Skip to Navigation
  1. Home
  2. Privacy

Privacy

St Andrew’s Group Privacy Policy

This information is current as of 1 November 2024.

Welcome to the St Andrew’s Group Privacy Policy

This Privacy Policy explains how St Andrew’s Australia Services Pty Ltd (ABN 75 097 464 616) and its wholly owned subsidiaries and related entities including Hallmark Life Insurance Company Ltd (ABN 87 008 446 884) and Hallmark General Insurance Company Ltd (ABN 82 008 477 647) (collectively referred to as “we”, “us”) collect, store, use and disclose personal information as well as our legal obligations and rights as to that information.

We are bound by the Australia Privacy Act 1988 (Cth) and the New Zealand Privacy Act 2020 (Cth) and their respective Privacy Principles (Australian Privacy Principles and New Zealand Information Privacy Principles) contained in these Acts. We are committed to protecting personal information we may hold at any time in respect of any individual by complying with all relevant data protection laws and regulations and ensure compliance by our staff with strict standards of security and confidentiality.

Why This Matters

This Privacy Policy is intended to empower our customers and stakeholders with the knowledge and understanding of what information the St Andrew’s Group collects, uses and shares transparently. It is important that you read and understand this Privacy Policy before using or submitting information through our services. By using or submitting information through our services, you are acknowledging the collection, transfer, manipulation, processing, storage, disclosure and other uses of your personal data as described in this Privacy Policy.

Contents

  1. WHAT PERSONAL INFORMATION WE COLLECT
  2. HOW WE COLLECT PERSONAL INFORMATION
  3. WHY WE USE PERSONAL INFORMATION
  4. WHO WE SHARE YOUR PERSONAL INFORMATION WITH
  5. INTERNATIONAL DATA TRANSFERS
  6. YOUR PRIVACY RIGHTS AND PREFERENCES
  7. DATA RETENTION AND STORAGE
  8. SECURITY OF YOUR INFORMATION
  9. MARKETING
  10. MAKING A COMPLAINT RELATING TO PRIVACY
  11. CHANGES TO THI PRIVACY POLICY
  12. HOW TO CONTACT US

1. WHAT PERSONAL INFORMATION WE COLLECT

In providing you with financial products and services, we may collect the following information:

Personal Information

“Personal information” is information or an opinion that could identify an individual. Some examples of personal information we collect in providing a product or service to you includes: name, address, contact details, date of birth, financial details such as income, savings and expenses, employment details and the reason a person might be applying for our financial products and/or services.

Sensitive information

“Sensitive information” is a subcategory of personal information that requires a higher level of privacy protection. The definition of Sensitive Personal Information depends on the jurisdiction and where you are located, but some examples of what may be considered sensitive information in some locations includes, but is not limited to: an individual’s health, genetic information, political opinions, ethnic origin. We may be required to collect sensitive information about your health in certain circumstances, for example when you apply for coverage related to high value finance or make a claim under your policy. We will only process Sensitive Personal Information where it is necessary, and where you give consent, for the purposes of providing our financial products or services as part of meeting our legal obligations or exercising specific rights as permitted by law. We ask that you do not disclose Sensitive Personal Information to us through or in connection with the provision of our financial products or services unless we have explicitly requested such disclosures from you.

2. HOW WE COLLECT PERSONAL INFORMATION

We will not ordinarily collect any information about you except where you provide it to us, or it is provided to us with your authority. The sources from which we collect your Personal Information fall into three categories:

  • Information You Provide: We collect personal information directly from you through forms you fill out when applying for our products and services, and when you make a claim under an insurance policy or through your ongoing interaction with us such as by telephone, mail and electronic communications. When you call us on the telephone, we may monitor and record the telephone conversation for staff training and record keeping purposes.
  • Information We Collect From Other Sources: We may be required to collect information (including sensitive health information) about you from a third party to allow us to process a claim you make. These parties may include other product issuers that you may have an account with, insurance investigators, doctors and employers. From time to time, we may receive information that we have not explicitly asked for about you from third parties. We will only keep, use and disclose this information as permitted by law.
  • Information We Automatically Collect: Some information may be automatically collected. For example, we may use technology called “cookies” to collect statistical information on our website use. When we communicate with you by email, we may use technology to identify you so that we will be able to know when you have opened the email or clicked on a link in the email. We use cookies and similar tracking technologies to collect and use personal information about you, including for analytics purposes and to serve you interest-based advertising.

3. WHY WE USE PERSONAL INFORMATION

We only collect, hold and use personal information about you which is necessary for us to:

  • Establish, administer, assess and manage any financial product or service provided to you, including claims;
  • Advance data analytics, data matching, internal business and administrative purposes including for example, risk management;
  • For quality assurance and training purposes;
  • Assist with your enquiries and requests in relation to our products and services;
  • Identify you for enquiries, concerns and complaints you may have and to address any requests or claims you may make;
  • Communicate with you including to send you administrative and technical communications about the financial products and services we provide;
  • Design new or enhance existing products, information and services provided by us;
  • Identify products and services that may interest you (unless you ask us not to – refer to Marketing below for more detail) or to tell you about products and services offered by us or our affiliate companies;
  • Conduct customer satisfaction surveys to improve our products and services;
  • Collate information for statistical or actuarial research undertaken by us, the financial services industry or our respective regulators;
  • To assist in law enforcement purposes, investigations or to meet obligations as committed to government or regulatory authorities;
  • Comply with legislative and regulatory requirements;
  • Consider any other application you may make to us; and
  • Other purposes as notified at the time of collection;

Unless permitted by applicable laws and regulations, we will obtain consent from you if we wish to use your personal data for purposes other than those stated in this Privacy Policy.

4. WHO WE SHARE YOUR PERSONAL INFORMATION WITH

In the normal operations of our business, where it is necessary to provide our services (or the services of our alliance companies) to you, or where you request us to or consent to us doing so, we may exchange your personal information to third parties, including:

  • Our related bodies corporate;
  • Your financier or other agents or persons introducing you to us;
  • Our corporate partners, distributors and their agents, representatives, or contractors used by them in administering that partnership;
  • Co-insurers or reinsurers;
  • Regulatory bodies and government agencies;
  • Our agents and service providers (such as professional advisors, IT Support and mailing house);
  • Parties as relevant to claims processing, including employers, ex-employers, external dispute resolution schemes, claims investigators, other insurance companies, lawyers, recovery agents, hospitals, doctors, medical specialists, or other health professionals;

The information we provide to other organisations will be limited to what is required to provide the service or comply with the law.

5. INTERNATIONAL DATA TRANSFERS

Some of the parties with which we exchange your personal information, including our service providers and other third parties listed above, may be located outside Australia or New Zealand.

Depending on the circumstances and/or the product you have purchased, these parties are likely to be located or maintain technology or data centres in the following countries: Australia, Canada, Germany, Hong Kong, India, Ireland, Japan, Malaysia, Netherlands, New Zealand, Philippines, Singapore, South Korea, United Kingdom and the United States.

We take appropriate safeguards to protect your personal information in accordance with this Privacy Policy specifically in relation to any international transfer. This includes implementing data sharing agreements that includes safeguards and protections for any use of your personal information by our agents, distribution partners and/or service providers.

6. YOUR PRIVACY RIGHTS AND PREFERENCES

We respect your ability to exercise your privacy rights and choices. We also respect your ability to know, access, correct, transfer, restrict the processing of, and delete your personal data. We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date.

You may request access to information which we hold about you at any time by contacting our Privacy Officer at riskandcompliance@standrews.com.au.

Under certain circumstances, we may be unable to give you access to all of your personal information in our possession. Some of these circumstances include:

  • where giving you access would compromise some other person’s privacy;
  • where giving you access would disclose our commercially sensitive information or that of our agents or contractors;
  • where we are prevented by law from giving you access; or
  • where the personal information you request relates to existing or anticipated legal proceedings.

If we are unable to give you access, we will consider whether the use of an intermediary is appropriate and would allow sufficient access to meet the needs of both parties. If we do not give you the information, we will give you the reasons why.

Where we do grant access to your information, we may charge you a fee for accessing your personal information.

Under the Privacy Act, you also have a right to request that we correct information that you believe to be inaccurate, out of date, incomplete, irrelevant or misleading. If at any time you believe that personal information that we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please advise us by contacting our Privacy Officer at riskandcompliance@standrews.com.au and we will take all reasonable steps to correct the information. If we do not correct the information, you can also ask us to include with the information held, a statement from you claiming that the information is not correct.

If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, you may request that we review the decision via our complaints handling procedures which are outlined below.

7. DATA RETENTION AND STORAGE

St Andrew’s Group retains the personal information we receive as described in this Privacy Policy for as long as you use our financial products and services or as necessary to fulfill the purposes for which it was collected, provide our services, resolve disputes, establish legal defences, conduct audits, pursue legitimate business purposes, enforce our agreements and comply with applicable laws.

