Information Handling Policy
1. Who We Are
1.1 In this Information Handling Policy, references to ‘we’, ‘our’, ‘us’ and ‘LaVista’ are to LaVista Licensee Solutions Pty Ltd and its subsidiaries.
2. Your Privacy
2.1 This Policy sets out how we manage your Personal Information. We respect the privacy of any Personal Information we collect about you and are committed to ensuring that this is handled in accordance with the provisions of the Privacy Act 1988, the Australian Privacy Principles, the FSC Life Insurance Code of Practice and any other applicable privacy related laws. This Policy may be updated from time-to-time.
3. Definitions
3.1 In this Policy:
Eligible data breach means unauthorised access to or unauthorised disclosure of personal information and a reasonable person would conclude that the access or disclosure would be likely to result in serious harm to any of the individuals to whom the information relates.
Independent Service Provider means someone LaVista enters into an agreement with, to assist with administration or management of a claim by a client on their life insurance policy. This may include, but is not limited to, an independent medical assessor, a rehabilitation provider, an allied health professional, an accountant, an investigator, surveillance operative or claims management service. This excludes reinsurers.
Licensee Services means the provision of AFSL support services including compliance, audit, training and technology services.
Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not, and whether recorded in a material form or not.
4. What kind of Personal Information does LaVista hold?
4.1 When you apply for, register your interest in, or enquire about a product or service, we collect information that is reasonably necessary to be able to provide you with those products or services. For instance, we may ask for identification information such as your name, address and date of birth.
The kind of Personal Information we hold may vary depending on our interaction with you. If you apply to be a customer, are currently a customer, or have previously been a customer, the Personal Information we may hold about you may include:
• name, address, gender, contact details and date of birth;
• payment details;
• records of service contacts such as voice recordings of telephone conversations;
• records of service contracts.
4.2 The main reason we collect, use, hold and disclose personal information is so we can provide you with Licensee Services (including where applicable, third party products and services) and to help us run our business. This may include:
• checking your eligibility for Licensee Services;
• assisting you where online applications are not completed;
• providing you with Licensee Services;
• helping you manage the Licensee Services;
• helping us develop insights and conduct data analysis to improve the delivery of Licensee Services, enhance our customer relationships and effectively manage risks; and
• understanding your interests and preferences so we can tailor digital content and Licensee Services.
5. Collection of Personal Information
How does LaVista collect Personal Information?
5.1 To provide the best Licensee Services to suit your needs, we collect Personal Information from you when you:
• contact us in person, by phone or online;
• decide to seek Licensee Services from LaVista; and
• make a request for one of our products.
5.2 If it is reasonable and practicable to do so, we will only collect Personal Information about you from you.
5.3 In some cases, if the Personal Information that we request is not provided, we may not be able to provide the relevant Licensee Services.
Collection of Personal Information from other people
5.4 On some occasions we may collect Personal Information about you from another person or entity, for example:
• from our referral and commercial strategic partners; and
• from publically available records.
5.5 If we have collected Personal Information about you from someone else, we will take reasonable steps to ensure that you are or have been made aware of this.
6. Use and Disclosure of Personal Information
How does LaVista use my Personal Information?
6.1 We use your Personal Information to provide, manage and administer the Licensee Services we provide, to evaluate and pay insurance claims, and to operate an efficient and sustainable business.
6.2 Examples of what we may collect and use your Personal Information for include:
• contacting you about matters relating to you, Licensee Services provided to you or other services that we provide;
• answering your enquiries;
• practicing effective risk management and preventing fraud;
• monitoring price and evaluating products and services;
• conducting marketing, research and statistical analysis;
• resolving complaints, breaches, incidents or litigant matters; and
• conducting customer surveys.
We do not exchange credit reporting information with any credit reporting bodies.
To whom will LaVista disclose my Personal Information?
6.3 We may disclose your Personal Information to other companies or individuals who assist us in supplying our Licensee Services or running our business, perform services on our behalf or oversee or regulate the Licensee Services that we provide, such as:
• any person acting on your behalf;
• legal, other professionals who assist with providing Licensee Services;
• IT development and maintenance providers;
• accountants, auditors and other service providers we may appoint to ensure the integrity of our operations;
• any organisations involved in providing, managing or administering our products or services such as external dispute resolution services or mail houses;
• regulatory or Government authorities; and
• providers of marketing, research and statistical analysis services.
6.4 In addition to the above, we may also use and disclose your Personal Information for any other purpose for which you have consented, or where we are authorised or required to do so by law.
6.5 In the course of providing you with Licensee Services, some of the organisations to which we may disclose your Personal Information may be located outside New South Wales or Australia in countries including New Zealand, South Africa, USA, Canada, member states of the European Union, India, Vietnam, Malaysia, Singapore, Thailand, Sri Lanka, Cambodia, Hong Kong, Japan, the Philippines, Turkey and Serbia. LaVista may send your Personal Information to them, including through electronic transmission.
6.6 Where Personal Information is disclosed, we require our contractors and service providers to comply with the provisions of the Privacy Act 1988, the Australian Privacy Principles and the FSC Life Insurance Code of Practice.
6.7 Where we disclose your Personal Information to contractors and service providers and we are aware that your Personal Information may be accessed by, or provided to, another party via that contractor or service provider, we will do all that we can reasonably can to ensure that any further party granted access to your Personal Information will comply with the Privacy Act 1988 and the Australian Privacy Principles, and the FSC Life Insurance Code of Practice.
6.8 We do not sell Personal Information to anyone.
When will LaVista use my Personal Information to contact me?
6.9 We will use your Personal Information to contact you about Licensee Services that we have provided to you or you have enquired about.
Marketing material
6.10 From time to time, we will provide you with information about products and services offered by companies within the LaVista Group and other affiliate organisations that we consider of potential benefit to you and your family. We may share your Personal Information on a confidential basis with companies within the LaVista Group and other affiliate organisations so that they can offer you products and services.
6.11 You can choose not to receive marketing material and we ask that you contact us to exercise this choice. Please understand that there could be a delay of up to 60 days before your request is fully implemented, and we apologise if you receive marketing material in this time. You will find details on how to contact us at the end of this Policy.
What other legislation affects LaVista’s use and disclosure of Personal Information?
6.12 In some circumstances, the collection, use, disclosure and access of Personal Information is governed by specific legislation. Where there is specific legislation, this will generally govern how we use Personal Information despite the provisions of the Privacy Act 1988.
7. Information Security
How does LaVista keep my Personal Information secure and for how long is it kept?
7.1 We take all reasonable steps to ensure that your Personal Information is kept secure and is protected from misuse, loss and unauthorised access, modification and disclosure. From 22 February 2018, we will be required to notify you and the Office of the Australian Information Commissioner (OAIC) if an ‘eligible data breach’ occurs in relation to your personal information that is held by us. A data breach may occur if your personal information is lost or subjected to unauthorised access, modification, disclosure or other misuse or interference, and it is generally notifiable if there is a risk of ‘serious harm’(eg. financial, reputational etc) to you due to the breach.
All data breaches will be assessed in accordance with LaVista’s Data Breach Response Plan.
We retain your Personal Information for as long as we need it to provide the Licensee Services you have requested from us and, in some circumstances, to comply with other statutory requirements. As required under privacy law, we will take reasonable steps to permanently de-identify or destroy Personal Information that is no longer needed.
7.2 If you use the secure member sections of our websites we will verify your username and password. Once verified, you will have access to secured content.
Risks of using the internet
7.3 You should be aware that there are inherent security risks in transmitting information through the internet. You should assess these potential risks when deciding whether to use our online services.
Cookies
7.4 LaVista’s websites may use cookies, a ‘cookie’ being a text file that can be placed on a computer by a web server. This may allow us to identify you or your browser while you are using our site. Cookies can be permanently stored on a computer or are temporary session cookies. They are used for a variety of purposes, including security and to help tailor our services to you. Cookies are frequently used on websites and you can choose if a cookie will be accepted by changing your browser preferences.
All browsers allow you to be notified when you receive a cookie and you may elect to either accept it or not. Please note if you do not accept a cookie, this may impact the effectiveness of the website. Further information about cookies and how LaVista uses them is available [here].
