Who are we?
We are Medibank Private Limited ABN 47 080890 259 (Medibank) and Australian Health Management Group Pty Ltd ABN 96 003 683 298 (ahm), a subsidiary of Medibank. References to ‘us’, ‘we’ or ‘our’ include Medibank, ahm and, where the context requires, other Medibank subsidiaries (collectively Medibank Group Companies).
Who does this policy apply to?
- All current and past members of Medibank and ahm whose personal information we have collected
- All individuals whose personal information is collected in relation to the products and services offered by Medibank Group Companies
- All individuals whose personal information is collected by us in the course of our functions and activities such as service providers, contractors and prospective employees.
Protecting your privacy
We are committed to protecting your personal information and complying with our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and other State and Territory laws governing the use of personal information (collectively, Privacy Laws) which regulate how personal information is handled from collection to use and disclosure, storage, access and disposal.
‘Personal information’ generally means any kind of information in any form about a person that identifies that person and includes sensitive information such as health information.
- how we manage the personal information that we collect, use and disclose; and
- how to contact us if you:
- have any questions about our management of your personal information; or
- would like to access or correct the personal information we hold about you; or
- would like to lodge a complaint with us regarding our compliance with Privacy Laws.
What kind of personal information do we collect?
The types of personal information we may collect include:
- identifying information such as name, date of birth and employment details;
- contact information such as home address, home and mobile phone numbers and email address;
- government-issued identifiers including Medicare numbers;
- financial information, such as bank account and credit card details;
- sensitive information, including information about your health, health services provided to you and your claims;
- biometric information and templates, such as voice recognition information;
- information about your activities, including sporting and other lifestyle interests; and
- information about involvement in other programs you participate in or memberships you may have.
You generally have the right not to identify yourself when dealing with us where it is lawful and practicable for us to allow it. However, on many occasions we will not be able to do this. For example, we will need your name and residential address in order to provide you with private health insurance coverage.
If you do not provide or authorise the provision of personal information we request, we may be unable to provide you with some or all of our products and services or the product and services of our partners.
How do we collect and hold your personal information?
We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner.
We may collect your personal information1 from:
- you, another person covered by your policy or from a person authorised to provide us this information on your behalf;
- a third party such as a hospital, dentist or optometrist or other health service provider who has treated you;
- an employer, educational institution, government agency or adviser who has dealt with you (or their authorised representatives);
- Medibank Group Companies who have provided you with services including health-related services;
- a service provider engaged by us or a third party who partners with us; and
- another health fund, if you are looking to transfer your membership.
We take all reasonable steps to protect your personal information from misuse and loss and from unauthorised access, modification or disclosure. We store your information securely and have a range of security controls in place to ensure that your information and documents are protected. Our employees are trained on privacy and access to personal information is restricted to individuals properly authorised to do so.
We also take reasonable steps to make sure that the personal information that we collect, use and disclose is accurate, complete, up to date and relevant. We keep your personal information for only as long as it is required in order to provide you with products and services and to comply with our legal obligations. When it is no longer needed for these purposes, we take reasonable steps to destroy or permanently de-identify this personal information.
Why do we collect, use and disclose your personal information?
We collect your personal information to enable Medibank Group Companies and our third party suppliers and partners to provide you with products and services, including insurance, health-related services, partner offerings and information on other products and services (collectively Insurance and Health Products). We may also be required by law to collect some personal information.
Where you provide personal information to the Medibank Group Companies as a service provider, contractor or prospective employee, we collect your personal information to enable us to fulfil the purpose and related purposes for which you provided the information.
We may use your personal information for these purposes, including to:
- process your policy application and manage your policy;
- manage our relationship with you;
- process and audit payments and claims;
- analyse, investigate, pursue and prevent suspected fraudulent activities;
- manage and develop Insurance and Health Products;
- assess your suitability for and contact you about Insurance and Health Products that we believe may be of benefit to you;
- partner or work with third parties to improve our membership offering and value;
- manage and develop our business and operational processes and systems;
- conduct marketing, feedback and research activities;
- manage and resolve any legal or commercial complaints or issues;
- perform other functions and activities relating to our business; and
- comply with our legal obligations.
In doing so we may disclose your personal information to persons or organisations in Australia and overseas including:
- our subsidiaries;
- our agents and service providers;
- our professional advisors;
- health service providers;
- other persons covered by your policy as part of administering the policy and paying benefits;
- potential or actual buyers of our assets, business or of shares in Medibank Group Companies;
- payment system operators and financial institutions;
- your agents and advisors or other persons authorised by, or responsible for, you;
- government agencies;
- your educational institution, migration agent or broker if you have OSHC or a visitors cover product;
- third party insurers whom we are authorised to represent if you purchase other insurance products through us;
- third parties with whom Medibank partners or works with to improve its membership offering and value;
- other health funds, service providers or other third parties who assist us in the detection and investigation of fraud;
- your employer (or their authorised representatives) if you have a corporate insurance product; and
- other parties to whom we are authorised or required by law to disclose information.
How we communicate with you
To keep you informed quicker, where you provide us with an email address, we send most service-related communications to you by email. Service-related communications are the essential things you need to know about your cover, like annual tax statements, changes to premiums and account notices.
From time to time, we may also collect and use your personal information so that we can promote and market Insurance and Health Products to you and keep you informed of special offers from Medibank Group Companies and third parties, including by direct mail, SMS and MMS messages, by phone and email.
You can choose how we communicate with you and manage your consents to receiving promotions and offers by contacting us:
How is your information managed when you receive health-related services from us?
MHS may collect and use your personal information to provide these services to you including to:
- manage their relationship with you and contact you for follow up purposes;
- manage, review, develop and improve their health-related services and their business and operational processes and systems;
- resolve any legal and/or commercial complaints or issues; and
MHS may collect your personal information from another Medibank Group Company, from you or from a person authorised by or responsible for you.
If you use health-related services, MHS may disclose your personal information to Medibank or ahm in order for us to pay benefits for health-related services and to review, develop and improve the services.
In order to perform the above functions, MHS companies may disclose your personal information to each other and to third parties such as their agents, service providers and professional advisors, health service providers, persons authorised by or responsible for you, and to other parties to whom they are authorised or required by law to disclose information including government agencies, and these parties may collect that information.
Medibank Group Companies may also use and disclose your personal (including sensitive) information to each other:
- to assess from what other services you may benefit and to facilitate the provision of such services
- so we may have an integrated view of our members and provide you a better and personalised service; and
- to contact you (including by telephone call, text message or email) in relation to our health-related services.
You may withdraw your consent to the sharing of your sensitive information between Medibank Group Companies or to being contacted in relation to our health-related services by contacting us:
Do we disclose your personal information overseas?
We may need to disclose your personal information to organisations located outside of Australia from time to time in the ordinary course of our business. Most of these overseas organisations are services providers or related entities which provide support and assistance to us in delivering our products and services to you.
Where we do, we take reasonable steps to ensure that your information is given the same type of protection as it is afforded within Australia. This may be through satisfying ourselves that the overseas organisation has controls in place to comply with Australian privacy laws, ensuring that the overseas organisation is located in a country which we believe has a similar privacy regime to Australia or through contractually or otherwise mandating the adequate management of the information.
On occasion, we may also disclose your personal information to overseas organisations where you instruct us or expressly consent to us doing so. In such cases, we may not take the above steps in relation to the management of your information.
If you have a corporate health insurance product, there may be occasions where we are instructed by your employer to disclose your information to an overseas organisation in order to administer your policy. In such instances, we may not be able to take reasonable steps to ensure that your information will be afforded the same protection as in Australia and you may not be able to seek redress for how your information is handled under Australian privacy law.
Please see the section at the end of this policy which outlines the main countries to which personal information may be disclosed.
You can access or correct your personal information. How do you contact us to do so?
We will generally provide you with access to your personal information if practicable (although an administration fee may be charged), and will take reasonable steps to amend any personal information about you which is inaccurate or out of date.
You can get in touch with us at Medibank or at ahm to request the above any time you wish to do so.
In some circumstances, we may not permit access to your personal information, or may refuse to correct your personal information. Where this happens, we will provide you with reasons for this decision, seek alternatives and take any further legally required steps.
Do you have any concerns over the way we have collected, used or disclosed your personal information?
If you have any concerns or queries about the manner in which your personal information has been handled, please contact our Privacy Officer whose contact details are provided below.
If you wish to make a formal complaint, please provide your complaint in writing to our Privacy Officer. We will consider your complaint promptly and contact you to seek to resolve the matter.
Generally, we will contact you to acknowledge receipt of your complaint and let you know who is managing your query within 5 business days. We will attend promptly to your complaint and will aim to respond to your concerns or otherwise keep you informed of our progress within 30 days.
If we have not responded to you within a reasonable time or if your complaint is not resolved to your satisfaction, you are entitled under the Privacy Act to make a complaint to the Office of the Australian Information Commissioner.
Medibank: Privacy Officer, Medibank Private Limited, 16/700 Collins Street, Docklands, VIC 3008 or e-mail email@example.com
Australian Health Management Group: Privacy Officer, ahm health insurance, Locked Bag 4, Wetherill Park NSW 2164 or e-mail firstname.lastname@example.org
Countries to which personal information may be disclosed
Listed below are the countries to which we may disclose personal information in the course of our functions and activities. This list does not include countries where you may have specifically instructed us to send your information or expressly consented to us sending your information.
Please see the Do we disclose your personal information overseas? section for information on the steps we take to ensure the adequate protection and appropriate management of this information.
- New Zealand
- United States
This list is updated from time to time. You can visit our website at any time to view the latest version.
Openness and transparency
Kogan.com Holdings Pty Ltd (Kogan) is committed to protecting your privacy and respects and upholds your rights under the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (“Privacy Act”). By using this website, you agree to and consent to the collection, use, holding and disclosure of personal information by Kogan as set out in this policy.
Personal information is information or an opinion about an individual whose identity is apparent, or can be reasonably ascertained, from that information or opinion. Personal information we may collect from you includes, without limitation, your name, address, email address, telephone number(s) and date of birth.
Kogan will collect personal information only by lawful and fair means and not in an unreasonably intrusive way. If it is reasonable and practical to do so, Kogan will only collect personal information about you directly from you. Kogan will not collect personal information unless the information is reasonably necessary for our functions and activities.
Kogan may enter into arrangements with third parties to collect your personal information in circumstances where the third party notifies you, at the time of collection,that your personal information will be provided to Kogan.
Kogan requires individuals to provide accurate, up-to-date and complete personal information at the time it is collected.
What does Kogan do with your personal information?
In addition to any purpose notified to you at the time of collection Kogan uses your personal information for the purposes of:
- providing our services to you;
- our internal management needs;
- our marketing activities;
- responding to any inquiries or comments that you submit to us;
- any other purpose you have consented to; and
- any use which is required or authorised by law.
Disclosure of personal information
Kogan may disclose your personal information:
- to third-parties we ordinarily engage for the above purposes;
- any person or entity to whom you have consented to Kogan disclosing your personal information to; and
- any person or entity to whom we are required or authorised to disclose your personal information to in accordance with the law.
Access and Management
You may request access to your personal information in our customer account database, or seek correction of it, by contacting our customer service team. See section 8: Contact information.
Kogan may charge a reasonable fee that is not excessive to cover the charges of retrieving your personal information from our customer account database. Kogan will not charge you for making the request.
If you believe that Kogan holds personal information about you in our customer account database that is not accurate, complete, up-to-date, relevant or information that is misleading then you may request its amendment and Kogan will respond to your request within a reasonable time. Kogan will not charge you for correcting your personal information.
If Kogan no longer needs your personal information for any the purposes set out in this policy, or as otherwise required by law, Kogan will take such steps as are reasonable in the circumstances to destroy the information or to de-identify it.
Kogan will take reasonable steps to protect the personal information it holds from misuse, interference and loss and from unauthorised access, modification or disclosure.
At any time you may opt out of receiving direct marketing communications from us. Unless you opt out, your consent to receive direct marketing communications from us and to the handling of your personal information as detailed above, will continue. To opt out email email@example.com.
Kogan may transfer your personal information to a person who is in a foreign country to assist Kogan in providing you with the service that you have requested.
Kogan will take such steps as are reasonable in the circumstances to ensure that the information that is transferred to third parties located outside of Australia will not be held, used or disclosed by the recipient of the information in a manner that is inconsistent with the Australian Privacy Principles.
If you require further information regarding this policy or wish to make a complaint about a breach of the APPs by Kogan, please contact us at firstname.lastname@example.org or call us on 1300 304 292 or send mail to: Attn: Privacy Officer, Kogan, GPO Box 2579, Melbourne VIC 3001. Our office is located at 136 Buckhurst Street, South Melbourne, VIC 3205. A senior member of staff will review your complaint within 5 business days and respond to you in writing advising what action(s) Kogan will take as a result of your complaint.
When transmitting personal information from your computer to the Kogan website, you must keep in mind that the transmission of information over the Internet is not always completely secure or error-free. Other than liability that cannot lawfully be excluded, Kogan will not be liable in any way in relation to any breach of security or any unintended loss or disclosure of that information.
The Kogan website may use “cookies” to help personalise your online experience and save you time. You have the ability to accept or decline cookies. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Kogan website.