If you give us personal information about another person, you represent that you are authorised to do so and agree to inform that person who we are, that we will use and disclose that information for the relevant purposes set out below, and that they can access the information we hold about them.
Your personal information will be treated strictly in accordance with the Australian Privacy Principles contained within the Privacy Act 1988 (Cth), as amended.
This policy outlines for our customers and prospective customers:
1. The kinds of personal information that we collect and hold;
2. How TOMORROW Super will collect and hold such personal information;
3. The purposes for which we collect, hold, use and disclose personal information;
4. How our customers or prospective customers may access their personal information, held by TOMORROW Super;
5. How our customers or prospective customers raise a complaint about a breach of the Australian Privacy Principles, and how we will deal with such a complaint; and
6. Whether we will or is likely to disclose personal information to overseas recipients; and to which countries the information may be sent.
1. The information TOMORROW Super collects
Personal information is information that can identify you. We must obtain personal information about you so we can provide the most appropriate products and services to you, provide information and marketing material to you and satisfy certain legislative and regulatory requirements.
We will only collect personal information that is necessary to provide our products and services to you, including information needed to comply with legal and regulatory requirements. We may collect the following types of personal information:
• email address, mailing or street address and other contact details;
• date of birth;
• information to verify your identity such as your driver’s licence number;
• tax file number; and
• information about other products or services of ours or any related body corporate that you may hold or use.
• Information about your health and occupation: current employer, job role, income and title and health details (see 2. Health and occupational Information below for the circumstances we do this).
• details of your social accounts such as Facebook, Twitter, if you provide us with this information, or engage with us via these channels
We are required to collect your name, address, date of birth and other verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). We are authorised to collect tax file numbers under tax laws and the Privacy Act.
2. Health and occupational Information
We collect your health and occupational information where we offer you products with an insurance component or to assist in assessing certain claims, including hardship. We do not use or share that information for any purpose other than the application, underwriting or administration of your financial product, claim or account, or as otherwise notified to you at the time we collect your information.
3. Sensitive Information
Generally, we do not collect sensitive information about you unless required by law or where you consent for us to do so (and in any event only where it is relevant to your product). We will not collect sensitive information about you where this is expressly prohibited by local law.
Sensitive information includes information relating to:
- political or religious beliefs
- sexual orientation and sexual life
- criminal convictions
- membership of professional or trade associations or unions
- biometric and health information
- information about your affiliation with certain organisations, such as professional associations.
4. Telephone recording
TOMORROW Super or third parties providing connected services, may record telephone conversations. If TOMORROW Super does record conversations, this will be disclosed prior to connecting to a TOMORROW Super staff member and you will be given an opportunity to refuse such recording.
Cookies may also be used for other purposes on the TOMORROW Super website but in each case none of the information collected can be used to identify you personally but rather identifies your computer. You can configure your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it each time.
- Analytical purposes: Analytical cookies allow us to recognise, measure and track visitors to the website. This helps us to improve and develop the way the website works, for example, by determining whether site visitors can find information easily, or by identifying the aspects of the site that are of the most interest to them.
- Usage preferences: Some of the cookies on the website are activated when visitors to our sites make a choice about their usage of the site. Our website then ‘remembers’ the settings preferences of the user concerned. This allows us to tailor aspects of the site to the individual user.
- Functional purposes: Functional purpose cookies store information that is needed by our applications to process and operate. For example, where transactions or requests within an application involve multiple workflow stages, cookies are used to store the information from each stage temporarily, in order to facilitate completion of the overall transaction or request.
- Remarketing – Cookies can be used to remarket our services and products to previous visitors. More information about this is provided in the ‘Remarketing’ section.
6. Google Analytics
7. Not Providing Your Personal Information
If you do not give us your personal information some or all of the following may happen:
• we may not be able to provide you with or subsequently administer some or all our products or services; or
• we may not be able to provide you with information about our products and services.
8. How TOMORROW Super will collect and hold such personal information
We collect personal information about you directly from you — this can be in person, in documents you give us, from telephone calls, emails, competitions you enter, your access to our website or from transactions you make. We take reasonable steps to be transparent about how and why we collect personal data.
The main ways we may collect personal information about customers are:
- if you subscribe to any of our information or other services;
- if you open any form of account; or
- if you give information or other material to any part of TOMORROW Super;
We maintain records of transactions and activities on accounts you may hold with us. During the course of your relationship with TOMORROW Super, we will also gather information about products and services provided to you.
We may also collect your personal information from a related account holder (to facilitate a benefit, discount or introduction) or third parties including public sources and service providers (including credit reporting bodies and information service providers).
If we accidentally collect personal information that we did not ask for, we will work out whether we need this information. If not, we will destroy or de-identify the information.
9. The purposes for which we collect, hold, use and disclose personal information
We are required by law to collect information to identify and verify you. We therefore may make enquiries as to your identity(ies) and other personal details as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.
Other than as required by law, we will only use your personal information for the purpose of providing you with our investment products and services. In managing your investment and financial product for you, we will use your personal information to:
• assess your application and provide our products and services to you;
• verify your identity electronically using government sources such as the identification document issuer or the official record holder. (To increase your chance of getting an identity match we may verify your identification using your personal details from your credit file at illion
• communicate with you in relation to your investment;
• monitor, audit, evaluate and otherwise administer our products and services;
• to assist in applying for, underwriting, the administering products with insurance components, and assessing certain claims, including hardship;
• provide you with access to protected areas of our websites;
• provide continuous service to you and to conduct business processing functions including by providing personal information to our related bodies corporate, contractors, service providers or other third parties; and
• assist with the administrative, marketing (including direct marketing), planning, product or service development, quality control or the research purposes of us and our contractors and service providers.
• answer questions and enquiries you may provide.
