TOMORROW Super Privacy Policy

This is the Privacy Policy of TOMORROW Financial Services Ltd, known as TOMORROW Super. In this Privacy Policy “TOMORROW Super”, “we”, “our” and “us” have the same meaning.

Protecting your personal information is important to us. We respect your privacy and we are committed to protecting your privacy. We are bound by, and committed to supporting, the Privacy Act 1988 (Cth) (Privacy Act). This Privacy Policy explains the way we collect, maintain and handle your personal information.

If you want more information about this Privacy Policy, or if you want to inquire about any of your personal information, or if you believe your personal information is inaccurate, incomplete or out-of-date, contact us.

If you give us personal information about another person, you represent that you are authorised to do so and agree to inform that person who we are, that we will use and disclose that information for the relevant purposes set out below, and that they can access the information we hold about them.

Your personal information will be treated strictly in accordance with the Australian Privacy Principles contained within the Privacy Act 1988 (Cth), as amended.

This policy outlines for our customers and prospective customers:

  1. The kinds of personal information that we collect and hold;
  2. How TOMORROW Super will collect and hold such personal information;
  3. The purposes for which we collect, hold, use and disclose personal information;
  4. How our customers or prospective customers may access their personal information, held by TOMORROW Super;
  5. How our customers or prospective customers raise a complaint about a breach of the Australian Privacy Principles, and how we will deal with such a complaint; and
  6. Whether we will or are likely to disclose personal information to overseas recipients; and to which countries the information may be sent.


1. The information TOMORROW Super collects

Personal information is information that can identify you. We must obtain personal information about you so we can provide the most appropriate products and services to you, provide information and marketing material to you and satisfy certain legislative and regulatory requirements.
We will only collect personal information that is necessary to provide our products and services to you, including information needed to comply with legal and regulatory requirements. We may collect the following types of personal information:

  • name;
  • gender;
  • email address, mailing or street address and other contact details;
  • date of birth;
  • information to verify your identity such as your driver’s licence number;
  • tax file number; and
  • information about other products or services of ours or any related body corporate that you may hold or use.
  • Information about your health and occupation: current employer, job role, income and title and health details (see 2. Health and occupational Information below for the circumstances we do this).
  • details of your social accounts such as Facebook, Twitter, if you provide us with this information, or engage with us via these channels

We are required to collect your name, address, date of birth and other verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). We are authorised to collect tax file numbers under tax laws and the Privacy Act.


2. Health and occupational information

We collect your health and occupational information where we offer you products with an insurance component or to assist in assessing certain claims, including hardship. We do not use or share that information for any purpose other than the application, underwriting or administration of your financial product, claim or account, or as otherwise notified to you at the time we collect your information.


3. Sensitive information

Generally, we do not collect sensitive information about you unless required by law or where you consent for us to do so (and in any event only where it is relevant to your product). We will not collect sensitive information about you where this is expressly prohibited by local law.

Sensitive information includes information relating to:

  • race
  • political or religious beliefs
  • sexual orientation and sexual life
  • criminal convictions
  • membership of professional or trade associations or unions
  • biometric and health information
  • information about your affiliation with certain organisations, such as professional associations.


4. Telephone recording

TOMORROW Super or third parties providing connected services may record telephone conversations. If TOMORROW Super does record conversations, this will be disclosed prior to connecting to a TOMORROW Super staff member and you will be given an opportunity to refuse such recording.


5. Cookies

A ‘cookie’ is a packet of information placed on a user’s computer by a website for record-keeping purposes. We may use cookies and other technologies to grant you access to certain parts of the website and to monitor traffic patterns, manage advertising and other activities.

Cookies may also be used for other purposes on the TOMORROW Super website but in each case, none of the information collected can be used to identify you personally but rather identifies your computer. You can configure your browser to notify you when you receive a cookie and this will provide you with an opportunity to either accept or reject it each time.

If you disable the use of cookies on your web browser or remove or reject specific cookies from the website or linked sites then you may not be able to gain access to all of the content and facilities within TOMORROW Super’s website.

We use cookies on this website for the following purposes:

  • Analytical purposes: Analytical cookies allow us to recognise, measure and track visitors to the website. This helps us to improve and develop the way the website works, for example, by determining whether site visitors can find information easily, or by identifying the aspects of the site that are of the most interest to them.
  • Usage preferences: Some of the cookies on the website are activated when visitors to our sites make a choice about their usage of the site. Our website then ‘remembers’ the settings preferences of the user concerned. This allows us to tailor aspects of the site to the individual user.
  • Terms and conditions: We use cookies on the website to record when a site visitor has seen a policy, such as this one, or provided consent, such as consent to the terms and conditions on our website. This helps to improve the user’s experience of the site – for example, it avoids a user from repeatedly being asked to consent to the same terms.
  • Session management: The software that runs the website uses cookies for technical purposes needed by the internal workings of our servers. For instance, we use cookies to distribute requests among multiple servers, authenticate users and determine what features of the site they can access, verify the origin of requests, keep track of information about a user’s session and determine which options or pages to display in order for the site to function.
  • Functional purposes: Functional purpose cookies store information that is needed by our applications to process and operate. For example, where transactions or requests within an application involve multiple workflow stages, cookies are used to store the information from each stage temporarily, in order to facilitate the completion of the overall transaction or request.
  • Remarketing – Cookies can be used to remarket our services and products to previous visitors. More information about this is provided in the ‘Remarketing’ section.


6. Google Analytics

We use Google Analytics on our website. Google Analytics is a service that transmits website traffic data to Google servers. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffic and webpage usage related to the TOMORROW Super website. Google Analytics services cannot function without the use of cookies.


7. Not providing your personal information

If you do not give us your personal information some or all of the following may happen:

  • we may not be able to provide you with or subsequently administer some or all our products or services; or
  • we may not be able to provide you with information about our products and services.


8. How TOMORROW Super will collect and hold such personal information

We collect personal information about you directly from you — this can be in person, in documents you give us, from telephone calls, emails, competitions you enter, your access to our website or from transactions you make. We take reasonable steps to be transparent about how and why we collect personal data.

The main ways we may collect personal information about customers are:

  1. if you subscribe to any of our information or other services;
  2. if you open any form of account; or
  3. if you give information or other material to any part of TOMORROW Super;

We maintain records of transactions and activities on accounts you may hold with us. During the course of your relationship with TOMORROW Super, we will also gather information about products and services provided to you.

We may also collect your personal information from a related account holder (to facilitate a benefit, discount or introduction) or third parties including public sources and service providers (including credit reporting bodies and information service providers).

If we accidentally collect personal information that we did not ask for, we will work out whether we need this information. If not, we will destroy or de-identify the information.


9. The purposes for which we collect, hold, use and disclose personal information

We are required by law to collect information to identify and verify you. We therefore may make enquiries as to your identity(ies) and other personal details as required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

Other than as required by law, we will only use your personal information for the purpose of providing you with our investment products and services. In managing your investment and financial product for you, we will use your personal information to:

  • assess your application and provide our products and services to you;
  • verify your identity electronically using government sources such as the identification document issuer or the official record holder. (To increase your chance of getting an identity match we may verify your identification using your personal details from your credit file at illion)
  • communicate with you in relation to your investment;
  • monitor, audit, evaluate and otherwise administer our products and services;
  • to assist in applying for, underwriting, administering products with insurance components, and assessing certain claims, including hardship;
  • provide you with access to protected areas of our websites;
  • provide continuous service to you and to conduct business processing functions including by providing personal information to our related bodies corporate, contractors, service providers or other third parties; and
  • assist with the administrative, marketing (including direct marketing), planning, product or service development, quality control or the research purposes of us and our contractors and service providers.
  • answer questions and enquiries you may provide.

We will only use or disclose personal information we collect about you for the purpose of which it was disclosed to us, or related purposes which would reasonably be expected, without your permission, or as permitted by the Australian Privacy Principles. We take reasonable steps to ensure that third-party organisations are bound by confidentiality and privacy obligations in relation to the protection of your personal information.

We will not sell your personal information to other organisations. Nor will we provide organisations outside our group with your personal information for purposes unrelated to the management of your investment.

We may also disclose your personal information to entities located overseas for one or more of the purposes set out below. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the Australian Privacy Principles relating to your personal information.

Personal information may be disclosed to external parties including the following:

  • agents, contractors, or external service providers appointed by us (such as administrator, custodian, trustee, auditors or other professional advisers);
  • your nominated financial adviser – (but only with your written consent) ;
  • your personal representative, attorney or agent – (but only with your written consent);
  • a government or regulatory body (such as ATO, AUSTRAC, ASIC or a law enforcement agency);
  • financial institutions and other similar organisations that we deal with in the course of our corporate activities, or those that are nominated by you;
  • external service providers and professional advisers that provide services to us including electronic identification services;
  • in order to comply with a court order or in conjunction with court proceedings.

Contact us if you have any concerns about our use of your personal information (see details below)


10. External websites

Our website may contain references or links to other external websites. Those references or links may, in turn, refer or link to other references or links. We, our directors, officers, employees or agents are not responsible to you or any person for any breach of the Australian Privacy Principles or damage that may occur from any privacy policies or practices or content of websites to which we provide external links.


11. Direct marketing

We may also send you direct marketing communications and information about our products and services that we expect may be of interest to you. These communications may be sent in various forms, including mail, SMS, social networks and email. You consent to us sending you those direct marketing communications by any of those methods. At any time, you may opt-out of receiving marketing communications from us by contacting us (see contact details below) or by using the opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from the relevant mailing list.

Please note that, if we are currently providing you with services or products, we will still need to send you essential information about your account, the relevant services or products and other information required by law.


