PRECISION

COMPLIANCE SOLUTIONS

Privacy Policy

Precision Compliance Solutions (ABN 16 687 527 519) is committed to protecting your personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (2014).

This Privacy Policy (Policy) describes how we collect, hold, use and disclose your personal information, and how we maintain the quality and security of your personal information.

What is personal information?

“Personal information” means any information or opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable. In general terms, this includes information or an opinion that personally identifies you either directly (e.g. your name) or indirectly.

What personal information do we collect?

The personal information we collect about you depends on the nature of your dealings with us or what you choose to share with us.

The personal information we collect about you may include:

- Name

- Mailing or street address

- date of birth

- email address

- phone number

You do not have to provide us with your personal information. Where possible, we will give you the option to interact with us anonymously or by using a pseudonym. However, if you choose to deal with us in this way or choose not to provide us with your personal information, we may not be able to provide you with our services or otherwise interact with you.

How do we collect your personal information?

We collect your personal information directly from you when you:

- Interact with us over the phone

- interact with us in person

- interact with us online

- participate in surveys or questionnaires

- attend a Precision Compliance Solutions event

- subscribe to our mailing list

Collecting personal information from third parties

We may also collect your personal information from third parties or through publicly available sources, for example from ASIC. We collect your personal information from these third parties so that we can verify the identity.

How do we us personal information

We use personal information for many purposes in connection with our functions and activities, including the following purposes: [provide you with information or services that you request from us; deliver to you a more personalised experience and service offering; improve the quality of the services we offer; internal administrative purposes; marketing and research purposes;

Disclosure of personal information to third parties

We may disclose your personal information to third parties in accordance with this Policy in circumstances where you would reasonably expect us to disclose your information. For example, we may disclose your personal information to: our third party service providers (for example, our IT providers); our marketing providers; our professional services advisors;

Use of AI Systems: PCS may use secure, enterprise-grade artificial-intelligence platforms (for example Microsoft Copilot, Azure OpenAI Service, or ChatGPT Business/Enterprise) to assist with document drafting, data summarisation, or analytics. These tools operate under strict encryption, are not used for model training, and—where available—store data within Australian regions. Client or personal information is entered only after de-identification or where consent has been obtained in accordance with this Privacy Policy and the PCS AI Security & Privacy Policy

Transfer of personal information overseas

Some of the third-party service providers we disclose personal information to may be based in or have servers located outside of Australia .

Where we disclose your personal information to third parties overseas, we will take reasonable steps to ensure that data security and appropriate privacy practices are maintained. We will only disclose to overseas third parties if:

- you have given us your consent to disclose personal information to that third party; or we reasonably believe that:

- the overseas recipient is subject to a law or binding scheme that is, overall, substantially similar to the APPs; and the law or binding scheme can be enforced; or the disclosure is required or authorised by an Australian law or court / tribunal order

How do we protect your personal information?

Precision Compliance Solutions will take reasonable steps to ensure that the personal information that we hold about you is kept confidential and secure, including by: taking measures to restrict access to only personnel who need that personal information to effectively provide services to you; having technological measures in place (for example, anti-virus software, fire walls).

Online activity

Cookies

Precision Compliance Solutions's website uses cookies. A cookie is a small file of letters and numbers the website puts on your device if you allow it. These cookies recognise when your device has visited our website(s) before, so we can distinguish you from other users of the website. This improves your experience and the Precision Compliance Solutions website(s).

We do not use cookies to identify you, just to improve your experience on our website(s). If you do not wish to use the cookies, you can amend the settings on your internet browser so it will not automatically download cookies. However, if you remove or block cookies on your computer, please be aware that your browsing experience and our website’s functionality may be affected.

Website analytics

Our website uses Google analytics to help us better understand visitor traffic, so we can improve our services. Although this data is mostly anonymous, it is possible that under certain circumstances, we may connect it to you.

Direct marketing

We may send you direct marketing communications and information about our services, opportunities, or events that we consider may be of interest to you if you have requested or consented to receive such communications. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Australian Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.

You may opt-out of receiving marketing communications from us at any time by using the Unsubscribe link in emails or contacting us using the details set out in the “How to contact us” section below.

In addition, we may also use your personal information or disclose your personal information to third parties for the purposes of advertising, including online behavioural advertising, website personalisation, and to provide targeted or retargeted advertising content to you (including through third party websites).

Retention of personal information

We will not keep your personal information for longer than we need to. In most cases, this means that we will only retain your personal information for the duration of your relationship with us unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations.

How to access and correct your personal information

Precision Compliance Solutions will endeavour to keep your personal information accurate, complete and up to date.

If you wish to make a request to access and / or correct the personal information we hold about you, you should make a request by contacting us and we will usually respond within [insert] days. We will deal with such a request by following the procedure outlined below.

Links to third party sites

Precision Compliance Solutions website(s) may contain links to websites operated by third parties. If you access a third party website through our website(s), personal information may be collected by that third party website. We make no representations or warranties in relation to the privacy practices of any third party provider or website and we are not responsible for the privacy policies or the content of any third party provider or website. Third party providers / websites are responsible for informing you about their own privacy practices and we encourage you to read their privacy policies.

Inquiries and complaints

For complaints about how Precision Compliance Solutions handles, processes or manages your personal information, please contact The Privacy Officer. Note we may require proof of your identity and full details of your request before we can process your complaint.