We store your personal information in a number of ways including:

  • in electronic systems and devices;
  • in telephone recordings;
  • in paper files; and
  • document retention services off-site.

This may include storage on our behalf by third party service providers. See our comments below about how we protect your information.

8. SECURITY OF YOUR INFORMATION

We take all reasonable steps to protect your personal information from misuse, loss and unauthorised access, modification or disclosure. These include:

  • using appropriate information technology and processes;
  • restricting access to your personal information to our employees and those who perform services for us who need your personal information to do what we have engaged them to do;
  • protecting paper documents from unauthorised access or use through security systems we deploy over our physical premises;
  • using computer and network security systems with appropriate firewalls, encryption technology and passwords for the protection of electronic files;
  • securely destroying or “de-identifying” personal information if we no longer require it subject to our legal obligations to keep some information for certain prescribed periods; and
  • requesting certain personal information from you when you wish to discuss any issues relating to the products and services we provide to you.

9. MARKETING

We may disclose necessary information to related body corporates and to any agents, representatives, organisations or contractors who provide services to us in connection with the provision of products or services you have sought from us, for the marketing of specific products and services and for the purpose of customer satisfaction surveys.

We may also disclose necessary information to other organisations with which we have alliances or arrangements for the purpose of promoting our products and services (and including any agents, representatives or contractors used by us or our corporate partners in administering such an arrangement or alliance). These parties are prohibited from using your personal information except for the specific purpose for which we supply it to them.

If you do not wish to receive any marketing material, you may ask us not to send you marketing information about products and services and not to disclose your information to other organisations for that purpose. You may do this by calling our customer service centre on (+61) 1800 800 230.

10. MAKING A COMPLAINT RELATING TO PRIVACY

St Andrew’s Group is committed to resolving your complaint relating to privacy internally and as quickly as possible. Complaints, relating to privacy, can be received in several different ways:

  • by phone by calling (+61) 1800 800 230
  • in writing by sending your complaint to PO Box 7395 Cloisters Square WA 6850
  • via email at complaints@hallmarkinsurance.com.au

We operate a four-stage process to resolving privacy related complaints:

  1. Privacy Officer: We will endeavour to resolve your complaint immediately. If longer is required, we will acknowledge your concern and provide a time estimate for resolution.
  2. Management Review: If you are not satisfied with our initial response, you can request a management review.
  3. Internal Dispute Resolution: If you remain dissatisfied following management review, you can request the matter be referred to our Internal Dispute Resolution Team. We will endeavour to provide a final response to your complaint within 30 days.
  4. External Dispute Resolution: While we appreciate the opportunity to resolve your complaint internally in the first instance, you can refer your complaint to an external dispute resolution body at any time during the complaint process.

For Australia:

Privacy complaints can be referred to the Australian Financial Complaints Authority (AFCA). Contact details are:

Website: www.afca.org.au
Email: info@afca.org.au
Telephone: 1800 931 678 (free call)
In writing to:
Australian Financial Complaints Authority (AFCA)
GPO Box 3, Melbourne VIC 3001

You may also elect to contact the Office of the Australian Information Commissioner if you have a complaint about the way we handle your personal information. Contact details are:

Office of the Australian Information Commissioner

GPO Box 5288, Sydney NSW 2001

Telephone: 1300 363 992

Website: www.oaic.gov.au

For New Zealand:

Privacy complaints can be referred to the Privacy Commissioner who will independently and impartially review and resolve the dispute. Contact details are:

Office of the Privacy Commissioner

PO Box 10094, Wellington 6143

Telephone: 0800 803 909

Website: www.privacy.org.nz

11. CHANGES TO THIS PRIVACY POLICY

This statement sets out our current Privacy Policy. It replaces any of our other Privacy Policies which have been issued before the date of this Privacy Policy.

Please note that this Privacy Policy may change from time to time. We will notify you of any change by posting an updated version on our website at www.standrews.com.au. You may also obtain a copy of our current Privacy Policy by telephoning us on (+61) 1800 800 230.

We encourage you to periodically review our Privacy Policy for any changes.

12. HOW TO CONTACT US

If you have any further questions or concerns about the way we manage your personal information, including if you think we have breached the Privacy Principles, please contact:

The Privacy Officer

St Andrew’s Australia

GPO Box 7395, Cloisters Square, WA 6850

Telephone: (+61) 1800 800 230

Email: riskandcompliance@standrews.com.au