Purpose of this Policy
This Policy sets out how we collect, disclose, use and store the personal information of our customers and shareholders, together with information on your rights to access and correct that information.
We do not intentionally collect personal information about our customers and shareholders unless the information is reasonably necessary to enable us to provide the relevant products and services and therefore the type of information we collect depends on the reason for its collection. Sections 4 and 6 set this out in detail.
Use & Disclosure
We will use and disclose personal information as is reasonably necessary for us to perform the functions and activities set out in sections 4 and 6 or where you have otherwise consented to the use or disclosure. This will include us disclosing the information to third parties. See sections 5 and 6 for further information.
Storage & Security
We are committed to keeping your personal information secure and will take reasonable precautions to protect it from being accessed, altered or disclosed without authorisation or otherwise misused or interfered with. We will not release this information from our effective control except as permitted by this Policy or by law. Section 10 contains information on storage and security measures.
Subject to the exceptions contained in the Privacy Act, you may access the personal information we hold about you by simply requesting this information from us. Access will usually be provided at no cost to you. Section 11 sets out your rights of access and how to contact us.
We aim to ensure that the personal information we collect, use and disclose is accurate, up to date and complete and will take such steps as are reasonable in the circumstances to correct it where it is not. However, we still rely on you to contact us to update your personal information. Section 12 explains you rights to amend information and how to contact us.
If you have any complaints about our privacy practices, you should first send your complaint in writing to us. If your complaint is not resolved, you may take your complaint to a recognised external dispute resolution scheme or make a complaint to the Office of the Australian Information Commissioner. See section 14 for full details.
This Policy does not apply to the personal information of our current and past employees and those applying for a role with us. That is subject to a separate policy.
By applying for, holding, using or being an interested party to any of our products and services, making a claim, becoming a shareholder, visiting our website or providing us with your personal information, you agree to your personal information being collected, held, used, and disclosed in accordance with this Policy.
2. OUR COMMITMENT
We respect the privacy of our customers and shareholders and each of our businesses are committed to safeguarding any personal information held by us in accordance with our obligations under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (Act).
The APPs set minimum standards for how private sector organisations should collect, use, disclose, secure and provide access to personal information and they are designed to protect the confidentiality of information and the privacy of individuals. You can obtain information on privacy requirements in Australia and view a copy of the APPs by visiting the Office of the Australian Information Commissioner website at www.oaic.gov.au or by email at email@example.com.
We will also handle information about non individuals not subject to the APPs in the ways described in this Policy.
3. FREEDOM INSURANCE GROUP ACTIVITIES
The Freedom Insurance Group operates primarily in the insurance sector and (amongst other activities) we:
- provide financial advice to customers in relation to their insurance and investment needs;
- distribute insurance and investment products (which includes obtaining and then submitting applications on behalf of customers to an insurer); and
- administer life insurance business on behalf of registered life insurers.
In order to undertake these activities, the various entities making up the Freedom Insurance Group must collect, use, disclose and store personal information relating to their customers (including prospective customers) and other persons such as shareholders.
Given that the activities of the various entities differ, so does the type of information they collect and how they use and disclose that information.
Acting on behalf of an Insurer
4. CUSTOMER PERSONAL INFORMATION | COLLECTION
The information that is collected by us often relates to an individual and will typically include the type of information we have referred to in section 16 and will almost always include name, contact details together with records of your interactions with us. We refer to this as “personal information” throughout this Policy.
The type of personal information we collect about our customers and prospective customers depends on the reason for its collection and usually the products and services that you require or obtain). However, we do not intentionally collect personal information unless the information is reasonably necessary to enable us to perform one or more of our functions and activities.
To this end, the purpose for which we collect personal information about our customers includes:
- promoting, selling and distributing our products and services;
- providing financial advice in respect of our customer’s insurance and investment needs;
- providing premium quotes;
- completing, processing and submitting insurance applications;
- maintaining and administrating the products and services obtained by our customers, including responding to enquiries and requests for assistance regarding our products and services, updating policy records and facilitating premium payments;
- facilitating, processing and assessing a claim made under an insurance;
- developing new insurance products and improving our products and services;
- identifying customers in order to protect against fraudulent conduct;
- advising customers (and prospective customers) about products and services that we may offer, arrange or promote, including conducting direct marketing activities (see section 7);
- quality assurance, training and risk management;
- managing our staffing requirements;
- meeting the legal, regulatory and contractual obligations that apply to our businesses; and
- any purpose that is related to these matters that is within an individual's reasonable expectations (given the nature of our business and the types of products and services we provide) or such other purpose notified by us at the time of collecting the personal information.
If you choose not to provide the personal information that we request from time to time, we may not be able to provide you with the products or services you require or otherwise will not be able to provide them to the standard that you, the insurer or a government regulator requires.
Some of the personal information collected by us on an individual is classified under the Privacy Act as “sensitive information”. We will attempt to limit the types of sensitive information we collect and will generally limit it to health or lifestyle related information which is necessary:
- for us to be able to provide financial advice;
- for an Insurer to determine whether they will accept an insurance risk (such as accepting an application for insurance); or
- for claims related purposes.
We do not collect Sensitive Information about you without your consent except where you are a minor (in which case we will obtain the consent of a parent or guardian) or where such collection is required, authorised or permitted by law.
How we collect your information
We will collect personal information directly from you where it is practicable to do so and this may be provided by telephone, in writing, by email, through our website or that of a third party and by such other means that we permit from time to time.
However, depending on the nature of the relationship and the types of interaction we have with you, we may also collect personal information about you from third parties. As a result we may also collect information from such parties as:
- a policyholder or others who are authorised or noted on the policy as having a legal interest in it;
- a parent or guardian where an application or insurance cover relates to a minor;
- anyone authorised to deal with us on your behalf (including family members and a person appointed under a power of attorney);
- our authorised representatives or persons authorised to refer customers to us;
- an Insurer or their service providers (including administrators and claims assessors);
- any other person or organisation that has been authorised by you to provide us with personal information (including any doctor, hospital, clinic or other medical service authorised to provide details about your medical history);
- the Financial Ombudsman Service or any other external dispute resolution body;
- publicly available sources of information; and
- companies within the Freedom Insurance Group.
We may also collect personal information for the purpose of direct marketing from third parties such as data suppliers, data owners, data managers, data brokers, lead generation providers and alliance partners as well as from the completion of online forms, responses to surveys or questionnaires or from publicly available sources of information.
Where we collect personal information directly from an individual, we will at or before the time of collection (or if that is not practicable, as soon as practicable afterwards) take such steps as are reasonable in the circumstances to notify the individual of such matters as required by the APPs.
Where you provide information on another person we rely on you to make them aware of this and how it is to be used and disclosed.
A number of interactive tools or facilities may be available on our websites. If you use any of these we don’t collect your personal information unless otherwise stated. If a tool permits you to save information to recover at a later time, your personal information may be retained on our system but it is not used by us except for purposes of online quoting.
Surveys and Competitions
We may request you to provide personal information through competition and surveys. Participation in these is completely voluntary and if you do participate you have a choice of whether you wish to disclose any personal information. Unless stated otherwise, we use the information collected through these to assess your satisfaction with our products and services and to determine how we may improve these.
Cookies and Website tools
We use common internet technology known as a “cookie” that collects anonymous traffic data. A cookie is a message given to a web browser by a web server which is then stored by the browser in a text file. Each time the browser requests a page from the server this message is sent back and this enables the user's computer server address to be identified as well as the date and time of your visit, the pages viewed and any information downloaded.
We may use the information provided by cookies and IP addresses to analyse trends, administer the site, for research, statistical and marketing purposes and to help us better serve our customers. The information collected is not personal information as no information which personally identifies you will be collected. You can set your browser to notify you before you receive a cookie so you have the chance to accept it and you can also set your browser to turn off cookies.
We reserve the right to use this information to locate an individual where we believe that the individual may have engaged in unlawful activity in connection with our website or where otherwise required by law.
