Privacy Policy And Procedures

Privacy Requirements

As AFS Licensees High Street Underwriting Agency Pty Ltd (HSUA) comply with the Privacy Act 1988 (Cth) in our dealings with clients and other people. The Act is designed to protect individuals’ personal information. It does this by using the 13 Australian Privacy Principles (APPs) that describe the manner in which personal information may be collected and used.

 

From 12th March 2014, the Australian privacy principles replaced the 10 National Privacy Principles (NPPs) which applied to small and large businesses.

 

Many of the APPs are similar to the NPPs. The key differences relate to direct marketing, disclosing information overseas and the powers of the Privacy Commissioner in relation to complaints. 

 

Personal information is information or an opinion about an identified individual or someone who is reasonably identifiable. The Privacy Act and the APPs restrict the way in which a person’s personal information can be used by our business.

 

Personal information should only be collected from the individual to whom it relates (unless it is unreasonable or impracticable) and if it is necessary for the functions and services that we provide. It can only be collected by lawful and fair means and not in an unreasonably obtrusive way.

 

Personal information can only be collected from someone other than the individual, if the individual consents to collecting elsewhere, it is required or authorised by law or it unreasonable and impracticable to do so.

 

If we are dealing with unsolicited information, i.e. information supplied to HSUA that was not solicited or requested by us, we must determine whether we could have collected the information anyway and it is necessary for the functions or services that HSUA provides.

 

If it is, the APPs apply as if we had collected the information ourselves. If it is not, we must destroy or de-identify the information as soon as practicable.

 

When personal information is collected, reasonable steps must be taken to ensure that the person from whom it was collected is notified or aware of :

 

  • The identity and contact details of the organisation who collected it and how to contact it;
  • If the organisation collects information from sources other than the individual, or the individual is not aware that the organisation has collected information, the information and circumstances of that collection;
  • The fact that they can obtain access to the information and that our Privacy Policy contains details of how to do this; the fact that they can complain about a breach of the Australian Privacy Principles and that the Privacy Policy contains details of how complaints will be dealt with;
  • The purpose(s) for which the information is collected;
  • The organisations (or types of organisations) to whom the information is usually disclosed;
  • Any law that requires the information to be collected including the name of the law, or details of the court or tribunal order that requires or authorises it; and
  • The main consequences if the information is not collected;
  • Whether the information is likely to be disclosed to someone overseas and if so, the countries in which those recipients are likely to be located if it is practicable to specify this information.

At the time of collecting personal information or any time after that, an individual may elect not to identify themselves or to use a pseudonym. HSUA must accommodate this request unless by law it is necessary for the person to be identified or it is impracticable to deal with individuals who have not been identified or have used a pseudonym.

Personal information should only be used or disclosed for the primary purpose for which it was collected. It can be used or disclosed for secondary purposes where:

 

  • The secondary purpose is related to the primary purpose (it must be directly related, if it is sensitive information) and the individual would reasonably expect the organisation to use or disclose it for the secondary purpose; or
  • The individual has consented to the use or disclosure; or
  • The use or disclosure is required by law; or
  • The personal information is used for direct marketing;
  • The organisation has reason to suspect that unlawful activity has, is or may be engaged in and uses the information as a necessary part of its investigation of the matter or in reporting its concerns to the relevant persons or authorities. This disclosure requires the organisation make a written note of the disclosure.

 

The APPs set out other circumstances in which personal information can be used for secondary purposes.

 

Sensitive personal information

Sensitive personal information is information or opinions about a person’s racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual orientation or practices, criminal record or health information (including biometric and genetic information).

 

Do not collect sensitive information without consent unless the collection is required by law. Otherwise, you must obtain the individual’s consent and the sensitive information must be reasonably necessary for one or more of your activities (e.g. to assist a person to apply for life insurance or to have their claim paid by an insurer).

 

Ensure that you always obtain consent when you collect or disclose sensitive information. In most cases this will occur in the usual course of dealings because the insurer will require it on application forms and in other documents used to collect this information.

 

You may be permitted to use or disclose information in some other unusual circumstances. If you want to use or disclose personal information for any reason other than those described above, check with your Privacy Officer before doing so.

 

Openness

Provide a copy of your detailed Privacy Policy (see sample at the end of this section) to anyone who asks for information about your approach to managing the privacy laws and their personal information. This must be done free of charge and in a form that allows the person who has requested to access it.

 

You can do this by:

Directing clients to the Privacy Policy on HSUA’s website; or

Providing a copy of the Privacy Policy as a word document, printed on letterhead or a .pdf (e.g. Adobe Acrobat) document emailed on request.

Privacy Systems

The APPs require us to manage the personal information of others in an open and transparent way and to take reasonable steps to implement compliance practices for handling personal information that are contained in the APPs.

 

HSUA’s systems for collecting and holding the personal information of our individual clients allows us to demonstrate that we comply with the APPs and equip HSUA to deal with enquiries and complaints about compliance with the APPs.

 

The Australian Privacy Principles contain other requirements regarding:

  • Data quality and security;
  • Provision of access to personal information and the ability to correct it;
  • The use of identifiers;
  • Anonymity and the use of pseudonyms;
  • Trans-border data flows;
  • Treatment of sensitive information.

We are aware of these requirements and have developed policies, systems and procedures to implement them in our operations. Some of these are dealt with in relevant sections of this Manual.

Privacy Officer

We have appointed a Privacy Officer to be responsible for privacy issues.  Our Privacy Officer is familiar with the Privacy Act 1988 (Cth) and the Australian Privacy Principles and OAIC Privacy Guidelines.

Privacy Policy and Statement

We have an up to date and clearly worded Privacy Policy and Statement which documents our company’s approach to privacy issues and details how our company manages the personal information we collect and hold.

 

    Our Privacy Policy includes the following information:

 

  • The kinds of personal information that HSUA collects and holds;
  • How we collect and hold personal information;
  • The purposes for which we collect, hold, use and disclose personal information;
  • How an individual may access the personal information held by HSUA and seek correction of the information;
  • How an individual may complain about a breach of the APPs by HSUA and how we will deal with the complaint;
  • Whether HSUA is likely to disclose personal information to overseas recipients and if information is likely to be disclosed overseas, the countries in which those recipients are located (if practicable to specify this).

Privacy Procedures

We have implemented appropriate procedures and systems to ensure that all personnel who collect and use personal information comply with our Privacy Policy (and thereby the Privacy Act). These are contained in our Staff Policies and Procedures Manual and integrated into the underwriting process.

 

Our claims procedures and systems also ensure that HSUA only ask for and take into account       relevant information when assessing an application for insurance cover.

 

In addition to making staff aware of their privacy obligations, we ensure:

  • A short privacy statement is included in standard documentation; and
  • A copy of our Privacy Policy Statement is on our website and in printed form to be supplied to those who ask for more information.

Website

The terms and conditions of use of HSUA’s website incorporate a description of our privacy and security policy.

Service Providers

Service providers that HSUA contracts with, such as loss adjustors/assessors, investigators, collection agents, claims consultants and claims administrators are made aware of their privacy obligations and the requirement to only collect relevant information from insureds. If their procedures are inadequate to comply, it will be necessary for HSUA to guide them.

Overseas Disclosures

We have implemented reasonable measures to ensure that an overseas recipient of personal information does not breach the APPs except where:

 

  • We have reason to believe that the country in which the recipient locates is regulated by laws to protect the information in substantially the same way as the APPs; and
  • there is a mechanism for the individual to enforce the protection of those laws.

If this is not the case, we will seek express consent from the individual before making any overseas disclosures of the individual’s personal information.

Disclosing personal information on applications for insurance with Lloyd’s of London, or with insurers who operate within the companies market will be permissible because the EU data protection laws provide comprehensive protection for the personal information of insureds which is similar to the APPs and insureds can pursue their consumer rights if there is a failure to comply with those laws.

HSUA’s Privacy Collection Statement

Privacy – We are committed to protecting your privacy. We use the information you provide to us to assist with your insurance needs. We provide your information to insurance underwriters and agents that provide insurance quotes and offer insurance terms to you or the companies that deal with your insurance claim (such as loss assessors and claims administrators). Your information may be given to various underwriters at Lloyd’s if we are seeking insurance terms from them, or to reinsurers who are located overseas. You will be informed where those companies are located at the time any advice is given to you. We also supply your information to the providers of our policy administration and broking systems that help us to deliver our products and services to you.  We do not trade, rent or sell your information.

 

If you don’t provide us with full information, we can’t properly seek insurance terms for you, or assist with claims and you could breach your duty of disclosure.

 

For more information about how to access the personal information we hold about you and how to have the information corrected, and how to complain if you think we have breached the privacy laws, ask us for a copy of our Privacy Policy by telephone to our Privacy Officer on

1800 096 829 or visit our website www.hsua.com.au

HSUA’s Website Privacy Policy Statement

The objective of this policy is to assist us to comply with the Privacy Act 1988 (Cth) in our dealings with insureds and other people. The Act is designed to protect individuals’ personal information. It does this by restricting the ways in which personal information may be used.

 

Complying with the Privacy Act helps us to enhance our client service.

 

The objective of this policy is to assist us to comply with the Privacy Act 1988 (Cth) in our dealings with insureds and other people. The Act is designed to protect individuals’ personal information. It does this by restricting the ways in which personal information may be used.

Complying with the Privacy Act helps us to enhance our client service.

 

At High Street Underwriting Agency Pty Ltd (HSUA) we are committed to protecting your privacy in accordance with the Privacy Act 1998 (Cth) and the Australian Privacy Principles. This Privacy Policy describes our current policies and practices in relation to the collection, handling, use and disclosure of personal information. It also deals with how you can complain about a breach of the privacy laws and how you can access the personal information we hold and how to have that information corrected.

 

What is personal information?

Personal information is information or opinion about an individual whose identity is apparent or can easily be ascertained from the information or opinion.

 

What is sensitive information?

Sensitive personal information is information or opinion about a person’s racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual preferences, criminal record or health, genetic or biometric information.


What information do we collect and how do we use it?

When we arrange insurance on your behalf, we only ask you for the information we need and we only use the information that we collect for the primary purpose(s) for which we collect it. These are:

 

  • Providing quotes for insurance cover (including obtaining risk carrier confirmation where necessary);
  • Issuing insurance policies;
  • Handling claims under insurance policies;
  • Providing information about insurance matters;
  • Dealing with brokers, risk carriers and reinsurers; and
  • Operating our business.

 

This can include a broad range of information ranging from your name, address, contact details, age to other information about your personal affairs including your financial situation, health and wellbeing.

 

Insurers may in turn pass on this information to their reinsurers. Some of these companies are located outside Australia. For example, if we seek insurance terms from an overseas insurer, your personal information may be disclosed to the insurer. If this is likely to happen, we inform you of where the insurer is located, if it is possible to do so.

 

When you make a claim under your policy, we assist you by collecting information about your claim. Sometimes we also need to collect information about you from others.  We provide this information to your insurer (or anyone your insurer has appointed to assist it to consider your claim, e.g. loss adjusters, medical brokers etc.) to enable it to consider your claim. Again this information may be passed on to reinsurers.

 

What if you don’t provide some information to us?

We can only fully arrange your insurance or assist you with a claim, if we have all relevant information. The insurance laws require you to provide us with the information we need in order to be able to decide whether to insure you and on what terms. You have a duty to disclose the information which is relevant to our decision to insure you.

 

When do we disclose your information overseas?

If you ask us to seek insurance terms, we may place your business with various underwriters at Lloyd’s, other entities based in the United Kingdom or an Overseas Insurer located outside Australia. They will require you to disclose information to them to enable them to make a decision about whether to insure you.

 

We will tell you at time of arranging your insurance if the Insurer is overseas and in which country the insurer is located. If the insurer is not regulated by laws which protect your information in a way that is similar to the Privacy Act, we will seek your consent before disclosing your information to that insurer.

 

Disclosing personal information on applications for insurance with various underwriters at Lloyd’s, or with Insurers that operate within the companies’ market, will be permissible because the EU data protection laws provide comprehensive protection for the personal information of insureds which is similar to the APPs and you can pursue your rights if there is a failure to comply with those laws.

 

Australian and overseas insurers acquire reinsurance from reinsurance companies that are located throughout the world, so in some cases your information may be disclosed to them for assessment of risks and in order to provide reinsurance to your insurer. We do not make this disclosure, this made by the insurer (if necessary) for the placement for their reinsurance program.

 

We may also disclose information we collect to the providers of our policy administration and broking systems that help us to provide our products and services to you. These policy administration providers and broking systems may be supported and maintained by various overseas organisations and your information may be disclosed to those organisations. Please note that the Privacy Act and Australian Privacy Principles may not apply to some overseas organisations.

 

How do we hold and protect your information?

We strive to maintain the reliability, accuracy, completeness and currency of the personal information we hold and to protect its privacy and security. We keep personal information only for as long as is reasonably necessary for the purpose for which it was collected or to comply with any applicable legal or ethical reporting or document retention requirements.

 

We hold the information we collect from you in a working file, which when completed is securely stored. We use a professional paper destruction company to destroy unwanted paper. In some cases, your file is archived and sent to an external data storage provider for a period of time. We only use storage providers located in Australia who are also regulated by the Privacy Act.

 

We ensure that your information is safe by protecting it from unauthorised access, modification and disclosure. We maintain physical security over our paper and electronic data and premises, by using locks and security systems. We also maintain computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems where your information is stored.

 

Will we disclose the information we collect to anyone?

We do not sell, trade, or rent your personal information to others.

 

We may need to provide your information to contractors who supply services to us, e.g. to handle mailings on our behalf, external data storage providers or to other companies in the event of a corporate sale, merger, re-organisation, dissolution or similar event. We may also disclose information we collect to the providers of our policy administration and broking systems that help us to provide our products and services to you. However, we will take reasonable measures to ensure that they protect your information as required under the Privacy Act.

 

We may provide your information to others if we are required to do so by law, you consent to the disclosure or under some unusual other circumstances which the Privacy Act permits.

 

How can you check, update or change the information we are holding?

Upon receipt of your written request and enough information to allow us to identify the information, we will disclose to you the personal information we hold about you. We will also correct, amend or delete any personal information that we agree is inaccurate, irrelevant, out of date or incomplete.

 

If you wish to access or correct your personal information, please write to our Privacy Officer at HSUA, PO Box 7174 Brendale Queensland 4500, as he is responsible for all matters to do with privacy.

 

We do not charge for receiving a request for access to personal information or for complying with a correction request. Where the information requested is not a straightforward issue and will involve a considerable amount of time, then a charge will need to be confirmed for responding to the request for the information.

 

In some limited cases, we may need to refuse access to your information, or refuse a request for correction. We will advise you as soon as possible after your request if this is the case and the reasons for our refusal.


What happens if you want to complain?

If you have concerns about whether we have complied with the Privacy Act or this Privacy Policy when collecting or handling your personal information, please write to our Privacy Officer at HSUA PO Box 7174 Brendale, Queensland 4500.

 

Your complaint will be considered by us through our internal complaints resolution process and we will try to respond with a decision within 45 days of you making the complaint.

 

Your consent

By asking us to assist with your insurance needs, you consent to the collection and use of the information you have provided to us for the purposes described above.

 

Website information and content.

The information provided on this website does not cover all aspects of the law on the relevant subject matter. Professional advice should be sought before any action is taken based upon the matters described and discussed on this site.

 

To the extent permitted by law, we make no representations about the suitability of the content of this site for any purpose. All content is provided without any warranty of any kind. We disclaim all warranties and conditions with regard to the content, including but not limited to all implied warranties and conditions of fitness for a particular purpose, title and non-infringement.

 

We will not be liable for any damages or injury caused by, including but not limited to, any failure of performance, error, omission, interruption, defect, delay in operation of transmission, computer virus, or line failure. To the extent permitted by law we will not be liable for any damages or injury, including but not limited to, special or consequential damages that result from the use of, or the inability to use, the materials in this site.

 

We believe the content of this site to be accurate, complete and current; however there are no warranties as to the accuracy, completeness or currency of the content. It is your responsibility to verify any information before relying on it. The content of this site may include technical inaccuracies or typographical errors.

 

We reserve the right to modify the content of this site from time to time.

 

Anonymous data – We use technology to collect anonymous information about the use of our website, for example when you browse our website our service provider logs your server address, the date and time of your visit, the pages and links accessed and the type of browser used. It does not identify you personally and we only use this information for statistical purposes and to improve the content and functionality of our website, to better understand our clients and markets and to improve our services.

 

Cookies – In order to collect this anonymous data, we may use “cookies”.  Cookies are small pieces of information which are sent to your browser and stored on your computer’s hard drive. Sometimes they identify users where the website requires information to be retained from one page to the next. This is purely to increase the functionality of the site. Cookies by themselves cannot be used to discover the identity of the user. Cookies do not damage your computer and you can set your browser to notify you when you receive a cookie so that you can decide if you want to accept it. Once you leave the site, the cookie is destroyed and no personal or other information about you is stored.

 

Forms – Our Website allows visitors to submit information via Self-Service forms (Claim Forms, Employment and Contact request).  The information submitted via the Forms is not encrypted – an option is available for claim forms to be downloaded in PDF format for faxing.  Should you be concerned about confidentiality of the claim information, this would be the recommended method.

 

Information collected via on-line forms is sent to our offices via EMAIL (not encrypted) and is also stored on a database which is accessible by HSUA staff only (password protected).

 

We also use your information to send you requested product information and promotional material and to enable us to manage your ongoing requirements, e.g. renewals, and our relationship with you, e.g. invoicing, client surveys etc.

 

We may occasionally notify you via direct marketing about new services and special offers, events or articles we think will be of interest to you. We may send you regular updates by email or by post on insurance matters. If you would rather not receive this information or do not wish to receive it electronically, email or write to us.

 

We may use your information internally to help us improve our services and help resolve any problems.

 

Tell us what you think

We welcome your questions and comments about privacy. If you have any concerns or complaints, please contact our Privacy Officer on telephone number 1800 096 829.

Join our Online Portal

Everything you need is all in one place.

 

Quote, bind, access wordings, gain support, and much more in our Online Portal.

Get in touch

Have a question or need some help?
Our awesome team is here to help you 24/7.

Have a question or need some help? Our awesome team is here to help you 24/7.

Get in touch

Have a question or need some help?
Our awesome team is here to help you 24/7.