Information Handling Policy
Effective 23 Dec 2018.
1. Who We Are
1.1 In this Information Handling Policy, references to ‘we’, ‘our’, ‘us’, ‘Find Casey’, and ‘Find’ are to Find Pty Ltd and its subsidiaries.
2. Your Privacy
2.1 This Policy sets out how we manage your Personal Information. We respect the privacy of any Personal Information we collect about you and are committed to ensuring that this is handled in accordance with the provisions of the Privacy Act 1988, the Australian Privacy Principles and any other applicable privacy related laws. This Policy may be updated from time-to-time.
From 23 May 2018, the General Data Protection Regime (GDPR) applies in respect of European Union (EU) countries. If you are an EU-resident, Find must comply with the GDPR requirements in relation to managing your personal data (as defined in the GDPR). If you are an EU-resident and you would like more information on the GDPR, please see here and here.
3.1 In this Policy:
Find Group means Find Pyt Limited and all of its subsidiaries.
Eligible data breach means unauthorised access to or unauthorised disclosure of personal information and a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.
GDPR means the European Union General Data Protection Regulation 2016/679 (as amended from time to time).
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.
Sensitive Information means information or an opinion about an individual’s:
- racial or ethnic origin;
- political opinions or membership of a political association;
- religious or philosophical beliefs or affiliations;
- membership of a professional or trade association or trade union;
- sexual orientation or practices; or
- criminal record
that is also Personal Information; or
- health information about an individual;
- genetic information about an individual that is not otherwise health information;
- biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
- biometric templates.
4. What kind of Personal Information does Find Hold?
4.1 The kind of Personal Information we hold may vary depending on our interaction with you. If you apply to be a customer, are currently a customer, or have previously been a customer, the Personal Information we may hold about you may include:
- name, address, gender, marital status, contact details and date of birth;
- payment details such as Auto-Pay and direct debit/credit details;
- records of service contacts such as voice recordings of telephone conversations;
- census and statistical-type information for purposes including product development and risk assessment;
- claims details such as date, amount claimed and amount paid;
- tax file number;
- details of the Marketing Service you applied for and details of any financial products you have purchased or invested in (including account details);
- your financial interests and sometimes your financial position;
- occupation and employer details;
- for insurance products – certain medical, family and lifestyle information; and
- credit information.
4.2 Generally, we do not hold Personal Information about non-customers. However, there are some exceptions, including, without limitation:
- those people who have contacted us for information about our Marketing Services;
- where we purchase a data list from a third party provider;
- where a customer has provided Personal Information to us about another person which we need to provide our products or services;
those people who have been provided with a Marketing Service by one of our Representatives.
4.3 We may also hold Personal Information about persons who have agreed to pay or act on behalf of our customers.
4.4 If you apply for certain Financial Services or make a claim under certain products, we may need to collect Sensitive Information about you. Sensitive Information which we may collect includes, but is not limited to, medical history, health information and information about your profession or trade. We collect, use and disclose Sensitive Information only in accordance with the Privacy Act 1988, the Australian Privacy Principles and this Policy.
5. Collection of Personal Information
How does Find collect Personal Information?
5.1 To provide the best Marketing Services to suit your needs, we collect Personal Information from you when you:
- contact us in person, by phone or online;
- lodge a claim or complaint;
- decide to seek or purchase a Marketing Service; and
- complete a form for one of our products (including electronic applications).
5.2 If it is reasonable and practicable to do so, we will only collect Personal Information about you from you.
5.3 In many cases, if the Personal Information that we request is not provided, we may not be able to provide the relevant Financial Services or assess an insurance claim.
Collection of Personal Information from other people
5.4 On some occasions we may collect Personal Information about you from another person or entity, for example:
- from our referral and commercial strategic partners;
- from persons such as Representatives who we authorise to provide Marketing Services; or
- from a person who has been granted a power of attorney or other authority.
5.5 If we have collected Personal Information about you from someone else, we will take reasonable steps to ensure that you are or have been made aware of this.
Relatives, Dependents and Other Individuals
5.6 If you provide us with Personal Information about another person, we expect and assume that you have that person’s consent to provide this information to us.
5.7 If you provide Personal Information to us about another person, you need to ensure that they are aware:
- that you have provided their Personal Information to us;
- of who we are and how they can contact us;
- that they may access the Personal Information that we hold about them;
- of the purposes for which you provided their Personal Information to us;
- that their Personal Information will be handled in accordance with this Policy,
and we recommend that you refer them to this Policy.
6. Use and Disclosure of Personal Information
How does Find use my Personal Information?
