Quote

PRIVACY POLICY

LAST UPDATED: 31/07/2024

Open and transparent management of personal information

ROLLiN' Insurance is issued by Insurance Australia Limited (IAL) (we, us, our), part of Insurance Australia Group. Your privacy is important to us and we're committed to ensuring that information we hold about you is held securely and that your confidentiality is protected.

As ROLLiN’ Insurance is an Insurance Australia Group Limited (IAG) business, this Privacy Policy must be read together with the IAG Master Privacy Policy, which describes how IAG collects, holds, uses and discloses your personal information. A copy of the IAG Master Privacy Policy is available at: https://www.iag.com.au/master-privacy-policy. If the information in this Privacy Policy conflicts with information in the IAG Master Privacy Policy, the information in this Privacy Policy will override the IAG Master Privacy Policy.

We're bound by the Australian Privacy Principles (APPs) of the Privacy Act 1988 (Cth). We're committed to ensuring all our business dealings comply with the APPs, and we acknowledge the importance of keeping your personal details confidential and secure. Questions about the APPs may be directed to the Office of the Australian Information Commissioner whose website details are: www.oaic.gov.au and telephone number is: 1300 363 992.

We're committed to the APPs and support: • fair, transparent and open collection practices; • processes that ensure personal information is accurate, complete and current; • your right to see, and where necessary, correct the personal information we hold about you; and • limiting the use of your personal information.

This Privacy Policy and the IAG Master Privacy Policy explains how we treat personal information that we hold about you. They detail the type of personal information we collect, how we may use that information, who can access it and how we protect it.

We may change this Privacy Policy from time to time. If we do so, we will notify you in such manner as we consider reasonably appropriate, including by making the revised version available on our website. Please review our Privacy Policy or website periodically for changes.

Collection of solicited personal information

We collect information which is reasonably necessary to provide our services for underwriting and administering your insurance, claims handling, market and customer satisfaction research and to develop and identify products and services that may interest you.

We collect information only by lawful and fair means. We collect information about you (such as your name and contact details) and other people who you've asked us to include under your insurance policy, details of the risk that you've asked us to insure, information about your previous claims or losses, details of your previous insurances and insurers, credit status and any matters we need to be able to make a decision about whether to offer or provide insurance to you. If you need to make a claim under your policy, we'll also collect information about the event giving rise to your claim.

We may collect personal information from you when you interact with us to apply for our products or services, when you renew an existing product or service and when you need to make a claim or have other enquiries about the products and services you have with us. Personal information we collect may include sensitive information such as health information or criminal records (e.g. where this information is relevant to underwriting an insurance policy or processing a claim). We may do this by telephone, email, facsimile, through our online service, by post, by using service providers (for example, our call centre operators), and in person from you.

We also collect personal information about you over the internet, including via our website, online forms, emails, cookies and publicly available sources of information (including phonebooks, public websites, records, registries, databases, news articles or social media).

Customers and businesses who opt into or are required to use the Rollin’ App, that assesses driving behaviour, in their comprehensive insurance products, may have information automatically collected from their devices for the purposes listed above, such as

• Mobile device location data: latitude, longitude and altitude of your vehicle; mobile device sensor data, including accelerometer and gyroscope data; your direction of travel; and the time the information was recorded. If you are using the Rollin’ mobile phone application and disable the GPS (location) and/or sensor functionality on your mobile device, location information and/or sensor may not be collected, and your service may be impacted. This may include the application of an additional excess in a claimable event and/or policy cancellation; if your Rollin’ insurance product mandates the use of this service • Trip information derived from the above mobile device data: such as trip start and end time, kilometres driven and route taken; as well as driving risk factors such as acceleration, braking, turning, speeding and mobile device use. • Mobile application analytics information such as application usage and performance data. As well as information from the application marketplace where you downloaded the application. • Please note, for customers and businesses using the Rollin’ App, if a policy is cancelled, it may take up to 72 hours for the app to stop tracking driving behaviour. Alternatively, deleting the app will ensure it immediately stops recording trips.

We may also collect personal information from a third party if it's unreasonable or impractical for us to collect it from you. This may include: • other insurers, • related entities, your credit institution about any loan you have in relation to the risk we've insured, • another party involved in a claim, • investigators, • family members, • anyone you have authorised to deal with us on your behalf, and/or our legal advisers.

If you provide us with personal information about another individual, then you must have their consent to do so and tell them that you are disclosing their personal information to us and also provide that individual with a copy of (or refer them to) this Privacy Policy. You should be particularly aware that we may consider it necessary to arrange for investigators to collect personal information about you in relation to a service or product we have provided to you. The investigators collect this information on our behalf and they may share it with us. They are also bound by this privacy policy and the Privacy Act 1988 (Cth) when they perform these services on our behalf.

At the time we collect your information, or as soon as practical after, we'll notify you or make sure you're aware of our identity, contact details, the purposes for which we collected the information, the consequences of not providing your personal information to us, how you can access and correct the information, and whether we'll disclose your personal information to our service providers who are based overseas and the countries in which they're located. Regardless of how we collect your personal information, we'll be fair and open and we won't make any unreasonably intrusive enquiries.

Use, holding and disclosure of solicited information

We may disclose your personal information to companies in the Insurance Australia Group, our agents, claims and loss assessors, claims managers, authorised representatives, local and overseas service providers, other insurers, reinsurers, mailing houses and document service providers, financial institutions, auditors, insurance and claim reference agencies, recovery agents, credit agencies, lawyers, accountants, loss assessor and adjusters, financial or investigative service providers, internal dispute resolution officers and dispute resolution providers such as the Australian Financial Complaints Authority (AFCA).

We use and disclose your personal information for the purposes of providing insurance, administering your insurance policy, claims handling, dispute resolution and fraud mitigation. We may also use your personal information to improve our products and services.

In addition to the above purposes, customers and businesses who opt into or are required to use the Rollin’ App will have their information used to create their personal driver score, assessed to create an individual driving signature, and may be contacted where data sources have been switched off (such as Bluetooth or location services).

We may hold your personal information for a period of seven years after you complete and/or save a quote. This applies even if you don’t proceed with purchasing the policy.

We may also use data generated by the Rollin’ app in an aggregate, anonymous manner for research, analytics, and other purposes.

We won't use or disclose your personal information for other purposes unless you've given us your consent. There are circumstances where we may use or disclose your personal information for purposes other than those mentioned above. We'll only do this if you'd reasonably expect us to and the other purpose is related to the purposes we've described above. In addition, we may use and disclose personal information where we are required to or we are permitted by law (for example, but not limited to, anti-money laundering, sanctions, and anti-slavery requirements).

We also collect your information so that we and our related companies and business alliance partners can offer you services and products that we believe may be of interest to you. You can always opt out of receiving such communications by contacting us.

Disclosure to overseas recipients

Some of the organisations we use to assist us in providing you with our products and services are located overseas. If we share your personal information with an organisation that's located outside of Australia we'll ensure it's handled in accordance with this Privacy Policy and the Privacy Act 1988 (Cth).

We may disclose your personal information to service providers located in the United States of America, Canada, Malaysia, Vietnam, Singapore, South Africa, the United Kingdom, Scotland, Republic of Ireland, Brazil, Fiji, the Netherlands, England, Philippines, Israel, Germany, India, New Zealand, Luxembourg, Finland, Italy and Hungary. The location of our overseas service providers may vary from time to time.

Data quality and security

We'll take such steps as are reasonable in the circumstances to ensure the personal information we collect is accurate, up to date, complete and protected from unauthorised access, misuse, modification, interference or loss.

Your information is stored only in secured premises and on protected electronic databases. The databases are password and access-level protected. Access to personal information is only available to those of our staff who need it to carry on one of our functions or activities.

Access and correction

You can ask us for access to your personal information by contacting us on the details below. If you ask us to, we'll correct your personal information if it's inaccurate, incomplete or out of date. We'll respond to a request to access or correct your personal information within a reasonable time.

