Our Privacy Policy

Protecting your privacy

ProRisk is committed to protecting personal information. This Policy outlines our practices and policies for the collection, use and management of personal information.

In this Policy, 'personal information' means information or an opinion (whether true or not or recorded in any form or not) about an individual whose identity is apparent or can reasonably be ascertained. References to 'personal information' include sensitive information and health information. 'Sensitive information' is personal information about an individual's health, racial or ethnic origin, political opinions or memberships, religious beliefs or affiliations, philosophical beliefs, professional or trade association/union memberships, sexual preferences and practices or criminal record. 'Health information' includes information about an individual's physical or psychological health, health services provided to the individual, or an individuals' expressed wishes about the future provision of health services.

ProRisk is required to comply with the Privacy Act 1988 (Cth) and is bound by the Australian Privacy Principles set out in that Act. Where we collect health information, we may also be also required to comply with Health Privacy Principles set out in State or Territory legislation.

Why do we collect your personal information?

To provide the range of insurance products and services we offer, ProRisk needs to collect personal information about individuals who:

- Apply, or are associated with other persons who apply, for insurance cover;

- Are our policy holders or are insured under our policies;

- Make, or are involved in, an insurance claim.

We also collect personal information about our staff and about individuals who are, or are associated with, our contractors, business partners and service providers.

ProRisk may use personal information it collects to provide insurance products and services, to assess applications for insurance cover, to administer and manage policies and to investigate and handle claims. If the information we require is not provided, we may not be able to provide these products or services.

Persons insured through ProRisk may be required by law to provide us with personal information where the personal information is relevant to their duty of disclosure under the Insurance Contracts Act 1984.

What personal information do we collect?

The types of personal information ProRisk collects will depend on the type of insurance service or product involved, and the functions we are performing. For most business insurance products, we will need to collect names and contact details of principals and key contacts in the business. We may also need to collect information about the insurance and/or claims histories of individuals associated with the business. In addition:

- In the case of professional indemnity, medical malpractice, directors and officer's liability and similar policies, we may need to collect a range of personal information about individuals covered or proposed to be covered under the policy, including professional or trade qualifications, criminal history and health of those individuals.

- In the case of general liability, personal accident and management liability policies we may need to collect personal information and health about insured individuals and individuals associated with an insured business.

- In the course of managing or investigating a claim, we may need to collect personal information about individuals who are making a claim or who are involved in the claim. Where the claim relates to illness, injury or death, we are likely to collect health information.

Where it is practicable to do so, we will allow individuals to deal with us anonymously or using a pseudonym. However, this will generally only be possible in the case of very general or preliminary inquiries.

How do we collect the personal information?

ProRisk may collect personal information from you in person, in writing, by telephone and through our website. For applicants, personal information will mainly be collected through on-line and hard copy application forms. How information is collected from policy holders depends on the circumstances. For example, personal information may be collected through annual renewal processes, through change of details forms and through direct dealings with our staff.

We may collect personal information indirectly, for example when an applicant or an insured provides us with personal information about another individual who is to be covered under an insurance policy or who is involved in a claim. We rely on applicants and policy holders to ensure that, if they provide personal information about a third party, they obtain that third party's consent, or if that is not practicable, that they make the third party aware of the fact that their personal information has been provided to ProRisk.

What do we tell you about our collection of personal information?

When we collect personal information, we are required to take reasonable steps to ensure that the individual is aware of certain details relating to the collection of personal information. We are required to do this whether we collect the information directly or indirectly via a third party.

Usually, ProRisk does this by ensuring that a privacy notice is provided at the time the personal information is collected. Usually the notice is printed on or provided with the hard copy application form or linked to the on-line portal through which the information is collected. The information may also be included in a recorded message playable when you deal with us by telephone. The privacy notice will usually include information about the purposes for which we are collecting the information in the particular circumstances, the types of organisations that such information may be disclosed to, the consequences of us not being able to collect the information, and whether there is any legal requirement for the information to be collected.

We may also inform people about our collection of personal information by other means, including through the media, through mail-outs or notices published on our website.

Use and disclosure of personal information

ProRisk uses the personal information it collects for purposes related to its provision and administration of insurance products and services.

Personal information collected in connection with an application for insurance will be used for the purposes of processing the application and establishing and administering the policy. Personal information collected in connection with a policy may also be used and disclosed for the purposes of handling a claim under the policy.