6.1 We use your Personal Information to provide, manage and administer the Marketing Services we provide, and to operate an efficient and sustainable business.
6.2 Examples of what we may collect and use your Personal Information for include:
- processing your application;
- processing payments, withdrawals and redemptions;
- investigating and assessing any complaints;
- contacting you about matters relating to you, Marketing Services provided to you or other services that we provide;
- answering your enquiries;
- meeting internal functions such as administration, accounting and information technology system requirements;
- practicing effective risk management and preventing fraud;
- monitoring price and evaluating products and services;
- conducting marketing, research and statistical analysis;
- resolving complaints, breaches, incidents or litigant matters; and
- conducting customer surveys.
6.3 We do not exchange credit reporting information with any credit reporting bodies.
To whom will Find disclose my Personal Information?
We may disclose your Personal Information to other companies or individuals who assist us in supplying our other services or running our business, perform services on our behalf or regulate the Marketing Services that we provide, such as:
- any person acting on your behalf, including your executor, trustee and attorney;
- legal professionals;
- legal or other professionals who provide related services and opinions;
- product providers to apply for a product, or obtain a quote, on your behalf;
- IT development and maintenance providers;
- accountants, auditors and other service providers we may appoint to ensure the integrity of our operations;
- any organisations involved in providing, managing or administering our products or services such as custodians, external dispute resolution services or mail houses;
- regulatory or Government authorities; and
- providers of marketing, research and statistical analysis services.
6.4 In addition to the above, we may also use and disclose your Personal Information for any other purpose for which you have consented, or where we are authorised or required to do so by law.
6.5 In the course of providing you with Marketing Services, some of the organisations to which we may disclose your Personal Information may be located outside Victoria or Australia in countries including New Zealand, South Africa, USA, Canada, member states of the European Union, India, Vietnam, Malaysia, Singapore, Thailand, Sri Lanka, Cambodia, Hong Kong, Japan, the Philippines and Turkey. Find may send your Personal Information to them, including through electronic transmission.
6.6 Where Personal Information is disclosed, we require our contractors and service providers to comply with the provisions of the Privacy Act 1988, and the Australian Privacy Principles.
6.7 Where we disclose your Personal Information to contractors and service providers and we are aware that your Personal Information may be accessed by, or provided to, another party via that contractor or service provider, we will do all that we can reasonably can to ensure that any further party granted access to your Personal Information will comply with the Privacy Act 1988 and the Australian Privacy Principles.
6.8 We do not sell Personal Information to anyone.
6.9 We will not use or disclose Sensitive Information about you for any purpose other than the primary purpose of collection or a directly related secondary purpose unless you have provided us with your consent to such use or disclosure.
When will Find use my Personal Information to contact me?
6.10 We will use your Personal Information to contact you about Marketing Services and any other services we have provided to you.
6.11 From time to time, we will provide you with information about products and services offered by companies within the Find Group and other affiliate organisations that we consider of potential benefit to you and your family. Information may, for example, be communicated through the online paper. We may share your Personal Information on a confidential basis with companies within the Find Group and other affiliate organisations so that they can offer you products and services.
6.12 You can choose not to receive marketing material and we ask that you contact us to exercise this choice. Please understand that there could be a delay of up to 60 days before your request is fully implemented, and we apologise if you receive marketing material in this time. You will find details on how to contact us at the end of this Policy.
What other legislation affects Find’s use and disclosure of Personal Information?
6.13 In some circumstances, the collection, use, disclosure and access of Personal Information is governed by specific legislation. Where there is specific legislation, this will generally govern how we use Personal Information despite the provisions of the Privacy Act 1988. For example, for certain Financial Services, we are required to collect your tax file number and provide that information to the Australian Taxation Office.
6.14 EU-residents have slightly different rights in relation to the ‘Use and Disclosure’ of personal data (as defined in the GDPR). If you are an EU-resident and you would like more information, please contact the Find Privacy Officer (see section 9 of this Policy for details).
7. Information Security
How does Find keep my Personal Information secure and for how long is it kept?
7.1 We take all reasonable steps to ensure that your Personal Information is kept secure and is protected from misuse, loss and unauthorised access, modification and disclosure. From 22 February 2018, we will be required to notify you and the Office of the Australian Information Commissioner (OAIC) if an ‘eligible data breach’ occurs in relation to your personal information that is held by us. A data breach may occur if your personal information is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference, and it is generally notifiable if there is a risk of ‘serious harm’(eg. financial, reputational etc) to you due to the breach.
All data breaches will be assessed in accordance with Find’s Data Breach Response Plan.
