Last Updated 21 May 2021
1. Application of this Policy
The Policy applies to SuperChoice Services Pty Limited and its related company, Payclear Services Pty Limited (we, us, our).
We are committed to complying with the Privacy Act 1988 (Cth) ("Privacy Act") as amended from time to time, which includes the Australian Privacy Principles ("APP"). The APP regulates, among other things, the collection, storage, quality, use, and disclosure of personal information.
2. Personal information we collect
Any information or any opinion about an individual who is identified, or is identifiable, is considered to be "personal information". We collect only information that is necessary for us to provide our products and services, which include clearing superannuation contributions and rollovers, assisting insurers with their insurance processing, and assisting employers to comply with their obligations to their employees and the Australian Tax Office. The kinds of personal information we collect are an individual's name, contact details, date of birth, Tax File Number, and employment, superannuation, and life insurance details. We also collect “sensitive information” as defined under the Privacy Act, being information about any membership of any trade union or professional or trade association.
In the near future, we will be collecting and storing biometric voiceprint information about individuals who access our systems for the purpose of facilitating the identification of those individuals who may call us to seek access to their personal information.
In most cases, we receive personal information about an individual from our client, who is employing the individual or is the payroll services provider to the individual’s employer, or is the trustee or administrator of the individual's superannuation fund. Where we have been provided with an individual's personal information by our clients, we rely on our clients to obtain any requisite consent of the individual for the collection, use, and disclosure of this information to us and we proceed on the expectation they have done so.
3. Why do we collect and use personal information
We collect and use personal information to (a) administer superannuation contributions and rollovers made by or on behalf of an individual, (b) to assist an individual’s employer to comply with the employer’s obligations to submit certain reports to the Australian Tax Office, (c) to assist superannuation funds and their group life insurers meet their mutual reporting obligations imposed by various regulators, including the Australian Prudential Regulation Authority and (d) to improve our service offerings.
We do not use personal information for direct marketing. In order to improve our services, and also for statistical purposes, we may aggregate personal information concerning numerous individuals. But when doing so, we ensure that none of the individuals are identified or identifiable.
We may need to disclose personal information to various persons and organisations in Australia. For example:
We use agents and external service providers to help us to provide our services to clients (such as data hosting services, banking/financial institutions, paying agents, printing houses, and external consultants);
We may be required to provide the information to the government or regulatory bodies (such as the Australian Prudential Regulatory Authority (APRA) or the Australian Taxation Office); and
We may be required by a court order to disclose certain information.
We will also disclose personal information to other external parties when an Individual provides consent.
When anyone browses our website, our web servers automatically collect standard information as part of the HTTP web protocol - an IP address, browser type, operating system, access time, referring sites, pages viewed, and other anonymous information. We analyse web traffic including, but not limited to the use of google analytics, to improve our services.
For our online products including our EmployerPay and Legacy platforms, in addition to the above, we also log a number of data elements including IP address, geographic location, username, time of access, and the data accessed for the purposes of maintaining a secure platform and to improve the operation of our platform.
Our website may contain links to other sites operated by third parties. We are not responsible for the privacy practices or the content of such websites. We encourage the reading of the privacy statements in these linked sites, as their privacy policies may differ from ours.
5. Protection of personal information
We regard the security of personal information as very important. We take reasonable steps to protect the information we hold from unauthorised access and we have a number of physical and electronic protection measures in place. This includes encryption, firewalls, site monitoring, intrusion detection, and video surveillance. The security arrangements are reviewed and tested from time to time.
We restrict access to personal information solely to those of our employees who need to access this information to complete tasks relating to the efficient and effective provision of the services for which the personal information has been collected, processed, and held.
Our employees are subject to a Code of Conduct which includes a commitment to maintaining the confidentiality of personal information.
If we become aware of a data breach, which is any unauthorised access to, or disclosure of, or loss of, any personal information we hold, we will comply with the provisions of the Notifiable Data Breaches scheme which is set out in the Privacy Act. In such circumstances:
We will promptly assess whether the data breach is one that is likely to result in serious harm to any individuals to whom the information relates.
If we assess there is a likelihood of serious harm to any individuals as a result of any such breach, we will promptly assess what remedial steps can be taken to prevent, contain or mitigate such harm and implement any such steps.
If we are unable to completely remove the likelihood of serious harm to any individuals, we will notify the Office of the Australian Information Commissioner, and place the notification statement on our website, and take steps to notify all individuals that are at risk of suffering serious harm, so that they can take whatever action might be available to them to minimise the harm. We will also notify any entities and agencies which might be relevant to the nature of the breach, such as the Australian Tax Office..
We will notify the individuals directly by email, SMS, fax, or post, where we have, or can obtain these contact details, and where we can’t get these contact details, but know of someone else who has them, such as an employer or a fund administrator, we will request they notify the individuals.
If we are unable to notify any affected individuals directly, we will also publish notifications in newspapers circulating in the area where affected individuals are likely to be located and also direct individuals to the statement on our website.
Our notifications and statement will include our identity and contact details, a description of the data breach, the type of information which has been accessed, disclosed or lost, and recommendations as to what steps individuals can take in response to the breach.
After we have complied with our notification obligations, we will review the breach and take steps to ensure a similar breach is not repeated.
We also ensure our suppliers, customers and other third parties with whom we deal, are contractually bound to support us in implementing our above obligations wherever necessary. Where we deliver any personal information in the course of our services, we ensure the third parties to whom the personal information is delivered are contractually obligated to notify us of any data breach occurring within their infrastructure and to participate in the above notification obligations to whatever extent is reasonably necessary.
6. Information storage and security
Personal information is stored in our database and archived for a period we determine is necessary for compliance with laws and efficient record keeping. At present this is a minimum of 7 years. No personal information is stored or processed or transported outside Australia.
7. Access to personal information
In some circumstances, employers may request access to the information we hold about them or their employees. Trustees may request information we hold about them, their sponsoring employers and those employer’s employees. Trustees, employers and employees may also ask us to correct information we hold if it is inaccurate, incomplete, misleading or out-of-date.
Under APP 12, we are obligated to allow an individual access to the personal information we hold about that individual. The individual may request such access to be provided personally to that individual by contacting us using the contact details specified in section 9 below. In such cases we may charge the individual a non-excessive fee for giving the access.
An individual may also authorise an intermediary to access their personal information. We may enter into arrangements to expedite this process by enabling an individual to authorise an entity, which needs to access certain personal information to seek that information directly from us, where they are authorised to do so. In such cases, we rely on, and contractually bind, those entities to have the relevant individual’s authority to access their personal information. In such cases we may charge a fee to the entity or the authorised intermediary that requests such authorised access.
If an individual whose personal information has been accessed by or on behalf of that individual believes certain information we hold is inaccurate, that individual or the individual’s representative may ask us to correct the information. We will then, within a reasonable time, take reasonable steps to correct the information, so as to ensure it is accurate, up to date, complete, relevant, and not misleading, and we will notify any entities that supplied the information to us, or to which we may have supplied the information, of the correction unless it’s impracticable or unlawful for us to do so. If for any reason we refuse to correct the information, then we will notify the individual or their representative of that fact and the reasons for our refusal. If the individual disagrees with our decision, that individual may lodge a complaint in the manner set out in Section 9 below (Need to contact us). We will not charge for any correction or investigation into a request, but we may charge the entity which supplied the inaccurate information.
8. Changes to this policy
9. Need to contact us
SuperChoice Services Pty Limited
Level 8, 35 Clarence Street
Sydney NSW 2000
Phone: 02 8038 6700
If you feel that we have not satisfactorily addressed your complaint, you may also make a complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or by writing to
GPO Box 5218
Sydney NSW 2001
GPO Box 2999, Canberra ACT 2601.