Privacy Policy

I Count Beans Pty Ltd

Last updated: 14 July 2026

 

1. Introduction

I Count Beans Pty Ltd (ABN 19 168 707 051) (we, us, our) is committed to protecting your personal information and handling it in line with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

This Privacy Policy explains how we collect, use, store, disclose and protect personal information, including information used to verify your identity and meet our anti-money laundering and counter-terrorism financing (AML/CTF) obligations.

A current version of this Policy is always available at https://www.icountbeans.com.au/privacy-policy/.

2. What Personal Information We Collect

We may collect the following personal information about you:

  • Full name
  • Date and place of birth
  • Residential or business address
  • Email address and phone number
  • Government-issued identification details, such as driver licence, passport, Medicare card or other identity document numbers and images
  • Biometric information, such as a facial image or short video used to verify your identity
  • Information about the services we provide to you and any related transactions
  • Information about your authority, business, proposed structure, beneficial ownership and control, and source of funds or wealth where relevant
  • Tax, corporate and government identifiers where lawfully required, including tax file numbers, Australian business numbers and director identification numbers
  • AML/CTF information, including customer risk assessments, sanctions, politically exposed person, adverse media, fraud-prevention and verification results
  • Technical information generated through our website or verification systems, such as IP address, device details and verification-session information

Payment and billing information, including bank account details, direct debit mandate details, invoice and payment status, and payment correspondence

Personal information about employees, contractors, customers, suppliers, officeholders and other individuals that a client provides to us for an authorised accounting, payroll, taxation, advisory or structure service

Information generated when we are given authorised access to a client’s accounting, payroll, banking or payment systems, subject to the access limits agreed with the client

  • Any other information you choose to provide to us

We only collect personal information that is reasonably necessary to carry out our business activities or to meet our legal and professional obligations.

3. Why We Collect Your Personal Information

We collect, use and disclose your personal information to:

  • Verify your identity and authority to act
  • Provide and manage our accounting, taxation, bookkeeping, payroll, advisory and business-structure services
  • Prepare or arrange company, trust and other structure documents and registrations through providers such as Cleardocs
  • Communicate with you about your engagement and the services we provide
  • Meet our legal and regulatory obligations, including AML/CTF, taxation, corporate, professional and record-keeping requirements
  • Identify beneficial owners and controllers and conduct customer risk, sanctions and politically exposed person checks
  • Detect and prevent fraud, identity theft, money laundering and other unlawful activity, and keep our systems secure
  • Manage billing, complaints, quality control and our business operations

Administer fees and direct debit payments through GoCardless or another approved payment provider

Use approved accounting, document, communication and cloud systems, including Xero, Dext and Microsoft 365, to perform and support the services

Access a client’s internet banking or payment system under a separate authority where the engagement includes preparing transactions for the client’s approval

  • Improve our services and systems

4. Identity Verification and Government Data Matching (DVS)

To verify your identity, we may use electronic identity verification services, including the Australian Government’s Document Verification Service (DVS).

Where you have consented, your name, date of birth and identity document details will be securely sent to the relevant Commonwealth or State authority that issued your document. This may include passport offices, driver licence authorities, the Department of Home Affairs, Births, Deaths and Marriages registries, or other authorised record holders.

These authorities check whether the details you have provided match the records they hold.

We do not receive a copy of your government records. The authority returns a match result only, confirming whether your details match (yes or no).

This process may be carried out through accredited identity verification providers, including APLYiD (APLYiD Pty Ltd, ABN 36 632 866 794) and its authorised sub-providers.

More information about the DVS is available at idmatch.gov.au.

5. Biometric Information

As part of identity verification, we may collect biometric information, such as a facial image or a short video of you holding your identity document.

Biometric information may be used to:

  • Confirm that you are a real person and physically present
  • Match your image to the photograph on your identification document
  • Reduce the risk of fraud, impersonation and identity theft

Biometric information is treated as sensitive information under the Privacy Act. We only collect and use it for identity verification and related compliance purposes, and only with your consent.

6. Consent to Collection and Identity Verification

When you choose to complete electronic identity verification, you will be asked to give the express consent required for the DVS and for collection and use of biometric information. That consent covers:

  • The collection, use and disclosure of your personal information for identity verification, AML/CTF and related compliance purposes
  • The collection and use of biometric information, such as a facial image or video, for identity verification
  • Your information being checked against records held by Commonwealth and State authorities through the DVS
  • Your information being shared with our authorised identity verification and AML/CTF providers, including APLYiD and AMLHUB

Consent for DVS and biometric verification is voluntary and may be withdrawn by contacting us, subject to processing already completed and information we must retain by law. Other personal information may be collected, used and disclosed because it is reasonably necessary to provide the requested service or because the handling is required or authorised by law; it is not dependent solely on consent.