We retain your Personal Information for as long as we need it to provide the Marketing Services and those other services you have accepted or you have requested from us and, in some circumstances, to comply with other statutory requirements. As required under privacy law, we will take reasonable steps to permanently de-identify or destroy Personal Information that is no longer needed.
7.2 If you use the secure member sections of our websites we will verify your username and password. Once verified, you will have access to secured content.
Risks of using the internet
7.3 You should be aware that there are inherent security risks in transmitting information through the internet. You should assess these potential risks when deciding whether to use our online services. If you do not wish to transmit information through our website, you may contact Find on 1300 88 38 30.
All browsers allow you to be notified when you receive a cookie and you may elect to either accept it or not. Please note if you do not accept a cookie, this may impact the effectiveness of the website.
7.5 EU-residents have slightly different rights in relation to the ‘Information Security’. In particular, in relation to cookies. If you are an EU-resident and you would like more information, please contact Find’s Privacy Officer (see section 9 of this Policy for details).
8. Access and Correction
Can I access my Personal Information?
8.1 You can ask us for access to Personal Information that we hold about you at any time. To do so, please call Find on 1300 88 38 30 and ask for a Request for Personal Information Form which will be sent to you to complete.
8.2 You can access the information that we rely on in assessing your application for marketing services or your complaint. To do so, please call Find on 1300 88 38 30.
8.3 We are committed to handling your request properly and promptly, so all requests for access are handled in our head office. If your request to access your personal information is in relation to a complaint you have made to us, we will respond to your request within 10 business days.
8.4 We will provide you with access to Personal Information held about you except to the extent that we are permitted to refuse access in accordance with the Privacy Act 1988, and the Australian Privacy Principles. If we refuse to provide you with access to some information, we will provide you with our reasons in writing for doing so.
8.5 In special circumstances we may decline to provide access to or disclose information to you, such as:
- where information is protected from disclosure by law, including the Privacy Act 1988;
- where we reasonably determine that the information should be provided directly by us to your doctor;
- where the release of the information may be prejudicial to us in relation to a dispute about your insurance cover or your claim, or in relation to your complaint; or
- where we reasonably believe that the information is commercial-in-confidence.
8.6 If we decline to provide access to or disclose information to you:
- we will not do so unreasonably;
- we will give you a schedule of the documents we have declined to provide and give you reasons for doing so; and
- we will provide details of our Complaints process.
8.7 If we cannot comply with a timeframe for providing information to you due to the fact that we are waiting for permission from a third party to release information to you, we will advise you of this before the end of the timeframe.
8.8 If you request any of your documentation from us, we will provide this to you promptly and in an electronic form if you request, subject to any process for releasing policy documentation that we are required to carry out by law.
8.9 There is no charge for making a request for access or for obtaining a document containing a summary of the following Personal Information that we hold about you:
- name, address and birth date;
- contact details;
- level of cover;
- details of products held;
- date of joining; and
- bank account details.
8.10 We may charge a reasonable fee for access to any other Personal Information. Such charge will be restricted to our reasonable costs of providing the Personal Information that you have requested (for example, the cost of photocopying, document retrieval, labour and delivery to you).
Correction of Personal Information
8.11 We will correct any Personal Information that we hold about you if we become aware that it is inaccurate, incomplete, out of date, irrelevant or misleading.
8.12 If you believe that the Personal Information we hold about you is inaccurate, incomplete, out of date, irrelevant or misleading, you can ask us to correct it and we will take reasonable steps to do so. If we disagree about any information being inaccurate, incomplete or out of date and you ask us to do so, we will take reasonable steps to include a note on your record that you believe that such information is inaccurate, incomplete or out of date.
9. Enquiries and Complaints
How do I make an enquiry or complaint about privacy?
9.1 You can make an enquiry or a complaint about our handling of your Personal Information at any time by contacting our Privacy Officer. We may ask you to complete a Request for Personal Information Form or to set your enquiry or concern out in writing to assist us in undertaking an investigation and providing you with a response. We will respond to your enquiry or complaint within a reasonable period of time.
9.2 Our Privacy Officer can be contacted as follows:
Find Privacy Officer: firstname.lastname@example.org
The Privacy Officer
Find Pty Limited
PO Box 2122
Ringwood North, VIC 3134
Phone 1300 88 38 30
9.3 In the event the Privacy Officer is unable to resolve your enquiry or the enquiry has not been satisfactorily addressed you may lodge a complaint with the Information Commissioner. The Information Commissioner can be contacted by:
Phone: 1300 363 992