We respect your rights to privacy under the Privacy Act 1988 (Cth) (Act) and we comply with all of the Act’s requirements in respect of the collection, management and disclosure of your personal information.
If you require further information about how we deal with your personal data under European Economic Area (EEA) data protection laws, please refer to AXA XL’s European Privacy Notice at https://axaxl.com/privacy-notice or contact our Privacy Officer using the details further below.
Data Controllers responsible for the Processing of your Personal Data
Catlin Australia Pty Limited
Level 28, 123 Pitt Street
XL Insurance Company SE – Australian Branch
Level 28, 123 Pitt Street
What is your personal information?
What personal information do we collect and hold?
We may collect the following types of personal information:
- your contact details, including your name, mailing or street address, email address, telephone number and facsimile number;
- your employment details, including your profession, occupation or job title, your employer’s details and salary;
- your financial details, including your tax file number, lists of personal assets and banking details;
- other personal information that may be specific to the insurance policy you are taking out with us, such as your age or birth date, names and contact details of any dependents or beneficiaries, claims history, criminal history, driving history, aviation history, details of property to be insured and health and medical information;
- your employment-related information if you apply for a position with us;
- details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries; and
- any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or your agents or representatives (such as brokers), or otherwise.
We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.
In certain instances, we may be required to collect your name, address, date of birth and other verification information under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth).
How do we collect your personal information?
We collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect in ways including:
- when you complete an application or order for an insurance policy;
- when you request changes to your insurance policy;
- when you make a claim or when we investigate a claim under your insurance policy;
- through your access and use of our website;
- during conversations between you or your representatives and us or our representatives; or
- when you apply for a position with us.
We may also collect personal information from third parties including:
- people who are involved in insurance decisions and claims such as investigators, actuaries, professional advisors, medical practitioners, hospitals and other health care providers and third party claims managers;
- our related bodies corporate;
- publically available sources;
- brokers, reinsurers, cedants and cover holders or other underwriting organisations; and
- other external companies such as recruitment agents, service providers, credit reporting agencies, law enforcement agencies and other government entities or any other third parties other than those listed above who assist us with complaints made by you or with incidents and claims involving you.
Google will not associate your IP address with any other data held by Google.
What happens if we can’t collect your personal information?
If you do not provide us with the personal information described above, some or all of the following may happen:
- we may not be able to provide the requested products or services to you, either to the same standard or at all;
- we may not be able to process or consider your claim;
- we may not be able to provide you with information about products and services that you may want, including information about discounts, sales or special promotions;
- we may be unable to communicate with you or on your behalf regarding a claim;
- if you are applying for a position with us, we may be unable to consider your application for a position; or
- we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.
For what purposes do we collect, hold, use and disclose your personal information?
We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of customer service.
We collect, hold, use and disclose your personal information for the following purposes:
- to provide products and services to you and to send communications requested by you;
- to process, investigate and respond to any claim;
- to answer enquiries and provide information or advice about existing and new products or services;
- to communicate with you and to others on your behalf in relation to your rights and any claims;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
- for the administrative, marketing (including direct marketing), planning, product or service development, quality control and our research purposes;
- to provide your updated personal information to our related bodies corporate, contractors or service providers;
- if you have applied for a position with us, to evaluate your application;
- to update our records and keep your contact details up to date;
- to process and respond to any complaint made by you; and
- to comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.
To whom may we disclose your information?
We may disclose your personal information to:
- claims investigators, actuaries, professional advisors and third party claims managers;
- our related bodies corporate;
- brokers, reinsurers, cedants and cover holders or other underwriting organisations;
- contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, management, finance, operations and compliance staff, legal advisors, business advisors and consultants;
- to a witness or another party to a claim made by you, to a repairer, supplier, an organisation that provides you with banking facilities, engineers, property valuers and any other expert that we may need to engage for the purpose of claims assessment;
- injury management providers including medical practitioners, rehabilitation advisers and health care providers;
- suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and
- any organisation for any authorised purpose with your express consent.
Direct marketing materials
We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). You consent to us sending you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.
We do not provide your personal information to other organisations for the purposes of direct marketing.
How can you access and correct your personal information?
You may request access to any personal information we hold about you at any time by contacting us (see the details below). Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge for simply making the request and will not charge for making any corrections to your personal information.
There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.
If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment then we will add a note to the personal information stating that you disagree with it.
What is the process for complaining about a breach of privacy?
If you believe that your privacy has been breached, please contact our Privacy Officer using the contact information below and provide details of the incident so that we can investigate it.
We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint After we have completed our enquiries, we will contact you to advise the outcome and invite a response to our conclusions about the complaint. If we receive a response from you, we will assess it and advise if we have changed our view.
Do we disclose your personal information to anyone outside Australia?
We may disclose personal information to our related bodies corporate and third party suppliers and service providers located overseas for some of the purposes listed above. We take reasonable steps to ensure that the overseas recipients of your personal information do not breach the privacy obligations relating to your personal information.
We may disclose your personal information to entities located outside of Australia, including the following:
- our related bodies corporate, located in over 50 cities around the world.A list of those countries can be found on our website (www.axaxl.com);
- our service providers, located in India and Poland; and
- other third parties located overseas where it is necessary for the purposes of processing.
Transfer of Personal information from the EU
Where we transfer personal data from EU countries to AXA companies and service providers outside the European Economic Area (EEA), We provide safeguards to ensure the security and the confidentiality of your personal data, by framing the transfer through either (i) the Standard Contractual Clauses adopted by the European Commission or (ii) through Binding Corporate Rules when your personal data is transferred to other entities of the AXA Group
We take reasonable steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure. We may hold your information in either electronic or hard copy form.
As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet. Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.
Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices.
We ask for personal information from job applicants to assist with our recruitment process. The personal information you supply will be kept in a recruitment folder. Employees involved with short-listing and appointment will have access to this data. This could be managers, personnel and departmental support employees. We will not disclose this information to anyone outside of our organisation without your consent. If you are unsuccessful, we may retain your application for 12 months after the appointment has been made and, after that period, we will ordinarily dispose of your application form and any other papers submitted.
Information on your job application form may be held in hard copy or computer systems. We will observe strict confidentiality and disclosures will only be made for payroll, personnel administration and statistical purposes.
We are committed to the principle of equal opportunities. Our policy is to attract, recruit and develop the most talented and capable individuals, regardless of age, gender, sexual orientation, marital status, religion, colour, race, ethnic origin, nationality or disability. We may use this information collected from your application for the purposes of monitoring the quality of opportunity in our employment policy.
If you have questions about your rights or concerns regarding the way in which your personal information has been used, please contact our Data Protection Officer at firstname.lastname@example.org.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority.
Last status: August 2020.