In some circumstances, we may also collect and hold “sensitive information”. This includes information about:
If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services or meet your needs appropriately.
We do not give you the option of dealing with us anonymously, or under a pseudonym. This is because it is impractical, and, in some circumstances, illegal for us to deal with individuals who are not identified.
3. What personal information are we required or authorised to collect by law?
We are required or authorised to collect:
- your name, address, date of birth and other verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
- your tax file number, if you agree to provide it, in various circumstances covered by the Superannuation Industry (Supervision) Act 1993 (Cth); and
- information relevant to insurance where required by the Insurance Contracts Act 1984 (Cth).
You can choose whether or not to provide us with your tax file number and it is not an offence to refuse.
4. Unsolicited personal information
We may receive unsolicited personal information about you. We destroy or de-identify all unsolicited personal information we receive unless it is relevant to our purposes for collecting personal information. We may retain additional information we receive about you if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.
5. How do we collect your personal information?
We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in ways including:
- through your access and use of our websites, emails, apps, message services, online portals and social media sites;
- engaging with our digital advertising and communications across the internet;
- during interactions between you and our staff or representatives, including discussions through our call centres and live chat; and
- when you complete an application or other form, including surveys or promotions.
We may also collect personal information from third parties including from:
- your employers;
- your financial advisers;
- doctors or other health care providers;
- the Australian Taxation Office;
- other superannuation and insurance entities;
- clearing houses and other entities involved in facilitating transactions on your account;
- identity verification services;
- data quality enhancement and enrichment providers such as address-matching services;
- service providers engaged to provide Rest products or services such as contact centres, marketing, digital services, product development and market research;
- digital platforms such as Google and Adobe utilised by us to provide our digital services;
- Social Media Platforms; and
- other representatives who may be authorised by you (such as your spouse, family or friends).
All personal information collected by us from third parties is handled by us in accordance with this Policy.
If we collect your personal information from a third party, they are responsible for letting you know that your personal information has been provided to us.
Where you provide us with the personal information of any other individual (for example, a nominated beneficiary), you must:
- notify that individual that we have collected their personal information; and
We will only collect sensitive information with your consent, unless an exemption in the APPs applies. These exemptions include if the collection is required or authorised by law, or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.
We will only use sensitive information where this is reasonably necessary for us to provide you with products and services in our capacity as trustee of the Fund, unless you specifically authorise us to use your sensitive information for another purpose.
We will always seek your permission before using or disclosing sensitive information for any other purpose.
Please see below for information about how we hold and keep your personal information secure.
Our websites, emails and mobile device applications (apps) contain links to other third-party sites. If accessing these sites, please be aware that the third parties may collect information about you and may provide us with access to that information.
6. What happens if we are unable to collect and use your personal information?
If we cannot collect your personal information one, or more of the following may occur:
- we may be unable to provide you with Rest Services (or information about them) that you want or require;
- you may not be able to access Rest’s digital services such as our App, member portals and message services; and
- we may be unable to tailor the content of our websites, emails and mobile device apps to your preferences or to give you more relevant content.
7. Why do we collect and hold your personal information?
We collect, hold, use and disclose your personal information for the following purposes, which we may carry out with the assistance of our third-party service providers:
- confirming your identity and eligibility for Rest Services;
- providing you with Rest Services and / or information about them;
- setting up and maintaining your membership and account;
- assessing benefits and claims;
- facilitating insurance arrangements;
- corresponding with you, including where you request information from us or have a complaint or concern;
- helping you with locating your lost super and/or consolidating your super;
- meeting regulatory requirements including fund and breach reporting obligations;
- conducting user/usability testing, surveys, research and analytics (including through our third-party service providers);
- complying with relevant laws, regulations and other legal obligations;
- helping us improve the Rest Services offered to our customers and enhance our overall business;
- understanding and meeting your needs, including tailoring the content of our websites, emails, mobile device apps and social platforms to your preferences; and
- conducting marketing activities in relation to products and services provided by Rest and our partners.
Personal information is provided to our administrator to enable them to provide services and may be collected directly from you, your employer, previous superannuation fund or adviser.
Health information may be provided to our insurer to support insurance arrangements and may be collected from you directly, through your adviser, another insurer or your authorised representative. In some cases, we may also collect health information through medical reports from your doctors (for example, if you have submitted a claim).
We also use information on a de-identified basis for planning, research and analysis so that we can operate effectively and efficiently, participate in policy discussions, and improve our Rest Services.
Sometimes we may de-identify your information before disclosing it to third parties to facilitate our marketing activities.
We may use and disclose your personal information for any of these purposes. We may also use and disclose your personal information for secondary purposes, which are related to the primary purposes set out above, or in other circumstances authorised by the Privacy Act.
Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise, or an exemption in the Privacy Act applies.
8. Direct marketing
We may use personal information to engage in or send you direct marketing communications and information that we consider may be of interest to you, whether you are a current or prospective member. We may do this directly or through our third-party service providers via various channels, including through social media and other digital platforms.
You consent to us and our third-party service providers doing so.
We may only use personal information we collect from you for the purposes of direct marketing without your consent if:
- the personal information does not include sensitive information; and
- you would reasonably expect us to use or disclose the information for the purpose of direct marketing; and
- we provide a simple way of opting out of direct marketing; and
- you have not requested to opt out of receiving direct marketing from us.
Direct marketing activities can be undertaken in various forms, including mail, email, telephone, SMS, MMS (multimedia messaging service), apps and online advertising.
If we collect personal information about you from a third party, we will only use that information for the purposes of direct marketing if you have consented (or it is impracticable to obtain your consent), and we will provide a simple means by which you can easily request not to receive direct marketing communications from us. We will draw your attention to the fact you may make such a request in our direct marketing communications.
You have the right to request us not to use or disclose your personal information for the purposes of direct marketing, or for the purposes of facilitating direct marketing by other organisations. We must give effect to the request within a reasonable period of time. You may also request that we provide you with the source of their information. If such a request is made, we must notify you of the source of the information free of charge within a reasonable period of time.
To opt out use any unsubscribe function provided in the communications, log into the Rest Website and manage your member communications preferences, or contact us in one of the ways set out in the ‘How to contact us’ section below.
9. Disclosing your personal information
We may disclose your personal information to third parties, including:
- a related entity of Rest;
- Link Advice Limited (ABN 36 105 811 836);
- people nominated by you, if you have authorised us to do so in writing, including your beneficiaries;
- your employers and trustees of other superannuation funds;
- Government bodies including regulators and the Courts where required;
- our fund administrator and clearing houses;
- our other agents, contractors and service providers (which may include but not limited to, lawyers, accountants, mail and document management companies, IT service providers, marketing and research companies, or other advisers);
- auditors, actuaries, legal advisers and consultants;
- insurers and related service providers including re-insurers, underwriters and insurance administration service providers;
- health care providers;
- our preferred financial services organisations and advice companies that are contracted to provide advice to members;
- organisations involved in managing payment, including payment merchants and other financial institutions, such as banks;
- organisations involved in a transfer or sale of all or part of our assets or business;
- Social Media Platforms; and
- digital platforms to undertake activities such as website analytics, email campaign management, content tailoring and online behavioural advertising.
If we disclose your personal information to service providers that perform business activities for us, they may only use your personal information for the specific purpose for which we supply it.
If you want to nominate another person to receive information or undertake transactions on your behalf, you can advise us of this using the contact details provided below in the ‘How to contact us’ section.
10. Where we may be required to disclose
We may disclose personal information where the law requires us to do so, including:
- to meet family law requirements relating to the splitting of superannuation interests (noting that we cannot share the member’s address or tell the member if we receive a splitting request);
- to provide information to the Commissioner of Taxation including your tax file number, identification information and details about unclaimed or lost member accounts;
- if you are transferring to another fund, to the trustee of that fund; and
- to meet anti-money laundering requirements by providing information to AUSTRAC where required.
11. Do we disclose your personal information outside Australia?
We may disclose personal information to entities located outside of Australia (e.g. our third-party service providers) or to entities who use technology located outside of Australia, for some of the purposes listed above, including:
- our data hosting and other IT service providers located in, or using technology located in, India, the Philippines, the United States of America, Canada and the United Kingdom; and
- other third-party service providers located in, or using technology located in Canada, India, the Philippines, the United States of America, New Zealand, South Africa, Canada, Vietnam, the United Kingdom and Singapore.
In turn, those entities may disclose personal information to other organisations located outside of Australia or to other organisations who use technology located outside of Australia. We are not aware of any personal information that is disclosed to any countries in addition to those already listed above.
We will not send personal information to recipients outside of Australia unless:
- we have taken reasonable steps to ensure that the recipient does not breach the Act, the APPs; or
- the recipient is subject to an information privacy scheme similar to the Privacy Act; or
- the individual has consented to the disclosure.
12. How do we hold and keep your personal information secure?
We hold personal information in electronic and hard copy forms. We take reasonable steps to ensure that your personal information is protected from misuse, interference and loss from unauthorised access, modification and disclosure. We employ a comprehensive suite of logical and physical access controls to all systems where electronic personal information is stored and regularly audit access to our systems to ensure your personal information is securely stored.
We also take reasonable steps to ensure that third party service providers which help us to provide you with Rest Services (for example, insurance companies and fund administrators) have privacy arrangements which are consistent with the Privacy Act, and regularly assess whether their protections are designed and operating effectively to appropriately mitigate risks to you.
Although we take steps to ensure that your information is protected, there are always risks when transmitting information online. You should assess the potential risks when deciding whether to use our online services. If you do not wish to transmit information via our websites, apps or digital services, there are other ways in which you can provide us with your information, such as by mail or telephone.
We take reasonable steps to ensure personal information is only retained for as long as it is needed or as required by law. Where personal information is no longer required we take reasonable steps to destroy or de-identify this information.
13. Contractual arrangements with third parties
Third parties will be required to implement the following processes in relation to the handling of any personal information:
- de-identifying personal and sensitive information wherever possible;
- ensuring that personal and sensitive information is kept securely, with access to it only by authorised employees or agents of the third parties; and
- ensuring that the personal and sensitive information is only disclosed to organisations which are approved by us.
14. How do we keep personal information accurate and up-to-date?
We are committed to ensuring that the personal information we collect, use and disclose is relevant, accurate, complete and up-to-date.
We encourage you to contact us to update any personal information we hold about you. Where we are satisfied information is inaccurate, we will take reasonable steps to correct the information within 30 days, unless you agree otherwise. We do not charge you for correcting the information.
If we correct information that has previously been disclosed to another entity, and if you request us to notify that entity of these corrections, we will take reasonable steps to do this, within a reasonable period of the correction.
15. Accessing your personal information
Subject to the exceptions set out in the Privacy Act, you may gain access to the personal information that we hold about you by contacting Rest’s Privacy Officer. We will provide access within 30 days of the individual’s request. If we refuse to provide the information, we will provide reasons for the refusal.
We will require identity verification and specification of what information is required. An administrative fee for search and photocopying costs may be charged for providing access.
We do not adopt identifiers assigned by the Government (such as drivers’ licence numbers) for our own file recording purposes, unless one of the exemptions in the Privacy Act applies.
17. Digital Services
When you access our websites, we may collect other information and data about you and about how you use our services and platforms which is not personal information. We collect this information in a variety of ways:
- usage information, including services meta-data, log data, device information and location information;
- cookie information (and other similar technologies);
- third party services data - information provided by another party about how you have used their service; and
- third party data - data collected by another party through their own activity which they have made available to us either directly or through a data service.
We may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our websites. It also enables us to keep track of Rest Services you view and may be used to improve your browsing experience by tailoring the content you see by default on those websites.
18. Making a complaint
If you have a concern or complaint about a possible breach of privacy, please contact our Privacy Officer in one of the ways set out in the ‘How to contact us’ section below.
Our Privacy Officer deals with privacy complaints. We have an effective complaint handling process in place to manage privacy risks and issues. Further information on this process can be found in the Complaints Management Policy, available on the Rest website at https://rest.com.au/why-rest/about-rest/contact-us/lodge-a-complaint.
We will attempt to confirm with you your understanding of the conduct relevant to the complaint and what you request as an outcome. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.
After Rest has completed its enquiries, we will contact you to advise the outcome and invite a response to that outcome. If we receive a response from you, we will assess it and advise if Rest has changed its view.
If you are unsatisfied with the resolution of any complaints made to us, you can refer the matter to the Australian Information Commissioner. The contact details for the Office of the Australian Information Commissioner are as follows: