An individual who provides personal information to us, either directly or through a business partner, distributor or referrer, agent or service provider is given access to this Policy. By providing personal information to us and having access to this Policy an individual consents to us collecting, holding, using and disclosing personal information in accordance with this Policy.
Types of information collected
We may collect and hold personal information about you, that is, information that can identify you, and is relevant to providing you with the services you are seeking.
The kinds of information we typically collect include name, address, date of birth, age, contact details like phone numbers and email addresses, financial information and employment information to process your premium payments, health information as well as electronic information from your use of our website (see further below).
Sureplan will not disclose, share or sell your personal information to any unauthorised third party, and will only disclose your personal information to parties for the purposes of carrying out the functions outlined above or paying commission to our agents.
Except as otherwise permitted by law, we only collect sensitive information about you, such as medical and health information, if you consent to the collection of the information and if the information is reasonably necessary for the performance of our functions, as set out below.
Purpose of collection
The personal information that we collect and hold about you, depends on your interaction with us.
Generally, we will collect, use and hold your personal information for the purposes of:
In some instances, Sureplan may ask for personal details in order to comply with relevant legislation, such as the Life Insurance Act 1995, the Corporations Act 2001, or taxation laws to process your application, or provide you with Sureplan’s high standard of service.
We will hold personal information for as long as necessary in order to meet the purposes described in this Policy and as required by law. For example, personal information in connection with policies will be held for the life of the policies.
We will not disclose your personal information for any other purpose unless the individual has provided us with consent. There may be other purposes where we may disclose your personal information other than those mentioned above. We will only do this if it would be reasonably expected of us to do so in the circumstances.
Method of collection
Personal information will generally be collected directly from you through the use of any of our standard forms, over the internet, via email, or through a telephone conversation with you. There may, however, be some instances where personal information about you will be collected indirectly because it is unreasonable or impractical to collect personal information directly from you. For example, by applying for cover, you consent to Sureplan collecting (from third parties including hospitals, other health care providers and funeral homes) sensitive information about you and using it to consider your application for insurance, assessing any claims made by you, and any other related purposes.
We will usually notify you about these instances in advance, or where that is not possible, as soon as reasonably practicable after the information has been collected.
Failure to provide information or consent
If the personal information you provide to us is incomplete or inaccurate or your consent is not given, we may be unable to provide you, or someone else you know, with the services you, or they, are seeking.
If you access our website, we may collect additional personal information about you in the form of your IP address and domain name.
Our website may contain links to other websites. We are not responsible for the privacy practices of linked websites and linked websites are not subject to our privacy policies and procedures.
Generally, we only use or disclose personal information about you for the purposes for which it was collected (as set out above). We may disclose personal information about you to:
In some circumstances, the law may permit or require us to use or disclose personal information for other purposes (for instance where you would reasonably expect us to and the purpose is related to the purpose of collection).
We store your personal information in different ways, including in paper and in electronic form. The security of your personal information is important to us. We take all reasonable measures to ensure that your personal information is stored safely to protect it from misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures.
Your personal information will be stored in servers located in Australia for the purposes set out above. We do not currently disclose personal information to overseas recipients.
You may access the personal information we hold about you, upon making a written request. We will try to acknowledge your request within 14 days of its receipt, and to provide you with access to the information requested within 30 days. We may charge you a reasonable fee for providing access to your personal information (but not for making a request for access).
Sureplan requires that any requests for changes to a member’s record must be in writing and signed by the member. It is imperative that members advise Sureplan of changes to theirs or their nominee’s details promptly.
We may decline a request for access to personal information in circumstances prescribed by the Privacy Act and if we do, we will provide you with a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).
If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
If we refuse to correct your personal information, we will provide you with a written notice that sets out the reason for our refusal (unless it would be unreasonable to provide those reasons) together with information about the mechanisms available to you to make a complaint.
If you wish to make a complaint about a breach of the Privacy Act, Australian Privacy Principles or a privacy code that applies to us, please contact us as set out below and we will take reasonable steps to investigate the complaint and respond to you. If you are not happy with our response, you may complain directly to the federal Information Commissioner (OAIC), see below.
If we have not responded to the complaint within 30 days or if you are not satisfied with our response, then you can refer the matter to the OAIC. An individual may make a complaint with the OAIC:
By applying for membership and purchasing a policy, you consent to the collection, handling, use and disclosure of personal information by us in accordance with this Policy.
For more information about privacy in general, you can visit the OAIC website at www.oaic.gov.au.
The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act establishes requirements for entities in responding to data breaches. Entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach.
We have procedures in place to ensure compliance with the NDB scheme.