First Super must comply with the Privacy Act 1988 (the Act), which regulates the way we collect, use, disclose, keep, secure and provide access to your personal information.
The Act imposes obligations known as Australian Privacy Principles on First Super. This document summarises how we met the key obligations under Act and Principles in respect of Personal and Sensitive information.
We collect and hold Personal Information that is reasonably necessary for the operation of the Fund, including administration of your account. “Personal information” is information or opinion about an identified individual, or an individual who is reasonably identifiable.
This information may include your:
- name and date of birth;
- contact details including residential address;
- employment details;
- employment history and salary information;
- tax file number;
- contributions history;
- nominated beneficiary details; and
- your claims history.
We only collect Sensitive Information about you where necessary and with your consent, except where we are required or permitted by law to collect your Sensitive Information without your consent, such as when we assess insurance claims.
“Sensitive information” is Personal Information that is also information or opinion about a person’s racial or ethnic origins, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices, criminal record; health, genetic or biometric information
First Super collects and holds Sensitive Information that is necessary to perform an essential function of the Fund, such as assess whether a person is disabled or not.
2. Collection and use of information
We collect and use Personal Information about you so we can establish an account for you in the Fund and provide you with services and benefits in connection with your account.
We may collect and use health information about you to provide you with benefits, including insurance.
You can refuse to provide us with Personal Information however, if you do so, we may be unable to administer your account or process an insurance application. Where we do not have enough information to administer an account for you, the account balance may have to be sent from the Fund to the Australian Taxation Office. If you do not provide us with your tax file number we may be unable to accept some contributions and you may pay more tax than you need to.
Your employer may have a legal obligation to provide us with information necessary to establish and manage an account for you, this includes providing a tax file number.
3. How we collect information
We only collect Personal Information by lawful and fair means. Information is collected directly from you where reasonably possible and, for many employer-sponsored members, from their employer.
Information we collect form you is generally collected using a form which you may decline to complete. We or the Fund’s insurer may collect information (including Sensitive Information) from third parties, such as doctors or rehabilitation specialists in order to process insurance applications and claims.
Certain laws such as the Superannuation Industry (Supervision) Act 1993 (Cth), the Corporations Act 2001 (Cth) and the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) may require us to collect, hold, verify and use information to personally identify you.
If we receive personal information about you that we have not requested and may not lawfully collect, we will destroy or de-identify the information if it is lawful and reasonable to do so.
4. Disclosure of your information
In general, we will only disclose your personal information for a purpose:
- mentioned in this document;
- you would reasonably expect in relation to the Fund;
- required or permitted by law; or
- otherwise disclosed to you and to which you have consented.
We disclose your personal information to our Administrator so that it can administer your account in the Fund, and the Administrator holds that information for us. The Administrator may not disclose your personal information to any other party, except as is reasonable and necessary for administration of the Fund. This includes to:
- Your employer for employer-sponsored members;
- Other superannuation trustees to facilitate rollovers and other transactions;
- external service providers such as insurers, accountants, auditors, lawyers, mailing houses, archivists, IT service providers and consultants of purposes connected to the administration and good management of the Fund;
- courts, government and regulatory authorities as required or permitted by law;
- persons authorised under the Family Law Act 1975 (Cth) to request information about an interest in a superannuation fund.
We take reasonable steps to ensure that these entities are bound by confidentiality and privacy obligations with respect to the protection of your Personal Information.
First Super does not send your Personal Information overseas, however, the insurance company that provides death and disability insurance to members of First Super may send some Personal Information offshore for the purpose of reinsuring liabilities and keeping premiums low.
5. Access to your Personal Information
Most of the personal information we hold on most members is shown in their annual benefit statement. We may hold a large amount of additional Personal Information (including Sensitive Information) on members who have made an insurance claim or applied for additional insurance.
You may request access to the Personal Information we hold about you by contacting us in writing. We will tell you the Personal Information we hold about you providing it is lawful to do so and you provide acceptable proof of your identity.
Rarely we may under a legal obligation refuse access to some Personal Information. If this happens we will provide you with a written notice setting out reasons for the refusal and specifying the section of the Privacy Act under which refusal is permitted.
We will not charge you for assessing the Personal Information we hold about you unless requests of a vexatious nature are made. You will be advised in advance of any charge that may apply before it is incurred.
6. What if your Personal Information is inaccurate?
If the Personal Information we hold is inaccurate, out-of-date, incomplete, irrelevant or misleading, we will take reasonable steps to correct the information.
You can request that we correct the Personal Information we hold about you by contacting us. We will deal with your request within a reasonable time and, if we do not agree with the corrections requested, we will explain why to the extent permitted by law.
7. What happens to old Information?
We are under a number of legal obligations to maintain Personal Information after your leave the Fund. Once we are satisfied that your Personal Information no longer has to be maintained for either legal or contractual reasons, we will ensure it is destroyed or de-identified.
8. Privacy on the Internet
You can provide us with some Personal Information through our website. To minimise the risk of fraud we limit the types of personal information that can be provided to us over the internet.
If you have concerns about transmitting your personal information over the internet, you can provide that information in paper format.
When you access any part of our website, out service provider logs the following information, which we may collect: your server address, top level domain name ( e.g .gov, .au, etc.), the date and time of your web-site visit, the pages you looked at, the documents you down-loaded, the previous site you visited and the type of browser you used.
When you visit any part of our website we may use “cookies” for security and identification purposes. A “cookie” is a small computer file placed on an internet browser which we read each time you visit our website. It is not our intention to identify users personally or their individual browsing activities by using “cookies”, but may do so if required by a law enforcement agency or court.
We can only attach “cookies” to your internet browser if you allow us to. You can set your internet browser to reject cookies, but doing so may prevent you from accessing some higher security pages of our website.
If you send us emails we may retain the content of the email and our response. Your email address will only be used or disclosed for the purposes relating to the good management of your account and the Fund. It will not be given or sold to become part of any other mailing list or used for any other purpose unless your consent.
9. Computer, Internet and other Security
Your personal information is held in paper-based and electronic files.
We make reasonable efforts to ensure that we and our service providers use modern security measures to protect your Personal Information. This includes password protecting and encrypting data as required.
We take reasonable steps to ensure your personal information is protected from misuse, interference, loss, unauthorised access, modification or disclosure. This includes by limiting access to Personal information through physical barriers (such as security doors) and by limiting electronic access rights.
We cannot guarantee that any information transmitted via the internet is entirely secure. You should only transmit Personal Information over the internet if you are confident the data link and the computer (hardware and software) you are using are secure. If you send us Personal Information over the Internet you do so at your own risk.
While you are a member of the Fund we may use your personal information to provide you with information about products and services (including those of third parties) which we consider may be of interest to you. This applies even if you are listed on the Do Not Call Register.
You may opt out of receiving information from third parties through us at any time by contacting us. You may not opt out of receiving information from us while a member of the Fund because laws require us to send you certain information.
11. Questions and Complaints
The Complaints Officer
PO Box 666 Carlton South
Phone: 1300 360 988
If you make a complaint we will write to you within 7 days of receiving the complaint to acknowledge the complaint and explain how we will deal with the issues raised.
You may also lodge a complaint with the Office of the Australian Information Commissioner by telephone: 1300 363 992 or email: firstname.lastname@example.org.
12. Changes & Amendments
We review this policy as circumstances and laws change, but it is reviewed at least once each year when we reassess the adequacy and suitability of our privacy procedures.
This policy was approved by the Board of First Super Pty Ltd, which has authorised management to make necessary amendments from time to time to ensure continued compliance with the law, providing any changes are brought to it for approval and review as soon as practical.