At MobiSuper we understand that the privacy of your information is important to you and we respect the privacy of the information that you provide to us. This document provides information and details about how we manage the personal information that we collect and hold about individuals.
The Policy is based on transparency and openness, in accordance with the relevant privacy laws.
The Policy is available, free of charge, on request using the contact details provided in Section 9. The Policy is available to any individual whether or not they are a customer.
MobiSuper is obligated to act in accordance with all relevant privacy legislation including the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs) and any Registered APP Code.
The Policy covers information handling practices during the entire life cycle of collection, use and disclosure of personal information.
It is important that you understand why MobiSuper collects, uses and/or discloses your personal information. We only collect personal information that is reasonably necessary for our functions or activities. The reasons include, but are not limited to the following:
- to provide you with information about financial services we provide, including but not limited to, advice on superannuation and life insurance products.
- to provide you with the product or service that you have requested from us
- to communicate with you about the products or services that we have provided advice to you on or are providing advice to you on • to establish and administer our customer relationships
- to monitor and evaluate products and services
- to provide information on products and services offered by MobiSuper and external product and service providers with whom we have a business arrangement. If you have provided us with your email or mobile phone details, we or the provider may provide information to you electronically with respect to those products and services (unless you tell us otherwise)
- to gather and aggregate information for statistical, prudential, actuarial and research purposes, and to take measures to detect and prevent fraud
- to establish your identity. to meet our legal obligations and co-operate with Government and law enforcement agencies or regulators, and
- to tell you about other products and services that we consider may be of interest to you. Please note that if you don’t want to receive direct marketing communications you can tell us by contacting us using the details provided in Section 9.
3. Collection of personal information
MobiSuper collects personal information that is reasonably necessary for one or more of our functions or activities, including the provision of financial advice and our marketing activities. We generally obtain the consent of the individual involved before we collect their personal information, unless otherwise permitted by law. MobiSuper collects personal information only by lawful and fair means. Generally we collect personal information about an individual only from that particular individual unless it is required by law or it is unreasonable or impracticable to do so.
In most instances, we collect your personal information from you when you fill out a Client enquiry, application form or personal statement, but we may also collect information from you which you provide to us over the telephone, fax, email, internet or by using other electronic devices. We may collect your personal information and use it to provide you with advice on insurance cover that is appropriate for your circumstances. Your financial information is collected to determine the appropriate products and services you may require. If it is not required, we will not collect your sensitive information.
We are also bound by other legal obligations to collect information about our customers, including but not limited to, those relating to the Anti-Money Laundering and CounterTerrorism Financing Act 2006 (Cth) and the U.S. Foreign Account Tax Compliance Act. For example, we may need to obtain a copy of a driver’s licence or passport when transacting on your behalf and may need to ask if you are a U.S. resident for tax purposes.
3.2 Personal Information
Personal information collected by MobiSuper generally comprises of the following:
- your name
- your contact details (including telephone, facsimile and e-mail)
- your address
- your date of birth
- your gender
- your marital status
- your occupation, and
- your financial information including your assets and liabilities, expenses, details of superannuation, investments and current insurance cover.
In some instances, we collect personal details unlikely to beknown to other people to help us identify you over the telephone. This assists us to provide greater security over the personal information collected and held by MobiSuper. We may also monitor and record telephone calls for training and security purposes. Depending on the service offered by MobiSuper, we may collect the following:
- the number and ages of your dependents
- the length of time at your current address
- your employer’s name and contact details
- the length of your employment
- proof of your earnings, and/or
- details of your previous employment.
We understand that people want the information that they give to organisations to be treated with respect and privacy. Protecting your information is an important part of maintaining trust between us and our customers and by handling information in a secure manner we build strong business relationships.
3.3 Sensitive Information
Sensitive information includes:
- health information e.g. blood tests, medical reports
- other genetic information, and
- information or opinion about an individual’s racial origin, political association, religious beliefs, philosophical beliefs, professional memberships, trade union membership, sexual preference or criminal records.
For some of the services provided by MobiSuper sensitive information may be required. The collection of sensitive information is generally subject to greater restrictions. Sensitive information may be required when you apply for life insurance products in order to underwrite those products. This may include sensitive information such as:
- health and medical information, and
- lifestyle information.
We will not collect sensitive information about you without your consent. This is subject to some exceptions including:
- where the collection is required or authorised by an Australian law or a court order, or
- where a permitted general situation applies, such as serious threats to life.
