Collecting Personal Information
Why do we collect personal information?
We collect personal information (meaning information or an opinion about an identified individual or an individual who is reasonably identifiable) in order to:
- provide the products and services offered on the Site and in any other forum to our clients;
- manage communications and promotional activities in respect of our clients and prospective clients;
- enhance and improve your use of the Site and our products and services;
- respond to any questions, comments or queries submitted on the Site or by any other means;
- disperse marketing materials and keep you informed about new products, initiatives and opportunities;
- for internal business purposes, for example, to research and develop the Site and our other products and services; and
- as required or authorised by law, including under the Australian Privacy Principles.
Can you deal with us without identifying yourself?
When contacting us, you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if it is impracticable for us to communicate with you that way, or if we are required or authorised under Australian law (or a court or tribunal order) to only deal with individuals who have identified themselves.
Whose personal information do we collect?
We collect or hold personal information about individuals who are:
- prospective, current and former clients; and
- our service providers, agents or affiliates and their staff.
What personal information do we usually collect?
We collect a wide range of personal information relevant to our advised purposes, but the type and amount of information depends on the particular business context.
- When you apply for products or services we may ask for identification information. This could include your name, address, contact details and date of birth. We may also collect your tax file number if it is relevant to the services we are providing, if we are authorised to collect it and if you choose to supply it.
- Throughout the life of your product or service, we may collect and hold additional personal information about you. This could include transaction information or making a record of queries or complaints you make and, if you make an insurance claim, collecting additional information to assess the claim.
- For making employment decisions and managing our staff, we also collect information about our employees and prospective employees.
Do we collect sensitive information?
- If you apply for insurance, we may collect information about what is being insured, your nominated beneficiaries, and your health and financial situation, depending on the type of insurance. This also may include information about your health and other medical information, lifestyle information that relates to insurance, occupational information and criminal history. This type of information may be considered sensitive information and therefore we would not collect it unless we have your informed consent or the use of the information is otherwise permitted under the Privacy Act.
- We may also collect voice or biometric information to verify your identity or authorise transactions.
How do we collect personal information?
We collect personal information by various means and mediums, depending on the services we are providing and our client needs.
We will generally collect personal information directly from an individual client, service provider, agent or affiliate, unless it is unreasonable or impracticable to do so. We may also collect personal information from third parties such as your representatives or external data suppliers. When we have collected personal information about you, we will notify you at the point of collection, or as soon as practicable, to ensure that you are aware of such collection and its purpose.
If someone other than you provides us with personal information about you, for example our third party insurance partner provides us with personal information for the purposes of performing any services we are engaged to perform, the notification will usually be provided to you via that third party.
What if we receive unsolicited personal information?
If we receive or are provided with personal information that we did not ask for and we determine that we could have collected this information from you had we asked for it, we will notify you as soon as practicable. However, this notice will not be provided if doing so would be a breach of an obligation of confidence. If we could not have collected this personal information, we will lawfully de-identify or destroy the personal information.
When you visit the Site the server may attach a “cookie” to your computer’s memory. A “cookie” assists us to store information on how visitors to the Site use it and the pages that may be of most interest. If you choose, you are able to configure your computer so that is disables “cookies” or does not accept them.
Our servers may record other information about or relating to you, such as the time and date of your visit or the IP address assigned to the computer you are using to access the Site. In many cases, we cannot and do not use this information to identify you personally. Rather, we simply use this information for the operation of the Site, to maintain quality of the Site, and to provide general statistics regarding the use of the Site.
3. Use and disclosure of information
Where we collect personal information for a particular purpose, we may use and disclose the information for that purpose or another purpose that is related to that purpose (or that is directly related to that purpose in the case of sensitive information). Your personal information may be disclosed by us to the following third parties:
- other companies within the Arco Group;
- our agents, contractors and external service providers (for example, mailing houses, payment systems operators and technology service providers);
authorised representatives and credit representatives who sell products and services on our behalf;
- insurers, re-insurers, health care providers and other organisations, who jointly with us, provide the products or services;
- other financial services organisations, including banks, superannuation funds, stockbrokers, custodians, fund managers and portfolio service providers; debt collectors for debt collection activity;
- our financial advisers, legal advisers or auditors;
- your representatives (including your legal adviser, accountant, mortgage broker, financial adviser, executor, administrator, guardian, trustee, or attorney);
- fraud bureaus or other organisations to identify, investigate or prevent fraud or other misconduct where authorised by law;
- external dispute resolution schemes; and
- regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.
To protect personal information, we use reasonable efforts to enter into contracts with our service providers that require them to comply with the Privacy Act. These contracts oblige them to only use the personal information we disclose to them for the specific role we ask them to perform. Generally, we disclose personal information to organisations that help us with our business.
We may also disclose your personal information to others outside the Arco Group where:
- we are required or authorised by law or where we have a public duty to do so;
- you may have expressly consented to the disclosure or the consent may be
- reasonably inferred from the circumstances; or
- we are otherwise permitted to disclose the information under the Privacy Act.
How will your information be used for direct marketing purposes and how can I opt out?
We may use personal information about prospective, current and past clients for the purpose of direct marketing of our products and services. Direct marketing communications may be sent via post, e-mail, telephone, social media sites or other means. However we will give you the opportunity to opt out of receiving further direct marketing communications from us.
You may opt out of receiving direct marketing communications from us at any time by contacting us using the details provided below.
4. Access to and accuracy of your information
We take reasonable steps to ensure that the personal information held by us is accurate, complete and up to date. If you believe that any of your personal information is inaccurate, please contact us and we will take reasonable steps to correct it.
If you request access to the personal information we hold about you, we will respond to your request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner you request. You have a right to access the personal information we hold about you subject to any exemptions allowed under the Privacy Act. You may request this information by contacting our Privacy Officer. If your request is particularly complex or requires a detailed searching of our records, we may charge a reasonable fee for providing that information.
5. Transfer of information overseas
6. Your consent
7. Storage and Security
Much of the information we hold about you will be stored electronically in secure data centres which are located in and owned by either the Viridian Group or our external service providers. Some information we hold about you will be stored in paper files. We use a range of physical and electronic security measures to protect the security of the personal information we hold. For example:
- access to information systems is controlled through identity and access management;
- employees are bound by internal information security policies and are required to keep information secure; all employees are required to complete training about information security; and
- we regularly monitor and review our compliance with internal policies and industry best practice.
If we no longer need your personal information, unless we are required under Australian law or a court or tribunal order to retain it, we will take reasonable steps to destroy or securely delete your personal information in accordance with our document retention policy.
8. Variation and consent to variation
9. Complaints and further information
If you are concerned about how your personal information is being handled or if you have a complaint about a breach by us of the Australian Privacy Principles, please contact us using the details below:
The Privacy Officer
Suite 2, 27-31 Duerdin Street
Notting Hill, Victoria, 31680
Phone: (03) 9562 0742
We will acknowledge your complaint as soon as we can after receipt of your complaint and will aim to resolve the matter quickly and fairly within 30 days.
If an issue has not been resolved to your satisfaction, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC).
The Commissioner can be contacted at:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
You can also lodge a complaint about Privacy with the Australian Financial Complaints Authority (AFCA). AFCA provides fair and independent financial services complaint resolution that is free to consumers.
Australian Financial Complaints Authority
GPO Box 3
Melbourne VIC 3001
Phone: 1800 931 678 (free call)