Southern Cross Travel Insurance ("we", "our" or "us") has a legal obligation to comply with the Privacy Act 1988 (”the Act”) and the Australian Privacy Principles ("APPs").
Under the Act, organisations that are in possession of an individual's 'personal information' must observe certain restrictions and standards concerning the collection, use, disclosure, and security of that information.
Personal information is defined by the Act as ‘information or an opinion about an identified individual, or an individual who is reasonably identifiable:
- whether the information or opinion is true or not; and
- whether the information or opinion is recorded in a material form or not’.
We may collect certain personal information from you in the course of providing our services to you.
We have an obligation to collect personal information about you directly from you, unless it is unreasonable or impracticable to do so. If we have collected personal information about you, we must take steps as are reasonable in the circumstances to ensure that you are aware that we have collected your information and what we intend to do with it.
We have developed this Privacy Statement to inform you about:
- the kind of personal information that we collect and hold;
- how we collect and hold personal information;
- the purposes for which we collect, hold, use and disclose personal information;
- how you can gain access to personal information we hold and seek its correction;
- how you may complain about possible breaches of privacy, and how that complaint will be handled; and
- whether we are likely to disclose your information overseas, and if so, to which countries we are likely to disclose your information.
How do we use personal information?
We use personal information for the following purposes:
- to check your eligibility for insurance, and/or to confirm your identity;
- to administer your insurance policy;
- to determine your eligibility for potential benefit entitlements;
- to process your application for services including claims;
- to provide you with the services that you have requested;
- to contact you and each of the insured persons from time to time with information about products and services offered by us, other ‘Southern Cross’ branded businesses and our business partners, giving you the option to unsubscribe at any time;
- to only contact you with information about products or services offered by us for a period of up to 24 months from the date you purchased your policy;
- paying accounts, invoices or generating bills;
- to prevent, detect and investigate any fraud or where, in our reasonable opinion, we suspect any fraud;
- to investigate and resolve complaints concerning the provision of services including obtaining or providing material to the Australian Financial Complaints Authority (AFCA);
- to comply with legislative and regulatory requirements and provisions including the General Insurance Code of Practice;
- to perform administrative functions including accounting, risk management and record keeping; and
- to assist in system development including testing and upgrading new systems and training.
What personal information do we collect?
The personal information that we collect generally includes:
- your name, email address, date of birth, contact details and other personal details to set up a policy for you;
- personal information of any other person you wish to insure;
- your travel plans;
- information about your medical history and the medical history of any other person you wish to insure;
- information about the medical history of any person that results in a claim under your policy; and
- information about claims you make or wish to make under your policy.
We may seek to collect personal information that is regarded as sensitive information or health information. Sensitive information may only be collected where it is reasonably necessary for, or directly related to, one of our business functions or activities. We may only collect sensitive information with your consent or as authorised by law.
How do we collect personal information?
Information collected from you
When it is reasonable and practicable to do so, we will collect your information from you directly. We will do this:
- when you provide information as part of your application for travel insurance;
- when you submit a claim for benefits;
- each time we have contact with you by telephone or email, or when you visit our website; and
- when using phone records which may have been obtained for training quality and business purposes.
Information collected from third parties
We may also collect personal information about you for the purposes set out above from:
- medical practitioners and/or other healthcare service providers;
- any persons necessary to establish eligibility of benefits for you, in circumstances where benefits claimed may be payable from another source;
- any previous insurance claims you have made from the Insurance Council of Australia or its affiliates, any insurance data collection service and/or other insurers for the purposes of claim verification and/or fraud prevention;
- law enforcement agencies, telecommunication data, social media, partners, agencies and other service providers to us;
- other Southern Cross branded businesses for the sole purpose of fraud prevention, detection and investigation purposes;
- an adviser or agent associated with your insurance policy; and
- any other third party authorised by you.
We may collect personal information about you from the main policyholder (where you are not the main policyholder), where it is unreasonable or impracticable to collect that information from you directly. If you are the main policyholder, you are responsible for making any other people insured under your policy aware that you are disclosing their personal information to us and of the terms of this Privacy Statement.
When we collect your personal information from a third party, we must take reasonable steps to notify you that we have collected that information and ensure that you have been made aware of certain things as stipulated by the Act, including:
- our identity and contact details;
- how you may have access to the information that we have collected about you; and
- the purpose for which the information has been collected.
If you do not provide the information we request or do not consent to our collecting that information from third parties, then depending upon the type of information concerned, we may not be able to:
- process any application for insurance cover or claims; and
- provide any other services to you.
When do we disclose your personal information?
We will only disclose your personal information to third parties:
- if you have given us your consent to do so;
- to people or entities such as:
- a co-insured;
- a medical practitioner and/or other healthcare service provider;
- our emergency assistance service provider;
- other third parties contracted by us to perform our services, provided any use of your personal information by that third party is limited solely to the relevant service;
- our reinsurers and their agents;
- intermediaries, such as advisers, brokers, agents or representatives associated with your insurance policy;
- government, law enforcement or statutory bodies;
- investigators, assessors, legal practitioners, witnesses and other professional services in assessing and investigating a claim;
- other Insurers on their specific request
- other Southern Cross branded businesses for the sole purposes of: (a) fraud prevention, detection and investigation; and (b) redirecting claims and other correspondence that we reasonably believe to be intended for another Southern Cross branded business;
- any third party authorised by you.
- for marketing purposes, and
- where it is permitted by law.
Any use of your information by that third party is limited solely to the purpose of that third party.
There may be occasions when your information is used or disclosed in other circumstances which are permitted by the Act or other laws.
By commencing or continuing your relationship with us, you are taken to have consented to the collection and disclosure of personal information, including sensitive health information, by us from and to third parties as detailed in this Privacy Statement.
You should note that you may withdraw this consent at any time simply by notifying us. However, depending on the circumstances, this may prevent us from being able to provide services to you and we may have to cancel your Policy with us.
How personal information is held / security
We are strongly committed to protecting your personal information and your privacy, and to providing a safe and secure web environment for you. We have strict information security policies and procedures in place to protect personal information held by us from misuse, interference, loss, and unauthorised access, modification or disclosure.
Personal information may be stored in either hardcopy documents or as electronic data. Our computer based information is protected through the use of access passwords on each computer. Data is backed up daily and stored securely off-site.
We use a secure disposal system for the destruction of hard copy records containing personal information that does not need to be retained. All electronic documents are retained securely in our system.
Our security procedures and policies are audited on a regular basis to ensure they are updated and in accordance with legal requirements and current levels of security technology.
We will take all reasonable steps to protect the personal information of our customers from misuse, interference, loss, unauthorised access, modification or disclosure in accordance with the Act and the Code.
When we no longer need your personal information for a purpose for which it may be used or disclosed by us, we will take steps that are reasonable in the circumstances to destroy that information or make sure it is de-identified. We do not need to destroy or de-identify information that is contained in a Commonwealth record or that we are required to retain by an Australian law or a court/tribunal order.
Access and correction
You may request access to and/or correction of any of the personal information that we hold about you. To enable us to process your request, we ask that you email us and state:
- your name;
- your date of birth; and
- the kind or type of information that you are requesting access to.
If you wish to correct that information, we may require proof that we have incorrect information held about you (i.e. such as statement from a doctor).
The type of information held generally includes the following:
- a record of premium payments;
- history of your insurance cover;
- financial information, including bank account details; and
- your claims history: a record of hospital, medical and or related claims.
Details of what kind of information we hold and for what purpose can be obtained by emailing us. You can also request information as to how we collect, use, store, and disclose your information.
We will acknowledge a request for access and endeavour to respond within a reasonable time. We may recover from you the reasonable costs of providing access to your personal information. We do not charge you for receiving or processing a request to correct or update your personal information. Access to the information will either be in the form of copies or by allowing you to view the information.
Where your access request may result in disclosure of personal information and, in particular sensitive information, about other individuals, the request for access must be in writing with appropriate consents or a declaration that consent has been given before the personal information is released.
If you establish that the personal information we hold about you is not accurate, complete or up-to-date, we will take reasonable steps to correct the information on being provided sufficient evidence to correct or change the information. Please assist us to keep accurate details by informing us whenever your personal details change or whenever you become aware that our records are inaccurate.
In limited circumstances, a request for access may be denied, or restricted access given. We will provide reasons in writing for the denial or limitation on access and the options available to you to dispute the refusal, and we will inform you of any exceptions relied on under the Act.
Due to the nature of our insurance product your information is transferred overseas and depending on where you intend to travel, we may be required to transfer further personal information overseas. By purchasing a policy through us, you are consenting to us sending your information to overseas parties if required.
SCTI may be required to disclose your personal information to overseas entities in the United Kingdom, New Zealand, The Philippines, and Bermuda, or any country related to your policy or claim. Where SCTI transfers information overseas we take reasonable steps to ensure that the overseas recipient does not breach the relevant privacy principles, which includes ensuring that information is held securely and is used by the third party for the third party’s purposes only.
As personal information is often transferred over the internet we cannot guarantee that a transmission of information is always secure, and while we maintain the highest security measures we cannot ensure information sent by you is secure and therefore it is transmitted at your own risk.
At the time of purchasing a policy with us, your email address will be added to our database where you will receive marketing material that we think may interest you, for a period no longer than 24 months from the date of your travel insurance purchase. Should you wish to opt out of direct marketing at any time, you can unsubscribe by clicking on the unsubscribe button located at the bottom of all marketing communications, or contact us directly at firstname.lastname@example.org. Once the 24 month period has ended, we will send you an email to confirm whether you still wish to be subscribed with us or not. Emails that refer to your policy, claim or service may still be sent to you, as these emails are not marketing material.
We do not rent, sell or lease our customer lists to third parties.
You should first direct any complaint of an alleged breach of the Privacy Act to our Operations Manager. The contact details are as follows:
If you are not satisfied with how we have dealt with the complaint, you may contact the Privacy Commissioner at:
GPO Box 5218,
Telephone 1300 363 992 (local call charge)
The Privacy Commissioner may investigate complaints about acts or practices that constitute an 'interference with privacy' if we do not resolve your concerns.
More information on the Privacy Act can be found at the Privacy Commissioner's website: www.oaic.gov.au.
Changes to the privacy statement
Our current Privacy Statement can be found on our website www.scti.com.au. This Privacy Statement was last updated in June 2016 and is subject to ongoing review. You may also obtain a copy of this statement by emailing us at email@example.com. We will alert you to any significant changes through notices on our website.