orlianthus Logo

orlianthus

+61 457 588 034
info@orlianthus.com

Privacy Policy

We're straightforward about how we handle your information. This isn't just legal boilerplate—it's an honest explanation of what happens with your data when you work with us.

Last updated: March 2025

orlianthus operates under Australian privacy laws, including the Privacy Act 1988 and the Australian Privacy Principles (APPs). We take these obligations seriously—but more than that, we think you deserve clarity about your personal information.

This policy covers what we collect, why we collect it, who sees it, and what rights you have. If something's unclear, reach out. We'd rather answer questions than leave you guessing.

Information We Collect

When you engage with our budget audit preparation services, we gather information that helps us do our job properly. Some of this you provide directly. Other bits come from how you interact with our systems.

Contact Details

Your name, email address, phone number, and business address. Basic stuff we need to communicate with you and send documentation.

Financial Information

Budget data, expense records, revenue figures, and relevant financial documentation you share for audit preparation purposes.

Business Information

Company details, ABN, industry sector, business structure, and operational information relevant to your audit requirements.

Technical Data

IP addresses, browser types, device information, and usage patterns when you access our website or client portal.

We don't collect information we don't need. If we're asking for something, there's a specific reason tied to providing your service or meeting legal requirements.

How We Use Your Information

Everything we collect serves a purpose. Here's what we actually do with your data:

  • Service Delivery

    We use your financial and business information to prepare comprehensive budget audits, identify discrepancies, and provide recommendations. This is the core of what you're paying for.

  • Communication

    Your contact details help us send updates, answer questions, schedule consultations, and deliver completed audit reports. We won't spam you with marketing unless you've specifically opted in.

  • Legal Compliance

    Some information retention is required by Australian tax law and financial regulations. We keep records for the mandated periods and handle them according to legal standards.

  • System Improvement

    Technical data helps us understand how our platform performs and where we can make things smoother. This is always aggregated and anonymized.

  • Security Monitoring

    We analyze access patterns and system logs to detect potential security issues and protect your information from unauthorized access.

We don't sell your information. We don't use it for unrelated purposes. And we definitely don't share your financial details with third parties for their marketing purposes.

Data Sharing and Disclosure

Most of your information stays with us. But there are specific situations where we share data with others:

Service Providers

We work with cloud hosting providers, email services, and secure document storage platforms. These companies process data on our behalf under strict confidentiality agreements. They can only use your information to deliver the specific services we've contracted them for.

Professional Advisors

Sometimes we consult with lawyers, accountants, or other specialists to provide accurate advice. When this happens, we share only the minimum information necessary and ensure they're bound by professional confidentiality obligations.

Legal Requirements

If we receive a valid legal request from Australian authorities—a court order, subpoena, or statutory demand—we'll comply. We'll notify you when legally permitted to do so.

Business Transfers

If orlianthus is acquired or merges with another company, your information would transfer as part of that transaction. You'd be notified beforehand, and the new entity would be bound by this privacy policy until they provide notice of changes.

We don't have partnerships where your data flows freely to other companies. Each disclosure is purposeful and controlled.

Your Privacy Rights Under Australian Law

The Australian Privacy Principles give you specific rights over your personal information. Here's what you can do:

Access Your Information

You can request a copy of the personal information we hold about you. We'll provide this within 30 days, usually at no cost. If the request is particularly complex or voluminous, we might charge a reasonable fee to cover our costs—but we'll let you know beforehand.

Correct Inaccurate Data

If something we have on file is wrong or outdated, tell us. We'll update it promptly. This is particularly important for financial information where accuracy matters.

Request Deletion

You can ask us to delete your information in most circumstances. There are exceptions—like when we're legally required to retain financial records for seven years under tax law. We'll explain if we can't delete something and why.

Object to Processing

If you believe we're processing your information in a way that's not appropriate, you can object. We'll review the situation and either stop the processing or explain why it's necessary.

Withdraw Consent

Where we're processing information based on your consent (like marketing communications), you can withdraw that consent anytime. Your ability to use our core services won't be affected.

Lodge a Complaint

If you're unhappy with how we've handled your information, contact us first. If you're not satisfied with our response, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

How Long We Keep Your Information

We don't keep information longer than necessary. Different types of data have different retention periods based on business needs and legal requirements:

Active Client Period

While you're an active client, we maintain complete records of your financial information, communications, and audit documentation. This ensures continuity of service and allows us to reference historical data when needed.

