Last Updated 19 December 2019
1. Application of this Policy
The Policy applies to SuperChoice Services Pty Limited and its related company, Payclear Services Pty Limited (we, us, our).
We are committed to complying with the Privacy Act 1988 (Cth) ("Privacy Act") as amended from time to time, which includes the Australian Privacy Principles ("APP"). The APP regulates, among other things, the collection, storage, quality, use and disclosure of personal information.
2. Personal information we collect
Any information or any opinion about an individual who is identified, or is identifiable, is considered to be "personal information". We collect only information that is necessary for us to provide our products and services, which include clearing superannuation contributions and rollovers, and assisting employers to comply with their obligations to their employees and the Australian Tax Office. The kinds of personal information we collect are an individual's name, contact details, date of birth, Tax File Number, and employment, superannuation and life insurance details. We also collect “sensitive information” as defined under the Privacy Act, being information about any membership of any trade union or professional or trade association.
In the near future, we will be collecting and storing biometric voiceprint information about individuals who access our systems for the purpose of facilitating the identification of those individuals who may call us to seek access to their personal information.
In most cases we receive personal information about an individual from our client, who is employing the individual or is the payroll services provider to the individual’s employer, or is the trustee or administrator of the individual's superannuation fund. Where we have been provided with an individual's personal information by our clients, we rely on our clients to obtain any requisite consent of the individual for collection, use and disclosure of this information to us and we proceed on the expectation they have done so.
3. Why do we collect and use personal information
We collect and use personal information to (a) administer superannuation contributions and rollovers made by or on behalf of an individual, (b) to assist an individual’s employer to comply with the employer’s obligations to submit certain reports to the Australian Tax Office, and (c) to assist superannuation funds and their group life insurers meet their mutual reporting obligations imposed by various regulators, including the Australian Prudential Regulation Authority.
We do not use personal information for direct marketing. In order to improve our services, and also for statistical purposes, we may aggregate personal information concerning numerous individuals. But when doing so, we ensure that none of the individuals are identified or identifiable.
We may need to disclose personal information to various persons and organisations in Australia. For example:
We use agents and external service providers to help us to provide our services to clients (such as data hosting services, banking/financial institutions, paying agents, printing houses and external consultants);
We may be required to provide the information to government or regulatory bodies (such as the Australian Prudential Regulatory Authority (APRA) or the Australian Taxation Office); and
We may be required by a court order to disclose certain information.
We will also disclose personal information to other external parties when an Individual provides consent.
When anyone browses our website, our webservers automatically collect standard information as part of the HTTP web protocol - an IP address, browser type, operating system, access time, referring sites, pages viewed and other anonymous information. We analyse non-identifiable web traffic to improve our services.
We do not collect personal information about you if you only browse this website. This website only uses session cookies during a search query of the website. When you close your browser the session cookie is destroyed and no personal information is kept which might identify you to us in the future.
Our website may contain links to other sites operated by third parties. We are not responsible for the privacy practices or the content of such websites. We encourage the reading of the privacy statements in these linked sites, as their privacy policies may differ from ours.
5. Protection of personal information
We regard the security of personal information as very important. We take reasonable steps to protect the information we hold from unauthorised access and we have a number of physical and electronic protection measures in place. This includes encryption, firewalls, site monitoring, intrusion detection and video surveillance. The security arrangements are reviewed and tested from time to time.
We restrict access to personal information solely to those of our employees who need to access this information to complete tasks relating to the efficient and effective provision of the services for which the personal information has been collected, processed and held.
Our employees are subject to a Code of Conduct which includes a commitment to maintain the confidentiality of personal information.
If we become aware of a data breach, which is any unauthorised access to, or disclosure of, or loss of, any personal information we hold, we will comply with the provisions of the Notifiable Data Breaches scheme which is set out in the Privacy Act.
