Protecting your privacy

This Privacy Policy (‘Policy’) sets out how we collect, store, use and disclose your personal information (including sensitive information) in accordance with the applicable Privacy Laws (defined as laws including the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) or in New Zealand, the Privacy Act 1993, or in Singapore, the Personal Data Protection Act 2012, or in Hong Kong, the Personal Data (Privacy) Ordinance Cap 486, or in the EU, the General Data Protection Regulation (GDPR) (EU) 2016/679). Where we collect health information, we may also be also required to comply with Health Privacy Principles set out in State or Territory legislation.

In this Policy, ‘we’, ‘us’, ‘our’ or ‘ProRisk’ means Professional Risk Underwriting Pty Ltd ABN 80 103 953 073 and its group of companies.

ProRisk is committed to protecting your personal information.

What is personal information?

In this Policy, ‘personal information’ means information or an opinion about an individual whose identity is apparent or can reasonably be ascertained from that information.

References to ‘personal information’ include sensitive information and health information. ‘Sensitive information’ is personal information about an individual’s health, racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, professional or trade association/union memberships, sexual preferences and practices or criminal record.

‘Health information’ includes information about an individual’s physical or psychological health, health services provided to the individual, or an individual’s opinion about the future provision of health services.

Why do we collect your personal information?

We collect your personal information in order to provide you with insurance and insurance-related services. To provide the range of insurance products and services we offer, ProRisk needs to collect personal information about individuals who:

• apply, or are associated with other persons who apply, for insurance cover;
• are our policyholders or are insured under our policies; or
• make, or are involved in, an insurance claim.

We also collect personal information about our staff and about individuals who are, or are associated with, our contractors, agents, business partners and service providers.

ProRisk may use personal information it collects to provide insurance products and services, to assess applications for insurance cover, to administer and manage policies and to investigate and handle claims. If the information we require is not provided, we may not be able to provide these products or services.

Persons insured through ProRisk may be required by law to provide us with personal information where the personal information is relevant to their duty of disclosure under the Insurance Contracts Act 1984 (Cth) or its equivalent.

What personal information do we collect?

The types of personal information ProRisk collects will depend on the type of insurance service or product involved, and the functions we are performing. For most business insurance products, we will need to collect names and contact details of principals and key contacts in the business. We may also need to collect information about the insurance and/or claims histories of individuals associated with the business. In addition:

• In the case of professional indemnity, medical malpractice, directors and officer’s liability and similar policies, we may need to collect a range of personal information about individuals covered or proposed to be covered under the policy, including professional or trade qualifications, criminal history and health of those individuals.
• In the case of general liability, personal accident and management liability policies we may need to collect personal information and health about insured individuals and individuals associated with an insured business.
• In the course of managing or investigating a claim, we may need to collect personal information about individuals who are making a claim or who are involved in the claim. Where the claim relates to illness, injury or death, we are likely to collect health information.

Where it is practicable to do so, we will allow individuals to deal with us anonymously or using a pseudonym. However, this will generally only be possible in the case of very general or preliminary inquiries.

How do we collect personal information?

ProRisk may collect personal information from you in person, in writing, by telephone or through our website. For applicants, personal information will mainly be collected through online and hard copy application forms and any supporting documentation provided to us. How information is collected from policyholders depends on the circumstances. For example, personal information may be collected through annual renewal processes, through change of details forms and through direct dealings with our staff. We may collect personal information indirectly, for example when an applicant or an insured provides us with personal information about another individual who is to be covered under an insurance policy or who is involved in a claim. We rely on applicants and policyholders to ensure that, if they provide personal information about a third party, they obtain that third party’s consent, or if that is not practicable, that they make the third party aware of the fact that their personal information has been provided to ProRisk.

How do we hold the personal information we collect?

ProRisk holds personal information in hardcopy files and in electronic databases. Our information systems and files are protected from misuse, interference and loss and from unauthorised access, modification and disclosure by a range of security measures. For example, our electronic systems are password protected and our policies provide that staff and service providers only have access to areas of our network only to the extent necessary for them to perform their role. Levels of access are determined by senior managers. ProRisk staff receive training in relation to their privacy obligations and are required to comply with this Policy.

ProRisk makes every effort to ensure that the personal information it holds remains up-to-date, is used and disclosed appropriately and in accordance with Privacy Laws. We provide policyholders with the opportunity to update personal details with each renewal, or during the policy period. We periodically review our databases to ensure that this information remains up-to-date and accurate. Information that is not required for operational purposes is archived.