Seven Years Post-Service

Australian tax law requires us to retain financial records for seven years after the relevant financial year. This includes budget data, audit reports, and related documentation. After this period, we securely delete the information unless you request otherwise.

Communication Records

Emails and correspondence are kept for three years after your last engagement with us, then deleted. This provides reasonable protection if questions arise about past work while not holding data indefinitely.

Marketing Preferences

If you've opted into marketing communications, we keep your contact details and preferences until you unsubscribe or after three years of no engagement with our emails.

Technical Logs

Server logs and technical data are retained for 90 days for security monitoring purposes, then automatically deleted. Aggregated, anonymized analytics may be kept longer for business intelligence.

Security Measures

We take data security seriously because your financial information is sensitive. Here's what we do to protect it:

Encryption

All data transmission uses TLS 1.3 encryption. Information stored on our servers is encrypted at rest using AES-256 encryption. Your financial documents are never transmitted or stored in plain text.

Access Controls

Only authorized team members can access client information, and only when necessary for their specific role. We use multi-factor authentication and monitor access logs for unusual activity.

Secure Infrastructure

Our systems are hosted in Australian data centers with physical security measures, redundant backups, and regular security audits. We use reputable cloud providers who meet ISO 27001 standards.

Regular Updates

We patch and update our systems regularly to address known vulnerabilities. Our software undergoes periodic security assessments by independent experts.

Staff Training

Everyone on our team receives regular training on data protection and privacy obligations. They're contractually bound to maintain confidentiality of client information.

Incident Response

We have procedures in place to detect, respond to, and recover from security incidents. If a breach affects your information, we'll notify you and the OAIC as required by law.

No system is perfectly secure—anyone who claims otherwise is lying. But we've invested in robust protections and maintain vigilance against evolving threats.

International Data Transfers

We primarily store and process data within Australia. However, some of our service providers have infrastructure in other countries. When information is transferred internationally, we ensure:

  • Adequate Protection

    The destination country has privacy protections comparable to Australia's, or the recipient is bound by contractual obligations that meet Australian standards.

  • Your Consent

    By using our services, you consent to these transfers under the conditions described in this policy.

  • Encryption in Transit

    Any international transfers use encrypted connections and secure protocols to prevent interception.

Most of our critical infrastructure partners are located in Australia or have Australian data residency options that we prioritize for client information.

Important Note About Third-Party Links

Our website might link to external resources or tools. We're not responsible for the privacy practices of those sites. When you click a link that takes you away from orlianthus.com, this privacy policy no longer applies. Check their privacy policies independently.

Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Here's what's happening:

Essential Cookies

These keep the site functional—things like remembering your login session or maintaining security. You can't disable these without breaking core functionality.

Analytics Cookies

We use analytics tools to understand how visitors use our site—which pages are popular, where people get stuck, how long they spend reading content. This information is aggregated and doesn't identify you personally.

Your Control

Most browsers let you control cookie settings. You can block or delete cookies through your browser preferences. Be aware that this might affect site functionality.

We don't use advertising cookies or tracking pixels that follow you around the internet. We're not interested in building profiles of your browsing habits outside our site.

Changes to This Policy

Privacy laws evolve. Our business practices change. When we update this policy, we'll post the new version here with a revised date at the top.

If changes are significant—like adding new types of data collection or changing how we share information—we'll email active clients directly. We won't quietly slip in major changes and hope nobody notices.

We recommend reviewing this policy periodically, especially if you're a long-term client. The current version always applies to information we hold about you.

Children's Privacy

Our services are designed for businesses and aren't intended for individuals under 18. We don't knowingly collect information from minors. If we discover we've inadvertently collected such information, we'll delete it promptly.

Questions or Concerns?

If anything in this policy is unclear, or if you want to exercise your privacy rights, get in touch. We'd rather clarify things now than deal with confusion later.

Address: HW Arndt Building 25A, The Australian National University, Kingsley Pl, Acton ACT 2601, Australia

Phone: +61 457 588 034

Email: info@orlianthus.com

We aim to respond to privacy inquiries within 5 business days. Complex requests might take longer, but we'll keep you updated on progress.