ABOUT THIS POLICY
WHY WE COLLECT, HOLD, USE AND DISCLOSE YOUR PERSONAL INFORMATION
We collect, hold, use and disclose personal information so that we can perform our business activities and functions and to provide customer services which include Work Health Safety and Rehabilitation, Training and Consultancy (the “Services”). We will collect, hold, use and disclose your information for the purpose it was provided to us, related purposes or as permitted by law. Such purposes include:
- Work Health Safety and Rehabilitation, Training and Consultancy
- claims handling,
- risk management;
- providing services to you, arranging products for you and to send communications requested by you;
- answering enquiries and providing information or advice about existing and new products or services;
- providing you with access to protected areas of our website;
- for market research so that we can better understand your needs and tailor our future services accordingly;
- providing you with marketing information regarding other products and services (of ours or a third party) which we believe may be of interest to you;
- updating our records and keeping your contact details up to date;
- quality assurance, auditing and training purposes;
- processing and responding to any complaint made by you;
- to conduct administration and business processing functions including providing personal information to our associated entities, contractors, service providers or other third parties;
- facilitating our business operations such as managing our IT infrastructures, databases, websites and for statistical and maintenance purposes; and
- complying with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (where relevant).
THE PERSONAL INFORMATION WE COLLECT AND HOLD
- your name;
- your address;
- your date of birth;
- your gender;
- other contact details such as your phone number, fax and email;
- your occupation;
- your salary;
- health records, including mental health records;
- relevant financial information;
- claims history, driving history, details of insurance policies you hold or have held, health, medical or lifestyle information relevant to arranging an insurance product or providing another service;
- financial institution account details like your credit card or bank account number if the product or service is being paid for in this way or we are making a payment to you;
- your employment history and other information collected during the recruitment process; and/or
- any other information you provide to us directly or indirectly through a website or via a representative.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We may collect information about you in various ways, including:
- over the telephone;
- in person;
- observations during assessments;
- reports, correspondence and emails from you as well as treating practitioners and third parties such as employers and insurers;
- over the internet, including via our website, online forms and surveys, email or cookies; and
- in writing, including via hard copy forms.
Information Collected by Automated Means on Websites
We use various tools to enhance our website user experience and track users of our websites, including cookies and web beacons. Cookies are small pieces of text that a website places on your computer to help remember information about your visit. Web beacons are tiny graphics with a unique identifier that are embedded invisibly on the web pages. Neither cookies nor web beacons can read data off your computer’s hard drive. The information may include items such as:
- the domain from which you have come to the site;
- the pages visited on our website;
- the date and time of the visit;
- the internet address of the referring site;
- your IP address;
- the types and location of devices you are using to access the website and its attributes;
- the version of the browser used;
- the capabilities of the browser; and
- the search terms used on our search engines.
FROM WHOM WE COLLECT PERSONAL INFORMATION
We may collect such information from:
- directly from you; or
- the person/company referring you to us; and
- any other third party associated with the service being provided to you (e.g. your nominated treating doctor, other treating practitioner, employer, agent or insurer, or any other representative authorised by you.
HOW WE USE AND DICLOSE YOUR PERSONAL INFORMATION
We will only hold and use personal information about you that was collected for a particular purpose (the primary purpose) and will not use or disclose the information for another purpose (the secondary purpose) unless:
- we are required or authorised by law to do so;
- you have consented to the use or disclosure of the information; or
- a permitted exception under the Act in relation to the use or disclosure of the information applies.
If subsection 16B(2) of the Act applies in relation to the collection of the personal information we will take such steps as are reasonable in the circumstances to ensure that the information is de-identified before we disclose it. We will not use any personal identifiers issued by a government agency (e.g. Tax file number or Medicare number) as an identifier in our records systems. Should legislation require us to ask you to provide your tax file number we will only use that number for the purposes permitted by legislation and not as a general means of identifying you.
We may disclose your information to:
- our employees, authorised representatives, associated entities, and contractors, as required to perform their roles in arranging products and providing services, or to referrers;
- other business support service providers for the purposes of the operation of our business including, without limitation, IT systems administration, web hosting providers, document storage warehouses, printing and mail houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors and professional advisers such as accountants, solicitors, business advisers and consultants;
- insurers, reinsurers, other insurance intermediaries and premium funders;
- a person authorised by you or a third party such as your employer; or the policyholder of a group insurance policy under which you are an insured
- in the case of some claims (or likely claims), assessors, solicitors, investigators, your employer or medical practitioners and rehabilitation providers;
- in certain instances we may be obliged to provide the relevant Regulatory Authority in your State or Territory with information from your file, if the service provided to you relates to Work Health Safety and Rehabilitation;
- suppliers and other third parties with whom we have commercial relationships for business, marketing, and related purposes;
- the Australian Financial Complaints Authority (which is an external dispute resolution scheme);
- government bodies, regulators, law enforcement agencies and any other parties where required by law;
- in the case of any re-organisation, sale or merger of us or any of our related entities, such other entities that we propose to be acquired by or merge with; and
- we may combine or share any information that we collect from you with information collected by any of our associated entities.
In the ordinary course of business including the purposes outlined above, we may disclose personal information about you to a person or organisation located in the different states and territories inside Australia and countries outside of Australia such as the United States, United Kingdom, India, Singapore (e.g. to overseas insurers, reinsurers, insurance intermediaries, our associated entities and third party suppliers or service providers). In particular, your personal information may be sent to administrative processing centers in Mumbai (India) or Kuala Lumpur (Malaysia). It may also be sent to: Canada, India, United Kingdom and the United States for the purposes of outsourcing Business Support Services (for example, IT systems administration and payment processing).
We will only transfer your personal information overseas if:
- we reasonably believe that the foreign country has substantially similar privacy obligations; or
- you consent; or
- we have taken reasonable steps to ensure the recipient will not hold, use or disclose the information in a manner inconsistent with the APPs.
When we send information overseas, in some cases we may not be able to take reasonable steps to ensure that overseas providers do not breach the Privacy Act and they may not be subject to the same level of protection or obligations that are offered by the Privacy Act. By proceeding to acquire our services and products and providing your personal information to us you agree that you cannot seek redress under the Privacy Act or against us (to the extent permitted by law) and may not be able to seek redress overseas. If you do not agree to the transfer of your personal information outside Australia, please contact us.
HOLDING PERSONAL INFORMATION
We may hold your information electronically and on paper/in hard copy. We place a high priority on the security of personal information, and we are committed to protecting the personal information that you provide to us. We take reasonable steps to ensure your personal information is secure and we use and maintain appropriate safeguards to prevent misuse and loss and from unauthorised access, modification or disclosure. We implement administrative, physical and technical safeguards to protect the confidentiality and integrity of your personal information and data that we use and hold.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
We retain most information relating to you for at least 7 years in order to meet legal and business requirements. Once information is no longer required, it will be destroyed in a secure manner.
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms including mail, fax and electronic media such as email and SMS and social media such as Twitter and Facebook, in accordance with applicable marketing laws such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication we will endeavor to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by using the opt-out facilities provided within the marketing communications.
HOW YOU MAY ACCESS YOUR PERSONAL INFORMATION AND SEEK CORRECTION OF IT
Accessing your information
You may request access to any personal information we hold about you at any time by contacting our Privacy Officer (see ‘How to contact us or make a complaint’ section below). Where we hold information that you are entitled to access, we will try to provide you with mutually agreeable means of accessing it (for example, by mailing or emailing it to you or facilitating inspection). Our Privacy Officer will need to establish the identity of the individual requesting the information prior to providing it. A fee may apply to recover reasonable costs of making the information available.
There are a number of situations where we may deny an individual access to personal information in accordance with the APPs. These can include circumstances where it would have an unreasonable impact on the privacy of other individuals, would result in a breach of confidentiality, the information relates to existing or anticipated legal proceedings, we have reason to suspect that unlawful activity or misconduct of a serious nature is being or may be engaged in, or where the law requires or authorises such access to be denied. Our Privacy Officer will advise you if any of these or other circumstances apply.
Keeping your information accurate
We take reasonable steps to ensure that the personal information we hold is accurate, up-to-date and complete. However, we also rely on you to advise us of any changes to your information to help us do so. If you believe your personal information is not accurate, up-to-date or complete, then please contact our Privacy Officer (see ‘‘How to contact us or make a complaint’ section below).
To assist us in maintaining correct records, we ask you to inform us in writing of any changes in your personal information provided to us.
If you establish that information held is not accurate, complete or up to date, then we will take reasonable steps to correct the information unless it is impractical or unlawful to do so. If you establish that information held is not accurate, complete or up to date and we have shared that information with another APP entity, then if you request us to notify those entities we will take reasonable steps to do so unless it is impractical or unlawful to do so.
HOW TO CLAIM CONTACT US OR MAKE A COMPLAINT?
We treat any concerns or complaints that you may have with respect and confidentiality. A privacy representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We aim to ensure complaints are resolved in a timely and appropriate manner.
You can contact our Privacy Officer by:
- Email – email@example.com
- Phone – (02) 8864 7688
- Post – PO Box H176, Australia Square NSW 1215
If your concerns are not resolved to your satisfaction or you would like further information in regards to the Privacy Act, the matter can be referred to the Office of the Australian Information Commissioner on 1300 363 992.