Unimutual Limited Privacy Policy

The following sets out the privacy policy of Unimutual Limited (ABN 45 106 564 372 AFS Licence 241142), (Unimutual).

Unimutual is committed to respecting your privacy.

Our Privacy Policy is in accordance with the Commonwealth Privacy Act 1988 and is based on the ten National Privacy Principles (NPP) outlined in the Privacy Amendment (Private Sector) Act 2000. Our Privacy Policy also complies with State legislation in relation to the collection and use of health information, where such legislation is applicable in addition to the Commonwealth Act.

We reserve the right to change our Privacy Policy at any time. If we change our Privacy Policy, we will take reasonable steps to bring those changes to your attention.

The Personal Information Unimutual Collects and Holds

Unimutual will not collect personal information unless it is necessary for one or more of its functions or activities. The information will be collected lawfully and fairly and not in an unreasonably intrusive way. In particular, when you are dealing with Unimutual as a representative of a member or prospective member or for any other reason, we generally store the following personal information about you in order to manage our business relationship.

• Your name, business email, business address and contact details;
• Notes of dealings with you as a Unimutual member or prospective member.

If the required personal information is not made available we may not be able to provide you with appropriate service.

The Main Purposes for which Unimutual Holds Information

The general rule is that Unimutual will not use or disclose personal information about an individual other than for the purpose stated at the time of the collection. If another use is proposed, Unimutual will seek further consent, unless that other purpose is related to the original purpose of collection.

Generally, we hold personal information of the individuals comprising our members for the following purposes:

• To enable the delivery of services and discretionary protection to Unimutual members;
• Send correspondence in relation to member related services and events;
• Internal accounting and account administration;
• Subject to discretion, to protect members, third parties and suppliers from fraud; and
• To help Unimutual identify any products, benefits or services that might be beneficial to members, whether they are offered by Unimutual direct or from third parties or preferred suppliers.

Use and Disclosure of Information

The Unimutual business model focuses on people and organisations working together for the mutual benefit of all parties involved. In order to keep members informed about updates or changes to the services we offer and benefits or products available from the mutual, we may employ a variety of direct marketing techniques.

We consider that direct marketing to our members forms an integral part of delivering services to members and prospective members, and that these functions or services are directly related to our primary purpose for originally collecting the personal information from our member's representatives.

Without such a service, the communication between our members and Unimutual may be substantially reduced, and therefore less likely to deliver the benefits and returns members deserve.

We may not handle all of our mail outs to members and others. The administration and distribution of some updates may be out-sourced to an appropriate accredited service provider, who typically provides mailing house services to the private and public sectors. The out-sourcing of this service involves the disclosure of a member's representative and other relevant names and nominated mailing addresses to the mailing house. We have taken all reasonable steps to ensure that any service provider deals with personal information in accordance with the same standards that we apply.

At no time is the member's representative personal information provided direct to suppliers to the mutual for their direct marketing activities. In the instances where a supplier wishes to utilise a mail out service, they are required to send their promotional material to our approved service provider, where the promotional material will be integrated with the other Unimutual mail going to the member. Unimutual preferred suppliers may also download mailing list labels via the Unimutual website. These mailing list labels do not contain your personal information.

Your personal information may be provided to service providers of the mutual such as claims advisers, legal advisers or assessors for the purpose of facilitating the delivery of mutual services.

Each service provider is required to deal with your personal information in a manner and at the level specified by our standards.

Ensuring Personal Information is Up-to-date

We rely on the personal information we hold in conducting our business. Therefore, it is very important that the information we hold is accurate, complete and up-to-date.

We do everything we can to ensure that the personal information we hold is accurate complete and up-to-date whenever we collect or use it. This means that from time to time, we will ask you to tell us if there are any changes to your personal information. If you find that information we hold about you is incorrect, please contact us immediately and we will correct it.

We do not adopt, use or disclose an identifier that has been assigned by a Commonwealth Government Agency unless legally required. An identifier, for example, a medicare or tax file number, is a number assigned by a Commonwealth government agency to identify uniquely the individual for the purposes of the organisation's operations.

We do not disclose personal information to any person or organisation in a foreign country, if that country does not have a comparable information privacy scheme, except:

• To Unimutual personnel and employees of Unimutual's corporate authorised representatives in overseas branches when the information is required for operational purposes;
• Where you consent to the disclosure; and
• If obtaining your consent is not practical and Unimutual considers that the disclosure is for your benefit and that you would have consented to the disclosure.

When information is no longer needed, we will take reasonable steps to destroy or permanently de-identify personal information.

