Privacy Policy and Privacy Collection Statement

Privacy Policy

1.  Overview

In this Policy, the words we, us and our refer to Retail Employees Superannuation Pty Limited, ABN 39 001 987 739, AFSL 240003, as Trustee of the Retail Employees Superannuation Trust (Rest) Fund ABN 62 653 671 394 (the Fund).

Your privacy is important to us. We are committed to protecting the privacy of personal information that we collect as the trustee of the Rest Fund. This document is our Privacy Policy and it sets out important information about how we handle personal information and comply with applicable privacy laws.

We are bound by the Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles (APPs) and we recognise the importance of ensuring the confidentiality and security of your personal information.

In this Privacy Policy:

• Disclosure of information means providing information to persons outside of Rest.
  
  
• Personal information means information or an opinion relating to an individual, which can be used to identify that individual. Examples of personal information include your name and other contact details. Information can be personal information regardless of whether it is true and regardless of how it is recorded or stored.
  
  
• Privacy Officer means the contact person within Rest for questions or complaints regarding Rest’s handling of personal information.
  
  
• Rest Services means the superannuation, insurance, financial advice or other products, services, benefits or options provided by us to clients, and includes digital services.
  
  
• Sensitive information is personal information that includes information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information.
  
  
• Social Media Platform means social media platform providers, including (but not limited to) Facebook, Instagram, Google and LinkedIn.
  
  
• Use of information means use of information within Rest.

2. What kind of personal information do we collect and hold?

As the trustee of the Fund, we may ask for various kinds of personal information, to the extent that this information is necessary for us to carry out important activities, including providing you (either as a member or a prospective member) with products, services and information, which help us manage your retirement savings.

The kinds of personal information that we collect and hold include (but are not limited to):

• your name, gender, date of birth and residency information;
  
  
• contact details, such as your address, telephone numbers, email and other digital addresses;
  
  
• financial details, such as tax file number, bank account and direct debit details;
  
  
• where you are seeking financial advice, we may collect information regarding your assets, liabilities, income, expenses and other financial details;
  
  
• information to verify your identity, such as your passport, driver’s licence information, birth certificate or Medicare details;
  
  
• employment details, such as ABN/ACN, occupation, salary, hours of work, employee identification number, employment dates or records of your or your employer’s interactions with us and our representatives;
  
  
• superannuation details, such as your investment option choices, membership commencement date, insurance details and information on your beneficiaries, employment status, Centrelink schedules and other superannuation funds you may have;
  
  
• details of your interactions with us such as conversation recordings, message transcripts and digital service usage; and
  
  
• responses to surveys such as experiences, and information about your activities, interests and attitudes/views expressed.

In some circumstances, we may also collect and hold “sensitive information”. This includes information about:

• your health (such as medical practitioner reports and consultation notes);
  
  
• your membership of professional or trade associations or trade unions;
  
  
• your racial or ethnic origin;
  
  
• your criminal record; and
  
  
• biometric information such as your voice and image.

If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services or meet your needs appropriately.

We do not give you the option of dealing with us anonymously, or under a pseudonym. This is because it is impractical, and, in some circumstances, illegal for us to deal with individuals who are not identified.

3. What personal information are we required or authorised to collect by law?

We are required or authorised to collect:

• your name, address, date of birth and other verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
  
  
• your tax file number, if you agree to provide it, in various circumstances covered by the Superannuation Industry (Supervision) Act 1993 (Cth); and
  
  
• information relevant to insurance where required by the Insurance Contracts Act 1984 (Cth).

You can choose whether or not to provide us with your tax file number and it is not an offence to refuse.

4.  Unsolicited personal information

We may receive unsolicited personal information about you. We destroy or de-identify all unsolicited personal information we receive unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.

5. How do we collect your personal information?

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in ways including:

• through your access and use of our websites, emails, apps, message services, online portals and social media sites;
  
  
• engaging with our digital advertising and communications across the internet;
  
  
• during interactions between you and our staff or representatives, including discussions through our call centres and live chat; and
  
  
• when you complete an application or other form, including surveys or promotions.

We may also collect personal information from third parties including from:

• your employers;
  
  
• your financial advisers;
  
  
• doctors or other health care providers;
  
  
• the Australian Taxation Office;
  
  
• other superannuation and insurance entities;
  
  
• clearing houses and other entities involved in facilitating transactions on your account;
  
  
• identity verification services;
  
  
• data quality enhancement and enrichment providers such as address-matching services;
  
  
• service providers engaged to provide Rest products or services such as contact centres, marketing, digital services, product development and market research;
  
  
• digital platforms such as Google and Adobe utilised by us to provide our digital services;
  
  
• Social Media Platforms; and
  
  
• other representatives who may be authorised by you (such as your spouse, family or friends).

All personal information collected by us from third parties is handled by us in accordance with this Policy.

If we collect your personal information from a third party, they are responsible for letting you know that your personal information has been provided to us.

Where you provide us with the personal information of any other individual (for example, a nominated beneficiary), you must:

• notify that individual that we have collected their personal information; and
  
  
• provide them with a copy of our privacy policy and privacy collection statement.

We will only collect sensitive information with your consent, unless an exemption in the APPs applies. These exemptions include if the collection is required or authorised by law, or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

We will only use sensitive information where this is reasonably necessary for us to provide you with products and services in our capacity as trustee of the Fund, unless you specifically authorise us to use your sensitive information for another purpose.

We will always seek your permission before using or disclosing sensitive information for any other purpose.

Please see below for information about how we hold and keep your personal information secure.

Our websites, emails and mobile device applications (apps) contain links to other third-party sites. If accessing these sites, please be aware that the third parties may collect information about you and may provide us with access to that information.

6. What happens if we are unable to collect and use your personal information?

If we cannot collect your personal information one, or more of the following may occur:

• we may be unable to provide you with Rest Services (or information about them) that you want or require;
  
  
• you may not be able to access Rest’s digital services such as our App, member portals and message services; and
  
  
• we may be unable to tailor the content of our websites, emails and mobile device apps to your preferences or to give you more relevant content.

7. Why do we collect and hold your personal information?

We collect, hold, use and disclose your personal information for the following purposes, which we may carry out with the assistance of our third-party service providers:

• confirming your identity and eligibility for Rest Services;
  
  
• providing you with Rest Services and / or information about them;
  
  
• setting up and maintaining your membership and account;
  
  
• assessing benefits and claims;
  
  
• facilitating insurance arrangements;
  
  
• corresponding with you, including where you request information from us or have a complaint or concern;
  
  
• helping you with locating your lost super and/or consolidating your super;
  
  
• meeting regulatory requirements including fund and breach reporting obligations;
  
  
• conducting user/usability testing, surveys, research and analytics (including through our third-party service providers);
  
  
• complying with relevant laws, regulations and other legal obligations;
  
  
• helping us improve the Rest Services offered to our customers and enhance our overall business;
  
  
• understanding and meeting your needs, including tailoring the content of our websites, emails, mobile device apps and social platforms to your preferences; and
  
  
• conducting marketing activities in relation to products and services provided by Rest and our partners.

Personal information is provided to our administrator to enable them to provide services and may be collected directly from you, your employer, previous superannuation fund or adviser.

Health information may be provided to our insurer to support insurance arrangements and may be collected from you directly, through your adviser, another insurer or your authorised representative. In some cases, we may also collect health information through medical reports from your doctors (for example, if you have submitted a claim).

We also use information on a de-identified basis for planning, research and analysis so that we can operate effectively and efficiently, participate in policy discussions, and improve our Rest Services.

Sometimes we may de-identify your information before disclosing it to third parties to facilitate our marketing activities.

We may use and disclose your personal information for any of these purposes. We may also use and disclose your personal information for secondary purposes, which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.

Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise, or an exemption in the Privacy Act applies.

8. Direct marketing

We may use personal information to engage in or send you direct marketing communications and information that we consider may be of interest to you, whether you are a current or prospective member. We may do this directly or through our third-party service providers via various channels, including through social media and other digital platforms.

You consent to us and our third-party service providers doing so.

