Privacy Policy

AccGuru respects your personal information, and this Privacy Policy outlines our obligation to protect and manage it. We are committed to ensuring the safekeeping and proper handling of personal information in line with this commitment; we adhere to ISO 27001 compliant security measures, which govern the manner in which we collect, use and disclose, secure and dispose of your personal information. Our practices ensure that your personal information is managed with the highest standards of privacy and security.

AccGuru does not contact your clients directly or indirectly. Any client information is collected through your firm. The information we are provided includes:

• Names, Addresses, Dates of Birth, and Places of Birth
• Employment details
• Personal Health and Insurance Information
• Financial information such as income, expenses, retirement accounts, and investment details

We collect personal information for the primary purpose of completing the jobs and/or delivering our services to you. We may also use this information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure.

You may unsubscribe from our mailing lists at any time by contacting us in writing or clicking on the "Unsubscribe" link at the bottom of marketing emails sent from us.

When collecting personal information, we will, where appropriate and possible, explain why we are collecting it and how we plan to use it.

AccGuru provides Business Process Outsourcing solutions in areas including Accounting, Compliance, Operational and Administrative processes for businesses in:

• Accounting
• Financial-planning
• Mortgage Brokering
• Legal firms/law Firms
• Operations
• Small to Medium Businesses

The personal information collected is only used to facilitate one or all of the above services to your firm as requested by you. AccGuru only uses personal information:

• For the primary purpose for which it was obtained
• For a secondary purpose that is directly related to the primary purpose
• With your consent, or where required or authorised by law

Where reasonable and possible, we will collect your personal information only from you; however, in certain circumstances, we may be provided with information from third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

AccGuru will only provide information to the staff that relate specifically to the jobs requested by your firm. The information will not be provided or sold to other institutions. If there is a legal situation/requirement, the information may be provided in accordance to the law.

AccGuru stores all data electronically on secure servers and maintains the necessary measures to ensure our data integrity is not compromised. The processing centre is fully equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete security and privacy. All data is encrypted in transit and at rest.

The data is not stored for any more than the duration of any given job; we do not use third party contractors to complete any work. In addition to the above, the following rules are also in place:

• Access controls are required to enter our offices. Only authorised personnel are allowed to enter the office and processing centres.
• Physical documents, books and other devices are prohibited in the processing centre.
• The entire office is monitored by CCTV. All PCs are desktops running a Ubuntu terminal system.
• CD/DVD-ROMs and other USB drives are strictly disallowed. Accesses to physical mass storage drives (external hard drives, USB) have been disabled.
• Printers and scanners are also not available within the processing centre.
• Employees are required to keep personal belongings including bags, books or mobile devices in secure lockers provided outside the main processing centre.
• Internet activity is heavily controlled with websites required to be added to a "whitelist" before they can be accessed. Employees are unable to access personal emails from the office and work emails are monitored.
• Our intranet, internal portals, software and sites have IP authentication in place so that no one can access these records outside our office premises.
• Access to our internal software systems is controlled with biometric measurement.
• Passwords are also required to be updated on a regular basis.
• All terminals include screen snapshots and are regularly audited to ensure staff are following security guidelines.
• All our terminals and servers are equipped with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks.
• Our security software is kept updated at all times and when required.
• All PCs within our organisation have on/auto-lock features to ensure PCs are not kept unlocked.
• Wireless connections are prohibited within our back-office in India and Australia.

General Rights: As a data subject, you possess specific rights concerning your personal data under applicable data protection laws. To exercise these rights, please contact us at info@accsource.net

Australia:

• Anonymity and Pseudonymity: Where practicable, you have the option to not identify yourself or use a pseudonym when interacting with us.
• Right to Correction: You can have any incorrect personal data corrected.
• Direct Marketing Opt-out: You have the right to request that your personal data not be used for direct marketing purposes.
• Data Portability: You can request your data in a format that is portable and usable.

Canada:

• Access to Personal Information: You have the right to know how your personal data is used and to access it.
• Rectification: You can have any incorrect personal data corrected.
• Consent Withdrawal: You may withdraw consent for the use of your personal data.
• Complaints: You can file a complaint with the privacy commissioner if you believe your rights have been violated.

Europe and UK:

• Access and Information: You have the right to access your personal data and to be informed about its use.
• Erasure: You can request the deletion of your data under certain conditions.
• Rectification: If your data is incorrect or incomplete, you have the right to have it corrected.
• Restriction of Processing: You may request that the processing of your data in certain circumstances, including its use for direct marketing.
• Automated Decisions: You have rights concerning automated decision making, including profiling that has legal or significant effects on you.
• Withdraw Consent: You can withdraw consent at any time, where relevant.
• Data Portability: You have the right to receive your data in a structured, commonly used format.

United States:

• State-Specific Rights: Rights vary by state but generally include the right to access, correct, and in some cases delete your personal data.
• California: California residents enjoy additional rights including specific information about the categories of personal data collected and the purposes for which it is used, the right to request deletion of personal data, and the right to opt-out of the sale of personal data.

Additional Information for Compliance:

• Response Time: In accordance with the GDPR, we aim to respond to your requests within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.
• Complaints: If you believe your data protection rights have been breached, you have the right to lodge a complaint with the relevant supervisory authority.

If you have concerns about how AccGuru collects, maintains, or uses your personal information, you may submit a complaint to our Data Privacy Officer at info@accsource.net

Upon receiving your complaint, our Data Privacy Officer will address your request confidentially within thirty (30) days.

Should you be dissatisfied with our response or believe your concern has not been adequately addressed, you have the right to lodge a complaint with the relevant data protection authority in the jurisdiction where our offices are located.

For complaints within Australia, you may contact the Office of the Australian Information Commissioner using the details below:

If there is a data breach that is likely to result in serious harm, we will take the following action:

• Contain the information leak and assess the actual damage caused by the breach.
• Prepare a statement detailing the breach.
• Immediately after providing the statement, notify each individual to whom the information relates to, or who are at risk.
• If this is not possible, then we will:
  – Publish a copy of the statement on the website; and
  – Take reasonable steps to publicise the contents of the statement.
• Review and change our systems and processes to ensure they are further secured against future breaches.

Your firm and staff can access the personal information that you provide. AccGuru will take the necessary steps to identify that you are a client of AccGuru and/or that the information relates to you.

Additionally, you may access the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your personal information, please email us.

It is necessary to us that your personal information is up to date. We will take reasonable steps to ensure that your personal information is complete, accurate and up-to-date. If you find the information we have is not up to date or otherwise inaccurate, please advise us at the earliest so that we can update our records and ensure we continue to provide quality services to you.

This Privacy Policy may change from time to time and changes to this policy will be updated on www.accsource.net. AccGuru reserves the right to update or modify these policy statements at any time and without prior notice. Any modifications will apply only to the personal information collected after such updates. If you have any questions regarding this information, please feel free to get in touch with us.