What information do we collect and hold how do we use it?
We will collect personal information for primary purposes, which are relevant to providing and administrating our financial products and services. Personal Information we hold which is identifiable as being about you. This includes information such as your name, email address, and any other information that can reasonably identify an individual, either directly or indirectly.
To enable us to provide advice on and arrange financial services, we collect the information needed by ourselves to ensure appropriate advice to you and information required by product suppliers. We will usually provide some or all of this information to our product suppliers. Some of these companies may be located outside Australia.
When a claim is made under an insurance policy, to enable us to assist in the claim process, we and our representatives and those of the insurer (including loss adjusters, investigators, medical advisers and lawyers) collect information about the claim, some of which may be personal information. We may collect the information from you or from third parties.
We provide this information to the insurer and or their agents and those appointed to assist you in making a claim. Again this information may be passed on to your underwriters and reinsurers. We may use your personal information internally to help us improve our services and help resolve any problems.
What if you don't provide some information to us?
We can only apply for and arrange financial service products if we have all relevant information. The insurance laws also require insured’s to provide all the information required by the end insurer to help them decide whether to insure you and on what terms. Credit Providers also require specific information to help them assess any credit applications that we may facilitate on your behalf.
How do we hold and protect your information?
We hold the information we collect from you in our computer system and in our hard copy files. We ensure that your information is safe by following the usual security procedures expected by our clients and in accordance with the guidelines issued by the Office of Australian Information Commissioner (OAIC).
Will we disclose the information we collect to anyone?
We may disclose information to:
- Financial institutions, other Australian Financial Service Licensees, Insurers, underwriters, underwriting agencies, wholesale brokers and reinsurers (for the purpose of seeking recovery from them or to assist them to assess insurance risks);
- Premium funders / Credit providers for the purposes of gaining quotations on and arranging funding of your insurance premiums / financial investments.
- An investigator, assessor, State or Federal Health Authorities, lawyers, accountants, medical practitioners, hospitals or other professional advisors (for the purposes of investigating or assessing your claim);
- A lawyer or recovery agent (for the purpose of defending an action by a third party against you or for the purpose of recovery costs including your excess);
- Contractors who supply services to us, e.g. to handle mailings on our behalf.
- An immediate family member;
- Other companies in the event of a corporate sale, merger,reorganisation, dissolution or similar event
However, we will do our best to ensure that they protect the information in the same way that we do. We may provide this information to others if we are required to do so by law or under some unusual other circumstances which the Privacy Act permits. We do not sell, trade, or rent personal information to others.
How can you access, check, update or change your information?
Upon receipt of your written request from you and enough information to allow us to identify the information, we will disclose to you the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate. If you wish to access or correct your personal information please write to the Privacy Officer, C/- our office.
We do not charge for receiving a request for access to personal information or for complying with a correction request. We do however reserve the right to charge you for all reasonable costs and outgoings specifically incurred in meeting your request for information.
By asking us to provide you with our financial services, you consent to the collection and use of the information you have provided to us for the purposes described above.
Complaints about privacy
Should you have a query or a complaint regarding a breach of privacy please our Complaints Officer who will handle the matter in accordance with our formal complaints handling procedures.
Your complaint can be lodged over the phone, via mail or email or you may wish to make an appointment with our Complaints Officer at a convenient time and location. We will do all that is reasonable in the circumstances to address your complaint.
The OAIC can investigate privacy complaints from individuals about our business if we are specifically caught by the Privacy Act. We also follow the Notifiable Data Breach obligations imposed by the Privacy Act.
Before a client can lodge a complaint with the OAIC, they will generally need to complain directly to ourselves and allow 30 days for it to respond. If they do not receive a response within 30 days, or they are dissatisfied with our response, they may then complain to the OAIC.
Complaints to the OAIC must be made in writing. Further information on the complaints process is available for clients wishing to complain regarding a Privacy Breach at www.oaic.gov.au
Information Sent Overseas
In certain situations it is likely that that some or all of the Personal Information that you provide to us may be disclosed to businesses that operate overseas. This would only occur where the product provider / intermediary is based overseas – e.g. Lloyds of London syndicates or brokers and other overseas based insurers and intermediaries or in situations where we utilise “Cloud Computing” services that are situated outside Australia.
