Mydesk complies and works in accordance with globally accepted privacy norms. Mydesk is committed to ensure the safety and privacy of clients information.
Collection of Personal Information
As first choice, We would always prefer to process the transaction on your IT infrastructure only without necessiting transfer of your data to our system
The information is collected via the Accounting or Financial planning firm.
The information we are provided include:
Names, Address, DOB and POB
Business registration Numbers, Tax registration details, and Employment registration details
Personal health and insurance information
Financial information – such as income, expenses, superannuation and investment details.
Use of Personal Information
The collection and use of personal information is only to facilitate the services we provide to your firm as requested by you.
Only uses personal information for the purpose(s) for which it was given to us and for directly related purposes (unless otherwise required by or authorised by law) or as consented to by you or your firm.
Disclosure of Personal Information
Mydesk will only provide the information to their staff and Associates that relate specifically to the tasks requested by your firm.
The information will NOT be provided or sold to other institutions. If there is a legal situation, the information may be provided in accordance to the law.
We do not take services of third party contractors to process work given to us.
Access to Personal Information
Authorised person of Your firm can access the personal information & transactions processed by Myudesk. Mydesk will take the necessary steps to ascertain that information is requested by only authorised person.
Storage and Data Security
We have taken the necessary measures to ensure data integrity is not compromised. The data is stored for 10 years for compliance, auditing purposes and removed thereafter.
Our secure delivery centre is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.
Biometric authentication is required to gain access to our office premised .Only authorised personnel are allowed to enter the office and processing centre.
No person is allowed to bring Physical documents, books and other storage and recording devices into office premises. The entire office is monitored by CCTV. Office personnel are using only desktop computers running on ‘dumb terminal system’. Ability to save and store data on the PC is disabled.CD Rom and other drives (USB) access have been diabled.Access to physical/removable drives (external hard drives) have been disabled. Access to Printers and scanners is given to only authorised person. Staff person are required to keep personal belongings including bags, books or mobile devices in secure lockers provided outside the main processing centre.
Internet activity is heavily controlled with websites required to be added to a “whitelist” before they can be accessed. Access to personal emails/social media etc is prohibited. Only authorised person are allowed to access work emails with access/storage restrictions. Access to our internal software is password protected with strength measurement. Passwords are also required to be updated on a regular basis. All terminals include screen snapshots and are regularly audited to ensure staff are following security guidelines.
All our terminals and servers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks. Our security software is kept updated at all times and when required. All PC’s within our organisation have an auto-lock feature to ensure PC’s are not kept unlocked. Wireless connections are prohibited except to only authorised persons.
Reporting of data breach
If there is a data breach that is likely to result in serious harm, we will take the following action:
Contain the information leak and asses the actual damage caused by the breach.
Prepare a statement detailing the breach.
Immediately notify each individual to whom the information relates to, or who are at risk.
Review and strengthen our systems and processes to ensure no such incidence happens in future.
