SuperRecords Pty Ltd (ABN: 76 153 889 215) and its related bodies corporate (referred to in this document as we, us or our) recognise that your privacy is very important and we are committed to protecting the personal information we collect about our clients and other individuals. To the extent that the Privacy Act 1988 (Cth) (Privacy Act), and the Australian Privacy Principles (APPs) govern the way in which we must manage your personal information, this policy sets out how we collect, use, disclose and otherwise manage personal information about our clients and individuals.
In this policy, we use the term ‘clients’ to refer to individuals who receive paid services from us, ‘client affiliates’ to refer to individuals whose personal information is contained within client files we access; ‘suppliers’ to refer to individuals whose goods and services we purchase and use (or individuals who are associated with our suppliers), ‘event participants’ to refer to individuals who attend events we hold, and ‘users’ to refer to individuals who subscribe to our newsletter, use our website, engage with us on social media platforms, or who enquire about us and our services. In some circumstances, you may belong to more than one of these groups, and multiple sections of this document will then apply to you.
PRIVACY COLLECTION STATEMENT
Generally, we collect Personal Information directly from you via your interactions with us. There may be occasions where we collect additional Personal Information about you from third parties, such as if someone has booked you into an event, or sought our services on your behalf. If you are a “client affiliate”, we are likely to collect Personal Information about you from one or more of our clients in the course of providing services to our clients.
We are required to collect information about clients in order to meet our legal obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth), including full name, residential address, and date of birth. This information must be retained by us for a period of 7 years after we have stopped providing services to the client.
We collect, use, and disclose your Personal Information for the purposes of providing information and services to you or someone else on your behalf, facilitating our internal business operations, and providing you with information about other goods and services that may be of interest to you.
We support your ability to make decisions about the Personal Information you provide to us, however if you choose not to provide us with the information requested, or it’s incomplete or inaccurate, we may not be able to provide you with the information and services you are seeking. If you are a client, refusal to provide identifying information will mean we are unable to provide you with any services. If you are an applicant for a volunteer or employment position, refusal to provide personal information may mean we are unable to process your job application.
We disclose your Personal Information to our workers who assist us in operating our business, third parties to whom you have agreed we may disclose your information, or as otherwise required or authorised by law. Your Personal Information will also be disclosed to third party service providers who assist us in operating our business, some of whom are located overseas, including India, Singapore and the United States of America. We have taken reasonable steps to ensure these third parties have appropriate security for your Personal Information.
More detailed information is set out below about:
- the types of Personal Information we collect from you (‘Collection of Personal Information’)
- the way we use and disclose your Personal Information (‘Use of Personal Information’, ‘Disclosure of Personal Information’, and ‘Disclosure of Personal Information Overseas’)
- how we secure your Personal Information (‘Storage and Data Security’)
- how you can access and correct that information (‘Access to and correction of Personal Information); and
- how you can make a complaint about a breach of privacy (‘Feedback and Complaints’).
Collection of Personal Information
We may collect and hold Personal Information about you (that is, information that can identify you) and is relevant to providing you with the information and services you are seeking. The type of information we collect about you depends on our relationship with you. Generally, however, we may collect your name, contact details, commentary or opinion about you, and other information relevant to providing you with the information and services you or someone on your behalf are seeking.
If you are a client: we will also generally collect your date of birth and place of birth, financial information, ABN, TFN, employment details, and health and other insurance information (for the purposes of tax reporting).
If you are a client affiliate: we will also generally collect additional information held about you in our client’s files, such as financial information, TFN, and employment details.
If you are a user: we may also collect information about you through the use of our website and digital platforms, including IP address, geographic location of your IP address, cookie information, and user preferences.
Except as otherwise permitted by law, we only collect sensitive information about you if you consent to the collection of the information and if it is reasonably necessary for the performance of our functions and activities. Consent may be implied by the circumstances existing at the time of collection. There may also be circumstances under which we may collect sensitive information without your consent, as required or authorised by law.
Method of collection
We will generally collect Personal Information directly from you through a variety of ways including interviews (via any method), correspondence, by telephone, by email, in person, any of our standard forms, our employment and volunteer application process, our surveys (where applicable), registration and attendance at our events, from publicly available sources on the internet, and via our websites, and our social media accounts.
