Privacy Policy and Privacy Collection Statement

Last updated 15 June 2026

1. Overview

We care about your privacy, and we’re committed to protecting it. We are subject to the Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles (APPs), and we take the confidentiality and security of your personal information seriously.

This privacy policy details how we comply with applicable privacy laws, how we collect, use, disclose and protect your personal information, and how you can exercise your privacy rights.

This policy is addressed to Rest members (including prospective members) and beneficiaries (including potential beneficiaries), as well as other individuals whose personal information we may handle. This may include, for example, individuals working for contributing employers and prospective employers, visitors to our offices and website, third parties authorised to act on a member’s behalf, or individuals working for service providers we may engage, such as investment managers.

In this policy:

• Disclosure of information means providing information to persons outside of Rest.
  
  
• Personal information means information or an opinion relating to an individual, which can be used to identify that individual. Information can be personal information regardless of whether it is true and regardless of how it is recorded or stored.
  
  
• Privacy Officer means the contact person within Rest for questions or complaints regarding Rest’s handling of personal information.
  
  
• Rest Services means the superannuation and related services (including superannuation trustee services), insurance, financial advice or other products, services, benefits or options provided by us to clients, and includes digital services and arranging for employers to use clearing house services.
  
  
• Sensitive information is personal information that includes information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information.
  
  
• Social Media Platform means social media platform providers, including (but not limited to) Facebook, Instagram, TikTok, Google and LinkedIn.
  
  
• Use of information means use of information within Rest.  

2. What kind of personal information do we collect and hold?

As the trustee of the Fund, we may ask for various kinds of personal information where it’s reasonably necessary for us to carry out our functions, activities, and services.

The kinds of personal information that we collect and hold can include (but is not limited to):

• your name, gender, date of birth and residency information;
  
  
• contact details, such as your address, telephone numbers, email and other digital addresses;
  
  
• financial details, such as tax file number, bank account and direct debit details;
  
  
• where you are seeking financial advice, we may collect information regarding your assets, liabilities, income, expenses and other financial details;
  
  
• information to verify your identity, such as your passport, driver’s licence information, birth certificate or Medicare details;
  
  
• employment details, such as ABN/ACN, occupation, salary, hours of work, employee identification number, employment dates or records of your or your employer’s interactions with us and our representatives;
  
  
• superannuation details, such as your investment option choices, membership commencement date, insurance details and information on your beneficiaries, employment status, Centrelink schedules and other superannuation funds you may have;
  
  
• details of your interactions with us such as conversation recordings, message transcripts and digital service usage; and
  
  
• responses to surveys such as experiences, and information about your activities, interests and attitudes/views expressed.

In some circumstances, we may also collect and hold personal information that is “sensitive information”. This may include information about:

• your health (such as medical practitioner reports and consultation notes);
  
  
• your membership of professional or trade associations or trade unions;
  
  
• your racial or ethnic origin;
  
  
• your criminal record; and
  
  
• biometric information such as your voice and image.

If you don't provide the personal information we request, we may not be able to perform Rest Services or meet your needs appropriately. We don’t give you the option of dealing with us anonymously, or under a pseudonym. This is because it is impractical - and, in some circumstances illegal - for us to deal with people who are not identified.  

3.What personal information are we required or authorised to collect by law?

We are required or authorised to collect:

• your name, address, date of birth and other identity verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
  
  
• information relevant to insurance where required by the Insurance Contracts Act 1984 (Cth); and
  
  
• your tax file number, if you agree to provide it, in various circumstances covered by the Superannuation Industry (Supervision) Act 1993 (Cth).

You can choose whether or not to provide your tax file number – it's not an offence to refuse.    

4. Unsolicited personal information

We may receive unsolicited personal information about you. If it's not relevant to our purposes for collecting personal information, we'll destroy or de-identify it. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information. 

5. How do we collect your personal information?

We may collect your personal information directly from you, your representative, or a third party. We may collect your personal information from third parties with your consent, or where it’s unreasonable or impracticable to collect it from you directly, or where we are required or authorised to do so by law.

When collecting personal information from you, we may collect it in ways including:

• through your access and use of our websites, emails, apps, message services, online portals and social media sites;
  
  
• engaging with our digital advertising and communications across the internet;
  
  
• during interactions between you and our staff or representatives, including discussions through our call centres and live chat; and
  
  
• when you complete an application or other form, including surveys or promotions.

