Privacy Policy

Introduction

The Heron Partnership believes that privacy is a fundamental individual right and that it is important to our business and to our clients.

We adhere with the Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles set out in the Act, which govern the way we collect, utilise, disclose and store personal information obtained by us in the course of our business.

This Privacy Policy covers details about the types of information we may collect, how it is stored, how we collect that information, what it is used for, whether information is likely to be received by an overseas entity, how information may be accessed and corrected by an individual, and how any queries or complaints regarding privacy can be addressed.

Types of personal information collected and held

Personal information is only provided to us to enable us to facilitate the provision of our professional service to our client. Personal information may include your name, employee/payroll number, date of birth, gender, occupation, remuneration, state of health, insurance claims information, financial information and details of your superannuation benefits. Not all information is required in all circumstances; data requirements are dependent of the type of professional service being undertaken.

How we store personal information

Personal information may be held in physical format, or as electronic data. We may store information in cloud or other types of networked or electronic storage. We take reasonable steps to protect the information we hold, which include (for example):

  • Security requirements for accessing our systems

  • Security measures for accessing our physical building

  • Website protection measures

  • Confidentiality requirements for staff and third parties

How we obtain personal information

Personal information is usually provided to us, as permitted by law from third parties which may include: your employer, (as our client), the service providers to your employer’s superannuation fund, (including the administrator, insurer, actuary, etc).

When you look at our web site, our Internet Service Provider makes a record of your visit and logs the following information for statistical purposes:

  • your server address

  • your top level domain name (for example .com, .gov, .au, .uk etc)

  • the pages you accessed and documents downloaded

  • the previous site you have visited

  • the type of browser you are using.

When accessing our products or services electronically, we need to collect certain information to allow access and to verify that you have authority to access this information. We would generally collect your username and password to the particular service for this purpose.

Unsolicited personal information we receive will be destroyed or de-identified, dependent of whether that information has been determined to be reasonably necessary for us to provide our professional services.

What personal information is used for

We will only use and disclose personal information for the purpose that it was collected, or any other directly related purpose that it would be reasonably expected to be used for. There are several reasons we require personal information and it is collected where it is reasonably necessary for us to provide our services. For example, if we are conducting a review of your employer’s superannuation arrangements or providing an actuarial valuation of the defined benefit division of an employer fund we need to collect details of the superannuation benefits of the members concerned to enable us to provide our advice.

When we conduct outsourcing tenders for the provision of employer default funds, collective totals of individual personal data is utilised to enable access to group discounting etc.

When group insurance tenderers, or work associated with re-rating of group insurance arrangements is undertaken, personal data including specific individual data for various types of claims is required, for distribution to those who assess this detail to be able to provide a quote or financial commentary on the premiums being charged or proposed to be charged.

When claims management support services are provided personal information regarding a person’s state of health, medical information, and doctors reports may be received. These are required for the insurer to assess the claim and make a decision on whether or not to pay the claim.

In other circumstance we will only record personal details which you explicitly provide if you send us a message. Your e-mail address will only be used for the purpose for which you have provided it, such as purchasing a product from us or contacting you about our products and services, and it will not be added to a mailing list or used for any other purpose without your consent. However, we may disclose your collected information to other parties, such as contractors, who provide IT and other related services to us. In providing any such information we will take appropriate action to ensure the other party/ies comply with privacy provisions and only utilise such information for the purpose required.

Cookies are used on our website for the purpose of automatically authenticating users to the system, if that option is specifically selected by the user when logging into the system.

If you do not wish to receive information about our products and services you should email us at info@heronpartners.com.au.

We do not sell or trade personal information, or use it for direct marketing purposes.

The Heron Partnership or associated companies will not make an attempt to identify users or their browsing activities, except as detailed above. However, in the unlikely event of an investigation, a law enforcement agency or other government agency may exercise its legal authority to inspect our Internet Service Provider's logs.

Cross border disclosures of personal information

We do not send personal information overseas.

How personal information may be accessed and corrected

Your personal information held by us may be accessed by contacting our Privacy Officer. If your personal information held by us is deemed to be incorrect as at the time it is provided to us we will take appropriate action to correct the information held.

We have in place appropriate commercial safeguards to protect any personal information we hold and to prevent unauthorised access to or use of any personal information.

Notifiable Data Breach

In accordance with the Notifiable Data Breaches Scheme, if your personal information is involved in a data breach that is likely to result in serious harm to you, we will notify you and the Office of the Australian Information Commissioner (OAIC), as required.

Dealing with privacy issues

For more information about our Privacy Policy or to answer any questions or to make a complaint about a breach of the Act or this Privacy Statement, please contact The Heron Partnership at info@heronpartners.com.au. You may also contact the Privacy Officer by:

Post: Privacy Officer, The Heron Partnership Pty Limited, Level 9, 412 St Kilda Road, Melbourne, Victoria 3004

Phone: (03) 9254 4900

In addition, if you require further information about privacy and the protection of private information you could go to www.oaic.gov.au, or contact them by phone 1300 363 992, or by email on enquiries@oaic.gov.au.

This Policy was last updated in October 2023.