Company: Thankyou Super Pty Ltd
ACN: 667 509 346
AFSL: Thankyou Super Pty Ltd (ABN 58 667 509 346) is a Corporate Authorised Representative (CAR No. 001309953) of Life Matters Claims Pty Ltd (AFSL No. 532487).
Date Updated: 01/09/2024
This privacy policy applies to all Personal Information collected by Thankyou Super Pty Ltd (We, Us, or Our), including what is collected via the website located at www.thankyousuper.com.au (Website).
We are committed to protecting your privacy as a customer and an online visitor to our website. We use the information we collect about you to enhance the services that we and our contracted law firms provide. We respect the privacy and confidentiality of the information provided by you and adhere to the Australian Privacy Principles. Please read our privacy policy carefully.
SECTION A – INTRODUCTION
1. INTRODUCTION
1.1 As part of Thankyou Super Pty Ltd’s (“Thankyou Super”) process to ensure that it continues to maintain the highest levels of professional integrity and ethical conduct, Thankyou Super has adopted this Privacy Policy (“Policy”) to manage personal information in an open and transparent manner.
1.2 The provisions of this Policy assist Thankyou Super in complying with the requirements of the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles in protecting the personal information Thankyou Super holds about its clients.
2. WHEN DOES THIS POLICY APPLY?
2.1 This Policy applies to all representatives and employees of Thankyou Super at all times, and the requirements remain in force on an ongoing basis.
3. GLOSSARY
- APP entity: Means an agency or organisation as defined in section 6 of the Privacy Act.
- Australian law: Means (a) an Act of the Commonwealth or of a State or Territory; (b) regulations, or any other instrument, made under such an Act; or (c) a Norfolk Island enactment; or (d) a rule of common law or equity.
- Collects: Thankyou Super collects personal information only if Thankyou Super collects the personal information for inclusion in a record or generally available publication.
- Court/tribunal order: Means an order, direction, or other instrument made by (a) a court; or (b) a tribunal; or (c) a judge (including a judge acting in a personal capacity) or a person acting as a judge; or (d) a magistrate (including a magistrate acting in a personal capacity) or a person acting as a magistrate; or (e) a member or an officer of a tribunal; and includes an order, direction or other instrument that is of an interim or interlocutory nature.
- De-identified: Personal information is de-identified if the information is no longer about an identifiable individual or an individual who is reasonably identifiable.
- Eligible Data Breach: An eligible data breach occurs (a) when there has been unauthorised access or unauthorised disclosure of personal information, or a loss of personal information, that Thankyou Super holds; and (b) the unauthorised access or unauthorised disclosure is likely to result in serious harm to one or more clients; and (c) Thankyou Super is not able to prevent the likely risk of serious harm with remedial action.
- Holds: Thankyou Super holds personal information if it has possession or control of a record that contains the personal information.
- Identifier of an individual: Means a number, letter or symbol, or a combination of any or all of those things, that is used to identify the individual or to verify the identity of the individual, but does not include (a) the individual’s name; or (b) the individual’s ABN (within the meaning of the A New Tax System (Australian Business Number) Act 1999); or (c) anything else prescribed by the regulations.
- Permitted general situation: As defined in s16A of the Privacy Act.
- Permitted health situation: As defined in s16B of the Privacy Act.
- Personal information: Means information or an opinion about an identified individual, or an individual who is reasonably identifiable (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not.
- Sensitive information: Means (a) information or an opinion about an individual’s (i) racial or ethnic origin; (ii) political opinions; (iii) membership of a political association; (iv) religious beliefs or affiliations; (v) philosophical beliefs; (vi) membership of a professional or trade association; (vii) membership of a trade union; (viii) sexual orientation or practices; (ix) criminal record; that is also personal information; or (b) health information about an individual; or (c) genetic information about an individual that is not otherwise health information; (d) biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or (e) biometric templates.
SECTION B – CONSIDERATION OF PERSONAL INFORMATION PRIVACY
4. PRIVACY STATEMENT
4.1 Thankyou Super’s Director ensures that at all times the provisions of this policy are implemented in the day-to-day running of Thankyou Super.
