• Privacy

  • Purpose

    1.1 Purpose

    SCS Super Pty Limited (Trustee) has adopted this Privacy Policy to provide information about its approach to handling personal information about individuals who will typically be members of the Australian Catholic Superannuation & Retirement Fund (Fund) and their beneficiaries. This Privacy Policy may be amended from time to time.

    1.2    Privacy Act 1988 and APPs

    The Privacy Act 1988 (Act) regulates the handling of “personal information” about individuals by entities such as the Trustee. This includes the collection, use, storage and disclosure of personal information.

    “Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable. The information or opinion does not need to be recorded in a material form and does not need to be true for it to be considered personal information.

    “Personal information” also includes “sensitive information”, which includes:

    • information or opinion (that is also personal information) about an individual’s:
      • racial or ethnic origin;
      • political opinions;
      • membership of a political association;
      • religious beliefs or affiliations;
      • philosophical beliefs;
      • membership of a professional or trade association;
      • membership of a trade union;
      • sexual preferences or practices; or
      • criminal record; and

       
    • health information about an individual.

    The Act was amended to introduce 13 Australian Privacy Principles (APPs) from 12 March 2014, which replaces the National Privacy Principles (NPPs), and Information Privacy Principles. These will apply to organisations, and Australian, ACT and Norfolk Island government agencies.

    The text of the 13 APPs from Schedule 1 of the Privacy Amendment (Enhancing Privacy protection) Act 2012 amends the Privacy Act 1988.

    2    Australian Privacy Principles

    2.1    APP 1 – Open and transparent management of personal information

    This Privacy Policy sets out an open and transparent handling of “personal information” by the Trustee, including:

    (a) the kind of information that the Trustee collects and holds (see section 2.3);
    (b) how the Trustee collects and holds personal information (see sections 2.4, 2.5 and 2.11);
    (c) the purposes for which the Trustee collects, holds, uses and discloses personal information (see sections 2.6 and 2.9);
    (d) how an individual may access personal information about the individual that is held by the Trustee and seek the correction of such information (see sections 2.12 and 2.13);
    (e) how an individual may complain about a breach of the APPs, or a registered APP code (if any) that binds the Trustee, and how the Trustee will deal with such a complaint (see section 3);
    (f) whether the Trustee is likely to disclose personal information to overseas recipients (see section 2.8); and
    (g) if the Trustee is likely to disclose personal information to overseas recipients – the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy (see section 2.8).


    2.2    APP 2 – Anonymity and pseudonymity

    Individuals have the option of not identifying themselves or of using a pseudonym where it is lawful and practicable to do so, for example when making a general enquiry about the Fund.

    However, while the Trustee understands its obligations in respect of this APP, superannuation legislation and Anti-money Laundering legislation generally requires the Trustee to identify members and their beneficiaries when providing their superannuation benefits.

    The Trustee is aware that an individual who is not a member may make an enquiry about the Fund by choosing to remain anonymous or use a pseudonym.

    2.3    APP 3 – Collection of solicited personal information

    The Trustee collects, holds and uses personal information about each Fund member only to the extent that it is reasonably necessary for the performance of its role as Trustee of the Fund and the proper management of the Fund.

    Typically, this includes a member’s name, address and date of birth, as well as gender, occupation, email address, salary, bank account details (if a member requests a direct debit or payment of a pension into a nominated account), Tax File Number (TFN) (if a member has chosen to provide it), employment details such as occupation, hours worked, employment status and superannuation details such as member numbers, investment choices and dates for membership commencement. Personal information may be collected when a member deals with the Fund over the telephone.

    The Trustee might also collect health information in connection with the insurance benefits provided through the Fund.

    Information about a member’s potential beneficiaries is also collected and held.

    Collecting information over the Internet

    When a member visits our website, our server attaches a small data file known as a ‘cookie’ to their hard drive. This enables us to analyse usage patterns on our site in order to tailor it to our users' needs.

    Cookies are safe. They cannot be used to deliver a virus. Cookies only identify a member’s computer to our servers when they visit our website.

    Most web browsers are set to accept cookies. If a member doesn’t wish to accept cookies they can refuse the transfer of cookies to their computer's hard drive by adjusting their Internet browser.

    Cookies in and of themselves do not personally identify a member, although they do identify their browser. The cookies simply operate as a unique identifier, which help us to know what our users find interesting and useful in our website. We will link this information back to other information that members and non-members have provided to us. We do not store any information inside cookies.

    Our websites contain links to other third party websites that may hold and manage personal information different to our practices. Members should consult the other sites' privacy policies as we have no control over information that is submitted to, or collected by, these third parties.

    2.4    APP 4 – Dealing with unsolicited personal information

    If the Trustee receives personal information which it did not solicit and which it could have collected in the ordinary course of business, it will comply with its obligations under the APPs about handling that information.

