What is personal information?
Personal information is essentially information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not and whether recorded in a material form or not.
Sensitive information is a subset of personal information and is essentially information or an opinion about a person's racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual orientation or practices, criminal record or health, genetic or biometric information or templates.
See the Privacy Act for full details of what constitutes personal information.
Why and what kinds of personal information we collect, hold, use and disclose
We collect, hold, use and disclose personal information by lawful and fair means in order to provide you with insurance and insurance related services. Only information necessary for the completion of the above services, our business or related activities will be collected. This includes information necessary to consider the risk, administer the insurance, assess a claim and determine competitive and appropriate premiums.
We may also sometimes collect personal information for the development of better products and services, and for conducting marketing and customer service research. We may sometimes share this information with our related companies in order to serve you better.
We usually collect identifying information such as your name, address, contact telephone numbers and email addresses. If you are applying for a product we may offer, we may also need to collect specific information that will enable us to supply that product to you. We will collect and store this information in a manner that allows us to assist you in the future.
Some products or services may require us to collect 'sensitive information', which may include (but is not limited to) your membership of associations, health data, criminal records. We will only collect this type of information where necessary to provide our services to you and in accordance with the Privacy Act.
If you do not agree to provide us with the information we request, we may not be able to offer you the product or services you seek.
How we collect personal information
Where possible and practicable to do so we will collect information about you, from you. Sometimes it may be collected indirectly (e.g. from your representatives or co-insureds or through websites from data you input directly or through cookies and other web analytic tools). Who it is from can depend on the circumstances.
If we obtain this information from other sources, we will take reasonable steps to advise you of this disclosure.
When you give us personal information about other individuals, you represent to us that:
- you have the authority from them to do so and it is as if they provided it to us; and
- you have made them aware that you will or may provide their personal information to us, the types of third parties we may provide it to, the relevant purposes we and the third parties we disclose it to will use it for, and how they can access it. If it is sensitive information we rely on you to have obtained their consent on these matters. If you have not done or will not do either of these things, you must tell us before you provide the relevant information.
Disclosing your personal information
Your personal information will only be disclosed to third parties where the disclosure is reasonably required to carry out ATC's business or activities unless you have authorised otherwise (or if required by law).
Except where you have consented to it, we will limit the use and disclosure of any personal information provided to us by third parties about you, to the specific purpose for which the information was supplied or in connection with the services we provide to you.
Transfer of information overseas
We will need to transfer your personal information overseas in order to properly carry out our business. The countries in which these recipients of your personal information are located will depend on the types of services we provide to you, the location of the reinsurer and the location of other services providers. We are unable to identify this location until such time as the services have been provided and this may be subject to change whilst the services are being provided.
When we send information overseas, in some cases we may not be able to take reasonable steps to ensure they do not breach the Privacy Act and they may not be subject to the same level of protection or obligations that are offered by the Act. By proceeding to acquire our services and products you agree that you cannot obtain redress under the Act or against us, but only to the extent permitted by law and may not be able to seek redress overseas.
Security of your personal information
We will endeavour to protect your personal information from misuse, loss, unauthorised access, modification or disclosure. We maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems where personal information is stored.
Mandatory data breach reporting
In accordance with the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), we are required to notify you and the Australian Information Commissioner of any Eligible Data Breach. Where a notifiable data breach has occurred in New Zealand, we are required to notify you and the New Zealand Privacy Commission in accordance with the Privacy Act 2020.
An Eligible Data Breach occurs where:
- There is unauthorised access to, or unauthorised disclosure of, personal information or a loss of personal information that we hold; and
- This is likely to result in serious harm to you; and
- We have been unable to prevent the likely risk of serious harm with remedial action.
Within 30 days of becoming aware of the breach, we will conduct an assessment of the circumstances and make a determination as to whether an Eligible Data Breach has occurred. Should we conclude an Eligible Data Breach has occurred we will notify you and the Australian Information Commissioner as soon as practicable. Our notification to you will include the following information:
- The identity and contact details of the organisation;
- A description of the data breach;
- The kinds of information concerned; and
- Recommendations about the steps you should take in response to the data breach.
Not all data breaches are considered Eligible Data Breaches and there are exceptions to notifying in certain circumstances. Refer to the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) or the New Zealand Privacy Act 2020 (where applicable) for further information.
