nib Group and Privacy
This information explains how we comply with applicable privacy requirements and sets out minimum standards for how we deal with personal information collected and used by the nib Group. This information may be updated from time to time, and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant website from time to time, or as provided in additional privacy notices in documentation we provide to you (depending on your relationship with us, as outlined further below).
nib Group's system for complying with applicable privacy requirements includes:
- our commitment to compliance with privacy requirements;
- our policy and approach to privacy, as explained in this information;
- our resources allocated to privacy, including our technology systems and services; and
- our people and the training and education we undertake.
Collecting your personal information
The businesses operated by the nib Group of companies provide a range of insurance services, specifically health and travel, and provide information in relation to health care and health care providers, and other services.
The types of information we may collect
When you deal with us, we may collect personal information about you such as your name, contact details, gender and other information about your circumstances and preferences including about your health or medical history, government related identifiers, travel visa and employment details, professional accreditations, bank account and credit card details, and if you hold nib securities, information relating to you and your security holding.
The types of personal information we collect will depend on your relationship with us, such as whether you are an nib customer including a policyholder, website user, job applicant, employee (in applicable jurisdictions), a claimant, a health service provider or another third party (such as an existing or potential business partner).
Who we collect this information from
We collect this information when we ask you for it and you provide it, including when you join our nib reward programs, or if an insurance claim is lodged by you or on your behalf. We may also collect information about you from third parties, such as your insurer for travel insurance, doctor, treating hospital or other health service provider, if it is not reasonable or practicable to collect the information from you, or where you provide your consent for us to do so. This may also include other people or organisations who might be representing you, including a person who takes out an insurance policy on your behalf or under which you are covered, or any person assisting or representing us.
We may also collect your personal information from third parties who provide analytics services to nib, including predicted health outcomes based on identified health, lifestyle and demographic factors, as well as publicly available sources such as internet search engines or social networking services. When we do so, we ensure that we have a legal basis for using your personal information, such as to enable us to contact you and offer our products and services to you. We may also collect personal information about others such as parents and guardians, carers or authorised representatives of third parties.
If you are a recognised health care provider, We may collect your personal information from databases and directories to support our business processes, including to ensure claims are dealt with efficiently, to investigate complaints or to conduct fraud-prevention checks.
Like many companies, we use technology and tools that tell us when a computer or device has visited or accessed our content. Those tools include services from search engines and other companies that help us to tailor our products and services to better suit our customers and potential customers. Search engines provide facilities to allow you to indicate your preferences in relation to the use of those tools in connection with computers and other devices controlled or used by you. Our mobile applications may also collect precise location information from your device if you consent to the collection of this information, and we will always respect your preferences including if you choose to withdraw your consent at any time.
Insurance policies with more than one insured person or purchased on behalf of another person
If you have a Couples or Family health insurance policy with us, or hold a policy that has been taken out on your behalf, we may collect your information from the policyholder or person who took out the policy on your behalf. The policyholder will also have access to all the information on the policy, including those of their partner and any dependants.
If you have a travel insurance policy that names more than one adult on your Certificate of Insurance, or where your policy has been taken out by another person on your behalf, we may collect information from them about you.
As a policyholder or person providing information about a member or person, we expect that:
- you have told them you have provided their personal information to nib;
- you have told them they are entitled to access their information by contacting us.
For health insurance, if a policyholder lodges a claim on your behalf, or for travel insurance, if a co-insured adult lodges a claim on your behalf, we act in reliance on the above representations given by that person. We assume you have given your consent to the policyholder or co-insured to provide all the information we need to process your claim.
If you do not provide us with your personal information
Where we do not have your personal information (or personal information of an insured person or person requesting assistance), we may not be able to contact you, process your requests or employment application, or provide our services to you including providing insurance or other assistance, or processing an insurance claim.
Using your personal information
How nib uses your personal information
Generally, we use your personal information for our business and activities, and in our efforts to expand and improve our business. Examples include:
- to identify you, and respond to and process your requests for information and provide you with a product or service;
- to determine your eligibility to provide or receive an nib health or related product or service, and to manage our relationship with you including where relevant, providing you with a quote or managing insurance related and other services being provided by or to you;
- to administer and provide insurance services, including emergency assistance, and to manage your and our rights and obligations (and those of insured persons) in relation to insurance services, including dealing with you or an insured person in connection with an insurance proposal, policy, or claim;
- to recommend updates to insurance policies to ensure adequate coverage for services beneficial to you;
- to administer promotional programmes and scholarships, such as: exclusive member offers, competitions or university research scholarships sponsored by nib, when you have provided consent as part of your application;
- to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties including those making referrals to us and to our strategic, distribution and "whitelabel partners" who market and sell our products and services to their customers under their own brand;
- to prepare internal reports for the purposes of improving our products, services and internal operations;
- to provide you with advice or information relating to your policy or needs, including insurance needs;
- to manage complaints and disputes, and report to dispute resolution bodies;
- to operate programs and forums in different media in which you are able to share information, including your personal information, with us and publicly (on the terms applicable);
- to manage, train and develop our employees and representatives;
- for a business or professional relationship we may have with you;
- if you apply for employment with us, to consider your application;
- where you are a health service provider, to manage our relationship with you and your relationship with our members, which may include engaging agents to perform this function on nib’s behalf. Other ways nib may use personal information of health service providers includes for billing purposes, investigating and resolving member or regulator enquiries and complaints, and creating and providing access to directory services and costs information to members and other third parties;
- to amend records to remove personal information; and
- for other everyday business purposes that involve use of personal information.
