ABOUT THIS POLICY
COLLECTION OF YOUR PERSONAL OR SENSITIVE INFORMATION
At all times we will endeavor to only collect personal or sensitive information we need for a particular activity or function we are undertaking.
Purposes for which we collects, holds, uses and discloses personal or sensitive information
We only collect, hold, use and/or disclose personal or sensitive information which is reasonably necessary to ensure that we are able to provide you with the products and services that are appropriate to your needs, to identify you, to verify billing transactions for security, to contact you about your membership or your account.
When you engage with us, we will outline the purposes for which we will collect, hold, use and disclose your personal or sensitive information.
Kinds of personal information we collect
Due to the nature of the products and services we provide, and the requirements of legislation and regulations, we ask for a range of personal or sensitive information from our clients or individuals.
The majority of the personal information we collect is provided to us through the finance and insurance market, professional services industry, or through our affiliated network of clubs or associations.
The types of personal or sensitive information we may collect can include details such as:
a) Name, home address, work address, telephone numbers, email address and other such contact details;
b) Date of birth and gender;
c) Information in identification documents (e.g. driver’s licence, passport, Medicare card, business name, vehicle registration);
d) Financial information such as credit card details, bank details, purchase history, credit information or reports; or
e) Membership of clubs or associations.
Collection of sensitive information
It may be necessary in some circumstances for us to collect sensitive information about you in order to provide specific services. The types of sensitive information we may collect include information about:
a) Your health;
b) Your medical history; or
c) Your criminal record if applicable.
In the course of performing one of our functions, we may collect personal or sensitive information about you indirectly, including from generally available public sources or from third parties, such as:
(a) Your authorised representatives, agents or brokers;
(b) Your clubs or associations; or
(c) Credit reporting bodies and credit providers.
You have a right to refuse to provide us with your personal or sensitive information or to anonymity or the use of a pseudonym. However, for most of our functions and activities we will need your name and contact information to enable us to provide the services required. If you do refuse to provide such information, or request the use of anonymity or a pseudonym, we may be unable to complete or fulfil the purpose for which such information was collected, including providing you or our clients with the services we were engaged to perform.
Methods of collection
We use a variety of formats for the collection of personal or sensitive and sensitive information. These include:
a) Requiring you to complete an application, profile, questionnaire or other forms;
b) Receipt of emails, letters and other correspondence;
c) Telephone calls;
d) Appointments in person;
e) Publicly available records; or
f) Through use of our Website, such as via contact mailboxes, online inquiry forms, online chat, or through the registration process.
Collection through our website
We use the public website (Website). There are a number of ways that we collect information through the use of our Website. The purpose of collecting information in this way is to improve the experience of users of our Website.
Our Website uses Google Analytics to analyse aggregate user behaviour. Google Analytics is used to collect data relating to your interaction with our Website. The types of data we collect includes:
a) Your devices IP address;
b) Device type, operating system and browser information;
c) Geographical information;
d) Search terms and pages visited;
e) Referring domain; and
f) Date and time the Website was accessed.
Cookies are data files placed onto devices by websites for record-keeping purposes and to enhance the functionality of the user experience on the Website.
Google Analytics uses first party cookies, which are text or data files placed on your computer for the purpose of anonymously identifying your session. These cookies are not used to grant us access to your personally identifiable information. Non-identifiable information (such as the pages you visit) may be tracked.
Most browsers allow you to direct whether cookies are received or not. If you do not wish to have cookies placed on your device, you should set your browser to reject or block all cookies before accessing our Website.
If cookies have not been blocked, you can still direct your browser to delete your cookies, and this data will be erased.
If you submit a form using our Website, it will be stored in secure servers that may be located in several jurisdictions, including Australia, the United Kingdom, the United States of America and some European countries.
Where possible we will collect personal and sensitive information from you directly. We will use our best endeavours to ensure that the collection, holding, use and disclosure of personal or sensitive information by us is only done through lawful and fair means.
We will obtain your consent when reasonably able, relating to the collection, holding, use and disclosure of your personal or sensitive information. However, we are not required to obtain your consent to collect, hold, use or disclose your personal or sensitive information if it is required or authorised by or under an Australian law or a court/tribunal order.
There are also other exceptions to the requirement of obtaining your consent in accordance with the APP’s. If you would like more information on these requirements, please contact our Privacy Officer.
Collection of someone else’s personal or sensitive information
There may be circumstances where we are provided with personal or sensitive information which we did not actively seek. An example may be misdirected mail, or an excess of documents provided to us by you, your authorised representatives, agents, brokers, or clubs. In such situations, our Privacy Officer will make a determination on whether we could have obtained the information lawfully in accordance with the APPs. If the information was not, or could not have been, lawfully obtained it will be destroyed or de-identified.
We will use reasonable endeavours to notify the relevant person, whose information has been mistakenly received, if this situation arises.
DISCLOSURE OF YOUR PERSONAL OR SENSITIVE INFORMATION
Generally, we will not disclose your personal or sensitive information to third parties unless:
a) We have your consent to do so;
b) It is a situation which you would reasonably expect your information to be shared for such a purpose; or
c) The purpose for disclosing the information relates to the primary purpose for which we collected the information.
There are situations in which we may disclose personal or sensitive information, which are detailed below.
