Insurance Brokers Code Compliance Committee (IBCCC) Privacy Statement
‘IBCCC’, ‘we’, ‘us’ or ‘our’ refers to the Insurance Brokers Code Compliance Committee (IBCCC), its members and the Secretariat
About the IBCCC
The National Insurance Brokers Association of Australia (NIBA) has developed the Insurance Brokers Code of Practice 2014 (Code) that sets standards of good industry practice for insurance brokers.
The Code Administration Deed (DEED) sets out the obligations of NIBA, the Australian Financial Complaints Authority (AFCA) as Code Administrator and the IBCCC in relation to the Code.
About 460 Insurance Brokers subscribe to the Code and commit to;
- continuously improve standards of practice and service
- promote informed decision-making about their services, and
- act fairly and reasonably in delivering those services.
The IBCCC provides guidance to stakeholders about the Code to enhance professionalism and maintain high standards of practice and service in the insurance broking industry. It is the independent monitor of Code compliance that ensures subscribers meet their obligations, and achieve service standards.
The IBCCC publishes and shares information about insurer brokers’ compliance and monitoring activities and will provide information to stakeholders that include government, regulators, consumers, business and the community.
To carry out our function and perform our activities we work with a carefully selected group of third parties that include AFCA, NIBA and Code subscribers and parties to IBCCC investigations, technology and data companies.
Our work with them often involves sharing personal information and this Statement sets out how and when we share that information.
Under the DEED Clause 11 states that all parties agree to comply with:
- the Privacy Act 1988 (Cth); and
- any other statute, regulation or law in Australia or elsewhere which relates to the protection of personal information and which a party must observe.
This obligation includes compliance with Privacy Laws including the Australian Privacy Principles, and Mandatory Data Breach Notification and which sets out the principles for the appropriate handling of personal information that we collect, use, disclose and store.
We are committed to handling all personal information carefully, responsibly and securely ensuring that we manage personal information in an open and transparent way.
Notification of our Privacy Statement.
When we collect personal information about an individual, we will, notify the individual of our privacy statement by:
- Publishing the privacy statement on the IBCCC website; and
- Providing a copy of the Privacy Statement on request.
Personal Information (PI)
PI is defined as “information or an opinion, whether true or not, in a material form or not, about an identified individual or an individual who is reasonably identifiable. Common examples include; name, address, email address, date of birth, tax file number, or bank account details.
The personal information we collect and hold
Most of the personal information we collect will be collected directly from the individual and may include their full name, address, telephone numbers, email, date of birth and gender. We sometimes also receive personal information through investigations conducted by AFCA or ourselves.
We may also collect personal information about the individual that is publicly available – for example, on social media or available from public registers e.g. Australian Securities and Investments Commission (ASIC), Australian Business Register (ABR). We will only collect this information if it is impractical to collect it directly from the individual, or when we’re permitted to do so.
Individuals or their representatives may provide us with sensitive personal information which may include health or medical information about an individual, where the information is reasonably necessary for us to undertake one or more of our functions or activities.
We ensure that individuals have always provided explicit consent to the collection and distribution of their sensitive information.
Any consent that we require from an individual to enable us to carry out our functions or activities, and collect, use or share, personal or sensitive information of the individual; then such consent will be recorded in AFCA’s case management system.
When we get information we didn’t ask for
Sometimes we may receive personal information that we haven’t asked for. If we think this information is needed, we will keep it securely; otherwise, we will take reasonable steps to destroy or de-identify it as soon as practicable.
Anonymity and pseudonymity
When dealing with us, individuals may choose not to identify themselves or want to use a pseudonym. This may prevent us from being able to carry out some or all of the functions for which personal information is required, including investigating an allegation, or where certain personal information has not been provided.
Individuals who contact us by telephone are not always required to disclose their identity.
How we use personal information
We may use personal information for the functions and activities that are concerned with:
- investigating and determining allegations of Code breaches;
- monitoring compliance with the Code,
- investigating alleged breaches, in accordance with the Code;
- monitoring aspects of the Code that have been referred by AFCA and NIBA;
- complying with legal and regulatory obligations;
- if otherwise permitted or required by law, or
- for another purpose, only with the individuals informed consent, unless it has been withdrawn
How we share personal information
We only share personal information as described above with third parties for the agreed purpose.
We may also share personal information with third parties if permitted or required by law. Sharing personal information with a third party for any other purpose will only be done with the prior consent of the individual in the manner set out above.
Outside of Australia
The personal information of our employees, systems and most of the third parties we share information with are located in Australia, but some of this personal information might be stored in “cloud” solutions or otherwise in locations overseas.
We will not disclose personal information to third parties, overseas, unless we have informed consent from the individual.
Keeping the personal information we hold safe
Whether on paper or electronically, we will take all reasonable steps to secure and protect the personal information we hold.
When the personal information is no longer required, we will take reasonable steps to destroy, delete or de-identify it.
Your right of access to personal information we hold
Any individual wishing to gain access to personal information about themselves should write to us (details below), setting out whether you would like access to all or just a particular part of your personal information. We will acknowledge receipt of your request within 5 working days and provide the information requested, where appropriate, within a reasonable time.
In line with our commitment to protect your privacy, we may ask you to verify your request.
You may ask us to delete personal information we hold about you and your organisation and we will take reasonable steps to do so, following completion of any relevant investigation.
Accuracy of personal information
If you think that personal information we hold about you is inaccurate, please contact us at [email protected] and we will correct any identified inaccuracies or let you know why we cannot do so.
Complaints and inquiries
If you have a complaint about the way we handle personal information, please contact us and we will respond as soon as possible to resolve the issue. We also welcome any questions and comments you may have about our privacy practices.
The contact details for these purposes are as follows:
General Manager, Code Compliance and Monitoring
IBCCC P.O. Box 14240 Melbourne VIC 8001
Telephone: 1800 931 678 (ask for the Code Compliance and Monitoring team)
Email: [email protected]
Changes to this Privacy Statement
This Privacy Statement is effective as 1 July 2020
Any changes or amendments will apply to all the information we hold at the time of the update. We will post the updated Privacy Statement on our website and we encourage you to check this page from time to time.