Privacy Policy
Navy Health Ltd ABN 61 092 229 000 (Navy Health/ we/ us/our) are committed to protecting and maintaining the privacy of all individuals with whom we deal. We are also committed to complying with the Privacy Act 1988 (Cth) (Privacy Act), including the Australian Privacy Principles contained within that Act, and other State and Territory Laws that regulate health information, such as the Health Records Act 2001 (VIC), Health Records and Information Privacy Act 2002 (NSW) and Health Records (Privacy and Access) Act 1997 (ACT) (Health Record Laws), to the extent that they are applicable.
About this Policy?
This Privacy Policy explains how we manage the personal information, which we collect, hold, use and disclose. This includes:
| • |
the kinds of personal information that we collect and hold about you; |
| • |
how we collect your personal information; |
| • |
how we hold your personal information; |
| • |
the purposes for collecting, holding, using and disclosing your personal information; |
| • |
whether we will (or are likely to) disclose your personal information to overseas recipients and the countries where such recipients may be located; |
| • |
how you may access your personal information held by us and correct that information where it is incorrect; |
| • |
how you may make a complaint about the way we collect, hold, use or disclose personal information, and how we will deal with privacy related complaints; |
| • |
our contact details; |
| • |
the consequences of not providing personal information; and |
| • |
how we use your information for direct marketing activities. |
It also explains how to contact us if you have any further queries about our management of your personal information.
This Privacy Policy applies all individuals whose personal information we have collected or handled, including current and past members, service providers, contractors and prospective employees.
This Privacy Policy was last updated in June 2020. Navy Health will make changes to its process and systems in relation to how we handle your personal information, and this policy will be updated to reflect those changes.
Other terms may also apply to you and the information we hold about you. For example, sometimes we also provide a privacy collection statement at the time we collect personal information from you, such as when you first sign up as a member for an insurance policy. This privacy collection statement may include additional terms. If you are employed with us, you may have specific privacy terms in your employment contract with us.
What is personal information?
“Personal information” is information or an opinion that identifies you or can be reasonably used to identify you. It includes your name, age, gender and contact details, as well as your “health information”, such as information or an opinion about your health and health services that have been provided to you.
“Health information” is part of a sub-set of personal information, known as “sensitive information” for the purposes of the Privacy Act. “Health information” is specifically regulated under the state and territory Health Record Laws. In this Privacy Policy, all references to “personal information” includes “sensitive information” and “health information” (unless stated otherwise).
What kind of personal information do we collect and hold?
We only collect personal information about you which is reasonably necessary for our functions or activities. The types of personal information which we collect and hold about you may vary depending on the nature of our interactions with you.
Members and prospective members
As an insurance provider, Navy Health collects personal information, including health and sensitive information. The type of information we collect about you includes:
| • |
your full name; |
| • |
your gender; |
| • |
your contact details, including your residential address and email address; |
| • |
your date of birth; |
| • |
government related identifiers such as your Medicare number; |
| • |
financial information such as your bank details; |
| • |
information about your preferences relevant to any marketing activities; |
| • |
sensitive information such as:
→ details about your health and health services provided to you; and
→ historical information such as your prior insurance claims. |
Prospective employees and applicants
We collect personal information when recruiting people to work with us, such as your name, date of birth, gender, contact details, qualifications, and work and study history (including references and other information included in a CV or cover letter as part of the application process).
Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.
How do we collect your personal information?
We only collect personal information about you in a manner that is lawful.
Wherever it is possible and practical to do so, we will collect personal information directly from you. For insurance policies that cover more than one person, such as family or couples policies, we collect personal information about all individuals who are on the policy from the person who is taking out the policy. For example, where one parent is taking out a family policy, that parent may provide us with the details of their partner and children.
We may collect this information:
| • |
in person; |
| • |
over the telephone; |
| • |
by mail; |
| • |
over the internet (including via our website); |
| • |
by our Navy Health app; |
| • |
by e-mail or fax; or |
| • |
by completion of a form (such as an application form). |
We may also collect your personal information from a third party. This will be limited to circumstances where it is impracticable or unreasonable for us to collect it directly from you or you have authorised us to collect the information from them. The type of third party who might provide information to us will vary depending on the nature of our interaction with you.
While this is not an exhaustive list, third parties include:
| • |
health providers i.e. hospitals or medical practitioners; |
| • |
other Health Insurers (such as where you have requested a transfer of your health insurance from another fund to us); |
| • |
authorised persons or persons who act on your behalf; |
| • |
another insured person on the insurance policy; |
| • |
government bodies; |
| • |
publicly available sources or networking services (such as LinkedIn); and |
| • |
recruitment agencies and referees. |
Unless we are notified otherwise, all information, including that of all persons covered on the insurance policy, may be disclosed to you or to the person authorised by you to have access to your insurance policy.
