We are committed to ensuring your privacy in accordance with the Australian Privacy Act 1988 (Cth) (‘the Act’) and the New Zealand Privacy Act 2020 along with any applicable principles. We are also committed to ensuring your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, insofar as it applies to our processes and business activities.
What is Personal Information
‘Personal Information’ is any information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information or opinion is true, and whether or not it is recorded in a material form.
’Sensitive Information’ is a subset of Personal Information which may need to be afforded a higher level of protection. Sensitive Information may include Personal Information and is defined more specifically in the Act, including, amongst other things, health information, criminal history, racial or ethnic origin and sexual orientation.
What Personal Information do we collect, hold and use?
We generally collect Personal Information to provide you with various products and services we offer. More specifically, we collect and use Personal Information primarily to establish risk and determine premiums, process applications, service accounts, process payments, assess claims, confirm identification or to satisfy legal requirements and to protect Personal Information from unauthorised access. The Personal Information we collect, hold and use generally includes your name and contact information (including telephone numbers and email addresses), information relating to the insured risk, other reference information and information about third parties that you may conduct, or are interested in conducting business with.
We collect information necessary to:
- underwrite and administer your insurance cover;
- improve customer service and products including carrying out research and analysis including data analytics functions; and
- advise you of our and other products and services that may interest you.
As we act as underwriting agencies on behalf of insurers, providing and administering insurance-related products and services, we may also collect and hold other Personal Information required to provide and administer such products and services and to assist you, including details of your previous insurances and Sensitive Information.
You may be able to deal with us without identifying yourself (i.e. anonymously or by using a pseudonym) in certain circumstances, such as when making a general inquiry relating to the products and services we offer. If you wish to do so, please contact us to find out if this is practicable in your circumstances.
However, if you do not provide us with the Personal Information and other information that we need, we or any of our third-party providers may not be able to provide you with the appropriate insurance products and services. You may also risk breaching your duty of disclosure or having your policy cancelled pursuant to the Insurance Contracts Act 1984 (Cth) or otherwise.
How we collect your Personal Information
We may collect Personal Information in several ways depending on the nature of the insurance products and services being provided and administered, including:
- directly from you via our website;
- through any insurance-related portal;
- by telephone;
- in writing;
- by email; and/or
- from third parties (such as your insurance broker, premium funders, claims managers, other service providers or publicly from available sources). Each third party is also obliged to comply with the applicable privacy principles.
Wherever possible, we collect your Personal Information directly from you. There may be occasions where we collect your Personal Information from someone else. For example, where you make an application in joint names, where it is provided to us by a third party with your consent or where we need to obtain information from professional experts for the purposes of assessing a claim or providing you with insurance cover or services.
When collecting Personal Information, we will do everything we reasonably can to let you know:
- how to contact us;
- why we are collecting the Personal Information;
- how the Personal Information is collected;
- the organisations or types of organisations to which we disclose the Personal Information (if any);
- if we are required by law to collect the Personal Information;
- whether disclosure overseas is likely; and
- the consequences should you choose not to provide the Personal Information.
If you provide Personal Information to us about another person, we rely on you to have made or make them aware that you will, or may, provide their information to us and the types of third parties we may provide it to, the relevant purposes we and any of the third parties will use it for and how they can access it. If it is Sensitive Information, we rely on you to have obtained their consent on these matters. If you have not done, or will not do, either of these things, you must tell us before you provide their relevant Personal Information.
Several interactive tools or facilities may be available on our websites. If you use any of these tools or facilities, we generally do not collect your Personal Information unless a particular tool permits you to suspend or save information and recover those details later. In these circumstances, your Personal Information may be retained on our systems but is not processed or used by us except that it may be used for the purposes of online quoting and subsequent follow up.
From time to time, we may request Personal Information from you through competitions or surveys. Participation in these competitions or surveys is completely voluntary and you have the choice of whether you disclose the Personal Information requested.
We also automatically collect certain information when you visit our website, some of which may be capable of personally identifying you. Please see the ‘Cookies’ section below for more details.
Our purposes for collecting, holding and using your Personal Information
We collect and hold your Personal Information for the primary purpose of providing and administering our insurance products and services to you. When we collect Personal Information from you, the collection statement may provide a more specific or broader purpose. Such purposes for collection may include:
- helping us assess risks, to assess your request for insurance, to write and administer your insurance policy and any claim you may have and to clarify or assess information that you have provided;
- to help us improve our products and services;
- providing insurance brokers’ customers, potential customers and others with our products and services;
- helping to develop and identify products and services that may interest insurance brokers, their customers, potential customers or others;
- conducting market or customer research;
- developing, establishing and administering alliances and other arrangements with organisations not related to us in relation to the promotion, administration and use of our products and services;
- telling you about promotions and our other product and service offerings which we believe may be relevant to you;
- sale of our assets or shares to a buyer; and
- any other purpose notified to you at the time your Personal Information is collected.
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do so. We will ensure that we only use your personal data for the purposes set out above and where we are satisfied:
- we need to use your personal data to perform a contract or take steps to enter into a contract with you;
- we need to use your personal data to comply with a relevant legal or regulatory obligation that we have;
- we have your consent to use your personal data for a particular activity; or
- the use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party.
Disclosure of your Personal Information
- our related body corporates, your insurance broker or third parties as is required to provide our products and services, including our external service providers, such as payment system operators, lawyers, accountants, other advisers, financial institutions and information technology providers;
- to agents, AIG Australia, Lloyd’s underwriters, insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies and groups;
- claims management and related service providers;
- the Australian Financial Complaints Authority or other alternative dispute resolution schemes;
- Insurance and Financial Services Ombudsman;
- administrative service providers;
- any government organisation or agency; and/or
- any other entities notified to you at the time of collection.
You authorise us to contact such third parties for the purposes of providing you with the products and services that you have requested.
Disclosure of Personal Information overseas
If we wish to disclose your Personal Information overseas, we will inform you of this and we will take reasonable steps to ensure that the overseas recipient does not breach the applicable privacy principles. We may also gain your consent to disclose your Sensitive Information overseas, if required. If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will take appropriate steps to ensure that transfers of your personal data are in accordance with applicable legislation and carefully managed to protect your privacy rights. We will also ensure that transfers of your personal data are limited to countries which are either recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy. To this end:
- we will ensure transfers within our group of companies will be covered by an agreement entered into by members of our group of companies (intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within our group of companies;
- we will ensure that where we transfer your personal data outside our group of companies to third parties who assist in providing our services, we obtain contractual commitments from the third parties to protect your personal data; and
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal data is disclosed.
Direct marketing and how to opt out
When we collect your Personal Information, we may use this information to provide you with information about our other products and services. If you no longer wish to receive such information, or you do not want us to disclose your Personal Information to any other organisation (including any related body corporates), you can opt out by contacting us using our contact details below.
We will not rent, sell or trade your Personal Information for marketing purposes.
Your obligations when you provide Personal Information of others
You must not provide us with Personal Information (including any Sensitive Information) of any other individual (including any of your employees or clients if you are an insurance broker) unless you have the express consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:
- warrant that you have that individual’s consent to provide their information to us.
If you have not done this, you must tell us before you provide any third-party information.
Your obligations when we provide you with Personal Information
- for the purposes we have agreed to; and
You must also ensure that your agents, employees and contractors meet the above requirements.
Accuracy, Access and Correction of your Personal Information
We take reasonable steps to ensure that your Personal Information is accurate, complete and up to date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your Personal Information. All Personal Information identified as being incorrect is updated in our database.
Please contact us using our contact details below as soon as possible if there are any changes to your Personal Information or if you believe the Personal Information, we hold about you is not accurate or complete. We may refuse to correct Personal Information if the correction would not improve the accuracy, completeness, relevance or would make the information misleading. If we refuse to correct your Personal Information, we will record that a request was made and advise you why the request was refused.
You can make a request to access your Personal Information by contacting us using the contact details below. If you make an access request, we will provide you with access to the Personal Information we hold about you, unless otherwise required or permitted by law, within a reasonable time after the request is made. We will notify you of the basis for any denial of access to your Personal Information. No fee will be charged for an access request. However, we may charge you the reasonable cost of complying with the access request, with such costs notified to you before they are incurred.
Security of your Personal Information
We take reasonable steps to protect any Personal Information that we hold from misuse, interference and loss and from unauthorised access, alteration and disclosure.
For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems.
However, data protection measures are never completely secure and despite the measures we have put in place, we cannot guarantee the security of your Personal Information. You must take care to ensure you protect your Personal Information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches.
How long do we retain your Personal Information
Links to third party sites
Our website may contain links to other third-party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites, or any products or services offered on them. We recommend that you check the privacy policies of these third-party websites to find out how these third parties may collect and deal with your Personal Information.
Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your computer when you visit a particular website. Cookies help provide additional functionality to the website or to help us analyse website usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our websites. In all cases in which cookies are used, the cookie will not collect Personal Information except with your consent. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.
We may use the information provided by cookies and IP addresses to analyse trends, administer the site, or for research and marketing purposes to help us better serve our clients. No information which personally identifies you will be collected through the cookies. You can set your browser to notify you before you receive a cookie so you have the chance to accept it and can set your browser to turn off cookies.
Your Rights under the GDPR
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, we will not process sensitive data about you unless we have received your explicit consent to the processing of this information.
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, you also have the right to:
- be informed as to how we are collecting and using your personal data;
- obtain confirmation from us as to whether or not your personal data is being processed, where and for what purpose. If requested, we will provide you with a copy of your personal data, free of charge in an electronic format;
- request that we erase your personal data if we no longer have a legitimate interest to continue holding or processing the data;
- object to the processing of your personal data, including for direct marketing and processing based on a legitimate interest; and
- request that we restrict the processing of your personal data in certain circumstances, including in the case of unlawful processing.
How to make a complaint
If you wish to make a complaint about how we have handled your Personal Information, you can lodge a complaint by using the contact details below. You will need to provide us with sufficient details regarding your complaint together with any supporting evidence and information.
We will refer your complaint to our Privacy Officer who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 14 business days. If this is not possible, you will be contacted within that time to let you know how long it is likely to take us to resolve your complaint.
If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to:
- The Australian Privacy Commissioner via oaic.gov.au
- The New Zealand Privacy Commissioner in New Zealand via privacy.org.nz
- The European Data Protection Supervisor via europa.eu
- The Information Commissioner’s Office in the United Kingdom via org.uk
We may make changes to this policy as a result of operational or legislative changes. When changes are made to this policy, the updated policy will be uploaded to our website and the effective date updated accordingly.
How to contact us
The Privacy Officer
T: +61 2 9252 1040
E: [email protected]
Alternatively, you can contact us via:
Address: Level 5, 50 Margaret Street, Sydney NSW 2000
Email: [email protected]
Address: Level 19, 2 Park Street Sydney NSW 2000
Phone: 1300 030 886
Email: [email protected]
In Australia, for further information on privacy, visit the Australian Government Office, Office of the Australian Information Commissioner website.
In New Zealand, for further information on privacy, visit the New Zealand Privacy Commissioner website.
Effective Date: 1 October 2021