We are committed to protecting your privacy and confidentiality in accordance with the Privacy Act 1998 (Cth) and its Australian Privacy Principles (APPs), which set out standards for the collection, use, disclosure and handling of personal information.
Personal information is essentially information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.
Sensitive information is a subset of personal information and is essentially information or an opinion about a person’s racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual orientation or practices, criminal record or health, genetic or biometric information or templates.
See the Privacy Act for full details of what is and is not included.
The personal information we collect and hold varies depending on the services we are providing, but generally could include:
The type of sensitive information we may collect can include details of your:
We only collect personal information by lawful and fair means and where it is reasonably necessary for, or directly related to, one or more of our functions or activities.
If we collect details about you from someone else, we will take reasonable steps to make you aware of the collection in accordance with the APPs.
We may obtain personal information indirectly and who it is from can depend on the circumstances. We will usually obtain it from another insured if they arrange a policy which also covers you, related bodies corporate, referrals, insurers (including previous), insurance intermediaries, witnesses in relation to claims, health care workers, publicly available sources, premium funders and persons who we enter into business alliances with.
We attempt to limit the collection and use of sensitive information from you unless we require it to provide our services to you. However, we do not collect sensitive information without your consent.
We hold personal information within our own data storage devices or with a third party provider of data storage. Further details about the security of your personal information are provided below.
We collect, hold, use and disclose your personal information where it is reasonably necessary for, or directly related to, one or more of our functions or activities, to offer and administer our various products and services or otherwise as permitted by law.
Such purposes include to identify you, responding to enquiries, providing assistance, maintaining and administering our products and services (for example processing requests for quotes, applications for insurance, underwriting and pricing policies, arranging or issuing a policy, managing claims, processing payments), processing survey or questionnaire responses, market research and the collection of general statistical information using common internet technologies such as cookies, providing you with marketing information regarding other products and services (of ours or a third party), quality assurance and training purposes, performing administrative operations (including accounting and risk management) and any other purpose identified at the time of collecting your information.
We also use it to help to develop and identify products and services that may interest you, conduct market or consumer satisfaction research, develop, establish and administer alliances and other arrangements with other organisations in relation to the promotion, administration and use of our respective products and services. For more information on our services please contact us.
We do not use or disclose personal information for any purpose that is unrelated to our services and that you would not reasonably expect (except with your consent). We will only use your personal information for the primary purposes for which it was collected or as consented to.
We do not sell, trade, or rent your personal information to others.
We usually disclose personal information to third parties who assist us or are involved in the provision of our services, including direct marketing, and your personal information is disclosed to them only in connection with the services we provide to you or with your consent.
The third parties may include: our related companies and our representatives who provide services for us, our agents or contractors, our insurers, other insurers and reinsurers, your agents, premium funders, other insurance intermediaries, underwriting agents, Lloyd’s Regulatory Division, our legal, accounting and other professional advisers, actuaries, data warehouses and consultants, social media and other similar sites and networks, membership, loyalty and rewards programs or partners, providers of medical and non-medical assistance and services, translators, investigators, loss assessors and adjusters, credit agencies, credit card providers and other parties we may be able to claim or recover against, your employer (if a corporate policy), anyone either of us appoint to review and handle complaints or disputes, other companies in the event of a corporate sale, merger, re-organisation, dissolution or similar event and our alliance and other business partners and any other parties where permitted or required by law.
We also use personal information to develop, identify and offer products and services that may interest you, conduct market or customer satisfaction research. From time to time we may seek to develop arrangements with other organisations that may be of benefit to you in relation to promotion, administration and use of our respective products and services. See direct marketing explained in more detail further below.
We do not use sensitive information to send you direct marketing communications without your express consent.
If we do propose to disclose or use your personal information other than for the purposes listed above, we will first seek your consent prior to such disclosure or use.
If we give third parties (including their agents, employees and contractors) your personal information, we require them to only use it for the purposes we agreed to.
If you choose not to provide us with the information we have requested, we may not be able to provide you with our services or products or properly manage and administer services and products provided to you or others.
When dealing with us you have the option of not identifying yourself or using a pseudonym provided we are not required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves or it not impracticable for us to deal with you on this basis.
It will generally be impracticable for you to deal with us anonymously or using a pseudonym if you wish to use our services or have us arrange a product for you.
