Privacy Policy

Medibank Group Privacy Policy

June 2019

The purpose of this privacy policy

This privacy policy explains why we collect your personal information and what we do with it, along with your rights to access and correct your personal information, and make a privacy complaint.

We are bound by laws governing how we collect and use your personal information including the Privacy Act 1988 (Cth) and other State and Territory laws such as the Health Records Act 2001 (Vic), Health Records (Privacy and Access) Act 1997 (ACT), the Health Records and Information Privacy Act 2002 (NSW), and the Health Information Privacy Code 1994 in New Zealand (Privacy Laws).

We aim to be as transparent as possible in this privacy policy about what we do with your personal information. Consequently, we review this privacy policy annually and update it.  The most up-to-date version of our privacy policy can always be found on our website www.medibank.com.au.  Where we make a material change to our privacy policy, we will notify you in writing.  After receiving any such notification, your next claim under your policy will be deemed to be your acceptance by conduct of – and consent to – any notified material changes.

Personal information and sensitive information

In this privacy policy you will see the terms ‘personal information’ and ‘sensitive information’ used. These terms have the following definitions:

• ‘personal information’ means information that identifies you or can be used to identify you, or from which you are reasonably identifiable.
• ‘sensitive information’ is a sub-set of personal information and includes information about your health, health services provided to you and your claims. Sensitive information is more protected under Privacy Laws than are other forms of personal information.

In this privacy policy, and unless otherwise stated, all references to ‘personal information’ include ‘sensitive information’.

Who we are

We are Medibank Private Limited ABN 47 080 890 259

(Medibank) and its subsidiaries including –

• Australian Health Management Group Pty Ltd ABN 96 003 683 298 (ahm)
• The MHS Group (MHS), the members of which are listed at the end of this policy
• References to ‘us’, ‘we’ or ‘our’ include Medibank, ahm, MHS and, where the context requires, other Medibank subsidiaries (collectively Medibank Group Companies).

Who this policy applies to

This privacy policy applies to:

• All current and past members of Medibank and ahm whose personal information we have collected
• All individuals whose personal information is collected in relation to the products and services offered by Medibank Group Companies
• All individuals whose personal information is collected by us in the course of our functions and activities, such as service providers, contractors and prospective employees.The types of personal information we may collect depends on our relationship with you, and may include:

The types of personal information we may collect

• identifying information such as name, date of birth and employment details;
• identification information for identity verification, such as your driver’s licence and Medibank member card;
• contact information such as home address, home and mobile phone numbers and email address, and in some cases your work contact details;
• government-issued identifiers including Medicare numbers;
• financial information, such as bank account and credit card details;
• sensitive information, including:
  • information about your health, health services provided to you and your claims;
  • biometric information and templates, such as voice recognition information;
  • lifestyle, diet, exercise and health related information that you self input into our wellbeing apps;
  • other sensitive information – such as your race and ethnicity where we are required to collect it;
• information about your activities, including sporting and other lifestyle interests;
• information about involvement in other programs you participate in or memberships you may have;
• your IP and/or IMEI information to detect unauthorised access to your membership and identify potential fraud and criminal behaviour; and
• information about your usage of our website and apps for the purposes of analytics (including when you use our website and apps and what you do, and the information you input, while using them), and subject to your marketing preferences – to target marketing to you (based upon your demographic information and use of our app and website). To gain this information we will use cookies, if the privacy settings you have chosen on your device allow it to accept our cookies. You can, if you wish, access the content on our website without accepting cookies, but will find navigation and returning to our website easier if you accept cookies.

We often need information which identifies you

You generally have the right not to identify yourself when dealing with us and to use a pseudonym, where it is lawful and practicable for us to allow it. However, in many instances we will need your identity details. For example, we will need your name and date of birth, if you want to have private health insurance coverage with us that receives the applicable government rebate.

