Privacy statement

At GESB, it’s important to us that you feel we respect your personal information and are confident that we do not interfere with your privacy when handling your personal information. As a Western Australian statutory corporation, we are not bound by the Australian Privacy Principles (APPs) and Privacy (Tax File Number) Rule 2015 (TFN Rule) established by or issued under the Privacy Act 1988 (Cth), but we have a privacy policy that incorporates these principles and rules to ensure your personal information is handled in accordance with Australian privacy laws.

We collect and process information about members who reside in the European Union in accordance with the European Union General Data Protection Regulation (EU) 2016/679 (GDPR).

Our privacy policy is designed to protect the privacy of your personal information and explain our approach towards the collection, storage, use, and disclosure of your personal information. For more information, view our full privacy policy.

Your personal information

In order to comply with our legal obligations, we collect certain personal information  in accordance with the APPs and the GDPR. We collect and use information about individuals for the purpose of administering the schemes established by or administered under relevant WA State superannuation laws.

We may collect your information to perform tasks in accordance with our statutory authority. These tasks include:

  • Maintaining your records in our system for identification purposes
  • Properly managing the superannuation schemes we administer on behalf of our members

We are required and authorised to collect certain personal information to comply with laws, including but not limited to the Income Tax Assessment Act 1997 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). This information typically includes your name, address, date of birth, gender, salary, tax file number and any other required information.

We have established strict data security measures to enable us to process your information securely.

Sensitive information

Information about your health may be collected for determining the appropriate benefit classification for you to obtain death or disability insurance cover from an insurer, or to process a disability claim. Where information about your health is required, it is collected in accordance with our statutory obligations in so far as it is authorised by law, or in order to assess the employment and working capacity of a member in order to manage the administration of the fund and related insurance policies, or in the public interest.

With your consent

Where required under the APPs or the GDPR, we will collect your information with your consent, which we will ensure we have obtained before we process that information.

Government identifiers

We will not adopt a government identifier of an individual as our own identifier unless this is required, or authorised under Australian law. This includes tax file numbers.

Direct marketing

We may occasionally use the personal information we collect to notify you about important changes at GESB and our products and services that we think may benefit you. If you do not wish to receive these notices, you can contact us on 13 43 72 and advise us not to send you the information.

When you visit our website, we may collect the following information for statistical purposes and to facilitate and improve your online experience on the website:

  • Your server address
  • Your top level domain name (e.g. .com, .gov, .au, .uk, etc.)
  • Your operating system
  • Country location and language
  • Screen resolution
  • Visitor ID
  • Identify you as a new or returning visitor to the site
  • The date and time of your visit to the website
  • The pages that you accessed and what you click on
  • The documents you download
  • The previous site you visited
  • The type/version of browser you use

We will make no attempt to identify you or your browsing activities beyond these details. The only exception is instances where we are required to respond to an enquiry or complaint made by you or there is a legal requirement for us to do so.

How we collect personal information

We usually collect information directly from you or from another relevant source either with your consent, or in accordance with our legal obligations. This can include:

  • Your employer and salary package provider (if you are employed) for details relating to your employment status or contributions made by you or your employer
  • The Australian Taxation Office (ATO)
  • Other superannuation and insurance providers
  • Medical practitioners, doctors and other medical advisers

If you don’t provide your information

We may not be able to provide you with superannuation benefits if:

  • You decide not to provide the requested information
  • You do not allow your employer or salary packaging provider (if you are employed) to provide the requested information
  • You are not able to be contacted when needed

If we do not have all the information required to administer your superannuation, this may result in you having to pay more tax, we may not be able to correctly calculate your benefit, or if the information relates to your health, it may limit the level of death and disability benefits available to you (or your estate) through your superannuation.

How we disclose your personal information

There are instances where your personal information may be transferred to or handled by others, consistent with the purposes for which we use and process your information. This can occur due to some of our functions being outsourced to other organisations, or in cases where we are required to provide information to other entities by law (e.g. government agencies like the ATO). To assist in the administration of your superannuation interests managed by us, or otherwise where required by law, your personal information may be transferred to or handled by:

  • Any party we engage to provide administration services in relation to the management of your superannuation interests and who we are satisfied complies with the APPs and the GDPR in relation to the handling of your personal information
  • Our Insurer
  • Our auditors
  • Commonwealth Government bodies such as:
    • The Australian Competition and Consumer Commission
    • The ATO
    • The Australian Prudential Regulation Authority
    • The Australian Securities and Investments Commission
    • The Superannuation Complaints Tribunal
    • The Australian Financial Complaints Authority
    • The Family Law Court
  • In the case of schemes under state legislation, Western Australian state government bodies such as:
    • The Ombudsman
    • The Department of Treasury
    • The Office of the Auditor General
    • The Corruption and Crime Commission
    • The Public Trustee
  • Our legal, medical and other professional advisers
  • Other business support providers, including document storage, distribution, printing and collating companies

Other instances where your personal information may be shared include:

  • If you wish to transfer your superannuation to another fund, your personal information may be provided to your nominated fund
  • If you are employed, your employer may request your personal information to facilitate the provision of benefits in the ordinary course of your employment

All of our employees are trained to treat all member and customer information with the utmost confidentiality, so you can be sure we do not sell or rent out any of your personal information. We also protect the security of your information in accordance with all applicable regulatory requirements and industry practice standards.

Your rights

You have the right to:

  • Request, subject to the Freedom of Information Act 1992 (WA), access to your information
  • Request to remain anonymous when dealing with us, except where it is not practicable.  Individuals seeking information about their account will need to be identified before we may disclose specific information
  • Request that the information we hold about you is erased. We are required by law to keep certain information for a period of time. Once these periods expire, we will destroy the information securely
  • Request that we restrict the processing of information about you, including if you believe that the information is inaccurate, being processed unlawfully, or is no longer required
  • Request that your information be transferred to another person or organisation
  • Request that we do not process certain information
  • Object to us carrying out automated processing
  • Complain about the way your information is being handled

For more information, please refer to our full privacy policy.

Cross-border disclosure

We may disclose information to a fund or regulator in a foreign country about transactions on your superannuation or pension accounts. Your information will only be disclosed in accordance with specific legislation.

Help us to ensure we hold accurate information

In addition to the security of your personal information, we also take all reasonable precautions to ensure that the information we use and disclose is accurate, complete and up to date. You can ensure our information is up to date by:

  • Letting us know if there are any errors in your personal information
  • Keeping us up to date with changes to your personal information (e.g. name, address, etc.). In some cases, we may ask for proof of the changes. For example, if you change your name after marriage we will ask for a certified copy of your marriage certificate

You can access your personal information

To ensure your information is always up to date and accurate, we encourage you to access your personal information regularly, or when there has been a recent change, and inform us if any information is incorrect. You can do this by simply reviewing the information on your member statement or checking your details in Member Online. You can login to Member Online to access and update your contact details and member profile.

There are some circumstances where you may be denied access to your personal information. This can include the following instances:

  • If the information is used in confidential trustee/responsible entity decisions, or a commercially sensitive decision making process
  • If the privacy of others might be breached if the information is accessed
  • If the law requires that you are denied access

Under the Anti-Money Laundering and Counter Terrorism Financing Act 2006, superannuation funds are required to identify, monitor and mitigate the risk that the fund may be used for laundering money or funding terrorism activities. You may therefore be required to provide proof of your identity before withdrawing a benefit from a fund.

Retention and disposal of personal information

We are required by law to keep personal information we hold about you for a period of time after you cease to be a member of any scheme administered by us. Once this period has expired, we will make the necessary arrangements to destroy it securely.


Our website and Member Online use persistent cookies, which remain on your equipment until you erase them or they expire. They enable us to remember you on subsequent visits and enhance your experience of the services or functions offered. They cannot be used to access your accounts or personal details. You can modify your personal computer settings at any time to prevent cookies from being stored.

Our website uses standard security protocols to protect personal information you disclose in using our Member Online and Employer Online services. We will alert you to the fact that if you follow a link to another site, such as our Insurer’s website, you are leaving our secure site. You should check the privacy policy of the other site before entering any personal information.


This privacy statement is a summary of how we handle your personal information. If you would like more information, you can view our full privacy policy.

If you have an enquiry in relation to our privacy policy, please contact your Member Services Centre on 13 43 72 and we will attempt to resolve your enquiry.


If you have a complaint, please refer to the information on our complaint handling process. Privacy complaints may also be directed toward your local supervisory authority if you are based in the EU.

Data Protection Officer/Privacy Officer

Our Data Protection Officer / Privacy Officer (DPO/PO) monitors and advises on compliance with the APPs and the GDPR. The GDPR may apply to us when processing the personal information of members residing in the EU in respect of offering services and monitoring their behaviour when in the EU.

For further information on how we handle your information or to complain about a possible breach of privacy, please contact your Member Services Centre on 13 43 72.

Page last updated 29 September 2020