In all such cases, unless we expressly inform you and obtain your consent to the contrary, we commit to making reasonable enquiries to ensure that these organisations comply with their local privacy legislation where such legislation is comparable to the Australian legislation and to comply with the key components of Australian Privacy legislation in cases where their local legislation is considered inadequate or non-existent.
Website privacy issues
We use technology to collect anonymous information about the use of our website, for example when you browse our website our service provider may log your server address, the date and time of your visit, the pages and links accessed and the type of browser used. It does not identify you personally and we only use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our services.
In order to collect this anonymous data we may use “cookies”. Cookies are small pieces of information which are sent to your browser and stored on your computer’s hard drive. Sometimes they identify users where the website requires information to be retained from one page to the next. This is purely to increase the functionality of the site. Cookies by themselves cannot be used to discover the identity of the user. Cookies do not damage your computer and you can set your browser to notify you when you receive a cookie so that you can decide if you want to accept it. Once you leave the site, the cookie is destroyed and no personal or other information about you is stored.
Our Website may allow visitors to submit information via Self-Service forms (Quotes, Claim Forms, Employment and Contact request). The information submitted via the Forms may not be encrypted. Should you be concerned about the confidentiality of any information provided by any Self Service forms please do not hesitate to lodge this information with us via phone or email.
We may also use your contact information that you supply on this website to send you requested product information and promotional material and to enable us to manage your ongoing requirements, e.g. renewals, and our relationship with you, e.g. invoicing, client surveys etc.
We may also notify you via direct marketing about new services and special offers, events or articles we think will be of interest to you. We may send you regular updates by email or by post on insurance matters. If you would rather not receive this information or do not wish to receive it electronically, email or write to us.
We may also use your information internally to help us improve our services and help resolve any problems.
General data protection regulation (GDPR) for the European Union (EU)
We will comply with the principles of data protection set out in the GDPR for the purpose of fairness, transparency and lawful data collection and use.
We process your personal information as a Processor and/or to the extent that we are a Controller as defined in the GDPR.
We must establish a lawful basis for processing your personal information. The legal basis for which we collect your personal information depends on the data that we collect and how we use it.
We will only collect your personal information with your express consent for a specific purpose and any data collected will be to the extent necessary and not excessive for its purposes. We will keep your data safe and secure.
We will also process your Personal Information if it is necessary for our legitimate interests, or to fulfill a contractual or legal obligation.
We process your personal information if it is necessary to protect your life or in a medical situation, it is necessary to carry out a public function, a task of public interest or if the function has a clear basis in law.
We do not collect or process any personal information from you that is considered “Sensitive Personal Information” relating to your sexual orientation or ethnic origin unless we have your explicit consent, or if it is being collected subject to and in accordance with the GDPR.
You must not provide us with your personal information if you are under the age of sixteen without the consent of your parent or someone who has parental authority for you. We do not knowingly collect or process the personal information of children.
Your Rights under the GDPR
If you are an individual residing in the EU, you have certain rights as to how your personal information is obtained and used. We comply with your rights under the GDPR as to how your personal information is used and controlled if you are an individual residing in the EU.
Except as otherwise provided in the GDPR, you have the following rights:
- To be informed how your personal information is being used;
- Access your personal information (we will provide you a free copy of it);
- To correct your personal information if it is inaccurate or incomplete;
- To delete your personal information (also known as the “right to be forgotten”);
- To restrict processing of your personal information;
- To retain and reuse your personal information for your own purposes.
- To object to your personal information being used; and
- To object against automated decision making and profiling.
Please contact our Complaints Officer at any time to exercise your rights under the GDPR. We may ask you to verify your identity before acting on your requests.
Although we intend to observe this policy at all times, you should note that the Privacy Act does not apply to small businesses. It only applies to businesses with an annual turnover of $3M or more per annum. Therefore should we be in a position where the Privacy Act does not legally apply to us we may decide it is necessary or desirable to act outside this Policy. We may do so, subject only to any legal obligations we have to you or under any law, including the Privacy Act.