Group Privacy Policy

Last updated - September 2022

QBE Insurance Group Limited ("QBE Group") and its affiliates ("we", "us", "our" or "QBE") adhere to this Privacy Policy in respect of our collection, use and disclosure of personal data. This Privacy Policy applies to all personal data collected over this website https://www.qbe.com.

For all other personal data collected by QBE, the privacy practices of each local QBE entity will be explained in separate privacy policies which are made available to you when you first contact us in your location and when your personal data is first collected by that relevant QBE entity.

‘Personal data’ is any information from which individual persons can be identified, directly or indirectly.

For more information on the privacy practices and policies of the QBE Group entity in your region, please see applicable local QBE privacy policies which apply in addition, for example:

• US – QBE NA Privacy Statement and Notice for California Residents
• Australia - Privacy Policy
• NZ - Privacy & your personal information
• Europe - Privacy Policy
• Philippines Group Shared Services Centre (“GSSC”) - GSSC Privacy Policy Statement (recruitment)
• Pacific Islands - Privacy Policy (EN); Privacy Policy (FR)
• QBE Lenders Mortgage Insurance - Privacy Policy
• Singapore - Privacy Policy
• Hong Kong - Privacy Policy (EN); Privacy Policy (ZH)
• Malaysia - Privacy Policy
• Vietnam - Privacy Policy
• India - Privacy Policy
• QBE Group - Candidate Privacy Collection Statement for recruitment

This website is operated by QBE Insurance (Australia) Limited who will, for the purposes of relevant data protection laws (including the EU General Data Protection Regulation (“GDPR”)), be the primary data controller of your personal data.

There may also be other QBE entities responsible for your personal data, such as the QBE entity that first collects personal data from or about you. For example, for personal data collected on other QBE websites, the QBE entity operating the relevant website will be the data controller of your personal data; if you are a supplier, the QBE entity to whom you provide services will be the data controller of your personal data.

You can find out more information about the QBE Group here https://www.qbe.com/about-qbe or by contacting us using the information in the contact us section https://www.qbe.com/contact-us.

What is the purpose of this Privacy Policy?

Please read this Privacy Policy carefully. It explains how we collect, use and share personal data when we collect it from you, including:

• what personal data we collect and when and why we use it;
• how we share personal data within QBE and with our service providers, regulators and other third-parties;
• explaining more about direct marketing;
• transferring personal data globally;
• how we protect and store personal data;
• cookies;
• legal rights available to help manage your privacy;
• how you can contact us for more support.

Updates

We may amend this Privacy Policy from time to time and will place any updates on this webpage. Please regularly check these pages for the latest version of this Privacy Policy. This Privacy Policy was last updated on the date stated above. If we make fundamental changes to this Privacy Policy, we will seek to inform you by notice on our website or email.

External Links

Our websites may contain links to third party sites. Since QBE does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third party sites. This Privacy Policy applies solely to personal data collected by our website.
 
WHAT PERSONAL DATA WE COLLECT AND WHEN AND WHY WE USE IT

Persons We Collect Data From

We may collect personal data from anyone who may visit our website or otherwise provide personal data via our website.

In addition to this Privacy Policy and those linked above, as a customer of QBE we (and our authorised third party representatives or brokers) may provide you with additional privacy policies or privacy notices about how we handle your personal data related to your policies.

Personal data we collect automatically and use if you use our website

When you visit the website, our server automatically collects certain browser or device generated information, including but not limited to your:

• domain;
• IP address;
• date, time and duration of your visit;
• browser type;
• operating system; and
• page visits.

We may use this automatically collected information for aggregated analytical purposes but we do not use it to try to uniquely identify you as an individual and we do not associate it with the information you provide voluntarily.  However, we may use this information to associate you with the organisation you work for, or to understand the approximate geographic area you may be visiting the website from.

Personal data we collect and use if you provide it to us

If you are an investor in QBE, you will have provided basic personal data when dealing with shares or other securities in QBE.

In using our website, you may voluntarily provide personal data to us in the following ways:

• by signing up for news alerts (including those from any of our third-party partners where we notify you and you confirm in advance), newsletters or other forms of communication;
• by registering for an event or webinar;
• by corresponding with us by phone, e-mail or otherwise using the contact details provided on our website;
• when making an enquiry with us.

Typically, the personal data you give us may include name, address, e-mail address, phone number, and any personal details required to resolve any inquiry.

Legal basis for using your personal data

The following is an overview of our purposes for using your personal data. Please remember that additional information may be provided to you in a separate notice or contract or where you access any of our other websites or online products or services. We will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do this. This may be because:

• you have consented to the processing (for example, where you consent to the placing of cookies on our websites, or where you proactively sign-up for a QBE newsletter);
• we need to use your personal data for our legitimate interest as a commercial organisation, subject to your interests and fundamental rights (which will apply to the majority of our activities under this Privacy Policy; for example, we have a legitimate commercial interest in building good relations with our customers, suppliers, investors and shareholders by providing information to them on the services we provide, the activities of QBE, maintaining customer, supplier, investor and shareholder relationship management databases, sharing information intra-group and contacting our customers, suppliers investors and shareholders from time to time); or
• we need to use your personal data to comply with a relevant legal or regulatory obligation that we have.

