Key Underwriting Pty Ltd (and its and related entities) (KEY) is committed to the protection of your personal information. KEY is subject to the Australian Privacy Principles (APPs) under the Privacy Act 1988 (and subsequent amendments).The APPs govern the way we collect, use, disclose and secure personal information. They also permit you to access the information we hold about you in order to correct or update it. Such information may be held on KEY’s behalf by its agents or other service providers that we may appoint.
As it is impractical for us to deal with you unless you have identified yourself you are unable to have an option of not identifying yourself or using a pseudonym when dealing with us. Our operational and legal obligations will generally require that you identify yourself to us in order for us to provide our services or manage your claim.
KEY may collect and hold personal information such as your name, age, address, contact details, gender and other information. KEY may also hold and collect sensitive information such as your health information including medical history and reports, occupation and employment details, insurance details and other information relevant to your insurance, risk management, claim management and related needs. KEY will only collect and hold sensitive information if you consent and/or other requirements of the Privacy Act have been met.
Personal information we collect will be used principally for the purpose of arranging and administering insurance, assessing risks and underwriting insurance. We may also use your personal information to provide you with information about other products and services that may help you to understand and make decisions about your insurance/reinsurance and risk management needs. Sensitive information (for example health information) may generally only be collected and used if you consent and/or other requirements of the Privacy Act have been met.
Where we receive unsolicited personal information, we will determine whether we would have been permitted to collect the information. If so we will ensure that any relevant APPs will apply to that information. If the information could not have been solicited by us, and the information is not contained in a Commonwealth record, we will destroy or de-identify that information as soon as practicable, but only if it is lawful and reasonable to do so.
We will only hold and use personal information about you that was collected for a particular purpose (the primary purpose) and will not use or disclose the information for another purpose (the secondary purpose) unless you have consented to the use or disclosure of the information; or a permitted exception under the Privacy Act in relation to the use or disclosure of the information applies.
If subsection 16B(2) of the Privacy Act applies in relation to the collection of the personal information by KEY we will take such steps as are reasonable in the circumstances to ensure that the information is de-identified before we disclose it.
We will not use any personal identifiers issued by a government agency (e.g. Tax file number or Medicare number) as an identifier in our records systems. Should legislation requires us to ask you to provide your tax file number we will only use that number for the purposes permitted by legislation and not as a general means of identifying you.
Where necessary, we may disclose information about you to other KEY related companies and third parties including but not limited to insurers, re(insurers) and insurance intermediaries, contracted outsource providers, government agents, data collection and verification agencies, loss adjusters and assessors, suppliers, investigators and recovery agents, police, law and credit enforcement bodies and agencies, legal advisors, medical, health and case managers and service providers, actuaries and accountants, contracted advisors and service providers, your employer, other parties as required by law and/or the agent of any of these.
KEY has data quality procedures in place to check that personal information we hold and use about you is accurate, complete and up-to-date. Your personal information is held securely at all times and we take steps to protect it from misuse and loss, and from unauthorised access, modification or disclosure.
We retain most information relating to you for at least 7 years in order to meet legal and business requirements. Once information is no longer required, it will be destroyed in a secure manner.
In the event that of a data breach relating to personal information we hold about you, such as loss of, or unauthorised access to the information, we will take steps to contain and remedy any effects of the breach. We will also assess the risk of harm to you as a result of the breach. Where required under the Privacy (Data Breach Notification) Act 2017, we will notify both you and the Office of the Australian Information Commissioner of the breach.
You have a right to access any personal information that we hold about you on written request, unless one of the exceptions in the APPs applies. A reasonable charge may apply to gain access to information. You will be advised of any charges that may apply when you make a written request. If we decline your request to provide access to your personal information, we will provide the reasons in writing and provide details of how you can access our complaints process.
To assist us in maintaining correct records we ask you to inform us in writing of any changes in your personal information provided to us.
If you establish that information held is not accurate, complete or up to date, then we will take reasonable steps to correct the information unless it is impractical or unlawful to do so. If you establish that information held is not accurate, complete or up to date and we have shared that information with another APP entity, then if you request us to notify those entities we will take reasonable steps to do so unless it is impractical or unlawful to do so.
It may be necessary for us to disclose personal information about you to a person or organisation in a foreign country. (e.g. to overseas insurers/reinsurers and JLT related entities). We will only do this if:
Your personal information may be sent to insurers and reinsurers in the United Kingdom and other third party service providers (e.g. data storage providers) in the United States.
When you provide us with personal information about other individuals, we rely on you to have made them aware that you will or may provide their information to us, the purposes we use it for, the types of third parties we disclose it to and how they can access it (as described in this document). If it is sensitive information we rely on you to have obtained their consent to the above. If you have not done either of these things, you must tell us before you provide the relevant information.
If we give you personal information, you and your representatives must only use it for the purposes we agree to.
Where relevant, you must meet the requirements of the APPs when collecting, using, disclosing and handling personal information on our behalf.
You must also ensure that your agents, employees and contractors meet the above requirements.
If we send you any information about services or products, or you do not want us to disclose your personal information to any other organisation in this context (including related bodies corporate) you can opt out by contacting your account executive or our Privacy Officer.
Our websites may use analytics tools provided by third parties to assist in analyzing website traffic and web page usage and collects information such as referring URLs, exit URLs, OS versions, browser versions, browser language, site navigation, IP addresses, cookies, and other user usage information. The information is compiled into statistical reports and is used when structuring and optimizing the website in order to better suit user needs.
If you have any complaints or concerns about privacy matters please advise KEY’s Privacy Officer in writing (contact details below). KEY aims to investigate and respond to any complaints in writing within 30 days, but in some cases it may take longer. If the complaint is not dealt with to your satisfaction you may contact the Privacy Commissioner directly (see details below).
KEY Underwriting Pty Ltd, Level 37, 225 George Street, SYDNEY NSW 2000
Telephone: (02) 9290 8000
For further general Privacy information you can contact The Office of the Australian Information Commissioner, or visit their web site on http://www.oaic.gov.au/