Defence Health recognises the importance of protecting your personal information and the trust you place in us.
1. Introduction and scope of this policy
Under the Commonwealth Privacy Act 1988, as amended from time to time and the Privacy Principles which form part of the Act and apply to Defence Health as an organisation that is in possession of individuals' ‘personal information’, we must observe strict restrictions and standards about the collection, use, disclosure, security and integrity of that information.
In some circumstances, State privacy laws will mean that these restrictions and standards will continue to apply to the ‘personal information’ of an individual held for a period of time after their death.
In the course of providing our products and services, there is certain personal information we may require from you. Defence Health’s primary purpose in collecting personal information is for the provision of health insurance and related benefits and financial services advice to you and to otherwise fulfil our legal obligations as a private health insurer and financial services provider.
This policy applies to our activities on our websites, the main website being at www.defencehealth.com.au and on the social media platforms we use from time to time which include Facebook, LinkedIn and YouTube and to our mobile applications.
Defence Health may disclose personal information relating to the member's dependants to the member. Where a member grants their spouse or partner authority to operate the relevant policy, Defence Health may disclose personal information relating to the member or any of the member's dependants to the member's spouse/partner. To protect the privacy of all persons covered by the policy, a member is also required to seek and obtain the consent of any dependant aged 16 years and over to the disclosure of their personal information to the member's spouse/partner, before granting authority to the member's spouse/partner to operate the policy. If a dependant is 16 years or over, they may ask Defence Health not to share their information with the member or member's spouse/partner.
For the purposes of this policy and unless circumstances suggest otherwise, a person aged 16 years and above will be considered capable of making their own privacy decisions. Defence Health will take instructions from the person who is able to make relevant decisions relating to health insurance and health matters generally for that person or dependant.
3. What personal information does Defence Health collect?
The amount and type of personal information we collect and hold about you depends on the nature of your relationship with us and the extent to which you have used our services or made claims or engage with us via our website or app or other websites or social media platforms on which we have a presence.
The information we collect includes personal details such as your name, address, date of birth, names of dependants, contact details including telephone numbers, facsimile numbers, email addresses or post office box numbers and any communications made between us. We may store communications made with us through social media channels such as Facebook.
We also collect and hold:
In relation to Health Insurance Cover
- Information to provide you with and follow up on a quote or to set up an account for you, including bank account, credit card details, Medicare numbers, and information about your employer and eligibility to be a member;
- Information about the level and status of your health insurance cover and membership and your contribution history (premium payments);
- Information about claims you make or wish to make on your cover and benefits paid to you;
- Information about products, services, programs and benefits we offer from time to time;
- Member account online log on details
In relation to Financial Services Advice
- Where general financial product advice is provided, sufficient personal information to assist you in completing an application form for the relevant insurance policy, and for us to manage the relevant insurance policy;
- Where a risk policy is to be purchased as part of your superannuation, your tax file number will be collected.
In relation to travel and other insurance
- Information to provide you with a quote;
- Information to assist you in the purchase, ongoing management and claiming under your policy
- Information from reports provided by the underwriters on our policyholders to assist us in managing your policy or providing information or marketing services to you.
We may collect personal information which is sensitive information. This includes information about your health and lifestyle as are required by the underwriters to assess your application for insurances. We may do so only with your consent, as required or authorised by law or where otherwise permitted by Privacy Principles in the Privacy Act and any applicable State or Territory health privacy laws.
If you are a health service provider:
- Your contact details;
- Provider registration details;
- Government related details such as your Medicare provider number;
- Details of the services you have rendered and charged for and claims made;
- Bank account details;
- Feedback about your services from our members; and
- Aggregated claims data from the Australian Health Services Alliance Ltd and other sources.
If you engage with us online
We may collect personal information about you when you engage with us online via our social media pages such as Facebook, LinkedIn and YouTube, like our pages on social media, leave any information via a post, comment or review or request to be involved in one of our campaigns or competitions or use any of our services or otherwise enter information into any comment fields, events and other community forums sponsored by or affiliated with Defence Health.
We also collect other information about you in connection with your online activities when you interact with us, which may not be considered personal information as it is, anonymous, aggregated, de-identified, or otherwise does not reveal your identity. Refer to our section on Cookies, third party advertising and analytics below for further information about what we collect and why.
Please note that most online forums are public and others can see what information you disclose. You are not required to submit any information or participate. We may, but are not required to, monitor any activity and remove content within our control or block participants.
Any information you post or disclose in this way is public and we cannot control its use. Any content posted represents the views of the individuals who post the content and we do not necessarily endorse, support, verify, or agree with the content.
4. How does Defence Health collect personal information?
4.1 Information gathered from you
Where it is reasonable and practicable to do so we will collect most of your information from you directly, such as:
- When you submit an application form to apply for a product or service
- When you submit a variation to level of cover or persons covered
- When you submit a claim for benefits
- When you log on to your online member account
- Each time we have contact with you through our Member Service Centre and when we provide financial services advice
- Each time we conduct direct marketing surveys or in response to our direct mail.
- When you engage with us online including via social media (such as by providing a review or comment) or via other channels such as webchat or our mobile app or through other public campaigns we run or partner with.
- When you enter a competition we run
- If you are a health service provider, when you submit a claim
Sometimes we may ask to collect particular personal information about you. Unless we have already done so, or it is apparent from the circumstances, when or before we collect that information, we will take reasonable steps to inform you of:
- The purposes for which the information is collected
- Where applicable, any Australian law or court or tribunal order requiring the information to be collected,
- The main consequences if all or part of the information is not provided, and
- How you can access and correct your information and make a complaint about a privacy breach.
4.2 Information gathered from third parties
Other ways we generally collect information:
- In circumstances where additional health information is required we may contact your nominated health provider, including to conduct claims processing and control (including claims audits, risk management and fraud prevention)
- We may contact your health service provider to clarify details provided by you
- From other individuals covered on your family membership
- In circumstances where services claimed may be compensable from another source, we may contact any person, organisation or agency as necessary to establish eligibility of benefits for you
- From your employer, if you are part of a Payroll Deduction Scheme
- From insurers with whom you have an existing insurance policy.
- If you are a health service provider, from Medicare Australia, from the Australian Health Services Alliance Ltd and from electronic claiming software suppliers and from other bodies who provides us with services
- From social media platforms where we have branded pages, such as on Facebook
- From third parties who carry out services for us such as surveys, research and marketing
If you do not provide any information requested about you or your dependants or do not consent to our collecting that information from third parties, then depending upon the type of information concerned, the consequences of our not being able to collect this information may include:
- Our inability to process any application for membership, membership renewal or claims;
- Our inability to process your claims for services; and
- Our inability to provide any other services to you including the provision of financial services advice.
4.3 Cookies and third party advertising and analytics
We collect information about you when you engage with us online in various ways including via our social media pages such as Facebook, LinkedIn and YouTube and when you click on advertisements. We do this by using cookies and third party analytics and advertising services. We use this information to assist us in our advertising and marketing campaigns, to provide you with information on our products and services that we think is most relevant to you and to enable us to measure the progress of our marketing activities.
“Cookies” are data files (of letters and numbers) that we store within the hard drive of your computer when you interact with our website. These data files allow us to recall important information about your visit and help improve your experience.
When you visit our website, our servers collect routine logging information such as the pages visited, the time of your visit, your web browser and device type and the IP address associated with your request. We also collect referring URLs of website you have visited or will visit, data about the activities you undertake and how you interact with us online, such as what data is displayed, clicked on or shared, the click stream patterns, and the length of time you spend on our site or page. We use this information to help us manage and improve our website and for tracking and marketing purposes.
We use different types of cookies to:
- Enhance your access to and the functionality of our website and user experience - we are able to make it easier for visitors to get quotes; and
- Show you ads or messages based on your interests or browsing history
Third party analytics and advertising
We use remarketing with Google Analytics to advertise online. Third-party vendors, including Google, show Defence Health advertisements on website sites across the Internet. Defence Health and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on your past visits to the Defence Health website.
Defence Health’s websites use Google Analytics and other third-party tools to better understand how you use the site. This makes information similar to that of routine server logs available to Google or other third-party statistics providers. The analytic reports that are produced are aggregated and do not identify individual people.
Our website and other communications contain electronic images called “web beacons” (they are also known as one pixel GIFs, clear GIFs or pixel tags). Web beacons allow us to count visitors who have viewed content on websites or pages or what subscribers have read our emails. We can then develop statistical information about the activities and features that most interest you and then provide more personalized content. We do not use web beacons to access your personal information without your consent.
Opting out of cookies and online advertising
You can stop the delivery of interest-based advertising we or others place online. For more information or how to opt out of 3rd party cookie data collection from Google, go to https://www.google.com/intl/en/analytics/learn/privacy.html
When you opt-out using these methods, a cookie will be placed on your device indicating that you have opted-out of interest-based advertising. If you delete your cookies, you will need to opt-out again. In addition, when you opt-out using these methods, this does not mean that you will no longer receive advertising from us, or when you use the Internet. It just means that the advertising you see displayed on websites will not be customised to your interests.
5. Purposes for holding the information collected
We generally hold information for the following purposes:
- To approve and administer transactions/claims you wish to make
- To provide you with services you have requested
- To inform you of products, benefits or services we think you might be interested in
- To provide general financial services product advice, assist with your application for products and liaising with the underwriter
- To develop, improve and market (including online) ours and co-branded products and services.
- To tailor our marketing and promotions to your interests
- To conduct market research and other marketing related activities
We may combine and link the information we collect about your for certain purposes such as to administer your account and claims and to manage our relationship with you.
6. How personal information is held
We hold your personal information in a combination of computer storage facilities, paper-based files and other records. These facilities and records are located on site at our head office and off-site at secured premises operated by third parties on behalf of Defence Health. The third parties are bound by Defence Health’s strict information security policies and procedures. These policies and procedures are in place to protect personal information held by us from misuse, loss or unauthorised access, modification or disclosure.
7. How does Defence Health use personal information?
We collect and use personal information for the following purposes:
- To check your eligibility for membership or check your identity
- To process your application for services
- To approve and process transactions you wish to make
- To set up an account for billing your membership contributions
- To provide you with financial services advice
- To provide you with services you have requested or any additional or related services
- To provide you with member account log on details
- To identify whether you would benefit from risk management or disease management programs
- Unless you have opted-out, you consent to us using your information including sensitive information to contact you via mail, telephone, email or SMS or other form of online communication or interaction we may have with you to inform you of health-related or other products, benefits or services we think may interest you
- To address information technology requirements, systems maintenance and development issues
- To aid business development and extend our range of products and services and co-branded products and services
- To identify you for customised and targeted marketing and promotions and advertising campaigns either directly or via social media channels, to provide you with information on our products and services that we think is most relevant to you and to enable us to measure the progress of our marketing activities.
- To investigate and resolve complaints concerning the provision of services including about health service providers
- To conduct claims processing and control (including claims audits, risk management and fraud investigation and prevention)
- To comply with our legal obligations and court or tribunal orders.
8. When does Defence Health disclose your information?
We may disclose your information, in the following circumstances:
- To organisations and individuals (such as health service providers) who provide services to us or on our behalf (as further detailed below)
- With your consent or where it is necessary to provide you with services under the Policy
- Where required or authorised by Australian law or court or tribunal order
- To organisations which have requested us to provide services to you or who co-operate with us in offering products or services, including risk management and disease management programs and financial products
- To members, in relation to couple and family memberships, for example, in the form of benefit advice statements, to disclose information about benefits limits and treatment for all persons covered by the Policy, including dependants.
- To government agencies, such as the Department of Veteran Affairs (DVA), to confirm payment of benefits
- To organisations we partner with to deliver co-branded products and services and who conduct member surveys and research on our behalf
- If you are a health service provider, to your registration member organisation, to your service provider group with whom you contract (such as Smile for dentists) and to your regulator if we are requested by them or if we consider your conduct is reportable as misconduct or fraud
- To enable service providers to access and collect data to run email distribution and online marketing campaigns.
When you are admitted to hospital, personal information about you and your condition is provided by the hospital to Defence Health to enable your claim to be paid. Australian Health Service Alliance Ltd is an agent of Defence Health and in this capacity, receives your personal information. Australian Health Service Alliance Ltd. is a privacy compliant organisation. The Private Health Insurance Act 2007 requires us to collect certain information about you and this will generally govern how we use the information despite the provisions of the Privacy Act 1988 (Cth). For more information visit www.ahsa.com.au.
Some of the Service providers we have arrangements with include our information technology suppliers, general insurance and life insurance underwriters, mail houses, marketing service providers including online and email distribution service providers, Google and social media platforms such as Facebook, health service providers (for example who conduct assessments for us), data research houses, fraud management, risk management and disease management program providers and our electronic claims facilitators.
Some of the service providers described above are located overseas or may use overseas hosting or cloud service providers. Facebook is located in Ireland and Google Inc is located in the USA.
9. Your consent and consent from dependants
By becoming a member, or continuing your relationship with us, you are taken to have consented to the following on your own behalf and on behalf of your dependants:
- The collection of health or financial information about yourself or your dependents
- The collection of your tax file number where you have made application for a risk insurance product as part of superannuation.
You also agree that:
- You will make, or authorise the making of, all claims under your Policy and will ensure that each claim includes the sensitive information of an individual aged 16 years and over only with their consent.
You should note that you may withdraw any or all of your consents at any time simply by notifying us in writing and dependants may also do so. However, depending on the circumstances this may prevent us from being able to provide services to you and/or you dependants. If we use or disclose your personal information in a way not contemplated in this policy we will normally only do so after gaining your consent. We may ask for your consent in writing, over the phone or on our website.
Other uses and disclosures of your information
We also may disclose or use your personal information without your consent in the following circumstances:
- We reasonably believe it is necessary to assist an enforcement body to perform its functions, or
- We suspect that an unlawful activity or misconduct of a serious nature has been, is being or may be engaged in (such as fraudulent claims or misconduct or overcharging by a member or health service provider) that relates to Defence Health and the personal information is a necessary part of our internal investigation or reporting of the matter, or
- We reasonably believe it is necessary to prevent a threat to life, health or safety, or
- We are authorised or required by Australian law or court or tribunal order to do so, (e.g. where information is required by bodies regulating us or in response to subpoenas or warrants), or
- We have contracted an external organisation to provide support services and that organisation has agreed to conform to our privacy standards and to allow us to audit them for compliance,
- To establish, defend or exercise a legal claim or for a confidential alternative dispute resolution process
- In any other situation that is permitted by the Privacy Act in relation to personal or sensitive information or government identifiers.
10. Access and correction
An individual, including a member or dependant, may request access to personal information Defence Health holds about them. A member may also request access to personal information about any dependant under their Policy unless the dependant is 16 years old or over and has asked Defence Health not to share their information.
A member’s spouse/partner may request access to personal information about the member or any other dependant under the Policy, where the member has granted their spouse/partner authority to operate the Policy, unless the dependant aged 16 years or over and has asked Defence Health not to share their information.
The type of information held generally includes the following:
- Contribution History: a record of premium payments
- Membership History: includes the history of your membership and level of cover held
- Financial information: this includes bank account details
- Claims History or Benefit advice statement: a record of Hospital, Medical and Ancillary claims and benefits paid
- Personal, health and financial information required by underwriters to assess your risk insurance application or by us to provide you with financial services advice.
Personal information held about you or your dependants (where relevant to the Policy) can be obtained by contacting Defence Health on 1800 335 425 or via email to firstname.lastname@example.org.
Alternatively, you may choose to register for online access via a secure password. Online access permits you to view the personal information of yourself and any of your dependants, and update details such as cover type, payment methods and contact details. To authenticate changes a confirmation letter or email will be issued to the member.
If an individual considers that the personal information held is not accurate, relevant, complete or up-to-date, or it is misleading, Defence Health will take reasonable steps to correct the information. Please help us to keep accurate details by informing us whenever your personal details change or whenever you become aware our records are inaccurate. You can do this by contacting Defence Health on the number or email address above or via our website. In limited circumstances a request for access or correction may be denied. Defence Health will provide reasons for denial of access or a refusal to correct personal information and explain how you can complain about the denial or refusal if you wish to do so.
Defence Health has strict information security policies and procedures in place to protect personal information held by us from misuse, interference, loss or unauthorised access, modification or disclosure.
Defence Health uses a secure waste disposal system for destruction of records containing personal information that does not need to be retained. Archived information is held off-site for 5 years before secure destruction.
You may elect to use various channels to communicate with us and access our services. In doing so you acknowledge that the channel (such as the Internet) may not be totally secure.
12. Opt-out from direct marketing
If you do not want to receive direct marketing communications by any specific medium, please contact us on 1800 335 425 or via email to email@example.com and we will cease those communications with you as soon as possible. If at any time in the future you wish to be reinstated on our mailing list, please let us know. For more information about opting out of cookies and targeted advertising see our 'Cookies and third party advertising policy' in section 4.3 above.
14. Privacy complaints
If you believe that Defence Health has interfered with your privacy by dealing with your personal information in a way that is contrary to, or inconsistent with, an applicable Privacy Principle in the Privacy Act, you should first direct your complaint to Defence Health’s Privacy Officer whose contact details are below. We will investigate your complaint and seek to resolve your concerns. We will need to verify your identity and may need to ask you to provide further information. We will respond to your complaint within a reasonable period and generally within 30 days.
If you are not satisfied with our response to your complaint, you can contact the Office of the Australian Information Commissioner who may investigate your complaint using the following contact details:
Office of the Australian Information Commissioner
Privacy Hotline 1300 363 992 (local call charge)
Post: GPO Box 5218, Sydney NSW 2001
Online form: www.oaic.gov.au (Privacy Complaint Form)
15. Contact details
20 August 2018