Personal Information is information or an opinion, recorded in a material form or otherwise, whether true or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion.
Sensitive Personal Information includes health information and information about a person's race, ethnic origin, political opinions, membership of political, professional or trade associations, religious or philosophical beliefs, sexual preferences, criminal history, biometric information used for automated biometric verification or identification and biometric templates.
The Group will only collect Personal Information from you that is necessary for the Group to perform its functions and activities or if legally obliged to do so. We use personal information to provide insurance services, including policy processing, underwriting, payment of claims and other activities relating to our business.
The Group collects personal information from you in a number of ways and depending on the services you require:
The types of information may include, but are not limited to the following:
The Group takes all reasonable steps to protect your Personal Information it holds from misuse and loss and from unauthorised access, modification and disclosure. These steps may include password protection for electronic files, securing paper files in locked cabinets and physical access restrictions. The Group may provide staff training in relation to the methods we use to protect your Personal Information.
When your Personal Information is no longer required by the Group for the purpose for which the information was collected, the Group will take reasonable steps to destroy or permanently de-identify your Personal Information by deleting electronic files or destroying paper records in a secure manner including shredding the paper record.
The Group will only collect information from you by lawful and fair means with your consent and not in an unreasonably intrusive way. While the Group will normally collect Personal Information directly from you, it may also collect your Personal Information indirectly through marketing agents or through a Related Body Corporate or subsidiary.
You may contact the Group anonymously, however if you do so and do not disclose Personal Information requested by the Group, it may not be able to provide you with all or part of the Services. The Group requires a duty of disclosure from clients to enable it to determine whether to insure a client or not. Without requested Personal Information, such a decision, advice or information may not be able to be provided.
We may send you direct marketing using your personal information advising you about our services. You can contact us to opt out of any direct marketing free of charge.
The Group does not generally collect Sensitive Personal Information. We will not collect Sensitive Personal Information about you without your consent or as otherwise required or permitted by law. Furthermore, the Group will not adopt, use or disclose an identifier assigned to you by any other organisation (for example a tax file number or any other unique identifying number or sequence) except to the extent required or permitted by law.
If the Group receives unsolicited personal information and it determines it would not have collected such information if it solicited it, as soon as practical and if lawful, it will destroy the personal information.
The Group will not use or disclose your Personal Information except in accordance with this section. If the Group uses or discloses your Personal Information then, to the extent required by law, it will ensure that:
(a) you have consented to the use of your Personal Information. For example;
(b) the use or disclosure is required or authorised by or under law; or
(c) the use or disclosure is otherwise required or permitted by law (for example, as a necessary part of an investigation of suspected unlawful activity).
The Group may need to disclose your Personal Information to the following entities:
We may also use your Personal Information to send promotional material to enable us to manage your ongoing requirements and our relationship with you. This may include occasional notification of new services, special offers, events or articles on insurance matter we think will be of interest to you. If you would rather not receive such communication you can opt out via the contact options in section 8.
We currently use the following marketing and analytics features on our website.
We use these features to:
Whilst we believe these features are beneficial to you when interacting with Rapid Solutions, you may wish to disable the Google features. You can do so via the following link https://tools.google.com/dlpage/gaoptout/.
We may also collect, use and exchange information with third parties in line with this policy and as permitted by law, including third parties such as brokers, agents, insurance companies, reinsurance intermediaries and other companies who provide services for us in connection with our company operations.
You may request access to your Personal Information at any time. Prior to giving you this information the Group will take steps necessary to determine your identity. The Group will provide you with access to your own Personal Information wherever possible and within a reasonable time, except to the extent that:
In circumstances where information is withheld in connection of a commercially sensitive matter, the Group may give you an explanation for the commercially sensitive decision rather than direct access to the information.
The Group will not charge you for providing access to your Personal Information if you wish to inspect a file. However if you want a photocopy of your Personal Information it may charge you reasonable photocopying charges.
If the Group does not provide you with access to your Personal Information because of any of the reasons set out above, it will give you a reason for the refusal or consider whether the use of mutually agreed intermediaries will allow sufficient access to meet the needs of both parties. If you are unhappy with the decision you can take the matter further by contacting the Privacy Officer.
The Group will take all reasonable steps to ensure your Personal Information it collects, uses or discloses is accurate, complete and up to date. These steps include updating your Personal Information when the Group is advised by you that your Personal Information has changed and at other times as are necessary. If the Personal Information the Group holds about you is not accurate, complete or up-to-date, we will correct your Personal Information to ensure that your personal information is correct within a reasonable time. To correct or update your Personal Information you can contact the Group via the options in section 8
As the Group’s insurance underwriter, (Pacific International Insurance Pty Limited (PIIPL) also has operations in New Zealand, your Personal Information may be disclosed and held there. PIIPL may also be required to disclose your personal information to its reinsurers as part of providing your service. The Group will not disclose your Personal Information to any other foreign entity that is not subject to a comparable information privacy scheme, except with your consent or as otherwise required or permitted by law.
If personal information is transferred to countries outside Australia that do not have legislation similar to the Privacy Act, we will take steps to ensure that adequate measures are taken by our clients to protect the personal information before it is transferred.
The Group’s office and Privacy Officer can be contact via the below options:
Address: PO BOX 550 KOTARA NSW 2289
Telephone: 1300 309 169
Fax: 02 4954 3660
A breach of privacy occurs where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals
AND this event could allow serious harm to an individual:
What happens after a breach?
If a breach occurs we must, within 30 days of any breach or data loss, notify all affected customers and the Government Privacy Commissioner and disclose the information involved. We must also advise the affected customers what they should do to protect themselves.
The Breach of Privacy procedure sets out the process that the Group will undertake in order to address any complaints made regarding breaches of the Privacy Act 1988 and State or Territory legislation in relation to health information.
A person may make a complaint if they have concerns about how we have dealt with their personal information. For example, this could include complaints about our collection, retention, use or disclosure of their personal information.
Process for addressing complaints regarding a breach should be completed within 30 days unless there are exceptional circumstances and based on the following steps:
a. The complaints process
b. The contact person and details
c. The expected timeframes
d. Confirmation of the complaint being made and
e. Requesting any further information that may be required from the complainant
If it is found there was a breach, the steps for resolving the complaint include, in consultation with the complainant:
If there is no breach, the reason for that finding is to be provided in writing to the complainant, including specifying the relevant parts of the applicable legislation on which the finding is based.
If the Privacy Officer is unable to communicate the decision and outcome within the 30 business days, the Privacy Officer must make the complainant aware of the circumstances.
Breaches of the Privacy Act will be reported to the RSH Board.
Complaints where the Complainant remains dissatisfied with the response will be escalated to the CEO and the Board Risk Committee to adjudicate on the matter.
All final written responses must set out that if the complainant is not satisfied with the response, a complaint may be made to the Office of the Australian Information Commissioner at:
GPO Box 5218, Sydney NSW 2001
Ph: 02 9284 9666