(15h Left) Privacy Policy and Privacy Collection Statement

Privacy Policy and Privacy Collection Statement

1. Overview

In this Policy, the words we, us and our refer to Retail Employees Superannuation Pty Limited, ABN 39 001 987 739, AFSL 240003, as Trustee of the Retail Employees Superannuation Trust (Rest) Fund ABN 62 653 671 394 (the Fund).

Your privacy is important to us. We are committed to protecting the privacy of personal information that we collect as the trustee of the Rest Fund. This document is our Privacy Policy and it sets out important information about how we handle personal information and comply with applicable privacy laws.

We are bound by the Privacy Act 1988 (Privacy Act), including the Australian Privacy Principles (APPs) and we recognise the importance of ensuring the confidentiality and security of your personal information.

In this Privacy Policy:

- Disclosure means providing information to persons outside of Rest.
- Personal information means information or an opinion relating to an individual that can be used to identify that individual. Examples include your name and other contact details. Information can be personal information regardless of whether it is true or how it is recorded or stored.
- Privacy Officer means the contact person within Rest for questions or complaints regarding Rest’s handling of personal information.
- Rest Services means the products, services, benefits or options provided by us to clients, and includes digital services.
- Sensitive information is personal information that includes information relating to a person's racial or ethnic origin, political opinions, religion, trade union or other professional or trade association membership, sexual preferences and criminal record, and also includes health information.
- Social Media Platform means social media platform providers, including (but not limited to) Facebook, Instagram, Google and LinkedIn.
- Use of information means use of information within Rest.

2. What kind of personal information do we collect and hold?

As the trustee of the Fund, we may ask for various kinds of personal information to the extent necessary for us to carry out important activities, including providing you (as a member or prospective member) with products, services and information to manage your retirement savings.

The kinds of personal information we collect and hold include (but are not limited to):

- your name, gender, date of birth and residency information;
- contact details, such as your address, telephone numbers, email and other digital addresses;
- financial details, such as tax file number, bank account and direct debit details;
- where you are seeking financial advice, information regarding your assets, liabilities, income, expenses and other financial details;
- information to verify your identity, such as passport, driver’s licence information, birth certificate or Medicare details;
- employment details, such as ABN/ACN, occupation, salary, hours of work, employee identification number, employment dates or records of your or your employer’s interactions with us and our representatives;
- superannuation details, such as investment option choices, membership commencement date, insurance details and information on your beneficiaries, employment status, Centrelink schedules and other superannuation funds you may have;
- details of your interactions with us such as conversation recordings, message transcripts and digital service usage; and
- responses to surveys such as experiences, and information about your activities, interests and attitudes/views expressed.

In some circumstances, we may also collect and hold “sensitive information”. This includes information about:

- your health (such as medical practitioner reports and consultation notes);
- your membership of professional or trade associations or trade unions;
- your racial or ethnic origin;
- your criminal record; and
- biometric information such as your voice and image.

If the personal information we request is not provided by you, we may not be able to provide you with the benefit of our services or meet your needs appropriately.

We do not give you the option of dealing with us anonymously, or under a pseudonym. This is because it is impractical, and, in some circumstances, illegal for us to deal with individuals who are not identified.

3. What personal information are we required or authorised to collect by law?

We are required or authorised to collect:

- your name, address, date of birth and other verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth);
- your tax file number, if you agree to provide it, in various circumstances covered by the Superannuation Industry (Supervision) Act 1993 (Cth); and
- information relevant to insurance where required by the Insurance Contracts Act 1984 (Cth).

You can choose whether or not to provide us with your tax file number and it is not an offence to refuse.

4. Unsolicited personal information

We may receive unsolicited personal information about you. We destroy or de-identify all unsolicited personal information unless it is relevant to our purposes for collecting. We may retain additional information if it is combined with other information we are required or entitled to collect. If we do this, we will retain the information in the same way we hold your other personal information.

5. How do we collect your personal information?

We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information, we may collect it in ways including:

- through your access and use of our websites, emails, apps, message services, online portals and social media sites;
- engaging with our digital advertising and communications across the internet;
- during interactions between you and our staff or representatives, including discussions through our call centres and live chat; and
- when you complete an application or other form, including surveys or promotions.

We may also collect personal information from third parties including from:

- your financial advisers;
- doctors or other health care providers;
- the Australian Taxation Office;
- other superannuation and insurance entities;
- clearing houses and other entities involved in facilitating transactions on your account;
- identity verification services;
- data quality enhancement and enrichment providers such as address-matching services;
- service providers engaged to provide Rest products or services such as contact centres, marketing, digital services, product development and market research;
- digital platforms such as Google and Adobe utilised by us to provide our digital services;
- Social Media Platforms; and
- other representatives who may be authorised by you (such as your spouse, family or friends).

All personal information collected by us from third parties is handled by us in accordance with this Policy.

If we collect your personal information from a third party, they are responsible for letting you know that your personal information has been provided to us.

