Updated 18 September 2024
1. Application of this Policy
The Policy applies to SuperChoice Services Pty Limited and its related company, Payclear Services Pty Limited (we, us, our).
We are committed to complying with the Privacy Act 1988 (Cth) (“Privacy Act”) as amended from time to time, which includes the Australian Privacy Principles (“APP”). The APP regulates, among other things, the collection, storage, quality, use, and disclosure of personal information.
This Privacy Policy outlines the type of personal information we collect, how that information is collected, used, stored, and protected, and to whom we disclose personal information.
2. Personal information we collect
Any information or any opinion about an individual which can identify, or is identifiable for, an individual is considered to be “personal information”. We collect only information that is necessary for us to provide our products and services, which include clearing superannuation contributions and rollovers, assisting insurers with their insurance processing, identification, and remuneration verification, and assisting employers to comply with their obligations to their employees and the Australian Tax Office. The types of personal information we collect are an individual’s name, contact details, date of birth, Tax File Number, employment, superannuation, and life insurance details. We also collect “sensitive information” as defined under the Privacy Act, being information about any membership of any trade union or professional or trade association for the purpose of processing payments to those associations on behalf of an individual.
In most cases, we receive personal information about an individual from our client, who is employing the individual or is the payroll services provider to the individual’s employer, or is the trustee or administrator of the individual’s superannuation fund. Where we have been provided with an individual’s personal information by our clients, we rely on our clients to obtain any requisite consent of the individual for the collection, use, and disclosure of this information to us, and our subsequent disclosure of such information as detailed in this policy, and we proceed on the expectation they have done so.
3. Why do we collect and use personal information
We collect and use personal information to (a) administer superannuation contributions and rollovers made by or on behalf of an individual, (b) to assist an individual’s employer to comply with the employer’s obligations to submit certain reports to the Australian Tax Office, (c) to assist superannuation funds and their group life insurers meet their mutual reporting obligations imposed by various regulators, including the Australian Prudential Regulation Authority and (d) to improve our service offerings.
We do not use personal information for direct marketing. In order to improve our services, and also for statistical purposes, we may aggregate personal information concerning numerous individuals. But when doing so, we ensure that none of the individuals are identified or identifiable.
We may need to disclose personal information to various persons and organisations in Australia. For example:
We use agents and external service providers to help us to provide our services to clients (such as data hosting services, banking/financial institutions, paying agents, printing houses, and external consultants);
We may be required to provide the information to the government or regulatory bodies (such as the Australian Prudential Regulatory Authority (APRA), Australian Securities and Investment Commission, or the Australian Taxation Office); and
We may be required by a court order to disclose certain information.
We will also disclose personal information to other external parties when an Individual provides consent.
We rely on our agents and third parties to have a documented privacy policy and we ensure they are contractually obliged to keep personal information confidential and only use it for the purpose for which they have been authorised to receive and hold it.
We rely on some of the exemptions permitted under the Privacy Act. For instance, the exemption for disclosing personal information to our related companies, but those companies are subject to provisions similar to those in this Privacy Policy.
4. Website
When anyone browses our website, our web servers automatically collect standard information as part of the HTTP web protocol – an IP address, browser type, operating system, access time, referring sites, pages viewed, and other anonymous information. We analyse web traffic including, but not limited to the use of google analytics, to improve our services.
For our online products including our EmployerPay and Legacy platforms, in addition to the above, we also log a number of data elements including IP address, geographic location, username, time of access, and the data accessed for the purposes of maintaining a secure platform and to improve the operation of our platform.
Our website may contain links to other sites operated by third parties. We are not responsible for the privacy practices or the content of such websites. We encourage the reading of the privacy statements in these linked sites, as their privacy policies may differ from ours.
5. Protection of personal information
We regard the security of personal information as extremely important. We take all reasonable steps to protect the information we hold from unauthorised access and we have a number of physical and electronic protection measures in place. This includes encryption, firewalls, site monitoring, intrusion detection, and video surveillance. The security arrangements are reviewed and tested from time to time.
We restrict access to personal information solely to those of our employees who need to access this information to complete tasks relating to the efficient and effective provision of the services for which the personal information has been collected, processed, and held.
Our employees are subject to a Code of Conduct which includes a commitment to maintaining the confidentiality of personal information.
If we become aware of a data breach, which is any unauthorised access to, or disclosure of, or loss of, any personal information we hold, we will comply with the provisions of the Notifiable Data Breaches scheme which is set out in the Privacy Act. In such circumstances:
We will promptly assess whether the data breach is one that is likely to result in serious harm to any individuals to whom the information relates.
If we assess there is a likelihood of serious harm to any individuals as a result of any such breach, we will promptly assess what remedial steps can be taken to prevent, contain or mitigate such harm and implement any such steps.
If we are unable to completely remove the likelihood of serious harm to any individuals, we will notify the Office of the Australian Information Commissioner, and place the notification statement on our website, and take steps to notify all individuals that are at risk of suffering serious harm, so that they can take whatever action might be available to them to minimise the harm. We will also notify any entities and agencies which might be relevant to the nature of the breach, such as the Australian Tax Office.
We will notify the individuals directly by email, SMS, fax, or post, where we have, or can obtain these contact details, and where we can’t get these contact details, but know of someone else who has them, such as an employer or a fund administrator, we will request they notify the individuals.
If we are unable to notify any affected individuals directly, we will also publish notifications in newspapers circulating in the area where affected individuals are likely to be located and also direct individuals to the statement on our website.
Our notifications and statement will include our identity and contact details, a description of the data breach, the type of information which has been accessed, disclosed or lost, and recommendations as to what steps individuals can take in response to the breach.
After we have complied with our notification obligations, we will review the breach and take steps to ensure a similar breach is not repeated.
We also ensure our suppliers, customers, and other third parties with whom we deal, are contractually bound to support us in implementing our above obligations wherever necessary. Where we deliver any personal information in the course of our services, we ensure the third parties to whom the personal information is delivered are contractually obligated to notify us of any data breach occurring within their infrastructure and to participate in the above notification obligations to whatever extent is reasonably necessary.
6. Information storage and security
Personal information is stored in our database and archived for a period we determine is necessary for compliance with our contractual obligations to our clients, laws, and efficient record keeping. No personal information is stored or processed or transported outside Australia.
7. Access to personal information
In some circumstances, employers may request access to the information we hold about them or their employees. Trustees may request information we hold about them, their sponsoring employers, and those employer’s employees. Trustees, employers, and employees may also ask us to correct information we hold if it is inaccurate, incomplete, misleading, or out-of-date.
Generally, the personal information we collect, process and hold is data that belongs to the entity that provided the information to us. Accordingly, that entity has the right to access that data for its business purposes and in compliance with its own privacy policy and the Privacy Act.
Under APP 12, we are obligated to allow an individual access to the personal information we hold about that individual. The individual may request such access to be provided personally to that individual by contacting us using the contact details specified in section 9 below. In such cases we may charge the individual a reasonable fee for such access.
An individual may also authorise an intermediary to access their personal information. Under APP 6 we will access and process an individual’s personal information with their consent. We may enter into arrangements to expedite this process by enabling an individual to authorise an entity, which needs to access certain personal information to seek that information directly from us, where they are authorised to do so. In such cases, we rely on, and contractually bind, those entities to have the relevant individual’s authority to access their personal information. In such cases we may charge a fee to the entity or the authorised intermediary that requests such authorised access.
If an individual whose personal information has been accessed by or on behalf of that individual believes certain information we hold is inaccurate, that individual or the individual’s representative may ask us to correct the information. We will then, within a reasonable time, take reasonable steps to correct the information, so as to ensure it is accurate, up to date, complete, relevant, and not misleading, and we will notify any entities that supplied the information to us, or to which we may have supplied the information, of the correction unless it’s impracticable or unlawful for us to do so. If for any reason we refuse to correct the information, then we will notify the individual or their representative of that fact and the reasons for our refusal. If the individual disagrees with our decision, that individual may lodge a complaint in the manner set out in Section 9 below (Need to contact us). We will not charge for any correction or investigation into a request, but we may charge the entity which supplied the inaccurate information.
8. Changes to this policy
From time to time it may be necessary for us to review and amend this policy. We reserve the right to amend this policy at any time. You should check our website (www.superchoiceservices.com.au) from time to time for our latest privacy policy.
9. Need to contact us
If you have questions about our Privacy Policy or want to make an inquiry or complaint about how we have handled personal information or if you believe we may have breached any Australian Privacy Principle you should firstly contact:
Privacy Officer
SuperChoice Services Pty Limited
Level 4, 45 Clarence Street
Sydney NSW 2000
Phone: 02 8038 6700
Email: PrivacyOfficer@superchoice.com.au
We will aim to respond to your complaint within a reasonable time, usually within 30 days.
If you feel that we have not satisfactorily addressed your complaint, you may also make a complaint to the Office of the Australian Information Commissioner by visiting www.oaic.gov.au or by writing to
GPO Box 5218
Sydney NSW 2001
or
GPO Box 2999, Canberra ACT 2601.
© 2024 SuperChoice Services Pty Limited. All rights reserved. ABN 78 109 509 739
SuperChoice Services Pty Limited (ACN 109 509 739), Authorised Representative (Number 336522) of PayClear Services Pty Limited (ACN 124 852 320) holder of Australian Financial Services Licence Number 314357. SUPERCHOICESERVICES PTY LTD ILLION NUMBER 75-262-2303