Entities covered by this policy are:
EPSILON INSURANCE BROKING SERVICES LIMITED
T/AS EPSILON UNDERWRITING AGENCIES PTY LIMITED (“Epsilon”)
ABN 68 097 402 134
2. Epsilon’s principal place of business is:
Suite 401, Level 4, 68 York Street
Sydney NSW 2000
3. At Epsilon we are committed to ensuring the privacy of the personal information provided to us. The following statement sets out a general policy for the protection of such privacy.
4. We are bound by the 10 national privacy principals (NPPs) which form part of the Privacy Act 1988 (Commonwealth) ("the Act") as amended by the Commonwealth Privacy Amendment (Private Sector) Act 2000 with effect from 21 December 2001.
5. On request we will provide additional information about the way Epsilon manages the personal information it holds. We can be contacted in the following ways:
You can write to us:
Privacy Officer
Epsilon Underwriting Agencies Pty Ltd
Suite 401, Level 4, 68 York Street
Sydney NSW 2000
You can phone or fax us:
Telephone: (02) 9299 3466
Facsimile: (02) 9299 3488
6. When we arrange insurance at your request or on your behalf, we ask you for the information we need to effect your instructions. We provide that information to the insurers or intermediaries to obtain a quotation for your insurance or to enable them to decide whether to insure and on what terms. The insurers may pass this information on to re-insurers or other intermediaries which may be located outside Australia.
7. When you make a claim under a policy with your insurer we ask you for information about your claim which will be passed on to the insurer and its representatives or to those we have appointed to assist us to consider the claim.
8. We generally store the minimum personal information about individuals required to effectively manage our business relationship (for example name, address, and title). Depending on the services engaged by our clients, we may also need to hold specific or sensitive information about individuals, including third parties. Generally it will not be possible to deal with us anonymously, due to the nature of our services. We will however respect confidentiality in all dealings with us.
9. Some of the types of information we may hold about individuals include:
information provided to us when clients instruct us to obtain insurance cover;
information relating to broking services requested by clients.
10. We will not ask to collect sensitive information about individuals (such as details of race, political beliefs, religion or health) unless it is needed for the purposes of providing broking services. If personal information we request is not provided, we may not be able to supply the relevant service required.
11. We hold personal information for the following purposes:
- to send correspondence and generally to undertake work in relation to services we have been engaged to provide;
- internal accounting and administration;
- to protect clients, individuals and us from fraud;
- to help us identify and inform clients and individuals about all the services that might be beneficial to them, or to inform them about updates or changes to services previously acquired. If you would prefer not to receive this information, please let us know and we will respect your request.
12. We may use and disclose personal information for the primary purpose for which it is collected, for reasonably expected secondary purposes which are related to the primary purpose and other circumstances authorised by the Acts. Where we no longer require personal information for a primary purpose, we will take reasonable steps to destroy it.
13. We may disclose personal information to external service providers but only so that they can provide the services that we have contracted out to them. We will only transfer information to an organisation or individual of another country where this is necessary for the performance of our contract to provide broking services to our clients. Such disclosures will be on the understanding that the recipient will abide by the requirements of the NPPs and respect confidentiality.
14. We will endeavour to ensure that the personal information we hold is accurate, complete and up to date. We encourage you to contact us in order to update any personal information we hold about you which you discover is not up to date.
15. You generally have a right to access the personal information we store about you. We will have to verify your identity before meeting your request, which we will process in a reasonable time. A fee may be charged for more complex requests to provide access. This will be based on the reasonable cost to us of meeting such request.
16. We take reasonable steps to ensure the security of personal information. Our premises are in a secure building with access restricted to authorised persons. Our information technology systems are password protected. We frequently update our anti-virus software in order to protect our systems (and the data contained in those systems) from computer viruses.
17. All employees are required, as a condition of employment, to treat personal information held by us as confidential.
18. If you think that your privacy has been interfered with due to a breach of our obligations in relation to privacy, then you can complain directly to one of our directors or contact us (see above). If you are not satisfied with our response, we will advise you on your options for further proceeding with your complaint.
19. From time to time it may be necessary for us to review and revise our privacy policy. We reserve the right to change our privacy policy at any time.
20. If you want more detailed information then please contact our privacy officer (see above for contact details).
PRIVACY PRINCIPLES
The statutory scheme and the industry codes are based on 10 national privacy principles (“NPPs”) which set the basic standards for privacy protection. Any breach of an NPP can be referred to the Privacy Commissioner. The NPP’s include:
Collection
Collection of personal information must be fair, lawful and not intrusive. A person must be told the organisation’s name, the purpose of collection, that the person can get access to the personal information and what happens if the person does not give the information;
Use and Disclosure
An organisation should only use or disclose information for the purpose for which it was collected unless the person has consented, or the secondary purpose is related to the primary purpose and a person would reasonably expect such use or disclosure, or the use is for direct marketing in specified circumstances, or in circumstances related to public interest such as law enforcement and public or individual health and safety;
Data Quality
An organisation must take reasonable steps to make sure that the personal information it collects, uses or discloses, is accurate, complete and up to date;
Data Security
An organisation must take reasonable steps to protect the personal information it holds from misuse and loss, unauthorised access, modification or disclosure;
Openness
An organisation must have a policy document outlining its information handling practices and make this available to anyone who asks;
Access and Correction
Generally, an organisation must give an individual access to personal information it holds about that individual on request;
Identifiers
Generally, an organisation must not adopt, use or disclose an identifier that has been assigned by a commonwealth government agency;
Anonymity
Organisations must give a person the option to interact anonymously whenever it is lawful and practicable to do so;
Trans Border Data Flows
An organisation can only transfer personal information to a recipient in a foreign country in circumstances where the information will have appropriate protection;
Sensitive Information
An organisation must not collect sensitive information unless the individual has consented and it is required by law or in other special circumstances, for example, public health or safety.
