Privacy Policy

Last updated

November 12, 2024

1. Introduction

In this Privacy Policy, 'us''we' or 'our' means GROW Technology Services Ltd (ACN 615 049691) and our related bodies corporate. We are committed to respecting your privacy. Our Privacy Policy sets out how we collect, use, store and disclose your personal information. We are bound by the Australian Privacy Principles contained in the Privacy Act.

By providing personal information to us, the User (You) consents to our collection, use and disclosure of your personal information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our PrivacyPolicy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you are aware of our current Privacy Policy.

2. Key Terms

OAIC

The Office of the Australian Information Commissioner, acting as the national data protection authority for Australia, established under the Australian Information Commissioner Act 2010 and headed by the Australian Information Commissioner.

Personally Identifiable Information

This includes where:

  • an individual is ‘identified’ or ‘identifiable’ and can be distinguished from other individuals;
  • an individual supplies any combination of identifiable information, including but not limited to:
    • name;
    • identification numbers;
    • location data;
    • online identifiers, including IP addresses and cookie identifiers which may be personal data;
  • other factors can be used to identify an individual.

Personal Information

Personal Information covered under this Policy includes:

  • name or alias, title, date of birth, marital status, and country and city of birth details;
  • mailing address, telephone number, email address, and other contact details;
  • next-of-kin, spouse, and other family members, and emergency contact details;
  • employment history, including education, job titles, work history, employment location details;
  • salary, annual leave, sick leave, and benefits information, including compensation history details;
  • cashflow position, investments and liabilities, and financial needs, objectives and goals details;
  • payment information (including bank details), and tax residency and tax status details;
  • username and passwords, for access and use of our online products and services; and/or
  • internet-enabled device information and browsing patterns, such as your IP address, operating system, and browser type.

Notifiable Data Breach

A data breach involving personal information which is likely to result in serious harm to the individuals or entities involved. Examples of serious harm include:

  • identity theft, which can affect finances and credit scores;
  • financial loss through fraud;
  • a likely risk of physical harm, such as by an abusive ex-partner;
  • serious psychological harm; and/or
  • serious harm to an individual’s reputation.

Sensitive Information

Types of personal information we may collect that is also sensitive information:

  • tax file number details; 
  • health and genetic information, including insurance policies and medical conditions details; and/or 
  • racial or ethnic origin, religious and philosophical beliefs, and gender identity and pronoun details.

3. Privacy & Data Commitments

GROW complies with the Privacy Act 1988 (Privacy Act), in relation to Personal Information, which may include employee data or customer data that contains or is Personal Information. GROW will only use Personal Information as permitted by:

  1. the Privacy Act and applicable privacy regulations;
  2. binding arrangements with customers and third parties; and
  3. this Policy.

GROW conducts its business in a manner that is consistent with relevant industry standards, including:

  • ‘APRA CPG 235 – Managing Data Risk’ (CPG235);
  • ‘Australian Privacy Principles’ (APP),as outlined in the Privacy Act; and
  • ‘ISO 27001:2013 – Privacy and protection of personally identifiable information’ (ISO 27001).

This means that GROW takes into consideration those standards when conducting its business and may agree to enter into binding arrangements with third parties with respect to compliance with certain standards or parts of standards.

4. Collection of Personal Information

At times GROW may request that you provide us with personal information. Generally, this personal information is requested when you subscribe for a product, request a service or request information from us—such as when you request a fact sheet or a demonstration of one of our products or services.

We may collect these types of personal information either directly from you, or from third parties (including superannuation companies who use our services). We may collect this information when you:

  • communicate with us through correspondence, chats, email, or when you share information with us from other social applications, services or websites;
  • interact with our sites, services, content and advertising; or
  • Interact with your superannuation company, when that company is using our services.

GROW will only seek to collect alevel of personal information, reasonably necessary for us to appropriatelyperform our functions and activities. In the event we receive unsolicited personal information not required for the performance of our functions and activities, we will destroy or de-identify that personal information in linewith our DataRetention and Destruction Policy.

In addition, when you apply for a job or position with us we may collect certain information from you (including your name, contact details, working history and relevant records checks) from any recruitment consultant, your previous employers and others who may be able to provide information to us to assist in our decision on whether or not to make you an offer of employment or engage you under a contract. This PrivacyPolicy does not apply to acts and practices in relation to employee records ofour current and former employees, which are exempt from the Privacy Act.

5. Purpose and Use of Personal Information

We may collect, hold, use and disclose your personal information for the following purposes:

  • for superannuation administration services and to manage your superannuation benefits;
  • to provide you with financial advice and implement your instructions in relation to your finances;
  • to manage and assess insurance claims and manage correspondence in relation to any claim; and
  • to enable you to access and use our website and services;
  • to operate, protect, improve and optimise our website and services, business and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
  • to send you service, support and administrative messages (including disputes and enquiries related to our services), reminders, technical notices, updates, security alerts, and information requested by you;
  • to send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
  • to administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
  • to comply with our legal obligations, resolve any disputes that we may have with any of our users, and enforce our agreements with third parties; and
  • to consider your employment application.
5.1. Use of Data in Automated Decision Making

We may use your personal information, connection data, and activity patterns with AI & machine learning algorithms to provide our services to you. GROW has a commitment to data minimisation where we only use the minimum amount of data necessary for each process including machine learning and AI-powered features.

6. Disclosure of Personal Information

We may disclose personal information for the purposes described in this privacy policy to:

  • our employees and related bodies corporate;
  • third party suppliers and service providers (including providers for the operation of our websites and/or our business or in connection with providing our products and services to you);
  • professional advisers, dealers and agents;
  • payment systems operators (eg merchants receiving card payments);
  • our existing or potential agents, business partners or partners;
  • our sponsors or promoters of any competition that we conduct via our services;
  • anyone to whom our assets or businesses (or any part of them) are transferred;
  • other superannuation, pension and investment fund trustees or administrators to whom you choose to transfer your investment
  • specific third parties authorised by you to receive information held by us (including your superannuation company, insurer and financial adviser where relevant); and
  • other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorised or permitted by law.

We may also disclose your personal information to a trusted third party who also holds other information about you. This third party may combine that information in order to enable it and us to develop anonymised consumer insights so that we can better understand your preferences and interests, personalise your experience and enhance the products and services that you receive.

6.1 Access to and Storage of Personal Information Outside Australia

Your information may be accessed by members of our corporate group located overseas. We have appropriate controls in place in relation to this access.

Your information may be stored by parties outside ofAustralia. This includes where we engage a third-party service provider located outside of Australia. In cases where information is stored by our service providers, we will ensure that our arrangements with them are governed in accordance with the APP.

7. Storage and Security of Personal Information

We take appropriate steps, and maintain electronic, physical, procedural and organisational safeguards, using industry standard techniques and controls, to protect your personal information from misuse, interference, loss, unauthorised or accidental access, modification or disclosure. In accordance with applicable legislation, Personally Identifiable Information is not stored overseas.

7.1. Privacy Impact Assessments

In addition to the above controls, we are committed to conducting Privacy Impact Assessments (PIAs) for new projects in which your personal information will be handled, or when a change is proposed to existing personal information handling practices.

7.2. Notifiable Data Breaches

To the extent the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act (Notifiable Data Breaches Scheme) applies to GROW, if GROW becomes aware of a Data Incident, GROW will:

  1. issue notifications by telephone or email, or otherwise as agreed with stakeholders;
  2. retain system logs and other information that may be relevant to the Customer Data Incident, or to assess the cause or impact of the Customer Data Incident;
  3. provide all information GROW deems relevant to the Customer Data Incident reasonably requested by stakeholders for the purpose of investigating the Customer Data Incident; and
  4. immediately take all action reasonably necessary to mitigate the impact of the Customer Data Incident (including to restore or recover any lost data) and prevent any repeat of the Customer Data Incident in the future.