ProRisk may disclose personal information to its contractors, business associates and suppliers, such as the insurer, underwriters, lawyers, claims adjusters, and others appointed by ProRisk or by the insurer to assist in administering policies and handling claims. Some of these entities may be located outside Australia. Some of ProRisk's underwriters are located in the United Kingdom.

ProRisk may also disclose your information to people listed as co-insured on insurance policies and agents of insureds. By providing your personal information to us, you consent to us making these disclosures.

If you subscribe to ProRisk's mailing list, we may use your contact details to send you news and information about ProRisk and details of products that we think may be of interest. If at any time you decide that you no longer wish to receive this sort of information, please let us know and we will remove your details from the mailing list.

ProRisk may disclose personal information to other persons or organisations when required or authorised to do so by court order or other legal requirement, for the purpose of minimising a risk to public health or safety, to investigate suspected fraud or other unlawful activity and for other purposes authorised by law.

Apart from the circumstances outlined above, your information will only be accessed or used by persons working in or for ProRisk.

How do we hold personal information we collect?

ProRisk holds personal information in hardcopy files and in electronic databases. Our information systems and files are protected from misuse, interference and loss and from unauthorised access, modification and disclosure by a range of security measures. For example, our electronic systems are password protected and our policies provide that staff and service providers only have access to areas of our network only to the extent necessary for them to perform their role. Levels of access are determined by senior managers. ProRisk staff receive training in relation to their privacy obligations and are required to comply with this Privacy Policy.

ProRisk makes every effort to ensure that the personal information it holds remains up-to-date and is used and disclosed appropriately. We provide policy holders with the opportunity to update personal details with each renewal. We periodically review our databases to ensure that this information remains up-to-date and accurate. Staff are required to delete or archive material that is no longer required for ongoing provision of products or services. Information that is not required for operational purposes is archived. Personal information that is not required by law to be retained will be deleted.

Accessing and correcting personal information we hold about you

Subject to any legal restrictions, ProRisk will let you know what personal information it holds about you if you ask. If your request is particularly complex, or requires detailed searching of our records, there may be a cost to you in order for us to provide this information.

If you believe there are errors in our records about you, please let us know and we will investigate and correct any inaccuracies.

All requests for access to personal information held by us should be made in writing to the Privacy Officer, Level 3, 100 Wellington Parade, East Melbourne 3002. If you want to access personal information on behalf of another person, you will need to obtain the consent of that person prior to making a request.

Dealing with ProRisk on-line

This Policy also applies to personal information that you email to ProRisk or provide when using our website.

There are inherent risks in transmitting information across the Internet. ProRisk cannot ensure the security of personal information transmitted to us via on-line channels. However, once we receive personal information on-line, we take steps to protect that information for misuse, loss, unauthorised access, modification and disclosure in accordance with this Policy. If you are concerned about conveying personal information to ProRisk over the Internet, you may prefer to contact us by telephone, fax, mail or in person.

Our website uses cookies and web beacons. A cookie is a small piece of code that is placed on your computer. A web beacon is a piece of code that is placed on each page that communicates the cookie's content once the page is visited. Cookies and web beacons may collect the information about each page of the website that you visit, your server address, the type of browser you are using, your operating system, your top level domain name and the date and time that each page is accessed. Use of cookies and web beacons does not involve the retrieval or recording of any personal information (such as a name or email address) by ProRisk. To the extent that this data could make you identifiable, ProRisk will not attempt to identify you from these records. The information is used for the purpose of website management and development only.

This Policy does not apply to, and ProRisk is not responsible for, the use of, or the protection of information provided to, other websites linked to our website.

Complaints and further information

If you believe your privacy has been interfered with and wish to make a complaint, please contact our Privacy Officer. The Privacy Officer will investigate your complaint and notify you of the outcome. If your complaint indicates that there has been an interference with privacy by a person other than ProRisk, the Privacy Officer may discuss the complaint with that other person in an attempt to resolve it.

If you would like further information on our privacy policy, or if you have any concern about the protection of your personal information, please contact the Privacy Officer at ProRisk by email: enquiries@prorisk.com.au or by mail at:

Level 3, 100 Wellington Parade, East Melbourne, Victoria 3002