    If the Trustee receives personal information which it did not solicit and which it could not have been collected by the Trustee in its ordinary course of business or was not contained in a Commonwealth record, then the Trustee will ensure that the personal information is no longer personal information (i.e. by effectively de-identifying it) as soon as practicable, if lawful and reasonable to do so.

    2.5    APP 5 – Notification of the collection of personal information

    The Trustee usually collects the personal information it holds either directly from the member or from their employer.

    However, in some circumstances the Trustee or its insurer may obtain information from external parties such as health care professionals (for example if a member makes an insurance claim). The Trustee will notify the member of the personal information collected from someone other than the member to ensure that the individual is aware of the matter. The Trustee will only collect health information about members with their consent.

    If a member decides not to provide the Trustee with the information needed, or not allow their employer to provide the Trustee with that information, then:

    • it may prevent the Trustee from contacting the member; or
    • the Trustee may not be able to provide the member with superannuation benefits through the Fund.


    Where the member decides not to provide their health information, then:

    • this may limit the level of death or disability benefits that the member is able to access through the Fund; or
    • it may prevent any insurance claim a member makes from being settled.


    If a member chooses not to provide their TFN to the Trustee, then:

    • additional tax may be taken out of the member’s account.


    2.6    APP 6 – Use or disclosure of personal information

    The personal information collected by the Trustee is required to maintain the Fund’s records in a format that identifies each member. Complete and accurate records are essential to the proper management of the Fund and to enable the Trustee to provide members with superannuation benefits and keep member’s up to date on other products and services available to them through the Fund.

    Information about a member’s potential beneficiaries is only used in the event of their death to facilitate the appropriate distribution of any benefits payable.

    The Trustee uses the health information it holds about a member to enable it to obtain death or disability insurance cover from the Fund’s insurer or to process a member’s death or disability claim.

    The records are kept both electronically and in hard copy.

    In undertaking the services it provides to members, the Trustee outsources certain functions to other organisations.

    For this purpose a member’s personal information may, as required, be transferred to or handled by:

    • the Fund’s auditors;
    • the Trustee’s insurance brokers and insurers who provide death and disability cover for Fund members;
    • The Trustee’s IT service providers;
    • Government bodies such as the Australian Prudential Regulation Authority, the Australian Securities & Investments Commission, the Australian Taxation Office and AUSTRAC;
    • The Trustee’s data matching and information provider who provides identification check’s against member’s information;
    • the Trustee’s legal and other professional advisers; and
    • other third party providers, including document storage, printing and collating companies.


    If a member has lodged a claim for insurance and the claim is declined and the member either takes legal action or complains to the Superannuation Complaints Tribunal (SCT), the Trustee must provide their personal details and information about the member’s health to the Fund’s legal representatives, the insurer, officers of the SCT or court officials.

    If a member provides personal details and identification documents for the purpose of data and identity verification, the Trustee’s data matching and information provider will use the information for this purpose and conduct an information match and identification check via the use of their third party system.

    If a member transfers to another superannuation fund, their personal information may be transferred to that fund.

    Further, an employer may be provided with an individual’s personal information where this is necessary for the Trustee to provide benefits to the member. A member’s personal information will not be used or disclosed for any other purpose than that stated above without an individual’s consent, except where this is deemed necessary to satisfy any applicable law, regulatory process, contractual obligations or Government requests.

    Financial advisers

    Where the member has consented, the Trustee may provide a member’s personal information to a financial adviser.

    Marketing our Products and Services

    From time to time, the Trustee may undertake research, which involves contacting members as part of random research methodology. The objective of surveying members is to ensure that the Trustee reviews member satisfaction and the effectiveness of the Fund’s products and services. The Trustee may also conduct a number of marketing campaigns throughout the year to advise members of other products or services.

    2.7    APP 7 – Direct marketing

    The Trustee will not use or disclose a member’s personal information for the purpose of direct marketing other than where a member has consented to this or if a member would reasonably expect to receive direct marketing material from the Fund. A member will also be given the opportunity to opt out of receiving any direct marketing.

    2.8    APP 8 – Cross border disclosure of personal information

    The Trustee may disclose personal information to service providers outside Australia and the information is only provided to enable the service provider to provide the Fund’s products and services.

    Currently, personal information is accessed overseas in the Philippines by the Fund’s insurer – OnePath, for insurance administration services. There are contractual arrangements in place to ensure the information is protected and the Australian Privacy Principles are complied with.

    2.9    APP 9 – Adoption, use or disclosure of government related identifiers

    The Trustee requests members to provide their TFN.

    The Trustee restricts access to records containing members’ TFNs to staff who need to handle this information under taxation, personal assistance or superannuation law. In addition, in respect to TFNs, the Trustee:

    • maintains appropriate building security to prevent unauthorised entry to premises;
    • regularly trains staff around the security awareness practices and procedures in relation to TFNs;
    • applies policies on who can access and use records containing TFNs;
    • requires staff to securely store all files containing TFNs after use;
    • availability of audit trails to detect unauthorised access or misuse; and
    • implements access controls for authorised users.


