© 2017-2019 SuperChoice Services Pty Limited. All rights reserved. ABN 78 109 509 739

SuperChoice Privacy Policy

Last Updated 29 January 2019

1. Application of this Policy

The Policy applies to SuperChoice Services Pty Limited and its related company, Payclear Services Pty Limited (we, us, our).

We are committed to complying with the Privacy Act 1988 (Cth) ("Act") as amended from time to time, which sets out in the Australian Privacy Principles ("APP"). The APP regulates, among other things, the collection, storage, quality, use and disclosure of personal information.

This Privacy Policy outlines the type of personal information we collect, how that information is collected, used, stored and protected, and to whom we disclose personal information.

2. Personal information we collect

Any information or any opinion about an individual who is identified, or is identifiable, is considered to be "personal information". We collect only information that is necessary for us to provide our products and services, which include clearing superannuation contributions and rollovers, and assisting employers to comply with their Single Touch Payroll reporting obligations to their employees and the Australian Tax Office.  We do not collect “sensitive information” as defined under the Privacy Act. The type of personal information we collect includes but is not limited to an individual's name, contact details, date of birth, Tax File Number, employer, name of the individual's superannuation fund(s) and account number, salary, life insurance, employment entitlements and the amount and type of superannuation contributions made by or on behalf of that individual.

In most cases we receive personal information about an individual from our client, who is employing the individual or is the trustee or administrator of the individual's chosen superannuation fund. Where we have been provided with an individual's personal information by our clients, we rely on our clients to obtain any requisite consent of the individual for collection, use and disclosure of this information to us and proceed on the expectation they have done so.

3. Why do we collect and use personal information

We collect and use personal information to (a) administer superannuation contributions and rollovers made by or on behalf of an individual, (b) to assist an individual’s employer to comply with the employer’s obligations to submit certain reports to the Australian Tax Office, and (c) to assist superannuation funds and life insurers meet their mutual reporting obligations imposed by various regulators, including the Australian Prudential Regulation Authority.

We do not use personal information for direct marketing. In order to improve our services, and also for statistical purposes, we may aggregate personal information concerning numerous individuals.  But when doing so, we ensure that none of the individuals are identified or identifiable. 

 

We will only use or disclose personal information we collect for the purposes for which it was disclosed to us, or related purpose which would reasonably be expected, or as permitted by the APP.

 

The types of external parties to which we will disclose your personal information are:

i.     the trustee or administrator of the superannuation fund(s)

       to which your superannuation benefit is transferred or rolled over

ii.    your employer

iii.   the Australian Taxation Office

iv.   the agents and external service providers that we engage to

       help us to provide our services to clients (such as data hosting services, banking/ financial institutions, paying agents, printing houses);

v.    our professional advisers and auditors.

           

In some circumstances we may disclose personal information where it is:

i.    required or authorised by law or by a court order

ii.   required to be reported to the Office of the Australian Information Commissioner (OAIC).

 

We will also disclose your information to other external parties, if you give your consent.

We take steps to ensure our agents and third parties have a documented privacy policy and that they are contractually obliged to keep personal information confidential and only use it for the purpose for which they have been authorised to receive and hold it.

We rely on some of the exemptions permitted under the Privacy Act. For instance, the exemption for disclosing personal information to our related companies, but those companies are subject to provisions similar to those in this Privacy Policy.

4. Website

When anyone browses our website, our webservers automatically collect standard information as part of the HTTP web protocol - an IP address, browser type, operating system, access time, referring sites, pages viewed and other anonymous information. We analyse non-identifiable web traffic to improve our services.

We do not collect personal information about you if you only browse this website. This website only uses session cookies during a search query of the website. When you close your browser the session cookie is destroyed and no personal information is kept which might identify you to us in the future.

Our website may contain links to other sites operated by third parties. We are not responsible for the privacy practices or the content of such websites. We encourage the reading of the privacy statements in these linked sites, as their privacy policies may differ from ours.