We may need to collect Personal Information about you from third parties, and this is set out in the privacy collection statement or otherwise notified to you at the time of collection. We may also collect Personal Information about you from third parties with your consent or where otherwise required or authorised by law.
Use of Personal Information
- providing information, resources, and services to you or someone else on your behalf;
- facilitating our internal business operations, including:
- establishing our relationship with you;
- fulfilling our legal requirements;
- maintaining and managing our relationship with you and communicating with you in the ordinary course of that relationship (including responding to feedback or complaints);
- organising and facilitating events;
- if you are an event participant: processing your ticket purchase and providing receipts (where applicable) and communicating with you about the event;
- analysing our goods and services and customer needs with a view to developing new or improved goods, services, and business operations;
- contacting you to provide a testimonial for us (where applicable); and
- providing you with information about other goods and services that we or our related entities and other affiliated organisations offer that may be of interest to you. You may unsubscribe from our mailing/marketing lists at any time by using the unsubscribe feature on any emails we send, or otherwise by contacting us in writing.
Disclosure of Personal Information
- our employees, contractors, consultants, and volunteers (workers) who require the information to assist us with the purposes for which it was collected. If you are a client, SuperRecords will only provide the information to our workers on a need-to-know basis having regard to the tasks requested by you;
- third party service providers who assist us in operating our business and providing information, resources, and services to you or someone else on your behalf (including payment processors, debt collectors, marketing campaign providers, payroll processors, superannuation funds, insurers, IT and technology service providers, off-site security storage providers, event organisers, and professional advisers such as lawyers, accountants, and auditors);
- third parties to whom you have agreed we may disclose your information and where the information was collected from you (or from a third party on your behalf) for the purposes of passing it on to the third party; and
- any other entity as otherwise required or authorised by law, including regulatory bodies.
We may expand or reduce our business and this may involve the sale and/or transfer of control of all or part of our business. Personal Information, where it is relevant to any part of the business for sale and/or transfer, may be disclosed to a proposed new owner or newly controlling entity for their due diligence purposes, and upon completion of a sale or transfer, will be transferred to the new owner or newly controlling party to be used for the purposes for which it was provided.
Sensitive information is only used and disclosed for the purposes for which it was collected, unless your further consent is obtained or otherwise as permitted or required by law.
Disclosure of Personal Information Overseas
We have workers in India who assist us with operating and business and providing you or someone else on your behalf with the information, resources and services sought. Our workers in India are bound by the same security processes and procedures as our workers in Australia.
We are assisted by a variety of external service providers to operate our business and to provide you or someone else on your behalf with the information, resources, and services sought. Some of these service providers may be located overseas, including India, Singapore and the United States of America. We take reasonable steps to ensure these service providers have appropriate security for your Personal Information.
Storage and Data Security
The security of your personal information is important to us. We take reasonably necessary measures to ensure our data security and integrity is not compromised and to protect your personal information from interference, misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures. For example, our offices are equipped with biometric scanners and access cards, and are monitored by CCTV. Several of our group companies are ISO certified, and our systems and terminals are regularly audited. Internet activity and data transfer is heavily controlled and monitored.
The data is stored for 10 years for compliance and auditing purposes and either destroyed or deidentified thereafter.
See our Security Policy for more information about our security measures.
Access to and correction of Personal Information
You may access the personal information we hold about you, subject to certain exceptions. SuperRecords will take the necessary steps to identify you before we provide the information to you. If you wish to access your Personal Information, please contact us in writing. We will respond to your request within a reasonable period. We may decline a request for access to personal information in circumstances prescribed by the Privacy Act, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
We will not charge any fee for your access request but may charge an administrative fee for providing a copy of your Personal Information. We will notify you in advance of any applicable fees.
It is essential that your Personal Information is accurate, complete, and up to date (having regard to the purposes for which it was collected). If you believe the information we hold about you is incomplete, not up to date, or is inaccurate, please advise us as soon as practicable. We will take reasonable steps to correct the information if we agree that it is incomplete, out of date, or inaccurate.
If we refuse to correct your Personal Information, we will give you a written notice that sets out our reason for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint.
Feedback and Complaints
If after this process you are not satisfied with our response, you can submit a complaint to the Office of the Information Commissioner, Australia. To lodge a complaint, visit the ‘Complaints’ section of the Information Commissioner’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.