Your Consent  |  What is Personal Information?  |  What kinds of Personal Information do we collect, hold, use and disclose? | How do we collect personal information? | The purposes for which we collect, hold, use and disclose your personal information | What if you do not provide some Personal Information to us? | What are your obligations when you provide Personal Information of others to us? | What are your obligations when we provide you with personal information?How do we manage the security of your Personal Information?  |  What steps do we take regarding Data quality? | How long we we retain your Personal Information? | Access to and correction of your Personal Information | Do we transfer information overseas? | Direct Marketing | Our WebsiteCookies  |  Your rights under the GDPR | Sale or restructure of business | Complaints | How to contact Us and your opt out rights

Effective date 22/2/2023

In this Privacy Policy:

  • “We”, “Our” and “Us” means
  • Probitas 1492 (Pacific) Pty Ltd; and
  • the Lloyd’s Underwriters we act on behalf of.
  • “You” and “Your” refers to anyone using Our services or providing Personal Information(this can include Policyholders, insureds, reinsureds, clients, suppliers, advisers, service providers, enquirers, beneficiaries or claimants and their agents and relatives).

We are committed to protecting Your privacy in accordance with the requirements of the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (APPs), as amended, replaced or superseded from time-to-time.

This Privacy Policy applies to Personal Information collected by us and explains how we collect, hold, use and disclose it as well as your rights to access and correct your Personal Information and make a complaint for any breach of the APPs. Our Privacy Policy may change from time to time and where this occurs, the updated Privacy Policy will be posted to Our website.

Your consent

By visiting our website, using an insurance portal, authorising an insurance broker to provide Us with Your Personal Information or otherwise providing Us with Your or another person’s Personal Information, You consent to the Personal Information being collected, held, used and disclosed by Us as set out in this Privacy Policy.

What is Personal Information?

The Privacy Act defines Personal Information to mean “information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.” It includes Sensitive Information as defined in the Privacy Act which means means “information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information or templates.”

What kinds of Personal Information do we collect, hold, use and disclose?

The kinds of Personal Information We collect, hold, use and disclose varies depending on the services We are providing, but generally can include:

  • Your contact information such as full name (first and last), e-mail address, current postal address, delivery address (if different to postal address) and phone numbers;
  • details relating to Your employment (if applicable) or Your previous employment;
  • Your date of birth;
  • Your insurance history (including personal injury details or medical conditions if relevant to your product or claim, details of previous insurance cover and details about any claims submitted under current/previous insurances);
  • other information specific to our services or products such as Your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to Your views on the services and products offered by Us; and
  • if You are requesting services or products from Us, We will collect any relevant payment or billing information, (including but not limited to bank account details, direct debit, credit card details, billing address, premium funding and installment information.

The type of Sensitive Information We may collect generally includes:

  • criminal record;
  • health information; and
  • membership of a professional or trade association.

How do We collect personal information?

We only collect Personal Information by lawful and fair means and where it is reasonably necessary for, or directly related to, one or more of Our functions or activities.

If You do not provide the personal information requested and/or do not provide Us with Your consent to the use and disclosure of Your Personal Information as set out in this Privacy Policy, We may not be able to provide our insurance services (for example, Your insurance application may not be accepted) or You may be in breach of Your duty regarding disclosure to insurers.

Unless it is unreasonable or impracticable for us to do so, or as provided otherwise under this Privacy Policy, we will collect your information directly from you or your agents.

We may obtain personal information indirectly and who it is from can depend on the circumstances. For example, we may collect it from an insurance intermediary or your broker (current or previous) or Your employer (e.g. in the case of a group insurance policy), related bodies corporate, referrals, your previous insurers, witnesses to claims, health care workers, publicly available sources, premium funders, government agencies, dispute resolution schemes and persons who We enter into business alliances with.

When information is provided to Us via a third party We use that information on the basis that You have consented or would reasonably expect Us to collect Your Personal Information in this way. We take reasonable steps to ensure that You have been made aware of how We handle Your Personal Information.

We attempt to limit the collection and use of Sensitive Information from You unless We are required to do so in order to carry out the services provided to You. However, We do not collect Sensitive Information without Your consent.

We hold the personal information We collect within Our own data storage devices or with a third party provider of data storage. We discuss the security of your Personal Information below.

