Privacy Policy

QBE Insurance (Australia) Limited ABN 78 003 191 035 AFSL 239545 (QIA) is committed to earning and maintaining your trust by carefully and respectfully managing your personal information.

This Privacy Policy provides important information about how QIA collects, uses, holds and discloses your personal information. It also outlines how you can:

  • access and correct the personal information we hold about you
  • make a complaint about our handling of your personal information, and
  • provide free and informed consent for QIA to handle your personal information.

Application of this Privacy Policy

This Privacy Policy applies to QIA as well as:

  • QBE Management Services Pty Ltd ABN 92 004 800 131
  • Trade Credit Underwriting Agency Pty Ltd ABN 73 160 077 574
  • Trade Credit Collections Pty Ltd ABN 82 635 741 605, (we, us, our).

We will update this Privacy Policy if our information handling practices change.

What laws apply to us when we collect, use, or disclose your personal information

Our collection, use, holding, and disclosure of your personal information is governed by the Australian Privacy Principles and the Privacy Act 1988 (Cth), as well as State and Territory privacy legislation.

We also have obligations relating to the handling of your personal information, or particular types of personal information, under other laws, including but not limited to:

Key sections of this Privacy Policy

Privacy Policy summary

We collect, hold, use and disclose personal information so that we can offer and deliver to you, products and related services that may manage your financial risk. The type of things we do with your personal information to be able to provide you with these products and services include:

  • analysing the risks being insured
  • arranging and issuing insurance products
  • claims assessment, management, and settlement
  • credit reporting to understand your financial position
  • complaint and dispute management and resolution
  • accounting and auditing
  • litigation and debt recovery
  • preventing, detecting, and managing insurance fraud and financial crime
  • complying with legal and regulatory obligations
  • providing insurance services for other insurance entities, and
  • communicating to you about your insurance policy, products, or services.

We may also use your personal information for additional purposes such as:

  • conducting customer research
  • marketing our products and services to you
  • personalising or targeting advertisement on other websites, apps, or online platforms
  • data analysis and matching for marketing purposes
  • using web tracking tools, and cookies to manage or improve our website, and
  • improving our products and services.

We may share your personal information with others as part of these activities and uses. What information we share and with whom depends on the circumstances of the activities we need to perform. For example, we may also share your personal information with marketing, advertising and data matching service providers, and third-party platforms which display advertising or content (including personalised advertising), based on your personal information.

We support your right to access or correct the personal information we hold about you or make a privacy complaint.

Privacy Policy in full

Types of personal information we collect

The personal information we collect depends on the products and services we offer you and the circumstances of your interactions with us. The table below lists examples of the type of personal information we collect.

Type of personal information Examples of what personal information this may include
Identity information and contact details Name, date of birth, mailing and residential address, telephone numbers, and email address.
Demographic information  Age, gender, country of birth, citizenship or residency status, relationship status and family circumstances, education, whether you have children, dependents, or are a carer.
Australian Government related identifiers or copies of identity documents
  • Medicare, Pensioner, Concession, Passport, Visa, Drivers Licence
  • Tax File Number, Individual Healthcare Identifier
  • Copies of other government identification numbers or documents such as birth and marriage certificates.
Employment information Employment status, employer or employees, role, workers employment history, salary, workplace performance, workplace injuries, accidents, and misconduct.
Driving record Demerit points, suspensions and driving incidents.
Health or medical information Medical records such as diagnoses, diagnostic imaging reports, handwritten medical reports, pathology reports, psychological assessments, vaccination history, drug and alcohol test results, and specialist's letters.
Financial and credit-related information
  • Your bank account and credit card details.
  • Personal insolvency information such as information entered or recorded in the National Personal Insolvency Index
  • Consumer credit liability information, which includes details about consumer loans, credit cards and overdrafts
  • Repayment history information relating to consumer credit contracts
  • Default information or information about any other serious credit infringements
  • Publicly available information that relates to your credit worthiness such as bankruptcy notices.
Property and asset-related information Information about property or assets. For example, information about the type of vehicle you own, registration details, maintenance history, images of the assets etc.
Business information involving personal information Directors Identification Number, details of the shareholdings.
Photographs, video or audio recordings and transcripts
  • Call audio recordings and transcripts when we call you or you contact our call centres or affiliates
  • Photographs and videos made when collecting evidence to assess the risk of insurance or support a claim.
Interaction and behavioural information Your interactions with us, including your queries or complaints, opt-ins to receive marketing surveys and communications, as well as information collected at the point of application and claims processing. See also websites and app tracking section in this table.
Personal information we create from data analytics activities
  • Metrics for suspicious and potentially fraudulent claims
  • Risk rating for individuals who are not seeking healthcare per their claim entitlements
  • Whether your credit history predicts the risk of a default for a deposit bond.
Website and app tracking

When you visit our websites or use one of our apps we, or third parties acting on our behalf, use cookies to collect information which may include personal information. We use both 'persistent' and 'session' cookies. We also use other technologies similar to cookies, including those which are embedded into, or which accompany emails sent by us or on our behalf. The information we collect includes:

  • details of visits to our website or use of our apps and the browsers used
  • details of sites visited before visiting our website
  • pages visited, time spent on them, and documents viewed and downloaded
  • visits made to our websites before
  • user location
  • preferences, and
  • server address/IP address.

Please see QBE's cookies policy for further information.

Vulnerability Information which may indicate vulnerability such as age, disability, mental health conditions, physical health conditions, family violence, language barriers, literacy barriers, cultural background, Aboriginal or Torres Strait Islander status, remote location, or financial distress.
Other sensitive information
  • Religious beliefs
  • racial or ethnic origin
  • membership of a professional or trade association
  • membership of a trade union
  • criminal record.
 

Who we may collect your personal information from

We may collect personal information from:

  • you, including when you are a customer of our related entities, intermediaries, or a broker
  • our customers, and the customers of our business intermediaries, for example brokers and agencies that distribute insurance products and services on behalf of QIA
  • our claims fulfilment and other service providers, such as auto repairers, claims assessors, and legal firms
  • group policyholders such as large employers and businesses
  • other insurance companies or organisations involved in processing a claim
  • policyholders, claimants, and witnesses
  • credit reporting bodies
  • Government entities such as regulatory bodies
  • participants in competitions, loyalty programs, marketing initiatives, promotions, and surveys
  • credit providers, and others you owe money to, or
  • trainees and people who use our online training facilities.

We may also collect personal information about you from the above persons or entities if you are not directly a customer of QIA. When we collect this information, this Privacy Policy also applies.

How we collect your personal information

We collect your personal information:

  • directly from you
  • from third parties, or
  • when we create new information about you when we analyse personal or other information we already hold about you.

We collect your personal information in various ways, including:

  • from your interactions with us, including in person, over the phone, via email, website, and mail
  • from your dealings with our related entities, intermediaries and brokers who interact with us
  • from your dealings with our claims fulfilment providers, other service providers and other individuals or entities involved in a claim, such as authorised repairers, medical professionals, lawyers, debt collectors, other insurers, claimants, injured persons, and co-insureds
  • from embedded tools on our websites such as cookies and pixels, and
  • from publicly available sources of information such as social media websites and ASIC registers.

Why we collect your personal information

We endeavour to limit the collection of your personal information to what is reasonably necessary for our business activities and functions. The table below lists the primary purposes for which we collect your personal information and some examples.

Purpose Examples of how we may use and/or share your personal information
Providing our products and services

Common activities when providing our products and services include:

  • assisting your with applications for insurance
  • answering your questions or providing financial services advice
  • assessing your application (including eligibility) for an insurance product or service or to participate in any of our programs or initiatives
  • assisting you with an insurance claim
  • assessing and/or settling your insurance claim
  • monitoring and managing risks across the insurance policy lifecycle
  • putting you in touch with relevant product and service providers to fulfil an approved claim
  • supporting customers experiencing vulnerability, and 
  • providing and managing products, services and programs to our business, corporate and institutional customers and the use of the products and services by their customers.
Improving our products and services We may use your personal information to identify our better performing suppliers so that we can allocate these suppliers to you when you lodge a claim.
Assessing the risk of providing our products and services

We use data analytics tools across multiple settings for generating business information to help use make decisions related to providing you insurance.

For example, personal information is combined with other information such as aggregate claims history to quantify the risk of providing insurance. This risk modelling is then used to generate prices for insurance and surety products we offer to you.

Verifying the accuracy of information and enhance the information we hold about you to help us make decisions

We use data matching techniques to verify the accuracy or improve the quality of information we hold about you. We also use data matching to improve upon or deliver our products and services to you.

For example, we may match data that is managed or held by one of our affiliated underwriting agencies with data we hold to ensure that our records are kept up to date if the circumstances of your insurance policy change.

Underwriting

Our underwriters collect information to assess the risk of providing insurance to you.

For example, if someone buys Directors and Officers Liability insurance, the underwriter may collect and analyse information about that individual’s past performance as a director to estimate potential risks to future directorship.  

Managing delegated underwriting authority and delegated claims

We sometimes delegate components of the underwriting or claims processes to affiliated business partners.

For example, some business partners may perform underwriting assessments on our behalf when providing our insurance to their customers. We may handle the personal information of business affiliate customers as part of ensuring that they are performing the underwriting process according to our internal policies and procedures.

Managing dispute resolution and complaints  

We handle personal information to resolve complaints relating to our products and services, including matters referred to us from the Australian Financial Complaints Authority (AFCA), Personal Injury Commission (PIC) or our whistleblowing process.

We may also handle your personal information when conducting reviews and generating reports about our complaint management performance including when responding to requests from regulators or Government authorities. 

Managing credit risk We may analyse your consumer credit history as part of our risk assessment process for delivering some of our insurance products such as surety bonds.  
Engaging in litigation

In some circumstances, insurance matters must be resolved through the court system.

For example, we may seek recovery of damages from the insurer of the third party that crashed into your car. Personal information relating to the insureds and claim affiliates may be used and or disclosed to resolve these matters in court.

Managing insurance fraud and financial crime  

We have systems in place to prevent, detect and investigate any actual or suspected fraudulent or criminal activity or other serious misconduct.

For example:

  • We monitor if an insurance applicant who has had their application denied multiple times changes their personal information to try to purchase insurance from us.
  • If an investigation is escalated, we may collect additional personal information from public sources of information, such as social media, to gather evidence.
  • We may verify whether identity documentation provided as part of the application is real.
Complying with our legal and regulatory obligations  We must comply with regulatory obligations which require us to handle personal information. For example, certain criminal matters identified by our investigations team may be referred to the police. 
Providing other insurance services We have relationships with other insurance entities, such as NSW’s iCare and handle personal information on their behalf for activities such as claims processing.
Business administration

We perform a variety of business administration functions which involve handling personal information such as:

  • billing and financial auditing
  • estimating balance sheet reserves, or
  • processing financial transaction information in bulk to apply taxes such as GST or Stamp Duty.
 

Why we use and disclose you personal information

While we may use and disclose your personal information for the primary purposes set out in the table above, we may also use personal information for the following secondary purposes.

Purpose Examples of how we may use and/or share your information
Product development To develop new products and services. 
Quality assurance To ensure that we have met our product and service delivery expectations. For example, we may analyse partially anonymised call transcripts to evaluate the quality of service provided to you.
Customer research and marketing

Customer research and marketing We analyse information from market research surveys to understand how we are performing, where there are areas of service delivery strengths, and where there are areas for improvement.

You can opt-out at any time by contacting us via our contact details set out below, or through the opt-out mechanism contained in all marketing communications to you.

Direct marketing We engage in direct marketing using personal information. We may conduct data matching exercises of existing customer databases with marketing, advertising, and data matching service providers for the purposes of delivering marketing across certain/online/digital mediums such as social media and other digital platforms such as Google.
Website and mobile application performance and use tracking

We use website analytics tools to:

  • understand how users interact with features on our websites
  • enhance and tailor website functionality and the customer experience
  • investigate security incidents
  • learn about emails sent, so we ensure our communications are effective, and
  • manage our servers and websites.
Improving the performance of data analytics or machine learning tools

Personal information may be used to train or improve the performance of our or our third party’s analytics tools such as machine learning algorithms.

For example, machine learning tools used to detect the risk that a claim may be denied may become more accurate over time as these tools processes more claims.

 

Who we may disclose your personal information to, and why

Who we disclose your personal information to will depend on our relationship with you and the purposes for which we collected your personal information. In some circumstances, the entities we share information with may also share your personal information with other entities they do business with. The table below describes who we may share your personal information with and why.

Who we might share you information with Examples of why we may share your personal information
Other QBE entities Our Global Shared Services Centre is located in the Philippines, and we may disclose personal information to them to assist us providing sales, claims, accounting, and administration services.
Any person authorised by you You may permit us to disclose your personal information to an entity as part of a claim fulfilment such as when we put you in touch with one of our authorised auto-repairers who will repair your car, plane, or motorbike.
Co-insureds 

We may share some of your personal information with other individuals or entities who share an insurance policy with you.

For example, you may share a comprehensive car insurance policy with your spouse and your information may be shared with them.

