ABOUT THIS POLICY
WHY WE COLLECT, HOLD, USE AND DISCLOSE YOUR PERSONAL INFORMATION
We collect, hold, use and disclose personal information so that we can perform our business activities and functions and to provide customer services. Our business activities include providing insurance and risk services such as arranging insurance policies and advising on insurance and reinsurance options, managing claims or consulting on other risks for our clients.
We will collect, hold, use and disclose your information for the purpose it was provided to us, related purposes or as permitted by law. Such purposes include:
- approaching the insurance/reinsurance market;
- placing insurance,
- claims handling,
- risk management;
- premium funding;
- providing services to you, arranging products for you and to send communications requested by you;
- answering enquiries and providing information or advice about existing and new products or services;
- providing you with access to protected areas of our website;
- for market research so that we can better understand your needs and tailor our future services accordingly;
- providing you with marketing information regarding other products and services (of ours or a third party) which we believe may be of interest to you;
- updating our records and keeping your contact details up to date;
- quality assurance, auditing and training purposes;
- processing and responding to any complaint made by you;
- to conduct administration and business processing functions including providing personal information to our associated entities, contractors, service providers or other third parties;
- facilitating our business operations such as managing our IT infrastructures, databases, websites and for statistical and maintenance purposes; and
- complying with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country (where relevant).
If you want to deal with us while not identifying yourself (i.e. anonymously or by using a pseudonym), we will allow you to do this where it is practicable (for example when you make a general inquiry of us). Please tell us if you wish to do this and we will indicate whether, given the nature of the transaction, it is practicable.
It is important to note that many of the products we arrange or services we provide require us to either obtain personal information or to identify the individuals we are dealing with. If you decide not to provide us with the information required we may not be able to provide a service or arrange a product, or provide you with information about a service or product that you may want (including information about discounts) or we may be unable to tailor the content of our websites to your preferences and your experience of our website may not be as enjoyable or useful.
THE PERSONAL INFORMATION WE COLLECT & HOLD
We may also collect and hold your sensitive information where you have provided us with consent to do so and/or other requirements of the Act have been met. Sensitive information includes information or an opinion about an individual’s racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional trade or association, membership of a trade union, sexual orientation or practices, criminal record, health information, genetic information or biometric information.
The personal information we collect from you directly, or from a third party such as your employer, your insurer, or the policyholder of a group insurance policy under which you are an insured, other individuals (such as a co-insured) or other representative authorised by you may include but is not limited to:
- your name;
- your address;
- your date of birth;
- your gender;
- other contact details such as your phone number, fax and email;
- your occupation;
- your salary;
- relevant financial information;
- claims history, driving history, details of insurance policies you hold or have held, health, medical or lifestyle information relevant to arranging an insurance product or providing another service;
- financial institution account details like your credit card or bank account number if the product or service is being paid for in this way or we are making a payment to you;
- your employment history and other information collected during the recruitment process; and/or
- any other information you provide to us directly or indirectly through a website or via a representative.
HOW WE COLLECT YOUR PERSONAL INFORMATION
We may collect information about you in various ways, including:
- over the telephone;
- in person;
- over the internet, including via our website, online forms and surveys, email or cookies; and
- in writing, including via hard copy forms.
Where we receive unsolicited personal information, we will determine whether we would have been permitted to collect the information. If so we will ensure that any relevant APPs will apply to that information. If the information could not have been solicited by us, and the information is not contained in a Commonwealth record, we will destroy or de-identify that information as soon as practicable, but only if it is lawful and reasonable to do so.
Information Collected by Automated Means on Websites
We use various tools to enhance our website user experience and track users of our websites, including cookies and web beacons. Cookies are small pieces of text that a website places on your computer to help remember information about your visit. Web beacons are tiny graphics with a unique identifier that are embedded invisibly on the web pages. Neither cookies nor web beacons can read data off your computer's hard drive.
The information may include items such as:
• the domain from which you have come to the site;
• the pages visited on our website;
• the date and time of the visit;
• the internet address of the referring site;
• your IP address;
• the types and location of devices you are using to access the website and its attributes;
• the version of the browser used;
• the capabilities of the browser; and
• the search terms used on our search engines.
