In this Privacy Notice, “we, our, us” means nib holdings limited, ABN 51 125 633 856, and its related entities in the nib Group of companies in Australia and other countries.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
What data do we collect and hold?
There are situations in which we ask you to give us personal data about yourself. This data includes things like your name, age, gender, contact details, employment history, bank account and credit card details, and, if applicable, any information we receive through our complaints process.
If you choose to purchase travel insurance, we collect your credit card details and other identifying information in order to process orders and provide customer service.
The special categories of personal data we may collect may include health information, such as information about your medical conditions and treatment.
How do we collect and hold your personal data?
We collect your personal data in various ways. These include when you:
submit an enquiry through our website or request
information from us
enter into any competitions, scholarships or promotions
we may run
submit an application for insurance
download a PDF guide
Your personal data may also be collected when you browse our website (or associated websites), use our mobile apps or when you speak with us by telephone or through social media networks.
Information from other sources
In most circumstances we will only collect your personal data from you, unless it is unreasonable or impracticable to do so, and will only collect your data with your consent, unless we are legally required or authorised to do otherwise. We may also collect your personal data from third parties including those authorised by you such as your family members, travelling companions, doctors, hospitals and medical service providers, as well as from others we consider necessary including our service providers, partners, associates, those who investigate and manage claims, and government entities.
Information about other people
When you give us personal data about other individuals, we and our agents rely on you to have made or make that individual aware of the matters contained in our Privacy Notice, including:
that you will or may provide their information to us, and how to contact us;
of the types of third parties to whom the information may be provided;
of the relevant purposes for which we and the third parties will collect, use and
how they can request access and correct their
information, or make a complaint.
What other types of information do we collect and how do we use it?
How do we use and disclose your personal data?
Any personal data you provide is used by us to evaluate and arrange your travel insurance. This include providing you with a quote, arranging and administering your travel insurance and insurance related services, processing claims data we receive from your insurer as well as managing your and our rights and obligations in relation to the insurance.
We may also collect, use and disclose personal data for product development, marketing, competitions, research, IT systems maintenance and development, and for any other purposes with your consent or where authorised by law.
Use of the description and outcome of your claim
If you provide your consent when lodging a claim with your insurer", we may receive this data and may use a description of your claim, along with your first name, last initial, country of residence, country of loss and the outcome of your claim for marketing purposes. If you do not provide your consent, this information may be used anonymously for marketing purposes.
Basis for our use of personal data
Generally, we do not rely on consent as a legal basis for processing your personal data (including health data) although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Where we use your data for our legitimate interests or your vital interests, you can contact us if you want more information about these legitimate and/or vital interests.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where relevant, complete necessary pre-contractual checks to ensure we can assess your ability to purchase the insurance product;
To fulfil our contractual obligations with you.
Where we need to comply with a legal obligation, such as reporting obligations, liaising with regulatory and government authorities.
Where you have provided us with your express consent.
Where it is necessary for our legitimate interests such as to improve our services, to ensure we price our products appropriately, to manage risk, to manage our business efficiently, to perform audits, and to maintain accurate records. We will balance these needs against your fundamental rights and freedoms and ensure there are safeguards to ensure your privacy is protected.
To exercise our legal rights as necessary, such as to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law.
Basis for our use of personal data that is special category data
Where we process your heath data where we have a lawful exemption to do so, such as:
with your consent,
where it is necessary to provide health services,
where the law provides insurance exemptions, such as processing of health data of your family members or the health data of those on a group policy.
Change of purpose
We will only use your personal data (including health data) for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How long will we retain personal data?
We will only retain your personal data (including health data) for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances you can ask us to delete your data: see “What are your rights?” below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Will we disclose the data we collect to anyone?
Your personal data (including health data) may be disclosed to third parties, such as:
travel agents, consultants and travel insurance providers;
your and our agents, insurance intermediaries, and our representatives;
insurers and reinsurers;
claims handlers, investigators, and cost containment providers;
service providers and contractors, including IT service providers and medical and health service providers;
legal and other professional advisers;
law enforcement, regulatory and government entities and courts where we are legally required or authorised to do so;
our related companies; and
companies we partner with on such programs as co-authoring content, co-promotion of competitions and use to develop targeted marketing campaigns.
If you are a SuperValu customer who has purchased SuperValu Travel Insurance through the website supervalutravelinsurance.ie then we will provide SuperValu Financial Services DAC with the following information:
your name and address
your Supervalu rewards club membership number
the policy you have purchased
the date on which you purchased the policy.
