Privacy Statement
Gold Cross Products and Services Privacy Policy
1. Gold Cross Products and Services Privacy Policy - what you should know
We understand that keeping your information confidential and secure is important to you – and it's very important to us too. To help you understand how we collect, use and share your information, we've developed this Privacy Policy. This Privacy Policy (we refer to it as the 'Policy') sets out how Gold Cross Products and Services (‘Gold Cross’, 'we', 'us' and 'our') manage the collection, use, disclosure and security of personal information in line with the Privacy Act 1988 and the Australian Privacy Principles.
2. Why have a Privacy Policy?
So we can provide products and services to you, Gold Cross needs certain personal information to be collected, used, disclosed and retained. The type of information required will vary depending on the services and products we provide. It's important that you understand what type of information we need to collect and what sort of process we have around how we collect and manage your information.
By law, we're required to make our Privacy Policy available to the public.
Throughout this Policy, personal information handled by us can be classified into two categories:
- Personal information is information that identifies or could identify a person. For example a name, address or other contact details.
- Sensitive information is information or an opinion that has been classified in the Privacy Act as being sensitive information. It includes but is not limited to information on your health, criminal record, insurance history, your membership of a professional or trade association and Tax File Numbers.
- To make things easier, when we mention 'Personal Information' it will also include sensitive information unless we specify otherwise.
3. Who's responsible?
We take the privacy of your information seriously and that's why we've made a number of people in our organisation responsible for making sure it's implemented and managed appropriately.
In particular, we have nominated a Privacy Officer who is responsible for the implementation of this Policy.
4. Our privacy processes
There are six processes that cover how we manage your personal information. These include:
- 1. How we collect your personal information
- 2. How we use and disclosure your personal information
- 3. How we store your personal information
- 4. How we manage a request to disclose your information overseas (called Cross Border Disclosure)
- 5. How you can access and correct your personal information
- 6. How we handle complaints
To help you better understand what's involved with these processes, we've provided some more information below:
4.1. Collecting your personal information
So we can provide our services to you, we need to obtain certain personal information from you. We only collect the following personal information where necessary. These can include your:
- Name, date of birth and contact details
- Employment information such as:
- your employment details
- your professional registration details
- association membership information; and
- other relevant details relating to your profession
You have the option of choosing not to provide all or some of the information requested though this may impact our ability to provide our services.
You have the option of not identifying yourself, or of using a pseudonym when dealing with Gold Cross in relation to the following matters:
- When you browse our websites, Gold Cross does not collect your personal information
- You can make a general inquiry without providing your personal details by telephone.
How we collect your personal information
We will only collect your personal information by lawful and fair means and unless legally specified, only if you consent to the collection, through:
- Phone, which may include recording telecommunications with your consent
- Online forms, portals and tools, which includes application and feedback forms that may include your Internet Protocol (IP) address
- Email when you provide information via email, or ask to be on an email list, including the email address itself; and
- Written material, in particular order forms, when you provide information in writing or by facsimile.
At times it may be impracticable or unreasonable to collect personal information directly from you. In these cases, and with your consent , personal information may also be collected from the following third parties:
- Third parties you refer us to so we can obtain your personal information
- Information that's available publicly
- Related companies
- Industry and professional associations
In some circumstances we may access mailing lists to acquire new members or conduct market research. We use reputable mailing list companies who are also bound by the Privacy Act. We do not keep a record of any information about you from those lists unless you contact us. The information on those mailing lists remains the property of the company from whom the list was provided.
4.2. Using and disclosing your personal information
Unless you have agreed, we will only use and disclose your personal information for:
- The purpose for which it was given to us; and
- Related purposes which you would reasonably expect.
We use and disclose personal information for the following purposes:
- To verify your identity
- To evaluate, effect, manage and administer the services provided by us.
- To inform you of other products and services offered by entities within the Guild Group of companies, any related entity or your representative. This includes marketing and promotion by way of direct mail, telemarketing, email, SMS and MMS messages. However, you may at any time "opt out" of receiving direct marketing;
- When engaging third party providers to perform services for Gold Cross which involves third parties handling personal information
- To research, develop and improve our services, including testing and improving systems for the management of the services provided
- For security and audit purposes, service monitoring, internet traffic monitoring, troubleshooting, maintenance, to protect against and identify security breaches, inappropriate behaviour, fraud and unauthorised access to the IT systems of either customers or Gold Cross
- For communication purposes where contact details are received by us because you sent these to enable us to respond to your request
- To and from your professional association for the purposes of administering and improving our services; and
- Where required to do so by Law.
4.3. Storing your personal information
Ensuring the security of your personal information is very important to us and we take all reasonable steps to store your personal information in a way that protects your information from misuse, loss, unauthorised access, modification or disclosure.
To support the protection of personal information, we have implemented a number of policies and processes, including but not limited to confidentiality requirements to be met by employees, security measures for building and systems access and firewalls and other security measures for online systems.
Generally, hard and soft copy documentation is held in filing or on IT systems securely on Gold Cross premises, and for archiving and back-up purposes, documentation will also be held in secure and professional offsite storage facilities.
To ensure that the storage of personal information remains secure, we regularly review our information storage processes.
4.4. How we manage cross-border disclosure
Generally, Gold Cross will not be required to disclose personal information to overseas recipients.
However, personal information may be provided to overseas recipients providing offshoring operational and administrative functions in the Philippines under locally incorporated subsidiary Guild Solutions Inc (GSI): these functions comply with Guild Group policies and procedures.
If disclosure overseas is required, we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles and that the overseas recipients will handle an individuals’ Personal Information in accordance Australian Law.
4.5. How you can access and correct your personal information
You have the right to access your own personal information held by us, and where this is incorrect, to request that we correct the information.
4.5.1 Accessing your personal information
To access personal information, simply contact us by phone or in writing and request the personal information we hold on the file in relation to you. The contact details are outlined below. We will provide access to the information fairly and efficiently, in an appropriate format and within a reasonable timeframe that will be agreed with you.
There may be exceptional circumstances where we cannot provide you with access to your personal information because of reasons outlined in the Australian Privacy Principles. In these cases we will advise you in writing why we cannot provide you with the information and mechanisms available to you should you want to lodge a complaint.
4.5.2 Correcting your personal information
If you believe we hold incorrect personal information, you can notify us on the contact details below.
If the information is confirmed to be incorrect, we will correct it as quickly as possible and provide a confirmation to you that the correction has been made.
In the exceptional circumstances we have received a request to correct your personal information but are unable to implement the correction you have requested, we will advise you in writing of the grounds of refusal and mechanisms available should you wish to lodge a complaint.
4.5.3 Third-party service access and logins
Where you are using our Services and have chosen to connect your Social Networks to the Services, or if you authorise a Third-Party Service to access your account, you agree to provide information about you to the Social Networks and the Third-Party Services under their respective terms and privacy policies. For example, if you choose to connect your Google Privacy Policy (located here) will apply to you.
Removing access/data from added services
When using our Services, you may access, update, or correct most of your Account information by logging in to your account to edit your profile or organisation record.
If you have requests that cannot be carried out by logging in to your account, such as accessing additional information or deleting information about you, for the Guild Insurance services, please fill our data privacy form.
Please note that we may need to retain certain information about you in order to continue providing you the services you have requested.
Requests to access, correct, update, or delete your information can be made in writing here, and will be handled within thirty (30) days unless they are unusually extensive or complex, in which case we will advise you of the expected timeline for handling your request.
Removing it yourself
If you have authorised us to access your social network account or third-party platform to provide the services such as a website login, you may revoke this access at any time by following the instructions provided by:
Facebook: https://www.facebook.com/help/942196655898243
Microsoft: https://support.microsoft.com/en-au
Linkedin: https://www.linkedin.com/help/linkedin/answer/a519947/third-party-applications-data-use
Google: https://support.google.com/accounts/answer/3466521
4.6. How we handle complaints
If you believe we have breached our Privacy Policy or not adhered to the Australian Privacy Principles you have the right to lodge a complaint. We have a formal complaints and dispute resolution process in place that is fair, efficient and accessible to everyone.
To lodge a Privacy complaint, you can contact us by phone or in writing using the contact details outlined below, or by using the feedback options on our websites.
Our complaints and dispute resolution process is available at no cost to you, and we will keep you fully informed throughout the process and provide a formal response to the complaint.
At any time, or if after receiving the initial response you are not satisfied with the response, the Privacy complaint can be escalated to the Privacy Officer by using the contact details outlined in section 4.7.
Alternatively, you may also lodge a complaint with the Office of the Australian Information Commissioner on the following details:
- Online:http://www.oaic.gov.au/privacy/making-a-privacy-complaint
- By email [email protected]
- By phone 1300 363 992
- By post GPO Box 5218 Sydney NSW 2001
4.7. Contacting us
To access personal information, request a correction or lodge a Privacy complaint, you can contact us as follows:
- By phone during office hours on (02) 6270 8950
- Alternatively, we can also be contacted in writing by sending your request or complaint to:
- Gold Cross Products and Services, Locked Bag 32010, Collins Street East, VIC 8003
5. Reviewing this Policy
This Policy is reviewed annually which helps to ensure that changes affecting us are included on an ongoing basis. This Policy may also be reviewed more frequently if any circumstances such as legislative changes occur that impact it.