Privacy Policy

This Privacy Policy (this Privacy Policy) sets out how ARAG Services Australia Pty Ltd ACN 627 823 198 (‘we’, ‘our’ or ‘us’) handles personal information in accordance with the principles of the Privacy Act 1988 (Cth) (Privacy Act).

By accessing and using the website at www.arag.com.au (“our Website”) or providing us with your personal information by any other means, you consent to us collecting, holding, using and/or disclosing any of your personal information in accordance with this Privacy Policy.

We only collect personal information that is reasonably necessary for the proper performance of our activities or functions.

This Privacy Policy may change over time in light of changes to privacy laws, technology and business practices. If you use our Website regularly or enter into communication with us that involves the collection of your personal information, it is important that you check this Privacy Policy to ensure that you are aware of the extent of any consent, authorisation or permission you might give.

Contact Us

What Types of Personal Information do We Collect?

We collect personal information, including sensitive information, where we consider it to be reasonably necessary for one or more of our business functions or activities, and will do so in accordance with the Privacy Act.

'Personal Information' means information or opinion about an identified individual, or an individual who is reasonably identifiable.

‘Sensitive information’ is personal information and includes information about an individual’s health, genetics, race, political opinion or membership, religion, philosophical beliefs, union membership, sexual orientation and criminal record.

Examples of the types of personal information which we collect include but are not limited to name, address and contact details, date of birth, gender, professional qualifications, licences held, financial information, health information, employment history, residency status, insurance and claims history, residency status, criminal records and driving records.

Collecting Your Personal Information

We collect personal information, including sensitive information, relating to insurance policies quoted, issued, varied and renewed, claims made on insurance policies, users of our Website and document centre and when you participate in a promotion or survey. We collect personal information for the purpose of assessing applications for insurance, administering insurance policies, including any claims and providing you access to our document centre.

Your personal information is collected by us with your consent, which is generally obtained directly from you:

during the application and/or renewal of your insurance cover;
during any claims process;
when you log in for and use services offered through our Document Centre including when creating a user account for this service;
when you call us, email us or contact us by any other means (or when we contact you by any means);
when you participate in competitions, surveys or promotions; and
as otherwise permitted by law.

Sometimes, we may collect information through third parties, including:

our third-party service providers (including marketing agencies, credit reporting agencies, public sources, or promotional partners or distributors or brokers of our products and services);
we may collect information from another person on the policy (for example, the person setting up the policy under which you are insured);
if you are a group customer or your premiums are paid via a payroll deduction, we may collect information from your employer or insurance broker, as the case may be;
if you have transferred to us from another legal expense insurer, we may collect information from that legal expense insurer; and
by using tracking technologies such as cookies, web beacons and other web analytics software or services.

There is also information about your computer hardware and software that is automatically collected by us. This information can include: your IP address, browser type, domain names, access times and referring website addresses. This information is used by us for the operation of our service, to maintain quality of the service, and to provide general statistics regarding use of our Website.

If you have provided us with information about another person who is covered by the legal expense policy, then you must obtain that person’s consent to do so and tell them that you have given their personal information and data to us, that they have a right to access their information and to refer them to this Privacy Policy for further details on how we handle their personal information and data. If you are a named insured, we assume that you have consented to providing us with all information required to process a claim when a policy holder lodges a claim on your behalf.

Do You Have to Provide Your Personal Information?

You can refuse to provide personal information or choose not to identify yourself, deal with us on an anonymous basis or use a pseudonym. However, a refusal may mean that the product or service you requested is not provided or your application is forfeited or declined.

Using and Disclosing Your Personal Information

We can only use and disclose your personal information for the purpose it was collected, unless the use or disclosure for another purpose is with your consent or otherwise permitted by law.

We may use your personal information and data in our business operations including to:

process your application for insurance;
generally administer your legal expense insurance policy;
manage the claims process;
arrange for legal services to be provided to you;
provide you with access to any document centre or customer account portal;
to process any invoices, claims payments or other payments;
contact you in respect of the products and services we provide to you or other matters relating to you;
answer your enquiries and generally provide customer service to you;
resolve complaints;
carry out internal business activities, including administration, quality and compliance reviews, risk management (including claims auditing), training, accounting, audit and information technology;
work with insurance intermediaries and distributors and group policy holders;
develop our products and services;
conduct market research and analysis;
conduct surveys or marketing promotions; and
comply with laws and regulations.

We may disclose your personal information to:

HDI Global Speciality SE – Australian (HDI), as HDI acts as the insurer in respect of the legal expense insurance policies and with whom we have a binding authority to issue its legal expense insurance and settle claims as well as administer these policies on behalf of HDI (The privacy policy of HDI is found at https://www.hdi-specialty.com/int/en/legals/privacy);
our related corporate entities for the purpose of performing our functions, reinsurance or corporate reporting, including technology or data storage services. These related entities may be located overseas in any of the countries in which ARAG operates including, but not limited to, Germany and the United Kingdom. Accordingly, personal information may be accessed from, transferred to, and/or stored outside the country in which you are located. When we disclose your information overseas, we take steps to ensure that our related bodies corporate or other service providers are obliged to protect the privacy and security of your personal information;
reinsurers, third-party claims administrators, lawyers and mediators in connection with your legal expense insurance policy with us;
in connection with insurance related issues:
A. investigators and assessors to investigate and assess claims and related matters, to defend actions by third parties, to recover our costs (including amounts owed to us) or to seek a legal opinion;
B. witnesses, to obtain witness statements;
C. experts including medical experts to provide us with opinions;
D. other parties to a claim to obtain statements from them, seek recovery or defend an action;
service providers and third parties engaged by us or engaged to carry out business activities on our behalf, to administer your policy, arrange and provide legal advice, supply documents and for us to carry out internal business activities;
other entities within the ARAG Group or the HDI corporate group who may be located overseas, credit reference agencies, our advisers, our agents, our administrators and those involved in the claims handling process (including assessors, investigators and others), for the purpose of assisting us and them in providing relevant services and products to you, or for the purpose of recovery or litigation;
our professional advisers, including our lawyers and auditors;
if you applied for your insurance policy through a broker or other agent, we may disclose your information to that party for the purposes of setting up and maintaining your insurance policy;
group policy holders for the issue and administration of your insurance and claims made by you under the insurance policy;
people listed as co-insured on your insurance policy and to family members or any person acting on your behalf; and
any person authorised by you.

Use of Cookies

We (or a third-party providing services to us) may use cookies, pixel tags, “flash cookies”, or other local storage provided by your browser or associated applications (each a “Cookie” and together “Cookies”). A Cookie is a small file that may be placed on your computer when you visit our Website. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company's technology help desk or your internet service provider. If Cookies are disabled, we may not be able to provide you with the full range of our services.

Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via Cookies. You consent and acknowledge that we collect your personal information through Cookies.

Cookies may be used to provide you with our services, including to identify you as a user of our Website and our document centre, remember your preferences, customise and measure the effectiveness of our Website and our promotions, advertising and marketing, analyse your usage of our Website and services, and for security purposes.

You also may encounter Cookies used by third parties and placed on certain pages of our website that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.

Our Website may also include links to third party websites (including links created by users or members) and applications (“Linked Sites”). Organisations who operate Linked Sites may collect personal information including through the use of Cookies. We are not responsible nor liable for Linked Sites and recommend that you read the privacy policies of such Linked Sites before disclosing your personal information. For the avoidance of doubt Linked Sites are not subject to this Privacy Policy.

Protecting Your Personal Information

We hold your personal information on our databases. We take all reasonable steps to securely retain any information we hold. We maintain security systems and procedures to manage and protect the use of records containing personal information. We regularly review our systems to ensure they are effective at keeping your personal information secure.

The reasonable steps we take include protecting the information from misuse or loss and from unauthorised access, modification or disclosure.

Where we no longer require your personal information for a permitted purpose under the APPs, we will take reasonable steps to destroy it.

Even after you cancel your Account with us, we will retain your information for as long as we reasonably need it for the purposes outlined in this Privacy Policy. For example, we may retain your information to prevent fraud, or to maintain systems security. We may also retain your information if required or allowed to by law, regulation or relevant standards and codes of conduct, or to fulfil our contractual obligations to a third party. In certain circumstances, including where we are prevented by technical or systems constraints, we may not be able to remove all of your personal information.

The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

Accessing Your Personal Information

You are responsible for ensuring that your personal information is accurate, current and complete.

We will provide you with access to any information held about you on your request. For your protection, we may require you to confirm your identity before access to your personal information is granted.

In limited circumstances access may be refused if required or permitted by law. For example, you may be refused access to your personal information which relates to:

anticipated or existing legal proceedings where that information could not be subject to a process of discovery;
information regarding our negotiations with you; and
legal advice we have received in relation to your claim.

Access may be refused where providing access poses a serious threat to life, health or safety or if access may have an unreasonable impact on the privacy of other individuals.

If we refuse to provide you with access to your personal information, that decision will be detailed to you in writing.

We do not charge a fee to access your personal information.

If you would like to access to your information or to correct personal information we hold about you, please make the request in writing using the contact details provided below.

Notifiable Data Breaches

In the event that there is a data breach we will take all reasonable steps to contain the suspected or known breach where possible. We will take immediate steps to limit any further access or distribution where possible.

If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach.

If remedial action is successful in making serious harm no longer likely, then no notification or statement will be made.

Where we are aware of reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

We will review the incident and take action to prevent future breaches.

Direct Marketing Materials

We may send you direct marketing communications and information about our products and services that we consider may be of interest to you.

These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.

In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list.

Complaints

You can contact us on the details below to make a complaint about us handling your personal information.

We are committed to acknowledging your complaint in a prompt manner. We will review your complaint, and will respond to you after we have carefully considered it (which may require further information from you).

Amendments to this Privacy Policy

We reserve the right to review, change, update, or withdraw this Privacy Policy from time to time. We encourage you to periodically review this Privacy Policy to be informed of how we protect your information.

Contact Us

If you wish to contact us about the handling of your personal information, accessing or correcting your information or to make a complaint, please contact:

Privacy Officer

ARAG Services Australia Pty Ltd
Post: Level 2, 2 Bulletin Place, Sydney NSW 2000
E-mail:

If you receive communications purporting to be connected with us or our services that you believe have been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us immediately.

If you have any concerns or wish to make a complaint about how we have treated your Personal Information, or whether we have complied with the Privacy Act, please contact us.

If you complain to us and feel that your complaint has not been satisfactorily resolved you can contact:

The Office of the Australian Information Commissioner:

Post: GPO Box 5218 SYDNEY NSW 2001
Email:
Phone: 1300 363 992
Website: www.oaic.gov.au

The insurer of ARAG Legal Expense Insurance products is HDI Global Specialty SE – Australia (ABN 58 129 395 544, AFS License number 458776) (Insurer). ARAG Services Australia Pty Ltd (ACN 627 823 198, AR No. 001276045) (ARAG) is an authorised representative of and has been granted delegated authority by the Insurer to enter into, vary or cancel policies and handle claims for ARAG Legal Expense Insurance products on the Insurer’s behalf.
All enquiries should be addressed to ARAG.

Any advice contained on this website is general advice only and has been prepared without considering your individual objectives, financial situation or needs. Before purchasing or renewing a product we recommend that you consider if it is suitable for your circumstance and read the policy terms and conditions.