In this Privacy Policy the terms “we“, “our” and “us” refers to Catholic Church Insurance Limited ABN 76 000 005 210 (Catholic Church Insurance).CCI is committed to collecting and handling your personal information in accordance with the privacy law obligations contained in the Privacy Act 1988 (Cth). We are committed to ensuring that all of our business dealings comply with the 13 Australian Privacy Principles (APPs) and the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) and acknowledge the importance of safeguarding your personal details. The principles that relate to the protection of your personal information are:
- Open and transparent management of personal information
- Anonymity and pseudonymity
- Collection of solicited personal information
- Dealing with unsolicited personal information
- Notification of the collection of personal information
- Use or disclosure of personal information
- Direct marketing
- Cross-border disclosure of personal information
- Adoption, use or disclosure of government related identifiers
- Quality of personal information
- Security of personal information
- Access to personal information
- Correction of personal information.
The adoption of the APPs supports our management philosophy that promotes mutual trust, respect, equity and fair treatment of all our clients. CCI supports:
- fair and open information collection practices,
- processes that ensure personal information kept by us is accurate, complete and current, and
- your right to access and where necessary, correct information held by us.
What kind of personal information does CCI collect and hold?
Personal information means information we collect and hold about you from which your identity is either apparent or can be reasonably determined. This may include:
- your name, date of birth, gender,
- contact details such as your address, telephone number, email address,
- details of your marital status and/or occupation,
- your driver’s licence number and/or Tax File Number (TFN),
- your financial information, and
- in some instances, we may request sensitive personal information such as medical information that relates to the insurance.
You do not have to provide us with your personal information. However, if you don’t it may affect our ability to assist you or provide you with a product or service.
Sensitive Information
CCI will not collect sensitive personal information revealing racial or ethnic origin, political opinions, religious beliefs or affiliations, philosophical beliefs, trade-union membership, sexual preferences, criminal record or details of health or medical information unless you have consented, or the collection is required or specifically authorised by law.
Unsolicited personal information
In the event that we receive unsolicited personal information from you, such as an employment application sent to us by you which is not in response to an advertised position, we will determine whether it could have been collected under APP 3 (collection of solicited information) in which case, it will treated in accordance with our Privacy Policy, or will otherwise be destroyed and/or de-identified as soon as practicable.
How your personal information is collected, held, used and disclosed
Personal information is collected by CCI in a fair and lawful manner, and will generally be collected directly from you. It may relate to your specific insurance policy and/or product preference; workers compensation claim and on occasion, your return to work program; or investment preference.
We may collect personal information directly from you when you:
- fill in an application form,
- lodge a claim,
- deal with us over the telephone,
- email us,
- send us mail by post,
- contact us by facsimile,
- ask us to contact you via our website, or
- have contact with a staff member in person.
The information we collect enables us to:
- correct your details,
- determine a claim,
- administer your policy, for example process payments,
- communicate with you regarding updates on CCI’s Scheme of Arrangement,
- deal with your complaint about our products or services, or
- assess your application for employment with us.
We are committed to only collecting personal information that is relevant to your application for insurance or other relevant products, your individual policy, insurance or workers compensation claim. Where practicable, we will only collect personal information directly from you. Where we collect information about you from someone else (e.g. a broker, loss adjuster or an assessor) we will, wherever possible, make sure you know we have done this. You may be required to verify your identity such as providing your full name and date of birth.
The purposes for which your personal information is collected, held, used and disclosed
Once CCI has collected your personal information, we will manage it in accordance with the APPs and the Privacy Act. We use your personal information only for purposes consistent with the reason you provided it, or for a directly related purpose such as to assess a risk or pay a claim or in the case of CCI Asset Management, to administer your investment.
We may collect your personal information from, and in some instances, we may be required to disclose your personal information to:
- other insurers and reinsurers,
- claims investigators,
- assessors and repairers,
- third party suppliers such as IT vendors and/or consultants (but only for the strictly limited purpose of carrying out the relevant services),
- external valuers and appraisers,
- mail house service providers,
- external auditors,
- legal advisors, health or other professionals,
- our Clearing House Facility provider,
- regulatory authorities (if requested) including but not limited to the Office of the Australian Information Commissioner (OAIC), Australian Prudential Regulation Authority (APRA), the Australian Securities and Investments Commission (ASIC), AUSTRAC, the Australian Taxation Office (ATO), and the Australian Financial Complaints Authority (AFCA),
- as required by a court/tribunal order, or
- other parties as required by Australian law.