We will only use or disclose personal information we collect about you for the purpose of which it was disclosed to us, or related purposes which would reasonably be expected, without your permission, or as permitted by the Australian Privacy Principles. We take reasonable steps to ensure that third-party organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.
We will not sell your personal information to other organisations. Nor will we provide organisations outside our group with your personal information for purposes unrelated to the management of your investment.
We may also disclose your personal information to entities located overseas for one or more of the purposes set out below. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the Australian Privacy Principles relating to your personal information.
Personal information may be disclosed to external parties including the following:
• agents, contractors, or external service providers appointed by us (such as administrator, custodian, trustee, auditors or other professional advisers);
• your nominated financial adviser – (but only with your written consent) ;
• your personal representative, attorney or agent – (but only with your written consent);
• a government or regulatory body (such as ATO, AUSTRAC, ASIC or a law enforcement agency);
• financial institutions and other similar organisations that we deal within the course of our corporate activities, or those that are nominated by you;
• external service providers and professional advisers that provide services to us including electronic identification services;
• in order to comply with a court order or in conjunction with court proceedings.
Contact us if you have any concerns about our use of your personal information (see details below)
10. External Websites
Our website may contain references or links to other external websites. Those references or links may, in turn, refer or link to other references or links. We, our directors, officers, employees or agents are not responsible to you or any person for any breach of the Australian Privacy Principles or damage that may occur from any privacy policies or practices or content of websites to which we provide external links.
11. Direct marketing
We may also send you direct marketing communications and information about our products and services that we expect may be of interest to you. These communications may be sent in various forms, including mail, SMS, social networks and email. You consent to us sending you those direct marketing communications by any of those methods. At any time, you may opt-out of receiving marketing communications from us by contacting us (see contact details below) or by using the opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from the relevant mailing list.
Please note that, if we are currently providing you with services or products, we will still need to send you essential information about your account, the relevant services or products and other information required by law.
13. Customer Knowledge Centre and Chatbots
TOMORROW Super may maintain a ‘knowledge centre’ of customer support information. This data mostly comprises of common customer queries and answers, and is accessible by customers via the Website and Apps, used by our staff in enquiries, and may be accessible in an automated manner via Chatbot features or similar technologies. Both questions asked, and responses provided to customers in resolution of queries over Livechat and Chatbot related enquiries may be used to extend the ‘knowledge centre’ of common or previously referenced questions or answers for future customer reference. This is done in a general, non-individualised manner with no personally identifiable source information being attached to the “knowledge base”.
14. Keeping information accurate and up` to date
We take all reasonable steps to ensure that all personal information we hold is as accurate as possible. You are able to contact us at any time to find out what information we have about you and ask for its correction if you feel the information we have about you is inaccurate or incomplete, or to provide us with information about changes to your personal information.
15. Keeping your personal information secure
We keep personal information in electronic and sometimes physical records, at our premises and the premises of our service providers, which may include processing or storage in the cloud, which may mean in practice that this information is stored outside Australia. Where this occurs, we take steps to protect the security and integrity of personal information.
We also keep records of our interactions with you (including by telephone, email and online) and of your transaction history.
We invest resources to keep your personal information secure from misuse, loss, interference, unauthorised access, modification or disclosure. Access to and the use of personal information is regulated to prevent misuse or unlawful disclosure of the information. We use security procedures such as encryption, firewalls, intrusion detection and anti-virus technology to prevent unauthorised access.
We also use valid log-in identification and password based security to achieve electronic information security.
We retain information for so long as may be necessary to respond to issues that may arise at a later date, and longer in appropriate cases where required by law. When personal information is no longer required by us, it is destroyed or de-identified.
As our website is linked to the internet, and the internet is inherently insecure, we cannot give any assurance to any person regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
16. Accessing personal information held by TOMORROW Super
Under the Privacy Act, you have the right to obtain a copy of any personal information which we hold about you and to advise us of any inaccuracies.
To make a request, you will need to write to us verifying your identity and specifying what information you require. We will respond to your request within 7 days. If the information
sought after is extensive we may charge a fee to cover cost.
In normal circumstances we will give you full access to your information. However, there may be times where some legal reason requires us to deny access, such as where granting access would interfere with the privacy of others or it would result in a breach of confidentiality.
If access is denied we will give you written reasons for any refusal.
We aim to ensure that the personal information held about you is accurate, complete and up -to-date. You should contact us as soon as possible if any of your details change. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
17. Data breach
A data breach occurs when personal information held by us is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Examples of a data breach are when a device containing personal information of clients is lost or stolen, or when a database containing personal information is hacked or if we mistakenly provide personal information to the wrong person.
Under the Privacy Amendment (Notifiable Data Breaches) Act 2017, we have an obligation to assess within 30 days whether a data breach amounts to an ‘eligible data breach’ if we become aware that there are reasonable grounds to suspect that data breach may have occurred.
If we form the view that the data breach would likely result in serious harm to any of the individuals to whom the information relates despite any remedial action taken by us, then the data breach will constitute an ‘eligible data breach’. If an eligible data breach occurs, we have an obligation to notify you and the Office of the Australian Information Commissioner and of the details of the eligible data breach.
18. How to raise a complaint?
How to raise a complaint about a breach of the Australian Privacy Principles, and how TOMORROW Super will deal with such a complaint:
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.
After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
PO Box K42 Haymarket NSW 1240.
If you wish to unsubscribe from our information or registration service, contact us in writing requesting to be removed from our database. We generally do not collect sensitive information about you unless required by applicable laws or rules.
21. Contact Details
PO Box K42 Haymarket NSW 1240.
Should you wish to obtain further information about privacy you can do so by visiting the Office of the Australian Information Commissioner (OAIC) website at www.oaic.gov.au