If you do not provide or authorise the provision of personal information we request, we may be unable to provide you with some or all of our products and services or the products and services of our partners. If you ask us, we will tell you what personal information we must have in order to provide you with a particular product or service, and what requested personal information is optional for that product or service.

Subject to the applicable Privacy Laws, by becoming or remaining a member of one of our policies or by otherwise providing personal information to us, you confirm that you have consented to us collecting, using and disclosing your personal information, however collected by us, in accordance with this privacy policy (as amended and notified to you from time to time).

How we collect your personal information

We will only collect personal information about you by lawful and fair means.

We may collect personal information from you at various times, including:

• when you open and start to complete – or complete – an application form or other type of form in relation to our products and services;
• when you contact us in person, by phone, mail, email or online;
• when you make a claim;
• when you visit premises from which we operate; and
• when you visit our website or subscribe to or use one of our lifestyle and wellbeing apps.

We may collect your personal information from you, from another person covered by your policy, from a person authorised to provide us with your personal information on your behalf, or from an agency or organisation on whose behalf we are providing you with services or products (as agent for a principal).

We may also collect information about you from other sources, such as:

• a third party such as a hospital, dentist or optometrist or other health service provider who has treated you;
• an employer, educational institution, government agency or adviser who has dealt with you (or their authorised representatives);
• for overseas customers, your migration or other agent;
• Medibank Group Companies who have provided you with services including health-related services;
• a service provider engaged by us – or a third party who partners with us – to assist us in providing goods or services or administering our business (such as mailhouses, printing, and IT service providers and platforms, or marketing, planning and product or service development)
• if you are a health service provider, from relevant databases and directories;
• publicly available sources or networking services (including for the purpose of contacting you to offer our products and services, and you can let us know your preferences in relation to such contact, or to confirm information provided by you – such as publicly available job history (eg via LinkedIn), or to verify identity and prevent fraud);
• CCTV cameras in operation at our offices and retail centres;
• the main policy holder (or person setting up a policy to cover you) at the time that they incept (set up) the policy; and
• another health fund and your co-insured, if you have requested a transfer of your health insurance between that fund and us, so as to facilitate that transfer.

We also obtain information from other sources where:

• we provide products and services on behalf of or in conjunction with others, including business partners
• we need information from third parties relating to a product or service we provide to you, or relating to a health insurance claim
• we need information to prevent or minimise the risk of fraud
• you have consented to third parties sharing it with us, such as people you have authorised to deal with your policy.

Where we engage with you multiple times over a short period in relation to the same matter, we may not provide you with a separate notice about privacy each time we engage with you.

How we hold your personal information

We take reasonable steps to protect your personal information from misuse and loss and from unauthorised access, modification or disclosure.

We aim to store your information securely and have a range of security controls in place (including physical, technical and procedural safeguards) designed to protect your personal information.

Our employees and contractors regularly receive targeted privacy training.

We take reasonable steps to make sure that the personal information about you – that we collect, use and disclose – is accurate, complete, up to date and relevant.

When and how we dispose of your personal information

We seek to keep your personal information for only as long as it is required in order to provide you with products and services or to legitimately comply with our business and legal obligations and requirements. When it is no longer needed for these purposes, we may destroy or permanently de-identify this personal information. Consequently, if you request access to your old personal information, we may not be able to provide you with your records where they have been destroyed or de-identified.

How you can access your personal information

You can ask us for access to the information we hold about you at any time. We will endeavour to respond in a reasonable time, being within 30 days and as soon as is reasonably possible.

We will generally not charge a fee for accessing your personal information. We will only charge a fee to access information in exceptional circumstances, and where your request is particularly onerous.  We will let you know in advance of levying any fee to confirm that you still wish to proceed with your request.

When you contact us to seek access to your personal information, we will need to be reasonably satisfied it is you, and not an unauthorised person.

We may require you to substantiate your identity to protect you from fraud and privacy breaches perpetrated by third parties pretending to be you.

We may also use a third party and secure service to confirm your identity (such as two factor authentication), and your IMEI or IP address in some circumstances, to reduce the risk to you of identity theft and reduce fraud risk to us.

We may not always give you access to certain information you have requested, such as where:

• we no longer hold or use the information and have destroyed or de-identified it
• providing access would be unlawful
• we are required or authorised by law to deny access
• providing access would unreasonably impact on the privacy of others
• we cannot be satisfied that you are who you say you are (we cannot adequately identify you).

It would assist us to ensure we properly understand your request, and allow us to respond more promptly, if requests are made in writing and include as much detail as possible.

Protect yourself and your PIN

If you have a private health insurance policy with us, we encourage you to add a unique personal identification number (PIN) to your membership – to give you additional privacy protection.

Please protect your PIN by:

• keeping your PIN confidential,
• not writing it down or keeping a record of it with your membership card or policy documents,
• not choosing an easy to guess PIN (such as your date of birth), and
• not disclosing your PIN to other people covered by your policy or authorised to transact on your policy (as they need to have their own PINs).

If you think that your PIN has been compromised please let us know and change your PIN as soon as possible.

We may be able to offer additional privacy protections if you are a family violence victim or identity theft victim

 If you are a victim of family violence, stalking or identity theft, or believe your identity may have been compromised and/or have personal safety concerns, we encourage you to let us know to discuss further privacy protections that we may be able to provide you.

Why we collect and use your personal information – generally

Collecting your personal information

We collect your personal information to enable Medibank Group Companies and our third party suppliers and partners to provide you with products and services, including insurance, health-related services, partner offerings and information on other products and services (collectively Insurance and Health Products). We may also be required by law to collect some personal information.

Where you provide personal information to the Medibank Group Companies as a service provider, contractor or prospective employee, we collect your personal information to enable us to fulfil the purpose and related purposes for which you provided the information.

Using your personal information

We may use your personal information for these purposes, including to:

• process your policy application and manage your policy;
• manage our relationship with you;
• identify and communicate with you;
• provide you with requested information, products or services;
• process and audit payments and claims;
• analyse, investigate, pursue and prevent suspected fraudulent activities;
• manage and develop Insurance and Health Products;
• assess your suitability for and contact you about Insurance and Health Products that we believe may be of benefit to you;
• partner or work with third parties to improve our membership offering and value;
• manage and develop our business and operational processes and systems;
• conduct marketing – including targeted electronic marketing (such as emails, or advertisements on websites and social media platforms that you access);
• obtain feedback, and engage in analytic and research activities (inclusive of a wide range of analytics and customer behavioural research projects);
• manage and resolve any legal, clinical or commercial complaints or issues;
• perform other functions and activities relating to our business;
• in the case of your voice recording, use your voice to help us improve our voice-imprinting IVR (as an antifraud and detection) and refine our voice recognition software;
• comply with our legal obligations or enforce our legal rights; and
• as otherwise required or authorised by law, including the Privacy Laws.

We will use your personal information, including call recordings for training, coaching and development purposes unless you ask us not to.

De-identifying your information

Where both possible and in our view – appropriate, where using your personal information, we will seek to de-identify it, so that your identity is not readily ascertainable from the de-identified information or from triangulating your de-identified information with other sources of information.

Disclosing and sharing your personal information

In pursuing the purposes for which we may collect and use your personal information, we may disclose your personal information to persons or organisations in Australia and overseas including:

• Medibank Group Companies for the purpose of:
  • assisting you to ascertain if your existing cover is adequate for your current and foreseeable future needs;
  • offering ancillary services, health management programs and services which may be of benefit to you (for example, if you advise us that you will be having an operation, we may supply, and you consent to us supplying, information to a Medibank Group Company so they can offer rehabilitation and nursing services to assist you in your recovery and promote a positive outcome from your surgery);
  • verifying you as a Medibank or ahm member to provide you with services offered by MHS to Medibank and ahm members; and
  • ensuring that our customer records for you between ahm, Medibank and MHS are consistent, and accurate;
• our agents and service providers;
• our professional advisors;
• health service providers;
• other persons covered by your policy as part of administering the policy and paying benefits;
• potential or actual buyers of our assets or business, including only some assets or parts of our business;
• payment system operators and financial institutions;
• your agents and advisors or other persons authorised by, or responsible for, you;
• government agencies;
• your educational institution, migration agent or broker if you have overseas student health cover (OSHC) or a visitors cover product;
• third party insurers whom we are authorised to represent if you purchase other insurance products through us;
• third parties and other members of the Medibank Group with whom Medibank partners or works with – to improve your opportunities or improve your wellbeing and/or the value you get from your membership;
• other health funds, service providers or other third parties who assist us in the detection and investigation of fraud;
• in relation to a transfer certificate requested by you or the main policy holder – your co-insured (please note that a transfer certificate will show if anyone covered by the policy has exercised their lifetime mental health waiver, as we are required by law to include this detail);
• your employer (or their authorised representatives) if you have a corporate insurance product; and
• other parties to whom we are authorised or required by law to disclose information.

The collection, use and disclosure of your information should you subscribe to one of our lifestyle and wellbeing apps

Where you have subscribed to one of our health and well-being applications (app) and consented by agreeing to the terms and conditions of the app, then in addition to the general purposes of use and disclosure of your information set out in this privacy policy:

• we will collect, use and disclose your self-inputted personal, biometric, health, exercise and diet information and automatically inputted information from connected apps and devices for the purposes of that app in helping you to achieve your wellbeing goals;
• to facilitate the operation of the app, the app provider will also handle your information on our behalf and necessary information about you will be provided to rewards partners to allow you to redeem your rewards;
• you can choose how much information you disclose to us, and separately to other app users and your competition or team members, within the privacy settings and social posting functions of the app – at any time, but you must provide some personal information such as your email address, phone type, browser type, operating system and IP address to be able to use the app;
• you can choose to use a pseudonym in using the app (but you may not be able to claim full rewards with a pseudonym);
• if you delete the app it will retain your information for a defined and short period of time and for your benefit (should you change your mind and later want to reactivate the application and not lose your data – inclusive of your points and goals), unless you ask for your information to be deleted.

If you link any of our lifestyle apps to your wearable fitness devices:

• you may be asked to agree to the app provider’s privacy policy;
• we are not responsible for the collection and use practices of the app provider in these circumstances, in respect of your personal information;
• please visit the app provider’s website to understand their privacy practices and options they may make available to you in relation to their collection and use of your personal information.

If your personal information is hacked or inadvertently disclosed

If we become aware that we have inappropriately used or disclosed your personal information, or that the security of your personal information has been compromised (a data breach), and we are unable to rectify the data breach without any potential adverse effect on your privacy, we may contact you to inform you, and to work with you to minimise or mitigate the consequences of the data breach.

Pursuant to the Notifiable Data Breaches scheme (under Part IIIC of the Privacy Act 1988), we may be required to notify you of a data breach as soon as we practicably can if we consider you are reasonably likely to be at risk of serious harm (including financially or to your mental or physical wellbeing).  Where reasonably practicable we will give you details of the data breach and, where possible, steps you could take to lower the risk of harm to you.  We may make a public notification for a data breach affecting a large number of customers, before we contact you directly or in place of direct contact.

Direct marketing

From time to time, we may collect and use your personal information so that we can promote and market Insurance and Health Products to you and keep you informed of special offers from Medibank Group Companies and third parties. We may contact you in relation to these promotions and offers by direct mail, SMS and MMS messages, targeted marketing on social media platforms, in app and push notification, by phone and email.

You can opt out of marketing by contacting us. However, if you opt out of marketing you will still receive service related communications from us. If you opt out of marketing, please be aware that your details may still be shared with our marketing partners and/or mailhouses for the purposes of ensuring that they do not market to you.  For example, we may partner with a provider to market our products to their customers using their customer lists, but will provide a list of our ‘opted out’ customers to wash against their customer list securely, so as to ensure that customers who have opted out of our marketing, do not receive marketing.   If you have signed up to receive marketing from us or from our marketing partners and/or mailhouses via different email addresses, you may still receive marketing at any email addresses for which you have not opted out, as the above process will only identify where opted out email addresses are identical.  Therefore, please tell us all email addresses you wish to opt out of receiving marketing to – in order to stop receiving marketing from us or on our behalf to those email addresses.

If you want to change your communications preferences, please let us know. Please be aware that if you are an ahm customer, we require you to have an email address registered with us for service communications.

To opt out of marketing or change your communications preferences please contact us as set out below. Please note that if you opt out of marketing from Medibank, this will not opt you out of in-app marketing in or related to our lifestyle and wellbeing apps, and vice versa.  If you wish to opt out of marketing in our lifestyle and wellbeing apps you will need to do so in the privacy settings of the relevant app (set out below).

Medibank:

• Access the Manage My Preferences page within the Medibank Online Member Services facility; or
• Call us on 132 331; or
• Visit one of our stores.

ahm:

• Access the Settings page within the ahm Online Member Services facility; or
• Call us on 134 246 or (+61) 2 4221 8888 Monday to Friday: 8:00am – 6:00pm; or
• Email us at info@ahm.com.au

MHS:

• Please contact Privacy–MHS@medibank.com.au to opt out of marketing or change your communications preferences, and ensure that you advise us in you email of the programme (or product or service) you are enrolled in or receiving, and the MHS company providing it.

Apps:

• Access the about me page in Medibank’s lifestyle and wellbeing apps (for in app marketing preferences only – you will need to contact us by one of the other channels above to stop non-app related / associated marketing)

How we communicate with you

To keep you informed quicker, where you provide us with an email address, we send most service-related communications to you by email. Service-related communications are the essential things you need to know about your cover, like annual tax statements, changes to premiums and account notices. In some circumstances and for some products, including some ahm products, we require an email address to communicate with you as a term and condition of the product. You can otherwise choose how we communicate with you by contacting us as follows:

Medibank:

• Access the Manage My Preferences page within the Medibank Online Member Services facility; or
• Call us on 132 331; or
• Visit one of our stores.

ahm:

• Access the Settings page within the ahm Online Member Services facility; or
• Call us on 134 246 or (+61) 2 4221 8888 Monday to Friday: 8:00am – 6:00pm; or
• Email us at info@ahm.com.au

MHS:

• Please contact Privacy–MHS@medibank.com.au and ensure that you advise the programme (or product or service) you are enrolled in or receiving and the MHS company providing it.

Apps:

• Access the about me page in Medibank’s lifestyle and wellbeing apps (for in app preferences only – you will need to contact us by one of the other channels above for non-app related communications preferences)

Couples and family health insurance policies

Collecting your personal information

If you have a couples or family health insurance policy with us, we will collect information about dependants (partner and children) from the policy holder who sets up the policy, with the policy holder’s consent.

If you are a policy holder and provide us with information about your partner or a dependant who is 16 years or over, you need to:

• get their consent to give us their information;
• tell them you have given us their personal information;
• tell them that our privacy practices are set out in this privacy policy and how they can access this privacy policy; and
• tell them they are entitled to access their information by contacting us.

If you are a policy holder and provide us with information about your partner or a dependant who is 16 years or over, by providing that information you acknowledge that you are creating or that you have created the policy on behalf of your co-insureds, and you warrant that:

• you have their authority to agree to the relevant terms including consenting to the uses set out in this privacy policy on their behalf;
• you have made them aware of the information set out in this privacy policy and informed them of how they can obtain access to this privacy policy; and
• you have their consent to provide the information to us – and for us to use that information for the purposes set out in this privacy policy – and as otherwise permitted by law, including the Privacy Laws.