How do we use your personal information?

ProRisk uses the personal information it collects for purposes related to its provision and administration of insurance products and services. Personal information collected in connection with an application for insurance will be used for the purposes of processing the application and establishing and administering the policy of insurance. Personal information collected in connection with a policy may also be used and disclosed for the purposes of handling a claim under the policy.

ProRisk may disclose your personal information to:

• Related bodies corporate, or third parties who help manage our business and provide our services, including our third party service providers, such as payment system operators, IT suppliers, lawyers, other advisers, Lloyd’s or our capacity providers;
• If you are an insurance broker or agent to insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies;
• Any other entities notified to you at the time of collection;

courts, law enforcement, regulators and other government agencies to comply with all applicable laws, regulations and rules;

• Requests of courts, law enforcement, regulators and other governmental agencies; or
• People listed as co-insured on insurance policies and agents of insureds

If you subscribe to ProRisk’s mailing list, we may use your contact details to send you news and information about ProRisk and details of products that we think may be of interest. If at any time you decide that you no longer wish to receive this sort of information, please let us know and we will remove your details from the mailing list.

Other than when required or permitted by law, as specified in this Policy or where you have provided your consent, we will not disclose your personal information. Nothing in this Policy prevents us from using and disclosing to others de-personalised aggregated data.

Transferring personal information overseas

Some of the third party service providers to whom we may disclose personal information are located in countries outside of your country of residence, for example, some of our capacity providers are at Lloyd’s and are located in the United Kingdom. Transfer of your personal information internationally will only be made for one or more of the purposes specified in this Policy. We will take reasonable steps to ensure that the overseas recipient does not breach the Privacy Laws applicable in relation to your personal information.

We will take appropriate steps to ensure that transfers of personal information overseas are in accordance with applicable law and carefully managed to protect your privacy rights and transfers are limited to either countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights.

How do you access or correct your personal information that we hold

Subject to any legal restrictions, ProRisk upon request will let you know what personal information it holds about you. If your request is particularly complex, or requires detailed searching of our records, there may be a cost to you in order for us to provide this information. Before we incur any costs, we will inform you and seek your consent.

If you believe there are errors in our records about you, please let us know and we will investigate and correct any inaccuracies.

All requests for access to personal information held by us should be made in writing to the Privacy Officer, by email: enquiries@prorisk.com.au or by mail at: Level 3, 100 Wellington Parade, East Melbourne, Victoria 3002. If you would like to access personal information on behalf of another person, you will need to obtain the consent of that person prior to making a request.

Dealing with ProRisk Online

This Policy also applies to any personal information that you provide to us, including personal information that you email to ProRisk or provide when using our website.

There are inherent risks in transmitting information across the Internet. ProRisk cannot ensure the security of personal information transmitted to us via online channels. However, once we receive personal information online, we will  take reasonable steps to protect that information from misuse, loss, unauthorised access, modification or disclosure, other than in accordance with this Policy. If you are concerned about conveying personal information to ProRisk over the Internet, you may prefer to contact us by telephone, mail or in person.

Our website uses cookies and web beacons. A cookie is a small piece of code that is placed on your computer. A web beacon is a piece of code that is placed on each page that communicates the cookie’s content once the page is visited. Cookies and web beacons may collect the information about each page of the website that you visit, your server address, the type of browser you are using, your operating system, your top level domain name and the date and time that each page is accessed. Use of cookies and web beacons does not involve the retrieval or recording of any personal information (such as a name or email address) by ProRisk. In all cases in which cookies are used, the cookie will not collect personal information except with your consent. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.

This Policy does not apply to, and ProRisk is not responsible for, the use of, or the protection of information provided to, other websites linked to our website.

Complaints and further information

If you believe your privacy has been interfered with and wish to make a complaint, please contact our Privacy Officer. The Privacy Officer will investigate your complaint and notify you of the outcome.

If you would like further information on this Policy, or if you have any concern about the protection of your personal information, please contact the Privacy Officer at ProRisk by email: enquiries@prorisk.com.au or by mail at:

Level 3, 100 Wellington Parade,
East Melbourne, Victoria 3002

Updates to the Privacy Policy

We reserve the right to amend this Policy from time to time to ensure we properly manage and process your personal data. Any amended Privacy Policy will be posted on our website.