Insurance Investment Solutions is committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles (APPs).
what is personal information?
The Privacy Act defines personal information to mean:
“information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.”
what is sensitive information?
“Sensitive information” is a subset of personal information and means:
“information or opinion about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information or templates.”
what kind of personal information do we collect?
The kinds of personal information we collect and hold can vary depending on the services we are providing, but generally includes:
- your contact information such as your full name (first and last), e-mail address, current postal address, delivery address (if different to postal address) and phone numbers;
- your employment history (if applicable);
- your date of birth;
- your insurance history;
- other information specific to our products or services such as your opinions, statements and endorsements, collected personally or via surveys and questionnaires, including but not limited to your views on the products and services offered by Austagencies; and ·
- any payment or billing information, including but not limited to bank account details, direct debit information, credit card details, billing address, premium funding and instalment information, where applicable.
The type of sensitive information we may collect includes:
- your criminal record;
- your health information; and
- your membership of a professional or trade association.
how do we collect and hold personal information?
We only collect personal information by lawful means, where it is reasonably necessary for, or directly related to, the services, functions or activities we provide to you.
If we collect personal information about you from someone else, we will take reasonable steps to make you aware of the collection in accordance with the APPs.
We may also obtain personal information indirectly, for example, from another insured if they arrange a policy which also covers you, related bodies corporate, referrals, your previous insurers or insurance intermediaries, witnesses in relation to claims, health care workers, publicly available sources, premium funders and persons with whom we enter into business alliances.
We will obtain your consent before we collect sensitive information. We will limit the collection and use of your sensitive information unless we are required to do so in order to carry out the services we provide to you.
We may hold personal information within our own data storage devices or with a third party provider of data storage. We discuss the security of your personal information below.
the purposes for which we collect, hold, use and disclose your personal information
We collect, hold, use and disclose your personal information where it is reasonably necessary for, or directly related to, the services, functions or activities we provide to you. These include our insurance broking services, insurance intermediary services, funding services, claims management services and risk management and other consulting services.
We also collect, hold, use and disclose your personal information where it is necessary to meet our obligations at law, for example, for conducting identity checks required by the Anti-Money Laundering and CounterTerrorism Financing Act 2006 and other legislation.
We also use and disclose your personal information for direct marketing purposes, which is explained in more detail below. For example, we need to collect, hold, use and disclose personal information where:
- we are providing personal advice, so we can provide this advice to you;
- we arrange insurance, so insurer(s) can decide whether to offer insurance or not;
- you require premium funding, so the funder can decide whether to provide the funding; and
- a claim is made, so the insurer can make a decision in relation to the claim.
Unless we have obtained your consent, we do not use or disclose personal information for any purpose unrelated to our services and where you would not reasonably expect. Unless we have obtained your consent, we will only use your personal information for the primary purposes for which it was collected.
We disclose personal information to third parties who assist us or are involved in the provision of our services. Your personal information is disclosed to third parties only in connection with the services that we provide to you, or otherwise with your consent. We may also disclose your personal information for direct marketing purposes, explained in more detail below.
The third parties who might receive your personal information can include our related companies, our agents or contractors, insurers, their agents and others they rely on to provide their services and products (e.g. reinsurers), premium funders, other insurance intermediaries, insurance reference bureaus, loss adjusters or assessors, medical service providers, credit agencies, lawyers and accountants, prospective purchasers of our business and our alliance and other business partners.
We also use personal information to develop, identify and offer products and services that may interest you, and to conduct market or customer satisfaction research. From time to time we may develop arrangements with other organisations that may be of benefit to you in relation to promotion, administration and use of our respective products and services. We discuss direct marketing in more detail further below. We do not use sensitive information to send you direct marketing communications without your express consent.
If we intend to disclose or use your personal information other than for the purposes listed above, we will seek your consent prior to disclosure or use of that information.
If we give third parties (including their agents, employees and contractors) your personal information, we require them to only use it for the agreed purposes.
what if you do not provide some personal information to us?
If the required personal information is not provided, we or any involved third parties may not be able to provide appropriate services or products. If you do not provide the required personal information we will explain what the impact will be.
what do we expect of you when providing personal information about another person?
If we give you personal information, you must only use it for the purposes for which we agreed.
Unless an exemption applies or we agree otherwise, you must meet the requirements of the Privacy Act, when collecting, using, disclosing and handling personal information on our behalf.
You must also ensure that your agents, employees and contractors meet the above requirements
how do we manage the security of your personal information?
We take reasonable steps to ensure that your personal information is safe. We retain personal information in hard copy records and electronically with us or our appointed data storage provider(s). You will appreciate, however, that we cannot guarantee the security of all transmissions of personal information, especially where the internet is involved.
We endeavour to take all reasonable steps to:
- protect any personal information that we hold from misuse, interference and loss, and to protect it from unauthorised access, modification or disclosure both physically and through computer security measures;
- destroy or permanently de-identify personal information in accordance with the Privacy Act.
We maintain computer and network security; for example, we use firewalls (security measures for the internet) and other security systems such as user identifiers and passwords to control access to computer systems.
We take reasonable steps to ensure that personal information is current, accurate, up-to-date and complete whenever we collect or use or disclose it.
Throughout our dealings with you we will take reasonable steps to confirm the details of your personal information we hold and ask you if there are any changes required.
The accuracy of personal information depends largely on the information you provide to us, so we rely on you to:
- let us know if you become aware of any errors in your personal information; and
- keep us up-to-date with changes to your personal information, such as your name or address.
access to and correction of your personal information
You are entitled to have access to any personal information relating to you which we possess, except in some exceptional circumstances provided by in law.
For example, we may refuse access where the:
- information may have an unreasonable impact on the privacy of others;
- request is frivolous or vexatious;
- information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings;
- information would reveal our intentions in relation to negotiations in such a way as to prejudice those negotiations.
Where providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process, we will provide an explanation for the decision rather than direct access to the information.
If we refuse access or to give access in the manner requested by you we will let you know why in writing and provide you with details about how to make a complaint about the refusal.
If we correct your personal information we may retain a copy of the previous information for our records or as required by law. If you wish to access your personal information please write to our Privacy Officer:
Insurance Investment Solutions Pty Ltd
PO Box 56
Bowral NSW 2576
In most cases we do not charge for providing you with access to your personal information or for complying with a correction request.
do we transfer information overseas?
Any personal information provided to us may be transferred to, and stored at, a destination outside Australia, including but not limited to New Zealand, Singapore, United Kingdom, the Philippines, India, the European Union and the United States of America. These countries may change from time to time. Personal information may also be processed by staff or by other third parties operating outside Australia who work for us or for one of our suppliers, agents, partners or related companies.
When we send information overseas, we will take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the use of that information. If you do not agree to the transfer of your personal information outside Australia, please contact us.
sale or restructure of business
In the future we may consider the sale or restructure of our business or the purchase of the business of other financial services companies. In such circumstances it may be necessary for your personal information to be disclosed to permit the parties to assess the sale or restructure proposal for example through a due diligence process. We will only disclose such of your personal information as is necessary for the assessment of any sale or restructure proposal and subject to appropriate procedures to maintain the confidentiality and security of your personal information. In the event that a sale or restructure proceeds, we will advise you accordingly.
We may use your personal information, including any email address you give to us, to provide you with information and to tell you about our products, services or events or any other direct marketing activity, including third party products, services and events which we consider may be of interest to you. We may also ask related parties to contact you about services and products which might be of interest to you.
You may request that we not use your personal information for direct marketing.
You are able to visit our website without providing any personal information. We will only collect personal information through our websites with your prior knowledge for example where you submit an enquiry or application online.
Email addresses are only collected if you send us a message and will not be automatically added to a mailing list.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use may identify individual users.
- cookies can either be “persistent” or “session” based. Persistent cookies are stored on your computer, contain an expiration date, and are mainly for the user’s convenience.
- session cookies are short-lived and are held on your browser’s memory only for the duration of your session; they are used only during a browsing session, and expire when you quit your browser.
- We may use both session and persistent cookies. This information may be used to personalise your current visit to our websites or assist with analytical information on site visits.
- most internet browsers can be set to accept or reject cookies. If you do not want to accept cookies, you can adjust your internet browser to reject cookies or to notify you when they are being used. However, rejecting cookies may limit the functionality of our website.
If you do have a complaint about privacy we ask that you contact our office first to help us to assist you promptly.
In order to resolve a complaint, we:
- will liaise with you to identify and define the nature and cause of the complaint;
- may request that you detail the nature of the complaint in writing;
- will keep you informed of the likely time within which we will respond to your complaint;
- will inform you of the reason for our decision in resolving such complaint; and
- keep a record of the complaint and any action taken in the Register of Complaints.
If you have a complaint please write to us at:
Insurance Investment Solutions Pty Ltd
PO Box 56
Bowral NSW 2576
Our Privacy Officer will then attempt to resolve the issue or complaint.
When we make our decision, we will also inform you of your right to take the matter to the Office of the Australian Information Commissioner (OAIC) if you are not satisfied. If you do not receive a response from us of any kind to your complaint within 30 days, then you have the right to take the matter to the OAIC.
You also have a right in limited circumstances to have your privacy complaint determined by the Australian Financial Complaints Authority (AFCA). The AFCA can determine a complaint about privacy where the complaint forms part of a wider dispute within the AFCA Rules between you and us or when the privacy complaint relates to or arises from the collection of a debt. We are bound by AFCA’s determinations, provided that the dispute falls within the AFCA Rules. Unless exceptional circumstances apply, you have two years from the date of our letter of decision to make an application to the AFCA for a determination. You can access the AFCA dispute resolution service by contacting them at:
If you would like further details of our Privacy Complaints Handling Procedure, please contact our Privacy Officer using the contact details listed above.
how to contact us and opt out rights
Insurance Investment Solutions Pty Ltd
PO Box 56
Bowral NSW 2576
We welcome your questions and comments about privacy.
You can also obtain information on privacy issues in Australia on the Office of the Australian Information Commissioner (“OAIC”) website at www.oaic.gov.au or by contacting the OAIC by email at firstname.lastname@example.org or by calling on 1300 363 992.