This policy describes how we will comply with our obligations under the Privacy Act and any relevant state/territory health privacy principles, and how we manage the personal information we collect.
2. What does ‘personal information’ mean?
Under the Privacy Act, personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.
Personal information includes ‘sensitive information’. Sensitive information is any personal information about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual preferences or practices, criminal record, health, genetic or biometric information.
3. What personal information do we collect?
The type of personal information we collect and hold about you will depend on the dealings you have with Sunsuper. Sunsuper collects the personal information of members, prospective members and applicants for membership. Sunsuper also collects the personal information of third parties nominated by members to access their account details (for example, financial advisers), and of the contact persons of employers and prospective employers.
In certain circumstances, we collect personal information about individuals who are not customers of Sunsuper (‘non-customers’). This includes:
- Members’ beneficiaries (including potential beneficiaries), and third parties authorised by members to act on their behalf;
- Sunsuper Group employees, contractors and Directors;
- applicants for employment with the Sunsuper Group;
- associates of Sunsuper Group employees, contractors and Directors (under certain Sunsuper Group policies); and
- individuals working for companies with whom Sunsuper representatives are dealing with commercially.
The types of personal information we collect will depend on the dealings you have with Sunsuper, and may include:
- your name,
- your contact details, date of birth and gender,
- your occupation, employer and employment history;
- your financial information, potentially including your close family members’ financial information, such as bank balance, superannuation balance, assets, liabilities, investments, insurance, income and expenditure;
- your investment preferences;
- your medical history and other health information (in connection with insurance applications and/or claims);
- your salary information and beneficiaries;
- your Tax File Number;
- your bank account or other financial institution details where a benefit is to be paid or when we have received a request to set up a direct debit;
- payment information including bank account and credit card details;
- details about your citizenship, residency or visa status;
- Family Law information such as Financial Agreements or Court Orders;
- information about your family commitments and social security eligibility and entitlements;
- details of your financial circumstances and objectives, including your risk tolerance;
- information about your beneficiaries; and
- identification documents.
We generally only collect ‘sensitive information’ if the information is reasonably necessary for one or more of our functions or activities (this is generally limited to the collection of health information for insurance underwriting or claims) or if the collection of such sensitive information is authorised or required by a court/tribunal order or an Australian law, including the relevant Australian Laws set out in Appendix A.
4. For what purposes will Sunsuper use your personal information?
We collect, hold, use and disclose your personal information in order to:
- provide superannuation benefits and related services(including death and disablement insurance cover);
- process your membership application or transfer from another super fund;
- manage your participation in the Sunsuper Superannuation Fund (the Fund);
- process superannuation contributions;
- ensure that we comply with our legal and regulatory obligations;
- assess your eligibility for death and disablement insurance cover;
- process claims for superannuation benefits, including death and disablement insurance cover.
- assist employers to meet their superannuation obligations;
- trace different superannuation accounts in your name and allow you to combine them into your Sunsuper account;
- provide you with financial advice and related services, including the preparation of relevant documents (e.g. a Statement of Advice);
- provide you with promotional information and services about us;
- verify your identity;
- directly market our products and services to you; including through social media and other digital platforms;
- undertake market research, member/client satisfaction surveys and customer data analysis;
- improve our products and services;
- protect our customers from fraud, and
- comply with all applicable laws.
Where Sunsuper collects the personal information of non-customers, it will generally only be used for the purpose for which it was collected, a related purpose, or another purpose to which you consent. This will depend on the circumstances.
For example, if you apply for a job with Sunsuper, we will collect your information for recruitment purposes, to manage your application and for your ongoing employment (or, if you are unsuccessful, to contact you about other job opportunities that may arise in the future that we think may suit you – if you give us permission to do so).
5. How do we collect personal information?
Sunsuper will generally collect your personal information as much as possible directly from you. For example, we may collect information about you through your membership application form, benefit payment request form and through various other forms, and when you call us, the call is recorded unless you ask us not to (you will not be able to make any changes to your account unless the call is recorded).
On occasion, we may collect your personal information from publicly available sources of information and from third parties, including your employer. Examples of third parties we may collect your personal information from include:
- when you join Sunsuper as a member, your employer may provide us with your contact details, birth date and tax file number. Employers also provide us with details of the date of termination of employment (where relevant), and notify us of updated address details from time to time;
- if you make an insurance claim, some of the information about the claim is collected from you directly, but a lot of information may also be collected from doctors and other experts and sometimes from your employer. This information is usually collected by the life insurer connected with the insurance claim, and used to assess the claim, and passed on to us to review the claim;
- in the event Family Law matters involving superannuation arise, we may receive personal information and instructions as to required action from a third party such as a law firm;
- if you choose to roll over super from another fund into Sunsuper or your super moves to Sunsuper as part of a successor fund transfer, we will collect your personal information from the other fund;
- if you nominate a third party to access information about your Sunsuper account, we may collect your personal information from them;
- on your death, we normally collect information about potential beneficiaries from the potential beneficiaries themselves. However, we will also collect some information about the identity of potential beneficiaries from your executor or administrator or whoever notifies us of your death, or from publicly available sources of information;
- we may collect personal information (including your health information) from medical practitioners for insurance purposes. This information is usually collected by a life insurer, in connection with underwriting or an insurance claim, and passed on to us to review;
- if we cannot contact you, we may try to obtain your contact details from publicly available sources of information, or through other organisations that provide contact details such as Australia Post and the Australian Taxation Office; and
- we may also collect your personal information from the organisers of events we sponsor, direct marketing organisations and data providers.
We also collect personal information when you use our website or mobile applications, subscribe to newsletters, enter competitions, register for events and use online forms. Your personal information may also be provided to us by lawyers, courts or government agencies, or be collected by one Sunsuper entity from another Sunsuper entity. We use social networking services such as Facebook to communicate with the public. We may also use social networking services to collect your personal information to help us communicate with you.
6. Who do we disclose your personal information to?
When we disclose your personal information to a third party who is providing services to us, we take reasonable steps to ensure the third party protects your personal information.
Some examples of the parties to whom we may disclose your personal information include:
- Sunsuper’s clearing house for the purpose of facilitating payment of employer contributions;
- if you choose to roll over your super from Sunsuper to another fund or your super moves from Sunsuper as part of a successor fund transfer;
- mail and electronic mail service providers for the communication of member statements and other information;
- insurers, insurance assessors, occupational rehabilitation providers or medical practitioners for the purpose of the assessment of claims for insurance benefits or requests for insurance cover;
- legal advisers and other experts;
- regulatory authorities, legal bodies and enforcement agencies as required or permitted by law (e.g. Australian Taxation Office, the Australian Transaction Reports and Analysis Centre (AUSTRAC), Australian Financial Complaints Authority (AFCA), federal, state or territory police, or a Court or tribunal);
- auditors - in order to assist them in conducting their independent audit and review activities of Sunsuper’s financial statements and operations;
- third parties - if you give us permission to do so (e.g. a financial adviser with whom you are dealing);
- a power of attorney you have appointed;
- medical practitioners, if you have made an insurance claim or request for insurance cover;
- beneficiaries (including potential beneficiaries) in the case of a death insurance claim;
- overseas superannuation funds and overseas regulators (e.g. a foreign tax office) where you have requested a transfer to or from the overseas superannuation fund;
- Sunsuper’s service provider for conducting surveys and managing the online community, if you choose to participate in these activities;
- other third party service providers so that they can provide contracted services to Sunsuper such as employee benefits, research and analytics, information technology support, hosting services, telephony services, mailing or sending other documentation;
- social media and other digital platform providers that we engage to facilitate our direct marketing activities.
Your personal information may also be disclosed between the entities that make up Sunsuper.
We may also share your personal information with an organisation where we have obtained your consent.
Where Sunsuper collects the personal information of non-customers, it will generally only be disclosed for the purpose for which it was collected, a related purpose, or another purpose to which you consent. This will depend on the circumstances. For example, if we collect information about key personnel of a prospective investment manager in order to conduct due diligence, we may disclose this to a third party to conduct background checks on our behalf.
7. Direct Marketing
We may also collect, use and disclose your personal information to provide you with information and offers about our products and services and products and services offered by other parties that we believe may be of interest to you (including by way of direct mail, telephone, email, SMS and MMS, secure Sunsuper portals, and online advertising and marketing) or to request your feedback for research purposes. We ensure that this activity is in accordance with the Spam Act and Privacy Act.
We engage third party service providers to assist us with delivering direct marketing via various channels, including through social media and other digital platforms. We take all reasonable steps to ensure that your personal information is protected when disclosing information to these third parties.
Sometimes, we may de-identify your information before disclosing it to third parties to facilitate our marketing activities.
You always have the right to opt-out of receiving direct marketing. You may exercise that right by contacting us as set out below in section 16 or by using the relevant opt-out facilities provided with each communication (e.g. an unsubscribe link).
We may collect, use or disclose information about you in order to enable the development of consumer insights so that we can serve you better. This includes being able to better understand your preferences and interests, personalise your experience and enhance the products and services you receive. This may include combining the information that we hold about you with information about you collected from or held by other trusted partners or from public sources. We may also use trusted service providers to undertake the process of creating these consumer insights. Before disclosing your information for consumer insights purposes, we will generally remove any information that may identify you to the service provider.
9. Notifiable data breaches
Sunsuper must notify the Office of the Australian Information Commissioner (OAIC) and affected individuals if we become aware that there are reasonable grounds to suspect an eligible data breach has occurred. An eligible data breach is generally a data breach that’s likely to result in serious harm to one or more individuals. Sunsuper has a policy and procedures in place to identify and assess suspected eligible data breaches, and to notify the OAIC if required.
10. Do we disclose your personal information overseas?
We may disclose personal information to overseas recipients. For a list of overseas countries where recipients of information that Sunsuper may disclose are located please refer to Appendix B.
Sunsuper will only disclose your personal information to a recipient overseas in accordance with the Privacy Act.
11. Do you have to provide your personal information to us?
If lawful and practicable, we may offer you the opportunity to deal with us anonymously or by using a pseudonym. For example, we can provide general information to you about our products or services, or general guidance on how to fill out our forms without collecting any personal information.
However, it is normally impracticable for us to deal with you anonymously or by using a pseudonym. For example, if you do not provide your personal information to us, Sunsuper will be unable to properly administer your benefits, notify you about your entitlements, or adequately provide our services.
12. Can you access the personal information we hold about you?
You may request access to any of the personal information we hold about you by contacting us as set out below in section 16. We will provide you with access to your personal information in accordance with the Privacy Act.
13. Can you correct any personal information held by us that is incorrect?
Sunsuper endeavours to ensure that the personal information we hold about you is accurate, up-to-date, complete, and relevant and not misleading. Please let us know if you believe any of your personal information is incorrect by contacting us as set out below in section 16. Please note that to protect the security of your account, we may request that you provide supporting evidence before changing certain personal details.
To ensure that the information we hold about you remains accurate, complete and up-to-date, we may ask you to check and correct your personal details from time to time. We may do this when your annual member statement is sent out, when you make a telephone enquiry, or through other means.
14. How do we protect your personal information?
Sunsuper has security policies and systems in place to protect your personal information. We implement multiple layers of security controls throughout our systems so that in the event that one control fails, or a vulnerability is exploited, there are other measures still in place to protect your personal information.
Personal information can only be accessed by authorised staff. The people who access and handle your personal information have the training and skills to protect your personal information from unauthorised access or misuse.
Sunsuper uses industry standard security protocols and encrypted communications to protect your use of our Member Online, Sunsuper app and Employer Online facilities. When you register for Member Online or Employer Online or set up the Sunsuper app you must read and accept terms and conditions relating to privacy and security.
We have appointed a Privacy Officer. If you have any queries you can contact us by the following means:
Call: 13 11 84
Email: Contact us online
The Privacy Officer,
Sunsuper Pty Ltd
GPO Box 2924
Brisbane Qld 4001
17. Can you complain about a breach of your privacy?
Call: 13 11 84
Email: Contact us online
The Privacy Officer
Sunsuper Pty Ltd
GPO Box 2924
Brisbane Qld 4001
We will endeavour to resolve the issue as quickly as possible. If you are not happy with Sunsuper’s response to your complaint or Sunsuper has not responded within 30 days, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC) by:
GPO Box 5218
Sydney NSW 2001
Fax: +61 2 9284 9666
Call: 1300 363 992
Need more information?
You can contact us in writing at GPO Box 2924, Brisbane, QLD 4001 or call us on 13 11 84 between 8.00am and 6.30pm AEST Monday to Friday.
Australian Laws under which Sunsuper is required or authorised to collect information.
Anti-Money Laundering and Counter-Terrorism Financing Act 2006
Corporations Act 2001
Family Law Act 1975
Income Tax Assessment Act 1936
Income Tax Assessment Act 1997
Privacy Act 1988
Superannuation (Unclaimed Money and Lost Members) Act 1999
Superannuation Industry (Supervision) Act 1993
Overseas Countries where Sunsuper may disclose information:
United States of America
Sunsuper may disclose your personal information to recipients located in countries not listed above, in limited circumstances. This includes if:
- you contact us from overseas, or
- you otherwise consent to the overseas disclosure.