Your Consent | What is Personal Information? | What kinds of Personal Information do we collect, hold, use and disclose? | How do we collect personal information? | The purposes for which we collect, hold, use and disclose your personal information | What if you do not provide some Personal Information to us? | What are your obligations when you provide Personal Information of others to us? | What are your obligations when we provide you with personal information? | How do we manage the security of your Personal Information? | What steps do we take regarding Data quality? | How long we we retain your Personal Information? | Access to and correction of your Personal Information | Do we transfer information overseas? | Direct Marketing | Our Website | Cookies | Your rights under the GDPR | Sale or restructure of business | Complaints | How to contact Us and your opt out rights
We are committed to protecting Your privacy in accordance with the requirements of the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (APPs), as amended, replaced or superseded from time-to-time.
The Privacy Act defines Personal Information to mean “information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.” It includes Sensitive Information as defined in the Privacy Act which means means “information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information or templates.”
The kinds of Personal Information We collect, hold, use and disclose varies depending on the services We are providing, but generally can include:
The type of Sensitive Information We may collect generally includes:
We only collect Personal Information by lawful and fair means and where it is reasonably necessary for, or directly related to, one or more of Our functions or activities.
We may obtain personal information indirectly and who it is from can depend on the circumstances. For example, we may collect it from an insurance intermediary or your broker (current or previous) or Your employer (e.g. in the case of a group insurance policy), related bodies corporate, referrals, your previous insurers, witnesses to claims, health care workers, publicly available sources, premium funders, government agencies, dispute resolution schemes and persons who We enter into business alliances with.
When information is provided to Us via a third party We use that information on the basis that You have consented or would reasonably expect Us to collect Your Personal Information in this way. We take reasonable steps to ensure that You have been made aware of how We handle Your Personal Information.
We attempt to limit the collection and use of Sensitive Information from You unless We are required to do so in order to carry out the services provided to You. However, We do not collect Sensitive Information without Your consent.
We hold the personal information We collect within Our own data storage devices or with a third party provider of data storage. We discuss the security of your Personal Information below.
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, We will only collect, use and share your information which identifies and relates to You or other individuals ( called personal data) where We are satisfied that We have an appropriate legal basis to do so. We will ensure that We only use your personal data for the purposes set out above and where We are satisfied:
We collect, hold, use and disclose Your Personal Information where it is reasonably necessary for, or directly related to, one or more of Our functions or activities. This includes enabling Us to provide insurance services to You (including but not limited to deciding whether to issue a policy, determining the terms and conditions of the policy, compiling data to help develop and identify other products and services that may interest clients, handling claims and settlements, recoveries, defences or investigations relevant to them, complaints management and to notify you about changes to our service or otherwise to fulfil your requests and respond to your queries) and to meet any obligations We have at law (e.g identity checks required by the Anti-Money Laundering and other legislation). Sometimes We may use Your Personal Information for Our marketing campaigns and research, in relation to new products, services or information that may be of interest to You which We discuss in more detail below.
We do not use or disclose Personal Information for any purpose that is unrelated to Our services and that You would not reasonably expect (except with Your consent). We will only use Your Personal Information for the primary purposes for which it was collected or as consented to.
We usually disclose Personal Information to third parties where it is reasonably necessary for, or directly related to, the services We provide. We may also disclose it for direct marketing purposes explained in more detail further below. The third parties can include the policyholder (where the insured person is not the policyholder, i.e. group policies) to joint policyholders, Our related companies (and persons they rely on to provide their services), Our agents or contractors, event organisers, data storage providers, insurers, their agents and others they rely on to provide their services and products (e.g reinsurers, reinsurance brokers, premium funders, other insurance intermediaries, insurance reference bureaus, loss adjusters or assessors, claims management and related service providers, medical service providers, credit agencies, lawyers and accountants), the Australian Financial Complaints Authority or other alternative dispute resolution schemes we are bound by, auditors, and regulators including Lloyd’s and ombudsman when required by regulatory or legal obligations, prospective purchasers of Our business and Our alliance and other business partners.
You authorise us to contact such third parties for the purposes of providing you with the products and services that you have requested.
We also use Personal Information to develop, identify and offer products and services that may interest You, conduct market or customer satisfaction research. From time to time We may seek to develop arrangements with other organisations that may be of benefit to You in relation to promotion, administration and use of Our respective products and services. See direct marketing explained in more detail further below. We do not use Sensitive Information to send You direct marketing communications without Your express consent.
If We do propose to disclose or use Your Personal Information other than for the purposes listed above, We will first seek your consent prior to such disclosure or use.
If We give You Personal Information, You must only use it for the purposes We agreed to.
Unless otherwise agreed, You must meet the requirements of the Privacy Act and any other applicable privacy laws, when collecting, using, disclosing and handling personal information on Our behalf. You must also ensure that Your agents, employees and contractors meet the above requirements.
We are committed to keeping your information secure. Unfortunately, no data transmission over the internet or any website can be guaranteed to be secure.
