Privacy Policy 

1. Introduction

At AustralianSuper, we respect your privacy and take our obligations seriously. This Privacy Policy explains how we (AustralianSuper and our wholly owned subsidiaries) collect, use, disclose and protect your personal information, and how you can exercise your privacy rights.

This Policy covers our compliance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), as well as the Spam Act 2003 (Cth).

While the primarily focus is members, it equally applies to:

  • People using our website, or applying to become members
  • Beneficiaries (or potential beneficiaries) and people named in a member’s death benefit nominations
  • Third parties authorised to act on a member’s behalf
  • Employers contributing to the Fund
  • Individuals representing businesses with commercial agreements or partnerships with AustralianSuper

If you’re applying for employment with us, please refer to our Candidate Privacy Notice.

2. What Personal Information do we collect?

The personal information we collect depends on how you interact with us. It may include:

  • Identification details: your name, date of birth, contact details (phone number, residential/postal address, email address), gender and indigenous status (only collected if provided).
  • Employment details: your employment status and employer information, salary, and superannuation contribution details
  • Government identifiers: your Tax File Number (TFN); residency status and relevant ID documents (e.g., driver’s licence, passport, birth certificate, Medicare card, marriage certificate). We only use government identifiers as permitted by law and do not adopt them as our own identifiers
  • Family and beneficiaries: details of your spouse/partner, dependants, and nominated beneficiaries
  • Health information: medical and health related details (for insurance, claims, or where required)
  • Due diligence data: information required for identity verification, including biometric data (a photograph of your face), bank statements or utility bills
  • Financial information: your bank account details; information about investments, assets, liabilities, insurance, and income—both within and outside AustralianSuper—and information about any financial advice you’ve previously sought
  • Member interactions: records of communications and interactions with you, including engagement with our marketing communications, survey responses, and browsing activity on our website or mobile app relating to our services
  • Government held information: court orders or financial agreements (e.g., family law proceedings), family commitments information, and Centrelink entitlements

Where possible (for example just browsing the unsecure section of the website or seeking general information about AustralianSuper products and services through the Contact Centre), you have the option not to identify yourself or to use a pseudonym. However, for most of our services, we need to confirm your identity for legal and practical reasons.

2.1 When You Use Our Website or App

Public (unsecured) website areas:

When you visit public areas of our website (no login required), we collect limited technical information (e.g., date and time of visit, pages viewed, browser and operating system type, general location based on IP address, files downloaded, device identifiers and cookie identifiers). We don’t collect personally identifying data (like your name or membership details) unless you voluntarily submit it through a form (for example, an online enquiry).

Secure website & mobile app:

When you log in to our secure member area or mobile app, we collect information to protect your account and provide personalised services—such as your username, time of login, session actions (pages viewed, features used, information downloaded), technical details (device type, operating system, browser, and general location) and device identifiers. We will also collect an identification number for analytics and security monitoring purposes when you log into a secure page of the website or the mobile App.

Cookies and similar technologies:

We use first party and third party cookies to maintain secure sessions, personalise content, analyse website traffic, and show relevant advertising on external platforms.

  • First party cookies (set by AustralianSuper) help remember preferences and gather analytics. Examples include tools and services such as Google Analytics, Google Optimize, Marketo, Akamai, Microsoft Azure, Microsoft Clarity, Dynatrace Real User Monitoring, and Sitecore Content Management System.
  • Third party cookies (set by our partners) may track ad delivery/performance or enable features. Examples include YouTube, LivePerson, The Trade Desk, and Google DV360 (targeted advertising).

By using our website, you consent to the placement of cookies as described. Most browsers let you adjust settings to refuse some or all cookies. Blocking cookies—especially first party cookies—may impact site functionality (for example, it may prevent login to the secure members’ area or disable personalised features).

3. How do we collect your Personal Information?

We usually collect personal information directly from you. We may also collect it from:

  • Your employer, authorised representative, financial adviser, current/previous super fund, current/previous insurer, or other authorised representatives
  • Government agencies (e.g., ATO, Centrelink) and public data sources (e.g., voter rolls, address validation services)
  • Medical practitioners (where we require health information, e.g., insurance or claims)

If you provide personal information about other individuals (such as a spouse/partner, dependants or nominated beneficiaries), you’re responsible for:

  1. telling them that you’ve provided their details to us; and
  2. giving them our Privacy Collection Statement and this Privacy Policy so they understand how we’ll use their information and what their privacy rights are.

