We’re now going to talk about our legal responsibilities and your rights here; so, we’re going to sound a little more formal than we normally do.
1.1 Who we are
‘we’, ‘us’ ‘our’ refers to health.com.au (ABN 98 004 417 092) the health insurance business (including health.com.au Overseas Visitor Health Cover) and the ultimate parent entity of health.com.au, GMHBA Limited (ABN 98 004 417 092), a registered health insurer, including the following brands – GMHBA Health Insurance, Frank Health Insurance (includes Frank Overseas Visitor Health Cover), and Budget Direct Health Insurance.
‘you’, ‘your’ refers to a customer or policy holder.
consent means your permission. Your consent can be express or implied. Express consent can be written (e.g. when you sign a form or send us correspondence) or verbal (e.g. when you give us permission over the phone). Your consent will be implied when we can reasonably form a conclusion that you have given consent by either taking action or deciding not to take action.
customer means a person who is currently receiving, or has previously received, products or services from us.
health information includes information or an opinion about the health or a disability of an individual, the individual’s wishes about the provision of health services, or health services provided or to be provided to an individual.
policy holder means a person who holds a health insurance policy with health.com.au; usually, the person whose name the health insurance policy with health.com.au is written.
personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not. It includes sensitive information and health information.
sensitive information includes:
- health information; and
- information or an opinion about an individual’s racial origin, political opinion, membership of a political association or trade union, religious beliefs, sexual preferences, or criminal record.
Social includes social media forums, applications, functions, and promotions
1.3 Protecting your privacy
2. Collection of your personal information
Personal information collected by health.com.au includes your name, date of birth, address and contact details, bank account and credit card details (including bank contributions you make), the use of social media features and our website, including any information you type into or select on the Website.
Sensitive information collected by health.com.au includes information about your health or medical history.
We generally collect personal information in writing, by telephone, email or via our website. For example, we may collect information when you: obtain a quote from us, make an application for health insurance, submit a health insurance claim, have customer interactions with us where we record system notes and voice recordings of telephone conversations, use of our webchat function, or provide information using any Social Media Features, such as the Facebook Like button, comments and widgets like the Share button.
We may also collect your personal information from third parties such as:
- Hospital and other healthcare providers in order to process your private health insurance claims, conduct eligibility checks and to comply with laws such as the Private Health Insurance Act 2007 (Cth) and the National Health Act 1953 (Cth),
- Your previous health fund to cancel your membership and request a transfer certificate,
- The policy holder (who is the person responsible for the management of your private health insurance policy) or a person authorised to provide us with information on your behalf in order to provide you with private health insurance cover, Overseas Visitor Health Cover and pay you benefits,
- Organisations engaged by health.com.au to carry out functions on our behalf such as mail and data processing,
- Other health services such as your healthcare service provider, private health insurance provider and Medicare for our health insurance businesses,
- Distribution partners who sell our products and services on our behalf,
- Intermediaries who provide private health insurance information and services on behalf of our health insurance businesses,
- Recruitment Agencies when appointing employees and contractors,
- We may also use your personal information for marketing purposes. For example, for the direct marketing of products, promotions, and services by all private health insurance businesses.
If you choose not to provide us with personal information, we may not be able to provide you with the services you require. For example, we may not be able to pay health insurance benefits, assess or adjust your lifetime health cover loading or apply an entitlement to the Australian Government Rebate on private health insurance as a premium reduction.
3.Provision of information about another person
If the information you are providing to us is health information or sensitive information, you must first obtain the individual’s consent to disclosing the information to us.
If you are responsible for the management of your private health insurance policy by:
- Taking out private health insurance with us, or
- Providing your personal (including health and sensitive) information to health.com.au, or you, or your spouse/partner and/or dependent children (if any), providing your spouse/partner’s and/or dependent children’s personal (including health and sensitive) information to health.com.au for whatever purpose,
4. Collection of information via our website
When you first visit our website, information about your computer or web device is automatically recorded by our website. This includes your IP address, your top level domain name, the date and time of your visit to our site, the pages you accessed or downloaded, the address of the last site you visited, your operating system and the type of browser used.
This information is collected for statistical and administrative purposes, and to improve our web based services. It does not readily identify individuals, and we will not attempt to identify individuals from the records our server generates unless it is necessary to do so for law enforcement purposes.
We use a third-party service to collect general information about how people use our website. This anonymous information is aggregated, and doesn’t reveal personally identifiable information about anyone who uses our website.
5. Purposes for which we collect, hold, use, and disclose your personal information
health.com.au collects, holds, uses, and discloses your personal information to provide you with private health insurance, health care and health and wellness related services including to:
- Manage our ongoing relationship with you,
- Answer any queries you may have in relation to: our private health insurance products, overseas visitor health insurance cover and health and wellness related services,
- Administer, process and audit: private health insurance claims and pay private health insurance benefits and credit card payments or to collect unpaid invoices,
- Process payments in respect of your health insurance premiums and claims, and your product purchases,
- Carry out any internal function such as administration, accounting, quality assurance, and information technology,
- Assess your suitability for, enroll you in and administer health and wellness related services such as chronic disease management programs, health management programs and coaching programs,
- Provide you with the opportunity to participate in our fitness groups and/or attend health seminars and community health events,
- Conduct customer surveys including satisfaction and net promoter surveys,
- Conduct marketing, research, and analysis,
- Provide you with access to the website for online member services to manage your own private health insurance policy and for web chat function,
- Manage, review, develop and improve our private health insurance products, overseas visitor health insurance cover and related services (including health and wellness services) whether provided by us or other parties,
- Confirm eligibility of a policy and/or health insurance policy, and
- Pay a commission to a broker if applicable.
We may also collect, hold, use, and disclose your personal information to:
- Government and regulatory bodies such as Medicare,
- To the parent entity of health.com.au, GMHBA Limited a registered health insurer, which includes the following brands – GMHBA Health Insurance, Frank Health Insurance (includes Frank Overseas Visitor Health Cover), and Budget Direct Health Insurance,
- Resolve any legal and/or commercial complaints or issues including compensation recovery or where we are required by law (e.g. compulsory notices from courts of law, tribunals, or government agencies),
- Meet legislative requirements relating to private health insurers and health.com.au Overseas Visitors Health Cover,
- Auditors and other services providers who we may appoint to ensure integrity of our operations and services,
- Any other person or entity acting on our behalf,
- Other healthcare professionals, for seeking a second opinion or a referral where you have consented to us obtaining the second opinion,
- To third party health benefits providers and insurance companies to assist in the processing of a claim for reimbursement or payment of all or part of the cost of treatment submitted by you or on your behalf,
- Train our personnel,
- Recruit health.com.au personnel,
- Organisations that facilitate the sending of emails and SMS, and
- Perform any of our other functions and activities relating to our business.
We will generally only use personal information for the purpose for which it is collected, or for a purpose that is related to, or in the case of sensitive or health information, directly related to, the purpose for which it was collected.
6. To whom we disclose your personal information
health.com.au will not sell or disclose your personal details for any purpose that is not related to your relationship with us.
We rely on third parties such as mail-houses, data processing organisations and financial institutions to perform specialised activities for health.com.au and your personal information may be provided to these third parties to enable them to perform their agreed services.
In order to carry out our functions and activities, we may disclose your personal information to some service providers that are located outside of Australia. The services of these contractors may be provided in locations that include Australia, the United States of America, Europe and Asia.
We do not disclose information outside of Australia unless we take steps as are reasonable in the circumstances to ensure that the overseas recipient will not breach the Australian Privacy Principles set out in the Privacy Act 1988 (Cth) in relation to the information.
We have also taken reasonable steps to put in place with our contractor’s contractual arrangements in compliance with our obligations under the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).
health.com.au may also be required to disclose your personal information to comply with law, including the Private Health Insurance Act 2007 (Cth) and the National Health Act 2001 (Cth).
We may disclose personal information for the purposes described under the heading ‘Purposes, for which we collect, hold, use and disclose your personal information’ to our health insurance businesses, contracted services providers (such as mail-houses and data processing organisations), government authorities (such as Medicare Australia), and for health.com.au Overseas Visitors Health Insurance the Department of Immigration and Boarder Protection, hospitals, medical and general treatment providers, persons authorised by you and our professional advisors, as well as to financial institutions to process payments.
If you are not the policy holder of your health insurance policy, health.com.au may also disclose your personal information to the policy holder as part of administering the policy and paying benefits. This may include the disclosure of sensitive and health information about benefits claimed by you under your policy in the form of quarterly and annual benefit statements.
We may also disclose personal information to parties involved in a prospective or actual transfer of our assets or business.
7. Accessing and correcting your personal information
We try to ensure that personal information we hold is accurate, complete and up to date. Please let us know if there are any errors in your personal information and keep us up to date with changes to your personal information such as change of address.
You can request to update your personal information by emailing us at email@example.com, calling us on the telephone number listed in Part 8 of this policy or by self-serving online at www.health.com.au.
health.com.au will also allow you to access personal information we hold about you as required by law.
You can request to access personal information we hold about you by contacting our Privacy Officer (whose details are provided in Part 8 of this policy).
If we do not provide you with access to your personal information, or refuse to correct your personal information, we will advise you of the reasons for the refusal in accordance with law.
In some circumstances, we may require you to pay the reasonable cost of providing access to personal information we hold about you.
8. Contact us and complaints about privacy
If you have any queries, concerns or complaints about the manner in which your personal information has been collected or handled by health.com.au, please call us on 1300 199 802 or email us at firstname.lastname@example.org.
We will do our utmost to resolve the issue as quickly as possible.
If you are not satisfied with our response or would like more information about protecting your privacy, you can refer the matter to the Office of the Australian Information Commissioner by telephone on 1300 363 992 or email at email@example.com.
9. Transfer of information outside Australia
9.1 health.com.au – Private Health Insurance
From time to time we may need to disclose your personal information to organisations located outside of Australia in the ordinary course of everyday business.
We are responsible for taking reasonable steps to ensure the overseas organisations comply with Australian privacy laws.
The countries to which we may disclose personal information in the course of our functions and activities is listed below:
- United States
9.2 health.com.au Overseas Visitor Health Cover
Due to the nature of health.com.au Overseas Visitor Health Cover products and services, it may be necessary to disclose your personal information to people or organisations outside Australia. The recipients of your personal information will generally be located in your original country of residence where you are departing to Australia from and include:
- your employer
- anyone you permit us to disclose your personal information to
- our agents and brokers
health.com.au OVHC will otherwise not disclose your personal information to anyone unless:
- you give us your permission to do so
- your safety or the safety of others in the community is at risk
- com.au OVHC is permitted to do so under the Privacy Act 1988 (Cth); or
- com.au OVHC is required or authorised by or under an Australian law or court or tribunal order.
10. Security of your information
We may store personal information we hold in hard copy documents or as electronic data in our software IT systems (and those of our service providers). We endeavour to take reasonable steps to protect all personal information that we hold from misuse and loss and to protect it from unauthorised access, modification, and disclosure.
The methods we use to ensure your information is secure include:
- com.au employees are trained to respect your privacy in accordance with the Privacy Act 1988 and our own policies and procedures,
- Verification procedures to identify an individual before access is allowed to personal information,
- Confidentiality agreements with all agents, brokers, and sub-contractors,
- The use of data encryption, firewalls, and other security systems for our IT platform, and
- Document storage security policies.
11. Retention of information
We generally retain personal information we hold for as long as it is necessary to perform the function in relation to which the information was collected. However, we may retain personal information for longer periods to comply with legislative requirements for document retention. If personal information is deleted from our database it may be retained in de-identified form on the servers of our internet service provider.
12. Direct marketing and your privacy
From time to time we may contact you to provide you with information about other promotions, products and services offered by us, or other service providers who have a relationship with us, that we consider may be of benefit to you. When we contact you it may be via mail, phone, social media, email and/or SMS.
When you become a policy holder or customer, you consent to us and our service providers using your personal information for direct marketing purposes (for an indefinite period including after you may cease your policy with us), unless you contact us to withdraw your consent.
If you do not wish to receive marketing material from us, you can contact us at any time to let us know by:
Email: firstname.lastname@example.org with the word “unsubscribe” in the subject line, or
Call: 1300 199 802
If you request not to receive marketing material, please note that we will still contact you in relation to our on-going relationship with you. For example, we will still send you statements and notices that are relevant to the products and services you hold with us.
13. Dealing with us anonymously
When you use our website or ask for general information, we may deal with you without requiring you to provide personal information. However, aside from those circumstances, the nature of our business is such that it is generally not possible for us to deal with people on an anonymous basis.
14. Use of website
Our website may contain links to other websites that are not owned, operated, or endorsed by us. We are not responsible for the privacy practices of those websites, or for the content, products or services provided by or contained on those websites.
Updated effective 02/03/2017