Outside the European Union
There may be certain circumstances that require disclosure of your personal data (including health data) to other countries (for example the United Kingdom, Australia and the United States of America) in order for us to be able to provide insurance related services to you. We will only use your data in ways we are allowed to by law, which includes only collecting as much data as we need.
We will only transfer your personal data to countries which are recognised as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights.
Transfers within the nib Group of companies will be covered by an intra-group Data Processing Framework Agreement which gives specific contractual protections designed to ensure that your personal data receives an adequate and consistent level of protection wherever it is transferred within the nib Group.
Transfers to service providers and other third parties will always be protected by contractual commitments.
We want to reassure you we never sell personal data to third parties and no third parties have access to your personal data unless the law allows them to do so.
What are your rights?
Your rights - where we process your personal data (i) based on your consent; (ii) where it is necessary in order to enter into the insurance policy (contract) with you; or (iii) due to a statutory or contractual obligation.
Your consent to our processing of your personal data (including health data) for certain purposes may be necessary to comply with applicable data protection laws being the General Data Protection Regulation and the Data Protection Act 2018; and where this is the case we will ask for your consent in accordance with those laws.
You may withdraw your consent to such processing at any time. However, where you
withdraw your consent;
(ii) fail to provide information requested in order to enter in to the insurance policy (contract) with us; or
(iii) fail to provide information required by us to fulfil the contractual obligations with you or statutory obligations;
then this is likely to impact our ability to provide your insurance cover and pay claims under the cover.
Your rights generally
You have certain rights, under the General Data Protection Regulation and the Data Protection Act 2018, in relation to the personal data (including health data) that we hold about you. These rights are subject to certain exemptions such as public interest (eg prevention of crime) and our interests (eg maintaining legal privilege). Your rights include:
the right to access your personal data;
the right to rectification of your personal data;
the right to erasure of your personal data;
the right to withdraw your consent for us to process data, where this is our basis for processing;
the right to restrict or object to the processing of your personal data;
the right to data portability;
the right to object to receiving marketing; and
the right to complain to your supervisory authority about the use of your personal data; in Ireland, the supervisory authority is the Data Protection Commissioner.
Please note you may not access or correct personal data of others unless you have been authorised by them or are authorised under law.
If you would like to contact us about your rights, please contact nib in writing at nib Travel Services, City Quarter, Lapps Quay, Cork, Ireland or at [email protected].
How you can access the personal data that we hold about you, and seek correction of such data
You can seek access to and request correction of your personal data held by us by sending us a written request and enough information to allow us to identify the data. You may not access or correct personal data of others unless you have been authorised by them or otherwise under law, or unless they are your dependants under 16 years. In cases where we do not agree to give you access to or to correct your personal data, we will give you reasons why.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Circumstances where you can deal with us anonymously or using a pseudonym
Where possible, you have the option of not identifying yourself or using a pseudonym when you deal with us. For example, you can make general enquiries on our website, call us to ask questions about the products we offer, or obtain a basic indicative quote without identifying yourself or by using a pseudonym. However, we require you to provide us with your personal data in order for us to process your application for, and to provide you with, our products and services.
What if you don’t provide some information to us?
If you do not agree to the above or will not provide us with personal data and, in certain circumstances, special categories of personal data, we cannot process your application, issue you with a policy or provide you with our services or products.
How can you contact us or make a complaint?
If you have any concerns about how we manage your personal data or believe your privacy may have been prejudiced, you can make a complaint about the matter. You should first contact us with your complaint by phone or in writing (including by email) using the address below. We will investigate the matters raised and respond to you within a reasonable period.
If you have any queries in relation to this Privacy Notice, or if you would like to request access to, or correction of your personal data then please contact us at:
nib Travel Services, City Quarter, Lapps Quay, Cork
Email: [email protected]
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Data Protection Commissioner. You can contact them at:
Data Protection Commission, Canal House, Station Road, Portarlington, Co Laois, R32 AP23, Ireland
Phone +353 (0) 761 104 800
Local 1890 25 22 31
Inter Partner Assistance S.A, your insurer will also process your data. If you have questions or concerns regarding the way in which your personal data has been used by them, please contact: [email protected].
For more information about how Inter Partner Assistance S.A process your personal data, please see their full privacy notice at: www.axa-assistance.com/en/privacy-policy.