QBE Insurance (Australia) Limited ABN 78 003 191 035 AFSL 239545 (QIA) is committed to earning and maintaining your trust by carefully and respectfully managing your personal information.
This Privacy Policy provides important information about how QIA collects, uses, holds and discloses your personal information. It also outlines how you can:
- access and correct the personal information we hold about you
- make a complaint about our handling of your personal information, and
- provide free and informed consent for QIA to handle your personal information.
Application of this Privacy Policy
This Privacy Policy applies to QIA as well as:
- QBE Management Services Pty Ltd ABN 92 004 800 131
- Trade Credit Underwriting Agency Pty Ltd ABN 73 160 077 574
- Trade Credit Collections Pty Ltd ABN 82 635 741 605, (we, us, our).
We will update this Privacy Policy if our information handling practices change.
What laws apply to us when we collect, use, or disclose your personal information
Our collection, use, holding, and disclosure of your personal information is governed by the Australian Privacy Principles and the Privacy Act 1988 (Cth), as well as State and Territory privacy legislation.
We also have obligations relating to the handling of your personal information, or particular types of personal information, under other laws, including but not limited to:
- South Australia CTP Regulator Rules
- Healthcare Identifiers Act 2010 (Cth)
- Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth)
- Disability Discrimination Act 1992 (Cth).
Key sections of this Privacy Policy
- Types of personal information we collect
- How we collect your personal information
- Why we collect your personal information
- Who we may disclose your personal information to, and why
- How we hold and secure your personal information
- Your privacy rights
- Consent to collect, use, and share your information
- How to access or correct your personal information
- How to make a privacy complaint
- Contact information
Privacy Policy summary
We collect, hold, use and disclose personal information so that we can offer and deliver to you, products and related services that may manage your financial risk. The type of things we do with your personal information to be able to provide you with these products and services include:
- analysing the risks being insured
- arranging and issuing insurance products
- claims assessment, management, and settlement
- credit reporting to understand your financial position
- complaint and dispute management and resolution
- accounting and auditing
- litigation and debt recovery
- preventing, detecting, and managing insurance fraud and financial crime
- complying with legal and regulatory obligations
- providing insurance services for other insurance entities, and
- communicating to you about your insurance policy, products, or services.
We may also use your personal information for additional purposes such as:
- conducting customer research
- marketing our products and services to you
- personalising or targeting advertisement on other websites, apps, or online platforms
- data analysis and matching for marketing purposes
- using web tracking tools, and cookies to manage or improve our website, and
- improving our products and services.
We may share your personal information with others as part of these activities and uses. What information we share and with whom depends on the circumstances of the activities we need to perform. For example, we may also share your personal information with marketing, advertising and data matching service providers, and third-party platforms which display advertising or content (including personalised advertising), based on your personal information.
We support your right to access or correct the personal information we hold about you or make a privacy complaint.
Privacy Policy in full
Types of personal information we collect
The personal information we collect depends on the products and services we offer you and the circumstances of your interactions with us. The table below lists examples of the type of personal information we collect.
Type of personal information Examples of what personal information this may include Identity information and contact details Name, date of birth, mailing and residential address, telephone numbers, and email address. Demographic information Age, gender, country of birth, citizenship or residency status, relationship status and family circumstances, education, whether you have children, dependents, or are a carer. Australian Government related identifiers or copies of identity documents
- Medicare, Pensioner, Concession, Passport, Visa, Drivers Licence
- Tax File Number, Individual Healthcare Identifier
- Copies of other government identification numbers or documents such as birth and marriage certificates.
Employment information Employment status, employer or employees, role, workers employment history, salary, workplace performance, workplace injuries, accidents, and misconduct. Driving record Demerit points, suspensions and driving incidents. Health or medical information Medical records such as diagnoses, diagnostic imaging reports, handwritten medical reports, pathology reports, psychological assessments, vaccination history, drug and alcohol test results, and specialist's letters. Financial and credit-related information
- Your bank account and credit card details.
- Personal insolvency information such as information entered or recorded in the National Personal Insolvency Index
- Consumer credit liability information, which includes details about consumer loans, credit cards and overdrafts
- Repayment history information relating to consumer credit contracts
- Default information or information about any other serious credit infringements
- Publicly available information that relates to your credit worthiness such as bankruptcy notices.
Property and asset-related information Information about property or assets. For example, information about the type of vehicle you own, registration details, maintenance history, images of the assets etc. Business information involving personal information Directors Identification Number, details of the shareholdings. Photographs, video or audio recordings and transcripts
- Call audio recordings and transcripts when we call you or you contact our call centres or affiliates
- Photographs and videos made when collecting evidence to assess the risk of insurance or support a claim.