In such circumstances:
a) We will promptly assess whether the data breach is one that is likely to result in serious harm to any individuals to whom the information relates.
b) If we assess there is a likelihood of serious harm to any individuals as a result of any such breach, we will promptly assess what remedial steps can be taken to prevent, contain or mitigate such harm and implement any such steps.
c) If we are unable to completely remove the likelihood of serious harm to any individuals, we will notify the Office of the Australian Information Commissioner, and place the notification statement on our website, and take steps to notify all individuals that are at risk of suffering serious harm, so that they can take whatever action might be available to them to minimise the harm. We will also notify any entities and agencies which might be relevant to the nature of the breach, such as the Australian Tax Office where tax file numbers are included in the personal information the subject of the breach.
d) We will notify the individuals directly by email, SMS, fax or post, where we have, or can obtain these contact details, and where we can’t get these contact details, but know of someone else who has them, such as an employer or a fund administrator, we will request they notify the individuals.
e) If we are unable to notify any affected individuals directly, we will also publish notifications in newspapers circulating in the area where affected individuals are likely to be located and also direct individuals to the statement on our website.
f) Our notifications and statement will include our identity and contact details, a description of the data breach, the type of information which has been accessed, disclosed or lost, and recommendations as to what steps individuals can take in response to the breach.
After we have complied with our notification obligations, we will review the breach and take steps to ensure a similar breach is not repeated.
g) We also ensure our suppliers, customers and other third parties with whom we deal, are contractually bound to support us in implementing our above obligations wherever necessary. Where we deliver any personal information in the course of our services, we ensure the third parties to whom the personal information is delivered are contractually obligated to notify us of any data breach occurring within their infrastructure and to participate in the above notification obligations to whatever extent is reasonably necessary.
6. Information storage and security
Personal information is stored in our database and archived for a period we determine is necessary for compliance with laws and efficient record keeping. At present this is a minimum of 7 years. No personal information is stored or processed or transported outside Australia.
7. Access to personal information
In some circumstances, employers may request access to the information we hold about them or their employees. Trustees may request information we hold about them, their sponsoring employers and those employer’s employees. Trustees, employers, and employees may also ask us to correct information we hold if it is inaccurate, incomplete, misleading or out-of-date.
Under the APP, we are obligated to allow individual access to the personal information we hold about that individual. The individual may request such access to be provided personally to that individual by contacting us using the contact details specified in section 9 below. In such cases, we may charge the individual a non-excessive fee for giving the access.
An individual may also authorise a representative to access their personal information. Where appropriate we may enter into arrangements that expedite this process by enabling an individual to authorise an entity that needs to access certain personal information to seek that information directly from us, where they are authorised to do so. In such cases, we rely on, and contractually bind, those entities to have the relevant individual’s authority to access their personal information. In such cases, we may charge a fee to the entity or the authorised representative that requests such authorised access.
If an individual whose personal information has been accessed by or on behalf of that individual believes certain information we hold is inaccurate, that individual or the individual’s representative may ask us to correct the information. We will then, within a reasonable time, take reasonable steps to correct the information, so as to ensure it is accurate, up to date, complete, relevant and not misleading, and we will notify any entities that supplied the information to us, and to which we may have supplied the information, of the correction unless it’s impracticable or unlawful for us to do so. If for any reason we refuse to correct the information, then we will notify the individual or their representative of that fact and the reasons for our refusal. If the individual disagrees with our decision, that individual may lodge a complaint in the manner set out in Section 9 below (Need to contact us). We will not charge for any correction or investigation into a request, but we may charge the entity which supplied the inaccurate information.
8. Changes to this policy
9. Contact us
SuperChoice Services Pty Limited
Level 8, 35 Clarence Street
Sydney NSW 2000
Phone: 02 8038 6700 Fax: 02 8038 6823
If you feel that we have not satisfactorily addressed your complaint, you may also make a complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or by writing to GPO Box 5218 Sydney NSW 2001 or GPO Box 2999, Canberra ACT 2601.