This information is current as at 7 April 2016.
We are bound by the Privacy Act 1988 (Cth) (Privacy Act) and the Australian Privacy Principles contained in that Act and are committed to protecting personal information we may hold at any time in respect of any individual, in accordance with those requirements.
Those principles do not apply to certain records and practices relating to the employment relationship between us and our employees. In addition, certain disclosures of personal information between related bodies corporate do not have the same protection as disclosures to other persons.
What is "personal information"?
"Personal information" is information or an opinion about a reasonably identifiable individual. The types of personal information that we collect includes the following information about you which is relevant to our relationship or the product or service you are enquiring about or making an application for: name, address, contact details, date of birth, financial details such as income, savings and expenses, employment details and the reason a person might be applying for a financial product we supply.
"Sensitive information" is a subcategory of personal information which includes information about your health. We may be required to collect sensitive information about your health in certain circumstances, for example when you apply for coverage related to high value finance or make a claim under your policy. We realise that this is often sensitive information and we will treat it with the highest degree of security and confidentiality.
Why do we collect personal information?
As a general rule, we only collect, hold and use personal information about you which is necessary for us to establish and administer any financial product or service provided to you, to identify you for enquiries, concerns and complaints you may have and to deal with any requests or claims you may make.
We may also need to collect further information from yourself and third parties to allow us to process a claim you make (see below). Some of this may be sensitive information which we will treat with the security and confidentiality that it warrants.
If you do not provide us with the information we request or authorise us to collect this information from third parties, we may not be able to provide you with the financial products and services that you have requested or process any claims you may make.
Your information is also collected, held and used for the purposes of complying with legislative and regulatory requirements, considering any other application you may make to us, performing our administrative operations (including for example, accounting, risk management, staff training etc), developing and identifying products and services that may interest you and (unless you ask us not to) telling you about products and services offered by us or our affiliate companies and conducting customer satisfaction surveys to improve our products and services.
How do we collect personal information?
We will not ordinarily collect any information about you except where you provide it to us or it is provided to us with your authority (e.g. from a person appointed to act on your behalf). For example, we collect personal information directly from you through forms you fill out when applying for our products and services and also when you make a claim under an insurance policy or through your ongoing interaction with us.
We may also be required to collect information (including sensitive health information) about you from a third party to allow us to process a claim you make. These parties may include other product issuers with which you have accounts, insurance investigators, doctors and employers.
In addition to the above, when you call us on the telephone, we may monitor and record the telephone conversation for staff training and record-keeping purposes.
From time to time we may receive information that we have not asked for about you from third parties. We will only keep, use and disclose this information as permitted by law.
We may also collect basic personal information about third parties (e.g. an employer or a health provider) if provided by an applicant or claimant.
How do we store personal information?
We store your personal information in a number of ways including:
- in electronic systems and devices;
- in telephone recordings;
- in paper files; and
- document retention services off-site.
This may include storage on our behalf by third party service providers. See our comments below about how we protect your information.
How do we protect personal information?
We take all reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure. These include:
- using appropriate information technology and processes;
- restricting access to your personal information to our employees and those who perform services for us who need your personal information to do what we have engaged them to do;
- protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
- using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files;
- securely destroying or "de-identifying" personal information if we no longer require it subject to our legal obligations to keep some information for certain prescribed periods; and
- requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.
Whilst we take reasonable measures, no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our online forms or products. You submit information over the Internet at your own risk.
Why do we exchange personal information with third parties?
Unless required by law, we will only exchange the personal information that we collect in the normal operations of our business, where it is necessary to provide our services (or the services of our alliance companies) to you, or where you request us to or consent to us doing so.
The types of third parties with whom we may exchange your personal information include - our related bodies corporate (including members of the Bank of Queensland Limited group), your financier or other agents or persons introducing you to us, our corporate partners and distributors and any agents, representatives or contractors used by them in administering that partnership, co-insurers, reinsurers, regulatory bodies and government agencies and our agents and service providers (such as professional advisors, IT support and mailing houses).
There may be other parties that we need to exchange your information with in the event of a claim or complaint under your policy. These include any employer or ex-employer, external dispute resolution schemes, claims investigators, other insurance companies, lawyers, recovery agents, hospitals, doctors, medical specialists or other health professionals.
