Privacy and security
The protection and privacy of your personal information is a priority to us. This means handling your personal information in a responsible manner in accordance with the Privacy Act and the Australian Privacy Principles.
Our Privacy Policy contains details about how we collect, use and disclose your personal information generally and our Online Security Statement provides additional security information about how we ensure the security of your personal information when you deal with us online.
Online security statement
Please read this statement along with our Privacy Policy.
We take the protection of your personal information very seriously, so we regularly revise and update our security measures to keep your information private and meet industry standards.
Steps we take to protect your personal information
- We encrypt your information as it travels between your computer and our computers. We use a form of Transport Layer Security (TLS) to stop anyone intercepting your information
- Your personal information is stored on computer systems which are protected by a combination of firewalls, secure logon processes, encryption and intrusion monitoring technologies
- We use a recognised payment service provider to process any insurance payments you make using this website. This service provider is committed to protecting your personal information on our behalf
- In certain circumstances we will collect and use your IP address to protect the security of our website
- We regularly test our websites and infrastructure for vulnerabilities and take action where needed.
- We apply security patches to software provided by vendors.
Steps you can take to protect your personal information
It’s still very important that you take some steps to help keep up security when you’re online:
- Protect your personal information, such as usernames, passwords and policy details, by not allowing anyone to see you entering them, and avoid public Wi-Fi usage
- Notify us as soon as possible if you become aware of any security breaches
- Use a strong password for your account. Try to think of something that is easy to remember, but hard to guess, such as a passphrase
- Change your password regularly and try not to reuse the same password on more than one site
- Don’t let your browser save your password for our websites
- Be wary of websites, emails or phone calls that claim to be from us. Please contact us if you are unsure
- Keep an eye on your accounts and check for any unauthorised transactions
- Keep your devices up to date with firewall enabled, anti-malware software, anti-virus software and security updates.
How do you make sure you’re going to the right website?
- Always go directly to our website by typing the address www.cgu.com.au rather than following links found in emails or elsewhere online.
Keeping safe with email
- Never disclose personal, financial or debit/credit card information by email. Contact us if you’re unsure of the legitimacy of any email that appears to have come from us
- We will never ask for sensitive or personal information such as usernames, passwords or policy details if you haven’t asked for our help first.
By helping us with these things, we can both work to make your world a safer place. To report any concerns around the security or privacy of your information please email cybersecurity@iag.com.au.
Read more at StaySmartOnline, an Australian Government online safety and security website.
Privacy Policy
CGU Insurance (CGU) is a trading name of Insurance Australia Limited ABN 11 000 016 722 (“we”, “our”, “us”).
Last updated on 18 September 2024.
Your privacy is important to us and we are committed to handling your personal information in a responsible way in accordance with the Privacy Act. This is our Privacy Policy and it sets out how we collect, store, use and disclose your personal information. We recommend that you read it carefully.
As CGU is an Insurance Australia Group Limited (IAG) business, this Privacy Policy must be read together with the IAG Master Privacy Policy, which describes how IAG collects, holds, uses and discloses your personal information. A copy of the IAG Master Privacy Policy is available at: www.iag.com.au/master-privacy-policy.
If the information in this Privacy Policy conflicts with information in the IAG Master Privacy Policy, the information in this Privacy Policy will override the IAG Master Privacy Policy.
By visiting any of our websites, applying for, renewing, holding or using any of our products or services or providing us with your information, you agree to your information being collected, held, used and disclosed as set out in this Privacy Policy and the IAG Master Privacy Policy.
The information we collect
We collect the information necessary for us to provide you with the products and services you have requested from us, for the purposes set out under the section ‘How we use and disclose your information’ below, or if the law otherwise allows or requires us to do so.
We will only collect your sensitive information if you have provided us with consent to do so.
You do not have to provide us with your personal information.
However, if you don't it may affect our ability to assist you or provide you with a product or service you would like. If you want to deal with us while not identifying yourself (for example, anonymously or by using a pseudonym) we will let you where it is practical for us to do so (for example, where you make a general enquiry of us).
Please tell us if you wish to do this and we will indicate whether, taking into account the nature of the transaction, it is practical and reasonable to do so.
The information we collect and hold generally about you and other individuals (such as your spouse, partner or children or other joint insureds) includes name, address, date of birth, and contact details (such as phone number, fax number and/or email address).
However, we may also collect and hold other information required to provide services or assistance to you, including your gender, employment, details of your previous insurances, sensitive information (such as health information and criminal records), claims history, financial details such as your credit card or bank account number (for example, if the product of service is being paid for in this way or we are making a claim payment), your bank account or credit card details, your personal assets and those of your spouse or partner.
How we collect your information
We may collect your personal information in various ways, including via person-to-person contact directly from you, telephone, the internet (including our website), hard copy forms or email.
Whenever you choose to deal with us directly, we will where possible collect this information directly from you.
