This Privacy Policy covers the HCF group of companies (We or HCF Group), being The Hospitals Contribution Fund of Australia Ltd, HCF Life Insurance Company Pty Ltd, Manchester Unity Australia Ltd, HCF Research Foundation Ltd, Railway & Transport Health Fund Ltd, and Transport Health Pty Ltd, but excluding Flip Insurance Pty Ltd, which is covered by its own privacy policy.
We are committed to protecting your privacy and will handle your personal information in accordance with this Privacy Policy, the HCF Data Principles set out below, and our obligations under the Privacy Act 1988 (Cth) (Privacy Act) and other relevant State legislation dealing with privacy and health records. We also comply with the Spam Act 2003 (Cth) and the Do Not Call Register Act 2006 (Cth), as amended from time to time. If you are an Overseas Visitor Health Cover (OVHC) member in the European Union, the processing of your personal information will also be subject to the General Data Protection Regulation (2016/679) (GDPR).
HCF DATA PRINCIPLES
- Your trust is of the utmost importance to us. HCF considers your personal information to be very important and is committed to protecting your privacy.
- Transparency is important. We are open and honest about the way we use your personal information, as set out in this Privacy Policy or as otherwise disclosed to you from time to time.
- Security is front of mind. Safeguarding your personal information against potential cyber security threats is our priority. We continuously invest in comprehensive cyber capabilities to protect your information. We monitor our systems for unusual activity around the clock and regularly conduct robust security testing. We have implemented governance processes and controls to manage cyber risks to ensure the protection and security of personal information you share with us.
WHAT SORT OF PERSONAL INFORMATION DO WE USUALLY COLLECT?
Personal information is broadly, any information about or relating to you where you are identified by us, or can be identified. Sensitive information is a special subset of personal information which includes your health information.
For the purposes of this Privacy Policy, any references to “personal information” includes “sensitive information”.
The personal information that we may collect about you includes:
1. Information relevant to health, life, travel and pet insurance cover, dental and optical services and other related products and services such as your:
- name, residential, postal and email addresses, phone and/or mobile number and other relevant contact details
- family and marital status, date of birth, gender, ethnicity and employment details
- bank account and credit card details and other relevant financial information
- pet details, age, breed and veterinary history
- marketing preferences
- government related identifiers such as your Medicare number and Australian Tax Office file number
- claims information and our analysis of this data, which includes your health information, expenses paid and claimed, the health care providers who treated you and the treatment you received
- sensitive information, for example your:
- health records, medical history including but not limited to any illnesses, medical conditions, genetic testing results and health services provided to you
- usage of and data supplied to mobile applications and materials delivered on-line.
2. Additional information in relation to life insurance cover and services, such as your:
- income
- insurance history
- criminal history (for example, when assessing a life insurance claim).
3. Additional information collected from you by phone, our website or mobile applications such as your:
- height
- weight
- blood pressure
- cholesterol levels
- lifestyle (for example, recreational activities, drug and alcohol use, travel)
- mental health status
- smoking history
- occupation (including a description of your duties)
- medical history
- exercise information
- health questionnaire information, including any pre-existing conditions
- family history, including any pre-existing conditions and genetic testing results
- residency details.
4. Additional information in relation to your proposed employment with any HCF Group company such as your:
- previous employment history
- Australian tax file number.
5. In respect of providers to the HCF Group, information such as your:
- name, practice and/or business name, practice, postal and email addresses, phone, fax and/or mobile number
- government related identifiers such as your Medicare provider number, Australian Health Practitioner Regulation Agency number, Australian Company Number and/or Australian Business Number
- claims information for your professional services, your charges and expenses, including out-of-pocket (gap) costs members pay you, and treatments performed, that you and/or our members provide to us from time to time including benefits payable, and results from our analysis of this data, such as out-of-pocket (gap) expenses
- whether or not you are registered for and use HCF’s medical gap arrangements
- feedback from our members on the service that you provide
- feedback from other providers, like hospitals, about the service that you provide in association with them from time to time
- practice/business bank account details.
HOW DO WE COLLECT YOUR PERSONAL INFORMATION?
We may collect the personal information from you (or persons authorised by you):
- in person, via mail, email, mobile applications, our website (including embedded chatbots) or other internet applications including social media (e.g. Facebook, Twitter)
- by phone
- from forms, claims and other correspondence
- while you are using services provided by HCF.
Sometimes we may need to collect personal information from third parties such as:
- health service providers (such as hospitals, hospital-substitute treatment providers, general practitioners and optometrists and other allied health providers) and other service providers (such as providers of health and well-being services and electronic claiming software providers), recruitment agencies and marketing agencies)
- another insurer or re-insurer
- brokers, agents or referrers
- the policyholder, if you are a partner, or a dependent (for example, a child or a student) who is insured under the policy
- government agencies
- your employer or advisers
- immigration or other agents
- financial or educational institutions
- if you are a provider, from the Department of Human Services, government regulatory agencies, electronic claiming software providers and our members
- research companies that collect feedback from members on behalf of us.
WHAT HAPPENS IF YOU DO NOT GIVE US THIS INFORMATION OR DO NOT WISH US TO USE OR DISCLOSE IT FOR A PURPOSE?
It is your right not to give us any information and not to identify yourself to us (interact anonymously or using a pseudonym) or to tell us that you do not wish us to use or disclose your personal information for a particular purpose or in a particular way. However, if you choose not to give us the personal information we request, or do not identify yourself to us or ask us not to use or disclose your information for a particular purpose, we may not be able to:
- Consider your application for insurance.
- Administer your policy.
- Enter into a contract to provide you with our product or service or provide you with relevant services.
- Manage or pay any claims you make under your policy.
- Provide you with relevant insurance, health, dental or optical services.
- Consider your recognition as a provider or register you and consequently pay our. members for any services you provide in accordance with our arrangements or any other obligations.
HOW DO WE USE YOUR PERSONAL INFORMATION?
1. INSURANCE, HEALTH, DENTAL, AND OPTICAL SERVICES
We use your personal information we collect, under our contract with you, to provide products and services to you (some of which may be provided by third party providers on our behalf) including insurance, health, dental and optical services, recording your treatment, managing our relationship with you, to assess your eligibility to receive a benefit, and to administer, process and audit claims.
We may also use your personal information for related purposes which you would reasonably expect for our legitimate interest in complying with applicable laws, assessing your insurance, health and related lifestyle needs, developing products and services that may better serve those needs, assessing your possible interest in any such products or services and telling you about these, telling you about and otherwise publishing details of provider charges and out-of-pocket (gap) costs our members may have incurred, conducting risk forecasting functions (with your consent), improving our service delivery, asking for your feedback and opinions about services, benefits or product offerings, resolving any legal and/or commercial complaints or issues and performing other functions and activities relating to the business of the HCF Group.
2. DEVELOPING PROGRAMS OR SERVICES FOR THE BENEFIT OF OUR MEMBERS
From the personal information that we collect from our members, in providing health insurance and associated services, we are able to develop programs and services that are intended for the benefit of members.
In some instances, participation in these programs or services is offered to all members. In other instances, the invitation to participate is targeted at specific members who are most likely to benefit from participation in the programs or services.
We may use personal information we have collected to identify members who may benefit from a program or service, and inform members of the availability of the program or service, for example, via telephone, the HCF member app, the HCF website or through our publications or advertisements, and invite them to participate in the program or service.
In relation to all programs and services:
- participation is entirely voluntary
- participation or non-participation will not affect your benefit entitlements or premiums or your client relationship in any way
- if you do not wish to participate in a program after you are invited to join, you may decline the invitation or may, at any time, withdraw from any program in which you may have been enrolled.
PROVIDERS
If you are a provider (such as a health provider), we collect and use information about the provider, including their charges and health outcomes, that may include personal information, to administer claims, deal with complaints, obtain feedback on members’ experience or the performance of providers, update members and understand costs including out-of-pocket (gap) costs. We may publish some, or all, of this information on our website or communicate it to our members in other ways, as a service to our members, including by sharing it through other websites we partner with.
OTHER INDIVIDUALS
We may also collect and use or disclose personal information of other individuals other than members or providers, such as guardians or other authorised individuals or carers, representatives of third party service providers, HCF officers and directors, prospective employees and members of the public, in order to provide our products and services, administer our business, manage job applications (including conducting background checks), comply with applicable laws and provide various promotional offers.
REQUESTS TO STOP DIRECT MARKETING FROM US
We may communicate with you by phone, electronically or mail, about our current and new products and services, including participation in any programs we develop.
You may ask us at any time to stop sending you direct marketing information or being contacted by or on our behalf, in a particular way or at all. You can do this by:
For HCF-branded products (excluding OVHC):
|
For HCF-branded OVHC products:
|
For RT Health-branded products:
|
For Transport Health-branded products:
|
DO WE DISCLOSE INFORMATION TO THIRD PARTIES?
