SuperRecords Pty Ltd (ABN: 76 153 889 215) and its related bodies corporate (referred to in this document as we, us or our) recognise that your privacy is very important, and we are committed to protecting the personal information we collect about our clients and other individuals. To the extent that the Privacy Act 1988 (Cth) (Privacy Act), and the Australian Privacy Principles (APPs) govern the way in which we must manage your personal information, this policy sets out how we collect, use, disclose and otherwise manage personal information about our clients and individuals.
In this policy, we use the term ‘clients’ to refer to individuals who receive paid services from us; ‘client affiliates’ to refer to individuals whose personal information is contained within client files we access; ‘suppliers’ to refer to individuals whose goods and services we purchase and use (or individuals who are associated with our suppliers); ‘event participants’ to refer to individuals who attend events we hold; and ‘users’ to refer to individuals who subscribe to our newsletter, use our website, engage with us on social media platforms, or who enquire about us and our services. In some circumstances, you may belong to more than one of these groups, and multiple sections of this document will then apply to you.
Collection of Personal Information
We may collect and hold personal information about you (that is, information that can identify you) and is relevant to providing you with the information and services you are seeking. The type of information we collect about you depends on our relationship with you. Generally, however, we may collect your name, contact details, commentary or opinion about you, and other information relevant to providing you with the information and services you or someone on your behalf are seeking.
If you are a client: we will also generally collect your date of birth and place of birth, financial information, ABN, TFN, employment details, and health and other insurance information (for the purposes of tax reporting).
If you are a client affiliate: we will also generally collect additional information held about you in our client’s files, such as financial information, TFN, and employment details.
If you are a user: we may also collect information about you through the use of our website and digital platforms, including IP address, geographic location of your IP address, cookie information, and user preferences.
Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions and activities. Consent may be implied by the circumstances existing at the time of collection. There may also be circumstances under which we collect sensitive information without your consent, as required or authorised by law.
We support your ability to make decisions about the personal information you provide to us, however if you choose not to provide us with the information requested, or it is incomplete or inaccurate, we may not be able to provide you with the information and services you are seeking. If you are a client, refusal to provide identifying information will mean we are unable to provide you with any services. If you are an applicant for a volunteer or employment position, refusal to provide personal information may mean we are unable to process your job application.
Collection as required by law
We are required to collect personal information about clients in order to meet our legal obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), including full name, residential address, and date of birth. This information must be retained by us for a period of 7 years after we have stopped providing services to the client.
Method of collection
We will generally collect personal information directly from you through a variety of ways including interviews (via any method), correspondence, by telephone, by email, in person, any of our standard forms, our employment and volunteer application process, our surveys (where applicable), registration and attendance at our events, from publicly available sources on the internet, and via our websites, and social media accounts.
We may also collect personal information about you from third parties with your consent or where otherwise required or authorised by law, and this is set out in the privacy collection statement or otherwise notified to you at the time of collection (or as soon as practicable thereafter). For example, someone else may book you into one of our events or seek our services on your behalf. If you are a “client affiliate”, we are likely to collect personal information about you from one or more of our clients in the course of providing services to those clients.
Use of Personal Information
The purpose for collecting and dealing with your personal information depends on your interaction with us and our relationship with you. Generally, we will collect and deal with your personal information if it is reasonably necessary for or related to the facilitation of our services, and performance of our functions and activities, including for the purposes of:
- providing information, resources, and services to you or someone else on your behalf;
- facilitating our internal business operations, including:
- establishing our relationship with you;
- fulfilling our legal requirements;
- maintaining and managing our relationship with you and communicating with you in the ordinary course of that relationship (including responding to feedback or complaints);
- organising and facilitating events;
- if you are an event participant: processing your ticket purchase and providing receipts (where applicable) and communicating with you about the event;
- analysing our goods and services and customers’ needs with a view to developing new or improved goods, services, and business operations;
- contacting you to provide a testimonial for us (where applicable); and
- providing you with information about other goods and services that we or our related entities and other affiliated organisations offer that may be of interest to you. You may unsubscribe from our mailing/marketing lists at any time by using the unsubscribe feature on any emails we send, or otherwise by contacting us in writing.
- to compile and report statistics, with all the relevant personal and/or proprietary Personal Information de-identified prior to the completion of such statistics;
Disclosure of Personal Information
We generally disclose your personal information for the purposes for which it was collected (set out above). We may disclose personal information about you to:
- our employees, contractors, consultants, and volunteer (workers) who require the information to assist us with the purposes for which it was collected. If you are a client, we will only provide the information to our workers on a need-to-know basis having regard to the tasks requested by you;
- third party service providers who assist us in operating our business and providing information, resources, and services to you or someone else on your behalf (including payment processors, debt collectors, marketing campaign providers, payroll processors, superannuation funds, insurers, IT and technology service providers, off-site security storage providers, event organisers, and professional advisers such as lawyers, accountants, and auditors);
- third parties to whom you have agreed we may disclose your information and where the information was collected from you (or from a third party on your behalf) for the purposes of passing it on to the third party; and
- any other entity as otherwise required or authorised by law, including regulatory bodies.
Your personal information will not be sold to other institutions.
We may expand or reduce our business and this may involve the sale and/or transfer of control of all or part of our business. Personal information, where it is relevant to any part of the business for sale and/or transfer, may be disclosed to a proposed new owner or newly controlling entity for their due diligence purposes, and upon completion of a sale or transfer, will be transferred to the new owner or newly controlling party to be used for the purposes for which it was provided.
Sensitive information is only used and disclosed for the purposes for which it was collected, unless your further consent is obtained or otherwise as permitted or required by law.
Disclosure of Personal Information Overseas
We have workers overseas who assist us with operating our business and providing you or someone else on your behalf with the information, resources and services sought. Our workers are bound by the same security processes and procedures as our workers in Australia.
We are assisted by a variety of external service providers to operate our business and to provide you or someone else on your behalf with the information, resources, and services sought. Some of these service providers may be located overseas, including India, Singapore, UK and the United States of America. We take reasonable steps to ensure these service providers have appropriate security for your personal information.
You understand and acknowledge that countries outside Australia do not always have the same privacy protection obligations as Australia in relation to Personal Information, and that Australian Privacy Principle 8.1 in the Privacy Act does not apply to such disclosures.
Storage and Data Security
The security of your personal information is important to us. We take reasonably necessary measures to ensure our data security and integrity is not compromised and to protect your personal information from interference, misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures. For example, our offices are equipped with biometric scanners and are monitored by CCTV. Several of our group companies are ISO certified, and our systems and terminals are regularly audited. Internet activity and data transfer is heavily controlled and monitored.
Any Personal Information that you disclose to us may be disclosed to our secure delivery centres, subcontractors or third-party service providers, and/or stored, on infrastructure outside Australia.
Personal information can be stored physically, electronically, or in the cloud. However, no data transmission over the internet is 100% secure. Risks exist when transmitting information online, particularly with cloud computing.
Your personal information is stored only until it is no longer required for any purpose for which it was collected, or otherwise as required or authorised by law, and either destroyed or deidentified thereafter.
For further details about our data security measures, please see our Security Policy, available at https://www.superrecords.com.au/security-policy/.
Access to and correction of Personal Information
You may access the personal information we hold about you, subject to certain exceptions. We will take the necessary steps to identify you before we provide the information to you. If you wish to access your personal information, please contact us using the details below. We will respond to your request within a reasonable period.
We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your personal information. We will notify you in advance of any applicable fees.
It is essential that your personal information is accurate, complete, and up to date (having regard to the purposes for which it was collected). If you believe the information we hold about you is incomplete, not up to date, or inaccurate, please contact us using the details below. We will take reasonable steps to correct the information if we agree that it is incomplete, out of date, or inaccurate.
If we refuse to correct your personal information, we will give you a written notice that sets out our reason for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
Feedback and Complaints
If, after this process, you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner, Australia. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.
Our contact details
Post: SuperRecords Privacy Officer, Suite 3, Level 6, 80 George Street, Parramatta NSW 2150
Phone: 1800 278 737