Interaction and behavioural information Your interactions with us, including your queries or complaints, opt-ins to receive marketing surveys and communications, as well as information collected at the point of application and claims processing. See also websites and app tracking section in this table. Personal information we create from data analytics activities
- Metrics for suspicious and potentially fraudulent claims
- Risk rating for individuals who are not seeking healthcare per their claim entitlements
- Whether your credit history predicts the risk of a default for a deposit bond.
Website and app tracking
When you visit our websites or use one of our apps we, or third parties acting on our behalf, use cookies to collect information which may include personal information. We use both 'persistent' and 'session' cookies. We also use other technologies similar to cookies, including those which are embedded into, or which accompany emails sent by us or on our behalf. The information we collect includes:
- details of visits to our website or use of our apps and the browsers used
- details of sites visited before visiting our website
- pages visited, time spent on them, and documents viewed and downloaded
- visits made to our websites before
- user location
- preferences, and
- server address/IP address.
Please see QBE's cookies policy for further information.
Vulnerability Information which may indicate vulnerability such as age, disability, mental health conditions, physical health conditions, family violence, language barriers, literacy barriers, cultural background, Aboriginal or Torres Strait Islander status, remote location, or financial distress. Other sensitive information
- Religious beliefs
- racial or ethnic origin
- membership of a professional or trade association
- membership of a trade union
- criminal record.
Who we may collect your personal information from
We may collect personal information from:
- you, including when you are a customer of our related entities, intermediaries, or a broker
- our customers, and the customers of our business intermediaries, for example brokers and agencies that distribute insurance products and services on behalf of QIA
- our claims fulfilment and other service providers, such as auto repairers, claims assessors, and legal firms
- group policyholders such as large employers and businesses
- other insurance companies or organisations involved in processing a claim
- policyholders, claimants, and witnesses
- credit reporting bodies
- Government entities such as regulatory bodies
- participants in competitions, loyalty programs, marketing initiatives, promotions, and surveys
- credit providers, and others you owe money to, or
- trainees and people who use our online training facilities.
We may also collect personal information about you from the above persons or entities if you are not directly a customer of QIA. When we collect this information, this Privacy Policy also applies.
How we collect your personal information
We collect your personal information:
- directly from you
- from third parties, or
- when we create new information about you when we analyse personal or other information we already hold about you.
We collect your personal information in various ways, including:
- from your interactions with us, including in person, over the phone, via email, website, and mail
- from your dealings with our related entities, intermediaries and brokers who interact with us
- from your dealings with our claims fulfilment providers, other service providers and other individuals or entities involved in a claim, such as authorised repairers, medical professionals, lawyers, debt collectors, other insurers, claimants, injured persons, and co-insureds
- from embedded tools on our websites such as cookies and pixels, and
- from publicly available sources of information such as social media websites and ASIC registers.
Why we collect your personal information
We endeavour to limit the collection of your personal information to what is reasonably necessary for our business activities and functions. The table below lists the primary purposes for which we collect your personal information and some examples.
Why we use and disclose your personal information
While we may use and disclose your personal information for the primary purposes set out in the table above, we may also use personal information for the following secondary purposes.
Who we may disclose your personal information to, and why
Who we disclose your personal information to will depend on our relationship with you and the purposes for which we collected your personal information. In some circumstances, the entities we share information with may also share your personal information with other entities they do business with. The table below describes who we may share your personal information with and why.
Information we share with overseas recipients
We may store and disclose personal information overseas. These locations include:
- China
- Denmark
- France
- Germany
- Hong Kong
- India
- Ireland
- New Zealand
- Philippines
- Singapore
- Thailand
- The United Kingdom
- The United States of America
- Vietnam.
Where personal information has been disclosed overseas, there is a possibility the recipient may be required to disclose it under a foreign law. Where this occurs, such disclosure is not a breach of the Privacy Act.
If you do not provide us with your personal information
You do not have to provide us, our intermediaries, claims fulfilment or other claims related service providers with personal information when seeking our products or services or interacting with us. However, if you do not provide us the necessary information, we may not be able to provide you the products or services you request. In some cases, failing to give us requested personal information can have negative consequences such as the denial of a claim.
Dealing with QIA anonymously
There are some cases where you can deal with us anonymously, such as if you are only looking for general information about one of our products or services.