8. Access and Correction
Can I access my Personal Information?
8.1 You can ask us for access to Personal Information that we hold about you at any time. To do so, please call LaVista on [insert number] and ask for a Request for Personal Information Form which will be sent to you to complete.
8.2 You can access the information that we rely on in assessing your application for life insurance cover, your claim or your complaint. You can also access the reports from Independent Service Providers that we have relied on in assessing your application for insurance cover, or your claim. To do so, please call LaVista on [insert number].
8.3 We are committed to handling your request properly and promptly, so all requests for access are handled in our head office. If your request to access your personal information is in relation to a complaint you have made to us, we will respond to your request within 10 business days, as required by the FSC Life Insurance Code of Practice and the Insurance in Superannuation Code (refer to section 8.7 below).
8.4 We will provide you with access to Personal Information held about you except to the extent that we are permitted to refuse access in accordance with the Privacy Act 1988, and the Australian Privacy Principles. If we refuse to provide you with access to some information, we will provide you with our reasons in writing for doing so.
8.5 In special circumstances we may decline to provide access to or disclose information to you, such as:
(a) where information is protected from disclosure by law, including the Privacy Act 1988;
(b) where we reasonably determine that the information should be provided directly by us to your doctor;
(c) where the release of the information may be prejudicial to us in relation to a dispute about your insurance cover or your claim, or in relation to your complaint; or
(d) where we reasonably believe that the information is commercial-in-confidence.
8.6 If we decline to provide access to or disclose information to you:
(a) we will not do so unreasonably;
(b) we will give you a schedule of the documents we have declined to provide and give you reasons for doing so; and
(c) we will provide details of our Complaints process.
8.7 If we cannot comply with a timeframe for providing information to you required by the FSC Life Insurance Code of Practice or the Insurance in Superannuation Code due to the fact that we are waiting for permission from a third party to release information to you, we will advise you of this before the end of the timeframe.
8.8 If you request any of your life insurance policy documentation from us, we will provide this to you promptly and in an electronic form if you request, subject to any process for releasing policy documentation that we are required to carry out by law.
8.9 There is no charge for making a request for access or for obtaining a document containing a summary of the following Personal Information that we hold about you:
• name, address;
• contact details;
• bank account details.
8.10 We may charge a reasonable fee for access to any other Personal Information. Such charge will be restricted to our reasonable costs of providing the Personal Information that you have requested (for example, the cost of photocopying, document retrieval, labour and delivery to you).
Correction of Personal Information
8.11 We will correct any Personal Information that we hold about you if we become aware that it is inaccurate, incomplete, out of date, irrelevant or misleading.
8.12 If you believe that the Personal Information we hold about you is inaccurate, incomplete, out of date, irrelevant or misleading, you can ask us to correct it and we will take reasonable steps to do so. If we disagree about any information being inaccurate, incomplete or out of date and you ask us to do so, we will take reasonable steps to include a note on your record that you believe that such information is inaccurate, incomplete or out of date.
9. Enquiries and Complaints
How do I make an enquiry or complaint about privacy?
9.1 You can make an enquiry or a complaint about our handling of your Personal Information at any time by contacting our Privacy Officer. We may ask you to complete a Request for Personal Information Form or to set your enquiry or concern out in writing to assist us in undertaking an investigation and providing you with a response. We will respond to your enquiry or complaint within a reasonable period of time.
9.2 Our Privacy Officer can be contacted as follows:
LaVista Privacy Officer:
The Privacy Officer
LaVista Licensee Solutions Pty Ltd
Level 13 Corporate Centre One
2 Corporate Court, Bundall QLD 4217
Phone 1800 945 160
9.3 In the event the Privacy Officer is unable to resolve your enquiry or the enquiry has not been satisfactorily addressed you may lodge a complaint with the Information Commissioner. The Information Commissioner can be contacted by:
Phone: 1300 363 992
Email: enquiries@oaic.gov.au
Website: http://www.oaic.gov.au
10. Updates to the Policy
10.1 The most current version of this Policy can be obtained from our website at: www.LaVista.com.au.