12. Remarketing

TOMORROW Super uses remarketing services to advertise its products and services to previous visitors. This could mean we advertise to previous visitors who haven’t completed a task on our site via search engines, other websites and social channels. Any data collected will be subject to our own privacy policy, as well as the privacy policy of other remarketing services used. Remarketing makes use of ‘cookie’ functionality. Data collected as part of any remarketing process is not personally identifiable. You can opt-out of cookie-based advertising by contacting us.


13. Customer Knowledge Centre and Chatbots

TOMORROW Super may maintain a ‘knowledge centre’ of customer support information. This data mostly comprises of common customer queries and answers, and is accessible by customers via the Website and Apps, used by our staff in enquiries, and may be accessible in an automated manner via Chatbot features or similar technologies. Both questions asked, and responses provided to customers in resolution of queries over Livechat and Chatbot related enquiries may be used to extend the ‘knowledge centre’ of common or previously referenced questions or answers for future customer reference. This is done in a general, non-individualised manner with no personally identifiable source information being attached to the “knowledge base”.


14. Keeping information accurate and up to date

We take all reasonable steps to ensure that all personal information we hold is as accurate as possible. You are able to contact us at any time to find out what information we have about you and ask for its correction if you feel the information we have about you is inaccurate or incomplete, or to provide us with information about changes to your personal information.


15. Keeping your personal information secure

We keep personal information in electronic and sometimes physical records, at our premises and the premises of our service providers, which may include processing or storage in the cloud, which may mean in practice that this information is stored outside Australia. Where this occurs, we take steps to protect the security and integrity of personal information.
We also keep records of our interactions with you (including by telephone, email and online) and of your transaction history.

We invest resources to keep your personal information secure from misuse, loss, interference, unauthorised access, modification or disclosure. Access to and the use of personal information is regulated to prevent misuse or unlawful disclosure of the information. We use security procedures such as encryption, firewalls, intrusion detection and anti-virus technology to prevent unauthorised access.

We also use valid log-in identification and password based security to achieve electronic information security.

We retain information for so long as may be necessary to respond to issues that may arise at a later date, and longer in appropriate cases where required by law. When personal information is no longer required by us, it is destroyed or de-identified.

As our website is linked to the internet, and the internet is inherently insecure, we cannot give any assurance to any person regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.


16. Accessing personal information held by TOMORROW Super

Under the Privacy Act, you have the right to obtain a copy of any personal information which we hold about you and to advise us of any inaccuracies.

To make a request, you will need to write to us verifying your identity and specifying what information you require. We will respond to your request within 7 days. If the information sought after is extensive, we may charge a fee to cover the cost.

In normal circumstances, we will give you full access to your information. However, there may be times where some legal reason requires us to deny access, such as where granting access would interfere with the privacy of others or it would result in a breach of confidentiality.

If access is denied we will give you written reasons for any refusal.

We aim to ensure that the personal information held about you is accurate, complete and up-to-date. You should contact us as soon as possible if any of your details change. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.


17. Data breach

A data breach occurs when personal information held by us is lost or subjected to unauthorised access, modification, disclosure, or other misuse or interference. Examples of a data breach are when a device containing personal information of clients is lost or stolen, or when a database containing personal information is hacked or if we mistakenly provide personal information to the wrong person.

Under the Privacy Amendment (Notifiable Data Breaches) Act 2017, we have an obligation to assess within 30 days whether a data breach amounts to an ‘eligible data breach’ if we become aware that there are reasonable grounds to suspect that data breach may have occurred.

If we form the view that the data breach would likely result in serious harm to any of the individuals to whom the information relates despite any remedial action taken by us, then the data breach will constitute an ‘eligible data breach’. If an eligible data breach occurs, we have an obligation to notify you and the Office of the Australian Information Commissioner and of the details of the eligible data breach.


18. How to raise a complaint?

How to raise a complaint about a breach of the Australian Privacy Principles, and how TOMORROW Super will deal with such a complaint:
If you believe that your privacy has been breached, please contact the Administrator – TOMORROW Super Privacy Policy using the contact information below and provide details of the incident so that we can investigate it.

We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will inform you whether we will conduct an investigation, the name, title, and contact details of the investigating officer and the estimated completion date for the investigation process.

After we have completed our enquiries, we will contact you, usually in writing, to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.

Email: The TOMORROW Privacy Policy Officer at [email protected].

Or mail: The TOMORROW Super Privacy Policy Officer

PO Box K42, Haymarket, NSW 1240.


19. Unsubscribing

If you wish to unsubscribe from our information or registration service, contact us in writing requesting to be removed from our database. We generally do not collect sensitive information about you unless required by applicable laws or rules.


20. Changes to Privacy Policy

From time to time, we may change this Privacy Policy. All updates to the privacy policy will be made available to customers and prospective customers.


21. Contact details

If you have any questions regarding our Privacy Policy or handling of information, please contact us:

Email: The TOMORROW Privacy Policy Officer at [email protected].

Or mail: The TOMORROW Super Privacy Policy Officer

PO Box K42, Haymarket, NSW 1240.

Should you wish to obtain further information about privacy you can do so by visiting the Office of the Australian Information Commissioner (OAIC) website at