Our website may contain links to external sites. Once you leave our website, this Privacy Policy no longer applies—please review the privacy policy of any linked site.

4. Why do we collect your Personal Information?

We collect, use and disclose personal information to manage your superannuation and provide related services efficiently and lawfully. This includes to:

  • Open and administer superannuation and retirement accounts, manage insurance entitlements, and pursue outstanding Superannuation Guarantee contributions
  • Provide information about your accounts and entitlements
  • Assess eligibility for products and services (including insurance)
  • Facilitate consolidation of super accounts and check for lost super, upon request
  • Provide financial education and facilitate the provision of financial advice
  • Conduct market research, analyse member data, and generate member insights
  • Conduct direct marketing about our products and services (which you can opt-out at any time by managing your communication preferences by logging into your account within the Member Portal or Mobile App or by contacting AustralianSuper)
  • Manage and resolve complaints
  • Comply with laws and regulations
  • Perform other related functions and improve our products and services
The New Daily:

If you opt-in to receive The New Daily, we’ll collect and disclose the necessary personal information (name and email address) to The New Daily’s publisher to arrange your subscription. They will handle that information under their own privacy policy. We only disclose what’s required to enable your subscription.

Non-members:

If you’re not a member (for example, you’re researching options or you’re an employer representative contacting us), we’ll only collect and use personal information needed to respond to your enquiry or provide the requested service.

If you choose not to provide required personal information, we may be unable to provide some services or there may be delays in processing your requests.

4.1 Customer Due Diligence (CDD)

For some transactions or when mandated by law, we will take extra steps to verify your identity and the legitimacy of the transaction. This process is referred to as Customer Due Diligence (CDD) and is done to minimise the chances of fraudulent account activity, to verify your identity under our Anti Money Laundering (AML) obligations and to protect your account.

Information collected for CDD:

To perform CDD, we may request government-issued photo identification documents (such as a driver’s licence or passport number), a photograph of you holding your photo ID and/or a photo of your face (a “selfie”), and additional identification information (such as utilities bills, bank statements and/or council rates).

Our CDD checks include:

AustralianSuper’s CDD process can consist of any one or a combination of the following checks:

  1. Document Verification Service (DVS) Check: The details of your government-issued photo identification documents are sent through a secure channel to the Australian Government’s DVS – a system operated by the Attorney-General’s Department (‘AGD’). The DVS Hub subsequently securely routes the document details to the government agency that issued the document to check whether the details on the provided documents match the department’s official record. If the details provided match the official records, a “yes” is returned to the Fund and if the details of the provided government-issued photo identification documents do not match the department’s official records, a “no” result is returned to the Fund. This check confirms whether the government-issued photo identification documents provided are genuine.

    DVS matches are only performed if you provide express consent. If you do not wish to provide consent, a paper-based document verification method is available; refer to Providing proof of identity for details for this alternative verification process. However, please note that this alternative process may take longer and may delay processing of requested account activity.

    For information on how AGD handles personal information when operating the DVS service, refer to the AGD/IDMatch Identity Verification Services Privacy Statement.

  2. Facial Biometric Match: We use a trusted service provider to conduct a facial comparison, between the selfie provided to the photo on the government-issued photo identification documents provided. We do this using a secure AI tool. This step verifies that the person attempting the transaction is the same person pictured on the provided government-issued photo identification document. The selfie image is handled in Australia on secure servers.

  3. Credit Bureau Identity Cross-check: As a further identity confirmation, AustralianSuper may submit your basic identity details (name, date of birth, and address) to established credit reporting agencies (such as Equifax). These agencies check if the details provided match the information on file in their credit records and returns a simple “match” or “no match” response. Importantly, this process does not involve sharing any financial credit information and we do not receive any credit score or loan details, only whether the identity information is consistent with what’s known to the credit bureau. This check has no impact on your credit score and is not recorded as a credit check for financial purposes.

    This check is only performed if you provide express consent. If you do not wish to provide consent, the same paper-based document verification method mentioned previously (refer to Providing proof of identity for details) is available.

