Privacy Policy of MDA National Group and company details

This policy applies to the MDA National Group, which is made up of MDA National Limited ABN 67 055 801 771 (MDA National) and all of MDA National’s subsidiaries including MDA National Insurance Pty Ltd ABN 56 058 271 417, AFS Licence No. 238073 (MDA National Insurance).

Within this policy, ‘we’, ‘our’ and ‘us’ means the MDA National Group.

Commitment

Your privacy is important to us. We are committed to the open and transparent management of the personal information we hold.

Each entity forming part of the MDA National Group supports, is bound by and complies with the Privacy Act 1988 (Cth) (Privacy Act), as amended, which contains the Australian Privacy Principles (APPs).

Purpose

This policy outlines how we collect, hold, use, disclose and manage personal information in accordance with the APPs.

The policy is effective from 1 February 2021.

Why we collect personal information

We collect and hold personal information in order to conduct our business of providing assistance, medico-legal advice, education, services and insurance.

If personal information we request is not provided, we may not be able to supply the relevant product or service to you. In any particular circumstance if you choose not to provide us with requested information we will advise you of any consequences of failing to supply us with that information.

You may be able to make general enquiries about, or comment on, our services without identifying yourself or by using a pseudonym. However, in most circumstances, including seeking a quote, you will need to identify yourself.

Types of personal information we collect

Personal information is information or opinions about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether the information or opinion is recorded in a material form or not.

We may collect and hold personal information such as:

• names, residential and email addresses, contact details, date of birth, gender, health information about current, past and potential Members of MDA National (Members) or clients, former clients or potential clients of MDA National Insurance or its authorised representatives (Insureds), or patients nd others who are involved in an incident which has given rise, or may give rise to a complaint, claim, investigation or inquiry involving Members or Insureds;
• signatures, qualifications and education details, credit card and direct debit details, billings information, practice details, previous practice details, insurance and claims histories of Members or Insureds;
• relevant opinions or determinations in relation to Members or Insureds in the event of an incident report made to us; and
• information in relation to suppliers and contractors to, and employees of the MDA National Group.

In some cases, we may need to collect sensitive information. Sensitive information includes, amongst other things, information about an individual’s health, genetics, religious beliefs and criminal record. In this policy, a reference to personal information includes sensitive information.

How we collect personal information

Directly

We will generally collect personal information by way of forms filled out by Members or Insureds (or staff of Members and Insureds), face-to-face meetings, interviews, telephone conversations, correspondence (including e-mails), our website, social media and other digital platforms.

From third parties

In some circumstances we may be provided with personal information from a third party, for example,

• from a person authorised by you to provide information;
• from third parties such as a related body corporate, broker or authorised representative of MDA National Insurance;
• from organisations engaged to carry out functions on behalf of the MDA National Group such as claims administration and Membership management service providers; and
• health information provided by our Members and Insureds about their patients.

We may also obtain information about you from other insurers when, for example, we need to obtain details of prior claims. We only collect this information if you have given your consent, or would reasonably expect us to collect the information in this way or if it is necessary for a specific purpose such as the investigation of a complaint or a claim.

We hold personal information in physical and/ or electronic form. Electronic data is stored on our systems and servers and/or on servers owned by third parties.

Security of personal information

We treat personal information as strictly confidential and take reasonable steps to protect personal information held by us from misuse, loss, unauthorised access, modification or disclosure (for example by use of physical security and restricted access to electronic records through use of passwords, encryption techniques and identity management). When no longer required we destroy or delete the information in a secure manner.

We have an obligation to notify you and the Office of the Australian Information Commissioner (OAIC) if your personal information is involved in a data breach that is likely to result in serious harm. The notification will include recommendations about the steps you should take in response to the breach.

How we use personal information

In general, we use the personal information we collect to:

• provide assistance, services and insurance to Members and Insureds;
• administer our products and services;
• provide educational material and training to Members and Insureds;
• act on behalf of Members and Insureds in respect of investigations or claims made against them;
• communicate with Members or Insureds;
• obtain and maintain reinsurance;
• administer government schemes such as the Premium Support Scheme, Run-Off Cover Scheme, High Cost Claims Scheme and Exceptional Claims Scheme;
• market our products and services;
• conduct market research to better understand the needs of our Members and Insureds;
• help manage and enhance our services; and
• any other purpose identified at the time of collecting your personal information.

We will only use your personal information in accordance with the Privacy Act and the APPs, including using it for the specific purpose it was given, using it for related purposes for which you would reasonably expect it to be used, using it for any purpose that you consent to (including consent provided under this policy) or as otherwise required, authorised or permitted by law. Sensitive information will only be used for the directly related purposes it was given.

Marketing

We may use your personal information, including your contact details (but never sensitive information), to tell you about products, services, upcoming events, offers, benefits and competitions which we think may be of interest to you. To do this, we may contact you by telephone, email, SMS, mail or social media. In particular, we may contact you about products and services we think may be of interest to you after you cease to hold an insurance policy or Membership with us, for example, about obtaining a quotation, applying for a new policy, renewing your old policy or to update you on any changes to the product and/or its pricing.

Unless you choose to opt out of receiving marketing material from us, we will consider that you consent to this type of communication. To opt out, you are welcome to contact us at any time or follow the optout instructions in the relevant marketing communication. We will process your request as a matter of priority and apologise if you receive any marketing material during the intervening period from the receipt to the processing of your request.

Service-related communications

Even if you have requested not to receive marketing communications, you will continue to receive service-related communications from us. These are essential things you need to know relating to your Membership and/or insurance policy, including but not limited to policy renewal, direct debit payments and materials which we are legally required to provide to all Members. We send most service-related communications to you electronically by email or other digital platform. If you are not satisfied with the method by which we communicate with you, please contact us at any time in accordance with the instructions included in the relevant communication.

When we disclose personal information

We may disclose personal information to:

• companies, firms or individuals who assist us in the administration of our business or in providing services or who perform functions on our behalf, including but not limited to reinsurers, insurance brokers, medical specialists, actuaries, auditors, accountants, legal advisers, IT contractors, network providers, mailing houses, other service providers, our board and committee appointees and our authorised representatives;
• staff of Members or Insureds who assist in the running of the practices of Members or Insureds;
• courts, registration authorities, complaints, commissions, boards and tribunals;
• government departments and other bodies to whom we are obliged by law to disclose certain information, or to whom we have informed you we will disclose information; and
• anyone else to whom you authorise us to disclose information.

We ensure that appropriate confidentiality and information security arrangements are in place with third parties to whom we disclose personal information. We also take precautions to ensure third parties are aware of their privacy obligations and that they are required to comply with these obligations. Personal information (other than sensitive information unless you have consented to such disclosure) collected by one entity within the MDA National Group may be disclosed to other entities within our Group.

Sending information overseas

We may disclose personal information to reinsurers, insurance brokers or others who assist us to manage or administer our business located outside Australia. Personal information that we may send overseas includes, but is not limited to, information on claims, cases and Insureds.

We take reasonable steps to ensure that such recipients respect your privacy by abiding by equivalent privacy laws such as the EU General Data Protection Regulation and do not act in a manner which is inconsistent with the Privacy Act and the APPs.

The MDA National Group hosts data within Australia as a preference, but also utilises cloud-based technologies which may result in data being hosted or transmitted to overseas data centres, for production usage or backup/disaster recovery. We have implemented a robust audit process and taken all reasonable steps to ensure that any corporate information stored in any system, regardless of its location, is secure in compliance with Australian legislation.

Accessing and correcting personal information

We endeavour to ensure that the personal information we hold is accurate, complete and up-to-date. This includes updating your personal information when you advise us of changes. You may seek access to the personal information we hold about you or request changes to that personal information by contacting our Privacy Officer whose contact details are provided within this policy.

We may charge you a fee for any of our associated costs with providing you with access to your requested information. Should this apply, you will be advised of the likely cost in advance. We will, so far as we are able, provide the requested information within 15 working days of receiving your written request.

Personal information will not be provided if, as is permitted under the APPs, your request is frivolous or vexatious, giving access would be unlawful or in our reasonable opinion, to do so would result in serious threat to the life or health of any person or to public health and safety. In circumstances where we do not provide personal information or agree to requested changes we will provide a written notification to you explaining our reasons for the decision and the procedure that you can follow to have this decision reviewed.

Website

We do not attempt to identify visitors to our website except where you enter your details specifically to supply or obtain information or to otherwise communicate with us. We use cookies to improve your experience when you visit our website. A cookie is a small text file placed on your device by a web server when you access a website which emembers user activity. Cookies identify the device, but do not identify you as an individual. You can manage or refuse the use of cookies through your browser options but this may affect the website functionality.

We also use industry standard analytics packages to track and report website traffic and website usage. Geolocation services are used to filter services provided by the state you reside in, and your career stage. These services assist us in improving functionality and experience for our website users and for security and personalisation in areas where you are required to login to our website. You can opt out of these packages by following the instructions on our website.

Further information is set out in the Terms of Use of our website and terms and conditions relating to the use of our applications. Please read these terms, which together with this policy outline how we treat your personal information when you transact with us electronically.

For convenience, links are sometimes provided to other websites. When you click on a link you will leave our website and no longer be protected by this policy. These other websites are not under our control and, as such, we are not responsible for any personal information that may be collected through your use of those websites.

Complaints

If you wish to make a complaint about our privacy practices, including a breach of the APPs or any relevant APP codes, you should first contact our Privacy Officer with the details of your complaint. We undertake that your complaint will be investigated diligently and our response provided to you as soon as reasonably practicable.

If you feel that we have not handled your complaint adequately you have the right to complain to the OAIC. A complaint to the OAIC must be made in writing.

If you require assistance you can contact OAIC staff by ringing the hotline service on 1300 363 992 or submitting an online enquiry form available at oaic.gov.au/about-us/contact-us/. You may also obtain information about the complaint process from the OAIC’s website at oaic.gov.au/privacy-complaints/ or by writing to:

Director of Compliance
Office of the Australian Information
Commissioner
GPO Box 5218
Sydney NSW 2001

Changes to this Privacy Policy

We may amend this policy at any time as required by our business needs or legislative changes. We will notify you of such changes by posting an updated version of the policy on our website with the amendments taking effect from the date of publication on the website.

Contact us

The most current version of this policy can be obtained by contacting our Privacy Officer or by visiting our website mdanational.com.au. If you have any questions about privacyrelated issues please contact:

The Privacy Officer

Email: privacy@mdanational.com.au
Phone: (08) 6461 3400
Facimile: (08) 9415 1492
Postal address: PO Box 445 West Perth WA 6872