About this Policy.
Australian Warranty Network Pty Ltd (AWN) trading as AWN Insurance is committed to responsible privacy practices and complying with the Privacy Act 1988 (Cth) (“the Act”), including the Australian Privacy Principles (“APP”) in our dealings with customers and other individuals and entities. The Act and the APP are designed to protect individuals’ personal information by regulating the ways in which personal information may be collected, used, disclosed, managed and stored.
- Our acts or practices that are directly related to employee records of current or former employees; and
- Other matters that are exempted under law.
What is personal information?
Personal information is information or opinion about an individual whose identity is apparent or can easily be ascertained from the information or opinion.
Sensitive personal information.
Sensitive personal information is information or opinion about a person’s racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual orientation, criminal record, banking information or health information.
Our Privacy Officer is responsible for all matters to do with privacy.
What information do we collect?
We collect personal information primarily from our clients, but also from other sources as may be necessary. However, we only collect personal information that we need, and we only use the information that we collect for the primary purpose(s) for which we collect it. These are:
- For Applicants: Information on application forms for any of our products or any other contract or policy for which we are administrator ("Policy"). This is so we can decide whether to accept your Policy application and if so on what terms or administer your policy/contract.
- For Claimants: Information from you or other third parties to enable us to process claims under your Policy and decide whether any claims you make should be accepted and their value.
- Agents and others with whom we do business: Information on any forms or documents or given orally to enable us to effectively perform business with you including, without limitation:
- To assess any entitlement, you may have under any of our incentive programs (if applicable).
- To ascertain the number and value of Policies sold to customers.
You are entitled to know what information we collect and hold about you. For example, if we collect information from another source then we will make sure that you are aware and have consented to the collection and use of the information.
We have an obligation to ensure that information that we collect and store is up-to-date and correct.
How do we use personal information?
We do not use or disclose the information for any other purpose without the person’s consent.
In particular, we do not:
- Trade, rent or sell personal information; or
- Provide personal information to anyone without consent other than those we appoint to investigate and manage claims on our behalf.
We note that stricter regulations apply to any sensitive personal information that we may collect, use or hold. We do not collect or disclose sensitive information without consent unless:
- The collection is required by law; or
- It is necessary for the establishment, exercise or defence of a claim.
In most cases we obtain consent in the usual course of dealing, e.g. in our Customer Policy & Declaration.
Quality of personal information.
To ensure that the personal information we collect is accurate, up-to-date and complete we:
- Record information in a consistent format
- Where necessary, confirm the accuracy of information we collect from a public source
- Promptly add updated or new personal information to existing records
- Regularly audit our contact lists to check their accuracy.
We also review the quality of personal information before we use or disclose it.
What can we disclose?
The Privacy Act does allow us to use or disclose information in some circumstances. For example, we can use your information in other ways if you consent to us doing so or if required to do so by law.
Parties to whom we may disclose your personal information include:
- Third parties who can assist in processing your claims and who can help us decide whether any claim you make should be accepted and the value of your claim e.g. Repairers, Consultants, the Agent through whom you purchased the vehicle and Policy.
- Any Underwriter or other party for whom we are a Policy administrator.
- Any party who enables us to provide you with an incentive program or who enables us to effectively perform business with you.
- Any other entity related to or associated with us, who may use your personal information to inform you of our products or services, or the products or services of our related or associated entities.
Please contact us if you do not wish this to happen, or if you have concerns about our use of your personal information.
Cross-Border disclosure of personal information.
The information requested from You is to share with our related and associated entities, business partners, reinsurers and service providers that may be located in Australia or overseas. The countries this information may be disclosed to will vary from time to time, but currently include the United Kingdom and South Africa. We regularly review the security of our systems used for sending personal information overseas. Any information disclosed may only be used for the purposes of collection detailed above and system administration.
Storage and security of personal information.
We take steps to protect the security of the personal information we hold from both internal and external threats by:
- Regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure that information.
- Conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
- Implementing ICT security measures, including network authentication, software-based security, and data encryption.
We destroy personal information in a secure manner when we no longer need it.
How long will AWN retain your information for?
AWN will only ask for and retain information for as long as we need it to administer the function of your products. After this period ends AWN will delete/redact information to ensure that no personal identifiers are stored within any AWN databases.
Accessing and correcting your personal information.
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.
We will not charge you for responding to such a request, unless we incur costs in providing or correcting the information. (We are entitled to charge reasonable costs for our time in providing or correcting the information.)
What AWN will and won’t ask you for.
AWN will never send out emails or SMS messages to you directly asking for payments of any sort and asking you to confirm banking details or passwords. If you believe you've received a phishing email that appears to have come from AWN, don’t respond, and don’t click on any links or open any attachments. Simply forward the entire email to firstname.lastname@example.org and delete it.
Notifiable Data Breach (NDB) Scheme.
AWN operates within the guidelines of the NDB Scheme that requires us to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm.
AWN will comply with necessary actions, including but not limited to:
- Advising the individual of any data breach;
- Taking the necessary remedial action; and
- Notifying the Office of the Australian Information Commissioner within the required time frames.
What if I am not satisfied with AWN’s response?
If you believe that we have not dealt with your personal information in accordance with the law, or this policy, or you believe that you have been wrongly denied access to your personal information, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC) for further review.
You can contact the Office via their website www.oaic.gov.au or by writing to Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001.
The Privacy Officer
AWN Insurance, PO Box 4301, Loganholme QLD 4129
Telephone Number: (07) 3802 5577
Facsimile Number: (07) 3801 1539