However, there may be occasions when we collect your personal information from someone else. This may include from publicly available records or databases (including phonebooks, public websites or social media), your broker or financial adviser, CGU authorised representatives, joint insureds on your policy, other insurers, employers, our distributors, business partners or agents or related entities, medical practitioners and rehabilitation providers, another party involved in claim, investigators, the Insurance Reference Services (IRS) and its members, third parties who provide services to us or on our behalf, family members, anyone you have authorised to deal with us on your behalf, and/or our legal advisers.
We may also seek to collect personal information about someone else from you (for example, if you request a product or service jointly with another person). However, you must not provide us with information about another person unless you have clear consent from that person to do so and let them know about this Privacy Policy and where to find it.
How we use and disclose your information
We only use and disclose your personal information for the purpose for which it was provided to us, other related purposes and purposes permitted by law, or purposes to which you otherwise consent. Such purposes include:
- Responding to enquiries or complaints in respect of a product, service or claim
- Providing you with our products and services and any assistance you request from us (for example, processing requests for quotes, applications for insurance, underwriting and pricing policies, offering excesses and discounts, issuing renewing or amending policy, managing and assessing claims made under or against a policy which you hold, processing claims or payments, recovering money paid to you or debts you have incurred, etc)
- Maintaining or administering your account policies, processing payments you have authorised and processing third party authority arrangements
- Maintaining and improving our products and services, our customer service practices and our internal business processes
- Processing your survey or questionnaire responses for the purpose(s) notified in the survey or questionnaire (if you have chosen to participate in such)
- Better understand our customers' needs and tailor our future products and services accordingly (including by conducting market research and analytics)
- Contacting you (including by email, telephone, SMS, mail, social media or targeted digital advertising) to provide you with offers and marketing information about products and services (of ours, our agents and distributors, our related entities and other organisations) which we believe may be of interest to you if you opt-in to receive such (if you have opted-in, you can contact us at any time to ‘opt out’ of receiving such marketing communications, or simply follow the unsubscribe instructions in the relevant communication)
- For facilitating our ordinary business operations (including general business reporting, modelling and analysis and managing our IT infrastructures, databases, websites and for statistical and maintenance purposes)
- Quality assurance, audit and training purposes
- Complying with, and assisting our related entities, agents, brokers, business partners, distributors and insurance advisers in complying with, any applicable law, code (including the General Insurance Code of Practice, as amended from time to time) or regulation, and assisting with government, law enforcement agencies and regulators (including anti-money laundering, sanctions, anti-slavery, and prevention of fraud and other criminal activity)
- For confirming and providing evidence of the fact that you have insurance issued by CGU
- Any other purposes identified at the time of collecting your information.
However, we will only use and disclose your sensitive information for the purposes for which it was initially collected, other directly related purposes and purposes permitted by law, or purposes to which you otherwise consent.
Who we disclose your information to
We will disclose your information to our related entities and third parties (including those who provide services to us or on our behalf), for the purposes set out under the section ‘How we use and disclose your information’ above, other related purposes and purposes permitted by law, or purposes to which you otherwise consent. These related entities and third parties include:
- Our agents, business partners and distributors (including financial institutions, credit unions and other third parties with whom we have a commercial or referral arrangement)
- Insurance advisers (such as CGU authorised representatives and insurance brokers) who offers or arranges one of our products or services on our behalf
- Insurance reference bureaux (including Insurance Reference Services, and Insurance Fraud Bureau of Australia), underwriters and re-insurers (and their representatives)
- Other insurance providers, a joint insured on your insurance policy, any other person listed on your insurance policy (for example, a nominated driver) or anyone else who has your authority
- Any credit providers that have security over your property
- In the case of some claims (or likely claims other insurers, third party), assessors, investigators, your employer, medical practitioners, rehabilitation witnesses, passengers, other drivers or another party involved in a claim (for example, to obtain or provide information relevant to an assessment of your claim or to recover monies on a claim you have made) and any agents, representatives or subcontractors or the above
- Complaint and dispute resolution bodies (including the Australian Financial Complaints Authority)
- Our third party service providers (including recovery agents, media publishers, lawyers, suppliers, mailing houses, marketing agencies and companies, market researchers, IT experts and infrastructure providers, analytics service providers, physical and electronic storage providers and payment service providers) and professional advisers and consultants and any agents, representatives or subcontractors of any of those third party providers, advisors and consultants
- Government bodies, regulators, law enforcement agencies and any other parties where required or permitted by law
- Our related entities and businesses, agents, and distributors, (for example, NRMA Insurance, or so that they can support our operators, and also offer you products and services if you have opted-in to receive information about such products and services.
If the ownership or control of:
- our business or company; or
- any of the businesses or companies owned by Insurance Australia Group Limited ABN 60 090 739 923 (including those listed in Appendices A and B of the IAG Master Privacy Policy),
changes (or an agreement is entered into to do so), we may transfer and disclose your personal information to the new owner or controller. This includes transferring and disclosing your personal and sensitive information prior to the change of ownership or control. In the event that we enter into an agreement to effect a scheme transfer of an insurance portfolio, we may transfer and disclose your personal information to the new insurer, underwriter and/or distributor prior to receipt of a court order approving the insurance scheme transfer.