How we hold and secure your personal information
Holding your information
We hold your personal information in information management systems which may be on-premise or cloud-based servers, data warehouses, data lakes, and in hard copy files. These systems are managed in a number of ways. They may be managed or administered internally by us, or they could be managed by a third-party with whom we may have a contractual relationship. Third parties can be located in Australia and/or overseas.
Securing your information
We take reasonable steps to protect your personal information from misuse, interference, and loss, as well as unauthorised access, modification, or disclosure. The ways we do this include:
- limiting physical access to our premises
- restricting electronic and physical access to personal information we hold
- monitoring staff access to your personal information
- having stand-by systems and information backups in place to deal with major business interruptions
- maintaining information security products such as system firewalls, encryption tools, and secure file transfer services
- implementing risk management processes to maintain polices, standards and procedures that govern and control the protection of your personal information
- performing audits of our information management systems and practices, and
- assessing third-party security measures.
Your privacy rights
Consent to collect, use, and share your information
For certain activities and types of personal information, such as sensitive information and credit-related information, we are required to obtain your consent to collect, use and disclose your personal information. In these circumstances, we endeavour to ensure that you:
- are aware of the consequences of giving or not giving your consent
- understand that consent is voluntary in that you are not being forced to provide consent, and
- understand that your consent (at the time it is given), is current and specific.
There are benefits and risks associated with providing consent to handle your sensitive personal information. The primary benefit for providing consent is that it is often a necessary step in us being able to provide you our products and services.
In addition, there may be risks associated in providing us with your consent to use your personal information. There is a risk that in the event of a data breach, there may be unintended misuse, interference, and loss, or unauthorised access, modification, or disclosure of your personal information. As described above, we take information security seriously and have implemented a range of measures to ensure that the likelihood of this risk eventuating is low.
How to access or correct your personal information
You can request access to the personal information that we hold about you in the format you require. You can also ask us to correct your personal information if you believe the information we hold about you is incorrect or incomplete. To do so, please fill out the Information Request Form and email or post it to us using the contact details below. You can also make access or correction requests to us by phone using the contact details below. Once received, we will endeavour to respond to your request within 30 days.
You will be required to show that you are authorised to make a request if acting on behalf of someone else (such as a policyholder, claimant, or third-party beneficiary) or otherwise have legal authority to request this information such as a warrant, subpoena, order, or notice).
In most cases, there is no charge for requesting access to or correcting your personal information. However, in certain circumstances, we may require you to meet our reasonable costs of providing you with access to your information.
Please be aware that there are some circumstances where we may not be able to provide access to or correct your personal information. For example, if we are conducting a sensitive investigation, or if any of the exceptions in the Privacy Act apply, we may deny your request. If we refuse your request, we will provide you with a written statement which sets out the reasons for the refusal and the avenues available to you to make an appeal or complaint.
How to make a privacy complaint
If you think we have not handled your personal information correctly or in accordance with the law, you can lodge a complaint with our Customer Relations team, the Office of the Australian Information Commissioner (OAIC) or, in certain circumstances, the Australian Financial Complaints Authority (AFCA). We recommend you contact us first so we can try and resolve your complaint effectively and efficiently as generally, the OAIC and AFCA will refer you back to us if you have not already complained directly to us.
Our Customer Relations team will contact you to acknowledge your complaint and provide you with a unique complaint reference number. You will have the opportunity to explain why you are unhappy with how we have handled your personal information and provide information to support your complaint. Our Customer Relations team will review your concerns, taking into account all relevant information including relevant privacy requirements and work with you to try and resolve your complaint. If you are not satisfied with the outcome of your complaint, you can take your complaint to the abovementioned regulatory bodies.
Please review the Complaints and feedback page for further information.
Contact information
Contact us
Please contact the Customer Relations team if you wish to make an access or correction request, make a complaint, have questions about our Privacy Policy or would like a free copy of our Privacy Policy.
QBE Australia Customer Relations
Phone: 1300 650 503 (Office Hours Mon-Fri: 9am-5pm)
Email: [email protected]
Post: GPO Box 219, Parramatta, NSW, 2124
Calls from mobiles, public telephones or hotel rooms may attract additional charges.
Office of the Australian Information Commissioner (OAIC)
Complaints to the OAIC must be made in writing and cannot be made over the phone. Please refer to the 'Lodge a privacy complaint with us' website to access the relevant digital and hard copy complaints forms. For general inquiries about the processes for making a complaint or for other privacy advice, please call 1300 363 992.
Australian Financial Complaints Authority (AFCA)
AFCA may consider some privacy complaints. Please refer to the 'Make a complaint' website for further information about how to make a complaint. For general inquiries, please call 1800 931 678.