3.5 Collection from a third party
We sometimes collect personal information from a third party or from a publicly available source, but only if:
- the individual has consented to such collection or would reasonably expect us to collect their personal information in this way, or
- it is necessary for a specific purpose, such as providing our services that are authorised under relevant laws.
These third parties or publicly available sources may include, but are not limited to:
- product providers such as insurers and superannuation providers
- another financial planner or adviser
- an employer or employer’s adviser for corporate members
- a doctor, health professional
- a person authorised by you such as a lawyer or accountant
- Trustee of MobiSuper
- Administrator of MobiSuper
- company directors and officers
- customer’s agents
- parents and guardians in cases where we are collecting information about minors
- organisations providing leads referrals for marketing purposes
- organisations providing document verification services
- market research organisations
- social media and publically available sites, and/or
- any other party with which we have an arrangement for providing our services.
3.6. Collection from young people
Requests from minors (those under 18 years of age) to acquire services from MobiSuper on their own name are considered on their merits. Information may need to be collected from the minor’s parent or legal guardian.
We take reasonable steps to inform you that we have collected your personal information, unless it is not reasonable to do so or it is apparent from the circumstances that you are aware of this matter or would expect us to have the information. This may include a circumstance where your personal information was collected from someone else acting on your behalf. Reasonable steps may include asking the person who provided us with your information to notify you that we have collected that information.
At the time, or as soon as practicable after, we collect your personal information, we take reasonable steps to inform you of the following matters:
- our identity and contact details
- the purpose for which we collect the personal information
- the main consequence if the personal information is not collected
- the type of other entities to which we usually disclose personal information to, and
- whether we are likely to disclose your personal information to overseas recipients.
4. Disclosure of personal information
Depending on the product or service we provide to you, MobiSuper may disclose your personal information to other persons or entities, where this is not prohibited by law, such as the following:
- any person acting on your behalf, including your financial adviser, solicitor, accountant, executor, administrator, trustee, guardian or attorney
- affiliated product and service providers
- our related bodies corporate
- auditors we appoint to ensure the integrity of our operations
- for corporate members, your employer or employer’s adviser
- if required or authorised to do so, regulatory bodies and Government agencies
- anyone that you have authorised by providing your consent (either express or implied) including other financial services providers and health providers that we may need to deal with on your behalf
- insurers, including proposed insurers and insurance reference agencies (where they are considering whether to accept a proposal of insurance from you and, if so, on what terms)
- claims assessors and/or investigators (so that your claim can be assessed and managed)
- medical practitioners (to verify or clarify, if necessary, any health information you may provide)
- other organisations which in conjunction with us provide products and services (so that they may provide their products and services to you or contact you on our behalf)
- our solicitors, valuers, and insurers
- organisations providing direct marketing services or research services on our behalf
- organisations providing document verification services, and/or
- any person or organisation that we are obliged or authorised by law to disclose information such as Government agencies and regulators including the Australian Tax Office (ATO) and the Australian Transaction Report and Analysis Centre (AUSTRAC) and, where relevant, the U.S. Internal Revenue Service (IRS)
We may also disclose your information to organisations which:
- are undertaking reviews of our systems and operations
- are a third party with which we have an arrangement with to provide us with a product or service
- are involved in providing, managing or administering your product or service such as third party suppliers, loyalty and affinity program partners, printers, posting services, call centres, information technology support, and our advisers
- are related bodies corporate who wish to tell you about their products or services that might better serve your financial, e-commerce and lifestyle needs or promotions or other opportunities, and their related service providers, except where you tell us that you do not want to receive these direct marketing communications
- are involved in maintaining, reviewing and developing our business systems, procedures and infrastructure including testing or upgrading our computer systems
- are involved in a corporate re-organisation or are involved in a transfer of all or part of the assets or business of MobiSuper or
- are involved in the payments system including financial institutions, merchants and payment organisations.
We may also disclose personal information when we outsource certain functions, including bulk mailing, direct marketing, debt recovery and information technology support. In all circumstances where personal information may be disclosed or become known to our contractors, agents and outsourced service providers, there are strict confidentiality arrangements in place. Contractors, agents and outsourced service providers are not permitted to use or disclose personal information for any unauthorised purposes. We may also disclose your information to a third party where you have given your consent. We may also disclose your information were you would reasonably expect us to disclose your information to that third party.
There are circumstances where MobiSuper may also disclose your personal information where it is:
- required or authorised by an Australian law or a court order, or
- where a permitted general situation applies, such as serious threats to life.
