PRIVACY AND SECURITY

In the Privacy Charter and Online Privacy Statement "we", "our", and "us" refers to Insurance Australia Group Limited ABN 60 090 739 923 (IAG) and each of its related entities. IAG and its related entities may maintain additional rules and practices, which are consistent with this Privacy Charter. The Privacy Charter & Online Privacy Statement applies to IAG’s operations in Australia and is current as at 25 June 2010.

Where IAG handles personal information, we are committed to protecting the privacy of your personal information and to handling it in a responsible manner in accordance with the Privacy Act 1988 (Cth) (“Privacy Act”). The Privacy Act outlines the National Privacy Principles, which set the minimum standards for how private sector organisations are required to handle your personal information in Australia. We are committed to complying with the National Privacy Principles.

The following information explains how we collect, use and disclose your personal information.


Privacy Charter


Collection

We collect your personal information in various ways, such as over the phone and over the internet if you transact with us online. The personal information collected and stored by us about you generally includes your name, address, date of birth, gender, and contact details, including phone, fax and email as provided by you to us. Where practicable, we will give you the option of interacting with us anonymously.


Sensitive Information

If we collect sensitive information about you, we do so in accordance with the National Privacy Principles. This may include details such as your health information, criminal record, or sexual preferences.


How we collect the information

Whenever possible, we collect your personal information from you. However, there may be occasions when we collect personal information about you from someone else. We may also collect information about someone else from you. Irrespective of the source of the information, we respect and protect the privacy of personal information. If you provide information to us about another person, then you are responsible for telling the other person that you have provided information about them to us. You should tell them who we are, that they may access their personal information, and you may also wish to refer them to this Privacy Charter.


Use

We will use your personal information in accordance with the National Privacy Principles, for any purpose to which you have consented.

Disclosure


Disclosure of shareholding information

Shareholding information may also be personal information. We have an arrangement with Computershare Investor Services Pty Limited (CIS) to collect, store, use and disclose the personal information of IAG shareholders on IAG’s behalf. As IAG’s share registry manager, CIS is required to comply with obligations under the Australian Corporations Act 2001 (Cth) and Australian Stock Exchange Listing Rules. These obligations include making public the name, address and number of shares held by registered shareholders. However, other information such as banking details, tax file numbers and holder reference numbers is private information and will only be used and disclosed in accordance with provisions of the Privacy Act and the Taxation Administration Act 1953 (Cth). For more information on how CIS handles personal information, please refer to its “Personal Information Management Statement” which is available at www.computershare.com.au.

From time to time IAG may also seek to identify the beneficial ownership of registered holdings. Please be aware that in doing so, it is required to maintain a register of the responses received and make this register available for inspection on request.


Disclosure of personal information to other companies who provide services to us

We may disclose information about you to other service providers and third parties to carry out activities on our behalf, such as a mailing house. We impose security and confidentiality requirements on how they handle your personal information. They are not permitted to use information about you for any purpose except for those activities we have asked them to perform.

Other than as set out above, we will not disclose information about you to a company which is not a related entity unless the disclosure is required or authorised by law, or you have consented to our disclosing the information about you. On occasions, we may need to disclose your personal information to third parties to provide a product or service to you on IAG’s behalf. At all times, we will respect and protect the privacy and confidentiality of personal information.


Other Information


Security of your personal information

Personal information that we hold on our systems is protected through the use of secure passwords and other security procedures. Access to personal information is limited to those who specifically need it to conduct their business responsibilities. We also maintain physical security procedures to manage and protect the use and storage of paper records containing personal information. Our personnel are responsible for handling personal information in accordance with the Privacy Act. We educate our staff about the requirements of the National Privacy Principles and the Privacy Act. We will keep your information so that we can continue to provide the products and services you have requested from us. We will take reasonable steps to destroy or permanently de-identify personal information when we no longer need it.


Accuracy of your personal information

We will take reasonable steps to ensure that the information we hold about you is accurate, complete and up-to-date. If you believe that the information we have about you is not accurate, complete or up-to-date we ask you to contact us.


Access to your personal information

You may request access to the personal information we hold about you. So that we can respond quickly and efficiently to your request, we may ask you to complete an Access Request Form and may charge you a service fee for retrieving and sending the information to you. Please contact us if you would like more information on how to request access to this information or to confirm the applicable charges. If we are unable to meet your request for access, we will let you know why.


If you have a complaint

If you have a complaint about the privacy of your personal information, we ask that you contact us in writing. We will promptly acknowledge and investigate complaints.


Further information

Please contact us if you would like further information regarding this Privacy Charter, or the management of your personal information. You can also email us at investor.relations@iag.com.au if you have any further queries.


Online Privacy Statement

The information that we collect from you when you interact with us online depends on the tasks you complete on this website. When you visit and browse through this website, we collect general information for statistical and maintenance purposes that enables us to continually evaluate the performance of this website. This general information includes:


This information will not identify you and we will not combine it with any information in a way where we can identify you.

We do not sell, trade, lease or rent any personally identifiable information.

If you send an email to us your personal information will only be used for the purpose of responding to your enquiry.

If you subscribe to our email messaging service, we will only ask you to provide your email address so that we can email to you the information you have requested. In every email sent, you are given the option to discontinue the service so as not to receive further emails.

Any information which is not capable of identifying you, such as the number of users visiting this website, is collected through code embedded in the webpages of this website. You cannot disable the code on these pages. Other information, such as browser type, is included in a 'cookie' that is sent to your computer when you are completing certain tasks on this website. A cookie contains bits of information that enables our servers (ie. the computers that house this website) to identify and interact efficiently with your computer. Cookies are designed to provide a better, more customised website experience, and to make it easier for you to use this website. You can configure your browser to either accept all cookies, reject all cookies or to notify you when a cookie is being sent to your computer. The 'help function' on your browser will provide you with details on how to change your browser configurations. You will need to accept cookies in order to use some functionality on this website.

Information you provide to us on this website is securely protected as it travels from your computer to our servers, using Secure Sockets Layer (SSL) protocols. This website uses the strongest form of SSL encryption - 128 bit, making it exceedingly difficult for others to view your information. We take all reasonable precautions to ensure that any information you provide to us is transferred securely from our servers to mainframe computers (no personally identifiable information is stored on our servers). These mainframe computers are not able to be accessed directly through the internet, due to protection provided by several levels of firewall security to prevent unauthorised access.

This website uses an Intruder Detection System to monitor internet privacy and security threats. Any identified threats are evaluated, and measures taken to eliminate or reduce them. Any information stored on our systems is protected from unauthorised access through the use of security procedures, as well as secure user logons and passwords. Our staff are committed to following these security procedures.

SPAM means unsolicited advertising material sent via email. We will not send out this type of material.

Due to evolving technologies and types of functionality available on this website, we encourage you to review this Online Privacy Statement from time to time as it may be updated.

Contact us

Please email us at investor.relations@iag.com.au if you have any queries regarding IAG’s approach to privacy.