We may share or disclose your personal information, in accordance with the purposes described above under the heading ‘HOW DO WE USE YOUR PERSONAL INFORMATION?’ to third parties or individuals, some of which may be located overseas in certain circumstances, including:
- The policyholder, if you are a partner or dependant insured under the policy, for the purposes of your HCF membership. Our contract with the policyholder requires us to have full and free communication with the policyholder on all aspects of the policy, including the benefits claimed by any person covered by the policy.
- Organisations that deliver services on our behalf or to us, such as third parties that we contract to assess or process claims, administer programs or services that we develop for the benefit of members, research companies contracted by us (to ask your opinions on improving the HCF Group’s service, benefits or product offerings), third party vendors who placed targeted online ads for us on their sites and mailing houses.
- Other service providers, for example, our advisors for the purposes of obtaining legal advice, medical specialist advisors for the purpose of reviewing ex-gratia requests and making pre-existing condition determinations or our technology providers.
- Between companies within the HCF Group.
- Corporate partners (if you are an employee or member of that organisation) and third-party websites who we partner with (if you are a healthcare provider).
- Fraud prevention agencies, government bodies and regulators including law enforcement bodies such as the Police, professional associations and industry bodies.
- Health service providers (where your personal information is used to improve their ability to provide you with health services).
- Other insurers or reinsurers including other health insurers where you have moved your insurance to or from HCF.
- Where disclosure is otherwise authorised or required by or under applicable laws or any other legal or regulatory process.
- Other members and the public, after removal of any personal information, such as where we publish details of our analysis of claims data and charges including out-of-pocket (gap) costs charged by health service providers for different treatments.
Any third parties to whom we disclose or permit access to your personal information, in the course of providing services on our behalf, will be subject to strict contractual restrictions to ensure that they protect personal information and keep it confidential, consistent with relevant privacy and data protection laws.
In the event that HCF or a part of the business undergoes re-organisation or is sold or licensed to a third party, any personal information we hold about you may be transferred to that re-organised entity, licensee or third party.
We do not normally give personal information about you to anyone who is not on your membership. You will need to give us written permission if you want someone who is not covered by your membership, such as a friend or carer, to deal with us on your behalf.
OVERSEAS DISCLOSURES
Some organisations to which we disclose personal information are located in the USA, New Zealand, India, Philippines, and El Salvador (in relation to HCF Gift cards issued through Blackhawk Group only). We will not disclose your personal information to an overseas recipient without taking such steps as are reasonable in the circumstances to ensure that the overseas recipient will not breach the Australian Privacy Principles set out in the Privacy Act.
If you are an OVHC member in the European Economic Area (EEA) we may use service providers based outside the EEA. We will take steps to ensure that your personal information will be afforded the level of protection required of us, under and in accordance with this Privacy Policy and applicable data protection laws and in accordance with current legally recognised data transfer mechanisms, such as appropriate European Commission approved standard contractual clauses (see ec.europa.eu/info/law/law-topic/data-protection_en).
HOW IS INFORMATION FROM OUR WEBSITES AND MOBILE APPLICATIONS COLLECTED AND USED?
We collect information when you:
- complete an online form
- give us your email address
- access and use any of our services through our website and mobile applications.
We collect data from our website and mobile applications to help us understand which are the most popular items and when the peak usage times are, along with other information that helps us improve the content and make the navigation easier. Some of this information may be used to develop new services or enhance existing services provided to HCF members.
When you visit our website, it will send a cookie to your computer. This is a small piece of information stored on your hard drive which tells us that your computer has accessed our website. The cookie by itself will not be able to identify you. If you do not want to use cookies, you can set your browser to reject them.
Data from mobile applications may include information that you supply to the application as well as location information provided by the device location services and information from connected devices and monitors, where you have given permission for the application to access these services. This may include, for example, specific health and activity information including but not limited to location data, physical activity, sleep, heart rate, blood pressure, blood glucose and other health information. Collection of this information enables us to provide you with useful services such as finding health care providers close to your location.
HCF uses remarketing and web-based analytics to advertise online. Third-party vendors show HCF advertisements on websites across the Internet. This includes the use of Google Analytics (see Google Privacy Policy for more details) and Facebook Pixels (see Meta Privacy Policy for more details). HCF and third-party vendors, including Google and Facebook, use first-party cookies (such as the Google Analytics and Facebook Pixels cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on someone’s past visits to the HCF website.
WHAT ABOUT LINKED WEBSITES?
We provide links to third party sites. Since we do not control these websites, we encourage you to review the privacy policies posted on these third-party sites. We are not responsible for any practices on linked websites that might breach your privacy.
