In this privacy policy, ‘we’, ‘us’ and ‘our’ means a company within the NM Insurance Group, including the following:
In Australia
NM Insurance Pty Ltd ABN 34 100 633 038
Proteus Marine Insurance Pty Ltd ABN 98 612 132 126
In New Zealand
Nautilus Marine Underwriting Agency Ltd NZBN 9429031454261
We are committed to ensuring your privacy in accordance with the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles, and the New Zealand Privacy Act 2020 and Information Privacy Principles. This privacy policy sets out how we collect, store, use and disclose your Personal Information (including Sensitive Information). We are also committed to ensuring your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679, insofar as it applies to our processes and business activities.
By visiting our website, using an insurance portal, applying for insurance, making an insurance claim, authorising an insurance intermediary to provide us with your Personal Information or otherwise providing us with your Personal Information, you consent to your Personal Information being collected, stored, used and disclosed by us as set out in this
privacy policy.
What is Personal Information
‘Personal Information’ is any information or an opinion about an identified individual or an individual who is reasonably identifiable, whether or not the information or opinion is true, and whether or not it is recorded in a material form.
’Sensitive Information’ is a subset of Personal Information which may need to be afforded a higher level of protection. Sensitive Information may include Personal Information and is defined more specifically in privacy legislation, including, amongst other things, health information, criminal history, racial or ethnic origin and sexual orientation.
What Personal Information do we collect, hold and use?
The Personal Information we collect, hold and use generally includes your name and contact information (including telephone and facsimile numbers and email addresses), information relating to the insured risk, other reference information and information about third parties that you may conduct, or are interested in conducting business with.
As we act as an underwriting agency on behalf of insurers, providing and administering insurance related products and services, we may also collect and hold other Personal Information required to provide and administer such products and services and to assist you, including details of your previous insurances and Sensitive Information.
You may be able to deal with us without identifying yourself (anonymously or by using a pseudonym) in certain circumstances, such as when making a general inquiry relating to the products and services we offer. If you wish to do so, please contact us to find out if this is practicable in your circumstances.
However, if you do not provide us with the Personal Information and other information that we need, we or any of our third party providers may not be able to provide you with the appropriate insurance products and services. You may also risk breaching your duty of disclosure or duty to take reasonable care not to make a misrepresentation (as applicable) or having your policy cancelled pursuant to relevant insurance laws.
How we collect your Personal Information
We may collect Personal Information in a number of ways depending on the nature of the insurance products and services being provided and administered, including:
- directly from you via our website;
- through any insurance related portal;
- by telephone;
- in writing;
- by email; and/or
- from third parties (such as your insurance broker, our product distributors, premium funders, claims managers, other service providers or publicly from available sources). Each third party is also obliged to comply with the applicable privacy principles.
When collecting Personal Information, we will do everything we reasonably can to let you know:
- how to contact us;
- why we are collecting the Personal Information;
- how the Personal Information is collected;
- the organisations or types of organisations to which we disclose the Personal Information (if any);
- if we are required by law to collect the Personal Information;
- whether disclosure overseas is likely; and
- the consequences should you choose not to provide the Personal Information.
We also automatically collect certain information when you visit our website, some of which may be capable of personally identifying you. Please see the ‘Cookies’ section below for more details.
Our purposes for collecting, holding and using your Personal Information
We collect and hold your Personal Information for the primary purpose of providing and administering our insurance products and services to you and assessing any claims you make under them. When we collect Personal Information from you our privacy collection statement may provide a more specific or broader purpose. Such purposes for collection may include:
- helping us assess risks, to assess your request for insurance, to write and administer your insurance policy, to assess any claim you have made, and to clarify or assess information that you have provided;
- enabling us to provide any lifestyle magazine or other publications you have subscribed to;
- helping us improve our products and services;
- providing brokers’ customers, potential customers and others with our products and services;
- helping to develop and identify products and services that may interest brokers, their customers, potential customers or others;
- conducting market or customer research;
- developing, establishing and administering alliances and other arrangements with organisations not related to us in relation to the promotion, administration and use of our products and services;
- providing you with information and telling you about promotions and other products and services which we believe may be of interest and/or relevant to you; and
- any other purpose notified to you at the time your personal information is collected.
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will only collect, use and share your personal data where we are satisfied that we have an appropriate legal basis to do so. We will ensure that we only use your personal data for the purposes set out above and where we are satisfied:
- we need to use your personal data to perform a contract or take steps to enter into a contract with you;
- we need to use your personal data to comply with a relevant legal or regulatory obligation that we have;
- we have your consent to use your personal data for a particular activity; or
- the use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party.
Disclosure of your Personal Information
We will only disclose your Personal Information where it is required or reasonable to providing or administering a product or service that you have requested, or for any of the purposes outlined in this privacy policy. Where appropriate, we will disclose your personal information to:
- our related body corporates, your broker or third parties as is required in order to provide our products and services, including our external service providers, such as payment system operators, lawyers, accountants, other advisers, financial institutions and information technology providers;
- to agents, Lloyd’s underwriters (where applicable); insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies and groups;
- claims management and related service providers such as loss adjusters, assessors, repairers and professional advisers;
- the Australian Financial Complaints Authority or Financial Services Complaints Limited (in New Zealand) or other alternative dispute resolution schemes;
- IT software and service providers;
- administrative and mailing house service providers;
- any government organisation or agency; and/or
- any other entities notified to you at the time of collection.
You authorise us to contact such third parties for the purposes of providing you with the products and services that you have requested or for any of the purposes outlined in this privacy policy.
Other than when required or permitted by law, as specified in this privacy policy or where you have provided your consent, we will not disclose your Personal Information for any other purpose.
Nothing in this privacy policy prevents us from using and disclosing to others de personalised aggregated data.
Disclosure of Personal Information overseas
We may disclose your Personal Information overseas (such as South Africa, United Kingdom, United States of America and Vietnam, and certain countries located in Asia and Europe) where it is required or reasonable in relation to providing or administering a product or service that you have requested, or for any of the purposes outlined in this privacy policy.
If we wish to disclose your Personal Information overseas, we will inform you of this and we will take reasonable steps to ensure that the overseas recipient does not breach the applicable privacy principles. We may also gain your consent to disclose your Sensitive Information overseas, if required. If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will take appropriate steps to ensure that transfers of your personal data are in accordance with applicable legislation and carefully managed to protect your privacy rights. We will also ensure that transfers of your personal data are limited to countries which are either recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy.
To this end:
- we will ensure transfers within our group of companies will be covered by an agreement entered into by members of our group of companies (intra-group agreement) which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred within our group of companies;
- we will ensure that where we transfer your personal data outside our group of companies to third parties who assist in providing our services, we obtain contractual commitments from the third parties to protect your personal data; and
- where we receive requests for information from law enforcement or regulators, we carefully validate these
requests before any personal data is disclosed.
Direct marketing and how to opt out
When we collect your Personal Information, we may use this information to provide you with information and marketing communications including about our other products and services, that we believe will be of interest to you. If you no longer wish to receive such information, or you do not want us to disclose your Personal Information to any other organisation (including any related body corporates), you can opt out by contacting us using our contact details below.
We will not sell or trade your Personal Information for marketing or any other purpose
Your obligations when you provide Personal Information of others
You must not provide us with Personal Information (including any Sensitive Information) of any other individual (including any of your employees or clients if you are a broker) unless you have the express consent of that individual to do so. If you do provide us with such information about another individual, before doing so you
- must tell that individual, via a collection statement, that you will be providing their information to us and that we will handle their information in accordance with this privacy policy;
- must provide that individual with a copy of (or refer them to) this privacy policy; and
- warrant that you have that individual’s consent to provide their information to us.
If you have not done this, you must tell us before you provide any third party information.
Your obligations when we provide you with Personal Information
If we give you, or provide you access to the Personal Information of any individual, as authorised under this privacy policy, you must only use it:
- for the purposes we have agreed to; and
- in compliance with applicable privacy laws, including any applicable privacy principles and this privacy policy.
