Our Privacy Policy

Introduction

This Privacy Policy explains how we collect and handle your personal information. It also describes your rights in relation to the personal information we hold about you.

This Privacy Policy applies to everyone who has a current or past relationship with Medibank Group Companies. This includes:

• private health insurance members of Medibank,
• customers or individuals who contact us regarding any products and services offered by Medibank Group Companies, and
• individuals whose personal information we have collected in the course of our functions and activities, such as service providers, contractors and prospective employees.

This Privacy Policy does not apply to ahm. ahm has its own privacy policy available on the ahm website: https://ahm.com.au/privacy-policy

How to read this policy

This Privacy Policy is structured in five Parts:

• Part 1 sets out general terms that apply to the provision of products and services by Medibank Group Companies that are covered by this Privacy Policy,
• Part 2 sets out provisions that apply to the provision of health insurance services by Medibank (but not ahm),
• Part 3 sets out provisions that apply to the provision of health services with Amplar Health,
• Part 4 sets out provisions that apply to the provision of Wellbeing Programs by Medibank Group Companies, and
• Part 5 sets out provisions that apply to the provision of other services by Medibank Group Companies. 

Section 1: Types of personal information we may collect

The types of personal information we may collect about you include:

(a) identifying information such as name, date of birth and employment details, 

(b) contact information such as home address, home and mobile phone numbers and email address, and in some cases your work contact details, 

(c) financial information such as bank account and credit card details,

(d) information about involvement in other programs that you participate in or memberships you may have,

(e) if you visit our website, your IP address and IMEI information,

(f) information about your health,

(g) information about your usage of our website and apps, and

(h) other personal information described in Parts 2 to 5 (as applicable).

The personal information we collect depends on your relationship with us. It can be information we use to identify and contact you, and manage your account (if any). Some of the information can be sensitive, like details about your health. 

Section 2 : Collecting personal information

Why we collect personal information

We collect personal information:

(a) to enable us and our third party suppliers and partners to provide or offer to provide you with products and services. These products and services include Insurance and Health Products,

(b) where we are required to do so by law, or

(c) where you provide personal information to us as a service provider, contractor, or prospective employee, for the purposes for which you provided us with the information, and any related purposes.

When we collect personal information

We may collect personal information at various times, including when you:

(a) contact us by phone, mail, email or online or visit us in person,

(b) start or complete a request for quote, an application form or other type of form in relation to our products and services,

(c) make a claim, or

(d) visit our website or when you input or allow collection of information through our apps.

How we collect and hold personal information

We may collect personal information about you directly from you or from other sources such as:

(a) an employer, educational institution, government agency or adviser (or their authorised representatives) who has dealt with you,

(b) persons who are authorised to share personal information with us. These include people you have authorised to deal with us in relation to your arrangements, such as attorneys you have appointed under a power of attorney, your guardian, or your other agents or representatives,

(c) Medibank Group Companies who have provided you with health services or other services,

(d) if you are a health service provider, from relevant government or industry services, databases and directories,

(e) service providers that assist us to provide goods or services or to operate or administer our business (for example, by assisting us with marketing, planning and product or service development),

(f) third parties who we partner with or use to offer or provide you with products and services,

(g) CCTV cameras at our offices and retail centres,

(h) publicly available sources or networking services. We may do this to offer you our products and services or to verify identity or other information provided by you,

(i) by using cookies to understand how you use our website and apps. We only use cookies if the privacy settings you have chosen on your device allow it to accept our cookies. You can access the content on our website without accepting cookies, but will find navigation and returning to our website easier if you accept cookies,

(j) information sources, service providers or organisations that we use to prevent or minimise the risk of fraud, and

(k) other sources described in Parts 1 to 5 (as applicable).

We collect personal information so that we can provide products and services to our customers and members. We also collect it when required by law and for any other purpose you have provided information to us for. We do this at different times and in several ways.

Section 3: Why we need your personally identifiable information 

Where it is lawful and practicable for us, you can choose not to identify yourself when dealing with us and to use a pseudonym. However, in many situations, we need your identity details. For example, we need your name and date of birth if you want to have private health insurance coverage with us that receives the applicable government rebate. We also need to verify your identity to set up and allow you to access your policy, membership and records.

If you do not provide or allow us to have your personal information when we need it, we may be unable to provide you with some or all of the products and services you require. If you ask us, we will tell you what personal information we need to provide you with a particular product or service.

In some limited circumstances, you may be able to choose whether to identify yourself when you deal with us.

Section 4: Use of your personal information

We may use personal information for any of the following purposes:

(a) to manage our relationship with you, to identify and communicate with you, or to provide you with products, services or information that you have requested,

(b) to manage and resolve any legal, clinical or commercial complaints or issues,

(c) to analyse, investigate, pursue and prevent suspected fraudulent or criminal activities,

(d) where we record your calls, to identify you and manage our relationship with you. We may also use call recordings, for training, coaching and development purposes unless you ask us not to at the time of the call,

(e) to improve our voice-imprinting IVR systems and our voice recognition software,

(f) to comply with our legal obligations or enforce our legal rights, or as otherwise required or authorised by law,

(g) subject to section 6, to promote and market Insurance and Health Products to you or to keep you informed of special offers from Medibank Group Companies and third parties,

(h) to manage, review, improve and develop our membership offerings, products and services or our business and operational processes and systems. This includes obtaining feedback, and undertaking business intelligence, analytics and research activities and projects or partnering with third parties to assist us to do so,

(i) to assist you with assessing your suitability for insurance products or health related services, 

(j) to undertake other general functions and activities relating to the operation of our business and assets. This includes training, coaching, development, and audit, or

(k) other purposes described in Parts 2 to 5 (as applicable).

We use your personal information in a number of ways. This includes what we need to do to manage our relationship with you, and what’s required by law.

Section 5: Disclosing your personal information

In collecting and using personal information, we may disclose personal information:

(a) to your agents, advisors or other persons whom you have authorised, or who are responsible for you,

(b) to our agents, service providers and professional advisors,

(c) to payment system operators and financial institutions,

(d) to government agencies,

(e) to other health funds, service providers or organisations who assist us in the detection and investigation of fraud,

(f) to other parties to whom we are authorised or required by law to disclose information,

(g) on a de-identified basis, to third parties that we partner with to provide or improve our products and services. We will only disclose your identifiable information to them with your consent,

(h) to potential or actual buyers of parts or all of our assets or businesses, or

(i) to anyone else described in Parts 2 to 5 (as applicable).

There’s a range of people and organisations we may share your personal information with. We share personal information only as legally permitted.

Section 6: Communicating with you and direct marketing

Service-related communications

We will communicate with you using the contact details that we have collected for you. In some circumstances and for some products and services, we will require an email address to communicate with you.

If you provide us with an email address, we will send most service-related communications to you by email. Service-related communications are the essential things you need to know about our products and services. For example, in relation to your insurance cover, service-related communications include annual tax statements, changes to premiums and account notices.

Marketing communications

If you consent to receive marketing communications from us, or where we are permitted to do so by law, we may contact or approach you directly to promote and market health services to you and keep you informed of special offers from relevant Medibank Group Companies and third parties. We may do this via various channels (for example, by mail, SMS, phone, email and MMS messages, through targeted marketing on social media platforms, in app or push notifications).

You can opt-out of receiving marketing communications at any time by:

(a) submitting a ‘unsubscribe’ request via the link in our communications,

(b) updating your communication preference settings on our relevant app(s), or

(c) letting us know through our details set out in section 11.

However:

(d) you will still receive the service-related communications described in section 6,

(e) you will need to opt-out separately from direct marketing from each of Medibank Group Companies and from direct marketing in our lifestyle and wellbeing apps,

(f) we may be required to share your details with our marketing partners and service providers to ensure that they do not direct market you, and

(g) if you have provided us, our marketing partners or service providers with several different email addresses or contact details, you will need to let us know which of the email addresses or contact details that the opt-out will apply to. 

We send both service-related and, from time to time, marketing communications. You can decide whether to receive marketing communications or not.

Section 7: How you can access your personal information

You can ask us for access to the information we hold about you at any time. To enable us to assess and respond to your request promptly, please call or email us through the communication channels in section 11 and provide us with all necessary information about your records. To protect you and us from fraud and misuse of your information, when you contact us to seek access to your personal information, we will need to be reasonably satisfied it is you or a person you have authorised. To do this, we may:

• require you to verify your identity (such as by using two factor authentication or provide us with your certified ID), or
• use a third party and secure service or your IMEI or IP address to assist us to verify your identity.

We will endeavour to respond in a reasonable time, usually within 30 days of receipt of your request.

We may charge a reasonable fee for providing your personal information. We will let you know in advance of charging any fee to confirm that you still wish to proceed with your request. In some circumstances, we may refuse to provide you with access to your personal information. If we do this, we will write to you to let you know. 

Your information belongs to you, and you can ask us for it anytime. When you request it you will need to confirm your identity, and give us a reasonable time to get it back to you.

Section 8: How you can correct personal information

To enable us to provide the best services to you, it is important that the information we hold about you is up to date. Please let us know when your details change.

If you believe any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please let us know through the communications channels described in section 11. We will take reasonable steps to update any personal information about you that is inaccurate, out of date, incomplete, irrelevant or misleading.

In some circumstances, we may refuse to correct your personal information. If we do this, we will write to you to let you know.

It’s important to make sure that the details we have for you are correct.

Section 9: Disclosure overseas

We may disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business, functions or activities. Most of these overseas organisations are service providers or their related entities which provide support and assistance to us in delivering our products and services to you and are likely to be located in the following countries:

• Canada
• Fiji
• France
• Germany
• Indonesia
• Ireland
• Japan
• Mauritius
• Netherlands
• New Zealand
• Philippines
• Singapore
• South Africa
• United Kingdom
• United States
• Vietnam

We may also disclose your personal information to an overseas organisation if you have a corporate health insurance product and we are instructed by your employer to disclose your information to that overseas organisation in order to administer your policy.

We may sometimes share your personal information with organisations overseas that support and help us.

Section 10: Privacy Policy Updates

We will review and update this privacy policy from time to time where necessary to reflect changes in applicable laws or in our privacy management practices. Where we make a material change to our privacy policy, we will notify you in writing or through our website.

The most up-to-date version of our privacy policy can always be found on our website, medibank.com.au.

Our privacy policy online is always up to date, and you can check it anytime. We’ll let you know if there are any plans to make a change that could be negative to you.

Section 11: How you can contact us

Contact details for specific privacy queries

Medibank:

• Access the Manage My Preferences page within the Medibank Online Member Services facility,
• Call us on 132 331,
• Visit one of our stores,
• Email us at privacy@medibank.com.au, or

Amplar Health:

• Email us at MHSPrivacyInbox@medibank.com.au and ensure that you state the programme (or product or service) you are enrolled in or receiving.

Wellbeing Programs (including Live Better):

• Access the “About Me” page in Medibank’s lifestyle and wellbeing apps (for in app preferences only)
• For other matters, email us at privacy@medibank.com.au, or

If you are a provider:

Call us on 1300 130 460.

General privacy queries or complaints

If you have any concerns or queries about the manner in which your personal information has been handled, please contact our Privacy Officer at:

Group Privacy Officer
Medibank Private Limited
GPO Box 9999 (Your Capital City)

or privacy@medibank.com.au

If you wish to make a formal complaint, please provide your complaint in writing to our Group Privacy Officer and provide all information relevant to your complaint. We will receive and be able to action your request faster if you email it to us using the details above.

If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act 1988 (Cth) to make a complaint to the Office of the Australian Information Commissioner. You can do so here. 

How to contact us.

Section 12: The types of personal information we may collect

The types of personal information we may collect about you includes:

(a) the types of personal information described in section 1,

(b) identification information (such as driver’s licence number and Medibank member card number), 

(c) your power of attorney (if you have one),

(d) government-issued identifiers including Medicare number, and

(e) sensitive information, including: 

(i) information about your health, health services provided to you and your claims, and

(ii) other sensitive information, such as your race and ethnicity where we are required to collect it.

In addition to the information in Section 1, if you’re a Medibank health insurance member we will also collect specific information relevant to your health insurance membership. This includes claim and identification information.

Section 13: When we collect personal information

We may collect personal information about you:

(a) in the circumstances set out in section 2,

(b) from an agency or organisation on whose behalf we are providing you with services or products (for example, where we act as their agent),

(e) from another health fund and your co-insured, if you have requested a transfer of your health insurance between that fund and us,

(f) from a third party such as a hospital, dentist, nurse, doctor, optometrist, community worker or other health service provider who has treated you, or who has been engaged to provide you with clinical or non-clinical care,

(f) from a third party from whom we need information relating to a health insurance claim that you have made, or

(g) if you are covered by a couples or family health insurance policy with us, in the circumstances set out below in section 16.

We collect personal information at different times and in several ways. This includes when you fill out one of our application forms, contact us, or make a claim. We collect this information from you, and people you have authorised. We may also do so from sources like hospitals, health providers, or health agencies.

Section 14: Use of your personal information

We may use personal information about you:

(a) in the circumstances set out in section 4, or

(b) to process your policy application and manage your policy, including to process and audit payments and claims. 

We use your personal information in a number of ways. This includes what we need to do to manage our relationship with you as our Medibank health insurance member, and what’s required by law.

Section 15: Disclosing your personal information

We may disclose personal information about you:

(a) in the circumstances set out in section 5,

(b) with your consent, to Medibank Group Companies for the purpose of:

(i) assisting us to ascertain if your existing cover is adequate for your current and foreseeable future needs, or

(ii) offering ancillary services, health management programs and services which may be of benefit to you,

(c) if you have registered with a Wellbeing Program that provides you with rewards or benefits based on eligible Medibank health insurance claims, to the Medibank Group Company that operates that Wellbeing Program,

(d) to health service providers to provide clinical or health services that you have requested. These providers include doctors, hospitals, physiotherapists, nurses, dietitians, cardiac rehabilitation nurses, speech therapists, podiatrists, and other clinicians,

(e) if you have OSHC or a visitors cover product, to your educational institution, migration agent or broker,

(f) if you purchase an insurance product from us as an authorised representative of a third party general insurer, we will disclose your application information to the general insurer. However, we will not, without your consent:

(i) disclose information about your private health insurance policy (except the fact that you or a co-policy holder are a member of Medibank) and claims history; or

(ii) refer to your other personal information held by us, such as your membership or claims information, in acting as an authorised representative of that general insurer, 

(g) if you have a corporate health insurance product, to your employer (or their authorised representatives),

(h) if you are covered by a couples or family health insurance policy with us, in the circumstances set out below in section 16, or

(i) if you are a member of a religious order and covered by a corporate health insurance policy for your religious order, in the circumstances set out below in section 17.

There’s a range of people and organisations we may share your personal information with. We do this to provide you with our health insurance service. We also do it to provide any associated services you have subscribed to as part of your Medibank health insurance membership.

Section 16: Couples and family health insurance policies

Collection of personal information

If you are a partner or dependent child covered by a couples or family health insurance policy, we may also collect information about you from the policy holder who set up the policy. If you are 16 years or older, that policy holder must ensure that they have the authority and consents from you to provide your information to us.