At CCI we take reasonable steps to protect the personal information we hold about you from misuse or loss, and from unauthorised access, modification or disclosure. Where practicable we will always gain your consent before disclosing your personal information. We will endeavour to ensure that we maintain control over your personal information even though it may be stored with or is accessible to third parties.
Information we collect automatically
When you visit and interact with our website, we, as well as any third-party service provider and/or advertiser we hire, may use a variety of technologies that automatically record information about how the website is used (Usage Information) and via which channel or advertising method it was accessed. Usage Information may include your IP address or another form of unique identifier for the device used to access the website (Device Identifier), browser type, device type (computer, mobile phone, tablet or other device), operating system, basic geographical data such as country and state, date and time of visit, pages viewed, and the overall user journey over one or more sessions.
Information classified as ‘Usage Information’ helps us keep our website relevant to users and allows us to tailor content and digital brand advertisements to a user’s interests. Usage Information is usually non-identifying, but if we are able to associate it with a specific and identifiable person, we will treat it as personal information.
We may use ‘Device Identifiers’ to help us diagnose server issues, analyse traffic trends, observe activity over multiple sessions, help identify you and your shopping cart, and gather broad demographic information for collective use.
Cookies and Website Analytics
We use Google Analytics to collect visitor information to better understand how we can improve our user experience. One of the primary methods is the placement of cookies. Cookies are small information files that an end user’s web browser places on their computer when a website is visited. These may be used to associate you with social media platforms like Facebook. In addition to the session cookie, Google Analytics uses other data collection methods such as appending query strings to an image request. We store the data generated by Google Analytics securely and do not share it with third parties.
You are able to manage or delete cookies that have been installed. For information on disabling these cookies, please go to the privacy settings section within your browser. If you choose to disable or opt out of receiving cookies, some features and functions on our website may not work properly. In addition, the offers we provide may not be as relevant to you or tailored to your interests.
Direct marketing and your privacy
CCI does not engage in direct marketing, however where we have collected personal information directly from you and believe you would reasonably expect that your personal information may be used for communicating with you (and we have not received a request to the contrary), you may be contacted for any updates relating to the Scheme of Arrangement
In accordance with the Spam Act 2003 (Cth), CCI is a charitable entity and is exempt from providing an “opt-out” option (such as the ability to “unsubscribe” from emails), in the instance where CCI sends designated commercial electronic messages, which are messages that relate to purely factual information and not the offering of goods, services, land or business and investment opportunities.
If you receive these designated commercial emails from us in error, or you no longer wish to receive designated commercial emailsfrom us, please let us know (see How to Contact Us below). If you would like to know where we sourced your personal information from, please contact us and we will notify you of its source in a reasonable period after the request is made (unless it is impracticable or unreasonable to do so). We will not charge you for making this request.
Quality of personal information
We will take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and current. From time to time we may contact you and request that you notify us if your contact details have changed.
If you believe your personal information we currently hold is incorrect or incomplete, please let us know.
Security of information
CCI will use its best endeavours to ensure that your personal information is secure from misuse and loss and from unauthorised access, modification or disclosure. Access to your information will be restricted to those staff who are authorised and are required to access your personal information to carry out business functions (in which case they will require a password when accessing our systems). We take reasonable IT security measures including the use of firewalls, secure log on processes, segregated security level log on, encryption and intrusion monitoring technologies to secure your personal information. Electronic communication of CCI confidential information outside of the organisation will be limited to that required for business operations and only to those with a Confidentiality Agreement in place. Our physical records are stored securely both onsite and offsite, and unauthorised access to our buildings is prevented by strict access protocols.
In line with the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), we will notify you if we become aware of any unauthorised access to or loss of your personal information.
When personal client information is no longer required it is disposed of securely in designated secure bins, and reasonable steps will be taken by CCI to permanently de-identify your personal information. In some cases, such as our workers compensation claim files and liability related claims, we are required under State or Territory law to keep individuals’ personal information secure and confidential. We may retain copies of records and reports pertaining to your workers compensation claim and liability related claims for long periods of time.
