There are some instances when we will need to provide your personal information to third parties. These third parties include:

• Our administrator for the purpose of administering the Fund and providing you with superannuation services;
• Insurers, underwriters, medical consultants and practitioners for the purpose of the assessment of claims for insurance benefits or requests for insurance cover;
• Auditors, actuaries, lawyers, professional advisers and other experts;
  
• Participating employers;
• Mailing houses, data warehouses and election agencies for the purpose of providing reporting to us and communications to you;
• Providers of marketing and advertising services;
• Another superannuation fund which you have nominated as your rollover institution;
• Dispute resolution bodies such as the Australian Financial Complaints Authority (AFCA) and the Office of the Australian Information Commissioner (OAIC) for the purpose of dispute resolution;
• External research houses to assist us in the provision of services and product research;
• Related bodies corporate of Togethr who may provide services to members;
• International government agencies where expressly required by law; and
• Government agencies such as the Australian Prudential Regulation Authority (APRA), the Australian Transaction Reports Analysis Centre (AUSTRAC), the Australian Securities and Investments Commission (ASIC), the Australian Taxation Office (ATO) and other bodies where expressly authorised by law.

When we disclose information to your employer, this disclosure is limited to the information that would have been previously advised by your employer to us in the first instance.

Outside of these disclosures, your information is kept confidential and is only disclosed to you or to your authorised representative. An authorised representative is a person to whom you have given consent to access your personal information and may include a financial adviser, lawyer, spouse or legal personal representative.

Whenever we disclose your personal information to a third party, we seek to ensure that your privacy is protected to the same standards as required by us.

We have security measures in place and take all reasonable steps to ensure that your information in both hard copy and electronic format is stored in a secure environment and protected from misuse, interference or loss, and from unauthorised access, modification or disclosure.

We have a dedicated Data Governance and Security team that is responsible for our Data Governance Policy, associated systems and processes, and 24/7 monitoring of our networks. This team works with external security specialists to implement multiple measures, including strict data handling protocols.

We also conduct regular audits and tests to ensure these systems and processes are working.

We assess all our external vendors against our extensive set of Security Standards, as required under APRA CPS/CPG 234. Vendors are required to report annually on how they have meet or exceed our standards.

Our administrator, Mercer, arranges for independent audits of their systems and processes to be conducted and provides details of these audits to us. The audit reports are then reviewed by our IT Security Manager or our external expert security consultancy to seek to ensure they align with our standards.

Your personal information is also protected through the use of secure passwords, usernames and different levels of access. At all times, access to your information is restricted to staff who require the information to administer your account and provide information and services to you. It is also restricted through the use of security identification checks performed by staff before any disclosure of personal information over the phone. We train our staff who handle personal information on the importance of protecting the personal information and the privacy of individuals.

In certain circumstances we are required to collect government identifiers such as a tax file number, Medicare number or pension card number. We do not use or disclose this information other than when required or authorised by law or unless you have consented to disclose this information to a third party.

As required under the Privacy Act, when we no longer need the information for any purpose and it is not required under Australian law to retain the information, it is destroyed in a secure manner or deidentified. This includes the secure disposal and erasure of hard copy and electronically stored personal information.

You will, with limited exceptions, be able to access the personal, sensitive and health information that we hold about you by either making an appointment to come to our office to view it personally, calling us to request a copy of the information, or by sending us a written request. You will not be charged for accessing your personal information, however, if we incur a cost in giving you access to your personal information, we may need to charge you a reasonable fee for the associated costs.

We will aim to respond to requests for access within 30 days. In certain circumstances, we will not be able to grant you access to the personal information that we hold about you if doing so would unreasonably impact the privacy of other individuals, would undermine legal proceedings or negotiations currently in progress or if another exemption applies. Any information in relation to a disability claim is not generally available until the final stages of a decision on the claim. If your request is refused, we will notify you with reasons for the refusal.

In order to provide services to you, we rely on your personal information being complete, up-to-date and accurate. If you believe that any of the personal information that we hold about you is incorrect, you can update the information in your member portal on our secure website or by contacting us.

Unless you have asked us not to, we will from time to time send you communications about products or services that relate to your membership and other opportunities available to you as a Fund member.

If you no longer wish to receive such information, click the unsubscribe link within the email you received.  You can also contact us.

If you visit our public website, we collect information in order to provide and continuously improve our products and services. Information we collect is related to your interaction with our website and communications.

Like many websites, we use ‘cookies’ during your visit. Cookies are stored in your browser and collect certain types of information when your web browser or device accesses our website.

By using our website you agree to the use of cookies, tagging and pixels.

We may use data obtained  through cookies for a range of advertising and direct marketing activities, including segmentation, targeting, tracking and data analysis. This also helps us to make informed decisions and ensure  the best possible  experience for visitors to our website. We may utilise the services of third-party service providers for these  activities.You can configure your browser preferences to reject all cookies, however doing this means that features on our website may not work.

The online application and member access functions are provided by our Administrator. When using these functions, information about your identity, including identity verification systems, and other personal information is collected, stored and securely transferred between us, our administrator and/or our insurer where appropriate. The administrator's privacy statement can be found at mercer.com.au/privacy.html.

If you wish to make a complaint about a possible breach of your privacy or of the Privacy Act, please contact the Complaints Officer (see contact details below). Please provide sufficient details for your complaint to be investigated.

If your complaint is not resolved to your satisfaction within 30 days, you can lodge a complaint with our external dispute resolution agency, the Australian Financial Complaints Authority (AFCA), or with the  Office of the Australian Information Commissioner (OAIC). To make a complaint, please refer to the Complaints Officer

• Mail: Complaints Officer
  Catholic Super
  GPO Box 4303
  Melbourne VIC 3001

• Phone: 1300 655 002

• Online: csf.com.au/contact-us

We will amend this privacy policy from time to time. Changes will be published on our website.