This information explains how we comply with applicable privacy requirements and sets out minimum standards for how we deal with personal information collected and used by us. This information may be updated from time to time and should be read in the context of any additional specific information such as that provided in privacy policies applicable to specific businesses or local areas as displayed on the relevant website from time to time, or as provided in additional privacy notices in documentation we provide to you (depending on your relationship with us, as outlined further below). 

In this Privacy Policy, “we, our, us, FAC, FAC Direct” means Family Assurance Centre limited (the owner of FAC Direct website) and its related entities in New Zealand. 

FAC system for complying with applicable privacy requirements includes: 

Our commitment to compliance with privacy requirements. 

Our policy and approach to privacy, as explained in this information. 

Our resources allocated to privacy, including our technology systems and services; and 

Our people and the training and education we undertake. 

In the event of any conflict between the English language version of this Privacy Policy and other language versions, the English language version will prevail. 

Collecting your personal information 

The businesses operated by the FAC provide a range of nib health insurance and other services. 

When you deal with us, we may collect personal information about you such as your name, contact details, gender and other information about your circumstances and preferences including about your health or medical history, government related identifiers, travel visa and employment details, professional accreditations and bank account details. 

Application forms. We collect information when you complete a health insurance application for any of our Services or for services that we connect to. Some information on application forms is particularly sensitive, for example health information provided as part of an application for health insurance. 

Payment information. We may collect your financial information (like your bank account) when you make payments to nib. 

Communications and phone calls. When you communicate with us in relation to a Service, we may collect information about your communication and any other information you provide. This includes when you call us, in which case we may retain your call for fraud prevention, internal training and quality assurance purposes. 

Other information. You may otherwise provide us information directly (by email or in other formats), such as when you provide feedback, fill in a form, conduct a search, update or add information to our Services, respond to surveys or other research activities, participate in promotions or use other features of our Services. 

2.2 Information we automatically collect, such as: 

Usage information. We collect information about your interactions with our Services and emails and messages generated through your use of the Services. 

Location information. When you use certain features of our Services, we may collect different types of information about your general location (e.g., your physical or postal address or your device’s IP address). 

Analytics. We automatically collect analytics information when you use our Services, even if you have not created an account or logged in. We may use third party providers (such as Google Analytics) to help us with this. Information collected includes, among other things: details about how you’ve used our Services (including links to third party applications), your IP address, access times, hardware and software information, device information, device event information (e.g., crashes, browser type), and the pages, applications or services you’ve viewed or engaged with before or after using our Services. 

Via cookies and similar technologies. We use cookies, pixels, beacons and other similar technologies to collect and store information about you when you use our Services (e.g., through Google Analytics or Google Tag Manager) and this collection may occur across devices. Cookies may be “session” cookies (which temporarily store information and expire when you close your browser) or “persistent” cookies (e.g., when you select “remember me” when logging in). We may also allow our business partners to use these technologies on our Services (e.g., for advertising and remarketing), or engage others to track your behaviour on our behalf. You may disable the usage of cookies through your browser settings. Some Services also use social media features (e.g., the Facebook Like button or widgets, such as a share button) which may collect your IP address and the pages you visit, and which are generally governed by the terms of the social media business providing the features. 

We will also comply with the European Union’s General Data Protection Regulation to the extent that this applies to information we collect under a particular Service (e.g., if we target a particular Service at individuals living in the European Union). If you are an individual based in the European Union, you can email us to clarify how we treat your information. 

Using your personal information 

Generally, we use your personal information for our business and activities, and in our efforts to expand and improve our business. Examples include: 

To identify you and respond to and process your requests for information and provide you with a product or service. 

To determine your eligibility to provide or receive a nib health insurance or related product or service, and to manage our relationship with you including where relevant, providing you with a quote or managing insurance related and other services being provided by or to you. 

To administer and provide insurance services and to manage your and our rights and obligations (and those of insured persons) in relation to insurance services, including dealing with you or an insured person in connection with an insurance proposal, policy, or claim. 

To offer and provide personalised health information, support and services. 

To recommend updates to insurance policies to ensure adequate coverage for services beneficial to you. 

To provide you with marketing communications and invitations and offers for products and services including new products or services that we or our third-party business partners believe may be of interest to you and to assist in developing new products and services (see further below) 

To administer promotional programmes and scholarships, such as: exclusive member offers, competitions or university research scholarships sponsored by nib, when you have provided consent as part of your application. 

To conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties including those making referrals to us. 

To prepare internal reports for the purposes of improving our services and internal operations. 

To provide improved services to you through our website, social media channels and to develop and improve the products and services we offer to you and/or to our customers. 

To provide you with advice relating to your needs, including insurance needs. 

To manage complaints and disputes, and report to dispute resolution bodies. 

To operate programs and forums in different media in which you can share information, including your personal information, with us and publicly (on the terms applicable) 

To manage, train and develop our employees and representatives. 

For a business or professional relationship, we may have with you. 