We may also collect personal information from third parties including from:

• your employers;
  
  
• your financial advisers;
  
  
• doctors or other health care providers;
  
  
• the Australian Taxation Office;
  
  
• other superannuation and insurance entities;
  
  
• clearing houses and other entities involved in facilitating transactions on your account;
  
  
• identity verification services;
  
  
• data quality enhancement and enrichment providers such as address-matching services;
  
  
• service providers engaged to provide Rest products or services such as contact centres, marketing, digital services, product development and market research;
  
  
• digital platforms such as Google and Adobe utilised by us to provide our digital services;
  
  
• Social Media Platforms; and
  
  
• other representatives who may be authorised by you (such as your spouse, family or friends). 

Our website, electronic messages, and mobile device application (‘Rest App’) contain links to other third-party sites. If you visit these sites, please be aware that those third parties may collect information about you and may share it with us.

All personal information collected by us from third parties is handled by us in accordance with this policy.

Where you provide us with someone else’s personal information (for example, a nominated beneficiary), you must:

• notify that individual that we have collected their personal information; and
  
  
• provide them with a copy of this privacy policy and the privacy collection statement.  

Sensitive information

We’ll only collect sensitive information with your consent, unless an exemption in the APPs applies. These exemptions include if the collection is required or authorised by law or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

We will only use sensitive information where this is reasonably necessary for us to provide you with products and services in our capacity as trustee of the Fund, unless you specifically authorise us to use your sensitive information for another purpose.

We will always seek your permission before using or disclosing sensitive information for any other purpose. 

6. What happens if we are unable to collect and use your personal information?

If we cannot collect your personal information, one or more of the following may occur:

• we may be unable to provide you with Rest Services (or information about them) that you want or require;
  
  
• you may not be able to access Rest’s digital services such as the Rest App, member portals and message services; and
  
  
• we may be unable to tailor the content of our website, emails and the Rest App to your preferences or to give you more relevant content. 

7. Why do we collect and hold your personal information?

We collect, hold, use and disclose personal information to provide Rest Services, which we may carry out with the assistance of our third-party service providers. This can include:

• confirming your identity (including digital identity verification);
  
  
• confirming your eligibility for Rest Services;
  
  
• providing you with Rest Services and / or information about them;
  
  
• setting up and maintaining your membership and account;
  
  
• assessing benefits and claims;
  
  
• facilitating insurance arrangements;
  
  
• corresponding with you, including where you request information from us or have a complaint or concern;
  
  
• helping you with locating your lost super and/or consolidating your super;
  
  
• meeting regulatory requirements including fund and breach reporting obligations;
  
  
• fraud and financial crime prevention;
  
  
• conducting user/usability testing, surveys, research and analytics (including through our third-party service providers);
  
  
• complying with relevant laws, regulations and other legal obligations;
  
  
• complying with Rest’s governance obligations;
  
  
• helping us improve the Rest Services offered to our customers and enhance our overall business, including, as applicable, the use of Artificial Intelligence (AI);
  
  
• understanding and meeting your needs, including tailoring the content of our websites, emails, mobile device apps and social platforms to your preferences; and
  
  
• conducting marketing activities in relation to products and services provided by Rest and our partners.

We also use information on a de-identified basis for planning, research and analysis so that we can operate effectively and efficiently, participate in policy discussions, and improve our Rest Services.

We may use and disclose your personal information for any of these purposes. We may also use and disclose your personal information for secondary purposes, which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.

Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise, or an exemption in the Privacy Act applies.

If we collect personal information about you from a third party, you can ask us where it came from. If you do, we will let you know free of charge within a reasonable period of time. 

8. Direct marketing

We may collect, hold, use and disclose your personal information to provide you with information and offers about our products and services, and products and services offered by other parties that we believe may be of interest to you. We may do this directly or through our third-party service providers, via various channels, including direct mail, email, telephone, SMS, MMS (multimedia messaging service), our Rest app and online advertising.

We take reasonable steps to ensure that your personal information is protected when disclosing information to these third parties. Sometimes, we may de-identify your information before disclosing it to third parties to facilitate our marketing activities.

If you do not want to receive direct marketing, you can opt out by using any unsubscribe function provided in the communication, or by contacting us (see the 'How to contact us’ section below). If you are a Rest member you can also login to MemberAccess to manage your communication preferences.

If you opt out, we must action the request within a reasonable period of time.  