We may combine the information you provide us and information we automatically collected with information from public or third party sources.
Where applicable, more information can be found in our Cookie Notices or Cookie Management Tools available on our websites.
You can refuse to accept and delete cookies by adjusting your browser setting. Please note that refusing or deleting cookies may impact your browsing experience on our websites, or prevent you from using some of the services, and it may result in the deletion of any preferences you have set. For more information on how to reject or delete cookies, you should consult with your browser's or device’s help documentation or visit www.aboutcookies.org. We do not use technology that recognizes do-not-track signals from your browser. You can also opt out of Internet based advertising by installing a browser plugin from the third party where available. For more information about interest-based advertising, please see: http://www.networkadvertising.org/managing/opt_out.asp.
In addition, in the course of seeking network security and consistent service for all users, we use software programs to monitor network traffic, identify unauthorized access or access to non-public information, detect computer viruses and other software that might damage our computers or the network, and monitor and fine-tune our network’s performance. These programs may detect additional information from your computer such as your IP address, device identifier, browser type, ISP, addresses from network packets, and other technical information. Any such information is used only for the purpose of maintaining the security and performance of the Marsh’s networks and computer systems.
FROM WHOM WE COLLECT PERSONAL INFORMATION
We may collect such information directly from you or through a third party such as your employer or other representative authorised by you, your insurers, the policyholder of a group insurance policy under which you are an insured, our authorised representatives, agents or associated entities, another party involved in a claim, investigators, loss adjusters and/or legal advisers.
YOUR COLLECTION OF PERSONAL INFORMATION
If we give you personal information, you and your representatives must only use it for the purposes we agree to.
Where relevant, you must meet the requirements of the APPs when collecting, using, disclosing and handling personal information on our behalf.
You must also ensure that your agents, employees and contractors meet the above requirements.
HOW WE USE AND DISCLOSE YOUR PERSONAL INFORMATION
We will only hold and use personal information about you that was collected for a particular purpose (the primary purpose) and will not use or disclose the information for another purpose (the secondary purpose) unless:
- we are required or authorised by law to do so;
- you have consented to the use or disclosure of the information; or
- a permitted exception under the Act in relation to the use or disclosure of the information applies.
If subsection 16B(2) of the Act applies in relation to the collection of the personal information we will take such steps as are reasonable in the circumstances to ensure that the information is de-identified before we disclose it. We will not use any personal identifiers issued by a government agency (e.g. Tax file number or Medicare number) as an identifier in our records systems. Should legislation require us to ask you to provide your tax file number we will only use that number for the purposes permitted by legislation and not as a general means of identifying you.
We may disclose your information to:
- our employees, authorised representatives, associated entities, and contractors, as required to perform their roles in arranging products and providing services, or to referrers;
- other business support service providers for the purposes of the operation of our business including, without limitation, IT systems administration, web hosting providers, document storage warehouses, printing and mail houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors and professional advisers such as accountants, solicitors, business advisers and consultants;
- insurers, reinsurers, other insurance intermediaries and premium funders;
- a person authorised by you or a third party such as your employer or the policyholder of a group insurance policy under which you are an insured;
- in the case of some claims (or likely claims), assessors, solicitors, repairers, builders, investigators, your employer or medical practitioners and rehabilitation providers;
- suppliers and other third parties with whom we have commercial relationships for business, marketing, and related purposes;
- the Australian Financial Complaints Authority (which is an external dispute resolution scheme);
- government bodies, regulators, law enforcement agencies and any other parties where required by law;
- in the case of any re-organisation, sale or merger of us or any of our related entities, such other entities that we propose to be acquired by or merge with; and
- we may combine or share any information that we collect from you with information collected by any of our associated entities.
In the ordinary course of business including the purposes outlined above, we may disclose personal information about you to a person or organisation located in countries outside of Australia such as the United States, United Kingdom, India, Singapore (e.g. to overseas insurers, reinsurers, insurance intermediaries, our associated entities and third party suppliers or service providers). In particular, your personal information may be sent to our administrative processing centers in Mumbai (India) or Kuala Lumpur (Malaysia). It may also be sent to: Bermuda, Brazil, China, Dubai, Hong Kong, Ireland, Japan, Singapore, South Korea, United Kingdom and the United States for the purposes of outsourcing Insurance Broking, Intermediary and Marsh, Advisory risk consulting services; and Canada, India, United Kingdom and the United States for the purposes of outsourcing Business Support Services (for example, IT systems administration and payment processing).
We will only transfer your personal information overseas if:
- we reasonably believe that the foreign country has substantially similar privacy obligations; or
- you consent; or
- we have taken reasonable steps to ensure the recipient will not hold, use or disclose the information in a manner inconsistent with the APPs.
When we send information overseas, in some cases we may not be able to take reasonable steps to ensure that overseas providers do not breach the Privacy Act and they may not be subject to the same level of protection or obligations that are offered by the Privacy Act. By proceeding to acquire our services and products and providing your personal information to us you agree that you cannot seek redress under the Privacy Act or against us (to the extent permitted by law) and may not be able to seek redress overseas. If you do not agree to the transfer of your personal information outside Australia, please contact us.
HOLDING PERSONAL INFORMATION
We may hold your information electronically and on paper/in hard copy. We place a high priority on the security of personal information, and we are committed to protecting the personal information that you provide to us. We take reasonable steps to ensure your personal information is secure and we use and maintain appropriate safeguards to prevent misuse and loss and from unauthorised access, modification or disclosure. We implement administrative, physical and technical safeguards to protect the confidentiality and integrity of your personal information and data that we use and hold.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
We retain most information relating to you for at least 7 years in order to meet legal and business requirements. Once information is no longer required, it will be destroyed in a secure manner.
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms including mail, fax and electronic media such as email and SMS and social media such as Twitter and Facebook, in accordance with applicable marketing laws such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication we will endeavor to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by using the opt-out facilities provided within the marketing communications.
HOW YOU MAY ACCESS YOUR PERSONAL INFORMATION AND SEEK CORRECTION OF IT
Accessing your information
You may request access to any personal information we hold about you at any time by contacting our Privacy Officer (see ‘How to contact us or make a complaint’ section below). Where we hold information that you are entitled to access, we will try to provide you with mutually agreeable means of accessing it (for example, by mailing or emailing it to you or facilitating inspection). Our Privacy Officer will need to establish the identity of the individual requesting the information prior to providing it. A fee may apply to recover reasonable costs of making the information available.
There are a number of situations where we may deny an individual access to personal information in accordance with the APPs. These can include circumstances where it would have an unreasonable impact on the privacy of other individuals, would result in a breach of confidentiality, the information relates to existing or anticipated legal proceedings, we have reason to suspect that unlawful activity or misconduct of a serious nature is being or may be engaged in, or where the law requires or authorises such access to be denied. Our Privacy Officer will advise you if any of these or other circumstances apply.
Keeping your information accurate
We take reasonable steps to ensure that the personal information we hold is accurate, up-to-date and complete. However, we also rely on you to advise us of any changes to your information to help us do so. If you believe your personal information is not accurate, up-to-date or complete, then please contact your Marsh insurance adviser or our Privacy Officer (see ‘‘How to contact us or make a complaint’ section below).
To assist us in maintaining correct records, we ask you to inform us in writing of any changes in your personal information provided to us.
If you establish that information held is not accurate, complete or up to date, then we will take reasonable steps to correct the information unless it is impractical or unlawful to do so. If you establish that information held is not accurate, complete or up to date and we have shared that information with another APP entity, then if you request us to notify those entities we will take reasonable steps to do so unless it is impractical or unlawful to do so.
HOW TO CONTACT US OR MAKE A COMPLAINT?
We treat any concerns or complaints that you may have with respect and confidentiality. A privacy representative will contact you within a reasonable time after receipt of your complaint to discuss your concerns and outline options regarding how they may be resolved. We aim to ensure complaints are resolved in a timely and appropriate manner.
You can contact our Privacy Officer by:
- Email – firstname.lastname@example.org
- Phone – (02) 8864 7688
- Post – PO Box H176, Australia Square NSW 1215
If your concerns are not resolved to your satisfaction or you would like further information in regards to the Privacy Act, the matter can be referred to the Office of the Australian Information Commissioner on 1300 363 992.