For what purposes do we collect, hold, use and disclose your personal information?
The purposes for which we may collect, hold, use and disclose your personal information will depend on our relationship with you. Examples of some of the purposes are below:
| • |
to manage and administer our products and services including private health insurance; |
| • |
to perform the functions and activities related to our business such as assessing your claims and paying your benefits; |
| • |
to collect rebate entitlements; |
| • |
to collect installments which are overdue; |
| • |
to manage our relationship with you including by contacting you about products or services, news, competitions or community events which we think may be of interest to you; |
| • |
to research, develop and expand our products and services; |
| • |
to identify whether you are suitable for and to contact you about health management programs and services that may be of benefit to you; |
| • |
to recruit employees and contractors (including volunteers, internships and work experience) and other third parties that provide services to us; and |
| • |
to comply with any applicable laws. |
We may also use your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.
Can you deal with Navy Health anonymously?
You may interact with us anonymously or by using a pseudonym if the interaction is general in nature.
However, if the interaction is specific to an account or relates to your personal information we will need to identify you before we can engage in further discussions and correspondence.
Consequences for you if your personal information is not provided to us?
You may decline to give us your personal information when we request it. However, we may not be able to provide you with some or all of the products or services that you request of us. If you have any concerns about the personal information we have requested, please let us know.
Who do we disclose your personal information to?
In order to carry out the above-mentioned purposes, we may disclose your personal information to persons or organisations, such as:
| • |
health service providers; |
| • |
professional advisers; |
| • |
regulatory bodies; |
| • |
other Health Insurers; |
| • |
authorised persons or persons who act on your behalf; |
| • |
government agencies, allowing us to comply with statutory & legislative reporting requirements for the collection and submission of health related data to Commonwealth agencies; |
| • |
other organisations as required or authorized by law, e.g.: in an emergency, investigation of suspected criminal activity or where we are authorized to by law; |
| • |
contractors and service providers, such as mailing houses, marketing agencies, information technology service and support providers, data processing and analytics agencies, and website maintenance and development service providers; and |
| • |
for members admitted to hospital, our contracted management service – Australian Health Services Alliance (ahsa.com.au). |
How do we hold your personal information?
The personal information we collect about you is kept [on an electronic record system in secure databases (including trusted third party storage providers in Australia). Personal information may also be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed)].
We understand the importance of protecting the personal information we hold about you. We take reasonable steps to ensure your personal information is free from misuse, interference, loss, unauthorised access or modification or disclosure, which include:
| • |
securing all personal information; |
| • |
limiting access to personal information only to those that need access; and |
| • |
protecting our systems with appropriate technology solutions. |
All personal information that is held by Navy Health is secured by the following methods:
| • |
securing our premises with alarms and 24 hour security monitoring. |
| • |
ensuring all systems, servers, computers, databases and networks are secured with password protection and encryption. |
| • |
ensuring various access levels for staff to limit access to information and roles. |
| • |
providing our staff with regular training and feedback pertaining to the Privacy Act. |
In order to satisfy our legal obligations, we may need to retain your information after the relationship has ended. However, we will not retain your identifiable personal information longer than is reasonably necessary and permitted under relevant Australian privacy laws. We take reasonable steps to destroy or de-identify information that we no longer require.
How is personal information handled for couples and family health insurance policies?
If you are insured under a health insurance policy which covers more than one person, such as a ‘family’ or ‘couples’ policy, you should make yourself aware of the privacy settings applicable to your policy. Information about the health services received, claims made and benefits paid (claims history) for each person under the same health insurance policy is accessible to the other persons under the insurance policy.]
A dependent child (who is 16 years or older and in some situations, under the age of 16) may contact Navy Health to request that their claims history be kept private from other persons under the insurance policy.
Navy Health may, in its discretion, decline to disclose the claims history of a person insured under the same policy where it cannot be satisfied that such disclosure reflects the current intention of the insured person. In that circumstance, the Navy Health may seek clarification from the insured person.
It is important to consider the privacy settings applicable to your policy where there are changes in the relationships amongst persons insured under the policy (for example, as children and young people mature or if partners separate). In that circumstance, you should contact us to change the privacy settings applicable to your policy or discuss whether different insurance arrangements are appropriate to your circumstances.
How can I organise additional privacy protections as a victim of family violence or identity theft?
