Privacy policy
Last Updated: July 2026
1. Introduction
Keystone Advisory & Tax Pty Ltd ABN 36 627 146 936 (formerly Cassell & Co Business & Taxation Services Pty Ltd) (“Keystone”, “we”, “our” or “us”) is committed to protecting your privacy and handling personal information responsibly.
This Privacy Policy explains how we collect, hold, use and disclose personal information, and how individuals may access and correct their personal information or make a privacy complaint.
We comply with the:
- Privacy Act 1988 (Cth);
- Australian Privacy Principles (APPs);
- Privacy (Tax File Number) Rule 2015;
- Notifiable Data Breaches Scheme; and
- other applicable privacy and taxation laws.
By engaging our services, using our website or otherwise interacting with us, you acknowledge that your personal information will be handled in accordance with this Privacy Policy.
2. The personal information we collect
The personal information we collect will depend on the services we provide to you.
Individuals
We may collect:
- name;
- residential and postal address;
- email address;
- telephone number;
- date of birth;
- tax file number (TFN);
- driver’s licence and identity verification documents;
- bank account details;
- superannuation information;
- employment information;
- health information where relevant to the services being provided;
- government-issued identifiers where authorised by law; and
- any other information relevant to the provision of our services.
Businesses and entities
We may collect:
- ABN and ACN details;
- director identification numbers (Director IDs);
- shareholder information;
- beneficiary information;
- trust and estate information;
- payroll and employee records;
- financial statements and accounting records;
- taxation records;
- business ownership information;
- bank account details; and
- other information reasonably required to provide our services.
3. How we collect personal information
Where practicable, we collect personal information directly from you.
We may collect information through:
- email correspondence;
- telephone conversations;
- meetings and consultations;
- video conferencing;
- our website;
- online forms;
- AccountKit and other client portals;
- engagement documentation;
- information provided through ATO Online Services;
- authorised representatives;
- lawyers, financial advisers and other professional advisers;
- government agencies and public registers; and
- other parties authorised by you.
We may also collect information from third parties where authorised by law or where reasonably necessary to provide our services.
4. Identity verification and client due diligence
To comply with our legal, regulatory and professional obligations, we may collect and verify identity information and conduct client due diligence checks.
These checks may include:
- verification of identity documents;
- verification of ownership and control structures;
- identification of beneficial owners;
- sanctions screening;
- politically exposed person (PEP) screening;
- adverse media screening;
- fraud prevention checks; and
- other risk assessment and compliance activities.
We may be prohibited by law from disclosing information relating to suspicious matter reporting, regulatory investigations or compliance activities.
We may engage third-party identity verification, screening and due diligence providers to assist with these processes.
Failure to provide requested information may prevent us from commencing or continuing to provide services.
5. Why we collect personal information
We collect personal information so we can:
- provide accounting, taxation and advisory services;
- prepare and lodge tax returns, BAS, IAS and other statutory documents;
- provide bookkeeping and payroll services;
- administer trusts, estates and corporate entities;
- provide SMSF administration and compliance services;
- provide ASIC corporate secretarial services;
- verify identity and prevent fraud;
- communicate with the Australian Taxation Office and other authorities on your behalf;
- manage client relationships;
- respond to enquiries and complaints;
- meet legal, professional and regulatory obligations; and
- operate and improve our business.
If you do not provide requested information, we may be unable to provide some or all of our services.
6. Tax file numbers and government identifiers
We may collect tax file numbers and other government-related identifiers where authorised or required by law.
Tax file numbers are collected only for purposes permitted under taxation laws and are handled in accordance with the Privacy (Tax File Number) Rule 2015.
We do not use or disclose tax file numbers except where authorised by law or with your consent.
7. Sensitive information
Sensitive information includes information about health, racial or ethnic origin, religious beliefs, political opinions, criminal records and other information defined as sensitive under the Privacy Act.
We will only collect sensitive information where:
- it is reasonably necessary for the services we provide;
- you have consented;
- collection is required or authorised by law; or
- collection is otherwise permitted under the Privacy Act.