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, We will only collect, use and share your information which identifies and relates to You or other individuals ( called personal data) where We are satisfied that We have an appropriate legal basis to do so. We will ensure that We only use your personal data for the purposes set out above and where We are satisfied:

  • We need to use Your personal data to perform a contract or take steps to enter into a contract with You;
  • We need to use Your personal data to comply with a relevant legal or regulatory obligation that We have;
  • We have Your consent to use Your personal data for a particular activity; or
  • the use of Your personal data is necessary for Our legitimate interests or the legitimate interests of a third party.

The purposes for which We collect, hold, use and disclose Your Personal Information

We collect, hold, use and disclose Your Personal Information where it is reasonably necessary for, or directly related to, one or more of Our functions or activities. This includes enabling Us to provide insurance services to You (including but not limited to deciding whether to issue a policy, determining the terms and conditions of the policy, compiling data to help develop and identify other products and services that may interest clients, handling claims and settlements, recoveries, defences or investigations relevant to them, complaints management and to notify you about changes to our service or otherwise to fulfil your requests and respond to your queries) and to meet any obligations We have at law (e.g identity checks required by the Anti-Money Laundering and other legislation).  Sometimes We may use Your Personal Information for Our marketing campaigns and research, in relation to new products, services or information that may be of interest to You which We discuss in more detail below.

We do not use or disclose Personal Information for any purpose that is unrelated to Our services and that You would not reasonably expect (except with Your consent). We will only use Your Personal Information for the primary purposes for which it was collected or as consented to.

We usually disclose Personal Information to third parties where it is reasonably necessary for, or directly related to, the services We provide. We may also disclose it for direct marketing purposes explained in more detail further below. The third parties can include the policyholder (where the insured person is not the policyholder, i.e. group policies) to joint policyholders, Our related companies (and persons they rely on to provide their services), Our agents or contractors, event organisers, data storage providers, insurers, their agents and others they rely on to provide their services and products (e.g reinsurers, reinsurance brokers, premium funders, other insurance intermediaries, insurance reference bureaus, loss adjusters or assessors, claims management and related service providers, medical service providers, credit agencies, lawyers and accountants), the Australian Financial Complaints Authority or other alternative dispute resolution schemes we are bound by, auditors,  and regulators including Lloyd’s and ombudsman when required by regulatory or legal obligations, prospective purchasers of Our business and Our alliance and other business partners.

You authorise us to contact such third parties for the purposes of providing you with the products and services that you have requested.

If We give third parties (including their agents, employees and contractors) Your Personal Information, they are prohibited from using Your Personal Information except for the specific purpose for which We supply it to them and We take such steps as are reasonable to ensure that they are aware of the provisions of this Privacy Policy in relation to Your Personal Information.

We also use Personal Information to develop, identify and offer products and services that may interest You, conduct market or customer satisfaction research. From time to time We may seek to develop arrangements with other organisations that may be of benefit to You in relation to promotion, administration and use of Our respective products and services. See direct marketing explained in more detail further below. We do not use Sensitive Information to send You direct marketing communications without Your express consent.

If We do propose to disclose or use Your Personal Information other than for the purposes listed above, We will first seek your consent prior to such disclosure or use.

Nothing in this Privacy Policy prevents us from using and disclosing to others de-personalised aggregated data.

What if You do not provide some Personal Information to Us?

If You do not provide the Personal Information requested and/or do not provide Us with Your consent to the use and disclosure of Your Personal Information as set out in this Privacy Policy, We may not be able to provide our insurance services (for example, Your insurance application may not be accepted) or You may be in breach of Your duty regarding disclosure to insurers.

What are Your obligations when You provide Personal Information of others to Us?

When You provide Us with Personal Information about other individuals, We rely on You to have made them aware that You will or may provide their information to Us, how We collect, use, disclose and handle it in accordance with this Privacy Policy and Our relevant Privacy Statements. If it is Sensitive Information We rely on You to have obtained their consent to the above. If You have not done these things, You must tell Us before You provide Us with the relevant information.

What are Your obligations when We provide You with Personal Information?

If We give You Personal Information, You must only use it for the purposes We agreed to.

Unless otherwise agreed, You must meet the requirements of the Privacy Act and any other applicable privacy laws, when collecting, using, disclosing and handling personal information on Our behalf. You must also ensure that Your agents, employees and contractors meet the above requirements.

How do We manage the security of Your Personal Information?