5. Protection of personal information

We regard the security of personal information as very important. We take reasonable steps to protect the information we hold from unauthorised access and we have a number of physical and electronic protection measures in place. This includes encryption, firewalls, site monitoring, intrusion detection and video surveillance. The security arrangements are reviewed and tested from time to time.

 

We restrict access to personal information solely to those of our employees who need to access this information to complete tasks relating to the efficient and effective provision of the services for which the personal information has been collected, processed and held.

Our employees are subject to a Code of Conduct which includes a commitment to maintain the confidentiality of personal information.

 

If we become aware of a data breach, which is any unauthorised access to, or disclosure of, or loss of, any personal information we hold, we will comply with the provisions of the Notifiable Data Breaches Scheme which has been introduced by amendments to the Act.  In such circumstances:

 

(a)  We will promptly assess whether the data breach is one which is likely to result in serious harm to any individuals to whom the                   information relates.

(b)  If we assess there is a likelihood of serious harm to any individuals as a result of any such breach, promptly assess what remedial             steps can be taken to prevent, contain or mitigate such harm and implement any such steps.

(c)  If we are unable to completely remove the likelihood of serious harm to any individuals, we will notify the Office of the Australian                Information Commissioner, and place the notification statement on our website, and take steps to notify all individuals that are at risk        of suffering serious harm, so that they can take whatever action might be available to them to minimise the harm.  We will also notify        any entities and agencies which might be relevant to the nature of the  breach, such as the Australian Tax Office where tax file                  numbers are included in the personal information the subject of the breach.

(d)  We will notify the individuals directly by email, SMS, fax or post, where we have, or can obtain these contact details, and where we           can’t get these contact details, but know of someone else who has them, such as an employer or a fund administrator, we will                   request they notify the individuals.

(e)  If we are unable to notify any affected individuals directly, we will also publish notifications in newspapers circulating in the area                where affected individuals are likely to be located and also direct individuals to the statement on our website.

(f)  Our notifications and statement will include our identity and contact details, a description of the data breach, the type of information            which has been accessed, disclosed or lost, and recommendations as to what steps individuals can take in response to the breach.

(g)  After we have complied with our notification obligations, we will review the breach and take steps to ensure a similar breach is not            repeated.

(h)  We also ensure our suppliers, customers and other third parties with whom we deal, are contractually bound to support us in                    implementing our above obligations wherever necessary.  Where we deliver any personal information in the course of our services,          we ensure the third parties to whom the personal information is delivered are contractually obligated to notify us of any data breach          occurring within their infrastructure and to participate in the above notification obligations to whatever extent is reasonably necessary.

6. Information storage and security

Personal information is stored in our database and archived for a period we determine is necessary for compliance with laws and efficient record keeping.   At present this is a minimum of 7 years. No information is stored or processed outside Australia.  Some clients with offshore processing centres may allow their authorised employees to submit and view their data via our internet portals.

7. Access to personal information

Generally, the personal information we collect, process and hold is data that belongs to the entity that provided the information to us.  Accordingly, that entity has the right to access that data for its business purposes and in compliance with its own privacy policy and the Privacy Act. Clients may also ask us to correct information we hold if it is inaccurate, incomplete, misleading or out-of-date. 

Under the APP, we are obligated to allow an individual access to the personal information we hold about that individual.  The individual may request such access to be provided personally to that individual by contacting us using the contact details specified in section 9 below.  In such cases we may charge the individual a non-excessive fee for giving the access.

8. Changes to this policy

From time to time it may be necessary for us to review and amend this policy. We reserve the right to amend this policy at any time. You should check our website (www.superchoiceservices.com.au) from time to time for our latest privacy policy.

9. Need to contact us

If you any questions about our Privacy Policy or want to make an inquiry or complaint about how we have handled personal information or if you believe we may have breached any Australian Privacy Principle you should firstly contact:

Privacy Officer

SuperChoice Services Pty Limited 
Level 8, 35 Clarence Street
Sydney NSW 2000
Phone: 02 8038 6700 Fax: 02 8038 6823
Email: privacy@superchoice.com.au 

If you feel that we have not satisfactorily addressed your complaint, you may also make a complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or by writing to GPO Box 5218 Sydney NSW 2001.