Southern Cross Travel Insurance’s Privacy Policy (AU) 

  

About Southern Cross Travel Insurance’s Privacy Policy  

We value the trust you place in us to handle your personal information (including sensitive information) the right way when we provide a product or service to you and we will always be honest and transparent about how we manage your personal information. 

Southern Cross Travel Insurance is a travel insurance company operating in Australia and New Zealand.  

In this Privacy Policy, when we refer to ‘Southern Cross Travel Insurance’, ‘we’, ‘our’ or ‘us’ we mean Southern Cross Benefits Limited ABN 99 133 401 939, AFS Licence 331058 trading as Southern Cross Travel Insurance.  

In this Privacy Policy, when we refer to ‘you’ or ‘your’ we mean our customers and the person whose name was used in an application to purchase one of our products, who uses our products and services and who gives personal information. 

For more information about Southern Cross Travel Insurance, please see here: www.scti.com.au

This Privacy Policy sets out how we manage your personal information. It describes the kinds of personal information we collect and hold, how we collect it, and why we need it including for what purpose we collect, hold, use, disclose, destroy or de-identify it.

Southern Cross Travel Insurance and its operations in Australia are bound by the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).  We are dedicated to having an up-to-date Privacy Policy. This Privacy Policy will be reviewed at least annually to ensure our privacy obligations are met. 

The contents of this Privacy Policy may change from time to time, without notice.

 

What is personal and sensitive information and why do we collect it? 

We want you to know what personal and sensitive information is so that you know what we collect, hold, use and disclose.

‘Personal information’ is information or an opinion about you, or information that can be used to identify or reasonably identify you. 

‘Sensitive information’ is information or an opinion about you including, for example, your race or ethnicity, your religion, your sexual orientation and health information about you.

‘Health information’ includes information or opinion about an illness, disability or injury you have, your express wishes about the future provision of health services, or health services provided (or to be provided) to you.

Southern Cross Travel Insurance will only collect, use or disclose personal information when it is reasonably necessary for us to carry out one or more of our functions or activities. This includes allowing us to provide you with travel insurance and our travel related products and services, making a decision on your claim and providing assistance while you are travelling. Your health information is also required for these purposes particularly if your claim involves a medical event and we need to provide medical assistance to you under your policy.

 

What if you want to remain anonymous or have a pseudonym

You have the option of not identifying yourself or using a pseudonym where it is lawful or practicable for SCTI to allow it. This may be when you inquire with us about a product or service, use our online services or request a quote. 

However, we may be unable to provide you with a travel insurance product or service or provide medical or non-medical assistance whilst travelling if you choose to deal with us anonymously or use a pseudonym, as it will generally be impracticable to do so.”

However, if you choose not to provide us with information we have requested, we may not be able to or may find it difficult to provide you with a travel insurance product or service or provide assistance to you or others especially when travelling.

 

What personal information do we collect and hold? 

The kinds of personal information we collect and hold will depend on the type of product or service we provide to you. 

We may collect and hold personal information (including health information) from you and this includes: 

  • your name, email address, date of birth, contact details and other personal details to set up a policy for you or this information of any other person you wish to insure with us;  
  • your travel plans; 
  • information to administer a product or service to you including assessing and determining a claim;
  • information about your medical history and the medical history of any other person you wish to insure with us, including about pre-existing medical conditions;
  • information about claims you make or wish to make under your policy; 
  • information about the medical history of any person that results in a claim under your policy;
  • information about the type of medical assistance you require or will be provided with;
  • your bank account details so that we may pay your claim; and
  • details contained within identity documents provided to us including government identifiers such as Medicare number, Centrelink reference number, driver license numbers and passport numbers.


How do we collect your personal information? 

Southern Cross Travel Insurance will collect personal information from you directly and at various times. This includes:

  • when you open and start to complete, or complete, an application form or other type of form for travel insurance;  
  • when you contact us in person, by phone, mail, email or online or we contact your directly;
  • when you make a claim or request assistance from us; and 
  • when you visit our website, Facebook page, mobile application and any other pages that we operate.  

When you visit our website or other digital platforms, we may also collect and use data including some of your travel data, your IP address, record your date and time of visit, the pages you visited and the device and browser you may be using. 

In some circumstances, when it is unreasonable or impracticable to collect the personal information from you directly, we will collect personal information from third parties. This may include: 

  • from the primary policy holder;  
  • from your representative or any other person when authorised by you (for example, a joint policy holder, your legal guardian or a person with power of attorney); 
  • from an agency or organisation on whose behalf we are providing you with travel insurance (for example, your travel consultant, advisers, agents, brokers, employer and other
  • representatives);
  • Southern Cross Travel Insurance branded businesses and trusted business partners;
  • other insurers and any insurance data collection services for the purposes of policy or claim verification and/or fraud prevention; 
  • third party fraud protection services and their subscribers for the purpose of fraud prevention, investigation or detection; and 
  • law enforcement agencies, telecommunications and digital partners and agencies, social media and any other service providers to us. 

If you are the primary policy holder, we ask that you make any other people insured under your policy aware that you may disclose their personal information to us, and of this Privacy Policy.

If we receive personal information that we took no active steps to collect, we will consider the context in which and the nature of the personal information received. If we could not have collected the personal information, we will destroy or de-identify the information if it is lawful and reasonable to do so.


How do we collect your sensitive and health information? 

Southern Cross Travel Insurance will only collect sensitive and health information when it is reasonably necessary for one or more of our functions or activities and you have given your consent. 

We will collect personal information (including sensitive and health information) from you directly or from third parties, for example, medical practitioners, health service providers and medical authorities. 

In some circumstances, you may provide sensitive and health information to your representative, agent or other third party to then provide to us for example, when completing a policy application or during the claims process. You must provide the third party with your consent to disclose this information to us. 

If we do not have your consent, we will not collect your sensitive and health information subject to the exceptions under privacy law including:

  • the collection is required or authorised by or under an Australia law or a court/tribunal order;  
  • the collection is necessary to provide you with emergency medical assistance;
  • the collection is reasonably necessary to establish, exercise or defend a legal claim. 


When do we notify you of the collection of your personal information? 

When we collect personal information from you or a third party, we will take reasonable steps to notify you that we have collected that information and ensure you are made aware of the following matters: 

  • our identity and contact details;  
  • when personal information has been collected from a third party; 
  • if the collection is required or authorised by law; and
  • the purpose for which the information has been collected.  

 

How do we use and disclose your personal information? 

We may collect, use and disclose your personal information for the following purposes:

  • to identify you and other policy holders;  
  • to consider your eligibility for cover under the policy;
  • to consider specific terms or conditions applying to your policy (including any pre-existing medical conditions);
  • to process your application; 
  • to manage and administer a policy or a product and service;
  • to assist you while travelling;
  • to provide medical and non-medical assistance;
  • to assess, investigate, process and make a determination on claims made and/or paid; 
  • to pay your claim;
  • to manage, authenticate and update customer data;
  • to design and develop new products and to improve and make changes to existing products and services; 
  • to improve and personalise the customer experience including our website and marketing; 
  • for system development and training of our staff; 
  • to prevent, detect and investigate any fraud including in situations where we reasonably suspect any fraud; 
  • to investigate and resolve complaints including obtaining and providing material to the Australian Financial Complaints Authority (‘AFCA’); 
  • to comply with legislative and regulatory requirements and provisions including the General Insurance Code of Practice; 
  • to contact you from time to time, including within a reasonable time of your policy expiring or you ceasing to be covered by the policy, about products and services offered by us and our
  • business partners; 
  • to conduct market analysis and research in relation to the above purposes; 
  • to assist with the investigations and/or recovery of any claims made and/or paid (including historical claims); or  
  • as authorised or required by law. 

We may use or disclose your personal information (including sensitive and health information) for a secondary purpose. This is only if you have consented to this use or disclosure or an exception applies. The exceptions include: 

  • where you would reasonably expect it to be used or disclosed by us and the secondary purpose is related or directly related to the purpose for which it was collected; 
  • the use or disclosure is required or authorised by law or an enforcement body, or  
  • the use or disclosure is necessary to provide you with emergency medical assistance; or 
  • the use or disclosure is reasonably necessary to establish, exercise or defend a legal claim. 