We do however, endeavor to take all reasonable steps to:
Where We have given You (or where You have chosen) a password which enables You to access any portal We operate, You are responsible for keeping this password confidential and for complying with any other security procedures that We notify You of. We ask You not to share a password with anyone.
We take reasonable steps to ensure that Personal Information is current, accurate, up-to-date and complete whenever We collect or use or disclose it. Throughout our dealings with You We will take reasonable steps to confirm the details of Your Personal Information We hold and ask You if there are any changes required.
The accuracy of personal information depends largely on the information You provide to Us, so We rely on You to:
We retain your Personal Information for as long as is reasonably necessary for the purposes for which it was originally collected and allowed by relevant laws. The length of time we keep your Personal Information is determined in accordance with the following criteria:
Where your Personal Information is no longer required We will ensure it is securely deleted or de-identified.
You are entitled to have access to any personal information relating to You which We possess, except in some exceptional circumstances provided by in law. For example, We may refuse access where the:
Where providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process, We will provide an explanation for the decision rather than direct access to the information.
If We refuse access or to give access in the manner requested by You We will let you know why in writing and provide You with details about how to make a complaint about the refusal.
If We make a correction to Your personal information We may retain a copy of the previous information for Our records or as required by law.
If You wish to access your Personal Information please contact us on #.
In most cases We do not charge for receiving a request for access to Personal Information or for complying with a correction request.
Any Personal Information provided to Us may be transferred to, and stored at, a destination outside Australia, including but not limited to [#, United Kingdom]. Details of the countries We disclose to may change from time to time. You can contact Us for details. Personal Information may also be processed by staff or by other third parties operating outside Australia who work for Us or for one of our suppliers, agents, partners or related companies.
When We send information overseas, in some cases We may not be able to take reasonable steps to ensure that overseas providers do not breach the Privacy Act and they may not be subject to the same level of protection or obligations that are offered by the Act. By proceeding to acquire Our services and products You agree that You cannot seek redress under the Act or against Us (to the extent permitted by law) and may not be able to seek redress overseas. If You do not agree to the transfer of Your Personal Information outside Australia, please contact Us.
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will take appropriate steps to ensure that transfers of your personal data are in accordance with applicable legislation and carefully managed to protect your privacy rights. We will also ensure that transfers of your personal data are limited to countries which are either recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy. To this end:
We may use Your Personal Information, including any email address You give to Us, to provide You with information and to tell You about Our products, services or events or any other direct marketing activity (including third party products, services and events which We consider may be of interest to you). Without the limitation just described, if it is within Your reasonable expectations that We send you direct marketing communications given the transaction or communication You have had with Us, then We may also use Your Personal Information for the purpose of sending You direct marketing communications which We may consider may be of interest to You. We may request our related parties to contact You about services and products that may be of interest to You. If you no longer wish to receive such information, or you do not want us to disclose your Personal Information to any other organisation (including any related body corporates), you can opt out by contacting us using our contact details below. We will not sell or trade your Personal Information for marketing purposes.
You can visit our website without providing any Personal Information and We will only collect personal information through our websites with Your prior knowledge. For example where You submit an enquiry or application online. Email addresses are only collected if You send Us a message and will not be automatically added to a mailing list.
Our website may contain links to other third-party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites, or any products or services offered on them. We recommend that You check the privacy policies of these third party websites to find out how these third parties may collect and deal with Your Personal Information.
If You are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, We will not process sensitive data about You unless We have received Your explicit consent to the processing of this information.
If You are an individual who is either based in or a resident of the European Union or the United Kingdom, You also have the right to:
In the future We may consider the sale or restructure of Our business or the purchase of the business of other entities. In such circumstances it may be necessary for Your Personal Information to be disclosed to permit the parties to assess the sale or restructure proposal for example through a due diligence process. We will only disclose such of Your Personal Information as is necessary for the assessment of any sale or restructure proposal and subject to appropriate procedures to maintain the confidentiality and security of Your Personal Information. In the event that a sale or restructure proceeds, We will tell You.
If You have a compliant about privacy we please contact Us to help Us to assist You promptly. In order to resolve a complaint, We:
If You have a complaint please contact Us We will then attempt to resolve the issue or complaint.
When We make Our decision, We will also inform You of Your right to take the matter to the Office of the Australian Information Commissioner (OAIC) if You are not satisfied. In addition, if You have not received a response from Us of any kind to your complaint within 30 days, then You have the right to take the matter to the OAIC (contact details are provided below).
If You are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, You may be able to complain to The European Data Protection Supervisor via edps.europa.eu or The Information Commissioner’s Office in the United Kingdom via ico.org.uk.
You also have a right in limited circumstances to have Your privacy complaint determined by the Australian Financial Complaints Authority).
If You would like further details of our Privacy Complaints Handling Procedure, please contact Us.
We recommend that You retain this information for future reference.
Telephone: (02) xxxx xxxx [During business hours]
Mail: Privacy Office, Mail address
We welcome Your questions and comments about privacy.
You can also obtain information on privacy issues in Australia on the Office of the Australian Information Commissioner (“OAIC”) website at www.oaic.gov.au or by contacting the OAIC by email at email@example.com or by calling on 1300 363 992.