Our Family and domestic violence customer support policy recognises that privacy and confidentiality can be critical to safety in any family and domestic violence situation, and we will treat any information you give us about your situation and your personal circumstances in confidence. 

Other insurance companies Personal information of policyholders may be shared with other insurers to obtain information about past insurance history, including to confirm a no claim bonus status, or to assess insurance risk, or to assist with investigations.
Business intermediaries We have relationships with a variety of businesses who provide QIA’s insurance products and services to their customers, such as brokers, authorised representatives, and underwriting agencies. We may collect, process, and share the personal information of individuals who have purchased a policy underwritten by QIA from these intermediaries.
Claims fulfilment and other service providers We have a network of service providers such as auto repairers, builders, health care providers, investigators and assessors, legal advisors with whom we exchange personal information to deliver or improve our products and services.
Reinsurers We may share some personal information of our policyholders where we purchase reinsurance from a reinsurer. The reinsurer may request access to information about our policyholders as part of their due diligence processes.
Mail houses and records management companies These businesses print and/or deliver mail or provide secure storage and management of our records on our behalf.
Financiers of property insured  To authorise the provision of finance, banks may require details of the property insurance their mortgage customers have as a condition of the provision of finance.
Healthcare providers Personal information may be shared to establish an insured’s medical status and arrange appropriate treatment in the event of a claim. In an emergency we may also disclose information to employers and family members.
Banking transaction services Organisations that provide banking or transactional services to facilitate payments to and from us may handle personal information in the process of delivering these services to us.
Service providers

Organisations that assist us deliver or improve our products, services and the customer experience may handle customer personal information.

For example, we may provide Compulsory Third-Party insurance data to information service providers who in turn provide motor vehicle data services to us. Also, other entities include data storage and IT application providers.

Credit reporting agencies We may share personal information with credit reporting bodies to assess your financial position for your insurance policy.
Regulatory authorities, law enforcement and other government entities  We have a range of regulatory obligations we must comply with which occasionally requires us to share information, including personal information with government, law enforcement bodies and other regulators.  
Dispute resolution organisations  

We may be required to provide personal information in relation to complaints made by customers upon request by parties such as the:

  • Australian Financial Complaints Authority (AFCA)
  • State Insurance Regulatory Authority (SIRA)
  • Personal Injury Commission (PIC), or
  • Australian Securities and Investment Commission (ASIC).
Analytics service providers We procure data analytics service providers to assist us develop risk assessment tools for risk identification and management activities. These service providers may require us to provide them with certain personal information depending on the modelling and prediction activities they have been tasked with.
Social media providers  We maintain a social media presence. When individuals comment on public posts associated with QBE, some of their personal information may be disclosed to social media companies or collected by organisations with public language learning models such as ChatGPT.
Lawyers and recovery (mercantile) agents Information may be exchanged to defend actions by third parties, to recover our costs and amounts owed to us, or to seek a legal opinion.
Witnesses  We may share information for the purpose of gathering witness statements for the claims management process.
Experts and consultants We may seek assistance on projects from professional services firms which may gain access to personal information to perform their functions and services.
Taxi and ridesharing organisations  When we repair your car, a repairer may book a taxi or ridesharing service on your behalf who may receive your name and address.  
 

Information we share with overseas recipients

We may store and disclose personal information overseas. These locations include:

  • China
  • France
  • Germany
  • Hong Kong
  • India
  • Ireland
  • New Zealand
  • Philippines
  • Singapore
  • Thailand
  • The United Kingdom
  • The United States of America
  • Vietnam.

Where personal information has been disclosed overseas, there is a possibility the recipient may be required to disclose it under a foreign law. Where this occurs, such disclosure is not a breach of the Privacy Act.

If you do not provide us with your personal information

You do not have to provide us, our intermediaries, claims fulfilment or other claims related service providers with personal information when seeking our products or services or interacting with us. However, if you do not provide us the necessary information, we may not be able to provide you the products or services you request. In some cases, failing to give us requested personal information can have negative consequences such as the denial of a claim.

Dealing with QIA anonymously

There are some cases where you can deal with us anonymously, such as if you are only looking for general information about one of our products or services.

How we hold and secure your personal information

Holding your information

We hold your personal information in information management systems which may be on-premise or cloud-based servers, data warehouses, data lakes, and in hard copy files. These systems are managed in a number of ways. They may be managed or administered internally by us, or they could be managed by a third-party with whom we may have a contractual relationship. Third parties can be located in Australia and/or overseas.

Securing your information

We take reasonable steps to protect your personal information from misuse, interference, and loss, as well as unauthorised access, modification, or disclosure. The ways we do this include:

  • limiting physical access to our premises
  • restricting electronic and physical access to personal information we hold
  • monitoring staff access to your personal information
  • having stand-by systems and information backups in place to deal with major business interruptions
  • maintaining information security products such as system firewalls, encryption tools, and secure file transfer services
  • implementing risk management processes to maintain polices, standards and procedures that govern and control the protection of your personal information
  • performing audits of our information management systems and practices, and
  • assessing third-party security measures.

Your privacy rights

Consent to collect, use, and share your information

For certain activities and types of personal information, such as sensitive information and credit-related information, we are required to obtain your consent to collect, use and disclose your personal information. In these circumstances, we endeavour to ensure that you:

  • are aware of the consequences of giving or not giving your consent
  • understand that consent is voluntary in that you are not being forced to provide consent, and
  • understand that your consent (at the time it is given), is current and specific.

There are benefits and risks associated with providing consent to handle your sensitive personal information. The primary benefit for providing consent is that it is often a necessary step in us being able to provide you our products and services.

In addition, there may be risks associated in providing us with your consent to use your personal information. There is a risk that in the event of a data breach, there may be unintended misuse, interference, and loss, or unauthorised access, modification, or disclosure of your personal information. As described above, we take information security seriously and have implemented a range of measures to ensure that the likelihood of this risk eventuating is low.

How to access or correct your personal information

You can request access to the personal information that we hold about you in the format you require. You can also ask us to correct your personal information if you believe the information we hold about you is incorrect or incomplete. To do so, please fill out the Information Request Form and email or post it to us using the contact details below. You can also make access or correction requests to us by phone using the contact details below. Once received, we will endeavour to respond to your request within 30 days.

You will be required to show that you are authorised to make a request if acting on behalf of someone else (such as a policyholder, claimant, or third-party beneficiary) or otherwise have legal authority to request this information such as a warrant, subpoena, order, or notice).

In most cases, there is no charge for requesting access to or correcting your personal information. However, in certain circumstances, we may require you to meet our reasonable costs of providing you with access to your information.

Please be aware that there are some circumstances where we may not be able to provide access to or correct your personal information. For example, if we are conducting a sensitive investigation, or if any of the exceptions in the Privacy Act apply, we may deny your request. If we refuse your request, we will provide you with a written statement which sets out the reasons for the refusal and the avenues available to you to make an appeal or complaint.

How to make a privacy complaint

If you think we have not handled your personal information correctly or in accordance with the law, you can lodge a complaint with our Customer Relations team, the Office of the Australian Information Commissioner (OAIC) or, in certain circumstances, the Australian Financial Complaints Authority (AFCA). We recommend you contact us first so we can try and resolve your complaint effectively and efficiently as generally, the OAIC and AFCA will refer you back to us if you have not already complained directly to us.
Our Customer Relations team will contact you to acknowledge your complaint and provide you with a unique complaint reference number. You will have the opportunity to explain why you are unhappy with how we have handled your personal information and provide information to support your complaint. Our Customer Relations team will review your concerns, taking into account all relevant information including relevant privacy requirements and work with you to try and resolve your complaint. If you are not satisfied with the outcome of your complaint, you can take your complaint to the abovementioned regulatory bodies.

Please review the Complaints and feedback page for further information.

Contact information

Contact us

Please contact the Customer Relations team if you wish to make an access or correction request, make a complaint, have questions about our Privacy Policy or would like a free copy of our Privacy Policy.

QBE Australia Customer Relations
Phone: 1300 650 503 (Office Hours Mon-Fri: 9am-5pm)
Email: complaints@qbe.com
Post: GPO Box 219, Parramatta, NSW, 2124

Calls from mobiles, public telephones or hotel rooms may attract additional charges.

Office of the Australian Information Commissioner (OAIC)

Complaints to the OAIC must be made in writing and cannot be made over the phone. Please refer to the 'Lodge a privacy complaint with us' website to access the relevant digital and hard copy complaints forms. For general inquiries about the processes for making a complaint or for other privacy advice, please call 1300 363 992.

Australian Financial Complaints Authority (AFCA)

AFCA may consider some privacy complaints. Please refer to the 'Make a complaint' website for further information about how to make a complaint. For general inquiries, please call 1800 931 678.


Downloads

QBE Australia Privacy Policy