About this Privacy Statement
This Statement describes how your personal and health information is collected and handled by icare and schemes we operate, which include:
- Workers Insurance provides workers' compensation insurance to employers and their workers in NSW.
- Lifetime Care provides treatment and care to people who have a severe injury such as a spinal cord or traumatic brain injury caused by a motor vehicle accident in NSW.
- CTP Care provides treatment and care to people who have a motor accident injury with long-term needs and an ongoing NSW CTP claim.
- Workers Care Program is for people in Workers Insurance, with an injury the same as the Lifetime Care Scheme.
- Dust Diseases Care compensates and supports workers who have developed a dust disease from occupational exposure in NSW.
- Home Building Compensation Fund helps homeowners to rectify incomplete or defective works done by a builder or tradesperson.
- Insurance for NSW provides self-insurance cover to NSW Government agencies for workers' compensation, public liability, property, motor vehicle and miscellaneous insurance.
- Sporting Injuries Insurance provides cover for registered players and officials of sporting organisations that have insurance cover through icare sporting injuries insurance scheme.
What information do we collect?
We collect your personal information directly from you most of the time; however on occasion, we may also collect information about you from other people and organisations (such as your employer or health service provider).
We collect personal and health information when you:
- Apply for a policy of insurance
- Make a claim
- Become a participant in one of our schemes
- Provide services to icare and our customers
- Contact us to make an enquiry or a complaint
- Visit our website or use our digital services
- Interact with us in some way
While we must collect some types of personal and health information to meet our legal obligations, we do try to limit our collection of your personal and health information to what is reasonably necessary to provide you with the services you require. Depending on those services, or your interactions with icare, we may collect the following types of personal information:
Types of personal information What kinds of personal information might be involved Personal and contact details This may include your name, address, email address, phone number, contact details, payment information and date of birth. Australian Government related identifiers and identity documents
These may include your:
- Medicare Number (for example, for Medicare Compensation Recovery)
- Australian passport, driver licence, citizenship, birth, death, and marriage certificates (for example, to verify your identity).
Tax File Numbers
For example, to:
- to report and make taxation payments to the Australian Taxation Office
- to make payments of wages and eligible compensation payments to employees and claimants
- to meet our obligations under the Income Tax Assessment Act 1936 and the Taxation Administration Act 1953
We collect your health information when it is relevant to icare’s functions (for example, when you make a claim for an injury). This may include:
- physical and mental health records
- medical certificates
- medical reports
- details of the provision of medical and allied health care and services
- future health care wishes
- details of your injuries
This may include:
- details of your employment and wages (for example, when managing your claim)
- your bank details (for example, to make payments to you)
- information from third parties about your credit history and insurance claims history (for example, when you are seeking a policy).
Socio-demographic information This may include your age, gender, number of dependents, occupation, and nationality, for example when you make a claim. Interaction information This includes details of your interactions with us, such as when you call us, use our online services (such as making a claim or applying for a policy), make an enquiry, supply feedback, or make a complaint. Digital information
We collect information from you electronically when you use our online services (such as lodging a claim or making an enquiry). This may include:
- location information (if enabled on your device)
- IP address
- the date and time of your visit to the site• the type of browser used
Importantly, we do not link this information to you unless we need to access these details for fraud or security reasons.
Call recordings Generally, we monitor and record our calls for quality training and regulatory purposes. We will let you know if we are doing this. Camera surveillance For the safety of our staff and customers, we use camera surveillance, such as CCTV, to monitor icare premises. Sensitive information
On occasion, we collect and handle sensitive information. This may include:
- race or ethnicity (for example we may ask you what language you speak if you request a translator to communicate with us)
- criminal history, where it is relevant for our regulatory and/or legal obligations
Information about your personal circumstances
On occasion, we may ask you to supply information about your personal circumstances so we can provide support. This may include:
- information about significant life events (such as a relationship breakdown or a death in the family)
- information about family and domestic violence
- where you have been affected by an emergency event or a natural disaster
Publicly available information
On occasion, we may collect and handle information that is in the public domain, such as from:
- online forums, websites, Facebook, Twitter, YouTube, or other social media (for example, if you use social media to make a complaint)
- public registers (for example, those kept by NSW Fair Trading)
How do we use your information?
We’re careful about how we use your personal and health information we hold about you.
Here is a list of the ways we may use your personal and health information.
Purpose How your information is used Serving you as a customer
We use your information to deliver our services including:
- assessing, managing, and making decisions about your claim
- assessing, issuing, managing, and making decisions about your policy
- engaging with external service providers such as professional consultants
- evaluating our programs and services
- undertaking research and planning new services
- responding to and handling enquiries, complaints, and disputes
Improving our business
We use your information to improve the services we provide through activities such as:
- reviewing customer feedback and assessing how you use our services
- testing and confirming the effectiveness of services and system enhancements
- monitoring and reviewing call recordings, and other business activity for quality assurance, training, and compliance purposes
- Applying data analytics to understand trends and performance
Managing our operations
We use your information to manage our operations including to:
- deliver our services
- make payments for services
- collect and recover money that is owed to us
- respond to complaints and look to resolve them
Managing security, risk, and fraud prevention
We use your information to:
- prevent, detect, and investigate suspicious or fraudulent activities
- monitor our properties, for example using camera surveillance to ensure the safety of our people and customers
- investigate health and safety incidents involving our people and customers
- support the management of our information security and network controls to prevent cyber-attacks, unauthorised access and other criminal or malicious activities.
To meet our legal obligations
Where required, we use your personal information to comply with the law and our regulatory obligations, including to:
- confirm your identity
- share relevant information with law enforcement agencies, tax authorities and other regulatory bodies such as the State Insurance Regulatory Authority (SIRA), the NSW Information and Privacy Commission, Independent Review Office, SafeWork NSW and NSW Fair Trading
- In exceptional circumstances, icare may also need to supply your information to other bodies, for example, to the police if the information is needed for law enforcement purposes.
Managing our services We use your information to run our services in an efficient and proper way. This includes managing our financial position, business capability and planning, testing systems and processes, as well as managing communications, corporate governance, and audit. Performing analytics activities
Sometimes we de-identify your personal information, for example claim information, and use this to:
- provide insights to other organisations and government entities (for example, to understand trends in claims)
- share de-identified information with other organisations and government entities (for example, researchers)
Research Undertaking research and planning new services
Who do we share your information with?
We may share your information with third parties for the reasons mentioned in How do we use your information?, or where the law otherwise allows or requires us to.
We only disclose personal and health information for a purpose directly related to the reason we collected it. The types of third parties are listed below.
Type of third party Description Authorised Third Parties
We may share information with third parties where you have authorised us to do so or where we are legally required. They include:
- third parties (such as legal representatives, professional consultants)
- your nominated treating doctors
- a person with a Power of Attorney
- your parent or legal guardian (if you are under 16 years)
Policy Holders We may share information with policy holders (such as your employer). Health Practitioners and Allied Health Practitioners
We may share information to those involved in your treatment and support, including:
- Your nominated treating doctors
- Other Health Practitioners and Allied Health Practitioners involved in your treatment and support
Independent experts and consultants
We may share information with independent consultants and experts who can supply advice on managing your claim, including:
- injury management consultants
- independent medical examiners
- permanent impairment assessors
Third Parties that can verify your information
This includes organisations that can verify information that you have supplied when applying for a policy or making a claim, including:
- your employer, for example to verify your employment status, wages, and injury details
- credit reporting bodies (when taking out a policy)
Our Service Partners
We may share your information with our service partners, external service providers and other organisations that help us to supply services. These include:
- organisations that we partner with to supply services (for example, claim service providers)
- external service providers that we engage to do some of our work for us, for example legal service providers and information technology and cloud service providers
Government and law enforcement agencies We may share your information with regulatory bodies, government agencies and law enforcement bodies to meet our legislative or regulatory obligations (for example, the State Insurance Regulatory Authority, SafeWork NSW, the Independent Review Officer).
Sending information overseas
Sometimes, we may send your information overseas. If we do this, we make sure there are appropriate privacy, data handling and security arrangements in place to protect your information.
Collection use and sharing
Access and amend
In most cases, you have the right to access and amend (by correction, deletion, or additions) the personal and health information we hold about you, for example if you need to update your contact details.
We must provide access to or deal with your request to amend personal or health information without excessive delay or expense. We do not charge any fees to access or amend personal or health information.
You can access or request to amend your information through contact with the relevant area of icare (or your Claim Service Provider) that holds your information and through formal access applications. You also have options for requesting access to your information if your first access request has been denied.
To access or amend your personal information, you need to contact the relevant area of icare (or your Claim Service Provider) that holds your information. You may find their contact information at Contact us.
If you need help in finding the relevant area in icare to contact, please reach out the icare Privacy Team at: firstname.lastname@example.org
If your first request to access your personal information has been denied, you can contact the icare Principal Privacy Officer for help at: email@example.com
You also have the choice of making a formal application by putting your request in writing using the following forms:
How you can access and amend your personal and health information
If you are unhappy with the way we have handled your personal or health information, please let us know. You should first raise your complaint with relevant area of icare (or your Claim Service Provider). You can find their contact information at Feedback and complaints.
If you are dissatisfied with their response, you can:
· request a privacy internal review, or
· make a complaint to the NSW Privacy Commissioner.
Requesting a privacy internal review
An internal review is a formal process undertaken in accordance with the privacy legislation to investigate a privacy-related complaint relating to conduct that involves personal information or health information.
To request a privacy internal review, you can use the request for internal review form. The form itself is not mandatory, but the same information will need to be provided in writing. Supporting documentation can be attached to provide further details.
Requests for an internal review must be sent to the Principal Privacy Officer by:
· Email: firstname.lastname@example.org; or
· Post: GPO Box 4052, Sydney NSW 2001
Making a complaint to the NSW Privacy Commissioner
Privacy complaints can also be directed to the NSW Privacy Commissioner at the Information and Privacy Commission
If you have any further questions or concerns about the way we manage your personal or health information, please contact:
Principal Privacy Officer
Things you should know
This Privacy Statement was published on: 2 June 2023
During our relationship with you, we may tell you more about how we collect and handle your information. This could be when you fill in an application form. We recommend that you review these statements too as they may have more detail about how we handle your information.
Sometimes we update our Statement. You can always find the most up-to-date version on this page.