General Reinsurance Life Australia Privacy Policy

General Reinsurance Life Australia Privacy Policy

Who we are

In this Privacy Policy “we”, “our”, and “us” refers to General Reinsurance Life Australia. We offer life reinsurance in Australia, New Zealand Oceania, and Marshall Islands.

Our commitment to privacy and responsible use of personal information
  1. We respect rights to privacy and are committed to safeguarding the privacy of our customers. This policy sets out how we collect and treat personal information.

  2. We are bound by, and will abide by, the Australian Privacy Principles contained in the Privacy Act 1988 (Cth) (“Privacy Act”), which set the minimum standards for how private sector organisations should collect, use, handle and disclose personal information.

  3. “Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable. This applies:

    • whether the information or opinion is true or not; and

    • whether the information or opinion is recorded in a material form or not.

    This includes information such as name, email address, identification number, or any other type of information that can reasonably identify an individual, either directly or indirectly.

    Other terms used throughout this Privacy Policy are defined in the Australian Privacy Principles.


What personal information is collected
  1. As a company offering reinsurance products, we collect and hold a range of personal information from and about individuals who are insured under policies issued by our customers (insurance companies). We only collect personal information including sensitive information, from individuals that is necessary for our business functions or activities and in accordance with the provisions of the Privacy Act.

  2. We may, from time to time, receive and store personal information submitted to us through third parties, provided to us directly or given to us in other forms. We will receive basic information such as:

    • name
    • phone number
    • address
    • email address
    • date of birth

    This will be used only to send information, provide updates and process the product.


  3. We may collect additional information at other times, including but not limited to:

    • employment details;
    • income including but not limited to, salary and wages, investments, fee income;
    • sources of income;
    • citizenship status;
    • financial information including, but not limited to, assets and liabilities;
    • individual medical history;
    • family medical history;
    • claims history;
    • pastimes and pursuits;
    • lifestyle;
    • travel plans;
    • occupational duties;
    • feedback; and
    • information about personal or business affairs

How we collect and hold personal information?
  1. Where it is reasonable and practicable to do so, we collect personal information about an individual directly from the individual and not from third parties. In many circumstances though, in view of our business as a reinsurer, this is not practicable. We could collect personal information from various third parties including:

    • insurance companies;
    • claims assessors;
    • loss adjusters;
    • investigators;
    • claims managers;
    • chief medical officers;
    • legal representatives;
    • accountants;
    • treating medical and health professionals;
    • rehabilitation service providers;
    • the individual’s employer (if applicable); and
    • other General Reinsurance group entities.

    If we do, we will protect it as set out in this Privacy Policy and in accordance with the Australian Privacy Principles contained in the Privacy Act 1988 (Cth).

    We hold personal information electronically in various internal systems and databases including shared drives, email, document management systems and in hard copy.


  2. By providing us with personal information, the individual consents to the supply of that information subject to the terms of this Privacy Policy.

How we use personal information
  1. We collect, hold, use and disclose personal information collected from individuals for various purposes associated with our business, including:

    • to undertake and complete reinsurance transactions;
    • risk analysis and reinsurance underwriting;
    • management of claims;
    • accounting and auditing;
    • risk management;
    • portfolio analysis;
    • complaints management; and
    • legal, regulatory and compliance purposes.

    If personal information is withheld, it may not be possible for us to provide our products and services.


  2. If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases.

Disclosure of personal information to other organisations
  1. We may disclose personal information to comply with a legal requirement, such as a law, regulation, court order, subpoena, warrant, legal proceedings or in response to a law enforcement agency request.

  2. The Australian Privacy Principles, allow us, in certain circumstances, to disclose to related entities and to third parties personal information that has been disclosed to us and to our related parties. We may disclose an individual’s personal information for the purposes listed above to the following:

    • auditors;
    • legal representatives and other external advisors;
    • other General Reinsurance group entities and related parties;
    • third party service providers who we engage to assist us to conduct our business;
    • government or regulatory bodies (as required or authorised by law);
    • other organisations who in conjunction with us provide goods and services to the individual;
    • professional associations or organisations with whom we conduct an affinity relationship;
    • any person or organisation which the individual wishes to authorise to act on their behalf or to whom the individual provides consent (we require the individual to notify us of this, in writing); and
    • any person or organisation that has information that is necessary for one or more of our business functions or activities.

  3. If we do disclose personal information to a third party, we will protect it in accordance with this privacy policy. Where we disclose personal information, we require the receiving parties to adhere to our strict confidentiality requirements for the use and handling of personal information and also seek to ensure that they adhere to the Australian Privacy Principles.

  4. We may also disclose personal information to overseas recipients. If personal information is disclosed to overseas recipients, we will require the receiving parties to adhere to the Australian Privacy Principles and to handle the personal information in accordance with the Australian Privacy Principles.

  5. It is not reasonably practicable to list all of the overseas countries to which personal information may be disclosed by us but it is likely that if personal information is so disclosed, such countries could include Germany, New Zealand and the United States of America.

Access to personal information
  1. An individual may request details of personal information that we hold about them in accordance with the provisions of the Privacy Act 1988 (Cth). If the individual would like a copy of the information which we hold about them they should contact our Privacy Officer. (See Section 14 for contact details).