A small number of our related entities and third party service providers are located in countries outside of Australia (mostly in New Zealand, Singapore, South Africa, India, Philippines, Germany, Fiji, the United Kingdom, Malaysia, the Netherlands, Republic of Ireland, Israel, United States of America, Japan and Vietnam). If we do this, we do all we can to ensure there are arrangements in place to protect your personal information, or otherwise obtain your consent before doing so.
Security of your information
We will hold your personal information in:
- Computer systems
- Electronic databases
- Digital records
- Hard copy or paper files.
We take reasonable steps (including any measures required by law) to ensure your information is protected and secure. For any insurance payments you make via our websites, we use a recognised payment service provider that is required to take reasonable steps to protect your information.
We also take reasonable precautions to ensure that any information you provide to us through our websites is transferred securely from our servers to our mainframe computers, including through use of Secure Sockets Layer (SSL) protocols.
You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, policy details, etc) and you should notify us as soon as possible after you become aware of any security breaches.
Accuracy, access and correction
We take reasonable steps to ensure the information we collect and hold about you is accurate, complete and up-to-date. However, we rely on you to advise us of any changes to your information or corrections required to the information we hold about you.
Please let us know as soon as possible if there are any changes to your information or if you believe the information we hold about you is not accurate, complete or up-to-date.
We will, on request, provide you with access to the information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial to access your information. We may ask you to complete a ‘Personal Information Access Request Form’ and may charge you a service fee for retrieving and sending the information to you. Please contact us using the contact details on this page if you require access to the information we hold about you.
What if you have a complaint?
We will always do our best to provide you the highest level of service but if you are not happy or have a complaint or dispute, here is what you can do.
If you experience a problem or have a complaint regarding our handling of your personal information, let us know so we can help.
Call us on 13 24 81 or go to our website for more information on how to contact us: www.cgu.com.au.
If we are not able to resolve your complaint when you contact us or if you would prefer not to contact the people who initially handled your complaint, the next step of our complaint and dispute resolution process is to contact our Customer Relations team using the contact details below:
- Free Call: 1800 045 517
- Email: Customer.Relations@iag.com.au
Customer Relations will contact you if they require additional information or have reached a decision relating to your complaint. Customer Relations will advise you of the progress of your complaint and the timeframe for a decision in relation to your complaint.
We expect our procedures will address your complaint in a fair and prompt manner.
If you are unhappy with the decision made by Customer Relations, the next step is that you may wish to seek an external review of the decision by raising your complaint with the Australian Financial Complaints Authority (AFCA).
You have a right in certain circumstances to have your privacy complaint determined by the AFCA. AFCA can determine a complaint about privacy where the complaint forms part of a wider dispute between you and us or when the privacy complaint relates to or arises from the collection of a debt.
AFCA is an independent dispute resolution body that is recognised as an external dispute resolution (EDR) scheme under the Privacy Act 1988 (Cth) by the OAIC to handle particular privacy-related complaints and is an approved EDR scheme by the Australian Securities and Investments Commission (ASIC). We're bound by AFCA determinations, provided the dispute falls within AFCA Terms of Reference.
You have two years from the date of our letter outlining our final decision to make an application to AFCA for a determination.
You can access AFCA dispute resolution services by contacting them at:
- The Australian Financial Complaints Authority
- Website: www.afca.org.au
- Email: info@afca.org.au
- Phone: 1800 931 678 (free call)
- Mail: GPO Box 3, Melbourne, Victoria 3001
If you are unhappy with AFCA's determination in relation to your complaint, or if AFCA is unable to hear your complaint, the next step is that you may wish to raise your complaint with the OAIC.
The OAIC is an independent government agency with primary functions that relate to privacy, freedom of information and government information policy. The OAIC's responsibilities include conducting investigations, reviewing decisions, handling complaints, and providing guidance and advice. The OAIC will act as an impartial third party when addressing your complaint. The OAIC will investigate your complaint, and where appropriate, make a determination about your complaint, provided it is covered by the Privacy Act 1988 (Cth).
The contact details for the OAIC are:
- Website: www.oaic.gov.au
- Email: enquiries@oaic.gov.au
- Phone: 1300 363 992
- Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001
Call us on 13 24 81 or go to our website for more information on our complaint and dispute resolution process or how to contact us: www.cgu.com.au.
Revision of our Privacy Policy
We reserve the right to revise this Privacy Policy or any part of it from time to time. If we do so, we will notify you in such manner as we consider reasonably appropriate, including by making the revised version available on our website. Please review this policy periodically for changes.
Your continued use of our websites, products or services, requesting our assistance, applying for or renewal of any of our products or services or the provision of further personal information to us after this Privacy Policy has been revised, constitutes your acceptance of the revised Privacy Policy.