Please allow up to 7 days for Precision Compliance Solutions to respond to your complaint. It will not always be possible to resolve a complaint to everyone’s satisfaction. If you are not satisfied with Precision Compliance Solutions’s response to a complaint, you have the right to contact the Office of Australian Information Commissioner (atwww.oaic.gov.au/) to lodge a complaint.

How to contact Us

If you have any questions or concerns about our privacy policy, please contact us at

Email: [email protected]

Updated 3 March 2025

AI Security & Privacy Policy

1 Purpose

This policy outlines how Precision Compliance Solutions (PCS) uses Artificial Intelligence (AI) technologies responsibly to maintain data security, client confidentiality, and compliance with Australian privacy and professional-conduct requirements.

2 Scope

Applies to all PCS staff, contractors, and systems using AI tools—including, but not limited to, Microsoft Copilot, Azure OpenAI Service, ChatGPT Business/Enterprise, Power Automate, or similar automation or analysis platforms.

3 Guiding Principles

PCS is committed to:

Confidentiality – Client and personal information is never intentionally entered into public or unapproved AI systems.

Integrity – Only de-identified or consented data is processed.

Transparency – Clients are informed where AI tools are used in service delivery.

Compliance – All AI use aligns with the Privacy Act 1988 (APPs) and TPB Code item 6 (confidentiality of client affairs).

Accountability – PCS remains responsible for all work produced, regardless of AI assistance.

4 Approved AI Use

AI may be used only for:

Drafting or summarising internal documents, policies, or general templates.

Analysing de-identified financial data for advisory insights.

Generating educational, procedural, or marketing content.

Use must always occur through PCS-approved accounts under Microsoft 365 or OpenAI Business/Enterprise with encryption and Australian data-residency enabled.

5 Prohibited Use

Staff and contractors must not:

Input client names, ABNs, TFNs, addresses, payroll details, or other identifiers into public or free AI platforms.

Use personal logins or consumer accounts for PCS work.

Connect unapproved apps or plug-ins to PCS data sources.

Any uncertainty must be escalated to the Managing Director before proceeding.

6 Data Residency & Security

All PCS AI processing occurs in secure cloud environments compliant with ISO 27001 and SOC 2.
Where available, data is stored within Microsoft Azure Australia East/West or other Australian regions under encryption (AES-256 at rest, TLS in transit).
Outputs containing client information are saved only to OneDrive/SharePoint within the PCS Microsoft 365 tenant.

7 Client Consent

PCS obtains client consent through its engagement letters and Outsourcing & Offshoring Policy before using any AI system that may store or process information externally.
Clients may request Australia-only data processing where technically feasible.

8 Training & Supervision

All staff, including offshore team members, receive annual training covering:

Secure use of AI systems

Redaction and de-identification techniques

Privacy Act and TPB obligations
Usage logs and supervision checks are reviewed quarterly by the Managing Director.

9 Record Keeping & Retention

AI outputs forming part of client deliverables are retained in PCS OneDrive for a minimum of five years in accordance with TPB record-keeping requirements.
Temporary working data and AI chats are deleted once the final document is approved.

10 Incident Management

Any suspected data exposure or AI-system breach must be reported immediately to the Managing Director.
Incidents are handled under the PCS Cyber Protection & Data Breach Policy, including notification under the Notifiable Data Breaches scheme.

11 Review

This policy is reviewed annually or sooner if legislation, AI technology, or PCS operations change.

Cyber Protection and Data Breach Policy
Updated: 30 October 2025

About this Document

At Precision Compliance Solutions (PCS), safeguarding digital assets, protecting sensitive data, and ensuring the security of our systems are top priorities. This Cyber Protection Policy outlines the rules and best practices that all employees and stakeholders must follow to uphold the integrity of our information and systems.

Objectives

The purpose of this policy is to mitigate cybersecurity risks, ensure compliance with relevant regulations, and protect PCS and its clients from cyber threats, including unauthorised access, data breaches, and malware attacks.

Scope

Applies to all employees, contractors, and third-party service providers who access or use company systems, networks, or data.

Policy Guidelines

Access Control

Only authorised personnel may access sensitive data or systems.

Multi-factor authentication (MFA) is mandatory for all critical systems.

Strong, unique passwords must be used and updated regularly.

Administrative privileges are restricted to specific tasks only.

Data Protection

Confidential data must be encrypted during transmission and storage (AES-256 minimum).

Independent, encrypted, off-site backups must be performed daily and retained for at least three months.

⚙️ All backups and primary cloud data are hosted in Microsoft Azure Australia East/West regions under Australian data-residency controls.

Sensitive information must never be shared externally without written authorisation.

⚙️ All client records and deliverables are retained for a minimum of five (5) years in secure OneDrive/SharePoint storage in accordance with TPB record-keeping obligations.

Network & Device Security

Firewalls and intrusion-detection systems must be deployed and maintained.

Company devices must be patched, encrypted, and enrolled in Intune or equivalent.

Lost or stolen devices must be reported immediately.

Training & Awareness

All staff (including offshore) must complete Cyber Wardens training annually.

Phishing simulations and awareness campaigns are conducted periodically.

Incident Response

Incidents are handled following the PCS Incident Response Plan.

Staff must report any suspected breach immediately.

The Managing Director (Incident Lead) coordinates response and notifications.

Communication & Notification

PCS will notify affected clients, the OAIC, or the TPB where required by the Notifiable Data Breaches Scheme.

⚙️ Where an incident involves any AI system or automation platform, response will follow both this policy and the PCS AI Security & Privacy Policy.