03 9584-5999support@completesupersolutions.com

Privacy Policy

 

Complete Super Solutions – Privacy Policy

Introduction and Scope

Complete Super Solutions Pty Ltd (CSS) is committed to providing the highest levels of
client service and protecting the privacy of personal information. CSS complies with the
Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Further information
is available at the Office of the Australian Information Commissioner (OAIC)
at https://www.oaic.gov.au.

This Privacy Policy explains how CSS collects, uses, discloses, stores and secures
personal information, and how individuals may access and correct their information and
make privacy complaints.

Identity and Contact Details

Complete Super Solutions Pty Ltd (ABN 99 115 304 482)
Level 14, 380 St Kilda Road, Melbourne VIC 3004
Telephone: 03 9584 5999
Email: brett@completesupersolutions.com
Privacy Officer: Mr Brett Williams

Types of Personal Information Collected

Personal information held by CSS may include:

  • Your name, date of birth, current and prior addresses, telephone and mobile
    numbers, email address and other contact details.
  • Your superannuation and portfolio assets and liabilities (current and future), income
    and expenses.
  • Your life insurance details.
  • Your tax file number (where provided) and identification details required for
    KYC/AML purposes.
  • Your PIN codes and electronic access credentials.
  • Sensitive information (such as health information contained in insurance
    applications or claims) where necessary to provide services and with your consent
    or as otherwise permitted by law.
  • Records of your communications and interactions with us, including online
    interactions (e.g., website forms, cookies and analytics data).

We may collect TFNs and ABNs where permitted by law; documents and records
necessary for tax compliance and SMSF audit support; and information relating to clients’
associated entities. We also process personal information under white-label arrangements
for advisers and accountants, with access governed by role- and permission-based
controls.

Collection Methods

CSS collects personal information:

  • Directly from you (including through forms, correspondence, email, telephone and
    online portals).
  • From your authorised representatives and third parties, including your financial
  • planner, accountant, fund managers, life insurers, banks and other product issuers,
  • once you have provided authorisation. You may refuse authorisation for third-party
  • collection.
  • From publicly available sources and government registers where reasonably
    necessary for our functions.
  • Unsolicited information is handled in accordance with APP 4. If we determine that
    we could not have collected the information, we will destroy or de-identify it as soon
    as practicable, unless unlawful to do so.

We also collect personal information directly from clients, including through secure
document uploads, online portals and direct correspondence.

Purposes of Collection and Use

CSS collects, uses and discloses personal information to:

Provide superannuation and/or portfolio administration and related services.

  • Conduct identity verification and meet legal and regulatory obligations.
  • Administer accounts and respond to queries and requests.
  • Manage and improve our services, websites and user experience (including
    through analytics and security monitoring).
  • Conduct direct marketing (e.g., articles and newsletters) where permitted by law,
    with a functional opt-out mechanism in all communications.
  • Conduct due diligence and business transactions (e.g., sale or reorganisation of
    our business).
  • Prepare and maintain tax return files and audit information packs for clients and
    SMSFs, and facilitate the work of clients’ advisers and tax agents.

If you choose not to provide requested information, our services may be inappropriate or
inadequate.

Anonymity and Pseudonymity

Where lawful and practicable, you may interact with us anonymously or using a pseudonym
(for example, when making a general enquiry). However, we typically require your identity
to provide superannuation and portfolio administration services and to comply with legal
obligations (including KYC/AML).

Direct Marketing and Spam
We may provide direct marketing materials relevant to our services. You may opt out at
any time and we maintain a register of individuals who have opted out.
We comply with the Spam Act 2003 (Cth). All commercial electronic messages include our
identity and a functional unsubscribe facility, and unsubscribe requests are actioned
promptly.


Use and Disclosure to Third Parties
CSS may disclose personal information to:

  • Temporary staff and contractors during peak workloads.
  • Mailing houses and print providers.
  • Your professional advisers (e.g., solicitor, financial planner, accountant) as
  • authorised by you.
  • Information technology and cloud service providers who manage or host our
    systems.
  • Government and regulatory authorities and other organisations, as required or
    authorised by law.
  • Potential purchasers and their advisers for due diligence in connection with the sale
    of our business.
  • A new owner of our business (personal information will be transferred as a business
    asset on equivalent privacy terms).
  • External auditors, compliance consultants and insurers where reasonably
    necessary for our operations and legal obligations.
  • Only on a need-to-know basis and subject to contractual obligations to protect
    confidentiality and security.

Overseas Disclosure
In providing our services, it may be necessary to disclose personal information to overseas
recipients, including superannuation administration service providers. Likely overseas
locations include India, and any countries in which our cloud hosting provider (e.g., AWS)
operates the regions we use. Data may also be processed in Australia.


Where we disclose personal information overseas, we take reasonable steps to ensure the
overseas recipient does not breach the APPs in relation to the information. These steps
include entering into contracts with recipients that contain privacy and data security
obligations substantially similar to the APPs, assessing the recipient’s data protection
measures, and implementing technical safeguards (e.g., encryption in transit and at rest,
access controls).


If we cannot ensure equivalent protections, we will seek your informed consent to the
overseas disclosure where required by law.

Security and Storage
We treat personal information as confidential and apply the following measures:

  • Client files accessible only to authorised personnel and securely stored when not
    in use.
  • Computer systems protected through access controls, passwords and other
    security controls.
  • Regular data backups stored securely offsite.
  • We are implementing multi-factor authentication (MFA) across our systems. MFA
    is currently enabled on certain system entry points and is being progressively rolled
    out to all relevant environments.
  • Vendor due diligence and contractual security requirements for third-party service
    providers.
  • Encryption in transit and at rest is applied for hosted data, and access is logged
    and monitored.

We take reasonable steps to protect information from misuse, interference and loss, and
from unauthorised access, modification or disclosure.

Personal information is hosted on Amazon Web Services (AWS). We apply encryption in
transit and at rest, role-based access controls, logging and monitoring. MFA is enabled
for certain system entry points and is being rolled out across remaining entry points.

Retention and Destruction
It is a legislative requirement that we keep personal information and records for at least
seven years. If you are no longer a client, we will retain your personal information securely
for that period.


We maintain a documented retention schedule aligned to legal and business requirements.


We retain personal information for at least seven years and, where reasonably necessary
(for example, to maintain SMSF and tax records or meet legal obligations), for longer. We
maintain a documented retention schedule.”


Access and Correction (APPs 12 and 13)
You may request access to your personal information and request correction if it is
inaccurate, out-of-date, incomplete, irrelevant or misleading. Access may be provided by:

  • Copies of documents;
  • Inspection; or
  • A summary.

Requests should be made in writing to our Privacy Officer. We will respond to access and
correction requests within a reasonable period, typically within 30 days. Access may be
refused in limited circumstances permitted by law. If access is refused, we will provide
written reasons and information about how to complain. If we correct information or refuse
to correct it, we will, if you request, take reasonable steps to associate a statement with
your record.


Unique Identifiers
CSS does not adopt, use or disclose government-related identifiers (such as tax file
numbers) as our own identifiers. Any unique identifiers we assign (e.g., client numbers,
portal IDs) are used only where reasonably necessary for our functions and are handled
in accordance with this Privacy Policy and the APPs.


TFNs are collected, used and disclosed only as permitted by the Privacy Act and the
Privacy (Tax File Number) Rule 2015, and are stored and transmitted using enhanced
safeguards. TFNs are not used as our own identifiers


Website, Cookies and Online Collection
Our website uses session and limited persistent cookies and similar technologies to enable
functionality and improve user experience. Cookies do not generally identify individuals,
but may identify devices and browsers. You can adjust your browser settings to refuse
cookies; some features may not function properly without them.


Our website may link to third-party websites; we are not responsible for their privacy
practices. We encourage you to review the privacy policies of those sites.

We may use analytics services that collect information such as IP address, device and
browser type, pages visited and time on site for the purposes described in Section 5. Where
required, analytics data is de-identified or aggregated.

Sensitive Information
We only collect sensitive information (e.g., health information) with your consent or as
otherwise permitted by law, and we apply additional access controls and safeguards to
such information. Sensitive information is used and disclosed only for the primary purpose
for which it was collected, for directly related secondary purposes you would reasonably
expect, or as otherwise permitted by law.


Complaints and How We Will Resolve Them
If you wish to complain about a breach of your privacy rights, please contact our Privacy
Officer using the details in Section 2. We will acknowledge your complaint within seven
days and aim to provide a substantive response within 30 days. If you are not satisfied with
our response, you may contact the Office of the Australian Information Commissioner
(www.oaic.gov.au, 1300 363 992).


Updates to this Policy
We may update this policy from time to time to reflect changes in law or our
practices. Material changes will be notified by posting a prominent notice on our website
and, where appropriate, by direct communication to affected individuals. The latest version
will be available on our website.


Definitions
Personal information has the meaning given in the Privacy Act 1988 (Cth): information or
an opinion about an identified individual or an individual who is reasonably identifiable.


Sensitive information includes health information and other categories defined in the
Privacy Act (e.g., racial or ethnic origin, political opinions, religious beliefs, membership of
a professional or trade association, sexual orientation or practices, and criminal record).


Government-related identifier has the meaning given in the Privacy Act (e.g., tax file
number).

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt

Start typing and press Enter to search