Disclosure of personal information

If you are a person covered by a couples or family health insurance policy, we may also disclose:

(a) claims and general policy information to the policy holder. However, if you are aged 16 years or older, we will not disclose information about your health insurance claims (except claims payments) without your consent unless we are permitted or required by law to do so (such as on a transfer certificate if you move to another health insurer),

(b) personal information about you as part of administering the policy and paying benefits, or

(c) if you or the main policy holder has requested a transfer certificate, to your co-insured. Please note that we are required by law to state in the transfer certificate if anyone covered by the policy has exercised their lifetime mental health waiver.

If you choose to pay for another policy holder’s health insurance policy, you acknowledge that:

(a) even though you are responsible for payment, we are not permitted to disclose information about their policy, claims or personal information to you, and

(b) if you notify us that you will cease making payments for that policy, we will contact the policy holder to advise them that their policy will be or is un-financial due to a cancelled payment or failed debit.

Divorce or separation

Under our fund rules, if the policy holder and their partner under a couples or family health insurance policy separate or divorce, the partner must be removed from that policy and take out a separate health insurance policy. This is also intended to protect the privacy of both the policy holder and their ex-partner. In this regard, we cannot provide information to either the policy holder or their ex-partner as about the other’s health insurance policies. We also cannot provide information either of them about whether or not any dependent children are covered under the health insurance policies of the other.

Family Violence

If you are a victim of family violence or stalking, or have concerns about your personal safety, we encourage you to let us know to discuss further privacy protections that we may be able to provide you.

We may collect or share information with the person who holds the policy. If you’re over 16, you will need to provide permission for some of this.

If you separate or divorce, you and your ex-partner will need to take out separate policies.

Section 17: Corporate health insurance policies for religious organisations

If you are a member of a religious order and covered by a corporate health insurance policy for your religious order, we will disclose your personal information to the person responsible for administering that policy for your religious order, for the purposes of processing your policy application and managing your policy. This includes:

(a) sharing information about:

(i) premiums (including any Australian government rebate which may apply),

(ii) personal information such as name, address, date of birth of all members under the policy,

(iii) details of your insurance cover, or

(iv) details about your claims, and

(b) allowing your religious order’s administrative person to make changes to your health insurance policy, including:

(i) suspending your policy,

(ii) closing your policy,

(iii) changing the scale of your policy,

(iv) changing the cover of your policy,

(v) administrative changes, such as ordering new cards, or

(vi) directing where claims benefits are to be paid.

We share your personal information with the policy administrator. This is so that we can process your application and manage your policy.

Section 18: Types of personal information we may collect

The types of personal information we may collect about you includes:

(a) the types of personal information described in section 1,

(b) identification information for identity verification, such as driver’s licence and Medibank member card, 

(c) government-issued identifiers including Medicare numbers, 

(d) sensitive information, including: 

(i) information about your health, health history, health services provided to you and your claims,

(ii) biometric information and templates,

(iii) other sensitive information – such as your race and ethnicity where we are required to collect it, and

(e) information about your activities, including sporting and other lifestyle interests.

In addition to the information in Section 1, if you receive services from Amplar health we will also collect specific information that’s relevant to our providing these services.

Section 19: When we collect your personal information

We may collect personal information about you:

(a) in the circumstances set out in section 2,

(b) from an agency or organisation on whose behalf we are providing you with services or products (for example, where we act as their agent),

(c) from a third party such as a hospital, dentist, nurse, doctor, optometrist, community worker or other health service provider who has treated you, or that we have engaged to provide you with clinical or non-clinical care,

(d) from a third party from whom we need information relating to a health insurance claim that you have made,

(e) from an agency, organisation or provider that has referred you to us for clinical or non-clinical care,

(f) from another person covered by your policy, or

(g) your health fund who funds your health service.

In addition to the information in Section 2, we may collect information from sources like hospitals, health providers, health agencies, or health program funders.

