Finity Consulting Pty Limited (ACN 111 470 270) (Finity) is subject to the requirements of the Australian Privacy Principles (APPs) which are contained in the Privacy Act 1988 (Privacy Act). The APPs govern how both government entities and private sector organisations handle personal information.
Finity is an actuarial consultancy, consulting and data analytic firm. We provide a variety of actuarial services to the insurance and accident compensation industry as well as advising organisations that need to manage insurance or self-insured risks or to price products or services.
We collect data and information (from a variety of sources) and analyse different types of data to produce actuarial reports and statistics. Sometimes that data includes personal information.
Collection of personal information
Under the Privacy Act and Privacy Amendment (Enhancing Privacy Protection) Act 2012, personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information or opinion recorded in material form or not. All personal information that we collect, is reasonably necessary for the purposes relating to providing professional services to our clients or in conjunction with research into actuarial issues.
The types of personal information we collect includes contact details such as name, email, phone and mailing address and position/title. Where we provide services to a client we may collect sensitive information in the performance of our services. In these circumstances we rely on the client having informed you of this use and obtaining your consent.
If it is reasonable and practical to do so, we will collect personal information directly from you. This will include contact details and other information relevant to providing services to our client. This may take place in a number of ways, such as when you attend our seminars, client functions, e-mail or otherwise contact us or if you subscribe to our publications.
We may also collect personal information from third parties including but not limited to publically available sources. In these situations we will take reasonable steps to ensure you are made aware that we hold your personal information and the matters listed above, unless an exemption applies under the Privacy Act.
In relation to our professional engagements, prior to commencing, we require clients to authorise the release, collection and retrieval of personal information to us. In addition, we require a client to provide us with confirmation that it has made, or will make those persons to whom the personal information relates, aware that we have their personal information, the reasons for its collection by us and that it may be further disclosed to governments or other bodies (where necessary) for the purposes of completing the engagement. These authorisations and statements form part of our standard terms and conditions of engagement with clients.
We will not collect personal information unless the information is reasonably necessary for or directly related to one, or more of our functions or activities. If we are unable to collect personal information we reasonably require, we may not be able to do business with you or the organisation with which you are connected.
If we receive personal information about you that we did not ask for, or from someone other than you, and we determine that we could have collected this information from you had we asked for it, we will take reasonable steps to ensure that you are notified, as soon as practicable, that we have collected your personal information. If we could not have collected this personal information, we will lawfully de-identify or destroy that personal information.
In carrying out an engagement, it may be necessary for Finity to obtain from a client personal and sensitive information about the employees of the client or other persons connected with the client’s business (such as policyholders and claimants). We will take reasonable steps to ensure that the individual’s consent has been obtained by the client before collecting the sensitive information.
All data, including personal information is received on a confidential basis and Finity has appropriate internal arrangements with its systems and staff to ensure that the confidentiality of the personal information is protected.
When you visit our web-site, we (or our service providers) may obtain information from your personal computer that provides your internet address, your domain name (if applicable), the previous sites you have visited and when you visited the website.
When you visit the Site the server may attach a "cookie" to your computer's memory. A “cookie” assists us to store information on how visitors to the Site use it and the pages that may be of most interest. This information may be used to provide users of your computer with information that we think may interest the users of your computer. However, this information is not linked to any personal information you may provide and cannot be used to identify you. If you choose, you should be able to configure your computer so that it disables “cookies” or does not accept them.
Storage and security of personal information
We take reasonable steps to ensure the security of personal information held by Finity against risks such as loss or unauthorised access, destruction, use, modification or disclosure. If you reasonably believe that there has been unauthorised use or disclosure of your personal information please contact us (see below for contract details).
In the unlikely event that there is an unauthorised use or disclosure of your personal information, we will notify you of the data breach and will undertake an investigation into how the data breach occurred and its likely severity. As part of this, we will endeavour to work with you and the Privacy Commissioner to limit the impact, and any reoccurrence, of the breach.
The use of personal information
Generally, we will use personal information only for the purposes for which it was collected.
The personal information collected by us may be used to:
- provide clients and other parties with our services or with other information requested;
- manage our relationship with you; and
- notify you about our services or promotions.
We may use personal information about you for the primary purpose of providing you with our services, and other purposes you would reasonably expect us to use that information for, including sending you information about new developments, products, services, events, seminars and conferences by post, telephone or any form of electronic communication. We may use any email address or other personal information you provide to us at any time for this purpose.
You can, at any time, opt out of receiving marketing material by contacting us by the means set out in the communication. You agree and acknowledge that even if you opt out of receiving marketing material, we will still send you essential information that we are required to send you relating to the services we provide.
Provision of personal information to third parties and cross border disclosure
Unless we are required to disclose your personal information by law, Court or arbitration proceedings, by a regulatory authority, under regulations (including those made under the Corporations Act) or to fulfil a professional duty, your personal information will only be used by or disclosed to persons working at or for Finity and our contracted service providers. We will only disclose your personal information to third parties, without your consent, if permitted by the Privacy Act or authorised by some other law.
It may be necessary for us to transfer personal information we hold about you to an organisation outside Australia.
In order to achieve our purposes as outlined above, we may disclose your personal information to third parties such as our agents, service providers or marketing organisations. While we cannot guarantee the security of this information, we will use all reasonable endeavours to ensure the third party protects the personal information from unauthorised use or disclosure (data breach). If we become aware of a data breach from the third party, we will notify you of the data breach and will endeavour to work with you to liit the potential impact.
- Work on assignments where their international expertise is required to complete the assignment.
- Utilise our New Zealand office and staff capacity to work on projects and assignments
In many cases the transfer will be necessary for the performance of our contract with you or for the implementation of measures taken in response to a request by you or for the performance of a contract with a third party which is concluded in your interests.
(a) you consent to this transfer; or
(b) we consider these service providers are bound to legislation similar to the APPs and we have a contractual mechanism with them to enforce your rights.
When contacting us, you have the option to either not identify yourself or to use a pseudonym when you contact us, unless it is impracticable for us to communicate with you in that manner or unless we are required or authorised under Australian law, or a court or tribunal order, to deal with individuals who have identified themselves.
We take all reasonable steps to de-identify personal information in reports and work generally. The retention of personal information is subject to the same retention policy as other information in our possession, that is, material is generally destroyed ten years after its creation unless it is still required for legal reasons or is being retained as an historical record.
Correction of personal information
Under the Privacy Act, you have a right to seek access to your personal information, subject to any exemptions allowed under the Privacy Act.
If you request access to your personal information, you will need to prove your identity. We may also need to inform our client about your request under our contractual arrangements with them.
You also have the right to ask us to correct information about you to ensure the personal information we hold is accurate, up-to-date, complete, relevant and not misleading. Our policy is to consider any requests for access or correction in a timely way.
Accuracy of your information
We take all reasonable steps to ensure that your personal information held by us is accurate, up-to-date, complete, relevant and not misleading. If you believe that any of your personal information is not accurate, up-to-date, complete, relevant and not misleading, please contact us (see below) and we will take all reasonable steps to correct it within a reasonable time.
Access to information we hold about you
If you request access to the personal information we hold about you, we will respond to your request within a reasonable period of time and, where reasonable and practicable, give access to the information in the manner you request. This will be subject to any exemptions allowed under the Privacy Act. You may request this information by writing to:
Att: Privacy Officer, Finity Consulting Pty Ltd
Level 7, 68 Harrington Street
THE ROCKS NSW 2000
or sending an email to us at firstname.lastname@example.org
We may charge a reasonable fee for providing that information.
When contacting us you have the option to either not identify yourself or to use a pseudonym. However, this will not apply if it is impracticable for us to communicate with you that way. We are required or authorised under Australian law (or a court or tribunal order) to only deal with individuals who have identified themselves.
Variation and consent to variation
Telephone: +61 2 8252 3300
Address: Finity Consulting Pty Ltd
Level 7, 68 Harrington Street
THE ROCKS NSW 2000