Class Privacy Policy
Last Updated: 03 March 2023
Our Privacy Policy
Please read our Privacy Policy carefully, as it describes the way in which we collect and handle your personal information. References in this Privacy Policy to “we”, “us” and “our” are to members of the “Class Group”, meaning Class Super Pty Ltd and its related body corporates (as that term is defined in the Corporations Act 2001 (Cth)). This Privacy Policy applies to this website, as well as any other websites operated by us. Class is committed to safeguarding your privacy in accordance with the Australian Privacy Principles in the Privacy Act 1988 (Cth). This policy explains how Class manages your personal information, including our obligations and your rights in respect of our dealings with your personal information. We may revise our Privacy Policy from time to time by providing a revised version on our website. Our revised Privacy Policy will take effect from the time it is posted on our website. Please periodically check our Privacy Policy to ensure you are aware of any recent updates. From time to time we may also collect and handle your personal information in ways that are different to those described in this Privacy Policy. Where we will do so, we will inform you of this through collection notices at the time you provide us with the personal information, which notices will apply in addition to this Privacy Policy. You have no obligation to provide any personal information requested by us. However, if you choose to withhold personal information, we may not be able to provide you with certain parts of our products or services. We refer throughout our Privacy Policy to ‘personal information’ which means information that identifies you as an individual or from which you can reasonably be identified. An individual’s name, address and telephone numbers are all examples of ‘personal information’.
Background
It is important to understand that we provide a range of products and services that enable our clients and their users, and their invited users, to provide us with information relating to themselves, each other, and their own end-clients. This can be illustrated as follows:
Our clients and their representatives (Client Users) may provide us with personal information:
- about themselves;
- about other users such as fund administrators, accountants and financial advisers, whom they wish to invite to access the accounts they have established with us (Invited Users); and
- about their end-clients, which may be a superannuation fund trustee or an investor, whose information they enter into our products or services (End Client).
Invited Users or anyone who engages with us directly may provide us with personal information:
- about themselves; and
- about the End-Clients whose personal information they have been invited to access.
End Clients are unlikely to interact with us, unless they are also an Invited User or provide us with an authorisation in relation to particular products or services. When personal information that relates to one individual (such as an End-Client) is provided to us by another individual (such as a Client User), we rely on the person providing us with the information to ensure they have obtained the consent of the individual to whom such information relates to enable us to handle that personal information as described in this privacy policy.
What personal information do we collect and hold?
We collect personal information directly from our Client Users, Invited Users and anybody else who engages with us directly when they:
- register to use, or use, any of our products or services;
- post information to our forum or blog; or
- contact our support team.
As noted above, we may collect personal information about Invited Users and End-Clients from other users of our products or services. We also collect personal information from individuals generally (which may include Client Users and Invited Users) when they:
- visit our website;
- call or receive calls from us;
- complete competition entry forms and client surveys;
- book or participate in training or events;
- apply for a job; and
- provide material to us to enable us to provide our services to you.
The types of personal information we collect will vary depending on the purposes for which it is collected, but may include:
- a person’s name, contact details and information relevant to their use of our products or services, when establishing an account with us or registering to attend our training or events;
- payment information, such as direct debit information and ABN, when you purchase a product or service from us;
- data that is input into our products by Client Users and Invited Users, or generated as a result of their use of our products (User Data); and
- other personal information that individuals may choose to provide to us, for example in a resume.
We do not generally collect or disclose sensitive personal information, such as information about a person’s race, religion or political affiliations.
We collect and use personal information for limited purposes
The primary purposes for which we collect, use and disclose personal information include:
- the delivery and administration of our products or services, and those of our related bodies corporate and Partners (as defined in section 6 below), that you choose to use;
- to comply with applicable laws and regulations;
- to provide marketing communications in relation to our products and services, and those of our related bodies corporate and Partners (as further described in section 6 below);
- to resolve support issues which may arise with our products and services or those of our related bodies corporate and Partners; and
- to process any job applications we may receive.
Our collection and use of personal information via website cookies and analytics
We may also collect personal information to assist in the delivery of products and services through the use of cookies and website analytics. A “cookie” is a small text file that is placed on a computer’s hard drive by a web page server and stores information about the use of our webpage. Most web browsers are automatically set to accept cookies but if you do not wish to receive any cookies you may set your browser to refuse cookies. If you do not accept cookies, this may affect the operation of our website. We use Google Analytics to collect anonymous information and data whenever you access and navigate through our websites. The types of anonymous information we collect include demographic data, the type of device you use, what section of our website you accessed and the specific page you accessed. We collect this information for operational maintenance and statistical purposes to assist us in improving our websites. When you access our websites, your browser automatically sends certain information to Google which is included in our analytical reports. For more information on how Google Analytics operates, see “How Google uses data when you use our partners’ sites or apps” (located at www.google.com/policies/privacy/partners). Through our email mailing platform we are also able to track if, and when, you open emails from us and your interactions with the content of our emails.
How is your personal information disclosed?