4.2 The Director ensures that at all times this Policy:
- (a) Is current and reflects the latest applicable Australian laws; and
- (b) Contains the following information: – (i) The kinds of personal information that Thankyou Super collects and holds; – (ii) How Thankyou Super collects and holds personal information; – (iii) The purposes for which Thankyou Super collects, holds, uses, and discloses personal information; – (iv) How an individual may complain about a breach of the Australian Privacy Principles, or other relevant legislation that binds Thankyou Super, and how Thankyou Super deals with such a complaint; – (v) Whether Thankyou Super is likely to disclose personal information to overseas recipients; and – (vi) If Thankyou Super is likely to disclose personal information to overseas recipients, the countries in which such recipients are likely to be located if it is practicable to specify those countries in this policy.
4.3 Thankyou Super ensures that Thankyou Super’s Privacy Statement is available free of charge and in such form as appropriate. Thankyou Super makes the Privacy Statement available on its website.
4.4 If the Privacy Statement is requested in a particular form, Thankyou Super will take such steps as are reasonable to provide the Privacy Statement in the form requested.
SECTION C – COLLECTION OF PERSONAL INFORMATION (SOLICITED PERSONAL INFORMATION)
5. PERSONAL INFORMATION (OTHER THAN SENSITIVE INFORMATION)
5.1 This Section C applies to the collection of personal information that is solicited by Thankyou Super.
5.2 Thankyou Super does not collect personal information (other than sensitive information) unless the information is reasonably necessary for one or more of Thankyou Super’s functions or activities.
5.3 Thankyou Super’s functions or activities include:
- (a) Making a recommendation or stating an opinion in response to an inquiry about a claim or potential claim;
- (b) Making a recommendation or stating an opinion that could influence a decision about making or continuing with a claim;
- (c) Representing someone in pursuing a claim;
- (d) Assisting another person to make a claim;
- (e) Assessing whether an insurer is liable under an insurance product;
- (f) Making a decision to accept or reject all or part of a claim;
- (g) Quantifying an insurer’s liability under an insurance product;
- (h) Offering to settle all or part of a claim; and
- (i) Satisfying a liability of an insurer under a claim.
6. SENSITIVE INFORMATION
6.1 Thankyou Super does not collect sensitive information about an individual unless:
- (a) The individual consents to the collection of the information and the information is reasonably necessary for one or more of Thankyou Super’s functions or activities (as described in section 5.3); or
- (b) The collection of the information is required or authorised by or under an Australian law or a Court/Tribunal order; or
- (c) A permitted general situation exists in relation to the collection of the information by Thankyou Super; or
- (d) A permitted health situation exists in relation to the collection of the information by Thankyou Super.
7. MEANS OF COLLECTION
7.1 Thankyou Super only collects personal information by lawful and fair means.
7.2 Thankyou Super only collects personal information about an individual from the individual (rather than someone else), unless it is unreasonable or impracticable to do so or the individual has instructed Thankyou Super to liaise with someone else.
7.3 Thankyou Super collects personal information from an individual when:
- (a) Thankyou Super’s Application Form is completed;
- (b) A client provides the information to Thankyou Super’s representatives over the telephone or via email;
- (c) A client provides the information to Thankyou Super on the website; and
- (d) A client provides the information to Thankyou Super through a completed Incident Report Form/Claim Form.
8. INFORMATION COLLECTED BY THANKYOU SUPER
8.1 The information Thankyou Super collects may include, but is not limited to, the following:
- (a) Name;
- (b) Date of birth;
- (c) Postal or email address;
- (d) Phone numbers; or
- (e) Other information Thankyou Super considers necessary to their functions and activities.
9. PURPOSE OF COLLECTION
9.1 If an individual is acquiring or has acquired a service from Thankyou Super, the individual’s personal information will be collected and held for the purposes of:
- (a) Checking whether an individual is eligible for Thankyou Super’s service;
- (b) Providing the individual with Thankyou Super’s service;
- (c) Managing and administering Thankyou Super’s service;
- (d) Protecting against fraud, crime or other activity which may cause harm in relation to Thankyou Super’s services;
- (e) Complying with legislative and regulatory requirements in any jurisdiction; and
- (f) Assisting Thankyou Super in the running of its business.