    Application forms submitted by members are scanned into the Superannuation Administration System and stored. The physical application forms are securely shredded on site at regular intervals.

    When TFNs are no longer required the Trustee takes all reasonable and practicable steps to de-identify or destroy the information in a secure manner. Alternatively, where that is not practicable reasonable steps are taken to protect the information from misuse or unauthorised disclosure.

    2.10    APP 10 – Quality of personal information

    The Trustee takes reasonable steps, to correct a member’s personal information to ensure that, having regard to the purpose for which it was held, it is accurate, up-to-date, complete, relevant and not misleading.

    The Trustee also asks members to inform it of any changes to their personal information.

    2.11    APP 11 – Security of personal information

    The Trustee has approved the Information Security Policy.

    The Trustee takes reasonable steps to protect personal information from:

    • misuse, interference and loss; and
    • unauthorised access modification or disclosure.


    The Trustee is bound by legal obligations of confidentiality. The Trustee does not sell or rent out any of the information it holds about its members or their beneficiaries and it protects the security of that information in accordance with regulatory requirements and industry practice.

    The Trustee has strict security measures in place and the staff who handle any personal information have the necessary training and knowledge to protect this information from unauthorised access or misuse.

    A member’s details are scanned and recorded in the Fund’s Superannuation Administration System. After a reasonable period of time, the physical documents are destroyed securely on site. Access to a member’s information is strictly restricted to staff that require the information to administer member accounts and provide information and services to members.

    The Trustee has in place the following safeguards for the security of personal information as follows:

    • appropriate building security to prevent unauthorised entry to premises;
    • paper based records are destroyed securely on site within a reasonable period of time;
    • implementation of a clean desk policy;
    • audit trails to record any unauthorised access;
    • all Fund staff must undergo a thorough security check prior to their employment;
    • login and password controls;
    • segregation of duties;
    • secure file transfer for files containing confidential information (e.g. Accellion); and
    • staff awareness training and IT security training.


    Website and Internet access

    Members of the Fund can access their account online by using their login and unique password. The traffic between the Fund’s website and the member’s browser is encrypted.

    Personal information is entered by members and prospective members on the Fund’s website to attend seminars hosted by the Fund. The personal details are stored securely in a database with the website service provider.

    2.12    APP 12 – Access to personal information

    A member can access their own personal information by contacting the Fund on 1300 658 776.

    There are some circumstances in which the Fund is entitled to deny a member access to information. These include circumstances where such information is used in confidential Trustee decisions or in a commercially sensitive decision-making process, where the privacy of others may be breached if the information was accessed or where the law requires or authorises such access to be denied.

    The Trustee’s Privacy Officer will respond to a member’s request for access to information within a reasonable period and will advise the member if their request for information is refused and the reason why.

    The Trustee may charge a reasonable fee for the provision of the requested information but the charge must not be excessive.

    2.13    APP 13 – Correction of personal information

    A member can request to correct their own personal information by contacting the Fund on 1300 658 776.

    The APP requires the Trustee to respond to a member’s correction request within a reasonable period of time. The Trustee will endeavour to respond to requests within 30 days.

    If the Trustee has provided incorrect information to any other organisation the Trustee will also take reasonable steps to notify the other organisation that the individual had requested a correction.

    There will be no charge for the correction of personal information.

    In order to keep member information as current as possible, the Trustee asks that members advise it of any changes to their personal details.

    3    Enquiries and complaints

    Access to the Privacy Policy is available on our website at www.catholicsuper.com.au.

    An individual can also request a hard copy of the Privacy Policy by contacting us on 1300 658 776.

    There will be no charge for provision of the Privacy Policy.

    If an individual is concerned about a possible interference with their privacy or a breach of the APPs, including a refusal by the Trustee to provide requested information, or the failure by the Trustee to correct personal information the individual should contact the Trustee’s Privacy Officer on the details listed below.

    For more information on how you can protect your privacy and the safety and security of your personal information see Safety and Security.

    4    Privacy Officer’s contact details

    Address:

    33 Burwood Road, BURWOOD NSW 2134

    Postal address:

    PO Box 656, BURWOOD NSW 1805

    Telephone:

    (02) 9715 0000 or 1300 658 776

    Email:

    privacyofficer@catholicsuper.com.au

    Facsimile:

    (02) 9715 0091

    If an individual’s concerns are not satisfactorily resolved within a reasonable period of time, the matter can be referred to the Privacy Commissioner, who can be contacted at The Office of the Australian Information Commissioner on:

    • Telephone: 1300 363 992
    • Email: enquiries@oaic.gov.au or
    • Write: GPO Box 5218, Sydney NSW 2001


    5    Review

    This Policy will be reviewed by the Trustee at least once every three years or earlier in response to changes in the business or legislative requirements.

    Dated 4 March 2016