Open and transparent management of personal information
On request, we will take reasonable steps to let you know what sort of personal information we hold about you, for what purposes, and how we collect, hold, use and disclose that information.
CCI maintains and reviews our Privacy Policy detailing our management of personal information within our organisation. We may update our Privacy Policy from time to time and will always publish the effective date when the policy is updated on our website.
How you may access your personal information and seek its correction
CCI aims to ensure that your personal information is at all times accurate, up-to-date, complete, relevant and not misleading.
Correction of your personal information
CCI will take reasonable steps to correct your personal information where we are satisfied it needs to be corrected, or if you request that your personal information be corrected. You may contact us as outlined in the section How to Contact Us, and request that we update our records. We will not charge you for asking us to correct your personal information.
How you can access your personal information
On your request, CCI will provide you with access to your personal information (including in the manner requested by you if it is reasonable to do so) within 30 days. Where you have requested the retrieval of your personal information CCI will ensure that the cost of retrieval, copying and sending the information is fair and reasonable. If the requested information is commercially sensitive, we may provide you with an explanation rather than provide direct access (e.g. details of a general rate increase).
In some cases, we may be permitted under the Privacy Act to deny you access to your personal information such as where we reasonably believe that giving access would have an unreasonable impact on the privacy of other individuals; CCI does not hold the personal information that you wish to correct; that the steps necessary to correct the information as requested are not reasonable in the circumstances; or that the request for access is frivolous or vexatious. If we deny you access to any personal information about you we will provide you with reasons in writing and will provide you with your options for complaining about our refusal.
Adoption of Government Related Identifiers
CCI will not use Government related identifiers (for example, a TFN or your Medicare number) as our own identifier of an individual unless we are required to do so.
We will not use or disclose an identifier assigned by a Government agency, unless the disclosure is required or specifically authorised by law, or is reasonably necessary for us to fulfil our obligations to an agency or State or Territory authority.
Anonymity and pseudonymity
Wherever it is lawful and practicable we will give you the option of not identifying yourself, or of using a pseudonym when dealing with us. However in most circumstances, there will be legal obligations that require identification of the individual when entering into business transactions with CCI.
Disclosure of your personal information to overseas recipients
CCI will generally not transfer information outside Australia. CCI may be required to transfer information outside Australia in circumstances permitted by the Privacy Act, such as where the transfer is necessary for the performance of a contract in your interest between CCI and a third party.
CCI will take reasonable steps to ensure that the information which it has transferred will not be collected, held, used or disclosed by the recipient of the information in a way that is inconsistent with, and does not breach the APPs.
Privacy Complaints
CCI will deal with complaints concerning privacy issues in accordance with our Complaints Handling Procedure. If you believe that an act or practice of CCI has interfered with your privacy and potentially breached an APP, you may write to our Privacy Officer (see How to Contact Us below). CCI will review and respond to your complaint within 30 days. We will not charge you for making or investigating your privacy complaint.
In the event that you allege we have breached your privacy, we will:
- provide you with assistance including a brochure explaining the internal process and details on how to take your complaint further,
- respond within a reasonable period of time after the request is made, and
- give reasons for our decision on the privacy complaint.
How to Contact Us
You may ask us for access to, or request that we correct your personal information by contacting a member of our staff directly, or by writing to us, calling us on 1800 011 028. If you have a concern, or wish to make a privacy complaint please contact our Privacy Officer using the contact details below:
- write to us at: Privacy Officer, CCI, GPO Box 180, Melbourne Vic 3001
- Email: privacy@ccinsurance.org.au or contact us via our online form.
- call us: 1800 011 028 between 8:30am to 5:30pm, Monday to Friday
- fax us: 03 9934 3460
Privacy Commissioner
If you require further general information about your privacy rights, or wish to make a formal complaint, you may contact the Privacy Commissioner at the Office of the Australian Information Commissioner by using the contact details below:
- mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001
- Email: enquiries@oaic.gov.au
- visit their website: www.oaic.gov.au
- call their Privacy Hotline: 1300 363 9922
Effective Date: 31 March 2024