  2. A reasonable fee may be charged for retrieving and sending an individual their personal information. There may be circumstances in which we cannot provide individual access to the personal information we hold. We reserve the right to refuse to provide information that we hold, in certain circumstances set out in the Privacy Act or any other applicable law. We will provide an individual with reasons for denial of access.

Correction of personal information
  1. We will take reasonable steps to make sure that personal information we collect, use or disclose is accurate, complete and up-to-date, relevant and not misleading.

  2. If any individual believes that any information we hold on them is inaccurate, out of date, incomplete, irrelevant or misleading, they have the right to request that we change the information by contacting our Privacy Officer.

  3. We will attend to each request as quickly as possible.

  4. In order to process any request for access or correction of an individual’s personal information, we will need to obtain a minimum level of information from an individual including the following:

    • full name;
    • date of birth; and
    • details of the request including supporting information, evidencing the individual’s right to access the data.

  5. Where it is established that personal information in relation to an individual is inaccurate, out of date, incomplete, irrelevant or misleading, we will take all reasonable steps necessary to correct the personal information so that it is accurate, complete, up-to-date, relevant and not misleading. If we disagree about whether the information is accurate, complete, up-to-date, relevant and not misleading, and the individual requests us to associate with the information a statement claiming that the information is inaccurate, out of date, incomplete, irrelevant or misleading, we will take all reasonable steps to do so.

  6. If an individual is seeking information on another person’s behalf, we will require additional written authorisation from that individual.

Sensitive information?
  1. As a company offering reinsurance products to our clients, it is often necessary to collect an individual’s sensitive information in order to provide these services. Without the individual’s consent to collect and disclose this information, we would be unable to offer our services to the insurance companies.

  2. Sensitive information includes information or an opinion relating to a person’s racial or ethnic origin, political views of memberships, religious beliefs or affiliations, membership of a professional or trade association or trade union, sexual orientation or practices and criminal record. It also includes information about a person’s health or medical history.

  3. We will only collect, handle, use and disclose sensitive information about an individual in accordance with the provisions of the Privacy Act.

Outsourcing and contractual arrangements

All contractual arrangements with third parties impose appropriate privacy and confidentiality obligations on those third parties to ensure that personal information that we impart is kept secure and that we do not breach our obligations under the Australian Privacy Principles and this Privacy Policy.

Breaches of data leading to serious harm1

Under Part IIIC of the Privacy Act 1988, a notifiable data breaches scheme commenced in Australia on 22 February 2018. The scheme applies to “eligible data breaches”—where the breach is likely to result in serious harm to any of the individuals to whom the information relates. It requires Australian Privacy Principles entities to provide a statement to the Commissioner (of the Office of the Australian Information Commissioner) notifying of an eligible data breach as soon as practicable after the entity becomes aware of the breach. It also requires entities to notify affected individuals as soon as practicable after preparing the statement for the Commissioner. Like the GDPR, there are exceptions to these requirements. For more information, see https://www.oaic.gov.au/ndb. See Appendix 1 for OAIC step through process.

Privacy training and education

We will provide training to our employees to ensure that all relevant staff are suitably trained about our obligations under the Australian Privacy Principles and our Privacy Policy.

Complaints and disputes
  1. If an individual believes that we have not complied with an obligation under the Privacy Act in relation to an individual’s personal information, the individual is asked to please contact our Privacy Officer (see Section 14 for contact details). We will promptly acknowledge and investigate complaints. Our address is provided at the end of this Privacy Policy.

  2. If an individual is not satisfied with how we have dealt with an individual’s complaint, then, up until 31 October 2018, the individual may refer the complaint to the Financial Ombudsman Service or the Superannuation Complaints Tribunal whose details are as set out below.

    • Financial Ombudsman Service Limited
    • GPO Box 3
    • Melbourne VIC 3001
    • Tel. 1300 780 808
    •  
    • Superannuation Complaints Tribunal
    • Locked Bag 3060
    • Melbourne VIC 3001
    • Tel. 1300 884 114
    •  
    • From 1 November 2018, the individual should refer the complaint to the Australian Financial Complaints Authority (AFCA). Contact details are:
    •  
    • Australian Financial Complaints Authority
    • GPO Box 3
    • Melbourne VIC 3001
    • Tel. 1800 931 678

Further information
  1. Our Privacy Policy outlines our adherence to the Australian Privacy Principles, and the way in which we collect, hold, use and disclose an individual’s personal information.

  2. Should an individual require clarification on any particular matter or need further information on any privacy matters, our Privacy Officer can be contacted at the contact details below.

    Further information regarding the Privacy Act can be obtained at:

How to contact us

All correspondence should be addressed to:

  • Privacy Officer
  • General Reinsurance Australia
  • Level 20, 1 O’Connell St
  • Sydney, 2000
  • Phone 02 8236 6100
    Email PrivacyANZ@genre.com
    Fax 02 9222 1525

 

Endnote

  1. “Serious harm” is not defined in the Privacy Act. In the context of a data breach, serious harm to an individual may include serious physical, psychological, emotional, financial, or reputational harm.