Privacy policy
Updated 4 July 2023
Section A — Introduction
Introduction
The information in this document details how we, Wintersea Pty Ltd, trading as Halcyon Insurance Partners, comply with the requirements of the Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles in protecting the personal information we hold about you.
Personal information is any information or opinion about you that is capable, or reasonably capable, of identifying you, whether the information or opinion is true or not and is recorded in material form or not.
Sensitive information includes such things as your racial or ethnic origin, political opinions or membership of political associations, religious or philosophical beliefs, membership of a professional or trade association or trade union, sexual orientation or criminal record, that is also personal information. Your health, genetic and biometric information and biometric templates are also sensitive information.
We will act to protect your personal and sensitive information in accordance with the Australian Privacy Principles and the Privacy Act.
We collect personal and/or sensitive information to provide you with the products and services you request as well as information on other products and services offered by or through us. The law requires us to collect personal and/or sensitive information.
Your personal and/or sensitive information may be used by us to administer our products and services, for prudential and risk management purposes and, unless you tell us otherwise, to provide you with related marketing information. We also use the information we hold to help detect and prevent illegal activity. We cooperate with police and other enforcement bodies as required or allowed by law.
We disclose relevant personal information to external organisations that help us provide services. These organisations are bound by confidentiality arrangements.
You can seek access to the personal information we hold about you. If the information we hold about you is inaccurate, incomplete, or outdated, please inform us so that we can correct it. If we deny access to your personal information, we will let you know why. For example, we may give an explanation of a commercially sensitive decision, or give you access to the information through a mutually agreed intermediary, rather than direct access to evaluative information connected with it.
Section B — Collection Of Personal Information
Why We Collect Information
We collect personal information when it is reasonably necessary for one or more of our functions or activities.
These include:
providing customers with the products and services they request and, unless they tell us otherwise, to provide information on products and services offered by us and external product and service providers for whom we act as agent. (If you have provided us with your email or mobile phone details, we may provide information to you electronically with respect to those products and services);
complying with our legal obligations;
monitoring and evaluating products and services;
gathering and aggregating information for statistical, prudential, actuarial and research purpose;
assisting customers with queries; and
taking measures to detect and prevent frauds.
Information We May Collect
The personal and sensitive information we collect generally consists of name, address, date of birth, gender, marital status, occupation, account details, contact details (including telephone, facsimile and e-mail) and financial information.
If you have or are applying for life insurance or income protection insurance, we also collect medical and lifestyle information that relates to the insurance. This information may include your sexual activity and is collected so we may assess whether to accept your insurance proposal and, if so, on what terms.
How We Collect The Information
We only collect personal information about you directly from you (rather than someone else) unless it is unreasonable or impracticable to do so or you have instructed us to liaise with someone else.
Incomplete Or Inaccurate Information
We may not be able to provide you with the products or services you are seeking if you provide incomplete or inaccurate information.
Sensitive Information
In addition to the above conditions of collecting personal information, we will only collect sensitive information about you if we obtain prior consent to the collection of the information or if the collection is required or authorised by law.
Section C — Integrity Of Your Personal Information
Security Of Personal Information
We are committed to ensure that we protect any personal information we hold from misuse, interference, loss, unauthorised access, modification and disclosure.
For this purpose, we have a range of practices and policies in place to provide a robust security environment. We ensure the ongoing adequacy of these measures by regularly reviewing them.
Section D — Use Or Disclosure Of Personal Information
Who We May Communicate With
Depending on the product or service you have, the entities we exchange your information with include but are not limited to:
brokers and agents who refer your business to us;
affiliated product and service providers and external product and service providers for whom we act as agent (so that they may provide you with the product or service you seek or in which you have expressed an interest);
auditors we appoint to ensure the integrity of our operations;
any person acting on your behalf, including your solicitor, settlement agent, accountant, executor, administrator, trustee, guardian or attorney;
insurers, including proposed insurers and insurance reference agencies (where we are considering whether to accept a proposal of insurance from you and, if so, on what terms);
medical practitioners (to verify or clarify, if necessary, any health information you may provide);
Our use or disclosure of personal information may not be limited to the examples above.
Disclosure Required By Law
We may be required to disclose customer information by law e.g. under Court Orders or Statutory Notices pursuant to taxation or social security laws or under laws relating to sanctions, anti-money laundering or counter terrorism financing.
Section E — Direct Marketing
Direct Marketing
We will only use or disclose the personal information we hold about you for the purpose of direct marketing if we have received the information from you and you have not requested not to receive such information.
Direct marketing means that we should use your personal information to provide you with information on our products and services that may interest you.
If you wish to opt-out of receiving marketing information altogether, you can:
call us on 08 6118 7804 or
write to us at insurance@halcyoninsurance.com.au.