Do we use automated decision making to make decisions? 

Southern Cross Travel Insurance is committed to ensuring we are open and transparent about how we use your personal information in conjunction with artificial intelligence (AI) technologies including automated decision making, especially when a decision made could reasonably be expected to significantly affect your rights and interests. 

Automated decision making is when your personal information is processed by a computer program to make or do a thing that is substantially and directly related to making a decision or assisting a claims handler to make a decision.

We may use your personal information collected and held in the operation of the computer program to make a decision or do the thing. For example, to assist you in obtaining a travel insurance policy and quote, the computer program may use your name, address, date of birth and medical history to make a decision on the applicable policy and cost and generate the quote for you. 

The kinds of personal information used in the operation of the computer program includes age and medical history.

The kinds of decisions made solely by the operation of computer programs includes generating a medical score, policy quote (premium), quality assurance marking and calculating customer satisfaction scores. 

The kinds of decisions for which a thing, that is substantially and directly related to making a decision, is done by the operation of the computer program includes calculating a policy quote and approving a claim. 


What about direct marketing? 

From time to time, Southern Cross Travel Insurance may use personal information it holds for direct marketing regarding our products or services or request feedback for marketing or promotional purposes. 


We will only use your personal information for marketing if you have consented to that use. If you or an authorised representative have provided your email address or mobile phone number to us, we will take this as your implied consent to receiving this communication until you unsubscribe or opt out.

You can choose to not provide your consent to receive marketing information by unsubscribing or opting out from receiving direct marking communication by using the unsubscribe function in our email or text marketing communications or alternatively, you can contact us and let us know you no longer wish to receive this communication. 

We do not use or disclose sensitive information for the purposes of direct marketing.


Who do we disclose your personal information to?

Unless otherwise permitted by law, we will only disclose to, or share your personal information for the purposes described above with the following: 

  • the policyholder or other individuals covered under your policy;  
  • your representative or any other person when authorised by you (for example, your legal guardian or a person with power of attorney); 
  • medical practitioners and/or health service providers; 
  • emergency assistance service providers;  
  • third parties contracted by us to perform our services, provided any use of your personal information by that third party is limited to the relevant service;  
  • to third parties associated with your policy (for example, your travel consultant, advisers, agents, brokers, employer and other representatives); 
  • our reinsurers and their agents;  
  • our actuaries;  
  • Southern Cross Travel Insurance branded businesses and trusted business partners and service providers (for example, mailing houses, actuaries, research and insight agencies,
  • investigators, translators, data processing and matching services, data analysis services, data monetization services, information broking services, business consulting services, marketing and
  • research services and information technology services);  
  • our professional advisors including lawyers accountants, tax advisors and auditors; 
  • regulatory or government bodies for the purpose of resolving customer complaints or investigations, or for other purposes pursuant to a statutory notice or other legislative power; 
  • other insurers on their specific request or for the purpose of fraud prevention, investigation or detection;  
  • third party fraud prevention services and their subscribers for the purposes of fraud prevention, investigation or detection; or
  • any other person in accordance with the law. 

This is not an exhaustive list and if you have any questions on who we disclose your information to, please contact us.

 
Do we disclose your personal information overseas?

In certain circumstances, we may disclose your personal information (or your sensitive and health information if reasonably necessary) to business partners and service providers who are located overseas. The circumstances where your personal information may be disclosed overseas include: 

  • to manage and authenticate your personal information; 
  • to improve our products and services; 
  • to administer your policy; 
  • to process and assess your application; 
  • to process and assess your claim; 
  • to provide you with medical and non-medical assistance while travelling; or  
  • if disclosure is required or authorised by law. 

The business partners and service providers we may disclose your personal information to are generally located in New Zealand and Australia and in the geographical areas in which you have or are travelling to. 

While we are committed to protecting the personal information we hold when it is disclosed to overseas third parties, in some circumstances we may not be able to take reasonable steps to ensure the acts and practices of the overseas third parties are compliant with and do not breach Australian privacy laws in relation to the information disclosed. The information may also not be subject to similar privacy protections to those under Australia privacy laws or to protection of your personal information in the same way we do. 

When you purchase a product or service with us, you consent to us sending your personal information to overseas third parties if required and as described in this Privacy Policy. 


How do we secure and store your personal information? 

Southern Cross Travel Insurances takes reasonable steps, including technical and organisational measures, to protect the personal information it holds from misuse, interference, loss, unauthorised access, modification or disclosure. This includes security measures in place to manage artificial intelligence systems.

There are different ways we store your personal information. These include in our computer systems or databases, in paper and electronic form and by our service providers located outside of Australia including data centres, software providers, other technology-related service providers, lawyers and accountants. 

Our technical security measures include: 

  • security measures for system access;  
  • encrypting data;  
  • antivirus and anti-malware software;  
  • strong passwords; and 
  • firewalls and intrusion detection systems. 

Our organisational measures include:

  • targeted privacy training;  
  • internal policies, standards and procedures on privacy security risk, artificial intelligence and notifiable data breaches;  
  • access to personal information is limited to authorised employees; 
  • confidentiality requirements for all employees and third parties.  

When we no longer need your personal information we hold for any purpose for which the information may be used or disclosed, and the information is not contained in a Commonwealth record or we are not required by law to retain the information, we will take reasonable steps to destroy the information or ensure the information is de-identified. 

Whilst we are committed to protecting your personal information and having security measures in place, there is always a risk in data transmission and security especially when you or we transmit data over the internet. 


How accurate is your personal information? How can you access your personal information we hold or correct such information? 

We are committed to taking reasonable steps to ensure the personal information we collect, use and disclose is accurate, up-to-date, complete and relevant. 

If your personal information has changed or you believe the information we hold is not accurate, up-to-date or complete, please notify us. 

If a charge is applicable to providing you with access, we will disclose these charges to you before providing you with the requested information. Charges may be incurred for retrieving, copying and sending out information.

You can request access to your personal information or correction of your personal information by contacting us and we will respond to your request within a reasonable period of time. 

In some circumstances, your request for access may be refused or restricted access given. If so, we will write to you setting out the reasons for the refusal, restricted access and the mechanism available to make a complaint if you wish. 

In some circumstances, we may also refuse to correct your personal information. If we disagree that the information is incorrect, we will write to your setting out the reasons for the refusal and the mechanisms available to make a complaint. In this case, you are also entitled to provide a statement to us regarding the incorrect personal information held and request that the statement is attached to your information.


How can you let us know of your privacy concerns or lodge a complaint? 

If you have any concerns about the way Southern Cross Travel Insurance handles your personal information, please contact us. 

If you believe we have not met our privacy obligations and wish to make a complaint about an alleged breach of the Privacy Act, please direct your complaint to our Privacy Officer. Their contact details are set out in the ‘How to contact us’ section below. 

Under our complaints process, if we cannot resolve your complaint straight away we will work to resolve it within 30 calendar days, provided we have all the information we need. Whether you have notified us by email or phone, we will acknowledge your complaint by email and provide you with our final decision by email.

If you are not satisfied with the resolution of your complaint or how we have dealt with your complaint, you may wish to refer the complaint to AFCA or the Office of the Australian Information Commissioner (OAIC). Their details are as follows:

Post: Australian Financial Complaints Authority 
GPO Box 3 
Melbourne VIC 3001 
Tel: 1800 931 678
Email: privacy@afca.org.au
Website: https://www.afca.org.au/ 

Post: Office of the Australian Information Commissioner 
GPO Box 5288
Sydney NSW 2001
Tel: 1300 363 992
Website: https://www.oaic.gov.au
OAIC may investigate complaints about acts or practices that constitute an ‘interference with privacy’ if we do not resolve your concerns. 


How to contact us? 

If you have any queries about how we handle your personal information (inclusive of sensitive and health information) or this Privacy Policy, please contact us. Our details are as follows: 

Address: Level 44, 2 Park Street, Sydney NSW 2000 
Telephone: 1800 196 484 (Monday – Friday 8:30am – 5:00pm AEDT) 
Email: info@scti.com.au

Date of last updated version: June 2025

Date of next review: June 2026