Section 20: Use of your personal information 

We may use personal information about you in the circumstances set out in section 4.

Section 21: Disclosing your personal information

We may disclose personal information about you:

(a) in the circumstances set out in section 5,

(b) to Medibank Group Companies for the purpose of:

(i) providing you with health services you have requested,

(ii) ensuring you are eligible for services and that our records for you are accurate, or for updating your policy if necessary,

(iii) with your consent, assisting us to ascertain if your existing cover is adequate for your current and foreseeable future needs, or

(iv) with your consent, offering ancillary services, health management programs and services which may be of benefit to you,

(c) to the funders of services provided to you,

(d) to health service providers to provide clinical or health services to you. These providers include doctors, hospitals, physiotherapists, nurses, dietitians, cardiac rehabilitation nurses, speech therapists, podiatrists, and other clinicians, or

(e) to service providers to provide non-clinical services to you. The providers include gardeners, cleaners, transport providers, accommodation providers and carers, as relevant to the services provided to you.

In addition to the information in section 5, we may share information about you with other sources like Medibank Group Companies, health program funders, and health service providers.

Section 22: Types of personal information we may collect

The types of personal information we may collect about you includes:

(a) the types of personal information described in section 1,

(b) phone type, browser type, operating system, and IP address,

(c) any information about your lifestyle, activities, interests, diet, exercise, biometrics, health goals or other health related information that:

(i) you input into our Wellbeing Program apps, 

(ii) you authorise our rewards partners to provide to us in connection with our Wellbeing Programs, or

(iii) you authorise your credit, debit or loyalty card provider to provide to us in connection with our Wellbeing Programs,

(d) if you have registered with a Wellbeing Program that provides you with rewards or benefits based on eligible Medibank health insurance claims, information about those eligible claims, and

(e) information from apps or devices (such as wearable devices or phones) that you allow our lifestyle and wellbeing apps to access, including: 

(i) biometric information and templates, such as voice recognition information, and

(ii) activity and health information. 

If you subscribe to any of our Wellbeing Programs, we will collect personal information to bring you our wellbeing program. Some of the information can be sensitive, like details about your health and lifestyle. We also collect information about the technology you’re using to access our apps.

Section 23: When we collect personal information

We may collect personal information about you:

(a) in the circumstances set out in section 2,

(b) when you subscribe to or use one of our lifestyle and wellbeing apps,

(c) from our rewards partners when you authorise them to provide us information in connection with our Wellbeing Programs,

(d) from your credit, debit or loyalty card provider, when you authorise them to provide us information in connection with our Wellbeing Programs,

(e) if you have registered with a Wellbeing Program which rewards you based on your eligible Medibank health insurance claims, when you make any eligible claims, or

(f) from our partners whose apps and devices you connect to our lifestyle and wellbeing apps.

In addition to the information in Section 2, we may also collect your information from sources like our apps, and authorised partners and providers.

Section 24: Use of your personal information

We may use personal information about you for any of the following purposes:

(a) to provide you with any Wellbeing Programs that you have registered for,

(b) to manage our relationship with you, to identify and communicate with you, or to provide you with products, services or information that you have requested,

(c) to manage and resolve any legal or commercial complaints or issues,

(d) to analyse, investigate, pursue and prevent suspected fraudulent or criminal activities,

(e) where we record your calls, to identify you and manage our relationship with you. We may also use call recordings, for training, coaching and development purposes unless you ask us not to at the time of the call, or

(f) to improve our voice-imprinting IVR systems and our voice recognition software,

(g) to comply with our legal obligations or enforce our legal rights, or as otherwise required or authorised by law,

(h) subject to section 6, to promote and market Insurance and Health Products to you or to keep you informed of special offers from Medibank Group Companies and third parties,

(i) to manage, review, improve and develop our Wellbeing Program membership offerings, products and services or our business and operational processes and systems. This includes obtaining feedback, and undertaking business intelligence, analytics and research activities and projects or partnering with third parties to assist us to do so, or

(j) to undertake other general functions and activities relating to the operation of our business and assets. This includes training, coaching, development, and audit.

We will not link your Wellbeing Program to any Medibank private health insurance account you may have with us unless you consent to us doing so. 

We use your personal information in a number of ways. This includes what we need to do to bring you our wellbeing programs, and what’s required by law.

Section 25: Disclosing your personal information

We may disclose personal information about you:

(a) in the circumstances set out in section 5,

(b) if you have registered with a Wellbeing Program that provides you with rewards or benefits based on eligible Medibank health insurance claims, to Medibank for the purposes of that Wellbeing Program,

(c) to our third party Wellbeing Program providers and suppliers to the extent necessary for them to facilitate or manage the operation of the Wellbeing Program,

(d) to our rewards partners in any Wellbeing Program and any third party credit card linking solution provider, to the extent necessary to facilitate your participation in the Wellbeing Program and to allow you to earn or redeem rewards,

(e) to our activity tracking partners, or

(f) to other Wellbeing Program users and your competition or team members, where you choose to enable this functionality in the Wellbeing Program app.

There’s a range of people and organisations we may share your personal information with. We do it so that we, and our rewards partners, providers and suppliers, can provide you with products and services. We also share personal information where required by law.

Section 26: Other important information

If you delete a Wellbeing Program app, the app will continue to store your personal information for a short period of time. This is so you do not lose your data (including your points and goals) if you change your mind and re-install the Wellbeing Program app. We will delete your information if you ask us to, but that means you will no longer have a membership to the app.

If you link any of our Wellbeing Program apps to your wearable fitness devices:

(a) you may be asked to agree to the app provider’s privacy policy, and we will not be responsible for the collection and use practices of the app provider in respect of your personal information, and

(b) please visit the app provider’s website to understand their privacy practices and options they may make available to you in relation to their collection and use of your personal information.

When you delete one of our apps, it will keep your information for a short time. You can ask us to delete this if you like.

Section 27: The types of personal information we may collect

The types of personal information we may collect about you includes:

(a) the types of personal information described in section 1 ,

(b) identification information such as driver’s licence number and Medibank member card number, 

(c) government-issued identifiers including Medicare number, and

(d) sensitive information, including: 

(i) information about your health, health services provided to you and your claims,

(ii) biometric information and templates, such as voice recognition information, and

(iii) other sensitive information - such as your race and ethnicity where we are required to collect it.

In addition to the information in Section 1, we may also collect other identification information, government-issued identifiers, and sensitive information.

Section 28: When we collect your personal information

We may collect personal information about you:

(a) in the circumstances set out in section 2,

(b) from another person covered by your policy (or person setting up a policy to cover you),

(c) from an agency or organisation on whose behalf we are providing you with services or products (for example, where we act as their agent),

(d) from another insurance company and your co-insured, if you have requested a transfer of your insurance between that fund and us, so as to facilitate that transfer, or

(e) if you purchase a travel or life insurance product from us, from a third party such as a hospital, dentist, nurse, doctor, optometrist, community worker or other health service provider who has treated you, or that has been engaged to provide you with clinical or non-clinical care under the product.  

We may collect your information at different times, from different sources.

Section 29: Use of your personal information

We may use personal information about you:

(a) in the circumstances set out in section 4,

(b) to process your policy application and manage your policy, including to process and audit payments and claims, or

(c) to verify your identity, if you are the power of attorney of a person that has, or has applied for, private health insurance with Medibank.

In addition to the circumstances in Section 4, we may use your personal information to manage your policy and policy information, or verify your identity.

Section 30: How we disclose personal information

We may disclose personal information about you:

(a) in the circumstances set out in section 5,

(b) with your consent, to Medibank Group Companies for the purposes of:

(i) assisting us to ascertain if your existing cover is adequate for your current and foreseeable future needs,

(ii) offering ancillary services, health management programs and services which may be of benefit to you,

(c) if you purchase a travel or life insurance product from us, to health service providers to provide clinical or health services to you under that product. These providers include doctors, hospitals, physiotherapists, nurses, dietitians, cardiac rehabilitation nurses, speech therapists, podiatrists, and other clinicians,

(d) to other persons covered by your policy as part of administering the policy and paying benefits,

(e) to your educational institution, migration agent or broker if you have a visitors cover product,

(f) if you purchase an insurance product from us as an authorised representative of a third party general insurer, we will disclose your application information to the general insurer. However, we will not, without your consent:

(i) disclose information about your private health insurance policy (except the fact that you or a co-policy holder are a member of Medibank) and claims history, or

(ii) refer to your other personal information held by us such as your membership or claims information in acting as an authorised representative of that general insurer, or

(g) to your employer (or their authorised representatives) if you have a corporate insurance product.

In addition to the circumstances in section 5, we may share your personal information with Medibank Group Companies, health service providers, and other people on the policy.

Section 31: How we handle personal information as a contracted health service provider

We may provide non-Medibank or non-Amplar Health branded services as a contracted health service provider. In this situation, we will handle personal information in accordance with the contract we have with the third party who is providing you with the relevant services. That organisation’s privacy policy will apply to the services you receive. We will not disclose information we collect to other Medibank Group Companies. 

If you call a non-Medibank branded telehealth line (that we provide as a service provider to other entities and government departments):

(a) your information is segregated and not included or compared with our data about you as a Medibank member or prospective member, and

(b) we will not share your personal information between Medibank Group Companies.

When we provide health services on behalf of another organisation, we keep to that organisation’s privacy policies. We don’t share your personal information with any Medibank Group Companies.

ahm

The health insurance services business carried on by Medibank under the brand ‘ahm’ (including ahm health insurance, ahm OSHC and ahm by Medibank’) and Medibank’s subsidiary, Australian Health Management Group Pty Ltd (ABN 96 003 683 298).

Amplar Health

The business of providing health services carried on by members of the MHS Group. See more at https://amplarhealth.com.au/.

IMEI

International Mobile Equipment Identity number.

Insurance and Health Products

Insurance, health-related services or products or offerings from us or our partners.

Live Better

The Wellbeing Program known as ‘Live Better by Medibank’ (https://www.medibank.com.au/livebetter/).

Medibank

Medibank Private Limited (ABN 47 080 890 259).

Medibank Group Companies

Medibank, MHS Group, and Medibank Private Employee Share Plan Trust (ABN 53 501 924 436).

MHS

Medibank Health Solutions Pty Limited (ABN 99 078 934 791), formerly Health Services Australia Pty Ltd.

MHS Group

MHS and each of the following subsidiaries:

(a) MHSI Pty Ltd (ABN 57 659 284 607),

(b) MH Operations Pty Ltd (ABN 15 659 287 680)

(c) Integrated Care Services Pty Limited (ABN 71 059 950 695), trading as CareComplete,

(d) Medibank Health Solutions Telehealth Pty Ltd (ABN 40 069 396 792),

(e) MH Solutions Investments Pty Ltd (ABN 52 642 022 124)

(f) Medi Financial Services Pty Ltd (ABN 94 138 752 815),

(g) Live Better Management Pty Ltd (ABN 93 003 457 289), and

(h) MH Investment Holdings Pty Ltd (ABN 169 818 884) and the following subsidiaries:

(i) Home Support Services Pty Limited (ABN 59 008 193 100 ), and

(ii) Healthstrong Pty Ltd (ABN 61 155 277 919).

OSHC

Overseas student health cover.

we, us or our

Medibank and/or one or more Medibank Group Companies, where the context requires.

Wellbeing Program

A Medibank Group Company lifestyle and wellbeing program (such as Live Better) which may be delivered through an application (app) or through other means.