If you've asked for access to your information, we'll try to provide this to you in the manner you've requested. This is unless we're entitled to refuse to provide access, and we will let you know if we are unable to give you access (if it is practical to do so).

If we correct your personal information, we'll confirm this with you. And if we decline your access request or don't amend your personal information, we'll provide you with our reasons together with details about how you can access our internal dispute resolution process.

Identifiers

We use our own identifiers and not those assigned by the government. This is unless we're required to do so, or the APPs or another law permit us to do so.

Anonymity and pseudonymity

You have the option of not identifying yourself or using a pseudonym if it's possible for us to deal with you on this basis.

But if you want to purchase an insurance product from us, it generally won't be possible for you to deal with us anonymously or under a pseudonym. This is because your identity is one of the key factors, we take into account to decide whether to offer you an insurance policy. Your identity is also important when we assess the terms on which we're willing to offer you insurance, and at what premium.

Complaints

We will always do our best to provide you the highest level of service but if you are not happy or have a complaint or dispute, here is what you can do. If you experience a problem or have a complaint regarding our handling of your personal information, let us know so we can help. Email us at support@rollininsurance.com.au or visit https://rollininsurance.com.au/complaints/ for more information on how to contact us.

If we are not able to resolve your complaint when you contact us or if you would prefer not to contact the people who initially handled your complaint, the next step of our complaint and dispute resolution process is to contact our Customer Relations team using the contact details below:

Free Call: 1800 045 517 Email: Customer.Relations@iag.com.au

Customer Relations will contact you if they require additional information or have reached a decision relating to your complaint. Customer Relations will advise you of the progress of your complaint and the timeframe for a decision in relation to your complaint.

We expect our procedures will address your complaint in a fair and prompt manner.

If you are unhappy with the decision made by Customer Relations, the next step is that you may wish to seek an external review of the decision by raising your complaint with the Australian Financial Complaints Authority (AFCA).

You have a right in certain circumstances to have your privacy complaint determined by the AFCA. AFCA can determine a complaint about privacy where the complaint forms part of a wider dispute between you and us or when the privacy complaint relates to or arises from the collection of a debt.

AFCA is an independent dispute resolution body that is recognised as an external dispute resolution (EDR) scheme under the Privacy Act 1988 (Cth) by the OAIC to handle particular privacy-related complaints and is an approved EDR scheme by the Australian Securities and Investments Commission (ASIC). We’re bound by AFCA determinations, provided the dispute falls within AFCA Terms of Reference. You have two years from the date of our letter outlining our final decision to make an application to AFCA for a determination.

You can access AFCA dispute resolution services by contacting them at:

The Australian Financial Complaints Authority Website: www.afca.org.au Email: info@afca.org.au Phone: 1800 931 678 (free call) Mail: GPO Box 3 Melbourne Victoria 3001.

If you are unhappy with AFCA’s determination in relation to your complaint, or if AFCA is unable to hear your complaint, the next step is that you may wish to raise your complaint with the OAIC.

The OAIC is an independent government agency with primary functions that relate to privacy, freedom of information and government information policy. The OAIC’s responsibilities include conducting investigations, reviewing decisions, handling complaints, and providing guidance and advice. The OAIC will act as an impartial third party when addressing your complaint. The OAIC will investigate your complaint, and where appropriate, make a determination about your complaint, provided it is covered by the Privacy Act 1988 (Cth).

The contact details for the OAIC are:

The Australian Financial Complaints Authority Website: www.oaic.gov.au Email: enquiries@oaic.gov.au Phone: 1300 363 992 (free call) Mail: Office of the Australian Information Commissioner GPO Box 5218 Sydney NSW 2001

Email us at support@rollininsurance.com.au or visit https://rollininsurance.com.au/complaints/ for more information on our complaint and dispute resolution process or how to contact us.

Further information

If you would like to seek access to or correct your personal information, or opt out of receiving materials we send, please contact us on support@rollininsurance.com.au