We are Lawcover Insurance Pty Limited (ABN 15 095 082 509) and Lawcover Pty Limited (ABN 48 003 326 618) of Level 13, 383 Kent Street, Sydney, New South Wales (“Lawcover”, “we”, “us”, “our”).
We are committed to protecting your privacy. This policy sets out our approach to managing personal information, including the kinds of personal information we collect and hold, why we collect, hold, use and disclose your personal information, and how we do so.
In this policy, “you” and “your” include our current and potential policyholders, customers and users of our website, claimants under an insurance policy issued or arranged by us, people who apply for jobs with us, our contractors, service providers and suppliers.
We will only collect personal information if we need to, and only in accordance with the Privacy Act 1988 (Cth).
The kinds of personal information that we collect and hold include:
- Your name and contact details
- Information about your law practice, including information about its personnel, claims history and financial information
- Your payment details, such as credit card and bank account details (though we do not hold these once your payment has been processed)
- Information relating to insurance claims and complaints, and
- Your opinions and other information you provide when we seek your feedback on our products, services and performance
In limited circumstances, we collect sensitive information about you, such as information about your health, political opinions, association memberships or criminal history. We will only collect and hold such information where it is relevant to a claim or a complaint, or an employment or service provider arrangement that we have in place or are considering.
We collect and hold your personal information for the following purposes:
- To arrange and provide cover under our insurance policies, including to handle claims under those policies
- To provide our risk management education and consultation services, and other educational publications and events, to you or with your involvement
- To respond to enquiries and complaints about us or our products or services
- To update our records
- to seek employees, and
- To seek, engage and maintain arrangements with contractors, service providers and suppliers associated with the delivery of our products and services, including our insurers, reinsurers and insurance brokers
From time to time we may also use your personal information to assess and improve our products and services, or to provide you with news or offers about products and services that may be of interest to you. The products and services that we may offer to you will relate to our core activities, as described in this section.
If you do not provide personal information requested by us, or you wish to be anonymous or use a pseudonym, we may not be able to provide you with insurance terms, process your claim, provide you with risk management or other practice support or educational services, or engage with you. However, we will review complaints that are made to us on an anonymous basis.
If at any time you no longer wish to receive information from us, including about optional products and services, please notify us.
We collect personal information from you directly if it is practicable. We also collect information from people who we believe are authorised to act on your behalf, such as a principal, director or employee of a law practice or business, or a lawyer or agent representing or assisting you, or a consultant engaged by us with your consent.
We also receive your personal information from the Law Society that issues your practicing certificate and insurers with whom you have been insured.
We collect personal information by telephone, email, via our website and by written letter or document.
When you give us personal information about other individuals, we rely on you to have obtained their consent prior to doing so where required, and to inform them of how we might use their information.
We store your personal information in electronic or written form, including on our premises, on our own data storage services, and with third party providers, including by using cloud-based storage solutions. We generally store personal information in Australia only, though we sometimes send personal information outside Australia, and personal information may sometimes be accessed by our service providers from outside Australia, as explained in the next section.
We use data protection techniques whenever we store information electronically, and when storing personal information in hard copy form in secure facilities. Our information systems and files are kept secured from unauthorised access and our employees, contractors and service providers are required to comply with privacy and data protection requirements. We also conduct audits to review and check compliance with our procedures.
If we no longer need personal information that we hold about you for any purpose described in this Policy, or we receive information that we have not requested and do not need, and we are not required by law to retain such information, then we will take steps that are reasonable in the circumstances to destroy the information or to ensure that the information is de-identified.
If we reasonably believe that an “eligible data breach” has occurred, we will let you know, and we will report it to the Office of the Australian Information Commissioner (OAIC). An “eligible data breach” is unauthorised access to or disclosure of your personal information, or loss of information where unauthorised access or disclosure of your personal information is likely, and where a reasonable person would determine that you are likely to be seriously harmed.
We disclose your personal information to contractors and service providers if necessary for the purposes described above, including the following persons:
- External lawyers (who handle claims or other disputes or inquiries)
- Course presenters and trainers, and venue operators (who receive course and event attendee lists)
- Practice support consultants (who may receive information from our premiums and claims databases)
- Mailing houses (that receive mailing lists from us or a Law Society, for mailing out our publications)
- Premium funders (that receive information from insurance application forms, where funding of the premium amount is required)
- Actuaries (who sometimes require personal information to analyse premium and claim trends)
- Auditors (performing claims and underwriting audits, and audits of our policies and procedures)
- Our insurers, reinsurers, (re)insurance brokers, and their service providers (such as our cyber incident insurer and its incident response agent)
- Research consultants, survey providers, project managers and business analysts (who receive personal information to obtain your feedback on our products and services, or to facilitate a review our products, services or procedures)
- IT service providers (who may view your personal information in the course of addressing a system issue for us)
- Law Societies (if we need to verify your information or ensure our records are current)
- Our regulators, such as the Australian Prudential Regulatory Authority or the OAIC (if requested or required to do so)
We will not sell, rent, trade or otherwise disclose to third parties any of your personal information without your consent, unless we are required by law or under a court or tribunal order, or if a permitted general situation exists under the Privacy Act 1988 (Cth), such in relation to a legal claim, for the purpose of an alternative dispute resolution process, to prevent a threat to a person’s health or safety, or for an enforcement-related activity.
It may be necessary for us to disclose your personal information to a person outside Australia. This may occur where underwriting and/or claims-related information is required by our insurers, reinsurers or brokers who are located outside Australia (such as in UK, USA, France, Singapore, Germany and Switzerland).
In some cases, our IT providers and our research consultants and survey providers may access your personal information held by us, from their location outside Australia (such as from New Zealand, India or USA).
We will take reasonable steps to ensure that personal information we collect, use or disclose is accurate, up to date, complete and relevant for the purpose.
You are entitled to access your personal information held by us, subject to any privilege or legal restriction or exemption. If it is reasonable and practicable to do so, we will give you access to your personal information in the manner requested by you. We may apply a reasonable charge to cover the cost of providing your personal information to you.
If you believe that personal information held by us about you is inaccurate, out of date, incomplete, irrelevant, misleading or not required to be held by us, please let us know. We will take reasonable steps to correct the personal information or destroy it if appropriate, or otherwise provide an explanation to you.
If you would like to complain about a privacy breach relating to us, or our management of your personal information, please contact us.
We will respond to your complaint within fifteen (15) business days of receiving it. If you are not satisfied with the response, you may refer your complaint to the Lawcover Chief Executive Officer for further review.
If you would like more information on how we manage personal information, or if you have a request or a complaint, you can contact our Privacy Officer by:
Telephone: (02) 9264 8855
Lawcover Insurance Pty Limited
Level 13, 383 Kent Street
Sydney NSW 2000
For more information about the Privacy Act 1988 (Cth), including the Australian Privacy Principles, you may wish to visit the website of the OAIC at www.oaic.gov.au.