9. Disclosing your personal information

We may disclose your personal information to third parties, including:

• a related entity of Rest;
  
  
• MUFG Retire360 Pty Limited (ABN 36 105 811 836);
  
  
• people nominated by you, if you have authorised us to do so in writing, including your beneficiaries;
  
  
• your employers and trustees of other superannuation funds;
  
  
• Government bodies including regulators, the Courts and tribunals where required by law or regulation;
  
  
• our fund administrator and clearing houses;
  
  
• our other agents, contractors and service providers (which may include but not limited to, lawyers, accountants, mail and document management companies, IT service providers, marketing and research companies, or other advisers);
  
  
• auditors, actuaries, legal advisers and consultants;
  
  
• insurers and related service providers including re-insurers, underwriters and insurance administration service providers;
  
  
• health care providers;
  
  
• our preferred financial services organisations and advice companies that are contracted to provide advice to members;
  
  
• organisations involved in managing payments, including payment merchants and other financial institutions, such as banks;
  
  
• organisations involved in a transfer or sale of all or part of our assets or business;
  
  
• Social Media Platforms; and
  
  
• digital platforms (including, as applicable the use of AI systems) to undertake activities such as website analytics, email campaign management, content tailoring and online behavioural advertising.

If we disclose your personal information to service providers that perform business activities for us, they may only use it for the specific purpose we provide.

If you want to nominate someone to receive information on your behalf, you can let us know using the contact details in the ‘How to contact us’ section below.  

10. Where we may be required to disclose

We may disclose personal information where the law requires us to do so, including:

• to meet family law requirements relating to the splitting of superannuation interests (noting that we cannot share the member’s address or tell the member if we receive a splitting request);
  
  
• to provide information to the Commissioner of Taxation including your tax file number, identification information and details about unclaimed or lost member accounts;
  
  
• where we receive a request for information from a Court, tribunal, regulatory body or law enforcement agency;
  
  
• if you are transferring to another fund, to the trustee of that fund; and
  
  
• to meet anti-money laundering requirements by providing information to AUSTRAC where required.

Unless we're authorised or required by law, have your consent, or are acting for a purpose set out in this policy, we won’t share your personal information with third parties.  

11. Do we disclose your personal information outside Australia?

We may disclose personal information to entities located outside of Australia (e.g. our third-party service providers) or to entities who use technology located outside of Australia, for some of the purposes listed above, including:

• Rest’s office in the United Kingdom;
  
  
• our data hosting and other IT service providers located in, or using technology located in, India, the Philippines, the United States of America, Canada and the United Kingdom; and
  
  
• other third-party service providers located in, or using technology located in Canada, India, the Philippines, the United States of America, New Zealand, South Africa, Vietnam, the United Kingdom, Japan and Singapore.

In turn, those entities may disclose personal information to other organisations located outside of Australia or to other organisations who use technology located outside of Australia. We are not aware of any personal information that is disclosed to any countries in addition to those already listed above.

We won’t send personal information to recipients outside of Australia unless:

• we have taken reasonable steps to ensure that the recipient does not breach the Privacy Act and the APPs; or
  
  
• the recipient is subject to an information privacy scheme similar to the Privacy Act; or
  
  
• the individual has consented to the disclosure. 

12. How do we hold and keep your personal information secure?

We hold personal information in electronic and hard copy forms. We take reasonable steps to ensure that your personal information is protected from misuse, interference, and loss from unauthorised access, modification, and disclosure. We employ logical and physical access controls to all systems where electronic personal information is stored.

We also take reasonable steps to ensure that third party service providers which help us to provide Rest Services (for example, insurance companies and fund administrators) have privacy arrangements which are consistent with the Privacy Act. Internal Privacy Impact Assessments are undertaken in relation to all thirdparty service providers who handle personal information.

While we take steps to protect your information, there are always risks when sending information online. We encourage you to consider these risks when using our online services. If you prefer not to share information via our websites, apps, or digital services, you can do so via mail or telephone.

We take reasonable steps to ensure personal information is only retained for as long as it is needed or as required by law. Where personal information is no longer required to be retained, we take reasonable steps to destroy or de-identify this information. 

13. Contractual arrangements with third parties

We take reasonable steps to ensure that all contractual arrangements with third parties adequately address privacy issues, and we make third parties aware of this policy.

Third parties are required to implement the following processes in relation to the handling of any personal information:

• de-identifying personal and sensitive information wherever possible;
  
  
• ensuring that personal and sensitive information is kept securely, with access to it only by authorised employees or agents of the third parties; and
  
  
• ensuring that personal and sensitive information is only disclosed to organisations which are approved by us. 