Where you provide us with the personal information of any other individual (for example, a nominated beneficiary), you must:

- notify that individual that we have collected their personal information; and
- provide them with a copy of our privacy policy and privacy collection statement.

We will only collect sensitive information with your consent, unless an exemption in the APPs applies. These exemptions include if the collection is required or authorised by law, or is necessary to take appropriate action in relation to suspected unlawful activity or serious misconduct.

We will only use sensitive information where this is reasonably necessary for us to provide you with products and services in our capacity as trustee of the Fund, unless you specifically authorise us to use your sensitive information for another purpose.

We will always seek your permission before using or disclosing sensitive information for any other purpose.

Please see below for information about how we hold and keep your personal information secure.

Our websites, emails and mobile device applications (apps) contain links to other third-party sites. If accessing these sites, please be aware that the third parties may collect information about you and may provide us with access to that information.

6. What happens if we are unable to collect and use your personal information?

If we cannot collect your personal information one, or more of the following may occur:

- we may be unable to provide you with Rest Services (or information about them) that you want or require;
- you may not be able to access Rest’s digital services such as our App, member portals and message services; and
- we may be unable to tailor the content of our websites, emails and mobile device apps to your preferences or to give you more relevant content.

7. Why do we collect and hold your personal information?

We collect, hold, use and disclose your personal information for the following purposes, which we may carry out with the assistance of our third-party service providers:

- confirming your identity (including digital identity verification) and eligibility for Rest Services;
- providing you with Rest Services and/or information about them;
- setting up and maintaining your membership and account;
- assessing benefits and claims;
- facilitating insurance arrangements;
- corresponding with you, including where you request information from us or have a complaint or concern;
- helping you with locating your lost super and/or consolidating your super;
- meeting regulatory requirements including fund and breach reporting obligations;
- fraud and financial crime prevention;
- conducting user/usability testing, surveys, research and analytics (including through our third-party service providers);
- complying with relevant laws, regulations and other legal obligations;

We may also use de-identified information for planning, research and analysis and to improve Rest Services, and we may de-identify information before disclosing it to third parties for marketing purposes. We may use and disclose your personal information for any of these purposes, including for secondary purposes related to the primary ones or as authorised by the Privacy Act.

Sensitive information will be used and disclosed only for the purpose for which it was provided (or a directly related secondary purpose), unless you agree otherwise, or an exemption in the Privacy Act applies.

We may use personal information to engage in or send you direct marketing communications and information that may be of interest to you, whether you are a current or prospective member. We may do this directly or through our third-party service providers via various channels, including social media and other digital platforms.

You consent to us and our third-party service providers doing so.

You have the right to request we do not use or disclose your personal information for direct marketing, or to facilitate direct marketing by other organisations. We must give effect to the request within a reasonable period. You may also request the source of the information free of charge within a reasonable period.

To opt out, you can use any unsubscribe function in communications, log into the Rest Website and manage your member communications preferences, or contact us using the channels in the “How to contact us” section below.

9. Disclosing your personal information

We may disclose your personal information to third parties, including:

- a related entity of Rest;
- MUFG Retire360 Pty Limited (ABN 36 105 811 836);
- people nominated by you if you have authorised us to do so in writing, including your beneficiaries;
- your employers and trustees of other superannuation funds;
- government bodies including regulators and the Courts where required;
- our fund administrator and clearing houses;
- our other agents, contractors and service providers;
- auditors, actuaries, legal advisers and consultants;
- insurers and related service providers including re-insurers, underwriters and insurance administration service providers;
- our preferred financial services organisations and advice companies;
- organisations involved in managing payments, including payment merchants and banks;
- organisations involved in a transfer or sale of all or part of our assets or business;
- Social Media Platforms; and
- digital platforms to undertake activities such as website analytics, email campaign management, content tailoring and online behavioural advertising.

If we disclose personal information to service providers, they may only use it for the specific purpose supplied.

If you want to nominate another person to receive information on your behalf, you can advise us using the contact details in the “How to contact us” section.

10. Where we may be required to disclose

We may disclose personal information where the law requires us to do so, including to meet family law requirements relating to the splitting of superannuation interests, to provide information to the Commissioner of Taxation, if you are transferring to another fund, and to meet anti-money laundering requirements by providing information to AUSTRAC where required.

Unless authorised or required by law, with your consent, or for a purpose set out in this Privacy Policy, we do not give your personal information to third parties.

11. Do we disclose your personal information outside Australia?

We may disclose personal information to entities located outside of Australia for some of the listed purposes, including data hosting and IT service providers in India, the Philippines, the United States, Canada and the United Kingdom, and other providers in Canada, India, the Philippines, the United States, New Zealand, South Africa, Canada, Vietnam, the United Kingdom and Singapore.

We will not send personal information outside Australia unless we have taken reasonable steps to ensure the recipient does not breach the Privacy Act, or the recipient is subject to a similar information privacy scheme, or the individual has consented.

We will not disclose outside Australia unless these conditions are met.

12. How do we hold and keep your personal information secure?

We hold personal information in electronic and hard copy forms. We take reasonable steps to protect it from misuse, interference and loss and from unauthorised access, modification and disclosure. We employ physical and logical access controls and audit access to our systems.

We also ensure third party service providers have privacy arrangements consistent with the Privacy Act and regularly assess their protections. There are risks in transmitting information online; if you do not wish to use our online services, you may provide information by mail or telephone.

We retain personal information only for as long as needed or as required by law. When no longer required we destroy or de-identify it.

13. Contractual arrangements with third parties

We ensure all contractual arrangements with third parties address privacy issues and make them aware of this Privacy Policy. Third parties must implement processes to de-identify personal and sensitive information where possible, keep information securely, and disclose only to organisations approved by us.

14. How do we keep personal information accurate and up-to-date?

We are committed to keeping personal information relevant, accurate, complete and up-to-date. We encourage you to contact us to update any information. If information is inaccurate, we will take reasonable steps to correct it within 30 days. We do not charge for corrections. If information that has been disclosed is corrected, we will notify the recipient on your request.

15. Accessing your personal information

Subject to the Privacy Act, you may access the personal information we hold about you by contacting Rest’s Privacy Officer. We will provide access within 30 days. If we refuse, we will provide reasons. Identity verification and specification of information required may be needed. An administrative fee may be charged for search and copying.

16. Identifiers

We do not adopt Government identifiers for our own file recording purposes unless an exemption in the Privacy Act applies.

When you access our websites, we may collect other information about how you use our services that is not personal information. We collect this in various ways:

- usage information, including metadata, log data, device information and location information;
- third party services data about how you used their service;
- third party data collected by another party through their activities which they have made available to us.

18. Making a complaint

If you have a concern or complaint about a possible breach of privacy, please contact our Privacy Officer. We will confirm your understanding of the conduct and the outcome, provide the name, title and contact details of the investigating officer and the estimated completion date. After enquiries, we will notify you of the outcome and invite a response. If you are unsatisfied, you can refer the matter to the Australian Information Commissioner. Contact details for the Office of the Australian Information Commissioner are provided below.

For further information on how we handle personal information, or to complain about a possible breach of privacy, you can contact our Privacy Officer using the channels listed in the “How to contact us” section below.

We endeavour to continually improve our service, so we may update this Privacy Policy. Any personal information we hold will be governed by the most current version of our Privacy Policy.

Privacy Collection Statement

Retail Employees Superannuation Pty Limited, ABN 39 001 987 739, AFSL 240003, as Trustee of the Retail Employees Superannuation Trust (Rest) Fund ABN 62 653 671 394 (the Fund) is committed to ensuring the confidentiality and security of your personal information.
Rest Services refers to the superannuation, insurance, financial advice or other products, services, benefits or options provided by us, including digital services.

Our Privacy Policy, which details our handling of information, is available upon request or can be found above on this webpage.

The entity collecting the information is Rest. The entity and contact details of Rest are as follows: Rest, Email: contact@rest.com.au, Tel: 1300 300 778, Address: Privacy Officer, Rest Super, Locked Bag 4085, Parramatta NSW 2124.

How do we collect your personal information?

We collect your personal information directly from you unless unreasonable or impracticable to do so. We may collect it in several ways, including by completing application forms, your use of our websites or apps, online services, or through interactions with our staff or representatives. We may also collect information from third parties in certain circumstances, including your employer, financial adviser, health care provider, Social Media Platforms, our service providers, or other representatives.

We are required or authorised to collect:

- your name, address, date of birth and other verification information under AML/CTF Act;
- your tax file number, if you agree to provide it, in various circumstances under the Superannuation Industry (Supervision) Act 1993; and
- information relevant for insurance where required by the Insurance Contracts Act 1984.

Why do we collect personal information?

We collect, hold, use and disclose your personal information for purposes including:

- confirming your identity and eligibility for Rest services;
- providing you with Rest Services or information about them;
- corresponding with you, including requests or complaints;
- meeting regulatory requirements including fund and breach reporting and AML/CTF obligations; and
- conducting marketing activity related to Rest and our partners.

Consequences of not providing personal information may include being unable to obtain Rest Services.

Disclosing your personal information

We may disclose your personal information to third parties including nominated persons, MUFG Retire360, government bodies, regulators, the fund administrator, other service providers, insurers, health care providers, payment providers, banks, and digital platforms.

Do we disclose your personal information outside Australia?

We may disclose personal information to entities located overseas for some purposes, including data hosting and IT services in several countries. We will not disclose outside Australia unless appropriate safeguards apply or you consent.

Your rights

Our Privacy Policy contains information about how you may access, correct, complain and how we will handle a privacy complaint.

Marketing material

We may use personal information to engage in direct marketing communications. You have the right to opt out. This has been updated as of 20 November 2025.

#J-18808-Ljbffr