Collection by lawful means
We only collect personal information by lawful means. You may request that we provide the source of your personal information by contacting our Compliance Manager using the contact details set out below. We will provide this information at no charge and within a reasonable period after the request was made. Typically this will be within 7 days unless it is impracticable or unreasonable to do so.
5. CUSTOMER PERSONAL INFORMATION - USE & DISCLOSURE
We will use and disclose personal information as is reasonably necessary for us to perform the functions and activities set out in section 4 or where you have otherwise consented to the use or disclosure. This will include us disclosing the information to third parties such as:
- the provider of a product or service that you have requested, such as an insurer;
- the policy holder, life insured or beneficiary of an insurance product that you are insured under or which you have an interest in;
- any person we or the insurer consider requires access to the personal information in order to process and consider an insurance application, manage or administer your insurance, assess any claim, respond to customer enquiries or resolve any complaint. In respect of accessing insurance applications and claims, this may include a reinsurer, medical practitioners, legal advisers, claims investigators and other professional advisers;
- our service providers, such as any person or entity to whom we outsource tasks, who do something on our behalf or who otherwise assist or advise us in providing or improving our products and services and in the operation of our business. This includes insurers, reinsurers, our referral agents, distribution, sales and marketing service providers, financial institutions (for payment processing) as well as suppliers of market research, telemarketing, broadcasting, mailing house, computer system , data processing, IT support, database management, billing and debt recovery, market research, actuarial and product development services;
- a third party that has an interest in the product or service provided, such as a mortgagee, referral agent, distributor, financial adviser (including the licensed distributor);
- any person that is acting on your behalf or as your representative (including your legal adviser, accountant, financial adviser or insurance broker);
- our professional advisors (including lawyers, accountants and auditors and persons engaged to assist us in the sale of any part of our business or assets);
- companies within the Freedom Insurance Group;
- to any person (including a government or regulatory authority) where the disclosure is:
- within the individual's reasonable expectations given the primary purpose for which the information was collected;
- for legal, taxation, risk management or compliance reasons;
- required by a statutory, regulatory or ombudsman authority; or
- required, authorised or permitted by law.
We will never sell, rent or trade our customer’s personal information to third parties.
6. SHAREHOLDER INFORMATION
We collect information about our shareholders and this may include personal information. We will collect information as is reasonably required to manage and administer your shareholding and to meet our legal and regulatory requirements. More specifically, this includes collecting information for the purpose of:
- operating our share registry;
- maintaining our share register as required by the Corporations Act;
- communicating with our shareholders and verifying their identity;
- enabling our shareholders to exercise their rights as a shareholder;
- enabling us to make dividend and other payments to shareholders; and
- meeting our legal and regulatory obligations, including those under the ASX Listing rules and taxation laws.
We will usually collect personal information directly from the shareholder (or a person acting on their behalf or with their authority).
Unless you consent to any other use or disclosure, we will only use and disclose your information as is reasonably required to manage and administer your shareholding and to meet our legal and regulatory requirements and this includes using and disclosing information to:
- our share registry providing shareholder services;
- the ASX as required under law or the ASX listing rules;
- a third party, such as a mailing house that carries out activities on our behalf;
- any person where disclosure is required by law or is requested by a statutory or regulatory authority;
- any person providing professional advice or services to us (for example, lawyers, accountants, lead managers and corporate adviser);
- anyone wishing to inspect our share register as permitted by the Corporations Act;
- the Australian Tax Office and such other persons where disclosure is required in order to meet Australian taxation law obligations;
- any person that you have authorised us to disclose information, such as your authorised agent, stockbroker, accountant or family member;
- investors and potential investors; and
- such other person as required or permitted by law.
We will not knowingly disclose information for purposes other than those we consider to be in the best interests of the shareholder. We will never sell, rent or trade our shareholder’s personal information to third parties.
Information on a shareholder that is contained in the share register will continue to be included in the register for a minimum of 7 years after ceasing to be a shareholder.
7. PERSONAL INFORMATION - DIRECT MARKETING
We may use your personal information (other than sensitive information) to inform you about any products and services offered, arranged, issued or promoted by us or our alliance partners. This may be undertaken by direct marketing (including but not limited to a direct mail campaign undertaken by post, email, telemarketing or social media). In order to do this we may disclose your personal information on a confidential basis to a licensed distributor of our choosing.