We also use the information we collect and hold to help detect and prevent illegal activity. We co-operate with police and other enforcement bodies and Government agencies as required or authorised by law.
Where we hold your personal information in conjunction with that of other individuals, for example where there are joint policy owners, we allow each individual access to their own personal information and to common information such as premium payments and status of policy), but not to the personal information of the other individual.
4.2. Disclosure of information to overseas countries
Generally when carrying out our core business activities in providing our services, we do not disclose customer information to overseas countries and when we do so we take reasonable steps to ensure that the overseas entity protects that information against unauthorised access or loss, such as entering into a contract with the organisation providing that service.
The types of overseas organisations to whom we may need to disclose customer personal information, include, but are not limited to, those providing information technology, quality assurance and reinsurance services.
5. Security of personal information
We strive to ensure that the personal information that you provide to us is safe and secure. We take all reasonable precautions to protect the personal information we hold about you from misuse, interference and loss, and from unauthorised access, modification or disclosure. We have a range of practices and policies in place to provide a robust security environment. We ensure the on-going adequacy of these measures by regularly reviewing them. Our security measures include, but are not limited to:
- educating our staff as to their obligations with regard to your personal information
- requiring our staff to use passwords when accessing our systems.
- encrypting data sent from your computer to our systems during Internet transactions and customer access codes transmitted across networks
- employing firewalls, intrusion prevention systems and virus scanning tools to protect against unauthorised persons and viruses from entering our systems
- using dedicated secure networks or encryption when we transmit electronic data where relevant
- providing secure storage for physical records
- employing physical and electronic means, including
- access controls (as required) to protect against unauthorised access to buildings, and
- securing paper files in locked cabinets and physical access restrictions
5.2 Retention of personal information
We retain your personal information for as long as is required to provide our products and services to you. There are legal and regulatory obligations to retain records about customers for certain periods of time and for this reason we may refuse to permanently delete your personal information if you request that it is removed from our records. Examples of where we are obliged to retain information include, but are not limited to, the following:
- record retention obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
- obligations to provide information to Government agencies including APRA, ASIC, AUSTRAC and the ATO
- obligations to provide information and documentation to courts and tribunals where MobiSuper is bound by law to cooperate with those institutions
- obligations to maintain company records under current legislation including the Corporations Act, and
- obligations to provide information to organisations with which we have a business relationship including related bodies corporate.
5.3 Identification and verification
We are required by law to identify you in some circumstances, such as when we provide financial advice on investment products. The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) requires us to obtain and check details of certain identification documents (i.e. photographic and non-photographic documents) in order to meet the obligations under that legislation. We may take steps to verify the information we collect, for example, a birth certificate provided as identification may be verified with records held by the relevant Registry of Births, Deaths and Marriages to protect against impersonation.
6. Accuracy and correction of personal information
We take reasonable steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as Necessary.
You should contact us using the details provided in Section 9 if any of the details you have provided change or if you believe that the information we have about you is not accurate, complete or up-to-date.
You have a right to request that we correct the personal information that we hold about you. Generally, we will correct the information unless we consider there is a good reason under the Privacy Act 1988 (Cth) or other relevant law to refuse to correct the information.
If we do not agree with you that the information we hold should be corrected we will let you know the reasons in writing. You may request a statement is associated with the information that the personal information is inaccurate, out of date, incomplete, irrelevant or misleading. We will take such steps as are reasonable to deal with that request. Individuals can obtain further information about how to request access or changes to the information we hold about them by contacting us using the details provided in Section 9.
7. Accuracy and correction of personal information
Under current privacy legislation, you have the right to request access to personal information that we hold about you and you can ask that we correct your personal information. If you wish to access your personal information, we generally ask that you put this request in writing using the contact details provided in Section 9. This process will assist us in identifying you and will also assist us by identifying your policy number/s and the type of information to which you are requesting access.
We will deal with your request for access to your personal information as soon as possible and aim to respond to your request within 30 days. The time we require to process your request will depend upon the type of information you have requested. An access charge may apply such as photocopying costs, but not for processing the request itself. Your access to your personal information is subject to some exceptions allowed by law. In certain circumstances, you may not be entitled to access the personal information we hold about you. These circumstances include:
- where we reasonably believe that providing access would pose a serious threat to the life, health or safety of an individual
- where giving access would have an unreasonable impact on the privacy of others
- where giving access would prejudice negotiations between yourself and MobiSuper
- where the information relates to existing or anticipated legal proceedings between yourself and MobiSuper and would not be accessible in those proceedings
- where giving access would be unlawful
- where denying access is required or authorised by law
- where giving access would likely prejudice the taking of appropriate action in relation to suspected unlawful activity or serious misconduct
- where giving access would be likely to prejudice an enforcement related activity, and/or
- where the request is frivolous or vexatious. If we do not agree to provide access to your personal information, where reasonable to do so, we will provide you with a written notice setting out the reasons for the refusal. The written notice will also set out the mechanism available to you to complain about the refusal.
8. Direct marketing and opting out
Personal information is shared between MobiSuper, its related bodies corporate and other companies with which it has a business relationship. They may provide you with information on their products and services which we consider may be of interest to you. Please contact us using the details provided in Section 9 if you do not want your personal information to be used in this way.
We may disclose your personal information for the purposes of direct marketing if we disclosed that we would use the information for that purpose when we collected the information from you or you would reasonably expect that we would disclose your information for that purpose. We may also disclose your personal information for direct marketing purposes if we did not collect that information directly from you, but you gave your consent for us to use that information for marketing purposes, except where it is impractical to obtain that consent. We provide a simple means by which you can request to not receive direct marketing communications from us.
We may also use personal information held about you to keep you informed of new products or special arrangements offered or distributed by us, or other organisations with which we have a business relationship, or to conduct marketing activities and may disclose information about you to our service providers for this purpose. Please contact us using the details provided in Section 9 if you do not want your personal information to be used in this way or to opt-out of receiving marketing information altogether. If you opt out of direct marketing communications, we will no longer share your personal information for that purpose.
9. How to contact MobiSuper
If you have any questions or concerns about privacy issues MobiSuper may be contacted by mail, phone, fax or email using the details below.
Mail: Po Box 6537, Rouse Hill Town Centre NSW 2155
Phone: 1300 222 62
MobiSuper Privacy Officer
If you have any privacy related questions or would like further information on MobiSuper’s privacy and information handling practices, please contact the MobiSuper Privacy Officer
Mail: Po Box 6537, Rouse Hill Town Centre NSW 2155
Phone: 1300 222 622
MobiSuper Complaints Resolution Officer
Should you have a privacy related complaint, please contact our Complaints Resolution Officer.
Mail: Po Box 6537, Rouse Hill Town Centre NSW 2155
Phone: 1300 222 622
10. How to make a complaint
If you have any concerns about how your personal information has been handled you can let us know and we will work to resolve the matter.
MobiSuper has a centralised internal complaints process. Complaints handling is a key component of MobiSuper’s compliance management framework, as our regulatory obligations include having a strong internal complaints process as well as being a member of an appropriate external complaints scheme. We aim to deal with all complaints within a reasonable timeframe and in a fair and efficient manner.
To lodge a complaint you can write to us using the contact details provided in Section 9, or make contact by phone. If we cannot deal with your issue straight away we will acknowledge your correspondence, normally within a few days.
If your complaint requires further investigation, we will aim to resolve it within 30 days. If we cannot resolve it within that timeframe, we will contact you and let you know the reasons for the delay and what extra time we may need. In any event, throughout the investigation of your complaint we will provide you with updates of our progress so that you are aware of what is happening at all times.
Your complaint will be handled by a complaints manager who will deal with you personally to discuss your complaint, including any proposed resolution.
If MobiSuper is unable to resolve your complaint to your satisfaction, we will inform you as to how you can escalate the complaint to the appropriate external dispute resolution body. In cases of privacy related complaints, this is generally the Office of the Australian Information Commissioner which you can contact by calling 1300 363 992, via their website at www.oaic.gov.au or by mail to the Office of the Australian Information Commissioner at GPO Box 5218 Sydney NSW 2001.
If your complaint is about a specific superannuation, pension or annuities product rather than MobiSuper’s services, the relevant external dispute resolution body is the Superannuation Complaints Tribunal which you can contact by calling 1300 363 992 or by mail to the Superannuation Complaints Tribunal at Locked Bag 3060 Melbourne VIC 3001.
11. Dealing with us anonymously
You can deal with us anonymously or use a pseudonym where it is lawful and practicable to do so.
If you wish to obtain general product information or an indicative quote as a potential customer, we may be able to provide the same on an anonymous basis. However as a financial services provider we generally need your full and correct details before we can provide you with any of our financial planning services.
12. Government related identifiers
We do not use your Tax File Number (TFN), Medicare number, or any other Government identifier for the purpose of identifying you.
The only circumstances in which we would collect, use or disclose these details is where we are required or authorised by law to do so. For example we may be required to disclose your TFN to the ATO.