We are committed to keeping your information secure. Unfortunately, no data transmission over the internet or any website can be guaranteed to be secure.

We do however, endeavor to take all reasonable steps to:

  • protect any Personal Information that We hold from misuse, interference and loss, and to protect it from unauthorised access, modification or disclosure through physical, electronic and operational procedures intended to safeguard and secure the information We collect. For example, We use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to computer systems. All staff have a legal duty to respect the confidentiality of information, and access to confidential information is restricted to only those who have a reasonable need to access it.
  • destroy or permanently de-identify Personal Information in accordance with the Privacy Act.

Where We have given You (or where You have chosen) a password which enables You to access any portal We operate, You are responsible for keeping this password confidential and for complying with any other security procedures that We notify You of. We ask You not to share a password with anyone.

What steps do We take regarding Data quality?

We take reasonable steps to ensure that Personal Information is current, accurate, up-to-date and complete whenever We collect or use or disclose it. Throughout our dealings with You We will take reasonable steps to confirm the details of Your Personal Information We hold and ask You if there are any changes required.

The accuracy of personal information depends largely on the information You provide to Us, so We rely on You to:

  • let Us know if there are any errors in Your Personal Information You become aware of; and
  • keep Us up-to-date with changes to Your Personal Information (such as Your name or address).

How long do We retain Your Personal Information?

We retain your Personal Information for as long as is reasonably necessary for the purposes for which it was originally collected and allowed by relevant laws. The length of time we keep your Personal Information is determined in accordance with the following criteria:

  • your relationship with Us and the types of products and service You have with Us;
  • the length of time it is reasonable to keep records to demonstrate that We have fulfilled Our obligations to You under the law;
  • any limitations periods within which claims might be made;
  • any retention periods prescribed by law, by regulators, professional bodies or associations; and
  • the existence of any relevant proceedings.

Where your Personal Information is no longer required We will ensure it is securely deleted or de-identified.

Access to and correction of Your Personal Information

You are entitled to have access to any personal information relating to You which We possess, except in some exceptional circumstances provided by in law. For example, We may refuse access where the:

  • information may have an unreasonable impact on the privacy of others;
  • request is frivolous or vexatious;
  • information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings;
  • information would reveal Our intentions in relation to negotiations in such a way as to prejudice those negotiations.

Where providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process, We will provide an explanation for the decision rather than direct access to the information.

If We refuse access or to give access in the manner requested by You We will let you know why in writing and provide You with details about how to make a complaint about the refusal.

If We make a correction to Your personal information We may retain a copy of the previous information for Our records or as required by law.

If You wish to access your Personal Information please contact us on #.

In most cases We do not charge for receiving a request for access to Personal Information or for complying with a correction request.

Do we transfer of information overseas?

Any Personal Information provided to Us may be transferred to, and stored at, a destination outside Australia, including but not limited to [#, United Kingdom]. Details of the countries We disclose to may change from time to time. You can contact Us for details. Personal Information may also be processed by staff or by other third parties operating outside Australia who work for Us or for one of our suppliers, agents, partners or related companies.

When We send information overseas, in some cases We may not be able to take reasonable steps to ensure that overseas providers do not breach the Privacy Act and they may not be subject to the same level of protection or obligations that are offered by the Act.  By proceeding to acquire Our services and products You agree that You cannot seek redress under the Act or against Us (to the extent permitted by law) and may not be able to seek redress overseas. If You do not agree to the transfer of Your Personal Information outside Australia, please contact Us.

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will take appropriate steps to ensure that transfers of your personal data are in accordance with applicable legislation and carefully managed to protect your privacy rights. We will also ensure that transfers of your personal data are limited to countries which are either recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy. To this end:

  • we will ensure transfers within our group of companies will be covered by an agreement entered into by members of our group of companies (intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within our group of companies;
  • we will ensure that where we transfer your personal data outside our group of companies to third parties who assist in providing our services, we obtain contractual commitments from the third parties to protect your personal data; and
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data is disclosed.

