Privacy is important especially when you consider the number of ways we communicate and interact these days. We are committed to our privacy obligations and will conduct our business to ensure the protection of your personal information, including sensitive information.

This policy ("Policy") explains how Insurance Australia Limited (ABN 11 000 016 722)("IAL" or "we") manage, collect, use and protect an individual's personal information in accordance with the Australian Privacy Principles ("APPs") and the Privacy Act 1988 (Cth) ("Privacy Act").

We are committed to safeguarding your privacy and the confidentiality of your personal information. This Policy aims to give you a better understanding of the types of personal information we collect and the purposes for which that information is used, including circumstances where information is likely to be disclosed to overseas recipients.

In this Policy, the terms "Personal Information" and "Sensitive Information" reflect the meanings as they are defined in the Privacy Act:

Personal information: Information or an opinion about an identified individual, or an individual who is reasonably identifiable:
(A) whether the information or opinion is true or not and
(B) whether the information or opinion is recorded in a material form or not.

Sensitive information: Information or an opinion about an individual’s racial or ethnic origin political opinion membership of a political association religious beliefs or affiliations philosophical beliefs membership of a professional or trade association membership of a trade union sexual orientation or practices criminal record that is also personal information health information genetic information (that is not otherwise health information) biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.

Why do we collect, hold, use and disclose Personal Information?

We collect, hold, use and disclose personal information so that we can provide you with products and services including:

• Arranging and administering insurance
• Risk analysis and underwriting
• Management of claims including investigation and claims
• Accounting and auditing
• Complaints and disputes management and
• To comply with legislation, regulation and industry codes that are applicable to our Group including:
  • Anti-money laundering, sanctions and anti-slavery requirements; and
  • Identifying instances of criminal activity (for example, fraud and identity theft).

Without your personal information, we may not be able to issue insurance cover, administer your insurance or process you claim or request.

What types of Personal Information do we collect and hold?

We collect and hold a range of personal information from and about individuals insured under insurance policies we underwrite. For some policies, we also collect and hold sensitive information. Depending on the products or services we are providing to you, we may collect and hold the following information from you:

• General identification and contact information, including your:
  1. Name
  2. Address
  3. E-mail address
  4. Telephone number(s)
  5. Gender
  6. Marital status
  7. Number of dependents
  8. Date of birth
  9. Place of birth
• Financial information and account details to enable us to process payments to or from you or your agent.
• Recordings of telephone calls to our representatives and call centers operated on our behalf.

We may also collect personal information from employees, prospective employees, service providers and third party contractors.

How do we collect and hold Personal Information?

We collect personal information directly from you, unless it is unreasonable or impractical for us to do so. This information may be collected using various means including in writing, in person, by telephone, by email or through other electronic messages.

We may also collect your personal information from:

• Your agents or brokers
• Third parties who have asked to provide your personal information to us (such as the Claim Central, who manage and administer claims on behalf of IAL)
• Publically available services
• Service providers
• Other insurers or credit check bodies
• Law enforcement or dispute resolution bodies and
• Marketing organisations.

We will only collect your sensitive information with your consent or where required or permitted by law or under the APPs to do so.

We hold your personal information electronically in various internal systems and databases including shared drives, email, document management systems and in hard copy. We maintain physical, electronic, and procedural safeguards to protect the security of personal information from misuse and loss, as well as unauthoriszed access, modification or disclosure. After it is no longer needed or required for applicable legal or regulatory purposes, we dispose of or de-identify personal information.

To what other Organisations do we disclose Personal Information?

We will only disclose your personal information for a purpose for which it was collected, or for a secondary purpose where permitted to do so under the Privacy Act or by law. For example, in providing services to you we may make your personal information available to others including to:

• Contractors or third parties providing services to us related to the administration of insurance policies such as distributors, agents, claims & loss assessors, claims managers, insurance reference bureaus
• Our related bodies corporate
• Banks and financial institutions for the purpose of processing your application and payments to/from you or your broker or agent
• Third party administrators, emergency providers, repairers and suppliers, investigators or
• Governmental authorities, law enforcement agencies and dispute resolution bodies and agencies.

International Disclosure of Personal Information

In some circumstances and for the purposes set out above, we may disclose personal information to parties located in other countries, including countries that have a different data protection regime than is found in Australia. These countries include:

• United States
• India
• New Zealand
• Malaysia
• England
• Philippines
• Germany

Where such disclosure is made, we make all reasonable efforts to ensure that the arrangements we have in place with overseas parties impose appropriate privacy and confidentiality obligations on those parties to ensure that imparted personal information is kept secure and that such information is only used to the purposes noted above.

How do you access and correct your Personal Information?

We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date.

If you wish to access the personal information we may hold about you or if you believe that the personal information we hold about you is not accurate, complete or up-to-date, you have the right to request access to or correction of the information by contacting our Compliance and Privacy Officer (please see the contact details below).

In order to process any request for access or correction of personal information, we may need to obtain a minimum level of information including:

• Full name
• Date of birth and
• Details of the request, including supporting information, evidencing the individual's right to access the data.

If you are seeking access to or correction of information on another person's behalf, we will also require written authorisation from that individual.

We reserve the right to refuse access to personal information under the grounds permitted by the Privacy Act. There is no fee to access or correct your information but there may be a cost charged for providing access to personal information, which reflects the cost of locating and providing the information to you.

How do you make a Complaint or Enquiry about how we handle your Personal Information?

If you believe that we have not complied with an obligation under the Privacy Act in relation to your personal information, you can contact our Compliance and Privacy Officer (details below).

Having contacted our Compliance and Privacy Officer and if you are not satisfied with how we have dealt with your complaint, you may refer the complaint to the Financial Ombudsman Service or to the Office of the Australian Information Commissioner whose details are below:

When is this Policy updated?

This Policy may change from time to time and where this occurs, the updated Policy will be posted on this webpage.

How do you contact us?

Our Compliance and Privacy Officer can be contacted by: