About this Policy
Sovereign Insurance Australia Pty Ltd (Sovereign Australia), ABN: 85 138 079 286, AFSL 342516 is committed to responsible privacy practices and complying with the Privacy Act 1988 (Cth) (“the Act”), including the Australian Privacy Principles (“APP”) in our dealings with customers and other individuals and entities. The Act and the APP are designed to protect individuals’ personal information by regulating how personal information may be collected, used, disclosed, managed and stored.
This policy is written in simple language. Our specific legal obligations when handling your personal information are outlined in the Act and the APP. We will update this privacy policy when our information handling practices change, including how it is collected, used, and under what circumstances it may be disclosed. Updates will be publicised on our website and available at our offices.
The use of We, Us, Our within this policy: Refers to Sovereign Insurance Australia Pty Ltd.
This Privacy Policy does not apply to:
- Our acts or practices that are directly related to employee records of current or former employees between the employer and the individual; and
- Other matters that are exempted under law.
What is personal information?
Personal information is information or an opinion that refers to an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not.
Sensitive personal information
Sensitive personal information is information or opinion about a person’s racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual orientation or practices, criminal record, banking information or health, genetic and biometric information.
Our Privacy Officer is responsible for all matters to do with privacy.
Why do we collect, hold and use your personal information?
We collect, hold, and use your personal information to provide our products and services to you and manage our business. We will only collect your personal information for the purposes of providing and administering our products and services for you. We will ensure that the collection, use and disclosure of personal information is fair and reasonable in the circumstances. We will only collect your personal information with your consent and ensure that your consent is voluntary, informed, current, specific and that it is unambiguous.
What personal information do we collect?
We collect personal information primarily from our clients, but also from other sources as may be necessary. However, we only collect personal information that we need, and we only use the information that we collect for the primary purpose(s) for which we collect it. These are:
- For Applicants: Information on application forms for any of our products or any other contract or policy for which we are administrator (“Policy”). This is so we can decide whether to accept your Policy application and if so on what terms or administer your policy/contract.
- For Claimants: Information from you or other third parties to enable us to process claims under your policy and decide whether any claims you make should be accepted and their value.
- Agents and others with whom we do business: Information on any forms or documents or given orally to enable us to effectively perform business with you including, without limitation:
- To assess any entitlement, you may have under any of our incentive programs (if applicable).
- To ascertain the number and value of Policies sold to customers.
You are entitled to know what information we collect and hold about you. For example, if we collect information from another source then we will make sure that you are aware and have consented to the collection and use of the information.
We have an obligation to ensure that the information that we collect and store is up-to-date and correct.
How do we collect personal information?
Sovereign Australia may collect your personal information that is inferred or generated through various channels, including in-person interactions, written correspondence, telephone communications, and our official website.
For applicants seeking our insurance products, the primary method of collecting personal information is through both online and hard copy application forms, along with any accompanying documentation submitted to us. How we collect information from policyholders varies based on the circumstances. For instance, personal information may be gathered during annual renewal processes, through change of details forms, and direct interactions with our dedicated staff.
Additionally, Sovereign Australia may collect personal information indirectly. An example of this occurs when an applicant or policyholder furnishes personal information about another individual to be covered under an insurance policy or who is involved in a claim.
We trust our applicants and policyholders to ensure that when they provide personal information regarding a third party, they secure the necessary consent from that third party. In cases where obtaining consent is impractical, we rely on our applicants and policyholders to inform the third party about the disclosure of their personal information to Sovereign Australia.
How do we use personal information?
Generally, we only collect, hold, use and disclose your personal information for the primary purposes for which it was provided to us. Primarily, to provide our products and services to you, managing our relationship with you, and to manage our workforce. These purposes include the following:
- Providing you a product or service; including:
- Providing you with a quote.
- Considering your application.
- Arranging, verifying, and administering our insurance products and services for you.
- Communicating details about our products and services.
- Pricing a policy, offering excesses, and discounts and deciding whether to insure you and the terms.
- Issuing, renewing, or amending a policy.
- Assessing risks and underwriting insurance.
- Managing, assessing, investigating, processing, and settling any claims made.
- Administering your account, enquiries, complaints, disputes and processing any authorised payments.
- Training our employees, agents and representatives.
- Auditing, monitoring, or for quality assurance purposes and security matters.
- Detecting, investigating and preventing fraud.
- Complying with laws, statutory authorities, or government departments and agencies.
- Other purposes communicated to you at the time we collected your personal information or as required or permitted by law.
- Managing our workforce, by handling any recruitment or onboarding related activities for example, the collection of your resume, any relevant health information and carrying out criminal and other background checks for potential employees.
We do not use or disclose the information for any other purpose without the person’s consent.
In particular, we do not:
- Trade, rent or sell personal information; or
- Provide personal information to anyone without consent other than those we appoint to investigate and manage claims on our behalf.
We note that stricter regulations apply to any sensitive personal information that we may collect, use or hold. We do not collect or disclose sensitive information without consent unless:
- The collection is required by law; or
- It is necessary for the establishment, exercise or defence of a claim.
In most cases, we obtain consent in the usual course of dealing, e.g. in our Customer Policy & Declaration.
Anonymity and Pseudonymity
You have the option of remaining anonymous or using a pseudonym if you do not want to provide us with personal information. However, this may affect our ability to completely assist you with a product or service you would like. If you would like to deal with us while not identifying yourself (for example, anonymously or by using a pseudonym) we will assist you where we can, providing it is practical for us to do so.
Quality of personal information
To ensure that the personal information we collect is accurate, up-to-date and complete we:
- Record information in a consistent format.
- Where necessary, confirm the accuracy of information we collect from a public source.
- Promptly add updated or new personal information to existing records.
- Regularly audit our contact lists to check their accuracy.
- We also review the quality of personal information before we use or disclose it.
What can we disclose?
The Privacy Act does allow us to use or disclose information in some circumstances. For example, we can use your information in other ways if you consent to us doing so or if required to do so by law.
Parties to whom we may disclose your personal information include:
- Third parties who can assist in processing your claims and who can help us decide whether any claim you make should be accepted and the value of your claim e.g. Consultants, the Agent through whom you purchased the Policy, anyone who has specialised knowledge relating to the claims administration.
- Any Underwriter or other party for whom we are a Policy administrator.
- Any party who enables us to provide you with an incentive program or who enables us to effectively perform business with you.
- Any other entity related to or associated with us, who may use your personal information to inform you of our products or services, or the products or services of our related or associated entities.
Please contact us if you do not wish this to happen, or if you have concerns about our use of your personal information.
Cross-Border disclosure of personal information
The information requested from You is to share with our related and associated entities, business partners, reinsurers and service providers that may be located in Australia or overseas. The countries this information may be disclosed to will vary from time to time, but currently include the United Kingdom, Asia and South Africa. We regularly review the security of our systems used for sending personal information overseas. Any information disclosed may only be used for the purposes of collection detailed above and system administration.
Storage and security of personal information
Under the Privacy Act (Australian Privacy Principle 11) We take steps to protect the security of the personal information we hold from both internal and external threats by:
- Regularly assessing the risk of misuse, interference, loss, and unauthorised access, modification or disclosure of that information.
- Conducting regular internal and external audits to assess whether we have adequately complied with or implemented these measures.
- Implementing ICT security measures, including network authentication, software-based security, and data encryption.
How long will Sovereign Australia retain your information?
Sovereign Australia will only ask for and retain information for as long as we need it to administer the function of your products. After this period ends Sovereign Australia will delete/redact information to ensure that no personal identifiers are stored within any Sovereign Australia databases.
