Terms and Conditions
Medibank Private Limited (Medibank) is committed to protecting the privacy of your personal information.
Requirements of the privacy legislation
We are required to comply with the Privacy Act 1988 (Cth) (Privacy Act) which regulates how personal information is handled from collection to use and disclosure, storage, access and disposal.
Personal information is information or an opinion, in any form and whether true or not, about an individual whose identity is apparent or can reasonably be ascertained from the information or opinion. It includes your name, age, gender, contact details as well as your health information (which is also sensitive information).
Collection of personal information
We will only collect personal information about you by lawful and fair means and not in an unreasonably intrusive manner. The types of personal information we may collect include:
- identifying and contact information, such as name, age, employment details, email address and mobile phone number;
- financial information, such as bank account details;
- sensitive information, including information about health, health services provided to you and claims; and
- information about your activities, including sporting and other lifestyle interests.
We collect your personal (including sensitive) information to provide you with products and services, including insurance, health related services, information on other products and services offered by us, one of our subsidiaries or a third party, and to facilitate and assess the provision of health related services to you by us, our subsidiaries and third parties.
We may collect your personal (including sensitive) information from you, another person covered by your private health insurance membership, or from a person authorised to provide us this information on your behalf. We may also collect your personal (including sensitive) information from our subsidiaries or a third party (for example, a hospital or other health service provider, employer, educational institution, government agency or adviser that has dealt with you).
How will we use your personal information?
We will use your personal (including sensitive) information for the purposes for which we collect it as described above, including to:
- manage our ongoing relationship with you;
- administer, process and audit claims;
- manage, review, develop and improve our insurance products and related services (including health services) whether provided by us or other parties on our behalf;
- manage, review, develop and improve our business and operational processes and systems, including the services provided to you by our contracted service providers (such as our subsidiaries) and other parties;
- resolve any legal and/or commercial complaints or issues; and
- perform any of our other functions and activities relating to our business.
Who will we disclose your personal information to?
In order to carry out the above purposes, Medibank may disclose your personal (including sensitive) information to persons or organisations (which may be located overseas) such as:
- our subsidiaries;
- our agents and service providers;
- our professional advisors;
- health service providers (such as hospitals, general practitioners, allied health providers and providers of chronic disease management programs) including our subsidiaries;
- parties involved in a prospective or actual transfer of any parts of our assets or business;
- payment system operators and financial institutions;
- persons authorised by or responsible for you, including your agents and advisors;
- government agencies;
- if you have OSHC or a visitors cover product, also to your educational institution, migration agent or broker;
- if you have a corporate insurance product, also to your employer; and
- other parties to whom we are authorised or required by law to disclose information.
The above parties may also collect personal (including sensitive) information directly from you.
Medibank may disclose your personal information to other persons covered by your private health insurance membership as part of administering the membership and paying benefits. This may include the disclosure of sensitive information about benefits claimed by you under your policy.
From time to time, we may also use your personal (including sensitive) information to contact you (including by telephone call, text message or email) in relation to other products or services we think may be of interest to you. This may include our own products and services, the products or services of a subsidiary or the products or services of third parties. You may withdraw your consent to these specific uses and disclosures by calling us on 134 190, visiting one of our stores, or accessing the Manage My Preferences page within the Online Member Services facility.
If you do not provide personal information requested of you to Medibank, we may be unable to provide you with insurance cover, pay you benefits or provide you with or facilitate the provision of other services.
What health related services are provided by Medibank subsidiaries?
As indicated above, these companies may collect and use your personal (including sensitive) information to provide these services to you including to:
- manage their relationship with you and contact you for follow up purposes;
- manage, review, develop and improve their health related services and their business and operational processes and systems;
- resolve any legal and/or commercial complaints or issues; and
- perform any of their other functions or activities.
Our subsidiaries may collect your personal (including sensitive) information directly from Medibank and/or other Medibank subsidiaries, you or a person authorised by or responsible for you.
If you use health related services, our subsidiaries will disclose your personal (including sensitive) information to Medibank in order for us to pay benefits for health related services and to review, develop and improve the services. In order to perform the above functions, our subsidiaries may disclose your personal (including sensitive) information to us, each other and to third parties such as their agents, service providers and professional advisors, health service providers, persons authorised by or responsible for you, and to other parties to whom they are authorised or required by law to disclose information including government agencies, and these parties may collect that information.
In addition to the collections, uses and disclosures described above, our subsidiaries may also disclose your personal (including sensitive) information to us and each other in order for us and them to assess from what other services you may benefit and to facilitate the provision of such services. We may also disclose your personal (including sensitive) information to our subsidiaries so the Medibank Group may have an integrated view of our members and provide you a better and personalised service. Our subsidiaries may use your personal (including sensitive) information to contact you (including by telephone call, text message or email) in relation to their services. You may withdraw your consent to these specific collections, uses and disclosures at any time by calling us on 134 190, visiting one of our stores, or accessing the Manage My Preferences page within the Online Member Services facility.
How do we manage the data quality and security of your personal information?
To the extent required by the Privacy Act, Medibank will take reasonable steps to:
- make sure that the personal information that we collect, use and disclose is accurate, complete and up to date;
- protect the personal information that we hold from misuse and loss and from unauthorised access, modification or disclosure; and
- where permitted by law, destroy or permanently de-identify personal information that is no longer needed for any purpose that is permitted by the Privacy Act.
Medibank will generally provide individuals with the option of not identifying themselves when entering transactions when it is lawful and practicable to do so. However, on many occasions we will not be able to do this. For example, we will need your name and address in order to provide you with private health insurance coverage.
Use of Commonwealth Government identifiers
Medibank will not use Commonwealth government identifiers, such as Medicare numbers, as its own identifier of individuals. We will only use or disclose such identifiers in the circumstances permitted by the Privacy Act.
Transfer of personal information overseas
If Medibank transfers your personal information outside Australia, we will comply with the requirements of the Privacy Act that relate to transborder data flows.
Access to your information and contacting us
Medibank will allow you to access and correct personal information it holds about you as required by law. If you have any queries about how Medibank handles your personal information, or would like to request access to or to correct that information, please write to: Privacy Officer, Medibank Private Limited, 16/700 Collins Street, Docklands, Victoria 3008 or firstname.lastname@example.org.
In some circumstances, Medibank may not permit you access to your personal information, or may refuse to correct your personal information, in which case we will provide you reasons for this decision.
Application of the Medibank Group's Privacy Policies
Further information about the application of the Privacy Act can be found at the website of the Office of the Australian Information Commissioner at www.privacy.gov.au.
How we handle complaints
If you have any concerns or complaints about the manner in which your personal information has been collected or handled by Medibank, please contact the Privacy Officer whose contact details appear above.
Withdrawal of consent
You may also withdraw your consent to the use of personal information for any secondary purposes (whether for yourself or any dependant aged under 16 years) by ringing us on 134 190, visiting a Medibank store or withdrawing your consent via Online Member Services.