Unimutual Limited Privacy Policy

This document sets out the privacy policy of Unimutual Limited (ABN 45 106 564 372 AFS Licence 241142) ("Unimutual").

Unimutual has appointed Regis Mutual Management Pty Ltd (ABN 71 130 820 727 AFS Licence No: 338156) as the manager of the mutual ("Manager") to conduct all day to day business of the mutual within the strategic direction of the Unimutual Board of Directors under an outsourced management arrangement. This arrangement provides, amongst other things, that the Manager is obliged to act in accordance with the relevant law. As Unimutual has no employees itself, all references in this document to "we" or "us" or otherwise referring to internal operations of the mutual should be read as being operations implemented by the Manager on behalf of Unimutual.

Unimutual is committed to respecting your privacy.

Our Privacy Policy is in accordance with the Commonwealth Privacy Act 1988, as amended, and is based on the thirteen Australian Privacy Principles outlined in the Privacy Amendment (Enhancing Private Protection) Act 2012 (Cth). Our Privacy Policy also complies with State legislation in relation to the collection and use of health information, where such legislation is applicable in addition to the Commonwealth Act.

We reserve the right to change our Privacy Policy at any time. If we change our Privacy Policy, we will take reasonable steps to bring those changes to your attention.

The Personal Information Unimutual Collects and Holds

Unimutual will not collect personal information unless it is necessary for one or more of its functions or activities. The information will be collected lawfully and fairly and not in an unreasonably intrusive way. In particular, when you are dealing with Unimutual as a representative of a member or prospective member or for any other reason, we generally store the following personal information in connection with you as a Unimutual member or prospective member of Unimutual in order to manage our business relationship:

• your name and names of others that you may refer to, as appropriate, and their contact details including: business email address, business address and phone number;
• records of dealings with you generally including in relation to an initial membership application, annual membership renewal, variations of pre-existing discretionary protection or general query; and

• records of dealings with you in relation to claims or potential claims made to the mutual, including correspondence with you or your external consultants to collect personal information; and, depending upon the type of claim, may include health information. Such information is critical for the mutual to properly assess such a claim.

If the above information is not made available we may not be able to provide you with appropriate service.

The Main Purposes for which Unimutual Holds Information

The general rule is that Unimutual will not use or disclose personal information about an individual other than for the purpose stated at the time of the collection. If another use is proposed, Unimutual will seek further consent, unless that other purpose is related to the original purpose of collection.

Generally, we hold personal information of the individuals comprising our members, and in certain circumstances of third parties, such as your service providers or consultants, and third party claimants for the following purposes:

• to enable the delivery of services and discretionary protection to Unimutual members;
• send correspondence in relation to member related services and events;
• internal accounting
• claims administration;
• to protect members, third parties and suppliers from fraud; and
• to help Unimutual identify any products, benefits or services that might be beneficial to members, whether they are offered by Unimutual direct or from third parties or preferred suppliers.

Use and Disclosure of Information

The Unimutual business model focuses on people and organisations working together for the mutual benefit of all parties involved. In order to keep members informed about updates or changes to the services each mutual offers and benefits or products available to the member, Regis may employ a variety of direct marketing techniques.

We consider that direct marketing to our members forms an integral part of delivering services to members and prospective members, and that these functions or services are directly related to our primary purpose for originally collecting the personal information from our member's representatives.

Without such a service, the communication between our members and Unimutual may be substantially reduced, and therefore less likely to deliver the benefits and returns members deserve.

We handle all of our mail outs to members and others.

Your personal information may be provided to service providers of the mutual such as claims advisers, legal advisers or assessors for the purpose of facilitating the delivery of mutual services.

Each service provider is required to deal with your personal information in a manner and at the level specified by our standards.

Ensuring Personal Information is Up-to-date

We rely on the personal information we hold in conducting our business. Therefore, it is very important that the information we hold is accurate, complete and up-to-date.

We do everything we can to ensure that the personal information we hold is accurate complete and up-to-date whenever we collect or use it. This means that from time to time, we will ask you to tell us if there are any changes to your personal information. If you find that information we hold about you is incorrect, please contact us immediately and we will correct it.

Use of Government Identifiers

We do not adopt, use or disclose an identifier that has been assigned by a Commonwealth Government Agency unless legally required. An identifier, for example, a Medicare or tax file number, is a number assigned by a Commonwealth government agency to identify uniquely the individual for the purposes of the organisation's operations.

Disclosing Personal Information overseas?

As a general rule, we do not disclose personal information to any person or organisation in a foreign country if that country does not have a comparable information privacy regime; but in the unlikely event that we proposed to do so, we would obtain your prior consent except where the Australian Privacy Principles do not require us to do so.

Currently, it is reasonably likely that we may disclose personal information to overseas recipients in Europe (including United Kingdom, Isle of Man & Luxembourg) and New Zealand. These jurisdictions are each subject to a privacy regime substantially similar to Australia incorporating at the least the same level of information protection under the Australian Privacy Principles.

How You Can Contact Us

If you think your privacy has been interfered with due to a breach of our obligations in relation to your privacy, then you can complain directly to our Privacy Officer. If you are not satisfied with our response, we will advise you of your options before further proceeding with your complaint.

At your request we will provide you with additional information about the way Unimutual manages the personal information it holds. If you wish to know more about the way we manage personal information please contact our Privacy Officer in the following ways:

• You can write to our Privacy Officer at PO Box H96, Australia Square NSW 1215.
• You can email our Privacy Officer at privacy@unimutual.com.au
• You can call our Privacy Officer on (02) 9250 2802.

For further information about privacy issues in Australia and protecting your privacy, visit the Office of Australian Information Privacy Commissioner's website at www.oaic.gov.au .

Destruction or De-identifying Personal Information

When information is no longer needed, we will take reasonable steps to destroy or permanently de-identify personal information.

Frequently Asked Questions (FAQ'S)

Here are nine FAQ's to assist you in understanding our privacy responsibilities.

1. What do you classify as my 'personal information'?
Personal information is any information about you that identifies you, or by which your identity can reasonably be ascertained.
Personal information held by Unimutual may include your name, address, occupation, employer; current/previous addresses and private/business telephone number and in certain circumstances where a claim has been made or where you or your employer has applied to become a Unimutual member, other personal information may be collected by us, including but not limited to financial details, risk and claim histories (validated and invalidated), statements and valuations of business assets, entity and trade references and claim details, which may include health information.

If you and or the relevant other third parties choose not to provide personal information, we may not be able to process your organisation's application for membership, discretionary protections or deliver the services associated with Unimutual membership.

2. How do you collect my personal information?
Unimutual will insofar as reasonably possible collect the information directly from you, when you provide information in documents such as an application for membership or protection. By representing your organisation in completing an application to become a member of Unimutual the applicant's representative agrees to the use and disclosure of personal information necessary to effect membership, discretionary protection and or functions involved with delivery of discretionary benefits. If we are not able to collect the information we need directly from you we will take reasonable steps to ensure that you are made aware:
(a) of our identity;
(b) that you can gain access to your personal information held by us;
(c) of the purpose for collecting the information;
(d) the organisations to which that information is usually disclosed;
(e) any law that requires the information to be collected; and
(f) the consequences for you if that information is not provided (e.g., we cannot provide you with the services you request or assess your claim).

3. How do you use my personal information?
Your personal information will be used in order to provide the services your organisation requires. This includes administering and managing those services, including collecting contributions, issuing discretionary protections, managing claims and delivering benefits subject to absolute discretion; and to protecting both yourself, your organisation, third parties and Unimutual from fraud.
Included in services we provide within your organisations Unimutual membership is the direct marketing that accompanies our communication media. This information is essential to keeping you aware of all the benefits offered by Unimutual to members. Although you can elect not to receive this information this may disadvantage your opportunities to access the maximum benefits potentially available through Unimutual membership. We will only transfer personal information about you to an overseas recipient located in a country with a comparable privacy regime unless we first obtain your consent to do otherwise except where the Australian Privacy Principles do not require us to do so.

4. Is the personal information I give you kept in a secure place?
Unimutual takes all reasonable care and steps to ensure data collected is secure, protected from misuse, loss, unauthorized access and disclosure and will destroy the data once it is no longer required.

5. Can I see what you have on file about me?
Upon request, Unimutual will provide you details of the information we have on file about you. Our Privacy Officer will process all such requests within 30 days of the date of receipt. There may be some exceptions and by law Unimutual is permitted to make a small charge for this service.

6. What happens if I find out that the information you hold about me is incorrect or out of date?
Unimutual takes all reasonable steps to ensure the data is accurate when collected. If a change or correction is required you must advise Unimutual in writing and the changes/corrections will be made within 30 days of receipt.

7. Are you bound by the Australian Privacy Principles?
Unimutual is legally bound by the thirteen Australian Privacy Principles set out in the Privacy Amendment (Enhancing Private Protection) Act 2012 (Cth).

8. Do I have to be on your e-mail/mailing broadcasts and lists?
You have the option to 'unsubscribe' and no longer receive electronic marketing/mailing lists on products, services, communications, events etc.

9. I think you have interfered with my privacy and I wish to complain.
You can complain directly by contacting our Privacy Officer. If you are not satisfied with our response, we will advise you on your options for further proceeding with your complaint.

Version 4 - 11 March 2014

Member Login

Direcotr Login

Unimutual