Accuracy of and access to your personal information
We will take reasonable steps to ensure that the personal information you provide is accurate, complete and up to date, whenever it is used, collected or disclosed.
When we deal with you we will take reasonable steps to confirm the details of the personal information we hold about you and ask you if there are any changes required.
The accuracy of personal information depends largely on the information you provide to us, so we rely on you to:
- promptly inform us of changes to your personal information (such as your name or address); and
- let us know if you become aware of any errors in your personal information that we hold.
You are entitled to access your personal information if you wish and request correction if required except in some exceptional circumstances provided by in law. For example, we may refuse access where the:
- information may have an unreasonable impact on the privacy of others;
- request is frivolous or vexatious;
- information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings;
- information would reveal our intentions in relation to negotiations in such a way as to prejudice those negotiations.
Where providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process, we will provide an explanation for the decision rather than direct access to the information.
If we refuse access or to give access in the manner requested by you we will let you know why in writing and provide you with details about how to make a complaint about the refusal.
If we make a correction to your personal information we may retain a copy of the previous information for our records or as required by law.
If you wish to access your personal information please contact us.
In most cases we do not charge for receiving a request for access to personal information or for complying with a correction request.
How do we use your personal information for direct marketing?
We may use your personal information, including any email address you give to us, to provide you with information and to tell you about our products, services or events or any other direct marketing initiatives (including third party products, services and events which we consider may be of interest to you). In addition, if it is within your reasonable expectations that we send you direct marketing communications given the dealings you have had with us, then we may also use your personal information to send you direct marketing communications that we may consider to be of interest to you. Our related entities may also contact you about services and products that may be of interest to you.
Anonymity and pseudonymity
You have the option of not identifying yourself or using a pseudonym provided we are not required or authorised by or under an Australian law, or a court/tribunal order to deal with individuals who have identified themselves or it not impracticable for us to deal with you on this basis.
It will generally be impracticable for you to deal with us anonymously or using a pseudonym if you wish to use our services or have us arrange a product for you.
You can visit our website without providing any personal information. We will only collect personal information through our websites with your prior knowledge for example where you submit an enquiry or application online.
Email addresses are only collected if you send us a message and will not be automatically added to a mailing list.
A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use may identify individual users.
Cookies can either be "persistent" or "session" based. Persistent cookies are stored on your computer, contain an expiration date, and are mainly for the user's convenience. Session cookies are short-lived and are held on your browser's memory only for the duration of your session; they are used only during a browsing session, and expire when you quit your browser.
We may use both session and persistent cookies. This information may be used to personalise your current visit to our websites or assist with analytical information on site visits.
Most internet browsers can be set to accept or reject cookies. If you do not want to accept cookies, you can adjust your internet browser to reject cookies or to notify you when they are being used. However, rejecting cookies may limit the functionality of our website.
Complaints regarding the handling of your personal information
If you believe:
- your privacy may have been prejudiced; and/or
- we or our representatives have breached the Australian Privacy Principles or an APP code,
then you have the right to make a complaint about the matter.
In the first instance, it is suggested that your complaint should be addressed to us at the contact details provided below.
We will investigate the matters raised by you and respond directly to you. We will endeavour to resolve your dispute within 15 days.
In the unlikely event that this does not resolve the matter or you are not satisfied with the way your complaint has been dealt with, you should contact:
Lloyd's Australia Limited
Level 9, 1 O'Connell Street
Sydney NSW 2000
Telephone: 02 9223 1433
Fax: 02 9223 1466
Email: Click here
Any New Zealand complaints should be addressed in the first instance to:
Talbot Underwriting Limited
60 Threadneedle Street
London United Kingdom EC2R 8HP
Telephone: + 44 (0) 20 7550 3500
Email: Click here
Talbot Underwriting Limited, will aim to provide you with its decision on your complaint, in writing, within eight weeks of the receipt of the complaint.
If the Insured is not satisfied with the way the enquiry or complaint has been dealt with, the insured should write to:
Lloyds General Representative in New Zealand
C/0 Hazelton Law
101 Molesworth Street
PO Box 5639
How to contact us and opt out rights
ATC Privacy Compliance Officer
ATC Insurance Solutions
Level 4, 451 Little Bourke Street
Melbourne VIC 3000
Telephone: 03 9258 1777
Fax: 03 9867 5540
Email: Click here