Commonwealth Superannuation Corporation (referred to as CSC, we or us) [ABN 48 882 817 243, RSEL L0001397, AFSL 238069] is responsible for the privacy, confidentiality and security of personal information received by it in the course of its operations. Personal information is protected and kept confidential in accordance with federal legislation, including the Privacy Act 1988 and the Australian Privacy Principles under that Act.
CSC provides superannuation services to Australian Government employees and members of the Australian Defence Force (ADF) by managing the following nine superannuation schemes:
- Commonwealth Superannuation Scheme (CSS)
- Public Sector Superannuation Scheme (PSS)
- Military Superannuation and Benefits Scheme (MilitarySuper)
- Public Sector Superannuation accumulation plan (PSSap)
- 1922 Scheme
- Defence Forces Retirement Benefits Scheme (DFRB)
- Defence Force Retirement and Death Benefits Scheme (DFRDB)
- Papua New Guinea Scheme, and
- Defence Force (Superannuation) (Productivity Benefit) Determination (the DFSPB).
CSC’s primary function is to manage and invest the funds of the schemes in the best interests of all members and in accordance with the provisions of the various acts and deeds that govern the schemes.
CSC’s statutory functions are set out in the Governance of Australian Government Superannuation Schemes Act 2011 and scheme legislation and deeds. CSC, as the trustee of the CSS, PSS, MilitarySuper and PSSap is also required to comply with, for example, the Superannuation Industry (Supervision) Act 1993 and regulations, theCorporations Act 2001 and regulations, tax legislation and regulations, and the Anti-Money Laundering & Counter Terrorism Financing Act 2006.
Collection, holding, use and disclosure of information
Personal information is collected, held, used and disclosed as required or authorised by law, for the purpose of managing the superannuation schemes and member accounts of Australian Government employees and members of the Australian Defence Force for their retirement. This includes the management of superannuation investments, providing superannuation products and information to members, administration of the superannuation schemes and member accounts, conducting market research and product development.
Personal information is primarily provided to CSC through external service providers:
- CSC’s scheme administrators are ComSuper [ABN 77 310 752 950] and Pillar Administration (Pillar) [ABN 80 976 223 967]. They process and administer member accounts, such as receiving employer contributions and maintaining records. Their privacy policies are available at comsuper.gov.auand pillar.com.au.
- the Superannuation Complaints Tribunal (SCT).
ComSuper, Pillar, AIA and IFS may pass on personal information to CSC for the purpose of managing the superannuation schemes and member accounts.
Personal information is provided to these service providers from the superannuation member themselves, a third party associated with the member such as an adviser or family member under a power of attorney (consent is obtained from the member in these circumstances) or through an eligible employer who makes superannuation contributions on the members behalf.
CSC may also collect, hold, use and disclose information to and from a court or tribunal where required.
Type of information
The type of personal information that is collected, held, used and disclosed includes information about superannuation contributions, name and address details, date of birth, salary, employment details, beneficiary details and contact details.
Sensitive information is collected where consent has been provided and the information is reasonably necessary for one or more of CSC’s functions or activities. Sensitive information can also be collected where the collection of information is required or authorised by or under an Australian law or a court/tribunal order. Examples of sensitive information that is collected, held used and disclosed includes health information, sexual preferences or practices and criminal records.
Information is collected via email, correspondence, telephone, or gained through the website. Sensitive information is more likely to be collected, held, used and disclosed in circumstances where an insurance or legal claim is being decided or contested, where a reconsideration of a decision is sought either internally or through the Superannuation Complaints Tribunal (SCT).
Sensitive information is primarily provided to CSC through external service providers, such as scheme administrators, insurers or by external dispute resolution bodies (such as the SCT), when dealing with claims or complaints.
CSC does not disclose personal information to overseas recipients. Where permitted by law, CSC’s scheme administrators may disclose personal information for the international transfer of superannuation benefits to an approved superannuation scheme.
Where information is not provided by a superannuation member, or is inaccurate, a superannuation member may not be provided with an appropriate level of service. For example, a higher rate of taxation may be payable by the member where a Tax File Number has not been provided.
Accessing and correcting your information
Members of the superannuation schemes managed by CSC may request access to information held about them under the Privacy Act 1988 and the Freedom of Information Act 1982. Further information about FOI and CSC’s Information Publication Scheme can be found here.
CSC’s scheme administrators take steps to ensure that personal information is accurate, up to date and complete, including maintaining and updating records when advised that the information has changed. Members who wish to correct information on their account should contact the following scheme administrators, depending on superannuation scheme membership:
- PSSap members: 1300 725 171
- CSCri members: 1300 736 096
- CSS members: 1300 000 277
- PSS members: 1300 000 377
- MilitarySuper members: 1300 006 727
- DFRDB and DFRB members: 1300 001 677
- PNG or 1922 Scheme members: 1300 000 177
Collection of information via website activity
When our website is visited, certain information is collected to allow us to change and improve our websites and online services. Typically, this information consists of:
- what pages are visited
- what day and time they are visited
- how often the site is visited, and
- what browsers are used.
When using the online services provided by CSC, ComSuper or Pillar, all information passing between a personal computer and the secure section of our website is encrypted to enhance its security. While we endeavour to provide a secure environment, unfortunately there are inherent security risks associated with communicating over the internet. We provide alternative means of communication including direct contact via telephone, facsimile, post or face-to-face meetings if preferred.
CSC and its service providers take steps to protect the personal information held against loss, unauthorised access, use, modification or disclosure, and against other misuse. These steps include password protection for accessing our electronic IT system, physical security and access restrictions.
Staff, job applicants and contractors
CSC collects and holds personal and sensitive information of its employees, job applicants and contractors for the purpose of engagement or employment, or potential employment with CSC. This information has been collected from the individual, recruitment agencies, previous employers or referees. This information includes, but is not limited to, contact details, identifying information (such as date of birth or employee identification number), TFN, qualifications or experience, professional memberships and work history. Information relating to current employment or engagement with CSC is also collected, including the terms and conditions of employment, training, performance, conduct, professional memberships, leave details and taxation, superannuation and banking affairs. CSC may exchange information with law enforcement and background checking or vetting agencies, and educational or vocational organisations to verify qualifications and request police checks.
If you have any complaints about a breach of the Privacy Act 1988 and the Australian Privacy Principles under that Act, contact CSC on (02) 6263 6999,firstname.lastname@example.org or GPO Box 1907, Canberra ACT 2601.
CSC will address the complaint in accordance with the Privacy Act 1988 and will respond to your complaint within 30 days of receipt. If you are not satisfied with CSC’s response or decision, you may contact the Office of the Australian Information Commissioner (OAIC) on 1300 363 992, email@example.com or GPO Box 5218 Sydney NSW 2001.