What personal information we collect
"Personal information" includes information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified living individual or an individual who is reasonably identifiable (e.g. name and contact details), or data about an individual who can be identified from that data, or from that data and other information to which we have or are likely to have access. As its name suggests, "sensitive information" is a more sensitive subset of personal information, which includes bank account/payment, criminal history, health information, religion, racial/ ethnic origin or sexual orientation. If you are an individual who is either based in or a resident of Australia, the European Union or the United Kingdom, subject to applicable Privacy Laws, we will not process sensitive information about you unless we have received your express consent to the processing of this information.
We collect certain types of information about you if you visit our website, authorise your broker or our agent to provide us with your personal information in relation to insurance, give your personal information to our share registrar in relation to your shareholding or otherwise provide us with your personal information.
The information we collect and hold generally includes your name and contact information (including telephone numbers and email addresses), information relating to the operation of your business, other reference information and information about other parties that you may conduct, or are interested in conducting, business with.
If you have requested that we act in a broking capacity for insurance - related services, we may also collect and hold other information required to provide such services to you, including details of your previous insurances and sensitive information (such as bank account(s) and criminal records).
You may be able to deal with us without identifying yourself (i.e. anonymously or by using a pseudonym) in certain circumstances, such as when making a general inquiry relating to the services we offer. If you wish to do so, please contact us to find out if this is practicable in your circumstances. However, if you do not provide us with the information that we need, we or any of our third party service providers may not be able to provide you with the appropriate services.
How we collect your personal information
We may collect personal information in a number of ways, including:
- directly from you via our website, telephone, in writing or email; and/or
- indirectly from third parties, if necessary. For example, your employer, Steadfast insurance broker members or Steadfast Underwriting Agencies may provide us with information about you for the purpose of obtaining our services. We may also obtain personal information from referees, insurers, premium funders and other third party service providers or publicly from available sources.
You authorise us to contact such third parties for the purposes of providing you with the services that you have requested.
We also automatically collect certain information when you visit our website, some of which may be capable of personally identifying you. Please see the "Cookies" section below for more details.
Our purposes for collecting, holding and using your personal information
We collect and hold your personal information for the purposes of providing our services to you and related purposes. Such purposes include:
- providing Steadfast insurance broker members’ and Steadfast Underwriting Agencies’ customers, potential customers and others with our services;
- providing Steadfast insurance broker members with benefits (including passing on customer enquiries to appropriate brokers or providing brokers with professional indemnity insurance) and facilitating adequate management of such benefits on behalf of our Steadfast insurance broker members;
- helping to develop and identify services that may interest Steadfast insurance broker members, Steadfast Underwriting Agencies, their customers, potential customers or others;
- conducting market or customer research;
- developing, establishing and administering alliances and other arrangements with other organisations in relation to the promotion, administration and use of our services;
- telling you about our other service offerings which we believe may be relevant (if you have requested to receive this);
- statutory or regulatory reporting;
- internal or external audit within our group; and
- any other purpose notified to you at the time your personal information is collected.
Legal basis for using your personal information
If you are an individual who is either based in or a resident of the European Union or the United Kingdom, we will only collect, use and share your personal information where we are satisfied that we have an appropriate legal basis to do this. We will make sure that we only use your personal information for the purposes set out above and where we are satisfied:
- we need to use your personal information to perform a contract or take steps to enter into a contract with you;
- we need to use your personal information to comply with a relevant legal or regulatory obligation that we have; or
- we have your consent to using your personal information for a particular activity.
Disclosure of your personal information
We will disclose your personal information to:
- our related companies, Steadfast insurance broker members, Steadfast Underwriting Agencies or third parties who help manage our business and provide our services, including our third party service providers, such as payment system operators, IT suppliers, lawyers, accountants, other advisers and financial institutions;
- insurers, reinsurers, other insurance intermediaries, insurance reference bureaus and industry bodies;
- any other entities notified to you at the time of collection;
- a buyer of our assets or shares when we are a seller;
- courts, law enforcement, regulators and other government agencies to comply with all applicable laws, regulations and rules; or
- requests of courts, law enforcement, regulators and other governmental agencies
Transfer of personal information overseas
We may disclose your personal information to the following parties: third party service providers, insurers and/or our related companies as they may be processing your personal information either on our behalf or otherwise for one or more of the above-stated purposes.
When we take reasonable steps, we will ensure that transfers of personal information are in accordance with applicable law and carefully managed to protect your privacy rights and transfers are limited to either countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangement are in place to protect your privacy rights. To this end:
- we ensure transfers within Steadfast's group of companies will be covered by an agreement entered into by members of Steadfast's group of companies (an intra-group agreement) which contractually obliges each member to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within our group of companies. Where we transfer your personal information either outside our group of companies or to third parties who help provide our services, we obtain contractual commitments from them to protect your personal information; or
- where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above.
Your obligations when you provide personal information of others
You must not provide us with personal information (including any sensitive information) of any other individual (including any of your employees or customers if you are an insurance broker) unless you have the express or implied consent of that individual to do so. If you do provide us with such information about another individual, before doing so you:
- must tell that individual that you will be providing their information to us; and
- warrant that you have that individual's consent to provide their information to us.
If you have not done this, you must tell us before you provide any third party information.
Your obligations when we provide you with personal information
If we give you, or provide you access to, the personal information of any individual, you must only use it:
- for the purposes we have agreed to; and
You must also ensure that your agents, advisers, employees and contractors meet the above requirements.
Accuracy, access and correction of your personal information
We take reasonable steps to ensure that your personal information is accurate, complete and up-to-date whenever we collect, use or disclose it. However, we also rely on you to advise us of any changes to your personal information. All personal information identified as being incorrect is updated in our database and, where applicable and appropriate, on our website.
Please contact us using our contact details below as soon as possible if there are any changes to your personal information or if you believe the personal information we hold about you is not accurate, complete or up-to-date.
You can make a request to access your personal information by contacting us using the contact details below. If you make an access request, we will provide you with access to the personal information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial of access to your personal information.
We may charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. We may also charge the reasonable cost of third parties who assist us in complying with the access request.
If you are an individual based in or a resident of the European Union or the United Kingdom, there are additional rights available to you. Please see below your detailed rights including rights of access, erasures, rectification and portability of your personal data.
||What this means
You can ask us to:
- confirm whether we are processing your personal information;
- give you a copy of that data; and
You can ask us to rectify inaccurate personal information. We may seek to verify the accuracy of the data before rectifying it.
You can ask us to erase your personal information, but only where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful right to object (see 'Objection' below); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which we are subject.
We are not required to comply with your request to erase your personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims.
You can ask us to restrict (i.e. keep but not use) your personal information, but only where:
- its accuracy is contested (see ‘Rectification’ above), to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
- we have your consent;
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format but case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
You can object to any processing of your personal information which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Economic Area.
We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.
You have a right to lodge a complaint with your local supervisory authority about our processing of your personal information. For example, in the UK, the supervisory authority for data protection is the ICO (https://ico.org.uk/). We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
If you wish to access any of the above - mentioned rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you.
We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Security of your personal information
We take reasonable steps to protect any personal information that we hold from misuse, interference and loss, and from unauthorised access, alteration and disclosure.
For example, we maintain physical security over our paper and electronic data stores and premises, such as locks and security systems. We also maintain computer and network security. For example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems.
However, data protection measures are never completely secure and, despite the measures we have put in place, we cannot guarantee the security of your personal information. You must take care to ensure you protect your personal information (for example, by protecting any usernames and passwords). You should notify us as soon as possible if you become aware of any security breaches. We will where required by applicable Privacy Law, as soon as reasonably possible, notify you of material security breach concerning your personal information.