If you are a victim or family violence or identity theft, or have personal safety concerns relating to the personal information we hold about you, we may be able to provide further privacy protections for you. Please do not hesitate to discuss these options with us by:
| • |
calling us on 1300 306 289; or |
| • |
emailing us at query@navyhealth.com.au. |
Marketing
We may use your personal information to contact you (including by phone, text message or email) about products or services which we think may be of interest to you. This may include our own, our related body corporate’s or a third party’s products or services with whom we have a formal arrangement.
In particular, we may contact you about products and services we think may be of interest to you after you cease to hold a private health insurance policy with us. For example, we might contact you about renewing your old policy or taking out a new policy.
You consent to us sending these carefully selected marketing materials to you in this manner.
How can I opt-out of receiving marketing material?
You may opt-out of receiving marketing information from us and our related bodies corporate at any time by:
| • |
calling us on 1300 306 289; |
| • |
emailing us at query@navyhealth.com.au; |
| • |
‘ticking the box’ on the relevant form when you apply for one of our products or services; or |
| • |
using the unsubscribe function on various communications. |
Please allow five working days for your request to be actioned by us.
How does Navy Health interact with you via the internet?
Navy Health’s website, online services, interactive applications, email messages and advertisements may use “cookies” and other technologies, such as Google Analytics.
Navy Health has the following Google Analytics Advertiser Features enabled:
| • |
Remarketing with Google Analytics |
| • |
Google Display Network Impression Reporting |
| • |
Google Analytics Demographics and Interest Reporting |
This enables Google Analytics to collect data about Navy Health Website traffic via Google advertising cookies and anonymous identifiers, in addition to data collected through a standard Google Analytics implementation.
Navy Health gathers some information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring and exit pages, operating system, date/time stamp and clickstream data. Some of the information we collect via cookies and online technologies is considered personal information .
Navy Health uses this information to understand and analyse trends, to administer its website, to learn about user behavior on the site, to tailor email communications and to gather demographic information about its user base as a whole. Navy Health may use this information in its marketing and advertising services.
Navy Health may also use information collected by cookies to display personalised content and advertising (targeted advertising and online behavioral advertising), based on an individual’s internet usage, and to send marketing materials that Navy Health thinks will be of interest to the individual.
You can use your settings to disable your web browser from accepting cookies. However, in doing so, you may be unable to access certain features or content on the Navy Health website.
Are we likely to disclose your personal information to overseas recipients?
We generally hold your information in Australia. In certain circumstances, we may transfer your personal information outside Australia. Technology allows for services to be provided by different service providers including some that are located overseas. We may use overseas service providers in order to provide our products and services or manage our relationship with you. The countries in which those third parties are likely to be based are the United States.
Unless we have your consent, or an exception under the Privacy Laws applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to your personal information.
How can you access and seek correction of personal information held by us?
You are entitled to access the personal information we hold about you on request.
We do not charge a fee to give you access to your personal information, but you may be charged for the reasonable time and expense incurred in compiling information, depending on the nature and extent of your request.
We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
However, if you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information.
You can request to access or seek correction of your personal information by:
When you contact us to request access to and correction of your personal information, we may need to verify your identity by confirming your member number, full name, full address and date of birth.
We will give you access to your personal information if practicable, and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.
We will take reasonable steps to notify you of a decision on the request within 30 days. We may decline your request to access or correct your personal information in certain circumstances permitted by the Privacy Act and Health Record Laws. In such a case, we will provide you with written notice of the reasons for our decision.
How can you complain about a breach of the Australian Privacy Principles and how will we deal with your complaint?
If you have any questions, concerns or complaints about how we collect or manage your personal information, then you may raise that matter with our Privacy Officer. Our Privacy Officer can be contacted as follows:
| • |
calling us on 1300 306 289; |
| • |
emailing us at privacy@navyhealth.com.au; or |
| • |
by mail at: Attention Privacy Officer, PO Box 172, Box Hill, Victoria, 3128. |
We will endeavor to promptly respond to your questions, concerns or complaints. In most cases we will investigate and response to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
We will also endeavor to resolve any concerns or complaints which you may have to your satisfaction. However, if you are unhappy with our response, you can make a complaint to the Office of the Australian Information Commissioner (OAIC) in Australia.
The contact details for the OAIC
The Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001Phone: 1300 363 992
Fax: 02 9284 9666
Website: www.oaic.gov.au
Alternatively, you can contact the Victorian Health Complaints Commissioner, NSW Privacy Commissioner or ACT Human Rights Commission.
What if I have further questions?
If you have any questions about our Privacy Policy, you may contact our Privacy Officer whose contact details are listed above. If you have questions about the Privacy Act, you may contact the OAIC.