8. Disclosure of personal information
We may disclose personal information where reasonably necessary to provide services or where required or authorised by law. We may disclose personal information to payment processors, recurring billing providers and financial service providers for the purposes of collecting fees, administering subscriptions and managing client accounts. We may disclose personal information to software providers, cloud hosting providers, payment processors, outsourced service providers and professional advisers engaged in connection with our services.
Recipients may include:
- the Australian Taxation Office;
- ASIC;
- State Revenue Offices;
- superannuation funds;
- banks and financial institutions;
- legal advisers;
- financial advisers;
- software and technology service providers;
- document signing providers;
- identity verification providers;
- cloud storage providers;
- contractors and consultants assisting us;
- courts, tribunals and regulators; and
- any person or organisation authorised by you.
Service providers may include:
- accounting and bookkeeping platforms;
- client relationship management systems;
- document management systems;
- electronic signing providers;
- identity verification providers;
- payment processors and recurring billing providers;
- marketing and communication platforms; and
- cloud hosting and technology providers.
We do not sell personal information.
We may disclose personal information where required or authorised by law, including in connection with taxation, regulatory, anti-money laundering, law enforcement or court-related obligations.
9. Overseas disclosure
We use a range of cloud-based software providers to deliver accounting, taxation and advisory services.
As a result, personal information may be stored, processed or accessed in Australia and in overseas jurisdictions through those providers.
We take reasonable steps to ensure service providers maintain privacy and security standards appropriate to the nature of the information held.
Some service providers we use may store, process or access information in countries including the United States, New Zealand, Singapore, the United Kingdom and other jurisdictions in which their infrastructure or support personnel are located. The countries involved may change from time to time as service providers update their operations.
10. Direct marketing
We may send:
- newsletters;
- taxation updates;
- business updates;
- event invitations;
- service announcements; and
- information about services that may be relevant to you.
Marketing communications may be sent using electronic marketing platforms, including Mailchimp and similar services.
You may opt out of receiving marketing communications at any time by:
- clicking the unsubscribe link in our emails; or
- contacting us directly.
Operational and service-related communications may still be sent where necessary.
11. Website usage, cookies and analytics
Our website may use cookies and similar technologies to improve user experience and website functionality.
We use Google Analytics to collect information about how visitors use our website. Information collected may include:
- browser type;
- device information;
- pages visited;
- time spent on pages;
- referring websites; and
- general geographic information.
This information is generally aggregated and does not identify individuals.
You can configure your browser to refuse cookies, although some website features may not function correctly.
12. Storage and security
We take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification and disclosure.
Security measures may include:
- secure cloud-based systems;
- multi-factor authentication;
- restricted access controls;
- password management practices;
- staff confidentiality obligations;
- cyber security protections; and
- secure document storage.
While we take reasonable steps to protect information, no method of transmission or storage is completely secure.
13. Data breaches
If we become aware of a data breach involving personal information, we will investigate and take appropriate action.
Where required by law, we will comply with our obligations under the Notifiable Data Breaches Scheme, including notifying affected individuals and the Office of the Australian Information Commissioner (OAIC).
14. Accessing and correcting personal information
You may request access to personal information we hold about you and request corrections if you believe the information is inaccurate, incomplete or out of date.
Requests should be made in writing using the contact details below.
We will generally respond to access and correction requests within 30 days.
We may require verification of identity before releasing information.
In some circumstances permitted by law, we may refuse access and will provide reasons where required.
15. Retention of information
We generally retain client records for at least seven years and longer where required by law, professional standards, regulatory obligations, insurance requirements or legitimate business and risk management considerations.
When information is no longer required, we take reasonable steps to securely destroy or de-identify it.
16. Privacy complaints
If you have a concern about how we have handled your personal information, please contact us.
Director
Keystone Advisory & Tax Pty Ltd
ABN 36 627 146 936
Suite 410, 55 Holt Street
Surry Hills NSW 2010
Phone: +61 2 9716 5120
Email: hello@
We will acknowledge your complaint promptly and aim to respond within 30 days.
If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):
Office of the Australian Information Commissioner
Website: www
Phone: 1300 363 992
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations or business practices.
The current version will always be available on our website.
Any changes take effect from the date the updated policy is published.