9.2 Thankyou Super may also collect personal information for the purposes of letting an individual know about services that might better serve their needs or other opportunities in which they may be interested. Please refer to Section G for further information.
SECTION D – COLLECTION OF PERSONAL INFORMATION (UNSOLICITED PERSONAL INFORMATION)
10. DEALING WITH UNSOLICITED PERSONAL INFORMATION
10.1 If Thankyou Super:
- (a) Receives personal information about an individual; and
- (b) The information is not solicited by Thankyou Super
Thankyou Super must, within a reasonable period after receiving the information, determine whether or not it was permitted to collect the information under Section C above.
10.2 Thankyou Super may use or disclose the personal information for the purposes of making the determination under paragraph 10.1.
10.3 If Thankyou Super:
- (a) Determines that it could not have collected the personal information; and
- (b) The information is not contained in a Commonwealth record,
Thankyou Super must as soon as practicable, destroy the information or ensure that the information is de-identified, only if it is lawful and reasonable to do so.
SECTION E – NOTIFICATION OF THE COLLECTION OF PERSONAL INFORMATION
11. NOTIFICATION OF COLLECTION
11.1 This section 11 applies to:
- (a) Solicited information; and
- (b) Unsolicited information to which section 10 does not apply.
11.2 Thankyou Super must notify the individual of the following matters in the Privacy Statement:
- (a) Thankyou Super’s identity and contact details;
- (b) If Thankyou Super collects the personal information from a third party or the individual is not aware that Thankyou Super has collected the personal information, the fact that Thankyou Super so collects, or has collected the information and the circumstances of that collection;
- (c) If the collection of the personal information is required or authorised by or under an Australian law or a Court/Tribunal order, the fact that the collection is so required or authorised (including the details of the law or court);
- (d) The purposes for which Thankyou Super collects the personal information;
- (e) The main consequences (if any) for the individual if the information is not collected by Thankyou Super;
- (f) Any other entities to which Thankyou Super usually discloses personal information of the kind collected by Thankyou Super;
- (g) That Thankyou Super’s Privacy Statement and this Privacy Policy contain information about how the individual may access the personal information about the individual that is held by Thankyou Super and seek correction of such information;
- (h) That Thankyou Super’s Privacy Statement contains information about how the individual may complain about a breach of the Australian Privacy Principles and how Thankyou Super will deal with such a complaint;
- (i) Whether Thankyou Super discloses the personal information to overseas recipients; and
- (j) If Thankyou Super discloses the personal information to overseas recipients – the countries in which such recipients are located if it is practicable to specify those countries in the notification or to otherwise make the individual aware of them.
SECTION F – USE OR DISCLOSURE OF PERSONAL INFORMATION
12. USE OR DISCLOSURE
12.1 Where Thankyou Super holds personal information about an individual that was collected for a particular purpose (“the primary purpose”), Thankyou Super must not use or disclose the information for another purpose (“the secondary purpose”) unless:
- (a) The individual has consented to the use or disclosure of the information; or
- (b) The individual would reasonably expect Thankyou Super to use or disclose the information for the secondary purpose and the secondary purpose is: – (i) Directly related to the primary purpose (if the information is sensitive information); or – (ii) Related to the primary purpose (if the information is not sensitive information);
- (c) The use or disclosure of the information is required or authorised by or under an Australian law or a Court/Tribunal order; or
- (d) A permitted general situation exists in relation to the use or disclosure of the information by Thankyou Super; or
- (e) Thankyou Super reasonably believes that the use or disclosure of the information is reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body.
12.2 Where Thankyou Super uses or discloses personal information in accordance with section 12.1(e), Thankyou Super keeps a copy of this disclosure (e.g., the email or letter used to do so).
12.3 This section 12 does not apply to:
- (a) Personal information for the purposes of direct marketing; or
- (b) Government-related identifiers.
