The extent of what the APSS Trustee can do with the personal member information it collects, holds and uses is set out in the latest Privacy Collection Statement
PostSuper Pty Ltd (the Trustee), as Trustee of the Australia Post Superannuation Scheme (APSS), is bound by the Australian Privacy Principles in the Privacy Act 1988 (Cth) (the Privacy Act), as well as other applicable laws protecting privacy, including the Health Records Act 2001 (Vic) and the Health Records and Information Privacy Act 2002 (NSW).
Below we provide you with a list of the APPs. A summary of the main elements that make up the APPs is available online at the Australian Information Commissioner website: www.oaic.gov.au.
This Policy will apply on and from 23 June 2017.
To properly meet your expectations as an APSS Member, the Trustee needs to collect, store and use personal information about you. For example, personal information would be relevant to determining whether a member is entitled to be paid a superannuation benefit out of the APSS and the amount of any benefit payable. Information about our members is also used in the development of the superannuation products we offer.
At a minimum, the personal information that we collect will include your name, address, date of birth, gender, salary, email address and tax file number (if provided). In some circumstances additional personal information may be collected — for example, health information in connection with a benefit claim you have made, or details of persons you may have nominated to be the beneficiaries of your superannuation benefit in the event of your death. If an individual chooses not to provide certain personal information to the Trustee, the Trustee may not be able to provide the individual with certain services or information.
Information is usually collected at the time you join the APSS. However, it is also collected when you make changes to your personal information (such as a change of address) and when you claim a benefit from the APSS, such as for total and permanent disablement.
Normally, the Trustee will receive your personal information from your employer, if it does not receive this information directly from you in your application documents and other communications with APSS. Personal information may also be passed to your employer in order to (for example) validate salary, leave history or next of kin details.
The Trustee may also collect personal information from various online sources, including social media, in order to investigate or validate information provided by members to the Trustee in the course of reviewing or assessing complaints or claims for total and permanent disablement or death benefits.
The Trustee uses various agents to help it administer the APSS. Information collected by the Trustee may be passed to the APSS's agents, as needed, to enable them to properly perform their respective functions in relation to the APSS. These agents include the APSS's administrator and claims assessor, legal, actuarial, accounting, auditors, insurer, mail house and other professional advisers. All of these agents are under binding legal obligations to keep the information given to them secure and confidential and to deal with it only as authorised by the Trustee. Each agent is provided only with the personal information it reasonably requires in order to perform its services to the Trustee.
From time to time, the Trustee may also be required to disclose personal information regarding APSS members in order to comply with Australian laws which apply by virtue of the Trustee's role as the trustee of a superannuation fund. These include disclosures to regulatory bodies (including periodic reporting obligations) and to courts and tribunals.
We may store your personal information in hard copy or electronic format (or both). Hard copies are stored onsite at the place of business of the Trustee (or the relevant agent performing services on behalf of the Trustee, if applicable), or offsite at a secure managed storage facility. Electronic data is stored offsite at a managed server facility.
The Trustee and its agents have in place various measures and policies aimed at ensuring an appropriate level of security and risk management in relation to your personal information. The measures which are implemented to manage the risk of improper use of your personal information include (but are not limited to) firewalls, anti-virus software, secure identity access management, restricting access permissions according to employee role, data encryption, staff awareness training and the use of segregated restricted access facilities.
The effectiveness of these security and risk management measures are tested in a number of ways, including periodic penetration testing and vulnerability assessments.
For each member of the APSS whose personal information we hold, we or our agents maintain a consolidated record of all such information.
When your personal information is no longer required for the purposes described in this Policy, reasonably practicable steps are taken to destroy it or de-identify it. Where this is not practicable, reasonable steps are taken to protect it against loss, unauthorised access, use, modification or disclosure, or other misuse.
In the course of performing its role as Trustee of the APSS, the Trustee may come into possession of sensitive information about you. Sensitive information is a type of personal information and includes health or medical information, racial or ethnic origin, religious or philosophical beliefs or affiliations, and sexual orientation. The Trustee collects, holds and discloses your sensitive information only to the extent reasonably necessary for it to perform its role as Trustee of the APSS. The APPs include a list of very limited circumstances in which your sensitive information can be gathered without your express consent.
Generally speaking, you can access the personal information about you which the APSS holds. In some circumstances it may not be possible for the Trustee to provide you with all of your personal information, or an exemption under the Privacy Act may apply which excuses the Trustee from providing it to you (for example, where giving access would be unlawful, or where the request for access is frivolous or vexatious). Where this is the case, the Trustee will tell you why.
You also have a right to request corrections to your personal information held by the Trustee.
If you wish to access any personal information that the Trustee holds about you, or you think that any of that information is inaccurate, incomplete or no longer up-to-date, you may contact the Trustee by calling 1300 360 373. Alternatively, you can complete an online e-form, available from www.apss.com.au. The Trustee will take reasonable steps to provide that information, or ensure that the information is corrected, as applicable. When you request access or changes to personal information, the Trustee (or its agent) may need to take measures to verify your identity before providing or updating such information.
The APSS aims to have the personal information it collects and uses as accurate and as up-to date as reasonably possible, which is why the Trustee encourages you to keep your personal information up-to-date.
In the course of its administration of the APSS, the Trustee or its agents may disclose your personal information to recipients that are located outside Australia.
The Trustee’s benefits administrator may disclose personal information to its overseas offices located in India and the Philippines and the Trustee’s Insurer - MetLife Insurance may disclose personal information to its overseas offices in Malaysia and Hong Kong.
The Trustee’s auditors KPMG and EY may also disclose personal information to their overseas entities. For a full list of countries where the information may be shared, this can be found in their respective privacy policies: