AIA Australia is part of the AIA Group. Among the most important assets of AIA Group is the trust and confidence that is placed in AIA companies to properly handle information. Customers expect us to maintain their information accurately, protect against manipulation and errors, secure from theft, and free from unwarranted disclosure. AIA Australia is bound by privacy principles (otherwise known as the Australian Privacy Principles) which apply to private sector organisations under the Privacy Act 1988 (Cth), and other laws which protect your privacy.
- our customers (including potential and former customers);
- visitors to our Website (defined below), and any other AIA Australia websites and social media pages, including that of AIA Vitality;
- our advisers (and the Australian Financial Service Licensee they represent); and
- job applicants, staff, officers and contractors.
Collection of Personal Information
We collect Personal Information in a range of circumstances including when you:
- contact or transact with us;
- make an enquiry;
- make a claim; or
- obtain a quote or use or request our products (including products which we distribute) or services,
- either directly or through your Representatives.
What kind of Personal Information does AIA Australia collect?
The types of Personal Information we collect varies depending on what product, service, or stage in a policy application, underwriting, or claims process is relevant to your circumstances.
Generally, if you are a current or previous customer of AIA Australia, this includes:
- your name and contact details (e.g. address, telephone number);
- identifying information (e.g. date of birth, driver’s licence, passport, birth certificate);
- email address;
- demographic and profile information (gender, age, etc.);
- information provided by you directly or through your Representatives (including but not limited to: information provided in an application, transaction or maintenance request, claim or other information submitted in respect of your insurance or prospective insurance);
- AIA Vitality membership (or other product application, or business relationship with us);
- tax file number;
- Medicare number;
- transactional and financial information (including but not limited to your use of cards and other facilities, income, payment and banking information and annual household income);
- family and beneficiary information;
- insurance claims information;
- work, occupation and pastimes;
- superannuation and membership information;
- information contained in your social media profiles; and
- some sensitive, lifestyle, health and medical-related information.
We are required or authorised to collect your Personal Information under various laws including:
- Life Insurance Act;
- Insurance Contracts Act;
- Corporations Act;
- taxation legislation (including without limitation the Income Tax Assessment Acts and the Taxation Administration Act);
- Superannuation Guarantee (Administration) Act;
- Superannuation Industry (Supervision) Act;
- Retirement Savings Account Act;
- Anti-Money Laundering and Counter-Terrorism Financing Act;
- Financial Transaction Reports Act;
- Crimes Act (Vic), Crimes Act (NSW), Criminal Law Consolidation Act (SA) and the Criminal Codes of Queensland, Tasmania, WA, NT, ACT and the Commonwealth;
We also collect Personal Information about your transactions and interactions with us, including any contact we have with you (including without limitation by telephone, email or online, via our Website, publicly available sources, social media and other blogs, sites and virtual communities and networks where people create, share or exchange information).
For security, investigative (including in relation to claims), dispute resolution, quality assurance, training and other purposes, we may monitor and record your communications with us (including telephone, email or online) and operate camera, video and audio surveillance devices in or outside our premises.
If the Financial Services Council Life Insurance Code of Practice (“Code”) applies to the insurance cover we provide you, we will comply with the Code when we collect, use and disclose your Personal Information.
Where does AIA Australia collect this information from?
We collect Personal Information directly from you as well as from:
related bodies corporate including without limitation, joint venture entities (“Affiliates”);
- our partners;
- your Representatives
- accountants, health professionals, medical providers and hospitals, rehabilitation providers, investigators, government authorities and their agents, reinsurers, and legal advisers;
- financial institutions you nominate;
- your employer;
- the health insurance commission and their agents;
- other insurers (including worker’s compensation insurers, authorities, private health insurers (such as MO Health Pty Ltd) and their contractors and agents;
- the trustee or administrator of a superannuation fund;
- the policy owner (where you are a life insured who is not the policy owner);
- any other party with which we have an arrangement for the promotion and sale of products offered or distributed by us, publicly available sources, social media and other blogs, sites and virtual communities and networks where people create, share or exchange information
- third parties including our service providers and contractors, and the service providers and contractors of the entities and individuals mentioned above; and
- anyone acting on your behalf.
In addition to the above, we may also collect Personal Information in specific circumstances applicable to your situation as described below.