  4. Other documentation that establishes ID: We may also ask for additional documentation that confirms your identity and details. These may include but are not limited to recent utility bills, bank statements, a birth certificate, Government issued change of name documents and council rate notices.
Why CDD is done:

We perform these steps to meet our legal obligations under laws such as the Anti Money Laundering and Counter Terrorism Financing Act 2006, and under our risk-based policies that flag certain transactions. CDD helps reduce the risk of fraudulent withdrawals or impersonation attempts, protecting you and the Fund.

If you believe your personal information has not been handled correctly during CDD, see Section 8 to understand how you can lodge a privacy complaint.

5. Who do we disclose your Personal Information to?

We share personal information:

  • With you (the individual to whom it relates)
  • Your authorised representatives (e.g., third-party authority, executor/administrator of estate, power of attorney)
  • Your financial advisers and their engaged third-party service providers, and Advice Co, to enable provision of financial advice
  • Courts and tribunals, and government or regulatory bodies/authorities (e.g., APRA, ASIC, AUSTRAC, AFCA, OAIC) as required by law or regulation
  • Third parties on specific matters where you’ve consented (e.g., KiwiSaver funds, employers)
  • Our service providers and trusted partners for the purposes described in Section 4, including:
    • Administrator: Australian Administration Services Pty Ltd (part of MUFG Pension & Market Services Holdings Ltd)
    • Contact centre provider and telephony system provider
    • Insurer: TAL Life Limited (which may disclose information to claims investigators, medical practitioners, reinsurers, insurance reference bureaus, and outsourced functions).
    • Mail houses; independent consultants and market research companies; auditors, actuaries, and lawyers; web hosting companies/information technology providers; web/app developers; online calculator providers
    • Member Direct platform partner
    • Other superannuation, pension and investment fund trustees or administrators where an investment is transferred to another fund
    • Other organisations (including trusted partners) for the purposes described in Section 4

We also employ enterprise Artificial Intelligence solutions to make our operations more efficient and reduce costs to members. Some of these solutions require us to disclose PI to technology vendors to support these solutions. We ensure these solutions are trusted enterprise solutions that allow us to maintain control and security over your personal information

5.1 Disclosing Information Overseas

There are some instances where your personal information may be shared outside Australia. These include:

  • our software development service provider, who are based in Australia, use an offshore development team in India, Philippines, UK and USA for some aspects of software development services and our website incident rectification and a range of technology-specific and technology-agnostic delivery services.
  • The administration of the Member Direct investment option is undertaken from New Zealand
  • Microsoft’s provision of services to AustralianSuper are varied and as such, your personal information may be processed in any of Microsoft’s global data centres.
  • Some financial advisers may have offshore staff or use service providers, which may be based offshore or have offshore operations, to assist them with member administration activities in the context of providing financial services to you.

Your personal information will be stored in Ireland if you choose to subscribe to The New Daily.

Our staff in our UK or US offices may also access your personal information for the purposes described in section 4 above.

6. How is your Personal Information kept secure?

We have a comprehensive set of controls and processes in place that ensure that your personal information is restricted to authorised staff and third-party service providers and only used in accordance with the purposes outlined in section 4.

Steps we have taken include:

  • regular information security and privacy training to all staff
  • technical measures like encryption, firewalls, antivirus software, physical security controls and regular vulnerability monitoring and management.
  • documented and tested incident response plans
  • contractual agreements with third parties, requiring them to adhere to similar security standards when handling your personal information.

These all operate to safeguard your personal information from unauthorised access, disclosure, modification, misuse, or loss.

7. How can you access and seek correction of your personal information?

In order to keep your personal information as current as possible, we ask that you let us know, via any of the methods outlined on our Help & Support page, of any changes to your personal details.

You may also ask to request a copy of all the personal information we hold about you. We will seek to respond to your requests for information within a reasonable period after the request is made. However, please note that in some circumstances, we may not be able to allow you access to your personal information.

If we are unable to provide you with access to your personal information, we will notify you of the reasons for the refusal and the complaint mechanism available to you.

If we incur a cost in giving you access to your personal information, we may need to charge you for the associated cost(s).

8. How can you raise a privacy complaint or ask a privacy question?

If you believe your privacy has been breached, have a privacy complaint or want to ask questions about how your personal information is handled/processed by the Fund, you should write to:

AustralianSuper Privacy Officer
AustralianSuper Pty Ltd
130 Lonsdale Street
Melbourne Vic 3000
or email us.

We will review the content of your correspondents and respond within a reasonable period of time after we receive your complaint.

