Privacy Policy
1. Who We Are
BlueCrest Accounting Solutions (ABN 88 904 505 485) is a registered Australian business providing outsourced accounting, tax preparation, bookkeeping, and SMSF compliance services exclusively to professional accounting and financial advisory firms in Australia.
Our operational delivery team is based in Ahmedabad, India and operates through BlueCrest Accounting Solutions LLP (LLPIN ACI-1497). Data provided by client firms may be processed in India as part of service delivery. We explain how we manage this in Section 5.
2. Scope of This Policy
This Policy applies to personal information and digital personal data processed by BlueCrest relating to:
- representatives of our client firms (including their employees and contractors); and
- end-clients of our client firms, where their data is provided to us solely for service delivery.
Our services are B2B and directed exclusively to professional firms. We do not provide services to individual members of the public.
3. Regulatory Compliance
3.1 Australia — Privacy Act 1988 (Cth)
BlueCrest manages personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), including APP 8 (cross-border disclosure of personal information).
3.2 India — DPDP Act 2023
Where applicable, BlueCrest manages digital personal data in accordance with India’s Digital Personal Data Protection Act 2023 (DPDP Act) and relevant implementing rules as they apply from time to time.
4. What Data We Collect and Why
4.1 Via our website
- IP address, browser type, device information, and pages visited (collected automatically via Google Analytics)
- Personal information voluntarily submitted through contact forms or enquiries: name, email address, phone number, firm name
4.2 Via service engagement
- Business contact details of authorised representatives of client firms
- Financial and compliance data provided by client firms to enable delivery of agreed services — this may include TFNs, bank statements, SMSF records, financial statements, and related documents
We use data only for the purposes for which it was provided: delivering contracted services, quality assurance, security and incident management, and operating our website. We do not use client data for marketing or any secondary purpose.
5. Cross-Border Data Transfer
As our delivery team operates from India, data provided by Australian client firms is transferred to and processed in India to deliver services. We manage this transfer as follows:
- All staff sign confidentiality and non-disclosure agreements as a condition of employment
- Access is restricted to authorised staff on a need-to-know basis, using role-based controls
- Files are transferred and stored exclusively via Google Workspace, with access-controlled shared folders per client
- Security standards described in our Data Security Policy apply to all processing in India
These measures are designed to meet the intent of APP 8 and provide an equivalent level of protection to the Australian Privacy Principles.
6. Google Analytics and Cookies
We use Google Analytics to understand how visitors interact with our website. This tool collects anonymised usage data (page views, time on site, device type). No personally identifiable information is passed to Google Analytics.
You may opt out of Google Analytics tracking by installing the browser add-on at: https://tools.google.com/dlpage/gaoptout
Our website may use cookies to enhance browsing. You can manage or disable cookies through your browser settings.
7. Sharing of Information
We do not sell, trade, or rent personal information. We share data only:
- with our operational delivery team in India (BlueCrest Accounting Solutions LLP), solely for service delivery;
- with trusted service providers who assist in operating our business (e.g., Google Workspace, HubSpot), who are bound by appropriate confidentiality and data protection obligations; and
- as required by law, regulation, or court order.
8. Your Rights
Subject to applicable legal exceptions, you have the right to:
- access the personal information or digital personal data we hold about you;
- request correction of inaccurate or incomplete information;
- request deletion or erasure of your data, noting that some records must be retained to meet ATO, ASIC, or other legal obligations; and
- withdraw consent (India — DPDP Act): where processing is based on consent, you may withdraw it at any time. We will cease processing unless required or authorised by law. Withdrawal does not affect the lawfulness of prior processing.
To submit a rights request, use our Data Privacy Request Portal:
https://na2.hs-data-privacy.com/request/bs9WjUJ-8r0xZRnbtfux4w
For access and correction requests not currently supported by the portal, email: compliance@bluecrestaccounting.com.au
We will respond within 30 days of receiving a valid request, in accordance with the Privacy Act 1988 (Cth).
9. Nomination (India — DPDP Act)
Indian Data Principals may nominate an individual to exercise their data rights in the event of death or incapacity, as provided under the DPDP Act 2023.
10. Data Breach Notification
BlueCrest maintains an incident response process for suspected or confirmed data breaches:
- Internal assessment is initiated within 2 hours of discovery
- Affected client firms are notified within 2 hours of a confirmed breach
- The Office of the Australian Information Commissioner (OAIC) is notified within 30 days of becoming aware of an eligible data breach, as required by the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth)
- India’s Data Protection Board is notified where required under the DPDP Act
11. Data Retention
We retain accounting, tax, and compliance records for 7 years to meet ATO, ASIC, and related Australian legal requirements. Where retention is no longer legally required, data is securely deleted or de-identified.
12. Protection of Minors
Our services are directed exclusively to professional firms. We do not knowingly collect or process personal data of individuals under 18 without verifiable parental or guardian consent.
13. ABN Verification
You can verify our Australian business registration at: https://abr.business.gov.au (ABN: 88 904 505 485)
14. Policy Updates
We review this Policy at least annually. Any changes will be posted on this page with a revised Last Updated date. Continued use of our services following an update constitutes acceptance of the revised Policy.
15. Contact Us & Grievance Redressal
Privacy Contact / Grievance Officer (India — DPDP Act)
| Name | Soham Shukla (Founder) or formally appointed delegate |
| compliance@bluecrestaccounting.com.au | |
| Phone | +61 2 8006 6770 |
| Address | Suite 1020/308 Wattle St, Ultimo NSW 2007, Australia |
If we are unable to resolve a grievance within 30 days, you may approach the Data Protection Board of India and/or the Office of the Australian Information Commissioner (OAIC), as applicable.
Effective Date: 12 June 2026 | Last Updated: 12 June 2026