CivicRisk Mutual Limited (CRM, we, us) is committed to treating all personal and health information received by us in accordance with the Privacy and Personal Information Protection Act 1998 NSW and the Health Records and Information Privacy Act 2002 NSW.
Collection of your information
When we arrange insurances on your behalf, we collect the information we need to understand your insurance needs and management of your risks. We may need to provide information that insurers or intermediaries who we ask to quote for insurances require to enable them to decide whether to insure you and on what terms.
When a claim is made through our claims managers, we collect personal information to assess and pay eligible claims from the liability pools we administer.
Security of information collected
Your information may be held in a variety of ways by CRM. Most commonly, your information will be held electronically by CRM, but may also be held in paper records. We have procedures and policies regarding the secure storage of information in all formats in order to protect your information from unauthorised access, loss or other misuse.
Use or disclosure of information
We will not sell, trade or rent your personal information to others.
When we seek insurances on your behalf, insurers may in turn pass on your information to reinsurers. Some of these companies are located outside Australia. For example, if we seek insurance terms from an overseas insurer (e.g. certain underwriters at Lloyds’), your personal information may be disclosed to the insurer.
The details of claims made against members of the liability pools which CRM administers are subject to oversight by their boards. In providing general administration and training services to the liability pools, CRM may use claims information to understand what types of claims are being made against the liability pools, and understand what additional measures can be taken to minimise accidents or risk in the future. For example, personal or health information may be used as part of trend analysis, understanding what types of claims are prevalent.
If you do not wish for us to collect, use or disclose certain information about you, you will need to tell us and we will discuss the consequences.
The law allows us to disclose to other third parties such as health services or law enforcement agencies in the event that CRM is provided information that could prevent a serious or imminent threat to any person’s health or safety.
Access to your information
You are entitled to request access to your information held by CRM. Normally you will be asked to apply for access in writing and provide identification. You may be charged a fee if you request copies of your information. Requests for access will be responded to as soon as possible, or in most cases no later than 28 days.
Access to your information may be declined in certain circumstances, such as where giving access would put you or another person at risk of mental or physical harm.
If you believe the information we hold about you is incorrect or an error has been made, please let us know and will correct it or add a notation to our records.
You can access the information we hold about you, ask us to correct it, or make a privacy related complaint by contacting our Privacy Officer on 1300 837 493 or by e-mail: firstname.lastname@example.org.