We will only use or disclose sensitive information for the purpose of direct marketing if you have consented to its use or disclosure for that purpose.
You may request not to receive further direct marketing communications from us by simply contacting our Compliance Manager using the contact details set out below. We will action this request at no charge to you and within a reasonable time after the request is made. This will typically be within 7 days and following this you will no longer receive these communications.
We will not use the personal information of our shareholders for direct marketing purposes.
8. OVERSEAS DISCLOSURE
We are unlikely to disclose personal information to other parties outside of Australia but we may do so where we are required, authorised or permitted by law. If we are to disclose any personal information to overseas recipients we will take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs (excluding APP 1).
9. GOVERNMENT RELATED IDENTIFIERS
We generally do not collect any government related identifiers other than where required to meet the requirements of the law (such as for tax purposes when we pay a dividend). If we do collect any government related identifiers, we only would only use or disclose such identifiers if it is reasonably necessary for the purposes of our activities or functions, or as otherwise required, authorised or permitted by law.
10. STORAGE AND SECURITY
We store personal information collected by us for the purposes of enabling us to use and disclose it in accordance with this Policy.
We will store the personal information both at our premises and with our service providers and in different formats, including hardcopy and electronic form. This includes storing the information on our server, hardware and software, on cloud programs used for storage, file sharing and transfer systems, customer relationship management, document management, webhosting, email and similar or related storage systems. We will properly manage all personal information collected by us and will not release this information from our effective control, except as otherwise permitted by this Policy or by law.
We are committed to keeping your personal information secure and will take reasonable precautions to protect it from being accessed, modified or disclosed without authorisation or otherwise misused, interfered with or lost. This may include:
- restricting access to our premises;
- restricting access to personal information to our employees and service providers on a 'need to know' basis;
- maintaining computer and network security such as user identifiers, firewalls, passwords and encryption to control access to computer systems and files which contain personal information;
- backing up personal information on a regular basis;
- requiring our suppliers, representatives, service providers and any other third party that have access to personal information to maintain appropriate security standards and to ensure that the information will only be used for the purpose that it has been provided;
- entering into agreements with employees, suppliers and any other third parties that have access to the personal information that requires them to comply with our privacy requirements; and
- maintaining data storage security policies and providing privacy training to our staff.
Despite these precautions we do not accept responsibility for the unauthorised use or disclosure of personal information by a third party. Nor can we guarantee the security of all data transmissions containing personal information, particularly where this is done over the internet given the nature of the service.
Destruction of Information
We will take such steps as are reasonable in the circumstances to destroy or de-identify personal information when it is no longer reasonably required by us for any purpose for which it may be used or disclosed in accordance with this Policy and the APPs. This includes:
- removing all personal information from online file sharing and managed file transfer services within a reasonable time after it has been uploaded to such services; and
- requiring suppliers to return, destroy or de-identify personal information after it has been used.
Without limiting the circumstances where we can continue to hold personal information, we will retain personal information for as long as it is required to service an insurance policy or continue to provide any products and services requested by you and such period thereafter as required, authorised or as permitted under the law or for legal, taxation, compliance and contractual reasons.
You may access the personal information we hold about you by requesting this information from us. Access will generally be provided subject to the exceptions contained in the Privacy Act (including those in the APPs). For example, we may decline the request for access where:
- the information may have an unreasonable impact on the privacy of others;
- the request is frivolous or vexatious;
- the information relates to existing or anticipated legal proceedings; or
- the information would reveal our intentions in relation to negotiations in such a way as to prejudice those negotiations.
- Where we decline to provide you with access to your personal information we will provide reasons for the decision.
Requests and Cost
You can request access to your personal information by simply contacting our Compliance Manager using the contact details set out below. We will respond to this request within a reasonable period after receipt and this will typically be within 7 days. Where access is requested to large amounts of information, complex information or information that has to be retrieved from archives, it may take longer than normal to meet your request.
