What personal information we collect
The personal information we collect and store about you may include:
• your name;
• contact details (including mobile phone, telephone and email);
• previous or current insurance;
• claims history; or
• driving history;
and such other information which is relevant and necessary to providing products and deliver services to you or to comply with the law.
We may also collect personal information about other people noted on your insurance policies from you. Where you provide us with personal information about other people you must have their consent to do this, and to provide it on their behalf. If you do not have their consent, you must tell us. For example, you may wish to purchase insurance in joint names and therefore you provide us with personal information about your spouse.
“Sensitive information” is a subcategory of personal information which may include information or an opinion about an individual. The sensitive information we collect about you may include:
• health and other medical information;
• lifestyle information that relates to insurance;
• occupational information; and
• criminal history;
and such other information which is relevant and necessary to providing products and deliver services to you or to comply with the law.
Why we collect personal information
We will inform you of the main reasons for collecting your personal information at the time we request it. The purposes for which we will generally collect and use your information include considering any application you make to us, providing products and delivering services to you, performing administrative functions, enhancing our products, services and the delivery of the services and telling you about our other products and services
which may include those of our business partners, which we believe may interest you. You may tell us at any time that you do not want us to advise you about other products and services (see Marketing below for more details).
We will only collect sensitive information where it is necessary for the purposes of determining risk or providing you with a specific product or service such as health insurance or life insurance. If not required, we will not collect sensitive information. Any such sensitive information is collected in accordance with the Privacy Principles.
How we collect personal information
We collect information from you in various ways. It might be through our contact centres, via our online systems such as Online Policy Manager, or when you fill out an application form for one of our products online or via social media.
Information collected online
We collect information about visitors using our online resources. Any information collected is used to provide our products and services and to identify online behavioural patterns.
Our online resources include but are not limited to websites and mobile applications “apps”. Information collected by these resources may include the following information:
• Server address/IP address.
• Date and time of visit to our site.
• Pages visited.
• Documents downloaded.
• The site you visited prior to visiting our website.
• The browser you are using to access our resources.
• If you have visited our website before.
• Tracking user preferences.
In addition to the above, our websites and mobile apps may collect location data.
From time to time, we may use data collection devices such as ‘cookies’ in conjunction with our website. Cookies are commonly used on the internet. They are a small file placed onto a computer by a server. A cookie can later be identified by a server. We may use both ‘persistent’ and ‘session cookies’. We may (or our marketing company may) evaluate the cookie information collected to measure the effectiveness of our advertising and how visitors use our site. Where our marketing company manages the information coming from our site on our behalf, we control how that data may and may not be used. Any information that is collected in this way is used in an aggregated form; we do not use it to identify you as an individual.
• to provide you with better and more customised service and a more effective website.
• collecting anonymous statistical information on things such as how many visitors our sites receive, how those visitors use the sites and where they came from.
Most of our online resources use sessions and/or cookies. If you wish, you can configure your browser so it does not accept cookies, but this may affect the functionality of the website.
Collecting personal information from third parties
Where possible, we collect personal information directly from you. However, in some circumstances we may also collect personal information about you, or about other people noted on the policy, from other sources so that we can provide you with a more personalised service, issue you a policy or assess a claim you make.
• you may apply for a product through a broker, intermediary, business partner or other distributor; or
• we collect information required to assist us in determining the acceptability of a policy, the price of a policy, or to investigate, assess and pay claims, which may be collected from third parties such as other insurers, Insurance Reference Services or medical providers or other professional experts (to verify or clarify , if necessary, any health information you may provide); or
• To provide you with an indicative quote for additional products that we offer.
We are a member of Insurance Reference Services (IRS), an insurance member-based organisation supporting Australian general insurance company members with understanding policy holder claims and/or policy history, for the purpose of supporting claims management, claims investigation, loss assessment, fraud detection and risk underwriting. IRS manages the IRS claims database, which highlights claims made, including previously denied, withdrawn, or cancelled claims. Details of your claim and/or policy history may be collected from IRS for the purposes of determining the acceptability of policies and/or claims.
If we receive information about you from a third party and it is not information we need in respect of the services we provide, we will destroy or de-identify that information (provided it is lawful to do so).
Dealing with us anonymously or using a pseudonym
Where possible, you have the option of interacting with us anonymously or pseudonymously. Whilst you are entitled to interact with us anonymously or by using a pseudonym, we will need to know who you are in order to provide you with our products and deliver services.
Use of Information
We use your personal information in accordance with the Privacy Principles. We use the personal information collected for a number of purposes, including:
• Assessing your policy application, establishing and administering your policy.
• Processing premiums and payments.
• Improve the way we provide our products and deliver services.
• Produce policy schedules and other mail related services.
• Assess, process and investigate any insurance risks, claims or complaints, including your claims history;
• Assessing risks and underwriting insurance. • Training our employees, agents and representatives.
Direct Marketing Opt Out
If you do not want to receive any marketing offers, you can choose to opt out of our marketing activities. To opt out, you can either:
• use the unsubscribe function from our emails, SMS, MMS or IM; or
• contact us using the Contact Details below.
Display Advertising You can block interest-based advertising in your current browser by visiting the Digital Advertising Alliance’s consumer choice tool at http://optout.aboutads.info/ . If you are on your mobile device, enable the “Limit Ad Tracking” setting in your iOS phone’s settings, or the setting to “Opt out of Ads Personalization” (or “Opt out of Interest-based Advertising” for older systems) in your Android phone’s settings.
You can, however, change your mind about opting out of receiving information about our products and services at any time by contacting us using our Contact Details noted below.
How we store personal information
We will store your personal information in a number of ways including:
• in electronic systems and devices;
• in telephone recordings;
• in paper files;
• secure document retention services off-site; and/or
• cloud facilities operated by us (or by third parties on our behalf).
We will take reasonable precautions to ensure that the personal information that we have about you is protected against any unlawful use, unauthorised access, modification or disclosure and these precautions include:
• using appropriate information technology and processes;
• using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files;
• securely destroying or “de-identifying” personal information if we no longer require it subject to our legal obligations to keep some information for certain prescribed periods;
• restricting access to your personal information to our employees and those who perform services for us who need your personal information to do what we have engaged them to do; and
• requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.
While we undertake reasonable steps to protect your personal information, no guarantee can be given that information sent over the internet is always 100% secure. Sending and receiving information over the internet is at the user’s own risk, however we will take all reasonable steps to ensure your data security once we receive it.
Disclosure to third parties
The personal information that we collect from you may be disclosed to other parties who are involved with the provision of our products and services to you. Such parties include your insurer, any insurance intermediary involved in the transaction, service providers such as claims assessors, investigators or lawyers (should they be required in the event of a claim) other insurers (for the purpose of seeking claims recoveries or to assist them to assess insurance risks), our marketing partners.
As a member of IRS, your claim and/or policy history may be reported to IRS to be shared with other insurers as part of the industry’s wider fraud protection and monitoring measures, which may include determining acceptability or applications, policies and/or claims.
The information we provide to third parties will be strictly limited to what is required to provide the products and services, where disclosure is required, or authorised by or under law (for example, we may disclose information to government agencies) or where you have requested us to or have consented to the disclosure to a third party. The third parties may include overseas organisations (see below).
Subject always to our obligations under the Privacy Act, where we disclose personal information for other people noted on the policy, for a permitted purpose, to you or another third party you will ensure that they have consented to that use or disclosure.
Exchange of information with overseas parties
Some of the parties with which we exchange your personal information, including our service providers and other third parties referenced above, may be located outside Australia in countries including Japan, Philippines, Singapore, South Africa, United Kingdom and the United States of America. Where we do this, we make sure that such organisations have the appropriate data handling and security arrangements in place.
Access to and accuracy of personal information
You can request access to the personal information we hold about you at any time by contacting us using the Contact Details noted below and we will provide you with that information unless we are prevented by law from giving you that access. If we are unable to provide you with the requested information, we will provide you with a written explanation.
Where access is granted to your information, we may charge a reasonable fee for such access and if we do, we will advise you of the fee prior to proceeding with the request.
We take reasonable measures to ensure that the personal information we hold about you is accurate and up to date. Under the Privacy Act, you also have a right to request that we correct information, if you believe your personal information is not accurate and up to date, we would encourage you to inform us by contacting us using the Contact Details noted below. We will promptly update any information that is incorrect and confirm to you when we have done so.
We are committed to resolving any complaints you may have, please contact us at any time by contacting us using the Contact Details noted below.
Our representative will be in contact with you regarding your complaint and will let you know who will be assisting you, their contact details and the expected resolution date of your issue within 24 hours or as soon as practicable.
If the issues raised are more complicated, we may ask you for additional documentation to help resolve the issue. In turn, we will keep you updated on the progress of your complaint.
We will try to answer any questions you may have, correct any error on our part or resolve any complaint or concern that you may have about our information handling practices. If we do not resolve a complaint to your satisfaction, you also have the right to complain to the Office of the Australian Information Commissioner (OAIC) using the Contact Details noted on the following page: