Last Updated: 01/10/2019
At AFA Pty Ltd (AFA) (ABN 83 067 084 333) we are committed to protecting your privacy in accordance with the Privacy Act 1998 (Cth) and the Australian Privacy Principles (APPs).
Personal information is essentially information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not. See the Act for full details.
Sensitive personal information is a subset of personal information and is essentially information or opinion about a person's racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual orientation or practices, criminal record or health, genetic or biometric information or templates.
The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:
Your contact information such as full name (first and last), e-mail address, current postal address, delivery address (if different to postal address) and phone numbers;
Details relating to your employment (if applicable) or your previous employment;
Your date of birth and gender;
Your financial situation;
Information relevant to our insurance products or services;
Other information such as your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to your views on the products and services offered by us; and
Any relevant payment or billing information, (including but not limited to bank account details, direct debit, credit card details, billing address, premium funding and instalment information.
The type of sensitive information we may collect generally includes:
health information; and
membership of a professional or trade association.
We only collect personal information by lawful and fair means and where it is reasonably necessary for, or directly related to, one or more of our functions or activities.
If we collect details about you from someone else, we will, take reasonable steps to make you aware of the collection in accordance with the APPs.
We may obtain personal information indirectly and who it is from can depend on the circumstances. We will usually obtain it from another insured if they arrange a policy which also covers you, related bodies corporate, referrals, insurers, your previous insurers, insurance intermediaries, witnesses in relation to claims, health care workers, publicly available sources, premium funders and persons who we enter into business alliances with.
We attempt to limit the collection and use of sensitive information from you unless we are required to do so in order to carry out the services provided to you. However, we do not collect sensitive information without your consent.
We hold the personal information we collect within our own data storage devices or with a third party provider of data storage. We discuss the protection of your personal information below.
We collect, hold, use and disclose your personal information where it is reasonably necessary for, or directly related to, one or more of our functions or activities, to offer and administer our various products and services or otherwise as permitted by law.
Such purposes include to identify you, responding to enquiries, providing assistance, maintaining and administering our products and services (for example processing requests for quotes, applications for insurance, underwriting and pricing policies, arranging or issuing a policy, managing claims, processing payments); processing survey or questionnaire responses; market research and the collection of general statistical information using common internet technologies such as cookies; providing you with marketing information regarding other products and services (of ours or a third party); quality assurance and training purposes; performing administrative operations (including accounting and risk management) and any other purpose identified at the time of collecting your information.
We do not use or disclose personal information for any purpose that is unrelated to our services and that you would not reasonably expect (except with your consent). We will only use your personal information for the primary purposes for which it was collected or as consented to.
We do not sell, trade, or rent your personal information to others.
We usually disclose personal information to third parties who assist us or are involved in the provision of our services and your personal information is disclosed to them only in connection with the services we provide to you or with your consent. We may also disclose it for direct marketing purposes explained in more detail below.
The third parties include: our related companies and our representatives who provide services for us, our agents or contractors, our insurers, other insurers and reinsurers, your agents, premium funders, other insurance intermediaries, underwriting agents, Lloyd's Regulatory Division, our legal, accounting and other professional advisers, data warehouses and consultants, providers of medical and non-medical assistance and services, translators, investigators, loss assessors and adjusters, credit agencies, credit card providers and other parties we may be able to claim or recover against, your employer (if a corporate policy), anyone either of us appoint to review and handle complaints or disputes, other companies in the event of a corporate sale, merger, re-organisation, dissolution or similar event and our alliance and other business partners and any other parties where permitted or required by law.
We also use personal information to develop, identify and offer products and services that may interest you, conduct market or customer satisfaction research. From time to time we may seek to develop arrangements with other organisations that may be of benefit to you in relation to promotion, administration and use of our respective products and services. See direct marketing explained in more detail further below.
We do not use sensitive information to send you direct marketing communications without your express consent.
If we do propose to disclose or use your personal information other than for the purposes listed above, we will first seek your consent prior to such disclosure or use.
If we give third parties (including their agents, employees and contractors) your personal information, we require them to only use it for the purposes we agreed to.
Your personal information may be disclosed to some of our service providers who are located overseas. Who they are may change from time to time. You can contact us for details. When we send information overseas, in some cases we may not be able to take reasonable steps to ensure they do not breach the Privacy Act and they may not be subject to the same level of protection or obligations that are offered by the Act. By proceeding to acquire our services and products you agree that you cannot seek redress under the Act or against us (to the extent permitted by law) and may not be able to seek redress overseas.
We can only fully arrange your insurance or assist you with a claim, if we have all relevant information. If the required personal information is not provided, we or any involved third parties may not be able to provide appropriate services or products.