We may only use personal information we collect from you for the purposes of direct marketing without your consent if:

• the personal information does not include sensitive information; and
  
  
• you would reasonably expect us to use or disclose the information for the purpose of direct marketing; and
  
  
• we provide a simple way of opting out of direct marketing; and
  
  
• you have not requested to opt out of receiving direct marketing from us.

Direct marketing activities can be undertaken in various forms, including mail, email, telephone, SMS, MMS (multimedia messaging service), apps and online advertising.

If we collect personal information about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.

You have the right to request us not to use or disclose your personal information for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organisations. We must give effect to the request within a reasonable period of time. You may also request that we provide you with the source of their information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.

To opt out, you can use any unsubscribe function provided in the communications, log into the Rest Website and manage your member communications preferences, or contact us in one of the ways set out in the ‘How to contact us’ section below.

9. Disclosing your personal information

We may disclose your personal information to third parties, including:

• a related entity of Rest;
  
  
• Link Advice Limited (ABN 36 105 811 836);
  
  
• people nominated by you, if you have authorised us to do so in writing, including your beneficiaries;
  
  
• your employers and trustees of other superannuation funds;
  
  
• Government bodies including regulators and the Courts where required;
  
  
• our fund administrator and clearing houses;
  
  
• our other agents, contractors and service providers (which may include but not limited to, lawyers, accountants, mail and document management companies, IT service providers, marketing and research companies, or other advisers);
  
  
• auditors, actuaries, legal advisers and consultants;
  
  
• insurers and related service providers including re-insurers, underwriters and insurance administration service providers;
  
  
• health care providers;
  
  
• our preferred financial services organisations and advice companies that are contracted to provide advice to members;
  
  
• organisations involved in managing payments, including payment merchants and other financial institutions, such as banks;
  
  
• organisations involved in a transfer or sale of all or part of our assets or business;
  
  
• Social Media Platforms; and
  
  
• digital platforms to undertake activities such as website analytics, email campaign management, content tailoring and online behavioural advertising.

If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it.

If you want to nominate another person to receive information on your behalf, you can advise us of this using the contact details provided below in the ‘How to contact us’ section.

10. Where we may be required to disclose

We may disclose personal information where the law requires us to do so, including:

• to meet family law requirements relating to the splitting of superannuation interests (noting that we cannot share the member’s address or tell the member if we receive a splitting request);
  
  
• to provide information to the Commissioner of Taxation including your tax file number, identification information and details about unclaimed or lost member accounts;
  
  
• if you are transferring to another fund, to the trustee of that fund; and
  
  
• to meet anti-money laundering requirements by providing information to AUSTRAC where required.

Unless we are authorised or required by law, have your consent or are acting for a purpose set out in this Privacy Policy, we do not give your personal information to third parties.

11. Do we disclose your personal information outside Australia?

We may disclose personal information to entities located outside of Australia (e.g. our third-party service providers) or to entities who use technology located outside of Australia, for some of the purposes listed above, including:

• our data hosting and other IT service providers located in, or using technology located in, India, the Philippines, the United States of America, Canada and the United Kingdom; and
  
  
• other third-party service providers located in, or using technology located in Canada, India, the Philippines, the United States of America, New Zealand, South Africa, Canada, Vietnam, the United Kingdom and Singapore.

In turn, those entities may disclose personal information to other organisations located outside of Australia or to other organisations who use technology located outside of Australia. We are not aware of any personal information that is disclosed to any countries in addition to those already listed above.

We will not send personal information to recipients outside of Australia unless:

• we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act and the APPs; or
  
  
• the recipient is subject to an information privacy scheme similar to the Privacy Act; or
  
  
• the individual has consented to the disclosure.

12. How do we hold and keep your personal information secure?

We hold personal information in electronic and hard copy forms. We take reasonable steps to ensure that your personal information is protected from misuse, interference and loss from unauthorised access, modification and disclosure. We employ a comprehensive suite of logical and physical access controls to all systems where electronic personal information is stored and regularly audit access to our systems to ensure your personal information is securely stored.

We also take reasonable steps to ensure that third party service providers which help us to provide you with Rest Services (for example, insurance companies and fund administrators) have privacy arrangements which are consistent with the Privacy Act, and regularly assess whether their protections are designed and operating effectively to appropriately mitigate risks to you.

Although we take steps to ensure that your information is protected, there are always risks when transmitting information online. You should assess the potential risks when deciding whether to use our online services. If you do not wish to transmit information via our websites, apps or digital services, there are other ways in which you can provide us with your information, such as by mail or telephone.

We take reasonable steps to ensure personal information is only retained for as long as it is needed or as required by law. Where personal information is no longer required we take reasonable steps to destroy or de-identify this information.

13.  Contractual arrangements with third parties

We ensure that all contractual arrangements with third parties adequately address privacy issues, and we make third parties aware of this Privacy Policy.

Third parties will be required to implement the following processes in relation to the handling of any personal information:

• de-identifying personal and sensitive information wherever possible;
  
  
• ensuring that personal and sensitive information is kept securely, with access to it only by authorised employees or agents of the third parties; and
  
  
• ensuring that the personal and sensitive information is only disclosed to organisations which are approved by us.

14. How do we keep personal information accurate and up-to-date?

We are committed to ensuring that the personal information we collect, use and disclose is relevant, accurate, complete and up-to-date.

We encourage you to contact us to update any personal information we hold about you. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We do not charge you for correcting the information.

If we correct information that has previously been disclosed to another entity, and if you request us to notify that entity of these corrections, we will take reasonable steps to do this, within a reasonable period of the correction.

15. Accessing your personal information

Subject to the exceptions set out in the Privacy Act, you may gain access to the personal information that we hold about you by contacting Rest’s Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal.

We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.

16. Identifiers

We do not adopt identifiers assigned by the Government (such as drivers’ licence numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act applies.

17. Digital Services

When you access our websites, we may collect other information and data about you and about how you use our services and platforms which is not personal information. We collect this information in a variety of ways:

• usage information, including services meta-data, log data, device information and location information;
  
  
• cookie information (and other similar technologies);
  
  
• third party services data - information provided by another party about how you have used their service; and
  
  
• third party data - data collected by another party through their own activity which they have made available to us either directly or through a data service.

We may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our websites. It also enables us to keep track of Rest Services you view and may be used to improve your browsing experience by tailoring the content you see by default on those websites.

We also use cookies to measure traffic patterns and to determine which areas of our websites have been visited. Our cookies do not collect personal information. However, if you are a Rest member, cookies sent to your computer from some of our websites may store your encrypted Rest member number. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them. In addition, you are able delete or clear existing cookies that you have previously accepted.

18. Making a complaint

If you have a concern or complaint about a possible breach of privacy, please contact our Privacy Officer in one of the ways set out in the ‘How to contact us’ section below.

Our Privacy Officer deals with privacy complaints. We have an effective complaint handling process in place to manage privacy risks and issues. Further information on this process can be found in the Complaints Management Policy, available on the Rest website at https://rest.com.au/why-rest/about-rest/contact-us/lodge-a-complaint.

We will attempt to confirm with you your understanding of the conduct relevant to the complaint and what you request as an outcome. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.

After Rest has completed its enquiries, we will contact you to advise the outcome and invite a response to that outcome. If we receive a response from you, we will assess it and advise if Rest has changed its view.

If you are unsatisfied with the resolution of any complaints made to us, you can refer the matter to the Australian Information Commissioner. The contact details for the Office of the Australian Information Commissioner are as follows:

Privacy Collection Statement

Retail Employees Superannuation Pty Limited, ABN 39 001 987 739, AFSL 240003, as Trustee of the Retail Employees Superannuation Trust (Rest) Fund ABN 62 653 671 394 (the Fund) (referred to in this Statement as Rest, we, us, our) is committed to ensuring the confidentiality and security of your personal information.

Rest Services referred to in this Statement means the superannuation, insurance, financial advice or other products, services, benefits or options provided by us to clients, and includes digital services.

Our Privacy Policy , which details our handling of information, is available upon request or can be found above on this webpage.