If you are not satisfied with the resolution of your complaint, you can refer your complaint to the Office of the Australian Information Commissioner at www.oaic.gov.au

9. How will AustralianSuper communicate changes to its Privacy Policy or Privacy Collection Statement?

AustralianSuper may change its Privacy Policy and Privacy Collection Statement from time to time. We will post any changes on the relevant pages of the AustralianSuper website (www.australiansuper.com).

 

Non-Member UK & EEA Specific Addendum

In addition to the Privacy Policy, the following information applies to the collection and use of personal information from people who are not members of AustralianSuper, and who are domiciled in the United Kingdom or European Economic Area (“EEA”), with such personal information referred to in this addendum as “Personal Data”.

1. Legal Basis for collection

In accordance with the UK & EEA GDPR, we have a legitimate interest in collecting and using Personal Data, including:

Purpose and/or activity  Type of data Legal basis for processing
To ensure better outcomes in retirement for our members, by managing the assets of the Fund, including fostering new and existing relationships, managing and investigating investments and investment opportunities, and advocating for better industry practice.
  • “Contact Data”, including your work address, email address and telephone numbers; and
  • “Identity Data”, including your first name, last name, gender, username or similar identifier, title.
  • Legitimate Interest: To ensure that we have your contact details so that we can fulfil the purposes and activities listed in this table.
Images are being monitored by CCTV for the purpose of public safety, crime prevention and detection, and prosecution of offenders.
  • Images” from CCTV footage of ingress and egress points from UK office (“Images”).
  • Legitimate Interest: To ensure security of UK office, assets and staff.

2. International transfers

References at section 7 of the Privacy Policy to transfers of data “overseas” mean transfers out of Australia of personal information that is not UK or EEA Personal Data. For the purposes of this addendum, the information at section 7 of the Privacy Policy applies to UK or EEA Personal Data, but “overseas” is taken to mean transfers outside the UK or EEA. In addition to transfers outside the UK or EEA, we may also transfer UK or EEA Personal Data within AustralianSuper which requires transfer of the Personal Data to Australia and the United States. When we share your Personal Data within AustralianSuper or outside the UK or EEA, the Personal Data is shared in accordance with our Privacy Policy including this addendum.

Whenever we transfer Personal Data out of the UK or EEA, we ensure a suitable degree of protection is afforded to it. Where a transfer is within AustralianSuper, we ensure that access to Personal Data is restricted to AustralianSuper staff who require the information to complete the purpose described at item 1 of this Addendum and at section 4 of the Privacy Policy. A system of passwords and different levels of access is used to protect the Personal Data that is held on our system. Where a transfer is to third parties (including as listed at section 6 of the Privacy Policy), access is only provided to the extent required for the third party to assist us to complete the purpose described at item 1 of this Addendum and at section 4 of the Privacy Policy.

3. Retention period

Personal data will only be retained for a period of 7 years following the date on which AustralianSuper last had activity associated with that Personal Data.

Notwithstanding the aforementioned, Images will only be retained for a period of 1 month following the date on which the Images are recorded, after which time the Images will be automatically destroyed.

4. Data subject rights

In accordance with the UK and EEA GDPR, all data subjects have a right to request from AustralianSuper:

  • access to and rectification or erasure of any Personal Data;
  • a restriction on our processing of the Personal Data; and
  • a cessation to processing or portability of the Personal Data.

If you wish to make any of these requests; or have any other concerns regarding our collection or use of your Personal Data, you should contact us directly via the contact details at section 11 of the Privacy Policy. If you have any concerns regarding our collection or use of your Personal Data and you do not wish to contact us directly, or if we do not resolve your concerns or complaints to your satisfaction, you may seek further recourse by contacting your local courts or data protection authority.

5. Failure to provide Personal Data to us

Provision of Personal Data to us is not mandatory, however where we need to collect your Personal Data:

  • under the terms of a contract we have with you (if any), and you fail to provide that Personal Data when requested, we may not be able to perform the contract we have or are trying to enter into with you; and
  • in order to involve you in managing the assets of the Fund (which may include collection under contract), including fostering new and existing relationships, managing and investigating investments and investment opportunities, and advocating for better industry practice. If you fail to provide that Personal Data when requested, we may not be able to involve you in those activities.

Document last updated on: 24 December 2025.

Back to top