Why we may need to collect, use and disclose your Personal Information
The reasons why we may collect, use (which includes holding and storage) and disclose your Personal Information include:
- to process and respond to your applications, instructions and requests;
- for underwriting purposes;
- for the assessment and processing of claims;
- for our and our Affiliates’ internal purposes;
- to manage and administer our and our Affiliates’ and partners’ business activities, products and services, including the AIA Vitality program;
- to tell you about new or existing products or services;
- to meet requirements imposed by law;
- to protect our and our Affiliates’ and partners’ lawful interests;
- to communicate with you or respond to feedback or complaints;
- to manage and administer our relationship with you;
- for reinsurance purposes;
- to monitor and protect our brand;
- to correct or respond to comments or statements made in relation to us and our Affiliates or partners;
- for purposes relating to any actual or potential acquisition of our business;
- to investigate, manage and prevent actual, potential or suspected improper conduct such as fraud;
- verifying your identity, including your authority to act on behalf of a customer;
- for training, developing and testing products, services and systems;
- for statistical, prudential, research, audit, actuarial and reporting purposes.
Where you are a life insured who is not the policy owner, we may also at times provide and exchange Personal Information about you to the policy owner of the eligible insurance policy under which you are insured or provide and exchange Personal Information about the policy owner of the eligible insurance policy to you, the life insured. We may at times permit your Representatives to provide, access, receive, review and update the Personal Information about you in respect of your insurance or AIA Vitality membership with us over the telephone, email or online.
Communications may be provided on an ongoing basis by telephone, electronic messages (e.g. email and pop-ups), online (including via Website, social media and mobile apps) and other means. We may imply your consent to receive these communications from our existing business relationship or in some circumstances where you or your Representatives have provided us with your contact details (including telephone, email or other electronic address).
What if I am not prepared to provide information, or to receive marketing communications?
If you do not wish to receive direct marketing communications please indicate this where prompted (e.g. in an application form or by following unsubscribe instructions in the communications themselves) or by contacting us as set out below. Please note that if you have not told us that you do not wish to receive these communications by phone, where permitted by law, you may be contacted even if you have registered your phone number on the national Do Not Call Register.
Who may have access to my Personal Information?
The parties with whom we exchange your Personal Information varies depending on what product, service, or stage in a policy application, underwriting, or claims process is relevant to your circumstances. Depending on the circumstances specific to your policy or product, we may exchange your personal information with:
- our Affiliates and/or intermediaries;
- our partners (including but not limited to entities with which AIA Australia has partnered in relation to the AIA Vitality program in accordance with the procedures described under the heading “Collection and Disclosure – AIA Vitality Partners” below and partners used in co-branded activities or business initiatives);
- accountants and financial institutions you nominate;
- reinsurers, where we reinsure any insurance cover we provide or offer or propose to provide to you;
- other insurers (including worker’s compensation insurers, authorities, private health insurers including MO Health Pty Ltd) and their contractors and agents;
- any employee, agent, service provider, contractor or third party who provides administrative or other services to AIA Australia or any Affiliates or partners(those services may include health, insurance and reinsurance, archival, auditing, accounting, customer contact, call centres, legal, business consulting, banking, payment, delivery, data processing, data analysis, information broking, research, investigative, website or technology services, professional advisors, program administrators and partners, statement producers, mail houses, email and print services, advertising agencies, technology, data and email storage and servers, backup and cloud computing providers, and other service providers as may be deemed necessary by AIA Australia from time to time);
- publicly available sources, social media and other blogs, other websites you may visit and virtual communities and networks where people create, share or exchange information;
- your Representatives in respect of your holdings with us (for example, insurance, investments or superannuation) or AIA Vitality membership. We may at times permit your Representatives to provide, access, receive, review and update the Personal Information about you in respect of your application, transaction request, claim, insurance or AIA Vitality membership with us over the telephone, email or online;
- the trustee or administrator of a superannuation fund and/or your employer;
- health professionals, medical providers and hospitals, dietitians, pharmacists, fitness trainers and rehabilitation providers;
- the policy owner (where you are a life insured who is not the policy owner) and the life insured (where you are the policy owner who is not the life insured);
- any other party with which we have an arrangement for the promotion and sale of products offered or distributed by us;
- bodies that administer applicable industry codes; and
AIA Australia may also exchange Personal Information with law enforcement agencies or government authorities and their agents (including those that are based overseas) where exchange is authorised or required by law, or where AIA Australia holds the view that such exchange is necessary to avoid or reduce the impact of action or conduct by such agencies, authorities or their governments that would be adverse to AIA Australia or its customers, to report illegal activity or to co-operate with lawful information requests (where we are authorised by law).