12.4 If Thankyou Super collects personal information from a related body corporate, this section 12 applies as if Thankyou Super’s primary purpose for the collection was the primary purpose for which the related body corporate collected the information.
13. WHO DOES THANKYOU SUPER DISCLOSE PERSONAL INFORMATION TO?
13.1 Thankyou Super may disclose personal information collected from clients and prospective clients to the following:
- (a) Organisations involved in providing, managing, or administering Thankyou Super’s service such as third-party suppliers, e.g., printers, posting services, and our advisers;
- (b) Organisations involved in maintaining, reviewing, and developing Thankyou Super’s business systems, procedures, and infrastructure, including testing or upgrading Thankyou Super’s computer systems;
- (c) Organisations involved in a corporate reorganisation;
- (d) Organisations involved in the payments system, including financial institutions, merchants and payment organisations;
- (e) Other organisations, who jointly with Thankyou Super, provide its services;
- (f) Authorised representatives who provide Thankyou Super’s services on its behalf;
- (g) The individual’s representatives, including legal advisers;
- (h) Debt collectors;
- (i) Thankyou Super’s financial advisers, legal advisers, or auditors;
- (j) Fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct;
- (k) External dispute resolution schemes; or
- (l) Regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.
SECTION G – DIRECT MARKETING
14. DIRECT MARKETING
14.1 Thankyou Super must not use or disclose the personal information it holds about an individual for the purpose of direct marketing.
15. EXCEPTION – PERSONAL INFORMATION OTHER THAN SENSITIVE INFORMATION
15.1 Thankyou Super may use or disclose personal information (other than sensitive information) about an individual for the purposes of direct marketing if:
- (a) Thankyou Super collected the information from the individual; and the individual would reasonably expect Thankyou Super to use or disclose the information for that purpose; or
- (b) Thankyou Super has collected the information from a third party; and either: – (i) Thankyou Super has obtained the individual’s consent to the use or disclose the information for the purpose of direct marketing; or – (ii) It is impracticable for Thankyou Super to obtain the individual’s consent; and
- (c) Thankyou Super provides a simple way for the individual to opt out of receiving direct marketing communications from Thankyou Super;
- (d) In each direct marketing communication with the individual, Thankyou Super: – (i) Includes a prominent statement that the individual may opt out of receiving direct marketing; or – (ii) Directs the individual’s attention to the fact that the individual may opt out of receiving direct marketing; and
- (e) The individual has not made a request to opt out of receiving direct marketing.
16. EXCEPTION – SENSITIVE INFORMATION
16.1 Thankyou Super may use or disclose sensitive information about an individual for the purpose of direct marketing if the individual has consented to the use or disclosure of the information for that purpose.
17. REQUESTS TO STOP DIRECT MARKETING
17.1 Where Thankyou Super uses or discloses personal information about an individual for the purposes of direct marketing by Thankyou Super or facilitating direct marketing by another organisation, the individual may request:
- (a) That Thankyou Super no longer provide them with direct marketing communications;
- (b) That Thankyou Super does not use or disclose the individual’s personal information for the purpose of facilitating direct marketing by another organisation;
- (c) That Thankyou Super provides the source of the personal information.
17.2 Where Thankyou Super receives a request from an individual under section 17.1, Thankyou Super:
- (a) Gives effect to the request under section 17.1(a) or 17.1(b) within a reasonable period after the request is made and free of charge; and
- (b) Notifies the individual of the source of the information, if the individual requests it, unless it is impracticable or unreasonable to do so.
17.3 This Section G does not apply to the extent that the following laws apply:
- (a) The Do Not Call Register Act 2006;
- (b) The Spam Act 2003; or
- (c) Any other Act of the Commonwealth of Australia.
SECTION H – CROSS BORDER DISCLOSURE OF PERSONAL INFORMATION
18. DISCLOSING PERSONAL INFORMATION TO CROSS BORDER RECIPIENTS
18.1 Personal Information may be transferred overseas or stored overseas for a variety of reasons.
18.2 It is not possible to identify each and every country to which your Personal Information may be sent.
18.3 If your Personal Information is sent to a recipient in a country with data protection laws which are at least substantially similar to the APP, and where there are mechanisms available to you to enforce protection of your Personal Information under that overseas law, We will not be liable for a breach of the APP if your Personal Information is mishandled in that jurisdiction.