We may disclose personal information to our related bodies corporate (however their use of such information will remain subject to this Privacy Policy). We may disclose personal information to contractors whom we engage to provide goods or services to us (Contractors). Such Contractors may only use such personal information to provide goods or services to us, and we take all reasonable steps to ensure that such personal information remains secure. We have arrangements in place with a range of third parties who we interact with in providing our products or services, including arrangements in relation to the provision or receipt of data feeds, actuarial certificates, property valuations, title searches and other goods or services (collectively, our Partners). We may disclose personal information to, and receive personal information from, our Partners in the delivery and administration of our products and services and those of our Partners that you choose to use. We do not sell, rent or lease our client lists to third parties, whether our Partners or otherwise, for marketing purposes. We may use personal information of our Client Users, Invited Users and End Clients (where those End Clients have a direct relationship with us, such as by giving us an authorisation) in order to send marketing communications in relation to our products and services, and those of our related bodies corporate and Partners. You can opt-out of receiving such marketing communications at any time, by following the opt-out instructions provided by us. If you opt-out of receiving marketing communications, but subsequently interact with us in a manner which indicates your agreement to once again receive marketing communications (which may include using our SMSF DataFlow product) then we may do so until you opt-out again. Please note that even if you opt out of marketing communications, you may still see some promotional materials within our products themselves, and will still receive communications from us that are a necessary part of providing or receiving our products and services, and those of our related bodies corporate and Partners, that you choose to use. We may otherwise use or disclose personal information where required or authorised by law, which may include emergency situations and assisting law enforcement agencies. We take care to ensure that we, our related bodies corporate and the contractors who provide our software services only host User Data that is personal information in Australia (unless you provide your consent to us, which may be required in order for us to provide you with certain additional services). However, some of our staff (i.e. employees and individuals working on a contract basis) may work from overseas locations temporarily, and remotely access User Data from those locations, and Client Users and Invited Users may be located outside of Australia and may access the User Data which has been provided. We may disclose personal information that is not User Data to Contractors outside of Australia, including to recipients in:
- United States of America;
- Ireland;
- India;
- United Kingdom;
- Vietnam;
- Japan; and
- Israel.
Where we do so, we take all reasonable steps to ensure those Contractors handle that information in a manner consistent with the Australian Privacy Principles. Our Partners are independent third parties, and we do not control their privacy handling practices. Please check the privacy policies of our Partners in relation to their privacy handling practices. If you are a Client User, you should also check the privacy policies of any of your Invited Users, as we are not responsible for their access to or use of any personal information that you invite them to access. Class does not provide any assurance that our Client Users or Invited Users do not display or send any such data overseas.
How is your personal information secured?
There are inherent risks in transmitting information across the internet. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. However we strive to protect personal information from misuse, loss and unauthorised access. We take all reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Reasonable security measures and procedures undertaken include security audits, penetration testing, password protections, encryption tools and other security software. Internal access to users’ private and non-public personal information is also appropriately limited to prevent misuse or unlawful disclosure of the personal information. You are responsible for ensuring that any user name and password that are issued to you are protected at all times from unauthorised access by third parties.
Data Breach Notification Protocol
We have implemented a data breach notification protocol available at www.class.com.au/data-breachprotocol, as updated and amended by us from time to time, and you must comply with the applicable terms of the protocol.
Accessing and correcting your personal information
If you need to access or correct any personal information we hold about you, you may be able to do so using the relevant product or service we provide to you, or if you are an End-Client by contacting the Client User or Invited User who has entered such information in our products or services. If you are unable to do so, in the first instance please contact your Account Manager (if you are a direct client of ours) or using the contact details in section 12 below. Please provide as much detail as you can about the particular information you wish to access or correct, in order to help us retrieve it. We may charge you an access fee to cover our costs of providing that information to you. We will inform you of applicable fees before they are incurred. We will process your request within 14 days of its receipt or such other time that is reasonable in all the circumstances. We will provide you with a copy of personal information we hold about you wherever it is possible and practicable to do so. However in certain circumstances described in the Privacy Act we may refuse your request for access to your personal information. We will provide you with a written notice setting out the reason(s) for our refusal and the manner in which you may make a complaint about our refusal. For example, it may be necessary for us to deny you access to your personal information where it has an unreasonable impact on the privacy of others. In such circumstances, we will work with you to endeavour to find a mutually agreeable alternative. For example, we may require you to arrange for access to your personal information (in particular, where you are an End-Client) via a mutually agreed intermediary (for example, the Client User or Invited User who entered such information into our product or service). We rely on you to ensure that the personal information you provide to us is accurate, complete and up-to-date. Where you believe personal information provided by you may be inaccurate you may make a request to correct such personal information. If we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take all reasonable steps to update and correct that personal information within our systems. You may also request that we take such steps as are reasonable to notify any other entity that we previously disclosed the inaccurate information to in order to correct the information in their system. If we refuse your request to correct personal information we will provide you with written notice setting out our reason for such a refusal and the mechanisms by which you can make a complaint.
Links to other websites
We provide links to websites that are owned and/or operated by third parties. The linked websites are not under our control, and we are not responsible for the conduct of third parties whose websites we provide links to. Before disclosing personal information on any other website, we advise you to examine the terms and conditions of those websites. Our products and services may allow you to disclose financial data, including personal information, to and from third party applications which are not affiliated, sponsored or endorsed by us. We have no control over and are in no manner liable for the manner in which such third party applications handle personal information. We highly recommend you check the Privacy Policy of any such third party applications and ensure those organisations handle personal information in accordance with Australian privacy laws.
Anonymous transactions
We provide you with the option of transacting with us on an anonymous basis or through a pseudonym where it is lawful and practicable to do so. However, in order to use most of our products and services you will be required to register with your legal name in order for authorisation of financial information to occur.
Complaints
If you wish to make a complaint about the way in which we handle your personal information, please email our Privacy Officer at privacy@class.com.au. We endeavour to respond to any such complaints as quickly as possible, including by providing an initial response to written complaints 10 days from receipt and investigate and resolve the complaint within 30 days from receipt. We will notify you promptly if it is likely to take longer for us to respond to any complaint and update you on the progress of our response periodically. If you are dissatisfied with our response, you may refer the matter to the Australian Information (Privacy) Commissioner (see www.oaic.gov.au).