Usually you will be provided with access to your personal information at no cost but we reserve the right to charge a fee for searching, retrieving, compiling and providing the information requested (although that will generally not exceed a charge for our reasonable costs of meeting your request).
In all cases you will be asked to verify who you are before your personal information is provided and in some cases we may require you to place your request in writing.
12. DATA QUALITY AND CORRECTIONS
We aim to ensure that the personal information we collect, use and/or disclose is accurate, up to date and complete. Whilst during the course of your relationship with us we may ask you to inform us of any changes to your personal information, it is your responsibility to contact us to update your personal information should your circumstances change.
We will take such steps as are reasonable in the circumstances to correct information that is not accurate, up to date or complete having regarding to the purpose for which it is held. This may involve us verifying or updating personal information obtained from sources lawfully available to us.
If we correct personal information and we have previously disclosed that personal information to another entity, you may request that we notify that entity of the correction. We will take such steps as are reasonable in the circumstances to give that notification unless it is impracticable or unlawful to do so.
Requests to Correct Information
You may request that we update or correct your personal information (in addition to information about a life insured or beneficiary in relation to an insurance policy held by you) by simply contacting our Compliance Manager using the contact details set out below.
We will attend to this request within a reasonable period after receipt, typically no later than 7 days. You will be asked to verify who you are before your personal information is corrected and in some cases we may require you to place your request in writing.
Where we choose not to correct your personal information we will provide reasons for the decision.
Where appropriate and practicable, we will provide an individual with the option to not identify themselves or to use a pseudonym. This will include permitting an individual to make general enquiries about our products and services and to use the websites of our various businesses without identifying themselves. An individual also has the option of remaining anonymous when giving us feedback on any matter.
If you have any complaints about our privacy practices (including a possible breach of this policy or the apps), you should first send your complaint in writing to our compliance manager at the email or postal address set out below. We will respond to your complaint within a reasonable period after the complaint is received and typically this will be within 7 days. If the complaint is not resolved to your satisfaction, you may request in writing to have the matter reviewed by a senior staff member who will respond no later than 21 days after receipt of your request.
If your complaint is still not resolved or we have not responded within these timeframes, you may take your complaint to a recognised external dispute resolution scheme. We will tell you of any external dispute resolution scheme which may be available to you upon request. You are also entitled under the privacy act to make a complaint to the office of the Australian information commissioner.
This Policy is current as at the date set out below. We will review this Policy from time to time and may update it order to take account of such matters as new laws and technology, changes to our operations and practices and the changing business environment.
15. DEFINITIONS AND INTERPRETATION
“personal information” is defined in the Privacy Act and for our purposes will typically include identification and contact details such as an individual's name, address, telephone/mobile number and email address, bank account or credit card details, age, date of birth, gender, income, residency, information specific to a particular product, details of your interactions with us and responses to surveys and questionnaires. It may also include details of other insurances held, financial position, needs and objectives, details of insurance claims, relationships with entities affiliated with us as well as sensitive information such as health and lifestyle information.
“us”, “our” or “we” means the entities making up the Freedom Insurance Group of companies being Freedom Insurance Group Pty Ltd (ACN 608 717 728) and its wholly owned subsidiaries. This includes:
- Insurance Network Services Australia Pty Ltd (ABN 51 137 632 770)
- Freedom Insurance Pty Ltd (ABN 80 138 864 543)
- Freedom Insurance Administration Pty Ltd (ABN 98 164 880 193)
- Customer Contact Pty Ltd (ABN 18 165 981 466)
- Freedom Insurance Investments Pty Ltd (ACN 164 463 987)
- Finwealth Holdings Pty Ltd (ACN 146 033 865)
- Spectrum Wealth Advisers (ABN 57 134 661 706)
“you” and “your” refers to our customers, prospective customers, users of our website and shareholders (as appropriate).
16. CONTACTING US
If you have any questions in relation to privacy matters (including this Policy), please contact us at:
Post: GPO Box 3553, Sydney NSW 2001
Phone: 1300 88 44 88
Please address all correspondence to the “Compliance Manager”.
17. DATE OF THIS POLICY
This Policy is current as at 17 June 2016.