You must also ensure that your agents, employees and contractors meet the above requirements.
Accuracy, Access and Correction of your Personal Information
We take reasonable steps to ensure that your Personal Information is accurate, complete and up-to-date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your Personal Information. All Personal Information identified as being incorrect is updated in our database.
Please contact us using our contact details below as soon as possible if there are any changes to your Personal Information or if you believe the Personal Information we hold about you is not accurate or complete. We may refuse to correct Personal Information if the correction would not improve the accuracy, completeness, relevance or would make the information misleading. If we refuse to correct your Personal Information, we will record that a request was made and advise you why the request was refused.
You can make a request to access your Personal Information by contacting us using the contact details below. If you make an access request, we will provide you with access to the Personal Information we hold about you, unless otherwise required or permitted by law, within a reasonable time after the request is made. We will notify you of the basis for any denial of access to your Personal Information. No fee will be charged for an access request. However, we may charge the reasonable cost of complying with the access request, such costs notified to you before they are incurred.
Security of your Personal Information
We take reasonable steps to protect any Personal Information that we hold from misuse, interference and loss and from
unauthorised access, alteration and disclosure.
For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems.
However, data protection measures are never completely secure and despite the measure we have put in place, we cannot guarantee the security of your Personal Information. You must take care to ensure you protect your Personal Information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches.
How long do we retain your Personal Information
We will retain your Personal Information for no longer than is required for any purpose under this privacy policy unless we are required by law to retain the information for a longer period. We will make reasonable efforts to destroy or de-identify your Personal Information after this time in accordance with our Records Management Policy and procedures.
Links to third party sites
Our website may contain links to other third party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites or any products or services offered on them. We recommend that you check the privacy policies of these third party websites to find out how these third parties may collect and deal with your Personal Information.
Cookies
Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your computer when you visit a particular website. Cookies help provide additional functionality to the site or to help us analyse site usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. In all cases in which cookies are used, the cookie will not collect Personal Information except with your consent. You can disable cookies by turning them off in your browser; however our website may not function properly if you do so.
Your Rights under the GDPR
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, we will not process sensitive data about you unless we have received your explicit consent to the processing of this information.
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, you also have the right to:
- be informed as to how we are collecting and using your personal data;
- obtain confirmation from us as to whether or not your personal data is being processed, where and for what purpose. If requested, we will provide you with a copy of your personal data, free of charge in an electronic format;
- request that we erase your personal data if we no longer have a legitimate interest to continue holding or processing the data;
- object to the processing of your personal data, including for direct marketing and processing based on a legitimate interest; and
- request that we restrict the processing of your personal data in certain circumstances, including in the case of unlawful processing.
How to make a complaint
If you wish to make a complaint about how we have treated your Personal Information, you can lodge a complaint by using the contact details below. You will need to provide us with sufficient details regarding your complaint together with any supporting evidence and information.
We will refer your complaint to our Privacy Officer who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 14 working days. If this is not possible, you will be contacted within that time to let you know how long it is likely to take us to resolve your complaint.
If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the Australian
Privacy Commissioner via www.oaic.gov.au or the New Zealand Privacy Commissioner in New Zealand via www.privacy.org.nz, the European Data Protection Supervisor via edps.europa.eu and the Information Commissioner’s office in the United Kingdom via ico.org.uk.
Privacy Policy changes
We may make changes to this policy as a result of operational or legislative changes, without prior notice to you. When changes are made to this policy the updated policy will be uploaded to our website and the effective date updated accordingly.
How to contact us
If you wish to gain access to your Personal Information, want us to correct or update it, have a complaint about how we have treated your Personal Information or any other query relating to our privacy policy, please contact our Privacy Officer during business on:
Australia
The Privacy Officer
NM Insurance Pty Ltd
PO Box 6156
North Sydney
NSW 2059
Telephone: 02 8920 1157
Email: contact@nminsurance.com.au
New Zealand
The Privacy Officer
NM Insurance Pty Ltd
PO Box 105647
Auckland City Post Shop
Auckland 1142
Telephone: 0800 455 001
Email: contact@nminsurance.com.au