When you provide us with personal information about other individuals, we rely on you to have made them aware that you will or may provide their information to us, the purposes we use it for, the types of third parties we disclose it to and how they can access it (as described in this document). If it is sensitive information we rely on you to have obtained their consent to the above. If you have not done either of these things, you must tell us before you provide the relevant information to us.
If we give you personal information, you and your representatives must only use it for the purposes we agreed to.
Where relevant, you must meet the requirements of the Australian Privacy Principles set out in the Privacy Act 1988, when collecting, using, disclosing and handling personal information on our behalf.
You must also ensure that your agents, employees and contractors meet the above requirements.
We endeavour to protect any personal information that we hold from misuse and loss, unauthorised access, modification and disclosure.
We maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security; for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to computer systems where personal information is stored.
Your personal information may be disclosed to some of our service providers who are located overseas including but not limited to the United Kingdom, Bermuda and Singapore. Who they are may change from time to time. You can contact us for details.
When we send information overseas, in some cases we may not be able to take reasonable steps to ensure they do not breach the Privacy Act and they may not be subject to the same level of protection or obligations that are offered by the Act. By proceeding to acquire our services and products you agree that you cannot obtain redress under the Act or against us, but only to the extent permitted by law and may not be able to seek redress overseas.
We will take reasonable steps to ensure that the personal information you provide is accurate, complete and up to date, whenever it is used, collected or disclosed.
When we deal with you we will take reasonable steps to confirm the details of the personal information we hold about you and ask you if there are any changes required.
The accuracy of personal information depends largely on the information you provide to us, so we rely on you to:
You are entitled to access your personal information if you wish and request correction if required except in some exceptional circumstances provided by in law. For example, we may refuse access where the:
If we refuse access, or to give access in the manner requested by you, we will let you know why in writing and provide you with details about how to make a complaint about the refusal.
If we make a correction to your personal information we may retain a copy of the previous information for our records or as required by law.
If you wish to access your personal information please contact us.
We do not charge you for making a request for access to personal information, or in most cases for complying with a correction request.
We may use your personal information, including any email address you give to us, to provide you with information and to tell you about our products, services or events or any other direct marketing initiatives (including third party products, services and events which we consider may be of interest to you). In addition, if it is within your reasonable expectations that we send you direct marketing communications given the dealings you have had with us, then we may also use your personal information to send you direct marketing communications that we may consider to be of interest to you. Our related entities may also contact you about services and products that may be of interest to you.
If you do not want to receive these offers from us (including product or service offerings from us on behalf of our business partners), please contact us to opt out (see the “How do you contact us and what are your opt out rights?” section below for contact details).
You can visit our website without providing any personal information. We will only collect personal information through our websites with your prior knowledge for example where you submit an enquiry or application online.
Email addresses are collected if you send us a message and in such cases will not be automatically added to a mailing list.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use may identify individual users.
Cookies can either be "persistent" or "session" based. Persistent cookies are stored on your computer, contain an expiration date, and are mainly for the user's convenience.
Session cookies are short-lived and are held on your browser's memory only for the duration of your session; they are used only during a browsing session, and expire when you quit your browser.
We may use both session and persistent cookies. This information may be used to personalise your current visit to our websites or assist with analytical information on site visits.
Most internet browsers can be set to accept or reject cookies. If you do not want to accept cookies, you can adjust your internet browser to reject cookies or to notify you when they are being used. However, rejecting cookies may limit the functionality of our website.
If you believe:
then you have the right to make a complaint about the matter.
In the first instance, your complaint should be addressed in writing to us (see the “How do you contact us and what are your opt out rights?” section below for contact details). We will investigate the matters raised by you and respond directly to you.
If you are dissatisfied with our response, or you have not received a response from us of any kind to your complaint within 30 days, you can refer the matter to the Office of the Australian Information Commissioner (OAIC) in accordance with the Act. OAIC can be contacted on 1300 363 992 or at www.oaic.gov.au.
You may also have a right in limited circumstances to have your privacy complaint determined by the Australian Financial Complaints Authority (AFCA) subject to the AFCA Rules.
Australian Financial Complaints Authority contact details are:
Phone: 1800 931 678
Postal Address: Australian Financial Complaints Authority – GPO Box 3, Melbourne VIC 3001
Phone: 1300 733426 or 1300Redicova
Postal Address: PO Box 1197, Tully QLD 4854.
You can also obtain information on privacy issues in Australia on the Office of the Australian Information Commissioner (“OAIC”) website at www.oaic.gov.au or by contacting the OAIC by email at firstname.lastname@example.org or by calling on 1300 363 992.