If you would like to find out more about the legal basis for which we process personal data, please contact us. 

We use the personal data we collect to:

• allot shares, maintain a register of our shareholders and members, and communicate with those members (through reports, meetings etc.);
• improve our websites based on how you and other users interact with our content;
• customise or personalise our websites to users' needs (for example, by showing content or language which is relevant to your geographic location);
• correspond with website users to resolve their queries or complaints; and
• send you marketing communications (e.g. newsletters), where it is lawful for us to do so.

SHARING PERSONAL DATA WITH OTHERS

We share your personal data in the manner and for the purposes described below:

• within QBE Group, where such disclosure is necessary to provide you with our products and/or services and/or to manage our business;
• with third party service providers (who will operate under our instructions) who help manage our business and assist us in providing information or services to you (for example, suppliers of relationship management or marketing solutions or third party IT service providers to manage and improve the website. These third parties may need access to your information and will have agreed to confidentiality restrictions and obligations to use any personal data we share with them or which they collect on our behalf solely for the purpose of providing the contracted service to us); or
• with government organisations and agencies, law enforcement and regulators if needed to comply with applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies.

If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose information to a potential or actual third-party purchaser of our business or assets.

When we work with third parties, we make clear to them the importance we place on privacy, data security and the standards we expect to be upheld. We include provisions in applicable contracts with third parties to comply with privacy laws and the QBE Group Code of Ethics and Conduct applies to anyone who represents QBE in any capacity. 

TRANSFERRING PERSONAL DATA GLOBALLY

QBE is a group with affiliates, divisions and offices situated throughout the world, and it will therefore be necessary, from time to time, to pass your information between QBE locations internationally. A full list of our locations is available here: https://www.qbe.com/about-qbe

Accordingly, your personal data may be transferred and stored in regions and countries outside the EU or your country of residence, including Australia, Asia Pacific, New Zealand, Pacific Islands, India, North America and within Europe, including QBE's services company located in the Philippines which provides sales, claims administration and other services to the Group, and/or to any other countries where QBE entities operate or may operate in the future, each of which may be subject to different standards of data protection to your country of residence.

Where we transfer personal data outside of its origin country, we consider the recipient country privacy laws and practical protections. In the event recipient country privacy laws are not adequate to the origin country, we satisfy ourselves there are appropriate protections and ability for individuals to have appropriate rights of redress and if we cannot satisfy this, will look to alternative solutions to avoid such transfer. To this end:

• we will ensure any transfers within QBE Group are covered by an agreement entered into by members of QBE (an intra group data transfer agreement) which contractually obliges applicable members of QBE to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within QBE (such agreement may incorporates applicable EU Commission approved Standard Contractual Clauses, where needed to ensure that EU personal data receives the same level of protection as if it remained within the EEA). We may also rely on other mechanisms provided for by all applicable privacy laws to ensure any personal data transferred within our group of companies complies has adequate safeguards and is compliant with such laws;
• if/where we transfer your personal data outside QBE or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal data in accordance with all applicable privacy laws; 
• local processes will consider validity and scope, and appropriate response to, any government agency requests relating to personal data in QBE’s control in accordance with applicable local privacy and data protection obligations; and respecting the privacy laws of the origin country of the applicable data.

EXPLAINING MORE ABOUT DIRECT MARKETING

How we use personal data to keep you up to date with our products and services

We may use personal data to let you know about our products and services that we believe will be of interest to you (for example, where you have signed up for one of our newsletters). We may contact you by email, post, or telephone or through other communication channels that you agree to be contacted through. In all cases, we will respect your preferences for how you would like us to manage marketing activity with you.

How you can manage your marketing preferences

To protect privacy rights and to ensure you have control over how we manage marketing with you:

• we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
• you can ask us to stop direct marketing at any time by following the "unsubscribe" link you will find on all the email marketing messages we send you. Alternatively, you can contact us at https://www.qbe.com/contact-us. Please specify whether you would like us to stop all forms of marketing or just a particular type (e.g. email); and
• you can change the way your browser manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained in the Cookies section of this Privacy Policy.

We recommend you routinely review the privacy policies or notices and preference settings that are available to you on any social media platforms as well as your preferences within any account you may have with us.

HOW WE PROTECT AND STORE YOUR INFORMATION

Security

We take the security of the information we collect seriously. We have implemented and maintain technical and organisational security measures, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access to such information appropriate to the nature of the information concerned.