Links to third party sites
Our website may contain links to other third party websites. We do not endorse or otherwise accept responsibility for the content or privacy practices of those websites or any products or services offered on them. We recommend that you check the privacy policies of these third party websites to find out how these third parties may collect and deal with your personal information.
Like many website operators, we may use standard technology called cookies on our website. Cookies are small data files that are downloaded onto your computer when you visit a particular website. Cookies help provide additional functionality to the site or to help us analyse site usage more accurately. For instance, our server may set a cookie that keeps you from having to enter a password more than once during a visit to one of our sites. In all cases in which cookies are used, the cookie will not collect personal information except with your consent. You can disable cookies by turning them off in your browser; however, our website may not function properly if you do so.
If you follow a link from our website to another website, please be aware that the owner of the other website will have their own privacy and cookie policies for their site. We recommend you read their policies, as we are not responsible or liable for what happens at their website.
You can adjust the settings in your web browser to determine whether sites can set cookies on your device. If you've visited this site before, there may be previously set cookies on your computer. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
You may opt out of being tracked by Google Analytics across all websites by following the guidance outlined in their website.
Direct marketing and how to opt out
When we collect your personal information, e.g., via email, post, SMS, app notification, telephone or targeted online advertisements, we may use your personal information to send you direct marketing communications about our insurance products or our related services. We limit direct marketing to a reasonable and proportionate level, and to send you communications which we believe may be of interest to you, based on the information we have about you. Our processing of your personal data for direct marketing purposes is based on our legitimate interests, but where opt-in consent is required by law, we may seek your consent where applicable. If you no longer wish to receive such information, or you do not want us to disclose your personal information to any other organisation (including Steadfast insurance broker members or any other related companies), you can opt out by following the opt-out links in electronic communications, de-activating the push notification or alert to your mobile phone, or contacting us using our contact details below.
Administration of personal information
You may refuse or withdraw your consent for the collection, use and/or disclosure of your personal information in our possession by giving us reasonable notice so long as there are no legal or contractual restrictions preventing you from doing so. If you withdraw your consent for us to use your personal information for your insurance matters, this will affect our ability to provide you with the products and services that you asked for or have with us.
If the purpose for which your personal information is collected is no longer served by the retention of such data, or when the retention is no longer necessary for any other legal or business purpose, we will ensure that the hard copy of your personal information will be completely destroyed and electronic personal information as much as possible.
How to make a complaint
We will refer your complaint to our Privacy Officer who will investigate the issue and determine the steps that we will undertake to resolve your complaint. We will contact you if we require any additional information from you and will notify you in writing of the outcome of the investigation. We will try to resolve any complaint within 14 working days in Sydney. If this is not possible, you will be contacted within that time to let you know how long it should take us to resolve your complaint.
If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the relevant local data protection supervisory authority (i.e., your place of habitual residence, place of work or place of alleged infringement). This is the Australian Privacy Commissioner in Australia (at www.oaic.gov.au), the New Zealand Privacy Commissioner in New Zealand (at www.privacy.org.nz), the Personal Data Protection Commissioner in Singapore (at www.pdpc.gov.sg) and the Information Commissioner's Office in the UK (at www.ico.co.uk).
How to contact us
- The Privacy Officer
- Telephone: +61 2 9495-6557
Alternatively, you can contact us via:
- Steadfast Group Limited
- Level 4
99 Bathurst Street
Sydney NSW 2000
P O Box A980
Sydney South NSW 1235
- +61 2 9495-6500
For further information on privacy, please visit:
in Australia, the Office of the Australian Information Commissioner at http://www.oaic.gov.au/
in New Zealand, the New Zealand Privacy Commissioner at www.privacy.org.nz
in Singapore, the Personal Data Protection Commission at www.pdpc.gov.sg
in the UK / Europe, the Information Commissioner's Office at www.ico.co.uk
Updated: 1 December 2020