Unimutual has appointed Regis Mutual Management Pty Ltd (ABN 71 130 820 727 AFS Licence No: 338156) as the manager of the Mutual (“Manager”) to conduct all day to day business of the Mutual within the strategic direction of the Unimutual Board of Directors under an outsourced management arrangement. This arrangement provides, amongst other things, that the Manager is obliged to act in accordance with the relevant law. As Unimutual has no employees itself, all references in this document to “we” or “us” or otherwise referring to internal operations of the mutual should be read as being operations implemented by the Manager on behalf of Unimutual.
Unimutual is committed to respecting your privacy.
Personal Information Unimutual Collects and Holds
Unimutual will only collect personal information which is necessary for one or more of its functions or activities. The information will be collected lawfully and fairly and not in an intrusive way. When you are dealing with Unimutual as a representative of a member or prospective member or for any other reason, we generally store the following personal information in connection with you as a Unimutual member or prospective member of Unimutual in order to manage our business relationship with you, as appropriate:
- your name and names of others that you may refer to, as appropriate, and your/their contact details including: private/business email address, private/business address and phone number;
• records of dealings with you generally including in relation to an initial membership application, annual membership renewal, variations of pre-existing discretionary protection or general queries; and
- records of dealings with you in relation to claims or potential claims made to the mutual, including correspondence with you or your external consultants to collect personal information which may include health information. Such information is critical for the mutual to properly assess such a claim.
If the above information is not made available we may not be able to provide you with appropriate service.
The Main Purposes for which Unimutual Holds Information
Unimutual will not use or disclose personal information about an individual other than for the purpose stated at the time of the collection. If another use is proposed, Unimutual will seek the individual’s consent, unless that other purpose is related to the original purpose of collection.
We hold personal information of the individuals comprising our members, and in certain circumstances of third parties, such as your service providers or consultants, and third party claimants for the following purposes:
- to enable the delivery of services and discretionary protection to Unimutual members;
• to send correspondence in relation to member related services and events;
• internal accounting
• claims administration;
• to protect the Mutual, the members, third parties and suppliers from fraud; and
• to help Unimutual identify any products, benefits or services that might be beneficial to members, whether they are offered by Unimutual direct or from third parties or preferred suppliers.
Use and Disclosure of Information
The Unimutual business model focuses on people and organisations working together for the mutual benefit of all parties involved.
We may employ a variety of direct marketing techniques in order to keep members informed about updates or changes to the services each mutual offers and benefits or products available to the members.
We consider that direct marketing to our members forms an integral part of our services to you, and that these services are directly related to our primary purpose for originally collecting the personal information.
Without such services, the communication with our members and potential members may be substantially reduced, and therefore less likely to deliver the benefits which are available.
We handle all of our mail outs to members and others.
Your personal information may be provided to service providers of the mutual such as claims advisers, legal advisers or assessors for the purpose of delivery of mutual services.
Each service provider is required to deal with your personal information in a manner and at the level specified by our standards.
Keeping personal information safe
We take all reasonable care to make sure that the personal information we hold is protected from loss, misuse, interference, unlawful access, modification or disclosure. We destroy or permanently de-identify personal information in accordance with the Privacy Act.
We maintain computer and network security including firewalls and user identifiers and passwords.
Mandatory investigations and reporting are required for personal data breaches as well as the reporting of such breach to the individual’s whose personal information has been breached as well as advising the privacy commissioner.
Data breaches occur where there is:
- Unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (affected individuals), or
- Where personal information of affected individuals is lost in circumstances that may give rise to unauthorised access or unauthorised disclosure.
Data breaches may be caused by malicious intentional actions, such as a serious cyber security incident, accidental loss, loss of negligence or loss from improper disclosures.
Ensuring Personal Information is Up-to-date
We rely on the personal information we hold in conducting our business. Therefore, it is very important that the information we hold is accurate, complete and up-to-date.
We do everything we can to ensure that the personal information we hold is accurate complete and up-to-date whenever we collect or use it. This means that from time to time, we will ask you to tell us if there are any changes to your personal information. If you find that information we hold about you is incorrect, incomplete or out of date, please contact us immediately and we will correct it.
Use of Government Identifiers
We do not adopt, use or disclose an identifier that has been assigned by a Commonwealth Government Agency unless legally required. An identifier, for example, a Medicare or tax file number, is a number assigned by a Commonwealth government agency to identify uniquely the individual for the purposes of the organisation’s operations.
Disclosing Personal Information overseas?
As a general rule, we do not disclose personal information to any person or organisation in a foreign country if that country does not have a comparable information privacy regime; but in the unlikely event that we need to do so, we will obtain your prior consent except where the Australian Privacy Principles do not require us to do so.
It is reasonably likely that we may disclose personal information to overseas recipients in Europe (including United Kingdom, the Isle of Man and Luxembourg) and New Zealand. These jurisdictions are each subject to a privacy regime substantially similar to that in Australia incorporating at the least the same level of information protection under the Australian Privacy Principles.
How You Can Contact Us
If you think your privacy has been interfered with due to a breach of our obligations in relation to your privacy, then you can complain directly to our Privacy Officer. If you are not satisfied with our response, we will advise you of your options before further proceeding with your complaint.
At your request we will provide you with additional information about the way Unimutual manages the personal information it holds. If you wish to know more about the way we manage personal information please contact our Privacy Officer in the following ways:
- You can write to our Privacy Officer at PO Box H96, Australia Square NSW 1215.
• You can email our Privacy Officer at firstname.lastname@example.org
• You can call our Privacy Officer on (02) 9250 2802.
For further information about privacy issues in Australia and protecting your privacy, visit the Office of Australian Information Privacy Commissioner’s website at www.oaic.gov.au .
Destruction or De-identifying Personal Information
When information is no longer needed, we will take reasonable steps to destroy or permanently de-identify personal information.
Frequently Asked Questions (FAQ’S)
Here are nine FAQ’s to assist you in understanding our privacy responsibilities.
- What do you classify as my ‘personal information’?
Personal information is any information about you that identifies you, or by which your identity can reasonably be ascertained.
Personal information held by us may include your name, private/business address, occupation, employer; previous addresses and private/business telephone number. Where a claim has been made or where you or your employer has applied to become a Unimutual member, we may collect other personal information, including but not limited to, financial details, risk and claim histories (validated and invalidated), statements and valuations of business assets, entity and trade references and claim details, which may include health information.
If you and or other third parties choose not to provide personal information, we may not be able to process applications for membership, discretionary protections or deliver the services.
- How do you collect my personal information?
We will insofar as reasonably possible collect the information directly from you, when you provide information in documents such as an application for membership or protection. By representing your organisation in completing an application to become a member of Unimutual the applicant’s representative agrees to the use and disclosure of personal information necessary to effect membership, discretionary protection and or functions involved with delivery of discretionary benefits. If we are not able to collect the information we need directly from you we will take reasonable steps to ensure that you are made aware:
(a) of our identity;
(b) that you can gain access to your personal information held by us;
(c) of the purpose for collecting the information;
(d) the organisations to which that information is usually disclosed;
(e) any law that requires the information to be collected; and
(f) the consequences for you if that information is not provided (for example that we cannot provide you with the services you request).
- How do you use my personal information?
Your personal information will be used in order to provide the services your organisation requires. This may include administering and managing those services, including collecting contributions, issuing discretionary protections, managing claims and delivering benefits subject to absolute discretion; and to protecting both you, your organisation, third parties and Unimutual from fraud.
Included in services we provide to your organisations is the direct marketing that accompanies our communication media. This information is essential to keeping you aware of all the benefits offered by Unimutual to members. You can elect not to receive this information but this may be disadvantage as you may not be able to access the maximum benefits potentially available through Unimutual membership. We will normally only transfer personal information about you to an overseas recipient located in a country with a comparable privacy regime. We will obtain your consent to do otherwise except where the Australian Privacy Principles do not require us to do so.
- Is the personal information I give you kept in a secure place?
We take all reasonable care and steps to ensure data collected is secure, protected from misuse, loss, unauthorized access and disclosure and we will destroy the data once it is no longer required.
- Can I see what you have on file about me?
Upon request, we will provide you details of the information we have on file about you. Our Privacy Officer will process all such requests within 30 days of the date of receipt. There may be some exceptions and by law Unimutual is permitted to make a small charge for this service.
- What happens if I find out that the information you hold about me is incorrect, incomplete or out of date?
We take all reasonable steps to ensure the information we hold is accurate when collected. If a change or correction is required you must advise us in writing and the changes/corrections will be made within 30 days of receipt.
- Are you bound by the Australian Privacy Principles?
Unimutual is legally bound by the thirteen Australian Privacy Principles set out in the Privacy Amendment (Enhancing Private Protection) Act 2012 (Cth).
- Do I have to be on your e-mail/mailing broadcasts and lists?
You have the option to ‘unsubscribe’ and no longer receive electronic marketing/mailing lists on products, services, communications, events etc.
- I think you have interfered with my privacy and I wish to complain.
You can complain directly by contacting our Privacy Officer. If you are not satisfied with our response, we will advise you on your options for further proceeding with your complaint.
- Will you notify me if you believe my privacy has been breached?
Privacy Data breaches may be caused by malicious intentional actions, such as a serious cyber security incident, accidental loss, loss of negligence or loss from improper disclosures. Should we suspect a data breach we have mandatory reporting obligation and investigations to notify of such a breach to the person whose personal information has been breached.
Version CM2017V1 last review 01.11.17