Glossary of Definitions
‘our’, ‘us’ and ‘we’ refers to Hollard Commercial Insurance Pty Ltd, ABN 86 603 039 023 (Hollard Commercial), of Level 5, 100 Mount Street, North Sydney, NSW, 2060, Australia, and its Related Companies.
‘Personal Information’ is information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not.
‘Privacy Act’ refers to the Privacy Act 1988 (Cth)
‘Related Companies’ has the same meaning as related bodies corporate and the meaning in section 50 of the Corporations Act 2001 (Cth).
‘Sensitive Information’ is a subset of Personal Information and is defined as:
a. information or an opinion about an individual’s:
i. racial or ethnic origin; or
ii. political opinions; or
iii. membership of a political association; or
iv. religious beliefs or affiliations; or
v. philosophical beliefs; or
vi. membership of a professional or trade association; or
vii. membership of a trade union; or
viii. sexual orientation or practices; or
ix. criminal record; or
b. health information about an individual; or
c. genetic information about an individual that is not otherwise health information; or
d. biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
e. biometric templates.
‘you’ and ‘your’ refer to our customers and prospective customers. It also refers generally to users of our websites as well as a person sharing their information with us, such as a job applicant, a third party or an agent acting on your behalf.
We recognise that your privacy is very important to you and we are committed to ensuring the privacy of your Personal Information in accordance with the Privacy Act and the Australian Privacy Principles.
Where required by law, we will provide you with privacy information (in the form of a privacy collection notice) which may be specific to the products or services you want to obtain from us.
This policy may change from time to time and all changes will be posted on our websites so please check it periodically. Alternatively, you can contact us on the details below and request a copy of our most recent policy. Whenever using our websites you should read this policy in conjunction with our privacy collection notice and the
What kinds of Personal Information do we collect
The kinds of Personal Information we collect and hold depends on the nature of our interactions and relationship with you. We collect Personal Information about insurance customers, our employees and contractors (including candidates that apply for a role with us) and contact details of persons from our business partners, suppliers and service providers. Typically, the kinds of Personal Information that we collect and hold may include:
- if you register for an account on our website — your name, contact details (address, phone and fax number,
email address), date of birth, gender and payment details;
- if you apply for or purchase our products or services — your name, contact details (address, phone and
fax number, email address), date of birth, gender, payment details and proof of identity (e.g. driver’s license
or otherwise). We may also collect information that is specific to a particular product, such as your car
registration for car insurance;
- if you apply for a job with us — your name, contact details (address, phone and fax number, email address),
date of birth, gender, education and employment history, resume and references, background and police
checks. If you are subsequently employed, we may also collect financial details such as your tax file number
and bank account details;
- proof of identity information such as your driver licence or other similar identity information;
- information regarding your preferences regarding our products and services;
- details regarding the transactions you undertake in respect of our business;
- other information necessary to provide you with information regarding our products or services or undertake
any transactions or dealings with you.
We also collect information from visitors to our websites or users of our other online services that relates to your use, including the referring URL, your IP address, the time and date of your visit to our website, which browser you used to come to the website, the country, state or province, the pages of our website that you viewed during your visit and any search terms entered on our website.
We may also collect other kinds of Personal Information as permitted or required by law or other kinds of Personal Information that we notify you of at or about the time of collection.
The kinds of Sensitive Information we may collect generally include the following (where it is relevant to underwriting an insurance policy or dealing with, managing, or processing a claim):
- criminal record;
- health information;
- vaccination status and evidence thereof (such as vaccination certificates or immunisation history; or evidence
to support a vaccination exemption);
- sexual practices; and
- membership of a professional or trade association or trade union.
If we do need to collect Sensitive Information about you, we will only do so with your consent or where we are required to do so by law.
By uploading or otherwise providing your vaccination information, you agree you are consenting to the collection of this information for the purpose of us preventing and managing the risk of COVID-19 transmission, analysis for claims or our insurance products, and to ensure compliance with public health directions that apply to us from
time to time.
Anonymity and Pseudonymity
You may be able to deal with us without identifying yourself (i.e. anonymously or using a pseudonym) in certain circumstances, such as when making a general inquiry relating to the products and services we offer. If you wish to do so, please contact us using the details below to find out if this is practicable in your circumstances.
However, if you do not provide your Personal Information and other information that we need, we or any of our third-party service providers may not be able to provide you with our products or services such as processing your application for insurance, your claim or any payment due to you, or to otherwise address your enquiry or
application. It may also prevent us from maintaining or administering your policy or the provision of information regarding our products or services or those of any third party.
How we collect your Personal Information
We collect your Personal Information directly from you in person, in writing, over the telephone, through our online services (including any virtual online assistant and any online chat functions), and/or by email and messaging. Regardless of how collected, we will handle all of the Personal Information in accordance with this policy.
Unless it is unreasonable or impracticable for us to do so, we collect your Personal Information directly from you. There may, however, be occasions where we collect your Personal Information from someone else.
Collection of your Personal Information may include us collecting from:
- your agents or representatives: for example your insurance broker, your legal advisors, or your family member who applies for a policy that covers you or is instructed by you to deal with us;
- policy holders or others who are authorised or noted on the policy as having a legal interest in it, including where you are an insured person under the policy but not the policy holder or another insured where the policy is issued in joint names;
- third parties who you have asked to provide your Personal Information to us, including your referees, your insurer or a financier with an interest in your insured property;
- our Related Companies;
- our agents, authorised representatives, distributors and referrers;
- our service providers (which may also include overseas service providers);
- other insurers and reinsurers;
- Insurance References Service (IRS) or other insurance reference bureau service by accessing the IRS database;
- people who are involved in a claim or assist us in assessing, investigating, processing or settling claims, including another party involved in the claim or third parties claiming under your policy, your travel consultant/agent, travel service providers, airlines, hotels, providers of transportation, providers of medical and nonmedical assistance and services, your employer;
- statutory authorities or government departments, for example, law enforcement;
- external dispute resolution bodies, for example, the Australian Financial Complaints Authority;
- third party recruitment agencies and service providers, background or police checks, LinkedIn, other third parties you have authorised to deal with us, and from referees you have given us permission to contact;
- our legal or other advisers;
- social media and other virtual communities and networks where people create, share or exchange information;
- clubs, associations, member loyalty or rewards program providers and other relevant organisations;
- publicly available sources of information such as the internet and telephone directories;
- data partners, analytic consultants and other similar organisations;
- agents or subcontractors of any of the above third parties;
- any other organisation or person where you have consented to them providing your Personal Information to us or consented to us obtaining your Personal Information from them.
A number of interactive tools or facilities may be available on our websites. If you use any of these tools or facilities, we generally do not collect your personal information unless a particular tool permits you to suspend or save information and recover those details at a later time. In these circumstances, your personal information may be retained on our systems but is not processed or used by us except that it may be used for the purposes of online quoting and subsequent follow up.
Our purposes for collecting, holding and using your Personal Information
We collect, hold and use your personal information to provide, offer and administer our various products and services, manage our business, or otherwise as permitted by law. Such purposes include:
- responding to your enquiries or providing you with assistance you request of us;
- providing and administering our products and services as part of managing and dealing with our business (for example processing requests for quotes, applications for insurance, underwriting and pricing policies, issuing, renewing or amending your policy, managing and assessing claims made under or against your policy,
processing claims or payments, processing third party authority arrangements, and seeking recoveries;
- maintaining or administering your policy;
- dealing with our business partners and contacts, agents and third-party service providers;
- dealing with complaints and enquiries;
- managing, administering and facilitating our ordinary business operations (including administrative, general business reporting, modelling and analysis, IT services, accounting, risk management, recruitment, record keeping, and organising corporate events);
- assisting with quality assurance, audit and training purposes;
- maintaining and improving our products and services, our customer service practices and our internal business processes;
- conducting events, competitions or surveys;
- contacting you to obtain feedback regarding products or services, or to conduct other market research;
- collecting of general statistical information using common internet technologies such as cookies;
- providing you with marketing information regarding other products and services (of ours or a third party); See the section titled “Direct Marketing” below for more details;
- supporting our response to COVID-19, including managing transmission risk and complying with public health directions (as applicable) from time to time;
- complying with, and assisting our Related Companies, agents, business partners, distributors and insurance advisers in complying with, any applicable law, code (including the General Insurance Code of Practice) or regulation, and complying with any requests from courts, government departments, law enforcement agencies
and regulators (including but not limited to APRA and ASIC);
- other purposes notified to you by way of a privacy collection notice at the time we collect your Personal Information;
- complying with our obligations under any applicable law.
Your Personal Information will also be used by us to consider your applications for employment (if applicable) and manage the recruitment processes. If you are not successful in obtaining a position with us, we will retain your application and Personal Information in order to contact you if a suitable position becomes available in the future.
We will only collect ‘Sensitive Information’ where it is relevant to underwriting an insurance policy or dealing with, managing, or processing a claim. We may use or disclose it by giving it to Related Companies and our appointed third parties for research and analysis and to design, test or underwrite new insurance products or features. Your sensitive information will only be used or disclosed for the purposes set out in this policy unless we have your permission.
We may combine or link personal information we already hold about you to other personal information we collect about you.
Disclosure of your Personal Information
We may disclose your Personal Information to others for the purposes specified in the section above. This may involve disclosure to:
- a joint insured on your policy or any other person listed on your policy;
- to an insurance broker or agent acting on your behalf or who you have designated to act on your behalf;
- our Related Companies;
- our agents, authorised representatives, distributors and referrers;
- our third-party service providers (including recovery agents, media publishers, lawyers, suppliers, mailing houses, marketing agencies, market researchers, IT experts and infrastructure providers, analytics service providers, physical and electronic storage providers and payment service providers) and professional advisers
and consultants (including accountants, lawyers, auditors);
- insurers, reinsurers, other insurance intermediaries and industry bodies;
- Insurance Reference Service, a member-based organisation supporting Australian general insurance company members with understanding policy holder claims history, for the purpose of supporting claims management, claims investigation, loss assessment, fraud detection and risk underwriting;
- courts, law enforcement agencies, regulators and other government departments;
- complaint and dispute resolution bodies (including but not limited to the Australian Financial Complaints Authority);
- in the case of claims, loss adjustors and assessors, repairers and suppliers, investigators and recovery agents, your travel consultant/agent, travel service providers, airlines, hotels, providers of transportation, providers of medical and non-medical assistance and services; your employer, another party involved in a claim;
- where a third party acquires, or considers acquiring, an interest in us;
- third party recruitment agencies and service providers, background or police checks, LinkedIn, other third parties you have authorised to deal with us, and to referees you have given us permission to contact;
- other parties set out in our privacy collection notice;
- other parties where you have provided consent;
- the agent and contractors of any of the third parties above;
- and/orother parties as required by law.
We may also disclose your vaccination information to third parties only to the extent necessary for the purposes outlined in this policy, including to government departments, their agents, and service providers engaged by us to perform legitimate functions on our behalf regarding managing or responding to COVID-19 risks.
Third parties are prohibited from using your Personal Information for purposes other than those for which it is supplied.
Disclosure of Personal Information overseas
Your Personal Information may also be disclosed to our overseas Related Companies or our third-party service providers which are located in one or more of the following countries: New Zealand, Germany, Singapore, United States of America, South Africa, Sweden and United Kingdom. Providers may change from time to time and we
may need to disclose Personal Information to other countries not listed. If we intend to disclose your Personal Information overseas other than to our Related Companies that are located overseas, we will inform you of this via a privacy collection statement.
We aim to protect your Personal Information by taking reasonable steps to ensure:
a. that the overseas service provider is subject to similar laws or binding scheme that has similar protections in relation to privacy and mechanisms can be accessed by you to enforce that protection of the law or binding scheme; or
Related Companies and unrelated third parties to whom your Personal Information is disclosed are required to keep the information confidential and only use it for the same purposes as we are permitted to use it.
In addition to the purposes outlined in above, we may use and disclose your Personal Information in order to inform you of events, products or services that may be of interest to you. This may include us disclosing your Personal Information to our Related Companies or other entities with which we have a commercial relationship or arrangement for the purpose of the other entity contacting you to provide information about the products and services we or our distributors, referrers, agents, business partners, affiliates and any proposed new or incoming insurer may offer. If you do not wish to receive such communications, you can opt-out by contacting us via
Third party marketing service providers may combine the Personal Information we disclose to them with information they already hold about you in order to provide you with more relevant advertising about our or their products and services.
We will never sell, rent or trade Your Personal Information.
Cookies and our collection of information through our website
When you visit our websites or other online services, we will generally leave a “Cookie” in the memory of your web browser. The website or other online service may only function properly if Cookies are enabled. We may use a cookie that collects anonymous traffic data. A cookie is a message given to a web browser by a web server
which is then stored by the browser in a text file. Cookies are very small files that store information about your visit to and use of a website. Each time the browser requests a page from the server this message is sent back which enables the user’s computer address (IP address) to be identified. Our websites and online services may
We may use the information provided by cookies and IP addresses to analyse trends, administer the site, or for research and marketing purposes to help us improve our product and service offerings. You may get Cookies from our advertisers. We cannot pre-screen these Cookies since they come directly to you from other sites. You can
set your browser to notify you before you receive a cookie so you have the chance to accept it and can set your browser to turn off cookies. However by doing that, your access to our websites may be compromised or limited.
How do we hold your Personal Information?
We may hold your Personal Information in a number of ways, including:
- in our secure computer systems or databases, which may involve storing data on storage or computer systems provided by third party suppliers;
- in paper records; or
- in telephone recordings.
Where it has been collected from our or your agent, or our service providers, they may also hold copies of your Personal Information.
Security of your Personal Information
We take steps which are reasonable in the circumstances to ensure that the Personal Information we hold is protected from misuse, interference and loss and from unauthorised access, modification or disclosure. This includes:
- physically securing external and internal premises;
- maintaining computer and network security (such as user identifiers and passwords) to control access to
- restricting access to your personal information to employees or those who perform services on our behalf who are authorised to handle your Personal Information and on a ‘need to know’ basis;
- entering into confidentiality agreements with relevant employees and third parties;
- appropriate training of staff;
- retaining your personal information for no longer than it is reasonably required to service a policy or continue to provide any products and services to you, unless we are required by law or any contractual obligation to retainnit for longer; and
- taking reasonable steps to destroy or de-identify Personal Information that we no longer require or which was unsolicited and we identify that we would not have otherwise collected it from you (unless we are otherwise required or authorised by law to retain the information).
Where you have an online account with us, you are responsible for maintaining the confidentiality of your login credentials.
How you can access your Personal Information held by us
You have the right to access Personal Information we hold about you, subject to any legal restrictions or exemptions, if you request access to it. To request access to your personal information, please contact us at the details below.
We will respond to your request for access within a reasonable time.
We will give access in the manner you request, where it is reasonable and practicable to do so. Where we cannot give access in the manner requested, we may instead give you access in another way, including access through a mutually agreed intermediary where appropriate. There may be some cost to you to cover the cost of retrieving and processing the information. We may also require you to formally prove that you are the individual to whom we hold the Personal Information on.
We may, however, refuse your request to access your Personal Information if, in our view, we are legally permitted to do so. If we refuse your access to your Personal Information, or do not provide it in the manner requested by you, we will provide you with written notice setting out the reasons for the refusal except to the extent that
it would be unreasonable in the circumstances to do so, within a reasonable time. We will also tell you how to complain about our refusal to give access.
How you can seek correction of your Personal Information held by us
We take reasonable steps to ensure that the Personal Information we collect, use or disclose is accurate, up to date and complete. We understand that, from time to time, your personal or other circumstances may render this information out of date (e.g. changes to name or other details perhaps as a result of marriage or gender
transition or another event).
You have a right to request correction of Personal Information that we hold about you. If you believe that the Personal Information, we hold about you is not correct, please let us know:
a. where you have an online account with us, you can update your Personal Information by logging into your account and editing your profile; or
b. by email firstname.lastname@example.org; or
c. by phone 1300 306 226
We will respond to your request within a reasonable period after your request is made. Where we agree that the information is not correct, we will take such steps (if any) that are reasonable in the circumstances, having regard to the purpose for which Personal Information is held, to correct the Personal Information.
If we do not correct the Personal Information we hold about you after your request, we will tell you why, except to the extent that it would be unreasonable in the circumstances to do so. We will also tell you how to complain about our refusal to correct your information.
If we do not correct the requested Personal Information that you ask us to correct, you may ask us to take steps which are reasonable in the circumstances to associate a statement in our records that you consider the information is not correct in such a way that will make the statement apparent to users of that Personal Information. We will respond to this request within a reasonable period after your request is made.
We will not charge you for making a request to correct your Personal Information, for correcting the information or for associating a statement with the information.
How to make a complaint
If you wish to make a complaint about how we have handled your Personal Information, you can lodge a complaint in writing by contacting us using the contact details below.
At all times, privacy complaints will:
- be treated seriously;
- be dealt with promptly;
- be dealt with in a confidential manner; and
- not affect your existing obligations or affect the commercial arrangements between you and us.
We will endeavour to resolve your complaint within 30 days.
Please ensure that you provide us with sufficient details of your complaint. We will promptly acknowledge your concern, investigate it and respond to you. If we need further information about your concern, we will contact you.
If you are not satisfied with how we handled your complaint or have not received a response within 30 days, you may raise your concern with the Office of the Australian Information Commissioner. You can contact the Office of the Australian Information Commissioner as follows:
By phone: 1300 363 992
By using the Privacy Complaint Form of the Office of the Australian Information Commissioner Website: www.oaic.gov.au
By mail: See the Office of the Australian Information Commissioner website for e-mail and postal details
How to contact us about privacy
By phone: 1300 306 226
By email: email@example.com
By mail: Locked Bag 2010, St Leonards NSW 1590
Upated: 05 JULY 2022