You have the option of not identifying yourself or using a pseudonym provided we are not required or authorised by or under an Australian law, or a court/tribunal order to deal with individuals who have identified themselves or it is not impracticable for us to deal with you on this basis.
It will generally be impracticable for you to deal with us anonymously or using a pseudonym if you wish to use our services or have us arrange an insurance or other product for you.
We strive to maintain the reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.
We hold the information we collect from you in a working file, which when completed is securely stored. We use a professional paper destruction company to destroy unwanted paper. In some cases, your file is archived and sent to an external data storage provider for a period of time. We only use storage providers located in Australia who are also regulated by the Privacy Act.
We ensure that your information is safe by protecting it from unauthorised access, modification and disclosure. We maintain physical security over our paper and electronic data and premises, by using locks and security systems. We also maintain computer and network security; for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to computer systems where your information is stored.
We take reasonable steps to ensure that personal information is current, accurate, up-to-date and complete whenever we collect or use or disclose it.
Throughout our dealings with you we will take reasonable steps to confirm the details of your personal information we hold and ask you if there are any changes required.
The accuracy of personal information depends largely on the information you provide to us, so we rely on you to:
let us know if there are any errors in your personal information you become aware of; and
keep us up-to-date with changes to your personal information (such as your name or address).
Upon receipt of your written request and enough information to allow us to identify the information, we will disclose to you the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate, irrelevant, out of date or incomplete.
If you wish to access or correct your personal information, please write to our Privacy Officer at AFA , PO Box R1852 Royal Exchange NSW 1225 or by email to firstname.lastname@example.org, as our Privacy Officer is responsible for all matters to do with privacy.
In most cases we do not charge for receiving a request for access to personal information or for complying with a correction request. Where the information requested is not a straightforward issue and will involve a considerable amount of time, then a charge will need to be confirmed for responding to the request for the information.
In some limited cases, we may need to refuse access to your information, or refuse a request for correction. We will advise you in writing as soon as possible after your request if this is the case and the reasons for our refusal.
Your complaint will be considered by us through our internal complaints resolution process and if practicable we will respond with a decision within 30 days of you making the complaint.
When we make our decision, we will also inform you of your right to take the matter to the Office of the Australian Information Commissioner (OAIC) if you are not satisfied. In addition if you have not received a response from us of any kind to your complaint within 30 days, then you have the right to take the matter to the OAIC (contact details are provided below).
You also have a right in limited circumstances to lodge a complaint with the Australian Financial Complaints Authority (AFCA).
The AFCA can determine a complaint about privacy where the complaint forms part of a wider dispute within the AFCA Terms of Reference between you and us or when the privacy complaint relates to or arises from the collection of a debt. We are bound by AFCA's determinations, provided the dispute falls within the AFAC Terms of Reference. Unless exceptional circumstances apply, you have two years from the date of our letter of decision to make an application to the AFAC for a determination. You can access the AFAC dispute resolution service by contacting them at:
|The Australian Financial Complaints Authority (AFCA)|
|Phone:||1800 931 678|
|Mail:||Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
Anonymous data - We use technology to collect anonymous information about the use of our website, for example when you browse our website our service provider logs your server address, the date and time of your visit, the pages and links accessed and the type of browser used. It does not identify you personally and we only use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our services.
Cookies - In order to collect this anonymous data we may use "cookies". Cookies are small pieces of information which are sent to your browser and stored on your computer's hard drive. Sometimes they identify users where the website requires information to be retained from one page to the next. This is purely to increase the functionality of the site. Cookies by themselves cannot be used to discover the identity of the user. Cookies do not damage your computer and you can set your browser to notify you when you receive a cookie so that you can decide if you want to accept it. Once you leave the site, the cookie is destroyed and no personal or other information about you is stored.
Forms - Our Website may allow visitors to submit information via Self-Service forms (Claim Forms, Employment and Contact request). The information submitted via the Forms is not encrypted - an option is available for claim forms to be downloaded in PDF format for faxing. Should you be concerned about confidentiality of the claim information, this would be the recommended method.
Information collected via on-line forms is sent to our offices via EMAIL (not encrypted) and is also stored on a database which is accessible by AFA staff only (password protected).
We may use your personal information including email address to occasionally notify you via direct marketing about new services and special offers, events or articles (of ours or a third party), we think will be of interest to you. We may also send you regular updates by email or by post on insurance matters. If you would rather not receive this information or do not wish to receive it electronically, email or write to us.
You can also obtain information on privacy issues in Australia on the Office of the Australian Information Commissioner ("OAIC") website at www.oaic.gov.au or by contacting the OAIC by email at email@example.com or by calling on 1300 363 992.