We may also disclose your personal information to third parties where you request us to or consent to us doing so or in order to fulfil our legal obligations.
The information we provide to other organisations will be limited to what is required to provide the service or comply with the law.
Exchange of information with overseas parties
Some of the parties with which we exchange your personal information, including our service providers and other third parties listed above, may be located outside Australia.
Depending on the circumstances and/or the product you have purchased, these parties are likely to be located in the following countries:
We may disclose necessary information to related body corporates and to any agents, representatives, organisations or contractors who provide services to us in connection with the provision of products or services you have sought from us, for the marketing of specific products and services and for the purpose of customer satisfaction surveys.
We may also disclose necessary information to other organisations with which we have alliances or arrangements for the purpose of promoting our products and services (and including any agents, representatives or contractors used by us or our corporate partners in administering such an arrangement or alliance). These parties are prohibited from using your personal information except for the specific purpose for which we supply it to them.
If you do not wish to receive any marketing material, you may ask us not to send you marketing information about products and services and not to disclose your information to other organisations for that purpose. You may do this by calling 1300 363 159, or emailing customer service on email@example.com.
Access and correction to your personal information
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date.
You may request access to information which we hold about you at any time by contacting our Privacy Officer on 1300 363 159 or at firstname.lastname@example.org. Under certain circumstances, we may not tell you what personal information we hold about you or allow you to access that information, for example where the information relates to legal proceedings with you or where we are prevented by law from disclosing the information, or providing access would prejudice certain investigations. If one of the exceptions applies, we will consider whether the use of an intermediary is appropriate and would allow sufficient access to meet the needs of both parties. If we do not give you the information, we will give you the reasons why.
Where we do grant access to your information, we may charge you a fee for accessing your personal information.
Under the Privacy Act, you also have a right to request that we correct information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading. If at any time you believe that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please advise us by contacting our Customer Service Team on 1300 363 159 or at email@example.com and we will take all reasonable steps to correct the information. If we do not correct the information, you can ask us to include with the information held, a statement from you claiming that the information is not correct.
If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, you may request that we review the decision via our complaints handling procedures which are outlined below.
Dealing with us anonymously or using an alias
We will generally need to know who you are in order to provide you with insurance, process your claim or handle a complaint.
Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (alias), for example when making general enquiries about the services we offer. You may receive a better service or response if we know who you are. For example, we can better understand a complaint you might have if we know who you are and the circumstances of your complaint.
You must tell us when you are using a pseudonym when applying for our services. We will generally need to identify you in order to provide you with our services, so we will tell you whether or not your real name is required to access those services.
Our internet websites
How will a complaint be handled?
St Andrew's is committed to resolving your complaint internally and as quickly as possible. Complaints can be received in several different ways:
- in person
- by phone
- in writing
- via email.
We operate a four stage process to resolve complaints.
- Customer Service Team. We will endeavour to resolve your complaint immediately. If longer is required, we will acknowledge your concern and provide a time estimate for resolution.
- Management Review. If you are not satisfied with our initial response, you can request a management review, which we endeavour to respond to within 15 business days from the lodging of your original complaint.
- Internal Dispute Resolution. If you remain dissatisfied following management review, you can request the matter be referred to our Internal Dispute Resolution Committee. The Committee is comprised of independent senior managers of the business who will review your complaint and respond to you within 15 business days (unless an alternative timeframe is agreed).
- External Dispute Resolution. In the unlikely event that your complaint remains unresolved to your satisfaction, you may elect to refer the matter to external dispute resolution.
Privacy complaints can be referred to the Financial Ombudsman Service (FOS) in some circumstances. Contact details are:
Financial Ombudsman Service Limited
GPO Box 3
Melbourne, VIC 3001
Telephone: 1800 367 287
Facsimile: +613 9613 6399
You may also elect to contact the Office of the Australian Information Commissioner if you have a complaint about the way we handle your personal information. Contact details are:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Telephone: 1300 363 992
Facsimile: +612 9284 9666
If you have any further questions or concerns about the way we manage your personal information, including if you think we have breached the Australian Privacy Principles, please contact:
The Privacy Officer
St Andrew's Australia
GPO Box 7395
Cloisters Square, WA 6850
Telephone: 1300 363 159
Facsimile: 1300 720 722