Super Records complies and works in accordance to the National Privacy Principles and the Privacy Act 1988 (Cth). Super Records is committed to ensure the safekeeping and collection of personal information.
Collection of Personal Information
Super Records does not contact your clients directly or indirectly. Any client information is collected via the Accountingor Financial services firm.
The information we are provided include:
- Names, Address, DOB and POB
- ABN’s, TFN’s and Employment details
- Personal health and insurance information
- Financial information – such as income, expenses, superannuation and investment details
Use of personal information
Super Records provides the following types of services:
- Paraplanning Services
- Business Services
- SMSF Administration and Audit Services
- Portfolio Administration Services
The collection and use of personal information is only to facilitate one or all of the above services to your firm asrequested by you.
Super Records only uses personal information for the purpose(s) for which it was given to us and for directly relatedpurposes (unless otherwise required by or authorised by law) or as consented to by you or your firm.
Disclosure of personal information
Super Records will only provide the information to their staff that relate specifically to the jobs requested by your firm.
The information will not be provided or sold to other institutions. If there is a legal situation, the information may beprovided in accordance to the law.
Storage and Data Security
Super Records stores all the data electronically on secure servers in Australia.
We have taken the necessary measures to ensure our data integrity is not compromised. The data is stored for 10 years for compliance, auditing purposes and removed thereafter.
Our secure delivery centre is equipped with the latest technology, infrastructure and dedicated technical staff to ensure our working environment has complete reliability and security for our clients’ data.
We are an ISO 27001-certified company, this means our offices and systems are on par with international best practice for information security management.We do not use third party contractors to complete any work.
Biometric scanners and access cards are required to enter our offices.Only authorised personnel are allowed to enter the office and processing centre. Physical documents, books and other devices are prohibited in the processing centre. The entire office is monitored by CCTV.All PC’s are desktops running a ‘dumb terminal system’.Ability to save and store data on the PC is disabled.CD Rom and other drives (USB) have been removed.Access to physical/removable drives (external hard drives) have been disabled.Printers and scanners are also not available within the processing centre. Staff are required to keep personal belongings including bags, books or mobile devices in secure lockers provided outside the main processing centre.
Internet activity is heavily controlled with websites required to be added to a “whitelist” before they can be accessed.Staff are unable to access personal emails from the office and work emails are unable to send data outside the office.Our intranet, internal portals, software and sites have IP Authentication in place so that no one can access these records outside our office premises.Access to our internal software is password protected with strength measurement.Passwords are also required to be updated on a regular basis.All terminals include screen snapshots and are regularly audited to ensure staff are following security guidelines.All our terminals and servers are installed with firewalls, antivirus software, intrusion detection software and prevention systems to minimise any exploits or attacks.Our security software is kept updated at all times and when required.All PC’s within our organisation have an auto-lock feature to ensure PC’s are not kept unlocked.Wireless connections are prohibited within our back-office in India and Australia.
Reporting of data breach
If there is a data breach that is likely to result in serious harm, we will take the following action:
- Contain the information leak and asses the actual damage caused by the breach.
- Prepare a statement detailing the breach
- Immediately after providing the statement, notify each individual to whom the information relates to, or who are at risk.
- If this is not possible, then we will:
- Publish a copy of the statement on the website, and
- Take reasonable steps to publicise the contents of the statement.
- Review and change our systems and processes to ensure they are further secured against future breaches
Access to personal information
Your firm and staff can access the personal information that you provide. Super Records will take the necessary stepsto identify that you are a client of Super Records before they provide the information to you.
If you have any questions regarding this information, please feel free to get in touch with us.
Last Updated on: 01 July 2019