1. Document Controls
Policy – Privacy
Corporate Services Manager
Corporate Services Manager
Original Issue Date
Current Issue Date
1.2 Revision Control Chart
|Version||Sections Amended & Description of Changes||Date|
|1.5.1||Template and updated track changes created.||November 2019|
|1.5.2||First draft complete.||March 2020|
|1.5.3||Changes following stakeholder and peer review Confirm content, amending copyright claims||May 2020|
|2.0||Document formally signed off and released from draft||July 2020|
|2.1||Nil changes following stakeholder and peer review||Feb 2021|
|3.0||Document formally signed off||23 Feb 2021|
1.3 Controlled Document
23 Feb 2021
National Operations Manager
23 Feb 2021
Corporate Services Manager
23 Feb 2021
Chief Information Officer
23 Feb 2021
3. Policy Statement
AAMC is an independent motor and machinery accident management company and collects information on behalf of insurance companies in order to assess and manage insurance loss under the terms and conditions of the insurance policy.
4. Collection and Storage
AAMC collects personal information from you in a number of different ways. We may collect personal information directly from you or in the course of our dealings with you, for example when you:
- Provide confirmation of personal information provided to us regarding your claim.
- Apply for a position of employment with us. Use our website or services (including via cookies).
- Contact and correspond with us.
Where possible we will collect personal information directly from you. The personal information we collect about you may include (but may not be limited to) your name, address, date of birth, contact details, Internet Protocol (IP) address, occupation and education/work history, employer, legal and industry areas of interest, and information specific to the management and loss assessment of a vehicle, and is used for the purposes of your claim under your insurance policy.
We may also, if you consent, collect personal information about you from insurance companies, automotive repair companies, from publicly available sources of information or in some instances from third parties including recruitment agencies, previous employers, government departments and third-party service providers which provide criminal, bankruptcy and other checks.
AAMC will take reasonable steps to keep any personal information we hold about you secure.
We only collect personal information where it is reasonably necessary for one or more of our functions or activities, such as assessing, administering and processing an accident claim, or assessing an individual for employment. The purposes for which we collect, use, and hold your personal information may include:
- Verifying your identity.
- Contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner).
- Providing you with services.
- Facilitating our internal business operations, including internal record keeping and the fulfilment of any legal requirements.
- Developing and improving our services and obtaining feedback.
- Complying with any law, binding regulation, court order, or official request, or where we are permitted by law.
we are not able to collect personal information about you, we may not be able to administer or process your claim for assessment and repairs; or accept your expression of interest or application for employment with us.
6. Use and Disclosure
AAMC may use or disclose your personal information for the purpose for which it was collected. Parties to whom we may disclose your personal information include:
- Loss Assessors.
- Repairers and Suppliers.
- Insurance Companies.
- Investigators and Recovery Agents.
- Legal and other professional advisors.
- Contracted Advisors and Service Providers who assist us in operating our business
(including data storage services, email filtering, virus scanning, payment processors,
- Third parties to whom you have agreed we may disclose your information.
- The police, any relevant authority or enforcement body.
- Where the use or disclosure is authorised or required by or under an Australian law
or court/tribunal order.
7. Disclosure of Personal Information overseas
We are assisted by a variety of external service providers to deliver our services, some of whom may be located overseas. These third parties are too numerous to list, and they change from time to time. Some examples of the types of third parties include technology service providers who may be located in Canada and the United States of America.
In many cases, we impose contractual restrictions equivalent to those imposed on us under the Privacy Act in respect of collection and use of personal information by those third parties.
You consent to this overseas disclosure and agree that by providing that consent, APP 8.1 under the Privacy Act no longer applies. APP 8.1 requires entities to take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information.
8. Information about Events, the Website and Our Services
We will never knowingly send unsolicited commercial electronic messages. More information on the Spam Act 2003 (Cth) is available from the regulator’s website: www.acma.gov.au/spam.
If you use our services or subscribe to our mailing list, we may use or disclose your information (excluding sensitive information) for direct marketing purposes and to contact you via email, SMS or other means in order to provide you with updated information about our services, the Website, our events, or to provide you with other information about our products or services.
You will be able to opt-out of direct marketing at any time with no charge to you or request us to provide you with our source of information, by email to firstname.lastname@example.org, or through the unsubscribe link found in all marketing emails we send. We will then ensure that your name is removed from our mailing list.
If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, you should contact us using the details provided below.
We store personal information in different ways, including in paper and in electronic form. The security of your personal information is important to us. We take appropriate measures to protect the personal information we hold from interference, misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures.
The personal information we do collect is hosted on third-party data servers located in Australia and Canada. We take all reasonable steps to ensure any third-party data storage suppliers we partner with have appropriate cyber and physical security controls in place.
Where personal information we hold is no longer required for our business or legal purposes, we delete the information or permanently de-identify it, subject to specific laws in respect of data retention.
10. The information we keep about you
Our aim is to always have accurate, complete, up-to-date and relevant personal information.
You may access the personal information we hold about you upon making a written request. We will respond to the request within a reasonable period. We may charge a reasonable fee for processing your request (but not for making the request for access).
We may decline a request for access to personal information in circumstances prescribed by the Privacy Act or other relevant legislation, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
If we refuse to correct the personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. There is no fee for making any corrections to your personal information.
The firm, usually your Insurer, that engaged us on your behalf maybe notified of your request for access, and correction of information.
11. How to contact us or make a complaint
- Address: Privacy Office, AAM Commercial PO Box 5752 Brendale Qld 4500 • Email: email@example.com
- Telephone: 1300 739 470
- Website: http://aamcommercial.com.au/
We will take any privacy complaint seriously. We will aim to resolve any such complaint in a timely and efficient manner, and our target response time is 30 days.
We expect that our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Office of the Australian Information Commissioner (OAIC). To lodge a complaint, visit the ‘Complaints’ section of the OAIC’s website, located at http://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.
12.1 Review of Policy
This policy is formally reviewed at a minimum on an annual basis for relevance against industry changes and new technology trends. Updates may occur on an ad hoc basis to respond to legislation and compliance requirements.
When an annual review occurs the major version number (the whole number) increases. Minor updates on an ad hoc basis will increase the minor version number (the decimal digits).
13. Associated Documents
This policy contains references to the following policies and procedures: