Privacy Policy

In this Privacy Policy, 'we', 'us' and 'our' means Steadfast Group Limited ABN 98 073 659 677.

We respect the privacy of your personal information. This Privacy Policy sets out how we collect, store, use and disclose your personal information (including sensitive information).

What personal information we collect

"Personal information" is information or an opinion about an identified living individual or an individual who is reasonable identifiable (e.g. name and contact details).

As its name suggests, "sensitive information" is a more sensitive subset of personal information, which includes your health information, criminal history, racial/ ethnic origin or sexual orientation.    If you are an individual who is either based in or a resident of the European Union or the United Kingdom, subject to applicable data privacy laws, we will not process sensitive information about you unless we have received your explicit consent to the processing of this information.

We collect information about you if you visit our website, authorise your broker or our agent to provide us with your personal information in relation to insurance, give your personal information to our share registrar in relation to your shareholding or otherwise provide us with your personal information. 

The information we collect and hold generally includes your name and contact information (including telephone and facsimile numbers and email addresses), information relating to the operation of your business, other reference information and information about other parties that you may conduct, or are interested in conducting, business with. 

If you have requested that we act in a broking capacity for insurance -related services, we may also collect and hold other information required to provide such services to you, including details of your previous insurances and sensitive information (such as criminal records).

You may be able to deal with us without identifying yourself (i.e. anonymously or by using a pseudonym) in certain circumstances, such as when making a general inquiry relating to the services we offer. If you wish to do so, please contact us to find out if this is practicable in your circumstances. However, if you do not provide us with the information that we need, we or any of our external service  providers may not be able to provide you with the appropriate services.

How we collect your personal information

We may collect personal information in a number of ways, including:

directly from you via our website, telephone, in writing or email; and/or
indirectly from third parties, if necessary. For example, your employer, Steadfast insurance broker members or Steadfast Underwriting Agencies may provide us with information about you for the purpose of obtaining our services. We may also obtain personal information from referees, insurers, premium funders and other external service providers or publicly from available sources.
You authorise us to contact such third parties for the purposes of providing you with the services that you have requested.

We also automatically collect certain information when you visit our website, some of which may be capable of personally identifying you. Please see the "Cookies" section below for more details.

Our purposes for collecting, holding and using your personal information

We collect and hold your personal information for the purposes of providing our services to you and related purposes. Such purposes include:

  • providing Steadfast insurance broker members’ and Steadfast Underwriting Agencies’ customers, potential customers and others with our services;
  • providing Steadfast insurance broker members with benefits  (including passing on customer enquiries to appropriate brokers or providing brokers with professional indemnity insurance) and facilitating adequate management of such benefits  on behalf of our Steadfast insurance broker members;
  • helping to develop and identify services that may interest Steadfast insurance broker members, Steadfast Underwriting Agencies, their customers, potential customers or others;
  • conducting market or customer research;
    developing, establishing and administering alliances and other arrangements with other organisations in relation to the promotion, administration and use of our services;
  • telling you about our other service offerings which we believe may be relevant (if you have requested to receive this); and
  • any other purpose notified to you at the time your personal information is collected.

Legal basis for using your personal information

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We will make sure that we only use your personal information for the purposes set out above and where we are satisfied:  

  • we need to use your personal information to perform a contract or take steps to enter into a contract with you; 
  • we need to use your personal information for our legitimate interest as a commercial organisation. For example, we may collect your personal details so that we can respond to enquiries submitted via our website.  In all such cases, we will look after your information at all times in a way that is proportionate and respects your privacy rights and you have a right to object to processing as explained in the "Accuracy, access and correction of your personal information" section of this Privacy Policy below;
  • we need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
  • we have your consent to using your personal information for a particular activity.  

Disclosure of your personal information

We will disclose your personal information to:

  • our related companies, Steadfast insurance broker members, Steadfast Underwriting Agencies or third parties who help manage our business and provide our services, including our external service providers, such as payment system operators, IT suppliers, lawyers, accountants, other advisers and financial institutions;
  • if you are an insurance broker or agent, to insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies; 
  • any other entities notified to you at the time of collection; 
  • courts, law enforcement, regulators and other government agencies to comply with all applicable laws, regulations and rules; or
  • requests of courts, law enforcement, regulators and other governmental agencies
    Other than when required or permitted by law, as specified in this Privacy Policy or where you have provided your consent, we will not disclose your personal information.

Nothing in this Privacy Policy prevents us from using and disclosing to others de-personalised aggregated data.

Transfer of personal information overseas

Some of the third party service providers to whom we disclose personal information are located in countries outside of Australia (or, in relation to New Zealand, outside New Zealand, or in relation to Singapore, outside Singapore) such as Malaysia, Vietnam and the United States of America. We will  take reasonable steps to ensure that the overseas recipient does not breach the applicable privacy principles of the Privacy Act 1988 (Cth), the Privacy Act 1993 (in New Zealand) or the Personal Data Protection Act 2012 (in Singapore), as applicable in relation to your personal information. 

If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will take appropriate steps ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and interests and transfers are limited to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:

  • we ensure transfers within Steadfast's group of companies will be covered by an agreement entered into by members of Steadfast's group of companies (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies; where we transfer your personal information outside our group of companies or to third parties who help provide our services, we obtain contractual commitments from them to protect your personal information; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above

Your obligations when you provide personal information of others

You must not provide us with personal information (including any sensitive information) of any other individual (including any of your employees or customers if you are an insurance broker) unless you have the express consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:

  • must tell that individual that you will be providing their information to us and that we will handle their information in accordance with this Privacy Policy;
  • must provide that individual with a copy of (or refer them to) this Privacy Policy; and
  • warrant that you have that individual's consent to provide their information to us.

If you have not done this, you must tell us before you provide any third party information.

Your obligations when we provide you with personal information

If we give you, or provide you access to, the personal information of any individual, you must only use it:

  • for the purposes we have agreed to; and
  • in compliance with applicable privacy laws, including the privacy principles set out in the Privacy Act 1988 (Cth) or in New Zealand, the Privacy Act 1993, or in Singapore, the Personal Data Protection Act 2012, or in the EU, the General Data Protection Regulation (GDPR) (EU) 2016/679 and this Privacy Policy. 

You must also ensure that your agents, advisers, employees and contractors meet the above requirements.

Accuracy, access and correction of your personal information

We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal information. All personal information identified as being incorrect is updated in our database and, where applicable and appropriate, on our website.

Please contact us using our contact details below as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date.

You can make a request to access your personal information by contacting us using the contact details below. If you make an access request, we will provide you with access to the personal information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal information. No fee will be charged by us for an access request. However, we may charge the reasonable cost of third parties who assist us in complying with the access request.

If you are an individual based in or a resident of the European Union or the United Kingdom, there are additional rights available to you. Please see below your detailed rights including rights of access, erasures, rectification and portability of your personal data. 

Right

What this means

Access

You can ask us to:

  • confirm whether we are processing your personal information;
  • give you a copy of that data; and
  • provide you with other information about your personal information such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, and where we got your data from, to the extent that information has not already been provided to you in this Privacy Policy.

Rectification

You can ask us to rectify inaccurate personal information. We may seek to verify the accuracy of the data before rectifying it.

 

Erasure

You can ask us to erase your personal information, but only where:

  • it is no longer needed for the purposes for which it was collected; or
  • you have withdrawn your consent (where the data processing was based on consent); or
  • following a successful right to object (see 'Objection' below); or
  • it has been processed unlawfully; or
  • to comply with a legal obligation to which we are subject.

We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary:

  • for compliance with a legal obligation; or
  • for the establishment, exercise or defence of legal claims.

Restriction

You can ask us to restrict (i.e. keep but not use) your personal information, but only where:

  • its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; or
  • the processing is unlawful, but you do not want it erased; or
  • it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
  • you have exercised the right to object, and verification of overriding grounds is pending.

We can continue to use your personal information following a request for restriction, where:

  • we have your consent;
  • to establish, exercise or defend legal claims; or
  • to protect the rights of another natural or legal person.

Portability

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format but case only where:

  • the processing is based on your consent or on the performance of a contract with you; and
  • the processing is carried out by automated means.

Objection

You can object to any processing of your personal information which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

International transfers

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Economic Area.

We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.

Supervisory Authority

You have a right to lodge a complaint with your local supervisory authority about our processing of your personal information. For example, in the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.

If you wish to access any of the above - mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. 

We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. 

Security of your personal information

We take reasonable steps to protect any personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure.

For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems.

However, data protection measures are never completely secure and, despite the measures we have put in place, we cannot guarantee the security of your personal information. You must take care to ensure you protect your personal information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches.

Links to third party sites

Our website may contain links to other third party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites or any products or services offered on them. We recommend that you check the privacy policies of these third party websites to find out how these third parties may collect and deal with your personal information.

Cookies

Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your computer when you visit a particular website. Cookies help provide additional functionality to the site or to help us analyse site usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. In all cases in which cookies are used, the cookie will not collect personal information except with your consent. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.

Direct marketing and how to opt out


When we collect your personal information, you may elect to receive information about our other services. If you no longer wish to receive such information, or you do not want us to disclose your personal information to any other organisation (including Steadfast insurance brokers or any related companies), you can opt out by contacting us using our contact details below.

How to make a complaint

If you wish to make a complaint about a breach of this Privacy Policy or any breach of applicable privacy laws, you can contact us using the contact details below. You will need to provide us with sufficient details regarding your complaint together with any supporting evidence and information.

We will refer your complaint to our Privacy Officer who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 14 working days. If this is not possible, you will be contacted within that time to let you know how long it should take us to resolve your complaint.

If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the relevant local data protection supervisory authority (ie your place of habitual residence, place or work or place of alleged infringement). This is the Australian Privacy Commissioner in Australia (at www.oaic.gov.au), the New Zealand Privacy Commissioner in New Zealand (at www.privacy.org.nz), the Personal Data Protection Commissioner in Singapore (at www.pdpc.gov.sg) and the Information Commissioner's Office in the UK (at www.ico.co.uk).

How to contact us

If you wish to gain access to your personal information, want us to correct or update it, have a complaint about a breach of your privacy or any other query relating to our privacy policy, please contact our Privacy Officer during business hours in Sydney on:

The Privacy Officer 

Telephone: +61 2 9495-6557 
Fax: +61 2 9495-6565 
Email: privacyofficer@steadfast.com.au 

Alternatively, you can contact us via: 

Steadfast Group Limited 
Level 4 
99 Bathurst St 
Sydney NSW 2000 
P O Box A980 
Sydney South NSW 1235 

Telephone: +61 2 9495-6500 
Facsimile: +61 2 9495-6565 


For further information on privacy, please visit:

in Australia, the Australian Government Office of the Australian Information Commissioner  at http://www.oaic.gov.au/

or

in New Zealand, the New Zealand Privacy Commissioner at www.privacy.org.nz

or

in Singapore, the Personal Data Protection Commission at www.pdpc.gov.sg

or

in the UK / Europe, the Information Commissioner's Office at www.ico.co.uk


Updated: 15 June 2018