What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not.
Some personal information is “sensitive personal information”. That is information about an individual’s racial or ethnic origin, political opinions, membership of a political organisation, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, health information about an individual, genetic information, biometric information or templates.
The personal information we collect and hold and why we collect and hold it
We only collect, hold, use and disclose personal information necessary for, or directly related to, one or more of our business functions and activities and which the individual would reasonably expect us to collect. This will vary depending on the services we are providing or the activities we are involved in and to comply with any applicable legal or regulatory requirements.
When you are dealing with us we will collect and hold personal information about you and other individuals which may include:
- full name
- date of birth
- contact details including private/business address, email address and phone number
- records of our dealings with you and other individuals generally
- your opinions or statements about and endorsements of our products and services collected personally or by surveys or questionnaires
- where a claim has been made, or where your employer has applied to become a Member of a Mutual we manage, we may collect other personal information, including financial details, risk and claims histories (validated and invalidated) and claims details, which may include health information.
We do not collect personal information for any purpose not related to our business functions or activities, or which the individual would not reasonably expect us to collect unless we the individual’s consent.
We only use and disclose personal information for the main purposes for which it was collected, or if we have consent from the individual to use it for another purpose.
How we collect and hold personal information
We collect personal information lawfully and fairly. As far as possible, we will collect personal information directly from you or your agent. If you represent your organisation in its business dealings with us or one of the Mutuals we manage, or in completing an application to become a member of a Mutual we manage, you agree that we can use and disclose your personal information as necessary for the management of the relevant Mutual or to effect membership, discretionary Protection and functions involved with delivery of discretionary benefits.
Sometimes we may collect personal information indirectly. We will take reasonable steps to tell you if we collect personal information from someone else. What we collect and who we collect from will depend on the dealings we have with you and may include information from another company you are connected to, references and information from debt or criminal records agencies.
We always try and limit the amount of sensitive personal information we collect and hold, and we will only collect sensitive personal information if you agree that we can.
The personal information we collect is held in hard copy and in our own data storage devices or by a third party which provides data storage.
How we use personal information
We only use personal information to:
- enable us to deliver our services to our clients and their Members
- allow us to maintain contact with prospective clients to discuss our services and establish new Mutuals
- send you information and documents about company matters
- make decisions about accepting a business or organisation connected with you as a Member of a Mutual and providing Protection
- understand the needs and requirements of our Mutuals’ Members
- investigate and process claims
- administer Protection and collect contributions
- recover debts and damages
- carry out market research
- protect you, us, the Mutuals we manage, their Members, third parties and suppliers from fraud
- help us identify any products, benefits or services that might be beneficial to a Mutual or Members, whether they are offered by a Mutual we manage direct or by third parties or preferred suppliers
- if you agree, tell you about other products and services we can offer.
Your personal information may be disclosed to third parties including service providers we use (such as claims advisers, loss adjusters, legal advisers or assessors) and insurers. We only disclose personal information to third parties for delivery of Mutual services and our services, unless we have the individual’s consent.
Each third party, their employees and contractors are required to deal with personal information in a manner and at the level specified by our standards and only to use the personal information for the purposes for which it was disclosed.
We may be required by law to disclose personal information and if we do we will tell you, if we are legally allowed to.
If we became involved in the sale, merger, transfer, restructuring or dissolution of our business, we might have to disclose personal information, for example in a due diligence process. We will only disclose personal information in such circumstances if it is necessary to do so. We will tell you if we must disclose your personal information and we will make sure that the personal information disclosed is treated in confidence and kept secure.
Keeping personal information safe
We take all reasonable care to make sure that the personal information we hold is protected from loss, misuse, interference, unlawful access, modification or disclosure. We destroy or permanently de-identify personal information in accordance with the Privacy Act.
We maintain computer and network security including firewalls and user identifiers and passwords.
Mandatory investigations and reporting are required for personal data breaches as well as the reporting of such breach to the individual’s whose personal information has been breached as well as the privacy.
Data breaches occur when there is:
- Unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (affected individuals), or
- Where personal information of affected individuals is lost in circumstances that may give rise to unauthorised access or unauthorised disclosure.
Data breaches may be caused by malicious intentional actions, such as a serious cyber security incident, accidental loss, loss of negligence or loss from improper disclosures.
Keeping personal information up-to-date
We rely on the personal information we hold in conducting our business and the business of the Mutuals we manage. It is very important that the personal information we hold is accurate, complete and up-to-date when we collect it, use it or disclose it.
We do everything we can to ensure that the personal information we hold is accurate, complete and up-to-date whenever we collect or use it. This means that, from time to time, we will ask you to tell us if there are any changes to your personal information. If you find that information we hold about you is incorrect, incomplete or out of date, please tell us and we will correct it.
Use of Government identifiers
We do not adopt, use or disclose an identifier that has been assigned by a Commonwealth Government Agency unless legally required. An identifier, for example, a Medicare or tax file number, is a number assigned by a Commonwealth government agency to identify uniquely the individual for the purposes of the organisation’s operations.
Sending personal information overseas
As a rule, we do not disclose personal information to any person or organisation in a foreign country if that country does not have a comparable information privacy regime, but in the unlikely event that we need to do so, we will obtain your prior consent except where the Australian Privacy Principles do not require us to do so.
It is reasonably likely that we may disclose personal information to recipients in New Zealand and Europe (including the United Kingdom, the Isle of Man and Luxembourg). These countries have privacy regimes substantially like Australia incorporating at the least the same level of information protection under the Australian Privacy Principles.
Accessing and correcting personal information
You have a legal right to know what personal information we hold about you, subject to certain exceptions provided by law. You also have the right to have your personal information corrected if it is inaccurate or out of date.
If we correct your personal information we may keep a copy of the previous personal information for our records or if required by law.
By law we and the Mutuals we manage are permitted to make a small charge for giving you details about the personal information we hold about you.
How can you contact us
- want to know what personal information we hold about you
- believe your personal information should be corrected
- think your privacy has been interfered with due to a breach of our obligations in relation to your personal information and you want to complain
- would like more information about the way we manage the personal information we hold
please contact to our Privacy Officer.
If you are not satisfied with our response to a complaint, we will explain your options for proceeding further with your complaint.
You can contact our Privacy Officer at;
The Privacy Officer
Regis Mutual Management Pty Limited
PO Box H96, Australia Square NSW 1215
If you are not satisfied with our response to a complaint, we will explain how you can proceed further with your complaint.
For more information about privacy issues in Australia and protecting your privacy, visit the Office of Australian Information Privacy Commissioner’s website at www.oaic.gov.au.