Last Updated: 03 March 2023
It is important to understand that we provide a range of products and services that enable our clients and their users, and their invited users, to provide us with information relating to themselves, each other, and their own end-clients. This can be illustrated as follows:
Our clients and their representatives (Client Users) may provide us with personal information:
- about themselves;
- about other users such as fund administrators, accountants and financial advisers, whom they wish to invite to access the accounts they have established with us (Invited Users); and
- about their end-clients, which may be a superannuation fund trustee or an investor, whose information they enter into our products or services (End Client).
Invited Users or anyone who engages with us directly may provide us with personal information:
- about themselves; and
- about the End-Clients whose personal information they have been invited to access.
What personal information do we collect and hold?
We collect personal information directly from our Client Users, Invited Users and anybody else who engages with us directly when they:
- register to use, or use, any of our products or services;
- post information to our forum or blog; or
- contact our support team.
As noted above, we may collect personal information about Invited Users and End-Clients from other users of our products or services. We also collect personal information from individuals generally (which may include Client Users and Invited Users) when they:
- visit our website;
- call or receive calls from us;
- complete competition entry forms and client surveys;
- book or participate in training or events;
- apply for a job; and
- provide material to us to enable us to provide our services to you.
The types of personal information we collect will vary depending on the purposes for which it is collected, but may include:
- a person’s name, contact details and information relevant to their use of our products or services, when establishing an account with us or registering to attend our training or events;
- payment information, such as direct debit information and ABN, when you purchase a product or service from us;
- data that is input into our products by Client Users and Invited Users, or generated as a result of their use of our products (User Data); and
- other personal information that individuals may choose to provide to us, for example in a resume.
We do not generally collect or disclose sensitive personal information, such as information about a person’s race, religion or political affiliations.
We collect and use personal information for limited purposes
The primary purposes for which we collect, use and disclose personal information include:
- the delivery and administration of our products or services, and those of our related bodies corporate and Partners (as defined in section 6 below), that you choose to use;
- to comply with applicable laws and regulations;
- to provide marketing communications in relation to our products and services, and those of our related bodies corporate and Partners (as further described in section 6 below);
- to resolve support issues which may arise with our products and services or those of our related bodies corporate and Partners; and
- to process any job applications we may receive.
Our collection and use of personal information via website cookies and analytics
How is your personal information disclosed?
- United States of America;
- United Kingdom;
- Japan; and
Where we do so, we take all reasonable steps to ensure those Contractors handle that information in a manner consistent with the Australian Privacy Principles. Our Partners are independent third parties, and we do not control their privacy handling practices. Please check the privacy policies of our Partners in relation to their privacy handling practices. If you are a Client User, you should also check the privacy policies of any of your Invited Users, as we are not responsible for their access to or use of any personal information that you invite them to access. Class does not provide any assurance that our Client Users or Invited Users do not display or send any such data overseas.
How is your personal information secured?
There are inherent risks in transmitting information across the internet. Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. However we strive to protect personal information from misuse, loss and unauthorised access. We take all reasonable steps to protect personal information from misuse, interference and loss, and from unauthorised access, modification or disclosure. Reasonable security measures and procedures undertaken include security audits, penetration testing, password protections, encryption tools and other security software. Internal access to users’ private and non-public personal information is also appropriately limited to prevent misuse or unlawful disclosure of the personal information. You are responsible for ensuring that any user name and password that are issued to you are protected at all times from unauthorised access by third parties.
Data Breach Notification Protocol
We have implemented a data breach notification protocol available at www.class.com.au/data-breachprotocol, as updated and amended by us from time to time, and you must comply with the applicable terms of the protocol.
Accessing and correcting your personal information
If you need to access or correct any personal information we hold about you, you may be able to do so using the relevant product or service we provide to you, or if you are an End-Client by contacting the Client User or Invited User who has entered such information in our products or services. If you are unable to do so, in the first instance please contact your Account Manager (if you are a direct client of ours) or using the contact details in section 12 below. Please provide as much detail as you can about the particular information you wish to access or correct, in order to help us retrieve it. We may charge you an access fee to cover our costs of providing that information to you. We will inform you of applicable fees before they are incurred. We will process your request within 14 days of its receipt or such other time that is reasonable in all the circumstances. We will provide you with a copy of personal information we hold about you wherever it is possible and practicable to do so. However in certain circumstances described in the Privacy Act we may refuse your request for access to your personal information. We will provide you with a written notice setting out the reason(s) for our refusal and the manner in which you may make a complaint about our refusal. For example, it may be necessary for us to deny you access to your personal information where it has an unreasonable impact on the privacy of others. In such circumstances, we will work with you to endeavour to find a mutually agreeable alternative. For example, we may require you to arrange for access to your personal information (in particular, where you are an End-Client) via a mutually agreed intermediary (for example, the Client User or Invited User who entered such information into our product or service). We rely on you to ensure that the personal information you provide to us is accurate, complete and up-to-date. Where you believe personal information provided by you may be inaccurate you may make a request to correct such personal information. If we are satisfied that the personal information we hold is inaccurate, out of date, incomplete, irrelevant or misleading, we will take all reasonable steps to update and correct that personal information within our systems. You may also request that we take such steps as are reasonable to notify any other entity that we previously disclosed the inaccurate information to in order to correct the information in their system. If we refuse your request to correct personal information we will provide you with written notice setting out our reason for such a refusal and the mechanisms by which you can make a complaint.
Links to other websites
We provide you with the option of transacting with us on an anonymous basis or through a pseudonym where it is lawful and practicable to do so. However, in order to use most of our products and services you will be required to register with your legal name in order for authorisation of financial information to occur.
If you wish to make a complaint about the way in which we handle your personal information, please email our Privacy Officer at firstname.lastname@example.org. We endeavour to respond to any such complaints as quickly as possible, including by providing an initial response to written complaints 10 days from receipt and investigate and resolve the complaint within 30 days from receipt. We will notify you promptly if it is likely to take longer for us to respond to any complaint and update you on the progress of our response periodically. If you are dissatisfied with our response, you may refer the matter to the Australian Information (Privacy) Commissioner (see www.oaic.gov.au).