If you do not consent, or do not provide the information we need, we may not be able to verify your identity electronically. We may need to verify your identity in another way, or we may be unable to provide the requested service, including a company, trust or other structure setup.

7. Disclosure of Personal Information

We may disclose your personal information to:

  • Identity verification providers, including APLYiD and its authorised sub-providers
  • AML/CTF platform, screening and compliance providers, including AMLHUB
  • Commonwealth and State authorities and official record holders, through the DVS
  • Cleardocs and other legal-document, corporate-registration or professional service providers involved in a service you have requested
  • Our employees, contractors and authorised representatives, on a need-to-know basis, including personnel supporting our Australian operations from the Philippines
  • Our professional advisers, such as lawyers, auditors, insurers and consultants
  • Trusted technology, payment and service providers that help us operate our business, including Xero, Dext, Microsoft 365 and OneDrive, GoCardless, secure communication, cyber security, data hosting, backup and IT support providers

Banks, payment facilities and client-authorised financial platforms where required to perform an agreed bookkeeping, payroll or payment-preparation service

  • The ATO, ASIC, AUSTRAC, the Tax Practitioners Board, regulators, law enforcement, courts or other third parties where required or authorised by law
  • Any other person you authorise or where disclosure is otherwise permitted by law

We do not sell your personal information.

When you pay an invoice by card or establish a direct debit, you should enter payment details directly into the payment provider’s secure process. Our personnel do not intentionally collect or retain complete credit card numbers.

Some AML/CTF information is subject to confidentiality and anti-tipping-off requirements. The law may prevent us from telling you about a particular use, disclosure or report.

8. Overseas Disclosure

Some of our personnel and service providers may access, store or process personal information outside Australia. Likely overseas locations include the Philippines, New Zealand, the United States, the United Kingdom and European Union member states. APLYiD states that information for Australian and New Zealand applicants is stored and processed in Sydney, with relevant service providers processing in Australia or New Zealand. AMLHUB states that primary production data for Australian customers is hosted in Australia, while some support and software systems may be located in the United States, European Union and New Zealand. Other approved providers, including Xero, Dext, Microsoft and GoCardless, operate internationally and may use overseas group companies or subprocessors as described in their current privacy and data-processing terms.

Where overseas access or disclosure occurs, we take reasonable steps to ensure that personal information is handled in line with the Australian Privacy Principles, including through provider due diligence, access controls, confidentiality requirements and contractual protections where appropriate.

9. Data Security and Storage

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access, modification or disclosure.

These steps include secure systems, role-based access controls, multi-factor authentication, staff confidentiality requirements, and encryption in transit and at rest where appropriate.

Where we access a client’s internet banking or payment platform, we require separate, appropriately restricted access where available. Our personnel are not to be the final approver of client payments, and clients should not provide shared credentials, one-time passwords or complete credit card details.

If you give us personal information about another individual, you must ensure that you are authorised to provide it and, where required, that the individual has received an appropriate privacy notice.

We retain personal information only for as long as we need it for the purposes set out in this Policy, or as required by law. AML/CTF records are generally retained for at least seven years, with the applicable period depending on the record and the service or business relationship. Tax, corporate and professional records may be retained for different periods.

We seek to avoid retaining complete copies of identity documents longer than reasonably necessary where we can instead retain the required identification particulars, verification method and outcome. When information is no longer required, we take reasonable steps to securely delete, destroy or de-identify it, subject to legal retention requirements and secure backup cycles.

If a data breach is likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner where required under the Notifiable Data Breaches scheme.

10. Access and Correction

You have the right to ask for access to the personal information we hold about you, and to ask us to correct it if it is inaccurate, incomplete, out of date, irrelevant or misleading.

To make a request, please contact us using the details in section 13. We may need to verify your identity before responding. We will respond within a reasonable time and will explain any refusal unless the law prevents us from doing so.

11. Direct Marketing

From time to time, we may use your contact details to send you information about our services that we think may be of interest to you, where permitted by law.

You can opt out of marketing communications at any time by using the unsubscribe link in our messages, or by contacting us using the details in section 13. We do not use biometric information or identity-verification information for direct marketing.

12. Privacy Complaints

If you have a complaint about how we have handled your personal information, please contact us first using the details in section 13.

We will acknowledge your complaint, investigate it, and aim to respond within 30 days. We will tell you if we need more time.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or on 1300 363 992.

13. Contact Details

If you have any questions about this Policy, or want to exercise any of your privacy rights, please contact us:

  • Business name: I Count Beans Pty Ltd
  • ABN: 19 168 707 051
  • Privacy contact: Privacy Officer
  • Email: info@icountbeans.com.au
  • Phone: 1300 574 050
  • Postal address: PO Box 435, Elanora QLD 4221
  • Website: www.icountbeans.com.au

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, service providers or the law.

The latest version will always be available on our website. Where changes are significant, we will take reasonable steps to let affected individuals know.