So we can provide products and services to you, Sherpa Insurance needs certain personal information to be collected, used, disclosed and retained. The type of information required will vary depending on the services and products we provide. We would like you to share with you what type of information we need to collect and how we collect and manage your information.
Throughout this policy, personal information handled by us can be classified into two categories:
- Personal information is information that identifies or could identify a person. For example a name, address or other contact details.
- Sensitive information is information or an opinion that has been classified in the Privacy Act as being sensitive information. It could include but is not limited to information on your criminal record, insurance history, your membership of a professional or trade association and Tax File Numbers.
To make things easier, when we mention ‘Personal Information’ it will also include sensitive information.
The Privacy Officer who is responsible for the implementation of this Policy, is the Managing Director of Sherpa Insurance.
Collecting your Personal Information
So we can provide our services to you, we need to obtain certain personal information from you. We only collect the following personal information where necessary. This can include your:
- Name, date of birth and contact details
- Bank account, credit card or other financial details for payment purposes
- Proof of identity such as driver’s licence
- Information when issuing policies as relevant to the insurance required, such as:
- claims history
- criminal history
- information on the risk to be insured; and
- any other relevant information for the insurance cover
- Employment information such as:
- your employment details
- your professional registration details
- association membership information; and
- other relevant details relating to your profession; and other information relevant to the policy and any claim.
You have the option of choosing not to provide all or some of the information requested though this may impact our ability to provide our services.
We will only collect your personal information by lawful and fair means and unless legally specified, only if you consent to the collection, through:
- Phone, which may include recording telecommunications with your consent
- Online forms, portals and tools, which includes application and feedback forms that may include your Internet Protocol (IP) address
- Email when you provide information via email, or ask to be on an email list, including the email address itself; and
- Written material, in particular application forms, when you provide information in writing or by facsimile.
At times it may be impracticable or unreasonable to collect personal information directly from you. In these cases, personal information may also be collected from the following third parties:
- Third parties you refer us to so we can obtain your personal information
- Information that’s available publically, including social media
- Related companies
- Industry and professional associations
- Brokers and financial advisers
- Other insurers where relevant to an insurance claim
- Claims consultants; and
- Loss assessors/investigators and repairers in relation to insurance claims.
In some circumstance we may access mailing lists to acquire new members or conduct market research.
Using and disclosing your Personal Information
Unless you have agreed, we will only use and disclose your personal information for:
- The purpose for which it was given to us; and
- Related purposes which you would reasonably expect.
We use and disclose personal information for the following purposes:
- To verify your identity
- To evaluate, effect, manage and administer the services provided by us.
- To inform you of other products and services offered by any related entity or your representative. This includes marketing and promotion by way of direct mail, telemarketing, email, SMS messages. However, you may at any time “opt out” of receiving direct marketing;
- When engaging third party and business partner providers to perform services for Sherpa Insurance which involves third parties and business partners handling personal information
- To research, develop and improve our services, including testing and improving systems for the management of the services provided
- For security and audit purposes, service monitoring, internet traffic monitoring, trouble shooting, maintenance, to protect against and identify security breaches, inappropriate behaviour, fraud and unauthorised access to the IT systems of either customers or Sherpa Insurance and its business partners.
- For communication purposes where contact details are received by us because you sent these to enable us to respond to your request
- To and from your professional association for the purposes of administering and improving our services; and
- Where required to do so by Law.
Storing your Personal Information
Ensuring the security of your personal information is very important to us and we take all reasonable steps to store your personal information in a way that protects your information from misuse, loss, unauthorised access, modification or disclosure.
To support the protection of personal information, we have processes, including but not limited to confidentiality requirements to be met by employees, third parties and business partners, security measures for systems access and firewalls and other security measures for online systems.
Generally, documentation is held in filing or on IT systems securely on Sherpa Insurance and/or third parties or business partner premises, as well as in secure and professional offsite storage facilities.
How we Manage Cross-Border Disclosure
Generally, Sherpa Insurance will not be required to disclose personal information to overseas recipients.
There may be some situations, where personal information may be provided to overseas recipients such as to some reinsurers that are located overseas, for underwriting and claims management purposes.
How you can Access and Correct your Personal Information
You have the right to access your own personal information held by us, and where this is incorrect, to request that we correct the information.
To access personal information, simply contact us by email and request the personal information we hold on the file in relation to you. The contact details are outlined below. We will provide access to the information fairly and efficiently, in an appropriate format and within a reasonable timeframe.
There may be exceptional circumstances where we cannot provide you with access to your personal information because of reasons outlined in the Australian Privacy Principles. In these cases we will advise you in writing why we cannot provide you with the information and mechanisms available to you should you want to lodge a complaint.
How we Handle Complaints
To lodge a Privacy complaint, you can contact us by email using the contact details outlined below.
Alternatively, you may also lodge a complaint with the Office of the Australian Information Commissioner on the following details:
To access personal information, request a correction or lodge a Privacy complaint, you can contact us as follows: