“Personal information” includes information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified living individual or an individual who is reasonably identifiable (e.g., name and contact details), or data about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access.
As its name suggests, “sensitive information” is a more sensitive subset of personal information, which includes your bank account/payment, criminal history, health information, religion, racial/ethnic origin or sexual orientation. If you are an individual who is either based in or a resident of Australia, the European Union or the United Kingdom, subject to applicable Privacy Laws, we will not process sensitive information about you unless we have received your express consent to the processing of this information.
We collect certain types of information about you if you visit our website, authorise your broker or our agent to provide us with your personal information in relation to insurance or otherwise provide us with your personal information.
The information we collect and hold generally includes your name and contact information (including telephone and facsimile numbers and email addresses), information relating to the operation of your business, other reference information and information about other parties that you may conduct, or are interested in conducting, business with. You may be able to deal with us without identifying yourself (i.e. anonymously or by using a pseudonym) in certain circumstances, such as when making a general inquiry relating to the services we offer. If you wish to do so, please contact us to find out if this is practicable in your circumstances. However, if you do not provide us with the information that we need, we or any of our third-party service providers may not be able to provide you with the appropriate services.
We may collect personal information in a number of ways, including:
You authorise us to contact such third parties for the purposes of providing you with the services that you have requested.
We also automatically collect certain information when you visit our website, some of which may be capable of personally identifying you. Please see the “Cookies” section below for more details.
We collect and hold your personal information for the purposes of providing our services to you and related purposes. Such purposes include:
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We will make sure that we only use your personal information for the purposes set out above and where we are satisfied:
We will disclose your personal information to:
We may be disclosing your personal data to the following parties: third party service providers, insurers and/or our related companies as they may be processing your personal information either on our behalf or otherwise for one or more of the above-stated purposes.
When we take reasonable steps, we will ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and transfers are limited to either countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
we ensure transfers within Steadfast's group of companies will be covered by an agreement entered into by members of Steadfast's group of companies (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies. Where we transfer your personal information either outside our group of companies or to third parties who help provide our services, we obtain contractual commitments from them to protect your personal information; or
where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
You must not provide us with personal information (including any sensitive information) of any other individual (including any of your employees or customers if you are an insurance broker) unless you have the express or implied consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:
If you have not done this, you must tell us before you provide any third-party information.
If we give you, or provide you access to, the personal information of any individual, you must only use it:
You must also ensure that your agents, advisers, employees and contractors meet the above requirements.
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal information. All personal information identified as being incorrect is updated in our database and, where applicable and appropriate, on our website.
Please contact us using our contact details below as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date. We may refuse to correct personal information if the correction would not improve the accuracy, completeness, relevance or would make the information misleading. If we refuse to correct your personal information, we will record that a request was made and advise you why the request was refused.
You can make a request to access your personal information by contacting us using the contact details below. If you make an access request, we will provide you with access to the personal information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal information.
We may charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may also charge the reasonable cost of third parties who assist us in complying with the access request.
If you are an individual based in or a resident of the European Union or the United Kingdom, there are additional rights available to you. Please see below your detailed rights including rights of access, erasures, rectification and portability of your personal data.
What this means
You can ask us to:
confirm whether we are processing your personal information; give you a copy of that data; and
You can ask us to rectify inaccurate personal information. We may seek to verify the accuracy of the data before rectifying it.
You can ask us to erase your personal information, but only where:
We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary:
You can ask us to restrict (i.e. keep but not use) your personal information, but only where:
We can continue to use your personal information following a request for restriction, where:
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format but case only where:
the processing is carried out by automated means.
You can object to any processing of your personal information which has our ‘legitimate interests’ as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Economic Area.
We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.
You have a right to lodge a complaint with your local supervisory authority about our processing of your personal information. For example, in the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
If you wish to access any of the above – mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
We take reasonable steps to protect any personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure.
For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems.
However, data protection measures are never completely secure and, despite the measures we have put in place, we cannot guarantee the security of your personal information. You must take care to ensure you protect your personal information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches. We will where required by applicable Privacy Law, as soon as reasonably possible, notify you of material security breach concerning your personal information.
Our website may contain links to other third-party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites or any products or services offered on them. We recommend that you check the privacy policies of these third-party websites to find out how these third parties may collect and deal with your personal information.
Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your computer when you visit a particular website. Cookies help provide additional functionality to the site or to help us analyse site usage more accurately. For instance, our server may set cookie that keeps you from having to enter a password more than once during a visit to one of our sites. In all cases in which cookies are used, the cookie will not collect personal information except with your consent.
You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.
If you follow a link from our website to another website, please be aware that the owner of the other website will have their own privacy and cookie policies for their site. We recommend you read their policies, as we are not responsible or liable for what happens at their website.
You can adjust the settings in your web browser to determine whether sites can set cookies on your device. If you’ve visited this site before, there may be previously set cookies on your computer. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them,
visit www.aboutcookies.org or www.allaboutcookies.org.
You may opt out of being tracked by Google Analytics across all websites by following the guidance outlined in their website.
When we collect your personal information, e.g., via email, post, SMS, app notification, telephone or targeted online advertisements, we may use your personal data to send you direct marketing communications about our insurance products or our related services. We limit direct marketing to a reasonable and proportionate level, and to send you communications which we believe may be of interest to you, based on the information we have about you.
Our processing of your personal data for direct marketing purposes is based on our legitimate interests, but where opt-in consent is required by law we may seek your consent where applicable. If you no longer wish to receive such information, or you do not want us to disclose your personal information to any other organisation (including insurance brokers or any other related companies), you can opt out by following the opt-out links in electronic communications, de-activating the push notification or alert to your mobile phone, or contacting us using our contact details below.
You may refuse or withdraw your consent for the collection, use and/or disclosure of your personal information in our possession by giving us reasonable notice so long as there are no legal or contractual restrictions preventing you from doing so. If you withdraw your consent for us to use your personal information for your insurance matters, this will affect our ability to provide you with the products and services that you asked for or have with us
If the purpose for which your personal information is collected is no longer served by the retention of such data, or when the retention is no longer necessary for any other legal or business purpose, we will ensure that the hard copy of your personal data will be completely destroyed and electronic personal data as much as possible.
We will refer your complaint to our Privacy Officer who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 14 working days in Melbourne . If this is not possible, you will be contacted within that time to let you know how long it should take us to resolve your complaint. If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the relevant local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement). This is the Australian Privacy Commissioner in Australia (at www.oaic.gov.au), the New Zealand Privacy Commissioner in New Zealand (at www.privacy.org.nz), the Personal Data Protection Commissioner in Singapore (at www.pdpc.gov.sg) and the Information Commissioner’s Office in the UK (at www.ico.co.uk).
Telephone: 0427 975 978
Josh Giansiracusa - Josh.firstname.lastname@example.org
Alternatively, you can contact us via:
Level 4, 99 Bathurst Street, Sydney NSW 2000
Attention: Company Secretary
For further information on privacy, please visit:
in Australia, the Office of the Australian Information Commissioner at
in New Zealand, the New Zealand Privacy Commissioner at
in Singapore, the Personal Data Protection Commission at
in the UK / Europe, the Information Commissioner’s Office at www.ico.co.uk
Dated: 15 February 2022