18.4 If your Personal Information is transferred to a jurisdiction which does not have data protection laws as comprehensive as Australia’s, We will take reasonable steps to secure a contractual commitment from the recipient to handle your information in accordance with the APP.
SECTION I – ADOPTION, USE OR DISCLOSURE OF GOVERNMENT IDENTIFIERS
19. ADOPTION OF GOVERNMENT RELATED IDENTIFIERS
19.1 Thankyou Super must not adopt a government-related identifier of an individual as its own identifier unless:
- (a) Thankyou Super is required or authorised by or under an Australian law or a Court/Tribunal order to do so; or
- (b) The identifier, Thankyou Super and the circumstances of the adoption are prescribed by regulations.
20. USE OR DISCLOSURE OF GOVERNMENT RELATED IDENTIFIERS
20.1 Before using or disclosing a government-related identifier of an individual, Thankyou Super must ensure that such use or disclosure is:
- (a) Reasonably necessary for Thankyou Super to verify the identity of the individual for the purposes of the organisation’s activities or functions; or
- (b) Reasonably necessary for the organisation to fulfil its obligations to an agency or a State or Territory authority; or
- (c) Required or authorised by or under an Australian law or a Court/Tribunal order; or
- (d) Within a permitted general situation (other than the situation referred to in item 4 or 5 of the table in subsection 16A(1) of the Privacy Act); or
- (e) Reasonably necessary for one or more enforcement-related activities conducted by, or on behalf of, an enforcement body; or
- (f) The identifier, Thankyou Super, and the circumstances of the adoption are prescribed by regulations.
SECTION J – INTEGRITY OF PERSONAL INFORMATION
21. QUALITY OF PERSONAL INFORMATION
21.1 Thankyou Super ensures that the personal information it collects and the personal information it uses or discloses is, having regard to the purpose of the use or disclosure, accurate, up to date, complete, and relevant.
22. SECURITY OF PERSONAL INFORMATION
22.1 Thankyou Super ensures that it protects any personal information it holds from misuse, interference, loss, unauthorised access, modification, and disclosure.
22.2 Thankyou Super takes reasonable steps to destroy or de-identify any personal information it holds where:
- (a) Thankyou Super no longer needs the personal information for any purpose for which the information may be used or disclosed by Thankyou Super;
- (b) The information is not contained in a Commonwealth record;
- (c) Thankyou Super is not required to retain that information under an Australian law, or a Court/Tribunal order.
23. STORAGE OF PERSONAL INFORMATION
23.1 Thankyou Super stores personal information in different ways, including:
- (a) Hard copy on-site at Thankyou Super’s head office;
- (b) Electronically secure data centres which are located in Australia and owned by either Thankyou Super or external service providers;
- (c) Various cloud storage solutions and online software platforms, such as customer relationship management systems or document management systems, all of which ensure data security and compliance with Australian regulations.
23.2 In order to ensure Thankyou Super protects any personal information it holds from misuse, interference, loss, unauthorised access, modification, and disclosure, Thankyou Super implements the following procedures/systems:
- (a) Access to information systems is controlled through identity and access management;
- (b) Employees are bound by internal information security policies and are required to keep information secure;
- (c) All employees are required to complete training about information security;
- (d) Thankyou Super regularly monitors and reviews its compliance with internal policies and industry best practices; and
- (e) Other necessary security measures are in place to ensure the protection of personal information.
SECTION K – ACCESS TO, AND CORRECTION OF, PERSONAL INFORMATION
24. ACCESS
24.1 Thankyou Super must give an individual access to the personal information it holds about the individual if so requested by the individual.
24.2 Thankyou Super must respond to any request for access to personal information within a reasonable period after the request is made.
