue after you cease acquiring products and services from us. If you would prefer not to receive promotional or other material from us, please let us know and we will respect your request. You can unsubscribe from such communications at any time if you choose.

When we may disclose Personal information

In order to deliver the products/services you require or for the purposes set out above, the Company may disclose personal information to organisations outside the Company. Personal information may be disclosed to these organisations only in relation to this site, and the Company takes reasonable steps to ensure that these organisations are bound by confidentiality and privacy obligations in relation to the protection of Personal information. These organisations may carry out or provide:

  • customer enquiries;
  • mailing systems;
  • billing and debt-recovery functions;
  • information technology services;
  • marketing, telemarketing and sales services;
  • market research; and
  • website usage analysis.

In addition, we may disclose Personal information to:

  • your authorised representatives or legal advisers (when requested by you to do so);
  • credit-reporting and fraud-checking agencies;
  • credit providers (for credit-related purposes such as creditworthiness, credit rating, credit provision and financing);
  • our professional advisers, including our accountants, auditors and lawyers;
  • government and regulatory authorities and other organisations, as required or authorised by law;
  • organisations who manage our business strategies, including those involved in a transfer/sale of all or part of our assets or business (including accounts and trade receivables) and those involved in managing our business risk and funding functions; and
  • With Law Enforcement Agencies: In response to a request for information by competent authority if we believe disclosure is in accordance with the efficient administration of justice, or is otherwise required by, any applicable law, regulation, ordinance, licence, operating agreement, or legal process;

Contacting us about privacy

If you would like more information about the way we manage personal information and Data please contact us by email or by post.

Access to Personal information

In most cases, you may have access to personal information that we hold about you. We will handle requests for access to Personal information in accordance with the Australian Privacy Principles. All requests for access to Personal information must be directed to the Privacy Officer by email or by writing to us at our postal address. We will deal with all requests for access to personal information as quickly as possible. Requests for a large amount of information, or information that is not currently in use, may require further time before a response can be given. We may charge you a fee for access if a cost is incurred by us in order to retrieve your information, but in no case will we charge you a fee for your application for access.

In some cases, we may refuse to give you access to personal information that we hold about you. This may include circumstances where giving you access would:

  • be unlawful (eg, where a record that contains personal information about you is subject to a claim for legal professional privilege by one of our contractual counterparties);
  • have an unreasonable impact on another person’s privacy; or
  • prejudice an investigation of unlawful activity.

We may also refuse access where the personal information relates to existing or anticipated legal proceedings, and the information would not be accessible by the process of discovery in those proceedings.

If we refuse to give you access, we will provide you with reasons for our refusal.

Correcting Personal information

We will amend any personal information about you that is held by us and that is inaccurate, incomplete or out of date if you request us to do so. If we disagree with your view about the accuracy, completeness or currency of a record of Personal information that is held by us, and you ask us to associate with that record a statement that you have a contrary view, we will take reasonable steps to do so.

Storage and security of Personal information

We are committed to maintaining the confidentiality of the information that you provide us and we will take all reasonable precautions to protect Personal information from unauthorised use or alteration. In our business, personal information may be stored both electronically (on our computer systems and with our website hosting provider) and in hard-copy form. Firewalls, anti-virus software and email filters, as well as passwords, protect all of our electronic information. Likewise, we take all reasonable measures to ensure the security of hard-copy information.

Third party websites

You may click-through to third party websites from this site, in which case we recommend that you refer to the privacy statement of the websites you visit. This Privacy Policy applies to this site only and the Company assumes no responsibility for the content of any third-party websites.


We may use the Google AdWords and/or Facebook re-marketing services to advertise on third party websites to previous visitors to this site based upon their activity on this site. This allows us to tailor our marketing to better suit your needs and to only display advertisements that are relevant to you. Such advertising may be displayed on a Google search results page or a website in the Google Display Network or inside Facebook. Google and Facebook may use cookies and/or pixel tags to achieve this. Any data so collected by Google and/or Facebook will be used in accordance with their own respective privacy policies. None of Personal Google and/or Facebook information is reported to us.

Use of Accessed Data

DAPL represents and warrants that in collecting, compiling, reproducing, storing and distributing Data, DAPL will at all times:

  • safeguard the Data, and protect it against disclosure, misuse, espionage, unauthorized access, loss and theft;
  • implement technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with all applicable law;
  • use the Data only for the purposes of providing DAPL Services.

Data may be transferred out Australia in accordance with DAPL’s normal business activities and such Data may be stored, processed or accessed in the Philippines. United States of America, Canada, EU and the UK. 

DAPL will ensure that adequate safeguards are in place for such transfer and comply with the Privacy Act and applicable privacy codes.

Privacy Incidents and Compromises

In the event DAPL discovers, is notified of or reasonably suspects a Privacy Incident (as defined below) or Compromise (as defined below), DAPL will notify Client as soon as reasonably practicable and in any event within twenty-four hours of the discovery, notification or suspicion.

“Privacy Incident” means any incident involving the accidental, unlawful or unauthorized destruction, loss, alteration, disclosure of, or access to: (i) Personal Data or other Data;

“Compromise” means the unauthorized access to the computer network or systems or files of DAPL (or of DAPL’s subcontractors or providers) whether temporary or not that contain: (i) Personal Data or other Data; or (ii) Confidential Information.

DAPL shall disclose the occurrence of any Privacy Incident or Compromise to third parties in compliance with applicable law which includes.  

DAPL will cooperate with Client in good faith to incorporate Client’s reasonable feedback in determining whether disclosure is necessary under applicable law and provide Client with access to a member of DAPL’s senior management, and if applicable the Privacy Officer appointed by DAPL, for the purpose of such discussions. 

For any Privacy Incident and any Compromise, DAPL will

  • investigate such breach or potential breach and perform a root cause analysis thereon;
  • remediate the effects of such breach or potential breach of security;
  • provide Client with reasonable assurances as Client shall request that such breach or potential breach shall not recur; and
  • on an ongoing basis, inform Client of any impact and/or damage to the Client or its customers. DAPL agrees it will fully comply with, assist, and facilitate Client’s investigation of any Privacy Incident or Compromise about which DAPL has notified Client, or which Client’s reasonably identifies as connected to DAPL. 

If Client determines that any Privacy Incident or Compromise must be disclosed to a third party, including Data Subjects or governmental authorities, then DAPL shall fully cooperate with and assist Client in fulfilling reporting and disclosure obligations and provide Client with access to a member of DAPL’s senior management for the purposes of such discussions. 


The Company welcomes the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) as an important step forward in streamlining data protection globally. We intend to comply with the data handling regime laid out in the GDPR in respect of any personal information of data subjects in the EU that we may obtain. If you are based in the EU the following GDPR rights will also apply.

GDPR rights

The requirements of the GDPR are broadly similar to those set out in the Privacy Act and include the following rights:

  • you are entitled to request details of the information that we hold about you and how we process it. For EU residents, we will provide this information for no fee;
  • you may also have a right to:
    • have that information rectified or deleted;
    • restrict our processing of that information;
    • stop unauthorised transfers of Personal information to a third party;
    • in some circumstances, have that information transferred to another organisation; and
    • lodge a complaint in relation to our processing of Personal information with a local supervisory authority; and
  • where we rely upon your consent as our legal basis for collecting and processing your data, you may withdraw that consent at any time.

If you object to the processing of Personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. However, please be aware that:

  • such objection or withdrawal of consent could mean that we are unable to provide our services to you, and could unduly prevent us from legitimately providing our services to other customers/clients subject to appropriate confidentiality protections; and
  • even after you have chosen to withdraw your consent, we may be able to continue to keep and process Personal information to the extent required or otherwise permitted by law, in particular:
    • to pursue our legitimate interests in a way that might reasonably be expected as part of running our business and which does not materially impact on your rights, freedoms or interests; and
    • in exercising and defending our legal rights and meeting our legal and regulatory obligations.

Storage and processing by third parties

Data that we collect about you may be stored or otherwise processed by third party services with data centres based outside the EU, such as Google Analytics, Microsoft Azure, Amazon Web Services, Apple, etc and online relationship management tools. We consider that the collection and such processing of this information is necessary to pursue our legitimate interests in a way that might reasonably be expected (eg, to analyse how our customers/clients use our services, develop our services and grow our business) and which does not materially impact your rights, freedom or interests.

The Company requires that all third parties that act as “data processors” for us provide sufficient guarantees and implement appropriate technical and organisational measures to secure your data, only process personal data for specified purposes and have committed themselves to confidentiality.

Duration of retention of data

We will only keep data for as long as is necessary for the purpose for which it was collected, subject to satisfying any legal, accounting or reporting requirements. At the end of any retention period, data will either be deleted completely or anonymised (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning). In some circumstances, you can ask us to delete data.

Changes to this Privacy Policy

From time to time, it may be necessary for us to revise this Privacy Policy. Any changes will be in accordance with any applicable requirements under the Privacy Act and the Australian Privacy Principles. We may notify you about changes to this Privacy Policy by posting an updated version on this site.

* * * *

If you require any further information about the Privacy Act and the Australian Privacy Principles, you can visit the Office of the Australian Information Commissioner website (see

Current on and from 1April 2021