The above examples are a non-exhaustive overview only of how we may collect and use your personal information, and more detail may be provided to you in a separate privacy notice when you contact us or, where relevant, in a separate contractual arrangement with you.
Legal basis for using your information
We ensure that we have an appropriate legal basis to deal with your personal information in these ways, including:
- where you have provided your consent (such as when you provide your consent to receive marketing messages);
- where it is necessary for us to use your personal information in order to enter into or perform a contract (such as to send you a Product Disclosure Statement and Quotation in response to your product inquiry, or if we need to handle an insurance claim), or to protect your vital interests (such as to provide emergency medical assistance under a travel insurance policy you hold with us);
- where we have a legal or regulatory obligation that we must comply with or is in the substantial public interest (such as to prevent fraud or money laundering) or we need to use your personal information to establish, exercise or defend legal rights (such as debt recovery) or whenever courts are acting in their judicial capacity; and
- where we need to use your personal information for our legitimate business interests (such as managing our business operations, developing and improving the products and services we offer, company re-structure or selling part of our business), and when we do so, we will consider your rights and interests in accordance with applicable law.
Direct Marketing and personalisation
Generally, we use your personal information for our business and activities, and in our efforts to improve our offerings to you. Examples include:
- to offer and provide personalised health information, support and services;
- to offer and invite you to health management programs;
- to provide you with marketing communications and invitations and offers for products and services including new products or services that we or our third party business partners believe may be of interest to you and to assist in developing new products and services; and
- to provide improved services to you through our website, social media channels and to develop and improve the products and services we offer to you and/or to our customers;
If we use your personal information to contact you and you would prefer us not to, or if you indicate a preference for a method of communication, please let us know and we will respect your preference. Please contact nib via the method below:
Storing and disclosing your personal information
Personal information is retained during the time we need it for the identified purposes, to the extent necessary for purposes reasonably related to those identified purposes (for example, resolving disputes) or as required by law.
Who we disclose your personal information to
In using and storing your personal information, we may pass on your personal information, including outside the country of collection:
- to third parties, like our consultants, agents, contractors and service providers, and those that act as data processors or analysts, auditors or external advisers;
- to others who may be involved in your care;
- to any intermediaries, including your agent, adviser, broker, representative or person acting on your behalf;
- to your employer or group administrator, if you are a member of a workplace or association insurance plan, in order to administer that plan or where determined necessary or reasonable to do so, including in connection with any suspected unlawful activity associated with your insurance cover;
- to other insurers, reinsurers, insurance investigators and claims or insurance reference services, brokers, loss assessors, financiers;
- to other companies in the nib Group, including those located in Australia, New Zealand, the Republic of Ireland, the United States, the Philippines and the Cayman Islands;
- to any of our nib Group strategic, distribution and whitelabel partners where authorised or required;
- where relevant, we may disclose information to a potential or actual third party purchaser of our business or assets;
- where relevant, to local registration boards and professional and industry bodies and associations, or to external dispute resolution bodies or other third parties involved in the management and resolution of complaints;
- for legal or safety reasons or other special circumstances, such as in order to comply with a legal or regulatory obligation to protect your vital interests;
- where we have a legitimate purpose (such as to manage our business operations or to conduct data analytics to improve our offerings);
- to any person authorised by you, or to others you have nominated, to access information in connection with an insurance policy you hold with us;
- to other persons who are insured on your policy to confirm, for example, that full disclosure has been made to us, or to ensure that the policyholder or person managing a claim has details of claims made on the policy, including any personal information used to make a claim determination; and
- in additional ways you may also agree to.
We may also disclose to third parties information from which personal information has been removed (such as aggregated, anonymous or pseudonymised information) so that your privacy is not impacted.
We may disclose your personal information overseas
When we pass on, transfer or share your personal information in this way, we take steps to ensure it is treated in the same way that we would treat it, and that an adequate level of protection is in place in accordance with relevant privacy and data protection laws.