24.3 Thankyou Super must give access to the information in the manner requested by the individual, if it is reasonable and practicable to do so and must take such steps as are reasonable in the circumstances to give access in a way that meets the needs of Thankyou Super and the individual.
24.4 Thankyou Super must not charge an individual for making a request and does not impose excessive charges for the individual to access their personal information.
25. EXCEPTIONS
25.1 Thankyou Super is not required to give an individual access to their personal information if:
- (a) Thankyou Super reasonably believes that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or
- (b) Giving access would have an unreasonable impact on the privacy of other individuals; or
- (c) The request for access is frivolous or vexatious; or
- (d) The information relates to existing or anticipated legal proceedings between Thankyou Super and the individual, and would not be accessible by the process of discovery in those proceedings; or
- (e) Giving access would reveal intentions of Thankyou Super in relation to negotiations with the individual in such a way as to prejudice those negotiations; or
- (f) Giving access would be unlawful; or
- (g) Denying access is required or authorised by or under an Australian law or a Court/Tribunal order; or
- (h) Thankyou Super has reason to suspect that unlawful activity, or misconduct of a serious nature, that relates to our functions or activities has been, or may be, engaged in and giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or
- (i) Giving access would be likely to prejudice one or more enforcement-related activities conducted by, or on behalf of, an enforcement body; or
- (j) Giving access would reveal evaluative information generated within Thankyou Super in connection with a commercially sensitive decision-making process.
26. REFUSAL TO GIVE ACCESS
26.1 If Thankyou Super refuses to give access in accordance with section 24 or to give access in the manner requested by the individual, Thankyou Super will give the individual a written notice that sets out:
- (a) The reasons for the refusal except to the extent that, having regard to the grounds for the refusal, it would be unreasonable to do so; and
- (b) The mechanisms available to complain about the refusal; and
- (c) Any other matter prescribed by the regulations.
26.2 Where Thankyou Super refuses to give access under section 25.1(j), Thankyou Super may include an explanation of the commercially sensitive decision in its written notice of the reasons for denial.
SECTION L – CORRECTION OF PERSONAL INFORMATION
27. CORRECTION OF INFORMATION
27.1 Thankyou Super must take reasonable steps to correct all personal information, having regard to the purpose for which the information is held where:
- (a) Thankyou Super is satisfied the information is inaccurate, out of date, incomplete, irrelevant or misleading; or
- (b) The individual requests Thankyou Super corrects the information.
27.2 Where Thankyou Super corrects personal information about an individual that Thankyou Super previously disclosed to another APP entity and the individual requests Thankyou Super to notify the other APP entity of the correction, Thankyou Super must take reasonable steps to give that notification, unless it is impracticable or unlawful to do so.
28. REFUSAL TO CORRECT INFORMATION
28.1 If Thankyou Super refuses to correct personal information as requested by the individual, Thankyou Super will give the individual a written notice that sets out:
- (a) The reasons for the refusal except to the extent that it would be unreasonable to do so; and
- (b) The mechanisms available to complain about the refusal; and
- (c) Any other matter prescribed by the regulations.
29. REQUEST FROM A CLIENT TO ASSOCIATE A STATEMENT WITH THEIR INFORMATION
29.1 If:
- (a) Thankyou Super refuses to correct personal information as requested by the individual; and
- (b) The individual requests that Thankyou Super associate a statement noting that the information is inaccurate, out of date, incomplete, irrelevant or misleading, with the individual’s information,
Thankyou Super must take such steps as are reasonable in the circumstances to associate the statement (as described in section 29.1(b)) with the individual’s personal information. The statement is associated with the information in such a way that will make the statement apparent to users of the information.
30. DEALING WITH REQUESTS
30.1 Thankyou Super:
- (a) Responds to requests under this Section L within a reasonable period after the request is made; and
- (b) Does not charge the individual for the making of the request, for correcting the personal information, or for associating the statement with the personal information.