Measures we take include:

• placing confidentiality requirements on our staff members and service providers;
• following strict security procedures in the storage and disclosure of your personal data to prevent unauthorised access to it; and
• using secure communication transmission software (such as "transport layer security" or "TLS") that encrypts all information you input on our website before it is sent to us. TSL is an industry standard encryption protocol for the financial services industry (recommend by PCI DSS and relevant regulators) and this ensures that the information is reasonably protected against unauthorised interception.

However, in relation to our website, it is important to remember that no website can be 100% secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control. As the security of information depends in part on the security of the computer you use to communicate with us and the security you use to protect User IDs and passwords, please take appropriate measures to protect this information.

Storing your personal data

We will store your personal data in electronic and hardcopy and for as long as is reasonably necessary for the purposes for which it was collected, as explained in this Privacy Policy. We maintain a data retention policy which we apply to records in our care. Where your personal data is no longer needed, we will ensure that it is deleted and disposed of in a secure manner.

In some circumstances we may store your personal data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements (for example, certain records are kept for 7 years after the completion of a policy or claim).

Where we have obtained your personal data in order to provide you with marketing information for our products and services (including QBE newsletters), your personal data will be stored by us only as long as you do not change your mind to receive such materials from QBE.

In other specific circumstances we may store your personal data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal data or dealings.

COOKIES

A cookie is a small text file containing small amounts of information which is downloaded to/stored on your computer (or other internet enabled devices, such as a smartphone or tablet) when you visit a website.

Cookies may collect personal data about you. We use cookies and similar technologies to help us remember information about your visit to our website, like your country, language and other settings. Cookies allow us to understand who has seen which webpages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. They can also help us to operate our website more efficiently and make your next visit easier. Cookies can allow us to do various other things, as explained further in our Cookie Policy which you can access by clicking on the link below.

For more information about how our cookies work and information about how to manage your cookie settings please visit our Cookie Policy.

LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY

You may request access or request correction of the personal data that we hold about you by contacting us. There are some circumstances in which we are not required to give you access to your personal data. There is no charge for requesting access to your personal data but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

If you wish to exercise any of the rights detailed in this section, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal data to you.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Under EU/UK laws, some of the following additional rights may be available:

• Right to access personal data
  
  A right to request that we provide you with a copy of your personal data that we hold and you together with how and on what basis your information is processed.
  
  
• Right to rectify or erase personal data
  
  A right to request that we rectify inaccurate personal data. We may seek to verify the accuracy of the personal data before rectifying it.
  
  Request that we erase your personal data in limited circumstances where:
  
  
  • it is no longer needed for the purposes for which it was collected;
  • you have withdrawn your consent (where the data processing was based on consent - for example where you have provided your consent to receive marketing newsletters, you can withdraw this consent at any time);
  • following a successful right to object (see right to object);
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which QBE is subject.

  We are not required to comply with your request to erase personal data if the processing of your personal data is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defense of legal claims.

• Right to restrict the processing of personal data
  
  Ask us to restrict your personal data, but only where:
  
  
  • its accuracy is contested, to allow us to verify its accuracy;
  • the processing is unlawful, but you do not want it erased;
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

  We can continue to use your personal data following a request for restriction, where:

  • we have your consent;
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

• Right to transfer of personal data
  
  Ask us to provide your personal data to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
  
  
  
  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.
    
    
• Right to object to the processing of personal data
  
  Object to any processing of your personal data which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
  
  If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

• Right to object to how we use personal data for direct marketing purposes
  
  Request that we change the manner in which we contact you for marketing purposes.
  
  You can request that we not transfer your personal data to unaffiliated third parties for the purposes of direct marketing or any other purposes.
  
  
• Right to obtain a copy of personal data safeguards used for transfers outside your jurisdiction
  
  Ask to obtain a copy of, or reference to, the safeguards under which your personal data is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms.

You have the right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal data. If you are in Australia, you may contact the Office of the Australian Information Commissioner (www.oaic.gov.au) for guidance.

We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

PRIVACY AT QBE

QBE’s global privacy program is governed centrally through the QBE Group Compliance team: the Group Privacy Officer reports to the Chief Compliance Officer, who in turn reports to the Group Chief Risk Officer. Divisional local privacy programs are managed locally in addition. 

The Group Privacy Officer is responsible for QBE’s Global Privacy Framework (summarised here) which seeks to ensure that there are robust and effective privacy practices, procedures and systems in place across the global enterprise.

All staff at QBE receive compliance training. This includes Information Security and Privacy training which is relevant to the employee’s role. The online training course content includes topics such as data protection, collection/storage/security of personal data, sensitive information and dealing with data breaches.

CONTACT US

For all issues arising from this Privacy Policy, please contact us at https://www.qbe.com/contact-us.

If you have any questions, concerns or complaints regarding our compliance with this Privacy Policy, the information we hold about you or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by applicable privacy and data protection laws.

Please ensure you direct your enquiry to the applicable QBE division with whom your relationship is to enable QBE to establish the appropriate regulatory obligations that may apply. Our main divisional contact points are as follows: 

The Group Privacy Officer can be contacted via group.privacy@qbe.com.