STORAGE AND SECURITY OF YOUR PERSONAL INFORMATION
We take reasonable steps to protect the personal information we hold from misuse, interference and loss, and unauthorised access, modification or disclosure and to destroy or de-identify personal information we no longer need, wherever possible.
In the case of clinical information collected by our HCF operated health service providers, such as our Dental Centres and Eyecare Centres, your information will be held for at least seven years from the last time a health service was provided, in accordance with Health Records legislation.
If someone under the age of 18 used the health service, the information will be held at least until that person has turned 25.
We will keep member personal information for as long as we maintain our relationship with you or otherwise as required for our business operations or by applicable laws, including to enforce our rights, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record keeping purposes.
YOUR PRIVACY RIGHTS
HOW TO ACCESS AND CORRECT YOUR PERSONAL INFORMATION
We take reasonable steps to ensure that the information we hold about you is accurate, up-to-date, complete and relevant when we use it or disclose it. You should contact us if you think your personal information is wrong.
HOW TO UPDATE YOUR CONTACT DETAILS
If you need to update your contact details, you can do so through the members’ section of the relevant website:
For HCF-branded products (excluding OVHC): |
For HCF-branded OVHC products: |
For RT Health-branded products: |
For Transport Health-branded products: |
For non-members who have visited an HCF Dental or Eyecare Centre: Contact the Dental or Eyecare Centre that you visited directly. |
HOW TO ACCESS OR OTHERWISE CORRECT YOUR PERSONAL INFORMATION
If you have a question about this Privacy Policy or want to access or otherwise correct your personal information you can:
For HCF-branded products (excluding OVHC):
|
For HCF-branded OVHC products:
|
For RT Health-branded products:
|
For Transport Health-branded products:
|
For Non-members who have visited an HCF Dental or Eyecare Centre:
|
A request for access needs to include a full description of the personal information requested. If making a request in person, you will be asked for two forms of identification, one of which must have a photograph on it. If you request information over the phone, we will ask you identity-related questions so we can verify you.
Your request for access to your personal information will be documented, as will details of the request and the identity of the HCF employee who gave it to you. We will generally give access unless an exemption applies to certain information as permitted by the Australian Privacy Principles under the Privacy Act.
If you believe that the information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you can request its correction. If we are satisfied that the information needs to be corrected, we will take reasonable steps to ensure that information is corrected and notify you of the correction. However, there may be circumstances in which we may have to refuse a request for correction. In such a case you can request that we associate a statement, with that personal information, that you made a request for correction.
You will not be charged for accessing or correcting your information.
We might have to charge for the reasonable cost of processing your access request, including photocopying, copying of radiographs, supplying written reports, administration and postage.
OVERSEAS VISITOR HEALTH COVER (OVHC) MEMBER
If you are an OVHC member you also have, in certain circumstances, the right to request that the personal information we hold about you is erased, its further processing is restricted or to object to its processing. In certain circumstances, you also have the right to data portability, meaning you can receive personal information you have provided to us in a structured, commonly used and machine-readable format and/or have it transmitted to another party. You may also withdraw your consent where provided or object to the further processing of your personal information under certain circumstances.
If we refuse any request you make in relation to these rights, we will write to you to explain why and how you can make a complaint about our decision. To make a request in respect of these rights or to make a complaint, contact us as set out above. You also have the right to lodge a complaint with a relevant data protection supervisory authority.
HOW WE WILL RESPOND TO YOUR REQUEST
We will acknowledge receipt of your request within 2 business days of receiving your request. We will do our best to deal with your request within 5 business days.
If we cannot help with your request, you will receive a written explanation as to why and details of what you can do to take the matter further if you are not satisfied with our response.
DO YOU HAVE A CONCERN OR QUERY IN RELATION TO PRIVACY?
If you have any concerns or queries about privacy, you can:
- email privacyofficer@hcf.com.au
- visit any HCF branch
- call 13 13 34.
We will do our best to resolve your complaint as quickly as possible. However, if you are not satisfied with the result of your complaint to us, you can refer your complaint to the:
Office of the Australian Information Commissioner
- online privacy complaint form oaic.gov.au
- call 1300 363 992
- mail GPO Box 5218, Sydney NSW 2001.
NEED FURTHER INFORMATION?
For more information about privacy in general, you can visit the Office of the Australian Information Commissioner’s website at oaic.gov.au
UPDATING OUR PRIVACY POLICY
We may review, amend or revise our Privacy Policy and the way we handle personal information from time to time. We will post the updated Privacy Policy on our website at hcf.com.au and its terms will take effect from the date of posting.
Last updated: April 2023