Your privacy is important to us This privacy policy (“Privacy Policy”) sets out how Underwriting Agencies Council Ltd (ABN 70 082 030 751) (“we, us, or our) collects, stores, uses, protects, shares and discloses your personal information. We manage personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP), the following information applies to information collected by us. The APP’s are available from the Office of the Australian Information Commissioner (OAIC) website. We only collect personal information that is reasonably necessary for the proper performance of our activities or functions. We do not collect information just because we think it could be useful at some future stage if we have no present need for it. This policy may change over time in light of changes to privacy laws, technology and business practice. If you use our website regularly or enter into communication with us that involves the collection of your personal information, it is important that you check this policy to ensure that you are aware of the extent of any consent, authorisation or permission you might give. We will notify you about any changes to our Privacy Policy at any time by posting an updated version of the Privacy Policy on the App. By visiting or using the website you agree to the collection, storage, usage and disclosure of your personal information by us in the manner described in this Privacy Policy. We may decline to collect unsolicited personal information from or about you and take steps to purge it from our systems. How we collect personal information We collect personal information in a number of ways, including: when you provide information directly to us through the website, in person, by phone or in writing (whether by email, through surveys, competitions, promotions or any other electronic or other means); when you visit and/or use the website, in which case we record information sent to us by your computer, mobile device or other device you are using to access the website; by contracting with us; and from third parties such as our related entities, service providers to us, operators of linked websites, applications. In some circumstances, personal information is provided to us by third parties or other organisations conducting activities on your behalf. With your expressed or implied consent, your personal information may be used and disclosed to us this way. What personal information we collect and hold We may collect the following types of personal information in order to provide you with our services (“Services”): your name, phone number, mobile telephone number, email address, and other contact information; any other information provided by you to us including without limitation through use of the website or services we provide; personal information from your interaction with us through the website, by email or other forms of communications including without limitation device identifiers, device type, geo-location information, connection information, statistics on page views, traffic to and from the website, mobile network information, time, date, referring URL, the type of operating system and browser, IP address and standard web log data; and any other information we consider may assist us in providing or marketing our services. We understand the importance of protecting children’s privacy. The website including related sites such as our Facebook, Twitter, Snapchat, LinkedIn or other social media pages are not intentionally designed for or directed at children. Our services are available to anyone over the age of 18 years. Where you are under the age of 18 years we presume you have sufficient maturity and understanding to understand and consent to the terms of this Privacy Policy. If you know of or have reason to believe anyone under the age of 18 does not have capacity to consent to the collection storage and use of personal information, please contact us. Automatic Collection of your Personal Information When you visit our website, our Internet Service Provider automatically records the following information about you: your server address; the website you visited immediately prior to ours; your domain name; date and time of your visit to our website; pages you accessed and the information or documents you downloaded; type of browser you used; and any other information we request our Internet Service Provider to record from time to time. How personal information is used Our principal purpose in collecting, using and storing your personal information is to provide the Services in a personalised, safe and efficient manner. You consent to us collecting, using, storing, sharing and disclosing your personal information to: conduct our business, generate content and provide customer support and payment services (including updates and improvements); for our administrative, marketing (including direct marketing), planning, product or service development, quality control, survey and research purposes, and our related bodies corporate, contractors and employees or service providers; to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties; to provide your updated personal information to our related bodies corporate, contractors, employees or service providers; provide, administer, market and manage the website, research, develop and improve our services; communicate with you; provide you with access to protected areas of the website; conduct surveys to determine use and satisfaction with the website and services we provide; detect, investigate and prevent potentially unlawful acts or omissions or acts or omissions with the potential to breach our Terms of Use, this Privacy Policy or any other policy; administer and manage the services we provide to you; enforce our Terms of Use, this Privacy Policy or any other policy; verify information for accuracy or completeness (including by way of verification with third parties); comply with our legal obligations, a request by a governmental agency or regulatory authority or legally binding court order; combine or aggregate your personal information with information we collect from third parties and use it for the purposes set out this Privacy Policy; aggregate and/or make anonymous your personal information, so that it cannot be used, whether in combination with other information or otherwise, to identify you; resolve disputes and to identify, test and resolve problems; notify you about the website and updates to the website from time to time; supply you with generalised, targeted or personalised marketing, advertising and promotional notices, offers and communications, and measure and improve our marketing, advertising and promotions based on your ad customisation preferences; protect a person’s rights, property or safety. If you access the website from a shared device or a device of a third party (such as in an internet café), your personal information may also be available to other persons who access that device. Disclosure of personal information We may disclose your personal information to third parties for the purposes contained in this Privacy Policy, including without limitation to: any person authorised by you; your authorised representatives; our staff members; our related bodies corporate; when we act as agents, the principals for who we act; other companies, organisations and contractors and outsourced service providers who assist us to provide, or who perform the Services we provide to you, including: information technology service providers; mailing houses; and specialist consultants; website analytics providers; third parties to whom you expressly ask us to send, or consent to us sending, your personal information; government and regulatory authorities and other similar organisations, as required or authorised by law; and such entities that we propose to merge with or be acquired by. We will take reasonable steps to ensure that anyone to whom we disclose your personal information respects the confidentiality of the information and abides by the APPs or equivalent privacy laws. We will not share, sell, rent or disclose your personal information in ways different from what is disclosed in this Privacy Policy. We collect personal and sensitive information about you when: You complete a form through our website You complete a collection statement We receive any reference about you We receive feedback about you from your former employers, work colleagues, professional associations or registration body We receive any results from medical examinations, or any competency tests We receive performance feedback (whether positive or negative) We receive any complaint from or about you in the workplace We receive any information about any insurance investigation, litigation, registration or professional disciplinary matter, criminal matter, inquest or inquiry in which you were involved in any way We receive any information about a workplace accident you were involved in You provide us with any additional information about you Information Flow When we collect your information: We check that it is reasonably necessary for our functions or activities. We check that is current, complete and accurate. This will sometimes mean that we have to cross check the information that we collect from you with third parties. We record and hold your information in our information record system. We retrieve your information when we need to use or disclose it for our functions and activities. At the time, we check that it is current, accurate and relevant. This will sometimes mean that we have to cross check the information that we collect from you with third parties once again - especially if some time has passed since we last checked. Subject to some exceptions we permit you to access your personal information in accordance with the Australian Privacy Principles (APP) and the Privacy Act 1988. We correct or attach associated statements to your personal information in accordance with the APP. We destroy or de-identify your personal information when it is no longer needed for any purpose for which it may be used or disclosed provided that it is lawful for us to do so. Use of Cookies We (or a third party providing services to us) may use cookies, pixel tags, “flash cookies”, or other local storage provided by your browser or associated applications (each a “Cookie” and together “Cookies”). A Cookie is a small file that may be placed on your computer when you visit the App. Cookies are used on some parts of the App. Most browsers now recognise when a cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. If Cookies are disabled, we may not be able to provide you with the full range of our Services. Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via Cookies. You consent and acknowledge that we collect your personal information through Cookies. Cookies may be used to provide you with the Services, including to identify you as a user of the website, remember your preferences, customise and measure the effectiveness of the website and our promotions, advertising and marketing, analyse your usage of the website, and for security purposes. You also may encounter Cookies used by third parties and placed on certain pages of the website that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies. The website may also include links to third party websites (including links created by users or members) and applications and advertising delivered to the website by third parties (“Linked Sites”). Organisations who operate Linked Sites may collect personal information including through the use of Cookies. We are not responsible nor liable for Linked Sites and recommend that you read the privacy policies of such Linked Sites before disclosing your personal information. For the avoidance of doubt Linked Sites are not subject to this Privacy Policy. The website is hosted by an online service provider which may change from time to time. Our service providers’ use of Cookies is not covered by our Privacy Policy. Storage and security We store, protect and process your personal information by taking reasonable steps. The reasonable steps we take include protecting the information from misuse or loss and from unauthorised access, modification or disclosure. Where we no longer require your personal information for a permitted purpose under the APPs, we will take reasonable steps to destroy it. Even after you cancel your account with us or delete the App, we will retain your information for as long as we reasonably need it for the purposes outlined in this Privacy Policy. For example, we may retain your information to prevent fraud, or to maintain systems security. We may also retain your information if required or allowed to by law, regulation or relevant standards and codes of conduct, or to fulfil our contractual obligations to a third party. In certain circumstances, including where we are prevented by technical or systems constraints, we may not be able to remove all of your personal information. The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy. Access to information Subject to the Privacy Act, you may request to access the personal information we hold about you by emailing us at the address listed under “Contact Us” below. All requests for access will be processed within a reasonable time. In certain instances, we may not be required or able to provide you with access to your personal information. If this occurs, we will give you reasons for our decision not to provide you with such access to your personal information in accordance with the Privacy Act. There is no application fee for making a request to access your personal information. However, we may charge an administrative fee for the provision of information in certain circumstances such as if you make repeated requests for information or where the information is held by a third party provider. We endeavour to ensure that the personal information we hold is accurate, complete and up-to-date. If you believe the personal information we hold is inaccurate, please let us know and generally we will amend it upon request. If we disagree with your request, we will only do so on reasonable grounds and we will let you know the reasons for the refusal. Notifiable Data Breaches In the event that there is a data breach we will take all reasonable steps to contain the suspected or known breach where possible. We will take immediate steps to limit any further access or distribution where possible. If we have reasonable grounds to suspect that the data breach is likely to result in serious harm to any individuals involved, then we will take all reasonable steps to ensure an assessment is completed within 30 days of the breach. If remedial action is successful in making serious harm no longer likely, then no notification or statement will be made. Where we are aware of reasonable grounds to believe serious harm is likely, as soon as practicable, we will provide a statement to each of the individuals whose data was breached or who are at risk. The statement will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner. We will review the incident and take action to prevent future breaches. Direct marketing materials We may send you direct marketing communications and information about our services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list. Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third party website and we are not responsible for the privacy policies or the content of any third party website. Third party websites are responsible for informing you about their own privacy practices. Contacting Us We welcome your questions and comments about privacy and if you have any query or require any information about your Personal Information, please contact admin@uac.org.au and we will respond to you as soon as reasonably possible. If you receive communications purporting to be connected with us or our Services that you believe have been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us immediately. If you have any concerns or wish to make a complaint about how we have treated your Personal Information or Sensitive Information, or whether we have complied with the Privacy Act, please contact us and we will respond within 7 days. If you complain to us and feel that your complaint has not been satisfactorily resolved you can contact: The Office of the Australian Information Commissioner: Post: GPO Box 5218 SYDNEY NSW 2001 Email: enquiries@oaic.gov.au Phone: 1300 363 992 Email: https://www.oaic.gov.au Version This Privacy Policy which was last updated on 1 July 2023.