Accessing and correcting your Personal Information
Under the Privacy Act (Australian Privacy Principles 12 and 13) you have the right to ask for access to personal information that we hold about you and ask that we correct that personal information. You can ask for access or correction by contacting us and we must respond within 30 days. If you ask, we must give you access to your personal information, and take reasonable steps to correct it if we consider it is incorrect, unless there is a law that allows or requires us not to.
We will ask you to verify your identity before we give you access to your information or correct it, and we will try to make the process as simple as possible. If we refuse to give you access to, or correct, your personal information, we must notify you in writing setting out the reasons.
If we make a correction and we have disclosed the incorrect information to others, you can ask us to tell them about the correction. We must do so unless there is a valid reason not to.
If we refuse to correct your personal information, you can ask us to associate with it (for example, attach or link) a statement that you believe the information is incorrect and why.
We will not charge you for responding to such a request unless we incur costs in providing or correcting the information (we are entitled to charge reasonable costs for our time in providing or correcting the information).
Data erasure rights
You have the right to request for Sovereign Insurance to delete your personal data. Sovereign Insurance must also inform any third parties that have provided the data about the erasure request.
Dealing with Sovereign Australia Online
This Policy also applies to any personal information that you provide to us, including personal information that you email to Sovereign Australia or provide when using our website.
There are inherent risks in transmitting information across the Internet. Sovereign Australia cannot ensure the security of personal information transmitted to us via online channels. However, once we receive personal information online, we will take reasonable steps to protect that information from misuse, loss, unauthorised access, modification or disclosure, other than in accordance with this Policy. If you are concerned about conveying personal information to Sovereign Australia over the Internet, you may prefer to contact us by telephone or mail.
Our website uses cookies and web beacons. A cookie is a small piece of code that is placed on your computer. A web beacon is a piece of code that is placed on each page that communicates the cookie’s content once the page is visited. Cookies and web beacons may collect information about each page of the website that you visit, your server address, the type of browser you are using, your operating system, your top-level domain name and the date and time that each page is accessed. Use of cookies and web beacons does not involve the retrieval or recording of any personal information (such as a name or email address) by Sovereign Australia. In all cases in which cookies are used, the cookie will not collect personal information except with your consent. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.
This Policy does not apply to, and Sovereign Australia is not responsible for, the use of, or the protection of information provided to, other websites linked to our website.
What Sovereign Australia will and won’t ask you for?
Sovereign Australia will never send out emails or SMS messages to you directly asking for payments of any sort and asking you to confirm banking details or passwords. If you believe you’ve received a phishing email that appears to have come from Sovereign Australia, don’t respond, and don’t click on any links or open any attachments. Simply forward the entire email to admin@sovereignaustralia.com.au and delete it.
Mandatory Notification of Data Breach Scheme (MNDB)
Sovereign Australia operates within the guidelines of the MNDB Scheme that requires us to notify individuals, and the Office of the Australian Information Commissioner of personal information involved in a data breach that is likely to result in serious harm.
Sovereign Australia will comply with necessary actions, including but not limited to:
- Advising the individual of any data breach within the required time frames;
- Taking the necessary remedial action to contain the breach and mitigate harm caused from the breach; and
- Notifying the Office of the Australian Information Commissioner within the mandatory 72-hour reporting timeframe for eligible data breaches without undue delay under the MNDB Scheme.
What if I am not satisfied with Sovereign Australia’s response?
If you believe that we have not dealt with your personal information in accordance with the law, or this policy, or you believe that you have been wrongly denied access to your personal information, you can refer your complaint to the Office of the Australian Information Commissioner (OAIC) for further review.
You can contact the Office via their website www.oaic.gov.au or by writing to the Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001.
Contact Details
If you have any questions or concerns about this Privacy Policy, our privacy complaints procedure, or wish to lodge a request to access your personal information you can contact us in writing to the Privacy Officer at:
The Privacy Officer
Email: admin@sovereignaustralia.com.au
Telephone number: 1800 240 125