Privacy Policy
Glossary of Terms
The Terms and Definitions outlined in this Policy are current and accurate in accordance Navy Health’s Fund Rules.
| Terms |
Definition |
| Child |
Means a person who has one of the following relationships with the Policy holder;
a. a natural child (including a new-born child);
b. an adopted child;
c. a foster child; or
d. a step-child (that is a natural, adopted, or foster child of the person’s Partner). |
| Couple (membership) |
In accordance with Navy Health’s Fund Rules, a Couples membership consists of 2 adults only. |
| Dependant |
Means a person who is;
- a Spouse / Partner;
- a Dependant Child;
|
| Dependant Child |
Means a person who is a;
- Child aged under 18 and does not have a Partner, or
- Non-Student Dependant; or
- Student Dependant; or
- Non-Student Dependant participating in the Young Adult Membership Scheme.
|
| Insured Person |
Means a person insured under a Navy Health Policy and includes the Policy holder or, where the context permits, a person insured under a health insurance policy from another Private Health Insurer. |
| Membership |
Means membership of Navy Health through the payment of Premiums in accordance with Navy Health’s Fund Rules. |
| Policy holder |
Means a holder of a policy who is not a dependent or partner that is referrable to Navy Health as defined in the Private Health Insurance Act 2007. |
Navy Health Ltd ABN 61 092 229 000 (Navy Health/ we/ us/ our) is committed to protecting and maintaining the privacy of all individuals with whom we deal. We are also committed to complying with the Privacy Act 1988 (Cth) (Privacy Act), the Privacy and Other Legislation Amendment Bill 2024, including the Australian Privacy Principles contained within that Act, and other State and Territory Laws that regulate health information, such as the Health Records Act 2001 (VIC), Health Records and Information Privacy Act 2002 (NSW) and Health Records (Privacy and Access) Act 1997 (ACT) (Health Record Laws), to the extent that they are applicable. This Privacy Policy applies to all individuals (you/ your) who currently have, or have previously had, a relationship or interactions with Navy Health through, but not limited to; electronic means, telephone, or with a representative of Navy Health in the course of our functions and activities.
1. About this Policy
This Privacy Policy explains how we manage personal information, which we collect, hold, use and disclose. This includes:
• the kinds of personal information that we collect and hold about you;
• how we collect your personal information;
• how we hold your personal information;
• how we use and disclose your personal information;
• the purposes for collecting, holding, using and disclosing your personal information;
• whether we will (or are likely to) disclose your personal information to overseas recipients and the countries where such recipients may be located;
• how you may access your personal information held by us and correct that information where it is incorrect;
• how you may make a complaint about the way we collect, hold, use or disclose personal information, and how we will deal with privacy related complaints;
• our contact details;
• the consequences of not providing personal information; and
• how we use your information for direct marketing activities.
It also explains how to contact us if you have any further queries about our management of your personal information.
This Privacy Policy applies all individuals whose personal information we have collected or handled, including current and past members, service providers, contractors and prospective employees.
This Privacy Policy was last updated on 18 March 2025, with a biennial review period. Navy Health will make changes to its processes and systems in relation to how we handle your personal information, and this policy will be updated to reflect those changes.
Other terms may also apply to you and the information we hold about you. For example, sometimes we also provide a privacy collection statement at the time we collect personal information from you, such as when you first sign up as a member for an insurance policy. This privacy collection statement may include additional terms. If you are employed with us, you may have specific privacy terms in your employment contract with us.
2. What is Personal Information?
“Personal information” as defined in the Privacy Act is information or an opinion that identifies you or can be reasonably used to identify you. It includes your name, age, gender and contact details, as well as your “health information”, such as information or an opinion about your health and health services that have been provided to you.
“Health information” is part of a sub-set of personal information, known as “sensitive information”, for the purposes of the Privacy Act. “Health information” is specifically regulated under the state and territory Health Record Laws. In this Privacy Policy, all references to “personal information” includes “sensitive information” and “health information” (unless stated otherwise).
3. What kind of Personal Information do we collect and hold?
We only collect personal information about you which is reasonably necessary for our functions or activities. The types of personal information which we collect and hold about you may vary depending on the nature of our interactions with you.
Members and prospective members
As an insurance provider, Navy Health collects personal information, including health and sensitive information. The type of information we collect about you includes, but is not limited to:
• your full name;
• your gender;
• your contact details, including your residential address, phone number, and email address;
• your date of birth;
• government related identifiers such as your Medicare number;
• financial information such as your bank details;
• information about your preferences relevant to any marketing activities;
• information about your health and wellbeing and programs you participate in with Navy Health including chronic disease management programs;
• information about your usage of our mobile application and web portal including your IP address and International Mobile Equipment Identity (IMEI) information;
• student information (if applicable) to verify the student status of dependents, including enrolment details, educational institution, and expected graduation dates;
• information related to military service (if applicable) to verify eligibility for certain Navy Health products, services, and offers including service number, service dates, and discharge status;
• information from your Department of Veterans’ Affair (DVA) card (if applicable), including card type and number, to determine eligibility and process claims or benefits aligned with your entitlement; or
• sensitive information such as:
-
- details about your membership, health, and health services provided to you; and
- historical information such as your prior insurance claims.
Prospective employees and applicants
We collect personal information when recruiting people to work with us, such as your name, date of birth, gender, contact details, qualifications, and work and study history (including references and other information included in a curricula vitae (CV) or cover letter as part of the application process).
Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.
Children’s Privacy
We only collect personal information about children where necessary to provide our services, such as adding them to a family or couples policy or administering benefits. Where required by law or where it is reasonable to do so, we will seek consent from a parent or guardian before collecting, using, or disclosing a child’s personal information. In accordance with our policy, once a child turns 18 (or in certain circumstances, even younger) they may request that their claims history or other sensitive information be kept confidential from other policy members. We will evaluate such request in line with applicable legal requirements.
4. How do we collect your Personal Information?
We only collect personal information about you in a manner that is lawful.
Wherever it is possible and practical to do so, we will collect personal information directly from you. For insurance policies that cover more than one person, such as family or couples policies, we collect personal information about all individuals who are on the policy from the person who is taking out the policy. For example, where one parent is taking out a family policy, that parent may provide us with the details of their partner and children.
We may collect this information:
• in person;
• over the telephone;
• by mail;
• over the internet (including via our website);
• by our Navy Health app;
• by e-mail or fax; or
• by starting or completing a request for quote, an application form or other type of form in relation to our products and services.
We may also collect your personal information from a third party. This will be limited to circumstances where it is impracticable or unreasonable for us to collect it directly from you or you have authorised us to collect the information from them. The type of third party who might provide information to us will vary depending on the nature of our interaction with you.
While this is not an exhaustive list, third parties include:
• health providers i.e. hospitals or medical practitioners;
• other Health Insurers (such as where you have requested a transfer of your health insurance from another fund to us);
• authorised persons or persons who act on your behalf;
• another insured person on the insurance policy;
• government bodies;
• publicly available sources or networking services (such as LinkedIn); and
• recruitment agencies and referees.
Unless we are notified otherwise, all information, including that of all persons covered on the insurance policy, may be disclosed to you or to the person authorised by you to have access to your insurance policy.
5. For what purposes do we collect, hold, use and disclose your Personal Information?
The purposes for which we may collect, hold, use and disclose your personal information will depend on our relationship with you. Examples of some of the purposes are below, but is not limited to:
• to manage and administer our products and services including private health insurance;
• to perform the functions and activities related to our business such as assessing your claims and paying your benefits;
• to collect rebate entitlements;
• to collect instalments which are overdue;
• to manage our relationship with you including by contacting you about products or services, news, competitions or community events which we think may be of interest to you;
• to research, develop and expand our products and services;
• to identify whether you might benefit from participating in a health management program, chronic disease management program or other health-related program, and, if so, contact you to provide you with further information about the relevant program(s);
• to recruit employees and contractors (including volunteers, internships and work experience) and other third parties that provide services to us;
• to analyse, investigate, pursue and prevent improper claiming, fraudulent activities or criminal activities;
• where we record your calls, to identify you and manage our relationship with you, we may also use call recordings, for training, coaching and development purposes unless you ask us not to at the time of the call; and
• to comply with any applicable laws.
We may use your personal information in automated processes to assist in certain decisions relating to our products or services, such as the assessment of claims or identification of potentially fraudulent activities. These processes use pre-defined logic to analyse data and provide outcomes or recommendations which are designed to improve efficiency and accuracy. We take reasonable steps to ensure that any automated decision-making tools apply fairness, accuracy, and non-discrimination in the same manner as non-automated decisions. You have the right to ask us about the type of automated tools used and factors that are considered in automated decision-making that may affect you.
We may also use your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.
6. Can you deal with Navy Health anonymously?
You may interact with us anonymously or by using a pseudonym if the interaction is general in nature.
However, if the interaction is specific to a membership or relates to your personal information, we will need to identify you before we can engage in further discussions and correspondence.
7. What happens if your Personal Information is not provided to us?
You may decline to give us your personal information when we request it. However, we may not be able to provide you with some or all of the products or services that you request of us. If you have any concerns about the personal information we have requested, please let us know.
8. Who do we disclose your Personal Information to?
To carry out the above-mentioned purposes, we may disclose your personal information to persons or organisations, such as:
• health service providers;
• professional advisers;
• regulatory bodies;
• other Insurers;
• authorised persons or persons who act on your behalf;
• government agencies, allowing us to comply with statutory & legislative reporting requirements for the collection and submission of health-related data to Commonwealth agencies;
• other organisations as required or authorised by law, e.g.: in an emergency, investigation of suspected criminal activity or where we are authorized to by law;
• contractors and service providers, such as mailing houses, marketing agencies, information technology service and support providers, data processing and analytics agencies, and website maintenance and development service providers; and
• for members admitted to hospital, our contracted management service – Australian Health Services Alliance (ahsa.com.au).
9. How do we hold your Personal Information?
The personal information we collect about you is kept on an electronic record system in secure databases (including trusted third-party storage providers) in Australia. Personal information may also be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed).
We understand the importance of protecting the personal information we hold about you. We take reasonable steps to ensure your personal information is free from misuse, interference, loss, unauthorised access or modification or disclosure, which include:
| • |
securing all personal information; |
| • |
limiting access to personal information only to those that need access; and |
| • |
protecting our systems with appropriate technology solutions. |
All personal information that is held by Navy Health is secured by the following methods:
| • |
securing our premises with alarms and 24-hour security monitoring. |
| • |
ensuring all systems, servers, computers, databases and networks are secured with password protection and encryption. |
| • |
ensuring various access levels for staff to limit access to information. |
| • |
providing our staff with regular training pertaining to the Privacy Act. |
To satisfy our legal obligations, we may need to retain your information after the relationship has ended. However, we will not retain your identifiable personal information longer than is reasonably necessary and permitted under relevant Australian privacy laws. We take reasonable steps to destroy or de-identify information that we no longer require.
Data security, Retention, and Destruction
In addition to the steps we already take, we employ encryption technologies (at rest and in transit) where feasible and, where possible, use multi-factor authentication for access to highly sensitive systems. Our retention schedules are reviewed periodically to ensure alignment with the Privacy Act, Health Record Laws, and any relevant Australian Privacy Principles. We maintain an Information Security Incident Response Plan which includes response and notification procedures for a Notifiable Data Breach (NDB) in accordance with our obligations under the Privacy Act. If a data breach occurs that is likely to result in serious harm, we will promptly notify affected individuals and the Office of the Australian Information Commissioner (OAIC).
10. How is Personal Information handled for couples and family health insurance policies?
If you are insured under a health insurance policy which covers more than one person, such as a Family or Couples policy, you should make yourself aware of the privacy settings applicable to your policy. Information about the health services received, claims made, and benefits paid (claims history) for each person under the same health insurance policy is accessible to the other persons under the insurance policy, unless stated otherwise.
A Dependent Child (who is 18 years or older and, in some situations, under the age of 18) may contact Navy Health to request that their claims history be kept private from other persons under the insurance policy and Navy Health will comply at its discretion.
Navy Health may, in its discretion, decline to disclose the claims history of a person insured under the same policy where it cannot be satisfied that such disclosure reflects the current intention of the insured person. In that circumstance, the Navy Health may seek clarification from the insured person.
It is important to consider the privacy settings applicable to your policy where there are changes in the relationships amongst persons insured under the policy (for example, as children and young people mature or if partners separate). In that circumstance, you should contact us to change the privacy settings applicable to your policy or discuss whether different insurance arrangements are appropriate to your circumstances.
11. How can I organise additional privacy protections as a victim of family violence or identity theft?
If you are a victim of family violence, identity theft, or have personal safety concerns relating to the personal information we hold about you, we may be able to provide further privacy protections for you. Please do not hesitate to discuss these options with us by:
• calling us on 1300 306 289;
• emailing us at query@navyhealth.com.au;
12. Marketing
We may use your personal information to contact you (including by phone, text message or email) about products or services which we think may be of interest to you. This may include our own or a third party’s products or services with whom we have a formal arrangement.
