Unimutual Limited Privacy Policy

October 2022

This document sets out the privacy policy of Unimutual Limited (ABN 45 106 564 372 AFS Licence 241142) (“Unimutual”).

This privacy policy applies to Unimutual Limited and its associated entities (as that term is used in the Corporation Act 2001(CTH) in every place that we carry on business.  Unimutual (also referred to as “we”, “us” and “our” in this document) is committed to respecting your privacy and securing of personal information maintained by Unimutual about its members and any other individual from whom Unimutual collects personal information. Our Privacy Policy is in accordance with the Privacy Act 1988 (Cth), as amended, and is based on the Australian Privacy Principles outlined in the Privacy Amendment (Enhancing Private Protection) Act 2012 (Cth) (Privacy Act). Our Privacy Policy also complies with State legislation in relation to the collection and use of health information, where such legislation is applicable in addition to the Privacy Act.

We reserve the right to change our Privacy Policy at any time. If we change our Privacy Policy, we will take reasonable steps to bring those changes to your attention.

Collection of Information

“Personal Information” is information or an opinion about a person that identifies the person or from which the person’s identity can be reasonably ascertained. Unimutual will collect and hold personal information that is required by us to deliver our services and products to you and we will do this in a fair and lawful manner. We collect the following information;

• your name and names of others that you may refer to, as appropriate, and your/their contact details including: private/business email address, private/business address and phone number
• records of dealings with you generally including in relation to an initial membership application, annual membership renewal, variations of pre-existing discretionary protection or general queries; and
• records of dealings with you in relation to claims or potential claims made to Unimutual, including correspondence with you or your external consultants to collect personal information which may include health information. Such information is critical to properly assess your claim;

• details of visits to the Unimutual website;
• personal information provided via a Unimutual web form;
• Records of subscriptions to a newsletter or to receive Unimutual publications;
• details of attendance at a Unimutual seminar; and
• detail engage in business dealings with Unimutual.

If the above information is not made available, we may not be able to provide you with appropriate service.

Collection of Non-Personal Information

When you visit our website, which is hosted in Australia, at www.unimutual.com.au, there are a number of ways in which we collect information:

Web analytics

Unimutual and Porter Novelli use WordPress to collect analytics. The main purpose of collecting your data in this way is to improve your experience when using our site. We also use this data to understand and report on which content pages and downloads are accessed by visitors.

The types of data we collect with these tools include:

Using WordPress Analytify, Porter Novelli collects data around Unimutual’s website traffic. This includes new visitors, page views, bounce rate and click through rates. WordPress also highlights the top viewed pages per month and average time users spent on that page before clicking out. WordPress allows comparisons to be made from month-to-month to track performance and user engagement.

Cookies

Cookies are small data files transferred onto computers or devices by websites for record-keeping purposes and to enhance functionality on the website. Most browsers allow you to choose whether to accept cookies or not. If you do not wish to have cookies placed on your computer, please set your browser preferences to reject all cookies before accessing our website.

For more information on cookies from our website please refer to the https://wordpress.org/support/article/cookies/

Embedded videos on our website

We use YouTube to host videos which are embedded on our website. Videos on our website use YouTube’s Privacy Enhanced Mode and the number of views is counts the number of views.   When you play an embedded video from our website, the video and associated assets will load from the domain. YouTube collects information about user activity, including videos watched and interactions with content and ads.  You can access the YouTube privacy policy here  YouTube Privacy Policy

Email lists, registrations and feedback

We will collect information you provide to us when signing up to mailing lists and registering for our events or submitting feedback on your experience with our website.

We use MailChimp to manage our mailing lists. You can access the privacy policy for Intuit (Mailchimp) here https://www.intuit.com/privacy/statement/updates/  As a member you are automatically subscribed to our mailing list. Mailchimp analytics are performed when you click on links in the email or download the images in the email. They include which emails you open, which links you click, total successful deliveries, clicks per unique open, and number of un- subscriptions from the email list.

We use the services of Survey Monkey to collect voluntary feedback on your experience with our services. We use this to conduct anonymous stakeholder surveys to gather feedback to help us improve our performance. We do not collect personal information via Survey Monkey unless you provide this. Information about how Survey Monkey manages personal information is available in the privacy notice on their website. You can access the Survey Monkey privacy policy here. https://www.surveymonkey.com/mp/legal/privacy/

Online Events

We use GoTo Webinar to register for online events. Goto Webinar is part of the LogMeIn group of companies.  The registration form used for online events will collect your name and email address and this will be used to confirm your registration.  You can access the privacy policy for GoTo Webinar here https://www.goto.com/company/legal/privacy/international

Conference Events

We also use CVENT to manage event registrations. You can access CVENT’s privacy policy here https://www.cvent.com/en/cvent-global-privacy-policy . When registering for an event, you may be required to give CVENT personal information including your name, telephone number and email address. You may also be required to provide financial information, including credit card number and expiration date, if you make a payment for an event. CVENT may share some personal information with us, including information about whether a registered individual has made a payment, but we do not receive your financial information.

Social networking services

We use social networking services such as LinkedIn to communicate with the public about our work. When you communicate with us using these services we may collect your personal information, but we only use it to help us to communicate with you and the public. The social networking service will also handle your personal information for its own purposes. These services have their own privacy policies. You can access the privacy policies on their websites.

The Main Purposes for which Unimutual Holds Information

Unimutual will not use or disclose personal information about an individual other than for the purpose stated at the time of the collection. If another use is proposed, Unimutual will seek the individual’s consent, unless that other purpose is related to the original purpose of collection.

We hold personal information of the individuals comprising our members, and in certain circumstances of third parties, such as your service providers or consultants, and third-party claimants for the following purposes:

• to enable the delivery of services and discretionary protection to Unimutual members;
• to send correspondence in relation to member related services and events;
• internal accounting;
• claims administration;
• to protect Unimutual and our members, third parties and suppliers from fraud; and
• to help Unimutual identify any products, benefits or services that might be beneficial to members, whether they are offered by Unimutual direct or from third parties or preferred suppliers.

Use and Disclosure of Information

The Unimutual business model focuses on people and organisations working together for the mutual benefit of all parties involved.

We may employ a variety of direct marketing techniques in order to keep members informed about updates or changes to the services Unimutual offers and benefits or products available to members.

We consider that direct marketing to our members forms an integral part of our services to you, and that these services are directly related to our primary purpose for originally collecting the personal information.

Without such services, the communication with our members and potential members may be substantially reduced, and therefore less likely to deliver the benefits which are available.

We handle all of our mailouts to members and others.

Your personal information may be provided to service providers of Unimutual such as claims advisers, legal advisers or assessors for the purpose of service delivery.

Each service provider is required to deal with your personal information in a manner and at the level specified by our standards.

Keeping Personal Information Safe

We take all reasonable care to make sure that the personal information we hold is protected from loss, misuse, interference, unlawful access, modification or disclosure. We destroy or permanently de-identify personal information in accordance with the Privacy Act.

We maintain computer and network security including Multifactor Authentication Accounts, specific user identifiers, complex passwords and firewalls to protect unauthorised access to our systems.

Unimutual employees attend cyber training and learn how to securely store your information.

Mandatory investigations and reporting are required for personal data breaches as well as the reporting of such breach to the individuals whose personal information has been breached as well as advising the Office of the Australian Information Commissioner.

Data breaches occur where there is:

• Unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (affected individuals), or
• Where personal information of affected individuals is lost in circumstances that may give rise to unauthorised access or unauthorised disclosure.

Data breaches may be caused by malicious intentional actions, such as a serious cyber security incident, accidental loss, loss through negligence or loss from improper disclosures.

Ensuring Personal Information is Up-to-date

We do everything we can to ensure that the personal information we hold is accurate, complete and up-to-date whenever we collect or use it. This means that from time to time, we will ask you to tell us if there are any changes to your personal information. If you find that information we hold about you is incorrect, incomplete or out of date, please contact us immediately and we will correct it.

Use of Government Identifiers

We do not adopt, use or disclose an identifier that has been assigned by a Commonwealth government agency unless legally required. An identifier, for example, a Medicare or tax file number, is a number assigned by a Commonwealth government agency to uniquely identify the individual for the purposes of the organisation’s operations.

Disclosing Personal Information overseas?

As a general rule, we do not disclose personal information to any person or organisation in a foreign country if that country does not have a comparable information privacy regime.  In the unlikely event that we need to do so, we will obtain your prior consent except where the Australian Privacy Principles do not require us to do so.

It is reasonably likely that we may disclose personal information to overseas recipients in Europe (including United Kingdom, the Isle of Man and Luxembourg) and New Zealand.  These jurisdictions are each subject to a privacy regime substantially similar to that in Australia.

Should we disclose your personal information to an overseas recipient we will ensure that the overseas recipient complies with the Australian Privacy Principles and we will be accountable for any acts or practice that may breach the Australian Privacy Principles.

Unimutual Website and Social Media

When you browse our website, our service provider logs the following information for statistical purposes: your server address and top-level domain name, the date and time of your visit, the pages and articles accessed and the documents downloaded. We do not identify users or their browsing activity except in the event of an investigation where a law enforcement agency may be entitled to inspect the service provider’s logs.

If you make an online payment by credit card, we will collect information such as your email address, name and credit card details to enable us to process your payment, and we will provide you with a payment receipt.

When you communicate with us through our social media pages such as LinkedIn, the social network provider and its partners may collect and hold your personal information overseas. You should consult their privacy policy for further information.

Making a Privacy Complaint

If you think your privacy has been interfered with due to a breach of our obligations in relation to your privacy, you can complain directly to our Privacy Officer. If you are not satisfied with our response, we will advise you of your options before further proceeding with your complaint.

At your request we will provide you with additional information about the way Unimutual manages the personal information we hold. If you wish to know more about the way we manage personal information, please contact our Privacy Officer in the following ways:

• You can write to our Privacy Officer at PO Box H96, Australia Square NSW 1215.
• You can email our Privacy Officer at privacy@unimutual.com.au
• You can call our Privacy Officer on (02) 9169 6600.

For further information about privacy issues in Australia and protecting your privacy, visit the Office of the Australian Information Commissioner’s website at  www.oaic.gov.au .

Destruction or De-identifying Personal Information

When information is no longer needed, we will take reasonable steps to destroy or permanently de-identify personal information.

Frequently Asked Questions (FAQ’S)

Here are ten FAQ’s to assist you in understanding our privacy responsibilities.

1. What do you classify as my ‘personal information’?
   Personal information is any information about you that identifies you, or by which your identity can reasonably be ascertained.
   Personal information held by us may include your name, private/business address, occupation, employer; previous addresses and private/business telephone number. Where a claim has been made or where you or your employer has applied to become a Unimutual member, we may collect other personal information, including but not limited to, financial details, risk and claim histories (validated and invalidated), statements and valuations of business assets, entity and trade references and claim details, which may include health information. If you and or other third parties choose not to provide personal information, we may not be able to process applications for membership, discretionary protections or deliver the services
2. How do you collect my personal information?
   We will insofar as reasonably possible collect the information directly from you, when you provide information in documents such as an application for membership or protection. By representing your organisation in completing an application to become a member of Unimutual the applicant’s representative agrees to the use and disclosure of personal information necessary to effect membership, discretionary protection and or functions involved with delivery of discretionary benefits.
   
   If we are not able to collect the information we need directly from you we will take reasonable steps to ensure that you are made aware:
   • of our identity;
   • that you can gain access to your personal information held by us;
   • of the purpose for collecting the information;
   • of the organisations to which that information is usually disclosed;
   • of any law that requires the information to be collected; and
   • of the consequences for you if that information is not provided (for example that we cannot provide you with the services you request).
3. How do you use my personal information?
   Your personal information will be used in order to provide the services your organisation requires. This may include administering and managing those services, including collecting contributions, issuing discretionary protections, managing claims and delivering benefits subject to absolute discretion; and to protecting both you, your organisation, third parties and Unimutual from fraud. The Unimutual membership includes the receipt of our communication media via direct marketing. This information is essential to keeping you aware of all the benefits offered by Unimutual to members. You can elect not to receive this information, but this may be a disadvantage as you may not be able to access the maximum benefits potentially available through Unimutual membership. We will normally only transfer personal information about you to an overseas recipient located in a country with a comparable privacy regime. We will obtain your consent to do otherwise except where the Australian Privacy Principles do not require us to do so.
4. Is the personal information I give you kept in a secure place?
   We take all reasonable care and steps to ensure data collected is secure, protected from misuse, loss, unauthorised access and disclosure and we will destroy the data once it is no longer required.
5. Can I see what you have on file about me?
   Upon request, we will provide you details of the information we have on file about you. Our Privacy Officer will process all such requests within 30 days of the date of receipt. There may be some exceptions and by law Unimutual is permitted to make a small charge for this service.
6. What happens if I find out that the information you hold about me is incorrect, incomplete or out of date?
   We take all reasonable steps to ensure the information we hold is accurate when collected. If a change or correction is required, you must advise us in writing and the changes/corrections will be made within 30 days of receipt.
7. Are you bound by the Australian Privacy Principles?
   Unimutual is legally bound by the Australian Privacy Principles set out in the Privacy Amendment (Enhancing Private Protection) Act 2012 (Cth).
8. Do I have to be on your e-mail/mailing broadcasts and lists?
   You have the option to ‘unsubscribe’ and no longer receive electronic marketing on products, services, communications, events etc
9. I think you have interfered with my privacy and I wish to complain.
   You can complain directly by contacting our Privacy Officer. If you are not satisfied with our response, we will advise you on your options for further proceeding with your complaint.
10. Will you notify me if you believe my privacy has been breached?
    Privacy Data breaches may be caused by malicious intentional actions, such as a serious cyber security incident, accidental loss, loss through negligence or loss from improper disclosures. Should we suspect a data breach we have a mandatory reporting obligation to notify of such a breach to the person whose personal information has been breached.

This Privacy Policy was prepared on 20^th October 2022. Version UML_22V1.0

Unimutual Limited ABN: 45 106 564 372 AFS Licence No. 241124.