14. Accessing and seeking correction of your personal information

You may request access to the personal information that we hold about you (subject to the exceptions in the Privacy Act) by contacting Rest’s Privacy Officer. We’ll respond within 30 days of your request. If we are unable to provide the information, we’ll explain why and let you know how to make a complaint.

We'll need you to verify your identity and tell us what information you’re looking for. An administrative fee for search and photocopying costs may apply.

To help us keep your personal information accurate and up to date, please contact us if your personal details change or if you believe any information we hold is incorrect. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days (or a timeframe agreed with you). We don't charge for corrections.

If we correct information that has previously been disclosed to another entity, and if you request us to notify that entity of these corrections, we will take steps to do this, within a reasonable period of time. 

15. Identifiers

We do not adopt identifiers assigned by the Government (such as drivers’ licence numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act applies.   

16. Digital Services

When you access our websites, we may collect other information and data about you and about how you use our services and platforms which is not personal information. We collect this information in a variety of ways:

• usage information, including services meta-data, log data, device information and location information;
  
  
• cookie information (and other similar technologies);
  
  
• third party services data - information provided by another party about how you have used their service; and
  
  
• third party data - data collected by another party through their own activity which they have made available to us either directly or through a data service.

We may send a “cookie” ( a small file containing a unique ID number) to your computer. This helps us recognise your computer each time you visit our websites, keep track of Rest Services you view, and improve your browsing experience by tailoring the content you see.

We also use cookies to measure traffic patterns and to determine which areas of our websites have been visited. Our cookies do not collect personal information. However, if you are a Rest member, cookies sent to your computer from some of our websites may store your encrypted Rest member number. If you prefer not to receive cookies, you can set your browser to block them . You can also delete or clear cookies you’ve previously accepted. 

17. Data breaches

Rest is committed to protecting our members’ personal information, as well as other individuals whose personal information we may handle. If a data breach (unauthorised access or disclosure of personal information, or loss of personal information) does occur we will take all reasonable steps to contain and mitigate the breach as soon as possible to reduce the likelihood of serious harm.

If it’s assessed to be a notifiable data breach, we'll also notify those impacted and the relevant regulators (as required) as soon as possible. We'll also put procedures in place to reduce the likelihood of it happening again. 

18. Making a complaint

We have a complaint handling process in place to manage privacy risks and issues. If you have a concern or complaint about a possible breach of privacy, please contact our Privacy Officer in one of the ways set out in the ‘How to contact us’ section below.

We'll work with you to understand your concerns and what outcome you're looking for. Once we've completed our enquiries, we'll let you know the outcome and give you the chance to respond.

Further information on this process can be found in the Complaints Management Policy, available on the Rest website at https://rest.com.au/why-rest/about-rest/contact-us/lodge-a-complaint.

If you are not satisfied with the resolution of any privacy complaints made to us, you can refer the matter to the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are as follows:

Office of the Australian Information Commissioner
GPO Box 5218
SYDNEY NSW 2001
Phone: 1300 363 992
Email: enquiries@oaic.gov.au

19. How to contact us

If you’d like more information on how we handle personal information, want a copy of this policy in a different format, or need to make a privacy complaint, you can contact our Privacy Officer:

By phone on 1300 300 778

By email at contact@rest.com.au

Write to:
Privacy Officer
Rest Super
PO Box 350
Parramatta NSW 2124

You can also contact us via the services mentioned on rest.com.au/why-rest/about-rest/contact-us

20. Changes to our Privacy Policy

We're always looking to improve our standard of service, so we may update this Privacy Policy from time to time. Any personal information we hold will be governed by the most current version. 

References to we, us and our refer to Retail Employees Superannuation Pty Limited, ABN 39 001 987 739, AFSL 240003 (Rest), as Trustee of the Retail Employees Superannuation Trust ABN 62 653 671 394 (the Fund).   

Privacy Collection Statement

Retail Employees Superannuation Pty Limited, ABN 39 001 987 739, AFSL 240003 (Rest), as Trustee of the Retail Employees Superannuation Trust (ABN 62 653 671 394 (the Fund) (referred to in this Statement as Rest, we, us, our) is committed to ensuring the confidentiality and security of your personal information.

Rest Services referred to in this Statement means the superannuation, insurance, financial advice or other products, services, benefits or options provided by us to clients, and includes digital services.

Our Privacy Policy, which details our handling of information, is available upon request or can be found above on this webpage.