Unimutual Website

Unimutual has a Website Privacy Policy, which is available on www.unimutual.com.au. The Unimutual Website Privacy Policy outlines important information in relation to the Unimutual website, including the use of 'cookies' on the website by Unimutual and the way Unimutual's web server tracks usage patterns and the types of information about users that it collects.

How You Can Contact Us

If you think your privacy has been interfered with due to a breach of our obligations in relation to your privacy, then you can complain directly to our Privacy Officer. If you are not satisfied with our response, we will advise you of your options before further proceeding with your complaint.

At your request we will provide you with additional information about the way Unimutual manages the personal information it holds. If you wish to know more about the way we manage personal information please contact our Privacy Officer in the following ways:

• You can write to our Privacy Officer at PO Box H96, Australia Square NSW 1215.
• You can email our Privacy Officer at privacy@unimutual.com.au ;
• You can call our Privacy Officer on (02) 9250 2802.

For further information about privacy issues in Australia and protecting your privacy, visit the Federal Privacy Commissioner's website at http://www.privacy.gov.au .

Frequently Asked Questions (FAQ'S)

Here are nine FAQ's to assist you in understanding our privacy responsibilities.

1. What do you classify as my 'personal information'?
Personal information is any information about you that identifies you, or by which your identity can reasonably be ascertained.
Personal information held by Unimutual may include your name, address, occupation, employer; current/previous addresses and private/business telephone number and in certain circumstances where a claim has been made or where you or your employer has applied to become a Unimutual member, other personal information may be collected by us, including but not limited to financial details, risk and claim histories (validated and invalidated), statements and valuations of business assets, entity and trade references and claim details, which may include health information.

If you and or the relevant other third parties choose not to provide personal information, we may not be able to process your organisation's application for membership, discretionary protections or deliver the services associated with Unimutual membership.

2. How do you collect my personal information?
Unimutual will insofar as reasonably possible collect the information directly from you, when you provide information in documents such as an application for membership or protection. By representing your organisation in completing an application to become a member of Unimutual the applicant's representative agrees to the use and disclosure of personal information necessary to effect membership, discretionary protection and or functions involved with delivery of discretionary benefits. If we are not able to collect the information we need directly from you we will take reasonable steps to ensure that you are made aware:
(a) of our identity;
(b) that you can gain access to your personal information held by us;
(c) of the purpose for collecting the information;
(d) the organisations to which that information is usually disclosed;
(e) any law that requires the information to be collected; and
(f) the consequences for you if that information is not provided (eg, we cannot provide you with the services you request or assess your claim).

3. How do you use my personal information?
Your personal information will be used in order to provide the services your organisation requires. This includes administering and managing those services, including collecting contributions, issuing discretionary protections, managing claims and delivering benefits subject to absolute discretion and to protecting both yourself, your organisation, third parties and Unimutual from fraud.
Included in services we provide within your organisations Unimutual membership is the direct marketing that accompanies our communication media. This information is essential to keeping you aware of all the benefits offered by Unimutual to members. Although you can elect not to receive this information this may disadvantage your opportunities to access the maximum benefits potentially available through Unimutual membership. We will only transfer personal information about you to a foreign company with less privacy protection in specified circumstances.

4. Is the personal information I give you kept in a secure place?
Unimutual takes all reasonable care and steps to ensure data collected is secure, protected from misuse, loss, unauthorized access and disclosure and will destroy the data once it is no longer required.

5. Can I see what you have on file about me?
Upon request, Unimutual will provide you details of the information we have on file about you. Our Privacy Officer will process all such requests within 30 days of the date of receipt. There may be some exceptions and by law Unimutual is permitted to make a small charge for this service.

6. What happens if I find out that the information you hold about me is incorrect or out of date?
Unimutual takes all reasonable steps to ensure the data is accurate when collected. If a change or correction is required you must advise Unimutual in writing and the changes/corrections will be made within 30 days of receipt.

7. Are you bound by the National Privacy Principles?
Unimutual is legally bound by the ten National Privacy Principles that form part of the Commonwealth Privacy Amendment (Private Sector) Act 2000 that came into force on 21 December 2001.

8. Do I HAVE to be on your e-mail/mailing broadcasts and lists?
You have the option to 'unsubscribe' and no longer receive electronic marketing/mailing lists on products, services, communications, events etc.

9. I think you have interfered with my privacy and I wish to complain.
You can complain directly by contacting our Privacy Officer. If you are not satisfied with our response, we will advise you on your options for further proceeding with your complaint.

Version 2 - 16 May 2006