Section F — Access To Personal Information
Access
You can request us to provide you with access to the personal information we hold about you.
Requests for access to limited amounts of personal information, such as checking to see what address or telephone number we have recorded, can generally be handled over the telephone.
If you would like to request access to more substantial amounts of personal information such as details of what is recorded in your account file, we will require you to complete and sign a “Request for Access to Personal Information” form.
We will respond to your request as soon as possible and in the manner requested by you. We will endeavour to comply with your request within 14 days of its receipt but, if that deadline cannot be met owing to exceptional circumstances, your request will be dealt with within 30 days. It will help us provide access if you can tell us what you are looking for.
Your identity will be confirmed before access is provided.
Exceptions
In particular circumstances we are permitted by law to deny your request for access, or limit the access we provide. We will let you know why your request is denied or limited if this is the case. For example, we may give an explanation of a commercially sensitive decision rather than direct access to evaluative information connected with it.
Refusal To Give Access And Other Means Of Access
If we refuse to give access to the personal information or to give access in the manner requested by you, we will give you a written notice setting out the reasons for the refusal, the mechanisms available to complain and any other relevant matter.
Additionally, we will endeavour to give access in a way that meets both yours and our needs.
Section G — Correction Of Personal Information
Correction
We will correct all personal information that we believe to be inaccurate, out of date, incomplete, irrelevant or misleading given the purpose for which that information is held or if you request us to correct the information.
If we correct your personal information that we previously disclosed to another APP entity you can request us to notify the other APP entity of the correction. Following such a request, we will give that notification unless it is impracticable or unlawful to do so.
Section H — Contact Us And Complaints
Contact
If you have any questions or would like further information about our privacy and information handling practices, please contact us by:
Email: insurance@halcyoninsurance.com.au; or
Phone: 08 6118 7804; or
Post: PO BOX 288 North Fremantle, Western Australia 6159.
Making A Privacy Complaint
We offer a free internal complaint resolution scheme to all of our customers. Should you have a privacy complaint, please contact us to discuss your concerns.
You will also have free access to an external dispute resolution scheme in which we are member.
To assist us in helping you, we ask you to follow a simple three-step process:
Gather all supporting documents relating to the complaint.
Contact us and we will review your situation and if possible, resolve your complaint immediately.
If the matter is not resolved to your satisfaction, you have the right to contact the Office of the Australian Information Commissioner (“OAIC”). You can contact the OAIC to make a query concerning your privacy rights, or to lodge a complaint with the OAIC about how we have handled your personal information. You can contact the OAIC’s hotline on 1300 363 992 or visit their website at www.oaic.gov.au. The OAIC has the power to investigate a complaint and make a determination.
Ingenious Brokers Pty Ltd (‘Ingenious Brokers’) respects your privacy and is committed to protecting your privacy. At Ingenious Brokers, we understand the importance you attach to information that identifies you (your ‘personal information’) and we want to help you protect it.
We are bound by and committed to supporting, the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This Privacy Policy explains how we handle information that we learn about you when you submit any personal information to us or our associated entities in person, by mail or by email.
How Do We Collect Personal Information from You?
We will only collect personal information which you have voluntarily provided to us or consented to us collecting the information.
We may collect personal information about you in a variety of ways, for example:
- when you retain our services or apply for employment with us.
- when you subscribe to our newsletter or mailing list (if applicable).
- when you contact us or our associated entities, for example by mail, email, or telephone.
- Indirectly from fund managers, superannuation funds, life insurance companies and other product issuers once you have authorised us to obtain such information or authorised other parties to provide us with this information.
However, we require certain personal information to be able to provide you with the services and information you request. If you do not provide us with certain personal information, we may not be able to provide you with access to those services or respond to your request.
What Type of Personal Information Do We Collect?
The type of personal information we may collect from you includes (but is not limited to):
- names, dates of birth, gender, address, email, phone numbers, educational qualifications, employment history salary and job titles.
- information in documents such as passport, driver’s licence, tax file numbers (TFNs), Medicare Number.
- financial information including details of superannuation, insurance arrangements bank account details, shareholdings, and details of investments.
- sensitive information (with your consent), such as health information or membership details of professional or trade associations or political parties.
- visa or work permit status; and
- personal information about your spouse and dependants.
How Do We Use Your Personal Information?
Ingenious Brokers and our associated entities will use the information you supply for the purpose of providing you with the service(s) agreed under our engagement, such as accounting or business advisory services. We may also use the information we collect for our internal business and management processes (for example, accounting or auditing purposes), keeping you informed about our services and company news, and for any other purposes that would be reasonably expected by you and to allow us to comply with our obligations under the law.
How Do We Disclose Your Personal Information?