If a policy holder lodges a claim on your behalf, we act in reliance on the above warranties given by the policy holder, and accordingly assume you have given your consent to the policy holder to provide all the information we need to process your claim.

Using and disclosing your personal information

If you are a policy holder’s partner or dependant 16 years or older, we will not disclose information about your health insurance claims (except claims payments) without your consent unless required by law to do so (such as on a transfer certificate if you move to another health insurer).

All claims payments and general policy information will be sent to the policy holder.

The policy holder can:

• change details on the policy
• change level of cover
• add and remove persons from the policy
• receive benefits on behalf of dependants
• terminate the policy.

The policy holder can authorise their partner or dependant (16 years of age or over), to operate the policy. If the policy holder gives such authority, the authorised person will have the same level of access as the policy holder and so will be able to receive and view all personal information in connection with the policy that the policy holder can see, including in respect of claims made by the policy holder and co-insureds (where that information was available to the policy holder).  However (with the exception of Overseas Visitors Cover products) the authorised person cannot:

• terminate the policy
• remove the policy holder from the policy

The policy holder may grant this authority. The authority will remain in place until the policy holder contacts us to revoke it.

Relationship breakdowns

If the policy holder and their partner become divorced or separated, we require that the partner be removed from the policy and take out a separate policy under our fund rules, and to prevent privacy breaches. Please inform us promptly if this occurs so that we can take steps to enforce these processes.

If your child is insured or not-insured under the policy of your ex-partner, we cannot confirm this with you, or provide details about your ex-partner’s policy to you.

You may opt to pay for another person’s policy, but absent them giving you authority, this does not permit us to otherwise disclose information about the policy to you. You can however, contact us to cease your payments, but need to be aware that if you do this, we will contact the policy holder to advise them that their policy will be or is un-financial due to a cancelled payment or failed debit.

How we manage your personal information when you receive health-related services from MHS

This section of our Privacy Policy applies to health-related services provided to our private health insurance members by a member of MHS.

MHS may provide such services to our private health insurance members including telephonic services, chronic disease and health management programs and online health-related services.

In addition to the general purposes of use and disclosure set out in this privacy policy (except where specifically qualified or disclaimed below), MHS may collect and use your personal information to provide these services to you including to:

• manage their relationship with you and contact you for follow up purposes;
• manage, review, develop and improve their health-related services and their business and operational processes and systems;
• resolve any legal and/or commercial complaints or issues;
• provide information about the services to the funders of those services (for example Medibank may fund some services); and
• perform any of their other disclosed functions or activities.

MHS may collect your personal information from another Medibank Group Company, from you or from a person authorised by or responsible for you.

If you use health-related services, MHS may disclose your personal information to Medibank or ahm in order for us to ensure that you have appropriate cover, are eligible for services and that our records for you are accurate.

In order to perform the above functions, companies in MHS may disclose your personal information to each other and to third parties such as their agents, service providers and professional advisors, health service providers, persons authorised by or responsible for you, and to other parties to whom they are authorised or required by law to disclose information including government agencies, and these parties may collect that information.

Medibank Group Companies may also use and disclose your personal information to each other:

• to assess from what other services you may benefit and to facilitate the provision of such services;
• so we may have an integrated view of our members and provide you a better and personalised service; and
• to contact you (including by telephone call, text message or email) in relation to our health-related services and/or wellbeing services only.

You may withdraw your consent to the sharing of your sensitive information between Medibank Group Companies, or to being contacted in relation to our health-related services by contacting us:

Medibank: Access the Manage My Preferences page within the Medibank Online Member Services facility, call us on 132 331 or visit one of our stores.

Medibank apps: Delete your account within the Health & Wellbeing apps.

MHS: Contact the Privacy Officer at privacy@medibank.com.au

MHS does not share your information in certain circumstances

MHS does not share your personal information within the Medibank Group:

• if we tell you in the privacy consent for the service you are receiving that we will not share your information, or
• if you call one of the non-Medibank branded telehealth lines (that we provide for other entities and government departments). When you call these lines your information is segregated and not ever included or compared with our data about you as a Medibank or ahm member or prospective member. When calling a telehealth line, you can opt to use a pseudonym.

Access to limited personal information about you, when you obtain general insurance products through us

Medibank is an Authorised Representative for some general insurance companies. Where you seek a general insurance product from us as an Authorised representative, we will disclose your application information to the relevant general insurer.  However we will not disclose information about your private health insurance policy (except the fact that you or a co-policy holder are a member of Medibank) and claims history to the general insurer, nor in acting as an Authorised Representative will we refer to your other personal information held by us such as your membership or claims information.

Travel insurance

Medibank Private Limited ABN 47 080 890 259 (MPL) is an Authorised Representative, AR 286089, of Travel Insurance Partners Pty Limited ABN 73 144 049 230 AFSL 360138. MPL issues the insurance on behalf of the insurer.  The insurer is Zurich Australian Insurance Limited ABN 13 000 296 640 (Zurich). MPL collects your personal information including name, date of birth, payment details and travel details.  MPL assesses your application.  If your application is approved, MPL provides your personal information to Covermore Insurance Group, a subsidiary of Zurich which is responsible for the administration of your travel insurance policy.

Pet insurance

Medibank pet insurance issued by the insurer The Hollard Insurance Company Pty Ltd ACN 090 584 473 AFSL 241436 (Hollard), is promoted by Medibank Private Limited (ACN 080 890 259 AR 286089) (MPL) and administered by PetSure (Australia) Pty Ltd (ACN 075 949 923 AFSL 420183) (PetSure). MPL acts as an authorised representative of PetSure. MPL collects your personal information including your name, address, date of birth, whether you are an MPL member and your name if you are a co-policy holder.    Petsure processes and approves your application for pet insurance.  Petsure also administers your pet insurance policy

Life insurance, funeral insurance and income protection

Medibank life insurance products are issued by the insurer, Swiss Re Life & Health Australia Limited ABN 74 000 218 306 AFSL 324908 (Swiss Re). Medibank life insurance products are distributed by Greenstone Financial Services Pty Ltd ABN 53 126 692 884 AFSL 343079 (Greenstone) and promoted by its Authorised Representative Medibank Private Limited ABN 47 080 890 259 AR 286089 (MPL).  Medibank Private Limited is also authorised by Greenstone to distribute Medibank Starter Life insurance.  MPL collects your personal information and refers your personal information to Greenstone to assess your application. MPL retains your personal information for future marketing purposes.

We may disclose your personal information overseas

We may need to disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business. Most of these overseas organisations are services providers or related entities which provide support and assistance to us in delivering our products and services to you. You consent to the collection, use, storage, and processing of your personal information outside of Australia as set out in this privacy policy.

On occasion, we may also disclose your personal information to overseas organisations where you instruct us or expressly consent to us doing so. In such cases, we may not be able to ensure adequate protection in relation to those organisations’ management of your information.

If you have a corporate health insurance product, there may be occasions where we are instructed by your employer to disclose your information to an overseas organisation in order to administer your policy.

Please see below in this policy a list of countries to which your personal information may be disclosed, although your personal information may be disclosed to other countries outside of that list where our service providers or other relevant third parties, or their (or our) computer systems may be located from time to time.

Corporate health insurance policies for religious organisations

If you are a member of a religious order and covered by a corporate health insurance policy for your religious order, pursuant to the authority you have provided, we will share your personal information with the person responsible for administering that policy for your religious order, for the purposes of processing your policy application and managing your policy.  This includes:

• Sharing information about:
  • premiums (including any Australian government rebate which may apply)
  • personal information such as name, address, date of birth of all members and dependants under the policy
  • details of your insurance cover
  • details about your claims
• Allowing your religious order’s administrative person to make changes to your health insurance policy, including:
  • Suspending your policy
  • Closing your policy
  • Changing the scale of your policy
  • Changing the cover of your policy
  • Administrative changes, such as ordering new cards
  • Directing where claims benefits are to be paid.

Correcting your personal information

To enable us to provide the best services to you, it is important the information we hold about you is up to date. Please contact us when your details change.

If you believe any information we hold about you is inaccurate, incomplete or out of date, please let us know. We will take reasonable steps to amend any personal information about you which is inaccurate or out of date.

You can get in touch with us at Medibank and ahm to request the above any time you wish to do so.

In some circumstances, we may refuse to correct your personal information. Where this happens, we will provide you with reasons for this decision (except to the extent that it would be unreasonable to do so), seek alternatives and take any further legally required steps.

Contact us if you have concerns about our collection, use or disclosure of your personal information

If you have any concerns or queries about the manner in which your personal information has been handled, please contact our Privacy Officer whose contact details are provided below.

If you wish to make a formal complaint, please provide your complaint in writing to our Privacy Officer, and detail information relevant to your complaint. Please note that we will receive and action your request faster if you email it to us using the details below.

Medibank, ahm or MHS: Group Privacy Officer, Medibank Private Limited, post – GPO Box 9999 (Your Capital City) or e-mail – privacy@medibank.com.au

We will consider your complaint promptly and contact you to seek to resolve the matter.

Generally, we will contact you to acknowledge receipt of your complaint and let you know who is managing your query within 5 business days of receiving it. We will attend promptly to your complaint and will aim to respond to your concerns or otherwise keep you informed of our progress within 30 days.

If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner and can find more information on the Commission’s website www.privacy.gov.au.

Countries to which we may disclose your personal information

Listed below are the countries to which we may disclose personal information about you in the course of our functions and activities. This list does not include countries where you may have specifically instructed us to send your information or expressly consented to us sending your information. We may also disclose personal information about you to recipients in other countries from time to time that are not on this list, where our service providers or relevant third parties, or their (or our) computer systems and/or IT services may be located.

• India
• New Zealand
• United States
• Japan
• Ireland
• Fiji
• France
• Indonesia
• United Kingdom
• Germany
• Singapore
• Canada
• South Africa
• Vietnam
• Mauritius

This list is updated from time to time. You can visit our website at any time to view the latest version (listed in the most up to date version of this Privacy Policy.

Members of the MHS Group

For the purposes of the definition of “MHS Group” used in this Privacy Policy, the members of the MHS Group include:

•  Australian Health Management Group Pty Ltd (ahm) (ABN 96 003 683 298), excluding the ahm branded Private Health Insurance business, for which Medibank has a separate privacy policy (ahm Privacy Policy) available on the ahm website

• Medibank Health Solutions Pty Limited (ABN 99 078 943 791) (formerly Health Services Australia Pty Ltd) and its subsidiary companies, being:
  • Integrated Care Services Pty Limited (ABN 71 059 950 695) (trading as Care Complete)
  • Medibank Health Solutions Telehealth Pty Ltd (ABN 40 069 396 792)
  • Medibank Health Solutions New Zealand Pty Ltd (which also provides services in New Zealand)
  • Medi Financial Services Pty Ltd
  • Live Better Management Pty Ltd (ACN 003 457 289)
  • MH Investment Holdings Pty Ltd (ACN 169 818 884) and its subsidiaries:
    • Home Support Services Pty Limited (ACN 008 193 100)
    • Healthstrong Pty Ltd (ACN 155 277 919)

132 331

The information contained on this page supersedes all previously published material.

Medibank Private Limited ABN 47 080 890 259   MPL30830515