SuperGuardian (ACN 113 986 968) (‘we’, ‘our’, ‘us’, is bound by the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy (Policy) sets out how we collect, use and share your personal information and how to contact us with any queries or concerns.

While we may update our Policy from time to time, the most recent version of this Policy will always be available on our website. If we change the Policy in any material way, we will post a notice on our website along with the updated Policy. We may also contact you via your contact information on file, for example by email, notification or some other equivalent measure. 

If you have any queries, concerns or complaints about how we handle your personal information, please contact out Privacy Officer in the first instance:

Privacy Officer Contact: Joshua Williams
Email: joshua@superguardian.com.a
Postal address: GPO Box 1215, Adelaide SA 5001
Attention: Privacy Officer

SuperGuardian
65 Gilbert Street, Adelaide SA 5000

Our website may contain links to other websites. When you click on a link to another site, you are no longer subject to this Policy.

1. What types of information do we collect and why?

In the course of providing our goods and services to you, we collect personal and other information about our clients, prospective clients, beneficiaries, trustees, directors, employees, contractors, service providers and other business contacts and how they interact with us, our goods, and our services. When you provide us with your personal information, you are agreeing to our collection and handling of your personal information in accordance with this Privacy Policy. We collect personal information through a number of mechanisms, including:

Collection from you: we collect and store information you provide directly to us (either in person, by email, by phone, or by any other direct means) in order to deliver our goods and services. This includes:

• • Contact information: such as your name, address, email address, telephone number;
  • Personal information: such as date of birth, tax file number, occupation, information about dependants and driver’s licence details;
  • Financial and credit information: such as your payment information (credit card, bank account), superannuation, investment and bank records; and/or
  • Business details: such as your Australian Business Number

2. How do we use your personal information?

We will only use your information for the purposes for which it was collected (primary purpose) or a purpose related, or in the case of sensitive information, a purpose directly related, to that primary purpose and if it would be reasonably expected by you or where we have separately obtained your consent.

How we use the information we collect depends, in part, on which services you use, how you use them and any preferences you have communicated to us. If you would like to restrict how your personal information is handled beyond what is outlined in this Policy, please contact our Privacy Officer.

2.1 We may also use your personal information where that use is required or authorised under an Australian law, including to fulfil our own obligations of Artificial Intelligence Systems

We may utilise some artificial intelligence systems to provide you with our services. This includes the processing of personal information by securely controlled artificial intelligence systems. We use these systems to collate, process and review information.

If the collation of personal information results in creating new personal information (such as allowing a view of your financial position) we will always verify that we are permitted to hold this information.

We always ensure that where these artificial intelligence systems are used, they do not disclose your personal information outside of our organisation. If you have any concerns or questions about our processing of your personal information using artificial intelligence, please contact our Privacy Officer.

2.2 Disclosure of personal information to third parties

We may disclose your information to third parties who assist us in providing, managing and administering our goods and services. We will also disclose your personal information where such disclosure is required or authorised by Australian law.

We disclose your personal information to third parties, including:

• • Superannuation funds, insurers, fund managers and other product providers;
  • Document Verification Service (DVS) providers;
  • IT service providers and compliance consultants;
  • Legal or financial representatives (as authorised);
  • Our offshore team in the Philippines (subject to equivalent privacy standards);
  • Government and regulatory bodies where legally required;
  • Potential business acquirers (under strict confidentiality).
    
    

We do not sell or license your information to third parties.

3. How do we store and secure the information we collect?

We store your personal and credit information as physical files in a secured area or on our electronic data base system and on computers with appropriate back up and security systems.

3.1 Security and management of personal information

We will take reasonable steps to protect the personal information we hold from misuse, loss, and unauthorised access, modification or disclosure. We do this by:

• • putting in place physical, electronic and procedural safeguards in line with industry standards;
  • requiring any third party providers to have acceptable security measures to keep personal information secure;
  • limiting access to the information we collect about you;
  • imposing confidentiality obligations on our employees;
  • providing privacy training (including on the appropriate use of systems) to those who are responsible for handling your personal information;
  • only providing access to personal information once proper identification has been given; and

When we store your data, we use industry‑standard encryption technologies to protect personal information both at rest and in transit. This includes encryption of data stored in our systems using strong cryptographic controls (such as AES‑256 or equivalent) and encryption of data transmitted over networks using secure protocols (such as TLS). Access to encrypted data is restricted to authorised personnel only and managed in accordance with our information security policies and recognised security frameworks. 

While we take all steps reasonable in the circumstances to protect your information, in the unlikely event a data breach occurs, we will notify you in accordance with our obligations under the Privacy Act.

If we no longer require your personal information, and are not legally required to retain it, we will take reasonable steps to destroy or de-identify the personal information.

4. Security and Data Protection Frameworks

SuperGuardian is committed to protecting the confidentiality, integrity, and availability of the personal information we hold. We comply with globally recognised cybersecurity and information security standards, including:

• • ISO/IEC 27001 – International standard for information security management
  • SOC Reporting Standards – Assuring strong internal controls
  • NIST Cybersecurity Framework – Supporting ongoing risk and data protection governance
    
    

These standards demonstrate our proactive approach to data security, and we regularly review and enhance our systems to ensure continued compliance and resilience.

5. Document Verification Service

We use the Document Verification Service (DVS) to verify identity using government-issued documents. This is required by law to meet anti-money laundering and identity verification obligations.

You have the right to:

• • Understand what information is collected and why
  • Decline to provide identification (noting it may limit our services)
  • Lodge complaints with us or the OAIC regarding the collection or use of your data.
    
    

Notifiable Data Breaches

SuperGuardian has a detailed Data Breach Response Plan to ensure prompt action in case of a data breach. If a breach is likely to result in serious harm:

• • Affected individuals and the OAIC will be notified within 72 hours
  • The breach will be investigated and remedial actions taken
  • Reports will be made to our executive team and Board
    
    
    

6. Privacy Impact Assessments (PIAs)

For high-risk data activities, such as sensitive data use or automated decision-making, we may undertake a Privacy Impact Assessment to evaluate and minimise risk.

7. How to access and control your information?
   
   7.1 Accessing the information we hold about you

Under the APPs you may be able to:

• • obtain a copy of the personal information that we hold about you; and
  • identify where we have obtained your Personal Information from, if we have used or disclosed that Personal Information for direct marketing purposes.
    
    

To make a request to access this information please contact us in writing. We will require you to verify your identify and specify what information you wish to access. If eligible, we will grant you access to the information within 30 days.

If we accept your request for access, we may charge a fee to cover the costs of retrieving, reviewing and copying any material requested. However, we will never charge you for making a request to access information itself.

We will provide written reasons if your request (or any part of it) is rejected, as well as providing details for making a complaint about the refusal if necessary.

7.2 Updating your personal information

We endeavour to ensure that the personal information we hold about you is accurate, complete and up-to-date. Please contact our Privacy Officer if you believe that the information we hold about you requires correction or is out of date.

We endeavour to process any request within 30 days and will provide written reasons if your request is rejected, as well as providing details for making a complaint about the refusal if necessary.

For corrections to credit information we will provide, where practicable, written notice of the correction to any entity we have disclosed this information to previously. 

8. Complaints

If you are concerned that we have not complied with your legal rights or the applicable privacy laws, contact our Privacy Officer in the first instance. Please contact our Privacy Officer with a thorough description of your concerns and a response will be provided within a reasonable period. All complaints must be in writing.

When processing a compliant, we will require you to provide us with information to confirm your identity before processing a request related to information we may hold about you.

We expect our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also contact the Office of the Australian Information Commissioner as follows:

Director of Compliance Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001

For more information on privacy see the Australian Information Commissioner’s website