OUR PRIVACY POLICY

At RAI Commerical Pty Ltd t/as Victual, we are committed to protecting your
privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian
Privacy Principles (APPs).
This Privacy Policy applies to personal information collected by us and explains how
we collect, use, disclose and handle it as well as your rights to access and correct your
personal information and make a complaint for any breach of the APPs.

What is Personal Information?

The Privacy Act defines personal information to mean:
Information or an opinion about an identified individual, or an individual who
is reasonably identifiable, whether the information or opinion is true or not and
whether recorded in a material form or not.

WHAT IS SENSITIVE INFORMATION?

Sensitive information is a subset of personal information
and means:

Information or opinion about an individual’s racial or ethnic origin, political opinions,
membership of a political organisation, religious beliefs or affiliations, philosophical
beliefs, membership of a professional or trade association, membership of a trade
union, sexual orientation or practices, criminal record, health information about
an individual, genetic information, biometric information or templates.

What kinds of personal information do we collect and hold?

The kinds of personal information we collect and hold vary depending on the services
we are providing, but generally can include:

  • Your contact information such as full name (first and last), e-mail address, current
    postal address, delivery address (if different to postal address) and phone numbers;
  • Details relating to your employment (if applicable) or your previous employment;
  • Your date of birth
  • Insurance history;
  • other information specific to our products or services such as your opinions,
    statements and endorsements collected personally or via surveys and
    questionnaires, including but not limited to your views on the products and
    services offered by Victual; and
  • If you are requesting products or services from us, we will collect any relevant
    payment or billing information, (including but not limited to bank account
    details, direct debit, credit card details, billing address, premium funding and
    installment information.

The type of sensitive information we may collect generally includes:

  • criminal record;
  • health information; and
  • membership of a professional or trade association.

HOW DO WE COLLECT AND HOLD PERSONAL INFORMATION?

We only collect personal information by lawful and fair means and where
it is reasonably necessary for, or directly related to, one or more of our functions
or activities.

Unless it is unreasonable or impracticable for us to do so, or as provided otherwise
under this Privacy Policy, we will collect your information directly from you or
your agents.

If we collect details about you from someone else, we will, take reasonable steps
to make you aware of the collection in accordance with the APPs.

We may obtain personal information indirectly and who it is from can depend on the
circumstances. We will usually obtain it from another insured if they arrange a policy
which also covers you, related bodies corporate, referrals, your previous insurers
or insurance intermediaries, witnesses in relation to claims, health care workers,
publicly available sources, premium funders and persons who we enter into business
alliances with.

We attempt to limit the collection and use of sensitive
information from you unless we are required to do so in
order to carry out the services provided to you. However,
we do not collect sensitive information without your consent.

We hold the personal information we collect within our own data storage devices or
with a third party provider of data storage. We discuss the security of your personal
information below.

The purposes for which we collect, hold, use and disclose
your personal information

We collect, hold, use and disclose your personal information where it is reasonably
necessary for, or directly related to, one or more of our functions or activities. These
will usually include our insurance broking services, insurance intermediary services,
funding services, claims management services and risk management and other
consulting services and to meet any obligations we have at law e.g identity checks
required by the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
and other legislation. We also use it for direct marketing purposes explained in more
detail below.

For example, we usually need to collect, hold, use and disclose personal
information where:

  • we are providing personal advice, so we can provide this advice to you;
  • we arrange insurance, so insurer(s) can decide whether to offer insurance or not;
  • you require premium funding, so the funder can decide whether to provide the
    funding or not;
  • a claim is made, so the insurer can make a decision on the claim;

We do not use or disclose personal information for any purpose that is unrelated
to our services and that you would not reasonably expect (except with your consent).
We will only use your personal information for the primary purposes for which it was
collected or as consented to.

We usually disclose personal information to third parties who assist us or are involved
in the provision of our services and your personal information is disclosed to them
only in connection with the services we provide to you or with your consent. We may
also disclose it for direct marketing purposes explained in more detail below.
The third parties can include our related companies, our agents or contractors,
insurers, their agents and others they rely on to provide their services and products
(e.g reinsurers), premium funders, other insurance intermediaries, insurance reference
bureaus, loss adjusters or assessors, medical service providers, credit agencies, lawyers
and accountants, prospective purchasers of our business and our alliance and other
business partners.

These parties are prohibited from using your personal information except for the
specific purpose for which we supply it to them and we take such steps as are
reasonable to ensure that they are aware of the provisions of this Privacy Policy
in relation to your personal information.

We also use personal information to develop, identify and offer products and services
that may interest you, conduct market or customer satisfaction research. From time
to time we may seek to develop arrangements with other organisations that may be
of benefit to you in relation to promotion, administration and use of our respective
products and services. See direct marketing explained in more detail further below.
We do not use sensitive information to send you direct marketing communications
without your express consent.

If we do propose to disclose or use your personal information other than for the
purposes listed above, we will first seek your consent prior to such disclosure or use.
If we give third parties (including their agents, employees and contractors) your
personal information, we require them to only use it for the purposes we agreed to.

What if you do not provide some personal information to us?

If the required personal information is not provided, we or any involved third parties
may not be able to provide appropriate services or products. If you do not provide the
required personal information we will explain what the impact will be.
What do we expect of you/ third parties we deal with when
providing personal information about another person?

When you provide us with personal information about other individuals, we rely on
you to have made them aware that you will or may provide their information to us,
how we collect, use, disclose and handle it in accordance with this Privacy Policy and
our relevant Privacy Statements. If it is sensitive information we rely on you to have
obtained their consent to the above. If you have not done these things, you must tell
us before you provide us with the relevant information.
If we give you personal information, you must only use it for the purposes we
agreed to.

Unless an exemption applies or we agree otherwise, you must meet the requirements
of the Privacy Act, when collecting, using, disclosing and handling personal
information on our behalf.
You must also ensure that your agents, employees and contractors meet the
above requirements.

How do we manage the security of your
personal information?

We take reasonable steps to ensure that your personal information is safe.
We retain personal information in hard copy records and electronically with us
or our appointed data storage provider(s). You will appreciate, however, that we
cannot guarantee the security of all transmissions of personal information,
especially where the internet is involved.
Notwithstanding the above, we endeavor to take all reasonable steps to:

  • protect any personal information that we hold from misuse, interference
    and loss, and to protect it from unauthorised access, modification or disclosure
    both physically and through computer security measures;
  • destroy or permanently de-identify personal information in accordance
    with the Privacy Act.

We maintain computer and network security; for example, we use firewalls, anti-virus
& anti-spam (security measures for the internet) and other security systems such
as user identifiers and passwords to control access to computer systems.

Data quality

We take reasonable steps to ensure that personal information is current, accurate,
up-to-date and complete whenever we collect or use or disclose it.
Throughout our dealings with you we will take reasonable steps to confirm the details
of your personal information we hold and ask you if there are any changes required.
The accuracy of personal information depends largely on the information you provide
to us, so we rely on you to:

  • let us know if there are any errors in your personal information you become
    aware of; and
  • keep us up-to-date with changes to your personal information
    (such as your name or address).

Access to and correction of your personal information
You are entitled to have access to any personal information relating to you which we
possess, except in some exceptional circumstances provided by in law. For example,
we may refuse access where the:

  • information may have an unreasonable impact on the privacy of others;
  • request is frivolous or vexatious;
  • information relates to existing or anticipated legal proceedings and would not
    be accessible by the process of discovery in those proceedings;
  • information would reveal our intentions in relation to negotiations in such a way
    as to prejudice those negotiations.

Where providing access would reveal evaluative information generated by us in
connection with a commercially sensitive decision-making process, we will provide
an explanation for the decision rather than direct access to the information.

If we refuse access or to give access in the manner requested by you we will let you
know why in writing and provide you with details about how to make a complaint
about the refusal.

If we make a correction to your personal information we may retain a copy
of the previous information for our records or as required by law.

If you wish to access your personal information please contact us.
In most cases we do not charge for receiving a request for access to personal
information or for complying with a correction request.

Do we transfer information overseas?

Any personal information provided to Victual may be transferred to, and stored at,
a destination outside Australia, including but not limited to New Zealand, Singapore,
United Kingdom and the United States of America. Details of the countries we disclose
to may change from time to time. Personal information may also be processed by staff
or by other third parties operating outside Australia who work for us or for one of our
suppliers, agents, partners or related companies.

When we send information overseas, in some cases we may not be able to take
reasonable steps to ensure that overseas providers do not breach the Privacy Act and
they may not be subject to the same level of protection or obligations that are offered
by the Act. By proceeding to acquire our services and products you agree that you
cannot seek redress under the Act or against us (to the extent permitted by law) and
may not be able to seek redress overseas. If you do not agree to the transfer of your
personal information outside Australia, please contact us.

Sale or restructure of business

In the future we may consider the sale or restructure of our business or the purchase
of the business of other Insurance Brokers or financial advisers. In such circumstances
it may be necessary for your personal information to be disclosed to permit the parties
to assess the sale or restructure proposal for example through a due diligence process.
We will only disclose such of your personal information as is necessary for the
assessment of any sale or restructure proposal and subject to appropriate procedures
to maintain the confidentiality and security of your personal information. In the event
that a sale or restructure proceeds, we will advise you accordingly.

DIRECT MARKETING

We may use your personal information, including any email address you give to us,
to provide you with information and to tell you about our products, services
or events or any other direct marketing activity (including third party products,
services and events which we consider may be of interest to you). Without the
limitation just described, if it is within your reasonable expectations that we send
you direct marketing communications given the transaction or communication you
have had with us, then we may also use your personal information for the purpose
of sending you direct marketing communications which we may consider may be
of interest to you. We may request our related parties to contact you about services
and products that may be of interest to you.

OUR WEBSITE

You are able to visit our website without providing any personal information.
We will only collect personal information through our websites with your prior
knowledge for example where you submit an enquiry or application online.
Email addresses are only collected if you send us a message and will not be
automatically added to a mailing list.

COOKIES

  • A cookie is a small string of information that a website transfers to your browser
    for identification purposes. The cookies we use may identify individual users.
  • Cookies can either be “persistent” or “session” based. Persistent cookies are
    stored on your computer, contain an expiration date, and are mainly for the
    user’s convenience.
  • Session cookies are short-lived and are held on your browser’s memory only for
    the duration of your session; they are used only during a browsing session, and
    expire when you quit your browser.
  • We may use both session and persistent cookies. This information may be used
    to personalise your current visit to our websites or assist with analytical information
    on site visits.
  • Most internet browsers can be set to accept or reject cookies. If you do not want
    to accept cookies, you can adjust your internet browser to reject cookies or
    to notify you when they are being used. However, rejecting cookies may limit
    the functionality of our website.

COMPLAINTS

If you do have a compliant about privacy we ask that you
contact our office first to help us to assist you promptly.
In order to resolve a complaint, we:

  • Will liaise with you to identify and define the nature and cause of the complaint;
  • May request that you detail the nature of the complaint in writing;
  • Will keep you informed of the likely time within which we will respond
    to your complaint;
  • Will inform you of the reason for our decision in resolving such complaint; and
  • Keep a record of the complaint and any action taken in the Register of Complaints.

If you have a complaint please contact us and our Privacy Officer will then attempt
to resolve the issue or complaint.

When we make our decision, we will also inform you of your right to take the matter
to the Office of the Australian Information Commissioner (OAIC) if you are not
satisfied. In addition if you have not received a response from us of any kind to your
complaint within 30 days, then you have the right to take the matter to the OAIC
(contact details are provided below).

You also have a right in limited circumstances to have your privacy complaint
determined by the Financial Ombudsman Service (FOS). The FOS can determine
a complaint about privacy where the complaint forms part of a wider dispute
within the FOS Terms of Reference between you and us or when the privacy
complaint relates to or arises from the collection of a debt. We are bound by FOS™
determinations, provided the dispute falls within the FOS Terms of Reference. Unless
exceptional circumstances apply, you have two years from the date of our letter of
decision to make an application to the FOS for a determination. You can access the
FOS dispute resolution service by contacting them at:

Financial Ombudsman Service Australia
GPO Box 3, Melbourne, Victoria 3001.
📞 1800 367 287
💻 www.fos.org.au
✉ info@fos.org.au

If you would like further details of our Privacy Complaints Handling Procedure,
please contact our Privacy Officer using the contact details listed above.
We recommend that you retain this information for future reference.

HOW TO CONTACT US AND OPT OUT RIGHTS

If you wish to gain access to your personal information, want us to correct or update
it, have a complaint about a breach of your privacy, wish to withhold your consent
(opt out) of providing consent to any of the uses of your information including
receiving offers of products or services from us, or have any other query relating to
our Privacy Policy, contact our Privacy Officer during business hours on.

We welcome your questions and comments about privacy.

This Privacy Policy is current from 12 March 2014. In the event that this Privacy Policy
or any part thereof is amended or modified in the future, the revised version will be
available by contacting our office or on our website.

You can also obtain information on privacy issues in Australia on the Office of the
Australian Information Commissioner (OAIC) website at www.oaic.gov.au or by
contacting the OAIC by email at enquiries@oaic.gov.au or by calling on 1300 363 992.