Comply Flow is committed to providing a confidential service to its users, we are bound by the National Privacy Principles of the Privacy Act 1988 and individual state legislation.

Information collected by Comply Flow on behalf of your client or employer is only disclosed to your client or employer. Refer to their privacy policy on how they handle your data.

For the purpose of this policy, confidentiality relates to the transmission of personal, sensitive or identifiable information about individuals or organisations (confidential information), which comes into the possession of the organisation through its work.

Comply Flow holds personal data about its users on behalf of your client or employer which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside of the parties mentioned above where a warrant or subpoena has not been provided.

All personal data will be dealt with sensitively and in the strictest confidence internally and externally.


The purpose of the Privacy Policy is to ensure that all staff, members and users understand the organisation’s requirements in relation to the disclosure of personal data and confidential information.


  • All personal paper-based and electronic data must be stored in accordance with The Privacy Act 1988 (Privacy Act) and must be secured against unauthorised access, accidental disclosure, loss or destruction.
  • All personal paper-based and electronic data are only accessible to those individuals authorised to have access.


We consider protecting personal information a high priority, and have strict measures when it comes to securing data on our Australian based servers. The types of information we collect and hold are: personal information such as names, postal address, phone numbers, email addresses, personal information for general administration purposes. We also collect and hold personal information in regards to a person’s business or professional capacity such as ABN/ACN, position and organisation.

The data is not viewed or accessed by personnel unless management ,your client or employer require us to do so. Our personnel do not access accounts or export records unless it is intentionally granted by the General Manager or disclosed by your clients or your employer.

Personal records are not revealed, sold, distributed, rented, licensed, shared or passed on to any third party unless Comply Flow is legally required to do so.

Comply Flow is committed to the use of personal information in accordance with the Australian Privacy Principles.

Accessing the information we hold about you.

You can access and correct the personal information we hold about you.

Contact us via:


Physical mail: Suite 3, 12-16 Sydney Road MANLY NSW 2095

Phone: +612 8005 5975

Breaches of the Privacy Policy

Confidential or sensitive information relating to an individual may be divulged where it is against the law to withhold it. In these circumstances, information may be divulged to external agencies e.g. police or social services on a need to know basis, provided that they present a subpoena or a warrant.

If the breach is caused by any other than the above listed reasons, the disciplinary measure is immediate termination.

Data Breaches

In the event of a data breach, Comply Flow will inform all involved as per the The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Privacy Act)

Legislative Framework

Comply Flow will monitor this policy to ensure it meets statutory and legal requirements including the;

  • Privacy Act 1988
  • Information Privacy Act 2014(ACT)
  • Privacy and Personal Information Protection Act 1998 (NSW)
  • Information Act (NT)
  • Information Privacy Act 2009 (Qld)
  • Information and Protection Act 2004 (Tas)
  • Privacy and Data Protection Act 2014 (Vic)
  • General Data Protection Regulation (GDPR) (EU) 2016/679

Ensuring the effectiveness of the policy

All employees will receive a copy of the Privacy Policy. New workers and/or sub contractors will be introduced to the Privacy Policy via induction and training. The policy will be reviewed annually and amendments will be proposed and agreed by the Directors. The disciplinary sanction for any breaches of this policy is immediate termination.

Endorsed by
Mitchell Bourne
7th of December 2020