SECTION M – MAKING A PRIVACY COMPLAINT
31. COMPLAINTS
31.1 Thankyou Super offers a free internal complaint resolution scheme to all customers. Should a client have a privacy complaint, they are to contact Thankyou Super to discuss their concerns using the following contact details:
- (a) Email: contact@thankyousuper.com.au
- (b) Phone:+61 452 333 000
- (c) Post: PO Box 7309, Baulkham Hills NSW 2153
31.2 To assist Thankyou Super in helping customers, Thankyou Super asks customers to follow a simple three-step process:
- (a) Gather all supporting documents relating to the complaint;
- (b) Contact Thankyou Super to review your situation and if possible, resolve your complaint immediately; and
- (c) If the matter is not resolved to the customer’s satisfaction, customers are encouraged to contact Thankyou Super’s Complaints Officer on+61 452 333 000or put their complaint in writing and send it to PO Box 7309, Baulkham Hills NSW 2153.
31.3 Thankyou Super will rectify any breach if the complaint is justified and takes necessary steps to resolve the issue.
31.4 In certain situations, to deal with a complaint it may be necessary to consult with third parties. However, any disclosure of Personal Information to third parties will be provided with the customer’s authority and consent.
31.5 After a complaint has been received, Thankyou Super sends the customer a written notice of acknowledgment setting out the process. The complaint is investigated, and the decision sent to the customer within thirty (30) days unless the customer has agreed to a longer time. If a complaint cannot be resolved within the agreed time frame or a decision could not be made within thirty (30) days of receipt, a notification will be sent to the customer setting out the reasons and specifying a new date when the customer can expect a decision or resolution.
31.6 If the customer is not satisfied with Thankyou Super’s internal privacy practices or the outcome in respect to a complaint, the customer may approach the OAIC with their complaint:
- Office of the Australian Information Commissioner
- Address: GPO Box 5218, Sydney NSW 2001
- Phone:1300 363 992
- Email: enquiries@oaic.gov.au
- Website: oaic.gov.au
SECTION N – MISCELLANEOUS
32. NOTIFIABLE DATA BREACHES SCHEME
32.1 Under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (“Privacy Amendment Act”) Thankyou Super is required to notify the Office of the Australian Information Commissioner (“OAIC”) in relation to all eligible data breaches.
32.2 Thankyou Super notifies the OAIC by lodging a Notifiable Data Breach Form as soon as practicable. The Notifiable Data Breach Form is available at the following link: Notifiable Data Breach Form
32.3 Under the Privacy Amendment Act, Thankyou Super also promptly informs clients whose personal information has been compromised by the eligible data breach that a breach of their personal information has occurred.
32.4 Thankyou Super has also developed a Data Breach Response Plan in accordance with the OAIC’s guidelines to ensure the timely notification of all clients affected by any eligible data breach.
33. POLICY BREACHES
33.1 Breaches of this Policy may lead to disciplinary action being taken against the relevant party, including dismissal in serious cases and may also result in prosecution under the law where that act is illegal. This may include re-assessment of bonus qualification, termination of employment and/or fines (in accordance with the Privacy Act).
33.2 Staff are trained internally on compliance and their regulatory obligation to Thankyou Super. They are encouraged to respond appropriately to and report all breaches of the law and other incidents of non-compliance, including Thankyou Super’s policies, and seek guidance if they are unsure.
33.3 Staff must report breaches of this Policy directly to the Director.
34. RETENTION OF FORMS
34.1 The Compliance Officer retains the completed forms for seven (7) years in accordance with Thankyou Super’s Document Retention Policy. The completed forms are retained for future reference and review.
34.2 As part of their training, all staff are made aware of the need to practice thorough and up-to-date record keeping, not only as a way of meeting Thankyou Super’s compliance obligations, but as a way of minimising risk.
35. POLICY REVIEW
35.1 Thankyou Super’s Privacy Policy is reviewed on at least an annual basis by the Compliance Officer of Thankyou Super, having regard to the changing circumstances of Thankyou Super. The Compliance Officer then reports to the Director on compliance with this Policy.
35.2 We aim to keep our privacy policy updated. Thus, this policy may change at our discretion. Changes are effective upon posting on this website. Please revisit our privacy policy periodically.
Issued by Thankyou Super Pty Ltd
01/09/2024