As a recipient of TFNs, MobiSuper must ensure that TFN information is protected by such security safeguards as is reasonable in the circumstances to take, to prevent loss, unauthorised access, use, modification or disclosure and other misuse.
The over-riding principles are as follows:
- limiting the need to obtain TFNs only to instances where they are required by law
- restricting access of TFNs to authorised operations staff
- restricting when and how TFNs can be used
- ensuring security safeguards are implemented and maintained
- minimising the risk of loss, unauthorised access, use, modification or disclosure
- TFNs can only be collected, recorded, used and disclosed for tax purposes, and
- TFNs cannot be used as an identifier
Under the Superannuation Industry (Supervision) Act 1993, your superannuation fund is authorised to collect your TFN, which will only be used for lawful purposes. These purposes may change in the future as a result of legislative change. The trustee of your superannuation fund may disclose your TFN to another superannuation provider, when your benefits are being transferred, unless you request the trustee of your superannuation fund in writing that your TFN not be disclosed to any other superannuation provider.
It is not an offence not to quote your TFN. However giving your TFN to your superannuation fund will have the following advantages (which may not otherwise apply):
- your superannuation fund will be able to accept contributions to your account/s that it would otherwise not be able to accept
- you will not have to pay the higher rate of tax on contributions that may apply if you do not provide your TFN
- other than the tax that may ordinarily apply, no additional tax will be deducted when you start drawing down your superannuation benefits
- it will make it much easier to trace different superannuation accounts in your name so that you receive all your superannuation benefits when you retire.
13. Additional related identifiers
The Office of the Australian Information Commissioner (OAIC) promotes and protects privacy in Australia. It is an independent office that has various responsibilities under the privacy legislation, including:
- providing general guidance and information about privacy legislation and privacy issues
- investigating complaints from individuals and investigating possible breaches of the legislation, and
- promoting awareness of privacy rights and responsibilities.
Under current privacy laws the Privacy Commissioner can:
- investigate actual or perceived privacy breaches by Australian businesses
- seek civil penalties in the case of serious or repeated breaches of privacy, and
- conduct assessments of privacy performance for Australian businesses.
People who are dissatisfied about the way an organisation has dealt with their personal information can complain to the OAIC and the issue will be investigated. Generally, a person would need to have taken that complaint through the internal complaints resolutions process with the organisation before the OAIC will conduct an investigation. Useful information about the privacy rights of individuals and privacy obligations imposed on organisations can be found on the website for the OAIC at http://www.oaic.gov.au.
Note that this website is not owned or controlled by MobiSuper; this link is provided for your convenience
14. Cookies and website analytics
A ‘cookie’ is a packet of information that allows the server (the computer that houses the website) to identify and interact more effectively with your computer. When you use one of our websites, we send you a cookie that gives you a unique identification number. A different identification number is sent each time you use one of our websites. Cookies do not identify individual users, although they do identify a user’s browser type and your Internet Service Provider (ISP). You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is sent. Please refer to your browser instructions or help screens to learn more about these functions. If you reject all cookies, you may not be able to use our websites. To evaluate the effectiveness of our website advertising, we may use third parties to collect statistical data. No personal information is collected on these occasions.
14.2 Website analytics
We use a range of tools provided by third parties and our web hosting company to collect or view website traffic information. These sites have their own privacy policies overarching MobiSuper’s. The non-personal information collected by these tools may include the IP address of the device that you are using and information about sites that IP address has come from, the pages accessed on our site and the next site visited. We use the information to maintain, secure and improve our websites and to enhance your experience when using them. Options are available to opt-out from supplying this information.
14.3.Data collection and analysis
From time to time we analyse our customer data (some in machine-readable format) against other data lists and when this is done it is through a secure information technology environment and wherever logistically possible we de-identify the personal information when these data transfers or data washes occur. MobiSuper uses technology advances to analyse information about customers for purposes such as improving our products and services. MobiSuper may analyse customer information that it holds against information that we are permitted to use from external sources such as statistical data. Generally this information is based on aggregated data that does not contain information that identifies individuals.
14.4.Social networking services
We use social networking services such as Twitter, Facebook and YouTube for communications. When you communicate with us using these services we may collect your personal information, but we only use it for the purposes of communicating with you. The social networking service will also handle your personal information for its own purposes and these sites have their own privacy policies.
- if we make significant changes to our business processes which are not covered by this policy
- if there are significant changes to privacy legislation, and/ or
- if there are significant changes to our information handling practices, for example, due to technological advances.