Please reach out to support for required information to complete this. Currently support will manually set up the tunnel on the Privatise side.

Open the UniFi - USG management interface.

In the left panel, select Networks, then select Create New Network.

Select Site to Site VPN > Manual IPsec and fill in with the following information:

Enable this Site-to-Site VPN
Remote Subnets: Enter the Privatise ROC Subnet (support will supply you with this.
Peer IP: Enter the public IP of the ROC as seen under ROC on Demand. 
Local WAN IP: Enter the public IP of the UniFi SCG.
Pre-shared key: Support will supply you with the link for this.

Enter the name of the VPN Gateway (Privatise for example).

In the Advanced Options fill in the following information:

Key Exchange Version: IKEv1
Encryption: AES-256
Hash: SHA1
DH Group: 2
PFS: Enable
Dynamic Routing: Disable

Go to Routing & Firewall > Static Routes > Create New Route.

Choose a name.
Enable the route.
Enter the Privatise subnet provided by support in Destination Network.

Make sure to choose the interface you created in the previous section.

Create a firewall rule that allows traffic from the Privatise subnet to the LAN Network.