Your personal information will only be disclosed to those employees or consultants of Ingenious Brokers, and its associated entities related to the agreed provision of services. Depending on the nature of the engagement, we may need to disclose your personal information to third parties which may include service and content providers (for example accounting or auditing service providers), dealers and agents, or our contractors and advisors.
Ingenious Brokers and its associated entities shall not knowingly provide personal information to any third party for any other purpose without your prior consent unless ordered to do so by a law enforcement body, court of law or other governmental or regulatory body or agency.
Access to Your Personal Information
You can request us to provide you with access to personal information we hold about you by sending us an email: info@ingeniousbrokers.com.au (no spam please) or writing to us at PO Box 1333, South Melbourne VIC 3205. We may allow an inspection of your personal information in person, or provide copies or a summary of relevant documents, depending on what is the most appropriate in the circumstances. Any charge we make for providing access will be reasonable and will not apply to lodging a request for access.
Your request to access your personal information will be dealt with in a reasonable time. Note that we need not provide access to personal information if a request is frivolous, or where to provide access would pose a threat to health or public safety, unreasonable interference with another person’s privacy, or be a breach of the law. If we refuse access, we will provide you with reasons for doing so.
Accuracy and Correction
To enable us to keep our records properly, please notify us if you believe that any information, we hold about you is inaccurate, incomplete, or out of date and we will take reasonable steps, in the circumstances, to ensure that it is corrected. You can notify us by sending us an e-mail: info@ingeniousbrokers.com.au (no spam please) or writing to us at PO Box 1333, South Melbourne VIC 3205.
Our Security Procedures
Ingenious Brokers takes your privacy and the privacy of its associated entities and their clients very seriously. We will take reasonable steps in the circumstances to protect any personal information you provide to us from misuse, interference or loss and unauthorised access, modification, and disclosure. We will also de-identify and destroy the personal information we hold about you once our legal obligations cease. Our security procedures are reviewed from time to time, and we update them when relevant.
However, please be aware that the transmission of data over the Internet is never guaranteed to be completely secure. It is possible that third parties not under the control of Ingenious Brokers may be able to access or intercept transmissions or private communications without Ingenious Brokers' permission or knowledge. Ingenious Brokers takes all reasonable steps, in the circumstances, to protect your personal information. However, we cannot ensure or warrant the security of any information you transmit to us. Such transmissions are done at your own risk.
Data Breach Notification
Under the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), Ingenious Brokers is required to give notice to the Australian Information Commissioner (OAIC) and affected individuals of an "eligible data breach". This means that if we hold personal information about you, and there is unauthorised access to or disclosure of your personal information, and if you, as the "affected individual" would be likely to suffer serious harm from this access or disclosure, we must notify both you and the OAIC.
"Serious harm" could include identity theft, threats to physical safety, economic and financial harm, harm to reputation, embarrassment, discrimination, or harassment. The test is whether a "reasonable person" would expect you to suffer serious harm.
If you are likely to suffer serious harm from a data breach, we will notify you of:
- the nature of the eligible data breach (i.e., how the information was accessed or disclosed).
- the type of information that was accessed or disclosed.
- the steps that we have taken to control or reduce the harm, and those that we plan to take.
- any assistance we can offer you, such as arranging for credit monitoring.
- anything that we can suggest you can do to assist yourself or mitigate the harm.
- whether the breach has also been notified to the OAIC.
- how you can contact us for information or to complain; and
- how to make a complaint with the OAIC.
We will notify you using the same method that we usually use to communicate with you. If it is not practicable for us to notify you personally, we will email the notification.
There are some circumstances in which we do not have to notify you of a data breach. These include:
- where we have taken remedial action before any serious harm has been caused by the breach.
- if you have been notified of a breach by another entity.
- if notification would be inconsistent with Commonwealth secrecy laws; or
- where the Commissioner declares that notification does not have to be given.
Depending on the nature of the breach and the harm, we will also consider informing other third parties such as the police or other regulators or professional bodies.
Identifiers
We will not adopt as our own, any government identifiers you may provide to us such as TFNs etc.
Changes to our Privacy Policy
This information relates to our current Privacy Policy. From time to time, we may vary this policy for any reason. We will email any changes to you. By continuing to provide us with your information, you confirm your acceptance of these changes.
Complaints Resolution
Ingenious Brokers is committed to providing a fair and responsible system for the handling of complaints from parties whose personal information we hold. If you have any concerns regarding the way, we have handled your privacy, please send us an e-mail at info@ingeniousbrokers.com.auu or write to us at PO Box 1333, South Melbourne VIC 3205. We will address any concerns you have through our complaints handling process and we will inform you of the outcome of your complaint within a reasonable timeframe. However, if after receiving our response, you still consider that your privacy complaint has not been resolved, you may refer your concerns to the Office of the Australian Information Commissioner at www.oaic.gov.au.