Some of the third parties to whom we may disclose Personal Information, including but not limited to our reinsurers, Affiliates, service providers and partners used in our activities and business initiatives, may be located in other countries. The countries may include but are not limited to:
- the United States;
- Canada, including to our third party service provider who assists us to investigate, manage and prevent suspected improper conduct such as fraud;
- South Africa;
- the United Kingdom;
- members of the European Union
- Bermuda; and
- Hong Kong, Singapore, Malaysia, Philippines and other the countries in which AIA Group companies operate (see http://www.aia.com.au/en/individual/about-aia.html), including to our Affiliates, AIA Vitality Company Limited, and their respective service providers, Affiliates and business partners; and
- as relevant in each case, to third party providers with offices or servers located there.
The Australian Privacy Principle 8.1 applies to disclosing personal information to overseas recipients. We are also subject to a range of other legal and regulatory obligations which may require us to impose contractual privacy controls on overseas parties handling Personal Information on our behalf
Please also see below for information about how we keep your Personal Information secure.
In addition to the above, we may also collect, use and disclose your Personal Information in specific circumstances applicable to your situation as described below.
AIA Vitality members (including former and potential AIA Vitality members)
Specifically for our AIA Vitality Members, we collect, use and disclose your Personal Information for purposes including, but not limited to:
- assessing and/or processing your AIA Vitality membership application, registration and activation;
- communicating with you, your Representative and/or the policy owner of your policy regarding your AIA Vitality membership (including without limitation by disclosing Personal Information such as lifestyle, health and medical information that relates to your AIA Vitality membership and other information such as your AIA Vitality status, membership number, whether you have completed certain activities, tests and/or assessments of the AIA Vitality program, whether you have purchased and/or used certain devices and/or accessories, your engagement in the AIA Vitality Program or whether you have visited or used certain AIA Vitality partners to earn AIA Vitality points);
- administration of your AIA Vitality membership, provision of health and wellbeing activities, tests and assessments (including to assess results against previous activities, tests and assessments) and benefits including discounts, cashbacks and rewards, payments relevant to your AIA Vitality membership;
- assessing your entitlement to any discounts available to you under insurance products linked to your AIA Vitality membership (or entitlement thereto); and
- conducting research, analysis and development relevant to your engagement in the AIA Vitality Program, products and services offered by us, our Affiliates and partners of the AIA Vitality program, facilitating your use of the Website and other purposes we notify to you.
If you also own or are insured under any of our insurance products, and provide medical and health related information to us in relation to your AIA Vitality membership, we will take steps to ensure this information is kept separate from the underwriting and claims departments of AIA Australia who are responsible for any future underwriting or claims decisions. Under no circumstances will AIA Australia be deemed to have knowledge of any AIA Vitality-related information in respect of its underwriting and claims functions. In accordance with your statutory duty of disclosure, you are still therefore obliged to disclose any of this information to the extent it may be relevant in the event of any future application for insurance cover (including increased or varied cover) or changes to existing insurance cover with AIA Australia.
We may collect your Personal Information from, and exchange your Personal Information with:
- your Representatives;
- AIA Vitality Company Limited (incorporated in Hong Kong) and Discovery Holdings Limited (incorporated in South Africa);
- the issuer of any product to which your AIA Vitality membership (or entitlement thereto) is linked; and
- the Affiliates and third parties service providers of these entities.
We may also copy your Representatives in email communications sent to you in respect of your AIA Vitality membership and the AIA Vitality program.
If you are an AIA Vitality member that is also an employee of AIA Australia, Personal Information you provide solely as part of your AIA Vitality membership will be accessed by personnel of AIA Australia and third parties for the purpose of administering the AIA Vitality program and as otherwise set out in this policy. Where practicable, access to AIA Vitality-related Personal Information will be limited to those personnel who are directly or indirectly involved with the AIA Vitality program. AIA Vitality-related Personal Information will not be used in making decisions relating to your employment with AIA Australia (including hiring decisions).
Collection and disclosure - AIA Vitality Partners
We may collect your Personal Information from, and provide your Personal Information to, AIA Vitality partners and other providers of health and wellbeing checks and assessments (including but not limited to, dietitians, pharmacists and trainers) and benefits (including but not limited to discounts, cashbacks and rewards) under the AIA Vitality program (together, AIA Vitality Partners). We will only do this to the extent necessary for us to administer the AIA Vitality program (for example, if you choose a service or reward provided by that AIA Vitality Partner under the AIA Vitality program). We will not disclose your Personal Information to AIA Vitality Partners for the purpose of direct marketing unless you consent to this or as otherwise permitted by law.
Collection and disclosure – eligible private health insurance customers
Where you tell us you are covered under or would like to be covered under an eligible private health insurance policy issued by MO Health Pty Ltd, we may exchange your personal information with MO Health Pty Ltd and its Affiliates and third party service providers for the purpose of confirming the information you provide to us and facilitating your application for an eligible private health insurance policy.
Eligible private health insurance customers of MO Health Pty Ltd may apply to become members of AIA Vitality.
If you are a customer of MO Health Pty Ltd or an eligible insured person under a policy issued by MO Health Pty Ltd and you have activated an AIA Vitality membership, we may collect your Personal Information from, and provide your Personal Information to MO Health Pty Ltd as well as its contractors and agents.
Our staff (current and former, including contractors)
With respect to our staff (both current and former, including contractors), we may also collect, use and disclose your Personal Information in specific circumstances applicable to your situation as described below.
We collect Personal Information as part of your current or former employment and/or engagement with us. The types of Personal Information we collect may include:
- identifying information (e.g. date of birth and employee identification and number);
- photographs, videos and images;
- qualifications and experience;
- information relating to your current or former employment or engagement, including the terms and conditions of your employment or engagement;
- your training, performance, conduct, disciplining, resignation or termination;
- background checking and employment screening information including whether you may have a criminal record;
- membership of a professional or trade association, trade union membership;
- leave details; and
- taxation, banking and superannuation affairs.
We collect, use and disclose your Personal Information for all purposes relating to your current or former employment or engagement including, but not limited to:
- assessing your suitability;
- engagement and training;
- payroll and superannuation;
- health and safety;
- insurance (including WorkCover);
- administration and staff management purposes;
- AIA Vitality membership;
- internal and external publications; and
- other purposes that we may notify to you.
We may exchange your Personal Information with law enforcement and background checking or employment screening agencies and educational or vocational organisations to verify your qualifications and whether you have a criminal record in certain circumstances, our distributors and clients, your health service providers, your Representatives (including unions) and our service providers including providers of online services, recruitment, payroll, banking, staff benefits, staff rewards and share programs, surveillance and training services.
We may also collect, use, disclose or exchange other types of Personal Information and may conduct or engage background checking or employment screening agencies to conduct other checks under applicable AIA Australia and AIA Group policies and in certain circumstances, and we may exchange the results of background checks and employment screening information with our distributors and clients for the purposes of assessing your suitability for employment or engagement.
We collect Personal Information as part of your job application including your qualifications, experience, professional memberships, achievements and work history.
We collect, use and disclose your Personal Information for purposes including, but not limited to, assessing your application, assessing you for a position or positions with us or our Affiliates, assessing your suitability (including whether you are suitable to progress to each stage of the recruitment process for a position), storing your information for future job opportunities and other purposes we notify to you.
We may exchange your Personal Information with our Affiliates, recruitment agencies, online service providers, organisations that conduct competency or psychometric tests, referees, current and previous employers, law enforcement and background checking or employment screening agencies and educational or vocational organisations to verify your application details and whether you have a criminal record in certain circumstances.
We may also collect, use, disclose or exchange other types of Personal Information and may conduct or engage background checking or employment screening agencies to conduct other checks under applicable AIA Australia and AIA Group policies.
Our Website and emails
If you visit our Website to read, browse, sync, upload or download information, our system may record information such as the date and time of your visit to the Website, the pages accessed and any information uploaded, downloaded or synced. This information is used for purposes including statistical, reporting and website administration and maintenance purposes and to help us better manage, analyse and develop our Websites, communications and products.
Like many other websites, our Website may use ‘cookies’ from time to time. A cookie is a piece of information that allows our system to identify and interact more effectively with your device. The cookie helps us to maintain the continuity of your browsing session and remember your details and preferences when you return. You can configure your web browser software to reject cookies however some parts of our website may not have full functionality in that case.
You can find more details in the privacy policies for the services we use, including information on how to opt-out of certain conduct.
If you are considering sending us any other Personal Information through our Website or other electronic means, please be aware that the information may be insecure in transit, particularly where no encryption is used (e.g. email, standard HTTP). We are subject to laws requiring us to protect the security of Personal Information once it comes into our possession.
The Website may contain links to other sites. We recommend that you carefully read and familiarise yourself with all relevant terms and conditions, privacy practices, policies and guidelines of those sites (as amended from time to time) and select the privacy and security settings that you are comfortable with. We are not responsible for the consent, security, privacy practices, policies or guidelines of those sites.
- your name;
- your email address;
- your profile picture and other photos;
- usernames, aliases, pseudonyms or login IDs;
- your telephone number;
- your postcode / suburb / state of residence;
- your mailing address;
- your company name, job title and industry;
- your gender;
- other information contained in your profile such as your education, relationship status, sexual preference, religious views, political views and links to online properties and other social media accounts;
- comments you make or submit and any responses to such comments (including our responses and the responses of any other person or through a competition, giveaway, event or activity run by us or one of our Affiliates or partners); and
- information about your interactions with us on social media platforms, including the date and time of your visit, which parts of our social media pages you visited and what information or material you viewed or downloaded. This information is used for statistical, reporting, administrative and maintenance purposes.
We recommend that, before using social media to interact with us, you carefully read and familiarise yourself with:
- the privacy and security settings available for that platform and select the settings that you are comfortable with.
You may choose to communicate or interact with us (to ask general enquiry type questions) anonymously or by using a pseudonym. Please be aware that this may reduce our ability to interact with you. In some circumstances we are often governed by strict regulations that require us to know who we’re dealing with. In general, we won’t be able to deal with you anonymously or where you are using a pseudonym when:
it is impracticable; or
we are required or authorised by law to deal with you personally.
We take reasonable steps to protect Personal Information from misuse, interference and loss including by implementing physical, technical and administrative security standards to secure and protect your Personal Information from unauthorised access, modification or disclosure. Steps we take can include, but are not limited to, implementing and imposing:
- confidentiality requirements on our employees and other representatives, as well as third parties;
- policies on document storage security;
- security measures for access to our systems;
- identification procedures prior to providing access to information;
- control on access to our premises; and
- website protection security measures.
Retention / Destruction
When all of our legal obligations to retain your information have expired, or we no longer need your information for a purpose permitted under law, we will take such steps as are reasonable to destroy or de-identify it.
Accessing and updating your Personal Information
You have the right to access the Personal Information we hold about you, and can request the correction of your Personal Information if it is inaccurate, incomplete or out of date. Requests for access or correction should be directed to our Compliance Manager (see ‘Contact us’ below). We may also, at our discretion, permit your Representatives to access the Personal Information we hold about you and request its correction if it is inaccurate, incomplete and out of date.
Please note that in relation to Personal Information provided via social media, we can only provide access to or correct information held by us. You must direct requests for access to or correction of personal information held by the social media platform provider directly to the relevant platform provider.
We will generally respond to requests for access as soon as possible or at least within 10 business days. If a request is straightforward, we will often grant access within 10 days or, if the request is more complicated, within 30 days. We will contact you if we cannot provide you with the information within 10 business days. We may need to verify your identity before providing access.
In some circumstances, AIA Australia may not permit access to your Personal Information where, for example, such access would be unlawful or denying access is authorised by law. In these cases, AIA Australia will provide you with a schedule of documents we have declined and the reason for doing so, together with details of our complaints process. If you disagree with our refusal to correct your Personal Information, you can ask us to append an explanatory note to the information.
If you have any questions or concerns about your Personal Information, please contact our Compliance Manager as set out below:
The Compliance Manager
PO Box 6111
Melbourne VIC 3004
Phone 1800 333 613
AIA Australia has established an internal dispute resolution process for handling customer complaints (including matters involving compliance with privacy laws). This dispute resolution mechanism is designed to be fair and timely to all parties and is free of charge. If you have a complaint about AIA Australia's handling of your Personal Information, you can lodge a complaint in one of the following ways:
- Call us on 1800 333 613 (select option 2)
- Email us at email@example.com
- Email us at firstname.lastname@example.org if your insurance is provided via your Superannuation fund
- Mail us at AIA Australia, PO Box 6111, Melbourne Vic 3004
- Contact your Financial Adviser
- Contact your product provider, for example Superannuation Fund, directly
- Complete the complaint form via our website at www.aia.com.au/en/individual/help-support/how-to-lodge-a-complaint.html
AIA Australia’s Internal Dispute Resolution Committee will handle any escalated complaints that cannot be addressed at an operational level. AIA Australia aims to resolve your complaint within 45 days of receipt.
If you are a current or former employee or contractor of ours, any complaint about company compliance with privacy laws will be handled in the manner described in the applicable Human Resources policy or procedure where available.
If your complaint is not resolved to your satisfaction by our internal dispute resolution process, you may take your complaint to the:
Office of the Australian Information Commissioner
GPO Box 5218
Sydney NSW 2001
Phone: 1300 363 992
Last Updated 8 August 2018
AIA Australia Limited ABN 79 004 837 861 AFSL 230043
AIA Financial Services Limited ABN 68 008 540 252 AFSL 231109
Copyright © 2018, AIA Group Limited and its subsidiaries. All rights reserved.
Confidential and proprietary information.