If you apply for employment with us, to consider your application. 

To amend records to remove personal information; and 

For other everyday business purposes that involve use of personal information. 

The above examples are a non-exhaustive overview only of how we may collect and use your personal information, and more detail may be provided to you in a separate privacy notice when you contact us or, where relevant, in a separate contractual arrangement with you. 

We ensure that we have an appropriate legal basis to deal with your personal information in these ways, including: 

where you have provided your consent (such as when you provide your consent to receive marketing messages); 

where it is necessary for us to use your personal information in order to enter into or perform a contract (such as to send you a Product Disclosure Statement and Quotation in response to your product inquiry, or if we need to handle an insurance claim), or to protect your vital interests (such as to provide emergency medical assistance under a travel insurance policy you hold with us); 

where we have a legal or regulatory obligation that we must comply with or is in the substantial public interest (such as to prevent fraud or money laundering) or we need to use your personal information to establish, exercise or defend legal rights (such as debt recovery) or whenever courts are acting in their judicial capacity; and 

where we need to use your personal information for our legitimate business interests (such as managing our business operations, developing and improving the products and services we offer, company re-structure or selling part of our business), and when we do so, we will consider your rights and interests in accordance with applicable law. 

We will only send you marketing communications if we have a legitimate interest as described above, such as if you have provided your explicit consent when signing up to our newsletters, or if you choose to participate in rewards programs we may develop. 

If we use your personal information to contact you and you would prefer us not to, or if you indicate a preference for a method of communication, please let us know and we will respect your preference. You can do this at any time by using our contact page contact us . 

When your choice is to continue to deal with us, we take it that you agree to and consent to us using your personal information, providing we follow the approach we explain in this Privacy Policy and comply with the law. 

Storing and disclosing your personal information 

Personal information is retained during the time we need it for the identified purposes, to the extent necessary for purposes reasonably related to those identified purposes (for example, resolving disputes) or as required by law. In using and storing your personal information, we may pass on your personal information including outside the country of collection: 

to others, like our consultants, agents, contractors and service providers, and those that act as data processors or analysts, auditors or external advisers; 

to others who may be involved in your care; 

to any intermediaries, including your agent, adviser, broker, representative or person acting on your behalf; 

to your employer or group administrator, if you are a member of a workplace or association insurance plan, in order to administer that plan or where determined necessary or reasonable to do so, including in connection with any suspected unlawful activity associated with your insurance cover; 

to any of our distribution; 

where relevant, we may disclose information to a potential or actual third-party purchaser of our business or assets; 

where relevant, to local registration boards and professional and industry bodies and associations, or to external dispute resolution bodies; and 

in additional ways you may also agree to. 

When we pass on, transfer or share your personal information in this way, we take steps to ensure it is treated in the same way that we would treat it, and that an adequate level of protection is in place in accordance with relevant privacy and data protection laws. 

We may also disclose personal information to any person authorised by you, or to others you have nominated in connection with an insurance policy you hold with us. When you acquire an insurance policy with us, you authorise us to share personal information with any co-insureds to confirm, for example, full disclosure has been made to us or to ensure that the policy owner is aware of the details of all benefits and services claimed on the policy. 

We do our best to keep our records of your personal information up to date and accurate, and to delete or amend personal information that is no longer needed. 

To comply with a legal or regulatory obligation, or to the extent that we have a legitimate purpose (such as to manage our business operations or to conduct data analytics to improve our offerings), we may also share with others and disclose information from which personal information has been removed (including aggregated, anonymous or pseudonymised information) so that no privacy is affected. 

We sometimes have to pass on personal information for legal or safety reasons or other special circumstances, such as in order to comply with a legal or regulatory obligation that we have or to protect your vital interests. 

Security 

We use various systems and services to safeguard the personal information we store, as part of our business systems and processes. We take steps to protect your personal information from misuse, interference or loss and unauthorised access, modification and disclosure with appropriate safeguards and security measures. 

While we take steps to protect your personal information when you send it to us, you should keep in mind that no internet transmission is ever completely secure or error- free. If you provide any personal information to us via our online services (including email), or if we provide information to you by these means, the privacy, security and integrity of any data transfer over the internet cannot be guaranteed. When you share information with us (such as over the internet, or sending us an email), it is at your own risk as factors beyond our control include the security of the device and/or program you use to communicate with us, and steps you take to protect your login details and password. If you reasonably believe that there has been unauthorised use or disclosure of your personal information, please contact us 

Our website may contain links or references to other websites not subject to this Privacy Policy. You should check their own privacy policies before providing your personal information. 

Contact with FAC about your personal information. 

You may wish to contact FAC to access your personal information, to seek to correct it, delete it or to make a complaint about privacy (and under applicable privacy laws you may have rights of access to and correction of your personal information). Contact with Family Assurance Centre can be made via our contact page contact us. 

Generally, we do not impose any charge for a request for access, but were permitted to do so by applicable law, we may charge you a reasonable fee for the retrieval costs associated with providing you with access.