Last Updated 29 January 2019
1. Application of this Policy
The Policy applies to SuperChoice Services Pty Limited and its related company, Payclear Services Pty Limited (we, us, our).
We are committed to complying with the Privacy Act 1988 (Cth) ("Act") as amended from time to time, which sets out in the Australian Privacy Principles ("APP"). The APP regulates, among other things, the collection, storage, quality, use and disclosure of personal information.
2. Personal information we collect
Any information or any opinion about an individual who is identified, or is identifiable, is considered to be "personal information". We collect only information that is necessary for us to provide our products and services, which include clearing superannuation contributions and rollovers, and assisting employers to comply with their Single Touch Payroll reporting obligations to their employees and the Australian Tax Office. We do not collect “sensitive information” as defined under the Privacy Act. The type of personal information we collect includes but is not limited to an individual's name, contact details, date of birth, Tax File Number, employer, name of the individual's superannuation fund(s) and account number, salary, life insurance, employment entitlements and the amount and type of superannuation contributions made by or on behalf of that individual.
In most cases we receive personal information about an individual from our client, who is employing the individual or is the trustee or administrator of the individual's chosen superannuation fund. Where we have been provided with an individual's personal information by our clients, we rely on our clients to obtain any requisite consent of the individual for collection, use and disclosure of this information to us and proceed on the expectation they have done so.
3. Why do we collect and use personal information
We collect and use personal information to (a) administer superannuation contributions and rollovers made by or on behalf of an individual, (b) to assist an individual’s employer to comply with the employer’s obligations to submit certain reports to the Australian Tax Office, and (c) to assist superannuation funds and life insurers meet their mutual reporting obligations imposed by various regulators, including the Australian Prudential Regulation Authority.
We do not use personal information for direct marketing. In order to improve our services, and also for statistical purposes, we may aggregate personal information concerning numerous individuals. But when doing so, we ensure that none of the individuals are identified or identifiable.
We will only use or disclose personal information we collect for the purposes for which it was disclosed to us, or related purpose which would reasonably be expected, or as permitted by the APP.
The types of external parties to which we will disclose your personal information are:
i. the trustee or administrator of the superannuation fund(s)
to which your superannuation benefit is transferred or rolled over
ii. your employer
iii. the Australian Taxation Office
iv. the agents and external service providers that we engage to
help us to provide our services to clients (such as data hosting services, banking/ financial institutions, paying agents, printing houses);
v. our professional advisers and auditors.
In some circumstances we may disclose personal information where it is:
i. required or authorised by law or by a court order
ii. required to be reported to the Office of the Australian Information Commissioner (OAIC).
We will also disclose your information to other external parties, if you give your consent.
When anyone browses our website, our webservers automatically collect standard information as part of the HTTP web protocol - an IP address, browser type, operating system, access time, referring sites, pages viewed and other anonymous information. We analyse non-identifiable web traffic to improve our services.
We do not collect personal information about you if you only browse this website. This website only uses session cookies during a search query of the website. When you close your browser the session cookie is destroyed and no personal information is kept which might identify you to us in the future.
Our website may contain links to other sites operated by third parties. We are not responsible for the privacy practices or the content of such websites. We encourage the reading of the privacy statements in these linked sites, as their privacy policies may differ from ours.
5. Protection of personal information
We regard the security of personal information as very important. We take reasonable steps to protect the information we hold from unauthorised access and we have a number of physical and electronic protection measures in place. This includes encryption, firewalls, site monitoring, intrusion detection and video surveillance. The security arrangements are reviewed and tested from time to time.
We restrict access to personal information solely to those of our employees who need to access this information to complete tasks relating to the efficient and effective provision of the services for which the personal information has been collected, processed and held.
Our employees are subject to a Code of Conduct which includes a commitment to maintain the confidentiality of personal information.
If we become aware of a data breach, which is any unauthorised access to, or disclosure of, or loss of, any personal information we hold, we will comply with the provisions of the Notifiable Data Breaches Scheme which has been introduced by amendments to the Act. In such circumstances:
(a) We will promptly assess whether the data breach is one which is likely to result in serious harm to any individuals to whom the information relates.
(b) If we assess there is a likelihood of serious harm to any individuals as a result of any such breach, promptly assess what remedial steps can be taken to prevent, contain or mitigate such harm and implement any such steps.
(c) If we are unable to completely remove the likelihood of serious harm to any individuals, we will notify the Office of the Australian Information Commissioner, and place the notification statement on our website, and take steps to notify all individuals that are at risk of suffering serious harm, so that they can take whatever action might be available to them to minimise the harm. We will also notify any entities and agencies which might be relevant to the nature of the breach, such as the Australian Tax Office where tax file numbers are included in the personal information the subject of the breach.
(d) We will notify the individuals directly by email, SMS, fax or post, where we have, or can obtain these contact details, and where we can’t get these contact details, but know of someone else who has them, such as an employer or a fund administrator, we will request they notify the individuals.
(e) If we are unable to notify any affected individuals directly, we will also publish notifications in newspapers circulating in the area where affected individuals are likely to be located and also direct individuals to the statement on our website.
(f) Our notifications and statement will include our identity and contact details, a description of the data breach, the type of information which has been accessed, disclosed or lost, and recommendations as to what steps individuals can take in response to the breach.
(g) After we have complied with our notification obligations, we will review the breach and take steps to ensure a similar breach is not repeated.
(h) We also ensure our suppliers, customers and other third parties with whom we deal, are contractually bound to support us in implementing our above obligations wherever necessary. Where we deliver any personal information in the course of our services, we ensure the third parties to whom the personal information is delivered are contractually obligated to notify us of any data breach occurring within their infrastructure and to participate in the above notification obligations to whatever extent is reasonably necessary.
6. Information storage and security
Personal information is stored in our database and archived for a period we determine is necessary for compliance with laws and efficient record keeping. At present this is a minimum of 7 years. No information is stored or processed outside Australia. Some clients with offshore processing centres may allow their authorised employees to submit and view their data via our internet portals.
7. Access to personal information
Under the APP, we are obligated to allow an individual access to the personal information we hold about that individual. The individual may request such access to be provided personally to that individual by contacting us using the contact details specified in section 9 below. In such cases we may charge the individual a non-excessive fee for giving the access.
8. Changes to this policy
9. Need to contact us
SuperChoice Services Pty Limited
Level 8, 35 Clarence Street
Sydney NSW 2000
Phone: 02 8038 6700 Fax: 02 8038 6823
If you feel that we have not satisfactorily addressed your complaint, you may also make a complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or by writing to GPO Box 5218 Sydney NSW 2001.