Direct Marketing

We may use Your Personal Information, including any email address You give to Us, to provide You with information and to tell You about Our products, services or events or any other direct marketing activity (including third party products, services and events which We consider may be of interest to you). Without the limitation just described, if it is within Your reasonable expectations that We send you direct marketing communications given the transaction or communication You have had with Us, then We may also use Your Personal Information for the purpose of sending You direct marketing communications which We may consider may be of interest to You. We may request our related parties to contact You about services and products that may be of interest to You. If you no longer wish to receive such information, or you do not want us to disclose your Personal Information to any other organisation (including any related body corporates), you can opt out by contacting us using our contact details below. We will not sell or trade your Personal Information for marketing purposes.

Our Website

You can visit our website without providing any Personal Information and We will only collect personal information through our websites with Your prior knowledge. For example where You submit an enquiry or application online. Email addresses are only collected if You send Us a message and will not be automatically added to a mailing list.

Our website may contain links to other third-party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites, or any products or services offered on them. We recommend that You check the privacy policies of these third party websites to find out how these third parties may collect and deal with Your Personal Information.

Cookies

We only uses cookies for session management, and We neither collect or not keep user Personal Information. In order to monitor the use of Our website We do use Google Analytics. Google Analytics does collect information on website trends, without identifying individual visitors. Google Analytics uses a different set of cookies for each website, and visitors are not tracked against multiple sites.

Your Rights under the GDPR

If You are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, We will not process sensitive data about You unless We have received Your explicit  consent to the processing of this information.

If You are an individual who is either based in or a resident of the European Union or the United Kingdom, You also have the right to:

  • be informed as to how We are collecting and using Your personal data;
  • obtain confirmation from Us as to whether or not Your personal data is being processed, where and for what purpose. If requested, We will provide You with a copy of Your personal data, free of charge in an electronic format;
  • request that We erase Your personal data if We no longer have a legitimate interest to continue holding or processing the data;
  • object to the processing of Your personal data, including for direct marketing and processing based on a legitimate interest; and
  • request that We restrict the processing of Your personal data in certain circumstances, including in the case of unlawful processing.

Sale or restructure of business

In the future We may consider the sale or restructure of Our business or the purchase of the business of other entities. In such circumstances it may be necessary for Your Personal Information to be disclosed to permit the parties to assess the sale or restructure proposal for example through a due diligence process. We will only disclose such of Your Personal Information as is necessary for the assessment of any sale or restructure proposal and subject to appropriate procedures to maintain the confidentiality and security of Your Personal Information. In the event that a sale or restructure proceeds, We will tell You.

Complaints

If You have a compliant about privacy we please contact Us to help Us to assist You promptly. In order to resolve a complaint, We:

  • will liaise with You to identify and define the nature and cause of the complaint;
  • may request that You detail the nature of the complaint in writing;
  • will keep You informed of the likely time within which We will respond to Your complaint;
  • will inform You of the reason for Our decision in resolving such complaint; and
  • keep a record of the complaint and any action taken in Our Register of Complaints.

If You have a complaint please contact Us We will then attempt to resolve the issue or complaint.

When We make Our decision, We will also inform You of Your right to take the matter to the Office of the Australian Information Commissioner (OAIC) if You are not satisfied. In addition, if You have not received a response from Us of any kind to your complaint within 30 days, then You have the right to take the matter to the OAIC (contact details are provided below).

If You are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, You may be able to complain to The European Data Protection Supervisor via  edps.europa.eu or The Information Commissioner’s Office in the United Kingdom via ico.org.uk.

You also have a right in limited circumstances to have Your privacy complaint determined by the Australian Financial Complaints Authority).

If You would like further details of our Privacy Complaints Handling Procedure, please contact Us.

We recommend that You retain this information for future reference.

How to contact Us and Your opt out rights

If You wish to gain access to Your Personal Information, want Us to correct or update it, have a complaint about a breach of Your privacy, wish to opt out of providing consent to any of the collection, uses and disclosure of Your Personal Information, including receiving offers of products or services from Us, or have any other query relating to Our Privacy Policy, contact us using these details:

Telephone:  (02) xxxx xxxx [During business hours]

Email:  gdpr@probitas1492.com

Mail: Privacy Office, Mail address

We welcome Your questions and comments about privacy.

This Privacy Policy is current from its specified effective date. In the event that this Privacy Policy or any part thereof is amended or modified in the future, the revised version will be available by contacting our office or on our website.

You can also obtain information on privacy issues in Australia on the Office of the Australian Information Commissioner (“OAIC”) website at www.oaic.gov.au or by contacting the OAIC by email at enquiries@oaic.gov.au or by calling on 1300 363 992.