To the extent the Notifiable Data Breaches Scheme applies to a client or third party with whom GROW has a relationship, GROW will work with that client or third party to determine the support to be provided (and any applicable terms) for any Data Incident.

7.3. Data Incidents

If GROW suspects that a Customer Data Incident has occurred, GROW will, within 30 days, prepare an assessment to determine whether there are reasonable grounds to believe that a Customer Data Incident has occurred. GROW may perform that assessment more rapidly depending on:

  1. the nature of the Customer Data Incident; and
  2. whether there are other applicable obligations, such as contractual duties, to be satisfied.

Where You suspect that a Customer Data Incident has occurred, You must inform the Enterprise Risk team immediately. GROW will, within 30 days of receiving notice, prepare an assessment to determine whether there are reasonable grounds to believe that a Customer Data Incident has occurred.

7.4. Reporting

If GROW believes a Customer Data Incident has occurred, GROW will provide notice to the Office of the Australian Information Commissioner (OAIC) of such Customer Data Incident in accordance with the Notifiable Data Breaches Scheme and GROW will be the sole Party to notify the individuals who are likely to be at risk of serious harm arising from the Customer Data Incident. However, where affected individuals are customers or members of a client, GROW will work with the client with respect to notification to those persons.

8. Access to and Correction of Personal Information

You can access the personal information we hold about you by contacting us. Sometimes, we may not be able to provide you with access to all of your personal information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your personal information.

If you think that any personal information we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected.

9. Using the GROW Website

We may collect personal information about you when you use and access our website.

While we do not use browsing information to identify you personally, we may record certain information about your use of our website, such as which pages you visit, the time and date of your visit and the internet protocol address assigned to your computer.

We may also use 'cookies' or other similar tracking technologies on our website that help us track your website usage and remember your preferences. Cookies are small files that store information on your computer, TV, mobile phone or other device. They enable the entity that put the cookie on your device to recognise you across different websites, services, devices and/or browsing sessions. You can disable cookies through your internet browser but our websites may not work as intended for you if you do so.

We may also use cookies to enable us to collect data that may include personal information. For example, where a cookie is linked to your account, it will be considered personal information under the Privacy Act. We will handle any personal information collected by cookies in the same way that we handle all other personal information as described in this Privacy Policy.

9.1. Security

We may hold your personal information in either electronic or hard copy form. We take reasonable steps to protect your personal information from misuse, interference and loss, as well as unauthorised access, modification or disclosure and we use a number of physical, administrative, personnel and technical measures to protect your personal information. However, we cannot guarantee the security of your personal information.

9.2. Links

Our website may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage individuals to read them before using those websites.

10. Privacy Complaints

If you think we have breached the Privacy Act, or you wish to make a complaint about the way we have handled your personal information, you can contact us at the following marking “Attention The Privacy Officer.”

Email: hello@grow.inc

Mail: Level 14, 99 Elizabeth Street, Sydney, NSW 2000

Please include your name, email address and/or telephone number and clearly describe your complaint. We will acknowledge your complaint and respond to you regarding your complaint within a reasonable period of time. If you think that we have failed to resolve the complaint satisfactorily, we will provide you with information about the further steps you can take.

10.1. External Privacy Complaints

If GROW is unable to resolve your complaint to your satisfaction, you are then able to lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

© Copyright Grow Inc 2025.
All rights reserved.

Australian Superannuation

Global Managed Funds

Member Online

Admin Online

DLTA

Transitions

Administration

Customer Relationships

Platform

Integrations

Infastructure

About us

Careers

Now Hiring!

Leadership

Contact us

Privacy & Legal

Privacy Policy

Terms & Conditions

LinkedIn