Privacy Policy
Last updated : 01 January 2026
Last updated : 01 January 2026
Who does this Privacy Policy apply to?
This Privacy Policy (“this Policy ”) applies to “Hurley Business Advisors” (“we” or “us”). We want you to know that we are committed to protecting your privacy and handling your personal information in an open and transparent way.
What does this Privacy Policy cover?
This Policy explains how we collect, handle, store and protect personal information when:
We provide professional services to you or our clients;
You use “this Website”; or
Perform any other activities that form part of the operation of our business.
What laws apply to us?
When handling personal information we will comply with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act) and other applicable legislation (such as Australian State and Territory health privacy legislation), as well as the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth). Where applicable, we will also comply with data protection laws of other jurisdictions, such as the European General Data Protection Regulation (GDPR).
The APPs are legally binding principles that are designed to ensure that individuals’ personal information is protected throughout the information lifecycle – that is, from the time the information is collected through to its destruction. The APPs also give individuals the right to access their personal information, and have it corrected if it is incorrect.
We take our obligations under the APPs, Australian State and Territory privacy legislation and other applicable data protection laws seriously. Therefore, in addition to this policy, we also:
Maintain an internal privacy policy; and
Where appropriate, include terms in our agreements with our clients that describe how we handle personal information during the delivery of our professional services.
What personal information do we collect when we provide professional services to our clients?
We may be provided with personal information directly by our clients to enable us to deliver professional services or to perform due diligence checks before we agree to provide services. This information may relate to clients’ employees, members or customers or it may relate to third parties (for example, the spouses and dependents of a client’s employees, members or customers).
As part of providing professional services to our clients, we may also collect personal information from other sources (such as directly from individuals themselves or information that is publicly available).
The types of personal information we may collect or be provided with include, but are not limited to:
Contact details;
Dates of birth;
Gender;
Employment records;
Financial records;
Complaint details.
We may also collect sensitive personal information (also called ‘special category information’). For example, where we are provided with such information directly by our clients to provide professional services, or where we collect information directly from individuals with their consent. This may include:
Government identifiers such as drivers’ licence, passport, Medicare numbers, and visa/work permit status;
Tax file numbers;
Health records;
Information about racial or ethnic origins;
Information about criminal convictions;
Membership of a political association or membership of a trade union.
Where we are provided with personal information by a client, we take steps to ensure that the client has complied with the relevant obligations under applicable data protection laws in relation to that information; this may include, for example, that the client has provided you with notice of the collection (and other matters) and has obtained any necessary consent for us to collect, use and disclose that information.
We also collect personal information (such as contact details and account details) from suppliers, contractors, and third party service providers that we engage to help us operate our business.
Information we collect when we perform any other activities that form part of the operation of our business
We may collect personal information when performing other activities that form part of the operation of our business, but which do not directly form part of providing professional services to our clients. For example, we might collect personal information from members of the public as part of undertaking surveys, research on current issues or as part of projects or initiatives we are conducting with other organisations.
The types of information that we collect may vary depending on the nature of the activity. However, we will take reasonable steps to provide clear information about the nature of those activities and the purpose for which we are collecting your information.
Information we collect via this Website
We may collect your personal contact details when you use this Website. For example, if you sign up to receive newsletters, provide contact information, or communications about services provided by us or other related entities.
To improve your experience when you use this Website and ensure that it is functioning effectively, we also may use cookies (small text files stored in a user’s browser) and Web beacons (electronic images that allow this Website to count visitors who have accessed a particular page and to access certain cookies). Additional information on how we use cookies and how you can control these can be found in this video: What are cookies? Website Cookies explained in 2 minutes! .
Protecting children's privacy
We understand the importance of protecting children's privacy. This Website is not designed for, or intentionally targeted at, children 15 years of age or younger. It is not our policy to intentionally collect or store information about anyone under the age of 15.
How do we use your personal information collected to provide services to our clients?
We use the personal information that we collect to provide clients with agreed services. We have an agreement with each client that governs the provision of our services and sets out the purposes for which we may use any information that the client provides to us (including any personal information). We use that information as permitted by the client agreement and we do not use that information for any other purposes, unless it is necessary to comply with a legal or professional right, obligation, or duty.
Because we provide a wide range of different types of services to our clients, the way we use personal information also varies. For example, we might use personal information:
About a client’s employees to help those employees manage their tax affairs when working overseas;
About a client’s customers to help the client improve the quality of the services they offer;
Collected by a client as part of their ordinary business activities in the course of helping that client restructure their business; and
Collected by a client as part of their ordinary business activities to help that client manage their cyber-security and other business risks.
How we use information collected when we perform other activities that form part of the operation of our business
When we collect personal information as part of performing other activities that form part of our business, we will take reasonable steps to provide clear information about the nature of those activities and how we will use any personal information collected.
We may also use non-personal, de-identified, and aggregated information for several purposes including for data analytics, research, submissions, thought leadership, and promotional purposes.
How do we use information collected via this Website or through other sources? Do we use it to market goods and services to you?
We will not use your personal information collected via this Website or through other sources to market the goods and services of third parties to you without first notifying you and seeking your consent (usually through a separate privacy notice).
We may also use your personal information collected via this Website:
To manage and improve this Website;
To tailor the content of this Website to provide you with a more personalised experience and draw your attention to information about our services that we feel may be of interest to you;
To seek feedback on our services; and
For market or other research purposes (however, we will only ever report aggregated results of any research we undertake and will never include your personal information in those results unless you explicitly give us your consent).
At times later on, you may choose to register or create a user profile on this Website – for instance, to gain access to specific content, attend a hosted event, respond to a survey, or request communications about specific areas of interest. In such cases, the information you submit will be used to manage your request and to customise and improve this Website and related services offered to you. You may request at any time that we discontinue sending you emails, or other communications generated in response to your registration on this Website.
Additional information on how we use cookies and other tracking technologies and how you can control these can be found in this video: What are cookies? Website Cookies explained in 2 minutes!
Are there any other ways we use your personal information?
We may also use personal information to protect our rights and those of our users or to comply with a legal or professional right or duty.
How do we protect your information?
We hold personal information in hard copy and electronic formats. We use a range of physical, operational, and technological security measures to protect this information. These measures include:
Staff education and training to ensure our staff are aware their privacy obligations when handling your personal information;
Administrative and technical controls to restrict access to personal information to only those people who need access;
Technological security measures, including fire walls, encryption, and anti-virus software;
Physical security measures, such as staff security passes to access Hurley Business Advisors' database, appropriate security monitoring, clean desk policies, and the use of privacy screens where appropriate.