For example, if your personal information is collected in the EEA and we (or third parties acting on our behalf) transfer personal information that we collect about you to countries outside of the EEA (such as when we need to collect or share this information with nib’s parent company located in Australia), your personal information may be subject to both Australian and European privacy requirements, and the steps that we take to protect your personal information include obtaining contractual commitments to comply with applicable privacy requirements (referred to under European data protection laws as “Standard Contractual Clauses”). Depending on circumstances of the particular transfer, other steps we might take include transferring personal information to companies in the United States which are certified under the “Privacy Shield” (in the case of EU-US transfers of personal data).
Some businesses within the nib Group (e.g., our travel insurance businesses) have relationships with insurers and other entities overseas. The countries in which these recipients may be located will vary from time to time, but may include the United Kingdom, the United States, Canada, Denmark, and Brazil. We may also disclose your personal information to health service providers and others we have business arrangements with overseas as necessary to enable them to offer their products and services to you, such as where you are covered by a travel insurance policy and require appropriate medical treatment and services while overseas (and if we do so, we will ensure we meet applicable data protection requirements, such as explicit consent, or protection of the vital interests of a data subject).We do our best to keep our records of your personal information up to date and accurate, and to delete or amend personal information that is no longer needed.
We use various systems and services to safeguard the personal information we store, as part of our business systems and processes. We take steps to protect your personal information from misuse, interference or loss and unauthorised access, modification and disclosure with appropriate safeguards and security measures.
While we take steps to protect your personal information when you send it to us, you should keep in mind that no internet transmission is ever completely secure or error- free. If you provide any personal information to us via our online services (including email), or if we provide information to you by these means, the privacy, security and integrity of any data transfer over the internet cannot be guaranteed. When you share information with us (such as over the internet, or sending us an email), it is at your own risk as factors beyond our control include the security of the device and/or program you use to communicate with us, and steps you take to protect your login details and password. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us (see below).
Accessing and correcting your personal information
You may wish to contact nib Group to access your personal information, to seek to correct it, delete it or to make a complaint about privacy (and under applicable privacy laws you may have rights of access to and correction of your personal information). Our privacy email contact address for our Group Privacy Officer is [email protected] and further contact details for nib Group are set out below.
- nib holdings Limited
- 22 Honeysuckle Drive
- Newcastle NSW 2300
- Phone: 13 14 63 (within Australia)
- +61 2 4914 1100 (outside Australia)
- Attention: Group Privacy Officer
You can also contact your local entity. We will respond to your request for access to personal information we hold about you within the timeframes required by applicable laws and/or as soon as we reasonably can, including notifying you if we are unable to provide access (such as when we no longer hold the information) or if we are permitted by applicable law to refuse access.
Generally, we do not impose any charge for a request for access, but where permitted to do so by applicable law, we may charge you a reasonable fee for the retrieval costs associated with providing you with access.
For complaints about privacy, we will establish in consultation with you a reasonable process, including time frames provided by applicable laws, for seeking to resolve your complaint.
European Economic Area (EEA) and United Kingdom
If you are located in the European Economic Area (EEA) and require further information about how we deal with your personal data under EEA data protection laws, please contact us at:
- nib Travel Services Ireland Limited / nib Travel Services Europe Limited
- City Quarter Building
- Lapps Quay, Cork, IRELAND.
- [email protected]
Under EU laws, additional rights may also be available to you about the way we handle your personal data, including the right to complain to your local supervisory authority:
If you are located in the United Kingdom and are not satisfied with our or your insurer’s response, or believe we or your insurer are not processing data in accordance with the law, you can complain to your local Data Protection Commissioner:
- Information Commissioners Office
- Wycliffe House
- Water Lane
- SK9 5AF
Other rights which may be available to you under UK and EU laws include:
- Right to access your personal data (you have the right to request a copy of your personal data that we hold about you, and please see further above);
- Right to rectification (as noted, if you believe that the information we hold about you is inaccurate or incomplete, please let us know so that we can rectify any gap or inaccuracy);
- Right to erasure, or right to be forgotten (in certain circumstances, you have the right to request that we erase your personal data, such as if your personal data is no longer necessary for the purpose of original collection);
- Right to restriction of processing (in certain circumstances, you have the right to request that we restrict the processing of your personal data, and please see further above for example in relation to how you may opt out of our marketing communications);
- Right to data portability (in certain circumstances, you can request that personal data we hold about you be transmitted directly to another organisation);
- Right to object (you may have the right to object to our processing of your personal data, such as in relation to direct marketing communications and your right to opt out as outlined above, or to otherwise object unless we establish that we have legitimate grounds for the processing which outweighs your privacy rights); and
- Rights relating to automated decision making (you have the right to ask us to not to be subject to a decision based solely on automated processing including profiling which produces legal effects or other similar significant effects concerning you).
Last updated: February 2022