In particular, we may contact you about products and services we think may be of interest to you after you cease to hold a private health insurance policy with us. For example, we might contact you about renewing your old policy or taking out a new policy.
13. How can I opt-out of receiving marketing material?
You may opt-out of receiving marketing information from us at any time by:
• calling us on 1300 306 289;
• emailing us at query@navyhealth.com.au;
• ‘ticking the box’ on the relevant form when you apply for one of our products or services; or
• using the unsubscribe function on various communications.
• Please allow five working days for your request to be actioned by us.
14. How does Navy Health interact with you via the internet?
Navy Health’s website, online services, interactive applications, email messages and advertisements may use “cookies” and other technologies, such as Google Analytics.
Navy Health has the following Google Analytics Advertiser Features enabled:
• Remarketing with Google Analytics
• Google Display Network Impression Reporting
• Google Analytics Demographics and Interest Reporting
This enables Google Analytics to collect data about Navy Health Website traffic via Google advertising cookies and anonymous identifiers, in addition to data collected through a standard Google Analytics implementation.
Navy Health gathers some information automatically and stores it. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp and clickstream data. Some of the information we collect via cookies and online technologies is considered personal information.
Navy Health uses this information to understand and analyse trends, to administer its website, to learn about user behaviour on the site, to tailor email communications and to gather demographic information about its user base. Navy Health may use this information in its marketing and advertising services.
Navy Health may also use information collected by cookies to display personalised content and advertising (targeted advertising and online behavioural advertising), based on an individual’s internet usage, and to send marketing materials that Navy Health thinks will be of interest to the individual.
You can use your settings to disable your web browser from accepting cookies. However, in doing so, you may be unable to access certain features or content on the Navy Health website.
15. Are we likely to disclose your personal information to overseas recipients?
We generally hold your information in Australia. In certain circumstances, we may transfer your personal information outside Australia. Technology allows for services to be provided by different service providers including some that are located overseas. We may use overseas service providers to provide our products and services or manage our relationship with you. The country in which those third parties are likely to be based, is the United States of America.
Unless we have your consent, or an exception under the Privacy Laws applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure the overseas recipient complies with the Australian Privacy Principles.
16. How can you access and seek correction of Personal Information held by us?
You are entitled to access the personal information we hold about you on request.
We do not charge a fee to give you access to your personal information, but you may be charged for the reasonable time and expense incurred in compiling information, depending on the nature and extent of your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us do this by letting us know if your personal details change and letting us know if you notice errors or discrepancies in information we hold about you .
If you consider any personal information we hold about you as inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information.
You can request to access or seek correction of your personal information by:
• accessing the Navy Health Member Portal (com.au)
• calling us on 1300 306 289;
• emailing us at query@navyhealth.com.au; or
• by mail at PO Box 172, Box Hill, Victoria, 3128.
When you contact us to request access to and correction of your personal information, we may need to verify your identity by confirming your member number, full name, full address and date of birth.
We will give you access to your personal information if practicable and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.
We will take reasonable steps to notify you of a decision on the request within 30 days. We may decline your request to access or correct your personal information in certain circumstances permitted by the Privacy Act and Health Record Laws. In such a case, we will provide you with written notice of the reasons for our decision.
17. What can you do if you would like to raise a complaint?
If you have any questions, concerns or complaints about how we collect, hold, use or disclose your personal information, then you may raise that matter with our Privacy Officer. Our Privacy Officer can be contacted as follows:
• calling us on 1300 306 289;
• emailing us at privacy@navyhealth.com.au; or
• by mail at: Attention Privacy Officer, PO Box 172, Box Hill, Victoria, 3128.
We will endeavour to promptly respond to your questions, concerns or complaints. In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or if our investigation takes longer, we will let you know.
We will also endeavour to resolve any concerns or complaints which you may have to your satisfaction. However, if you are unhappy with our response, you can make a complaint to the Office of the Australian Information Commissioner (OAIC) in Australia.
OAIC contact details:
The Office of the Australian Information Commissioner
GPO Box 5288
Sydney NSW 2001
Phone: 1300 363 992
Fax: 02 6123 5145
Website: www.oaic.gov.au
18. What if I have further questions?
If you have any questions about our Privacy Policy, you may contact our Privacy Officer whose contact details are listed above. If you have questions about the Privacy Act, you may contact the OAIC.
