We know that how we collect, use, disclose and protect your information is important to you, and we value your trust. That’s why protecting your information and being clear about what we do with it is a vital part of our relationship with you.
During the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application or claim form, receive terms and conditions or a product disclosure statement. When you receive this further information, please consider it carefully. Please also visit our website regularly as we update this policy from time to time.
How Do We Collect Your Personal Information?
Information we collect from you We collect information from you in a number of ways when you request or use our products or services. For example, you might provide us with information at application or claim time. We might also collect information from you when you contact us, visit us, or visit our website. The information we collect from you may include your identity and contact details, other details such as gender and marital status, lifestyle information, financial information and health information.
Our website may contain links to non-Sovereign websites. Whilst such links are provided for your convenience, you should be aware that the privacy practices and reliability of the information published on the linked websites might not be the same as ours.
Information we collect from others
We collect information about you from others, such as service providers, medical professionals, agents, Advisers, brokers, other insurers, banks and other financial institutions, credit reporting and fraud prevention agencies, employers (whether current or not) or family members. For example, we may also collect health information from your general practitioner or another medical professional when you make a claim, when you change your policy or when we are investigating your policy.
We may also collect information about you that is publicly available, for example from public registers or social media.
We only collect information from others with your consent. You provide your consent when you complete our application and claim forms. Please take the time to read these carefully.
How Do We Use Your Personal Information?
We use your information to provide you with insurance services
We use the information we collect about you to sell you our products and services and, once you take out an insurance policy, to provide insurance services to you. Insurance services include offering you advice, managing and maintaining your policies and assessing and investigating your policies. For example, we may use your information to:
- establish your identity and the identity of others specified on a policy;
- assess applications and conduct underwriting;
- provide you with quotes and set up your premiums;
- administer our products and services, including calculating commission payments to Advisers;
- assess insurance claims and whether you have met your duty of disclosure at application time;
- manage our relationship with you;
- ensure that the products you have and services you receive are meeting your needs and are
improved where necessary;
- assess complaints about the products you use or services you receive;
- manage and monitor our risks, including identifying and investigating any illegal activity, such
- comply with our legal obligations – such as anti-money laundering laws – and any lawful
requests from government agencies or regulators; or
- cancel, transfer or change your insurance policies.
We may also use your personal information for other reasons, where permitted by law
- We may use your personal information for other reasons. Please note that you can opt out of some of these uses. To do so, please contact us on 0800 500 108 (+64 9 487 9963 if overseas).
- We may also use your personal information to:
- conduct customer analysis and research, to ensure that the products and services we offer are the best they can be;
- price and design our products and services;
- improve customer experience;
- identify and tell you about other products or services that we think may be of interest to you (you can opt out of this); or
- conduct special offers or campaigns (you can opt out of this).
Improvements in technology enable organisations, like us, to collect and use your personal information to get a more integrated view of customers and provide better products and services. In order to do this, we (or third parties we contract) may combine your information with information available from a wide variety of external sources, including census or Statistics New Zealand data. We (or third parties we contract) are then able to analyse the data in order to gain useful insights which can assist us to meet the purposes set out above.
We may also use your information in other ways where permitted by law.
Who Do We Disclose Your Personal Information To?
Our group of companies Sovereign is part of the Commonwealth Bank of Australia (“CBA”) group of companies. We may need to share your information with other group companies to meet the purposes set out in
section 3 above.
We may share your personal information with a variety of third parties where this is permitted by
law or required to meet the purposes set out in section 3 above.
This can include:
- any third party you authorise us to disclose your personal information to;
- medical professionals such as medical practitioners, hospitals, or health service providers;
- suppliers of outsourced functions, for example, mailing houses, research and insight agencies, debt collection agencies, consultants and professional services firms, information technology support and properties management;
- brokers, agents, Advisers and persons acting on your behalf (for example, guardians and persons holding power of attorney);
- persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets – this includes investors, reinsurers and rating agencies;
- claims-related providers who help us with claims, such as occupational health and disability professionals, assessors and investigators;
- other insurance companies, banks and other financial institutions, for example, so we can process a claim for mistaken payment or transfer a policy;
- your current employer or former employers;
- data storage providers;
- government or law enforcement agencies, including regulators, where permitted or required by law; or
entities established to help identify illegal activities and prevent fraud.
Under 16s and special needs
If you are under 16, or have special needs, we may share your information with your parents or legal guardian or any person appointed to manage your affairs.
Sending information overseas
From time to time, we may send your information overseas, including to other members of the CBA group (including our parent company CBA) and to trusted service providers or other third parties which operate or hold information outside New Zealand. We use two cloud-based data storage providers, which are located in Australia and USA. Your information may also be stored with them. All of our customer service teams are located within New Zealand, including our call centre.
When we send your information overseas, we make sure that appropriate information handling and security arrangements are in place and/or contractual arrangements exist that place appropriate information handling and security obligations on the recipients or holders of the information (see section 5 below for more information). Please note that New Zealand law may not apply to some of these entities.
How Do We Keep Your Personal Information Secure?
Storing your personal information
- We store your personal information in the following jurisdictions and locations:
In New Zealand:
- At our head office in Takapuna.
- Through our suppliers that provide document archiving and destruction.
- Through a cloud-based data storage provider.
In the United States of America:
- Through a cloud-based data storage provider.
- Our security safeguards
- Wherever your personal information is held, we take reasonable steps to ensure that it’s safe and secure.
Privacy training is a mandatory requirement for new and existing Sovereign staff. Taking precautions when transferring your personal information to third parties (domestic and overseas).
When we send personal information overseas (as set out above), or use trusted third parties to handle or store personal information, we ensure that appropriate information handling and security arrangements are in place. We also contractually require our business partners to do the same.
We have protection in our building to guard against unauthorised access, such as security barriers, alarms, CCTV and guards (as required). We also have a clear desk policy, to ensure that personal information is not left in view of any external visitors.
We take reasonable steps to protect our systems from unauthorised external access. We have firewalls, intrusion detection systems and virus scanning tools. We limit access to our systems by requiring the use of passwords and ensuring that staff can only access the personal information they need to do their job.
When we send electronic personal information outside Sovereign, we use dedicated secure networks or encryption. We will only email personal information to a customer unencrypted with their express consent.
As noted above, we use cloud-based data storage providers in USA and Australia. Our USA provider is a certified licensee of the “Trust EU Safe Harbour Seal” and abides by the Safe Harbor Framework.
This means it is deemed to have an “adequate” rating, as it has promised to apply fair information practices. Our Australian provider is subject to privacy laws equivalent to those in NZ.
Retaining and destroying your personal information
We will retain your personal information until it is no longer needed to complete insurance services relating to the policy, policy owner, life assured or payer or to meet any other legislative requirements. In certain instances, this may mean we retain some of your personal information after you have ceased to hold your policy with us.
Please note that we may retain information you provide us in an application even if you do not take out insurance with us. This is because this information may be relevant to future applications you may make and could affect the terms we can offer you at a later date.
We destroy the information we no longer need in a secure manner.
How Can You Access, Update And Correct Your Personal Information?
Can you get access to your information?
You have the right to ask us for a copy of any personal information we hold about you. As noted above, we may hold policy information, contact information and health and financial information about you. Please note that you may only request information about yourself, unless you have the consent of other parties to request information on their behalf.
You can request your information by calling us on 0800 500 108 (+64 9 487 9963 if overseas), emailing us at email@example.com, or writing to us. Whichever way you request information, we must take steps to ensure that you are authorised to do so. This might involve conducting an identity check or verifying your signature.
We prefer that you request health information in writing. This is because your health information is particularly sensitive and we want to make sure we release it to the right person. It also ensures that we understand your request fully. However, if you do not wish to make a request in writing, please contact us to discuss it further.
You can also make a request for your personal information through your Adviser or another representative. Your Adviser or representative will need your consent to make this request. If the request is for health information, the consent will need to specify this.
It’s important that we have your correct details, such as your current address and telephone number. When making an access request, please make sure you update your contact details with us.
Is there a fee?
We will not generally charge you for making an access request. However, we may charge you a reasonable amount to process a subsequent request for the same information. If we do charge, this charge will be limited to the costs of processing the request, not for the time taken to make a decision on whether we can release the information you seek. These processing costs may include the staff resource needed to compile the information, copying or printing costs, and postage or courier costs. If there is an access charge, we will provide you with a verbal estimate before we start processing the access request. We will also follow up with a written estimate. If a charge applies, you will need to accept the charge and make the payment before we start processing the request.
How long does it take to access your information?
The Privacy Act requires us to make a decision on your access request – and convey this to you – within 20 working days of receiving it. However, we will try and respond to your request as soon as reasonably practicable. Where we cannot make a decision within 20 working days, we will let you know within this time and explain why.
Usually, we will release your information to you at the same time we respond. However, where we cannot do this, we will provide you with your information shortly afterwards.
Can we refuse to provide your information to you?
The Privacy Act permits us to withhold personal information from you in certain circumstances. For example, we can refuse to provide you with commercially sensitive information or legal advice that is subject to legal privilege. We might also refuse to provide you with information that is also about other people, if we have reason to believe that it would be unwarranted to do so. If we decide to refuse your request, in whole or in part, we will tell you this within 20 working days and explain why. You can challenge our decision following the steps set out below. Where we do not hold the information you have requested, but we know who does, we’re required to transfer your request to that other person or agency. We will do this as soon as possible within 10 working days, and let you know.
Can you correct your information?
You can ask us to correct any information we hold about you, or have provided to others, that you believe is inaccurate. You can do this by contacting us on 0800 500 108 (+64 9 487 9963 if overseas). If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests. If we’re unable to correct your information, we’ll tell you why. Where we refuse to correct the information, we will, if appropriate, attach your request to the information as a “statement of correction”. You can challenge our decision following the steps set out below.
How Do You Make A Privacy Complaint?
Sovereign acknowledges every complaint we receive and will keep you updated on the progress we’re making towards fixing the problem. We will try to resolve your complaint within 10 working days, though it may take up to 20 working days if it’s particularly complex. However, if we’re unable to provide a final response within this timeframe, we’ll contact you to explain why and discuss a timeframe to resolve the complaint. If you’re not satisfied with the way we’ve handled your complaint, and your privacy concerns are unresolved, you can make a complaint to the Office of the Privacy Commissioner by:
- calling 0800 803 909;
- emailing firstname.lastname@example.org; or
- writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143.
We suggest you do this only after you’ve followed our internal complaint processes set out above.
Amendments To This Policy
Over time our products and services may change, and the way we do business with you may evolve. Please take the time to review this policy regularly as we may amend it from time to time to reflect changes in legislation, codes of practice, our business, or the products and services we provide to you.
This policy was last updated in July 2015.
QUICK TO BUY?