Providing the Services
We will only use and disclose the personal or sensitive information we may collect from you to provide you with the services you have requested.
Data Breach Notification
We may be required by law to disclose personal or sensitive information relating to you to the Office of the Australian Information Commissioner in the event of a data breach. This will include information we are obliged to include in a Mandatory Breach Notification System now prescribed under the Privacy Act.
Disclosure of personal or sensitive information overseas
We will take all reasonable steps to ensure that any overseas recipient of any personal or sensitive information conforms with the APP’s in the receipt, handling and use of your personal or sensitive information.
Information relating to use of the Website is disclosed to Google Analytics when you visit our Website. We understand that Google stores information it collects in multiple countries other than Australia.
On collection of your personal or sensitive information, we will use reasonable endeavours to inform you whether it is likely we will disclose the information to any overseas recipient other than recipients within our network and, if so, where those recipients are likely to be located.
Your personal information may be used to send you information or advertisements about products or services which we believe you may be interested in. This may include products or services offered by third parties.
When required, your personal information will only be used or disclosed for the purposes of direct marketing where the information is not sensitive information, has been collected directly from you and there is an easy means to opt out of such marketing (and such an opt out request has not been made by you) in the following circumstances:
a) Where you would expect us to use or disclose the information for direct marketing purposes; or
b) You have consented to the use or disclosure of the information for direct marketing purposes.
There will always be a simple means by which you may easily request not to receive direct marketing communications from us. Alternatively, you can opt-out from receiving such communications at any time by contacting our Privacy Officer.
SMS text reminders
If you have provided us with your mobile telephone number, from time to time we may send you an SMS text reminder regarding your payments.
SMS text reminders will not contain any personal or sensitive information such as your name or contact details. You should ensure you implement appropriate procedures and safeguards to protect your mobile device.
We will never ask you to respond via SMS.
You are able to withdraw from this service at any time by contacting our customer services team on 1300 582 809.
QUALITY OF INFORMATION
Our procedures to ensure the accuracy of the information collected, and that it is up to date, include:
a) Information is generally recorded in a format that is consistent;
b) If information is collected from a third party or from a public document or source, we will endeavour to confirm the accuracy of that information; and
c) Records are updated upon the receipt of new and additional information.
STORAGE AND SECURITY
We hold personal or sensitive information in a combination of secure computer storage facilities and paper based files and takes steps to protect the personal or sensitive information we hold from misuse, loss, interference, unauthorised access, modification or disclosure. We train our employees carefully on handling personal or sensitive information and confidentiality of such information. We conduct regular audits of our processes, to ensure our staff, agents and contractors, are complying with security procedures.
Once we have no purpose for holding your personal or sensitive information, we will take all reasonable steps to destroy or de-identify the information.
ACCESSING AND CORRECTING YOUR PERSONAL OR SENSITIVE INFORMATION
Access to personal or sensitive information
You have the right to access any personal or sensitive information regarding you that we hold and ask that we correct that personal or sensitive information.
We will always ask you to verify your identity before you are given access to your information. If you are unable to verify your identity no access to the information will be given.
This is subject to some limited exceptions, which the Privacy Officer can provide further information on. Such requests should be made in writing to the Privacy Officer. We will acknowledge your request within 14 days and respond to it within a reasonable time.
We may charge a fee only to cover the cost of locating, retrieving, reviewing and copying any material requested.
We will not charge any fee to make the request or for us to give effect to the request. If your request is approved, we will provide you with access to the information in the manner requested if it is reasonable and practicable to do so.
Correction of personal or sensitive information
We will endeavour to ensure that the personal or sensitive information it holds is accurate and up-to-date.
You are able to make a request to correct your personal or sensitive information by contacting our Privacy Officer, or by telephoning or emailing us with your corrected information.
We will always ask you to verify your identity before your information is corrected. If you are unable to verify your identity no correction will be made to the information.
In some limited circumstances your request may be refused or partially refused.
Procedure if your request to access or correct is refused
There may be limited circumstances where your request is refused or partially refused. If this occurs, we will give you a written notice that sets out:
a) The reasons for the refusal, including the reasons why access cannot be granted in an alternative way (except where it would be unreasonable to provide those reasons);
b) How to make a complaint about the refusal; and
c) Any other matter as prescribed by the regulations. If your request to correct your personal or sensitive information is refused you have the option of submitting a statement
associated with your personal or sensitive information. For more information contact our Privacy Officer.
HOW TO MAKE A COMPLAINT
Once we have received your complaint, it will be assessed, and we will determine what action, if any, needs to be taken to address your complaint. Any complaint will be acted upon within a reasonable time, and you will generally receive our response within 30 days.
If you are not satisfied with our response to your complaint, you may contact the Office of the Australian Information Commissioner (OAIC). The OAIC public website is at www.oaic.gov.au.
On request, we may be able to provide you with a copy of the policy in an alternate format. If you have any enquiries or would like to make a request for a copy of the policy, please contact our Privacy Officer (refer to contact details below).
HOW TO CONTACT US
You can contact us through our Privacy Officer by:
Telephone: 1300 582 809
Post: Level 3, Building 7, Botanicca Corporate Park, 570-588 Swan Street, Richmond, Victoria 3121