We are Medibank Private Limited ABN 47 080890 259 (Medibank) and Australian Health Management Group Pty Ltd ABN 96 003 683 298 (ahm), a subsidiary of Medibank. References to 'us', 'we' or 'our' include Medibank, ahm and, where the context requires, other Medibank subsidiaries (collectively Medibank Group Companies).
We are committed to protecting your personal information and complying with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and other State and Territory laws governing the use of personal information (collectively, Privacy Laws) which regulate how personal information is handled from collection to use and disclosure, storage, access and disposal.
'Personal information' generally means any kind of information in any form about a person that identifies that person and includes sensitive information such as health information.
The types of personal information we may collect include:
You generally have the right not to identify yourself when dealing with us where it is lawful and practicable for us to allow it. However, on many occasions we will not be able to do this. For example, we will need your name and residential address in order to provide you with private health insurance coverage.
If you do not provide or authorise the provision of personal information we request, we may be unable to provide you with some or all of our products and services or the product and services of our partners.
We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
We may collect your personal information from:
We take all reasonable steps to protect your personal information from misuse and loss and from unauthorised access, modification or disclosure. We store your information securely and have a range of security controls in place to ensure that your information and documents are protected. Our employees are trained on privacy and access to personal information is restricted to individuals properly authorised to do so.
We also take reasonable steps to make sure that the personal information that we collect, use and disclose is accurate, complete, up to date and relevant. We keep your personal information for only as long as it is required in order to provide you with products and services and to comply with our legal obligations. When it is no longer needed for these purposes, we take reasonable steps to destroy or permanently de-identify this personal information.
We collect your personal information to enable Medibank Group Companies and our third party suppliers and partners to provide you with products and services, including insurance, health-related services, partner offerings and information on other products and services (collectively Insurance and Health Products). We may also be required by law to collect some personal information.
Where you provide personal information to the Medibank Group Companies as a service provider, contractor or prospective employee, we collect your personal information to enable us to fulfil the purpose and related purposes for which you provided the information.
We may use your personal information for these purposes, including to:
In doing so we may disclose your personal information to persons or organisations in Australia and overseas including:
To keep you informed quicker, where you provide us with an email address, we send most service-related communications to you by email. Service-related communications are the essential things you need to know about your cover, like changes to premiums and account notices.
From time to time, we may also collect and use your personal information so that we can promote and market Insurance and Health Products to you and keep you informed of special offers from Medibank Group Companies and third parties, including by direct mail, SMS and MMS messages, by phone and email.
We may need to disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business. Most of these overseas organisations are services providers or related entities which provide support and assistance to us in delivering our products and services to you.
Where we do, we take reasonable steps to ensure that your information is given the same type of protection as it is afforded within Australia. This may be through satisfying ourselves that the overseas organisation has controls in place to comply with Australian privacy laws, ensuring that the overseas organisation is located in a country which we believe has a similar privacy regime to Australia or through contractually or otherwise mandating the adequate management of the information.
On occasion, we may also disclose your personal information to overseas organisations where you instruct us or expressly consent to us doing so. In such cases, we may not take the above steps in relation to the management of your information.
If you have a corporate health insurance product, there may be occasions where we are instructed by your employer to disclose your information to an overseas organisation in order to administer your policy. In such instances, we may not be able to take reasonable steps to ensure that your information will be afforded the same protection as in Australia and you may not be able to seek redress for how your information is handled under Australian privacy law.
Please see the section at the end of this policy which outlines the main countries to which personal information may be disclosed.
We will generally provide you with access to your personal information if practicable (although an administration fee may be charged), and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.
You can get in touch with us at Medibank or at ahm to request the above any time you wish to do so.
In some circumstances, we may not permit access to your personal information, or may refuse to correct your personal information. Where this happens, we will provide you with reasons for this decision, seek alternatives and take any further legally required steps.
If you have any concerns or queries about the manner in which your personal information has been handled, please contact our Privacy Officer whose contact details are provided below.
If you wish to make a formal complaint, please provide your complaint in writing to our Privacy Officer. We will consider your complaint promptly and contact you to seek to resolve the matter.
Generally, we will contact you to acknowledge receipt of your complaint and let you know who is managing your query within 5 business days. We will attend promptly to your complaint and will aim to respond to your concerns or otherwise keep you informed of our progress within 30 days.
If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.
You can write to our Privacy Officer at: Privacy Officer, Medibank Private Limited, GPO Box 9999 (your capital city) or e-mail firstname.lastname@example.org
Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.
Listed below are the countries to which we may disclose personal information in the course of our functions and activities. This list does not include countries where you may have specifically instructed us to send your information or expressly consented to us sending your information.
Please see the Do we disclose your personal information overseas? section for information on the steps we take to ensure the adequate protection and appropriate management of this information.
This list is updated from time to time. You can visit our website at any time to view the latest version.