Lexon Insurance Pte Ltd (Lexon) is committed to respecting your right to privacy and protecting your personal information.
Lexon is bound by the Privacy Act 1988 (Cth) (Act) and the Australian Privacy Principles (APPs) set out in the Act. However, a great deal of the work performed by Lexon falls within the following permitted general situations as set out in section 16A of the Act:
- The collection, use or disclosure is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim; or
- The collection, use or disclosure is reasonably necessary for the purposes of a confidential alternative dispute resolution process.
Lexon will ensure that all officers, employees and subcontractors are aware of and understand Lexon’s obligations as well as their own obligations under the Act. Lexon will achieve this through the provision of training and through maintaining and implementing internal policies and procedures to prevent personal information from being collected, used, disclosed, retained, accessed or disposed of improperly.
The purpose of this Policy is to:
- Give you an understanding of the kinds of personal information Lexon collects and holds;
- Clearly and concisely communicate how and when Lexon collects, discloses, uses, stores and otherwise handles personal information;
- Inform you about the purposes for which Lexon collects, holds, uses and discloses personal information;
- Provide you with information about how you may access your personal information, and seek correction of your personal information;
- Provide you with information about how you may make a complaint, and how Lexon will deal with any such complaint;
- Advise you of the circumstances in which Lexon is likely to disclose personal information to overseas recipients; and
- Enhance the transparency of our operations.
For the purpose of this Policy, the following terms will have the following meanings, as attributed to them by section 6 of the Act:
Health information means:
(a) Information or an opinion about:
(i) The health or disability (at any time) of an individual; or
(ii) An individual’s expressed wishes about the future provision of health services to him or her; or
(iii) A health service provided, or to be provided, to an individual;
that is also personal information; or
(b) Other personal information collected to provide, or in providing, a health service; or
(c) Other personal information about an individual collected in connection with the donation, or intended donation, by the individual of his or her body parts, organs or body substances; or
(d) Genetic information about an individual in a form that is, or could be, predictive of the health of the individual or a genetic relative of the individual.
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, and whether the information or opinion is recorded in a material form or not.
Sensitive information means:
(a) Information or an opinion about an individual’s:
(i) Racial or ethnic origin; or
(ii) Political opinions; or
(iii) Membership of a political association; or
(iv) Religious beliefs or affiliations; or
(v) Philosophical beliefs; or
(vi) Membership of a professional or trade association; or
(vii) Membership of a trade union; or
(viii) Sexual orientation or practices; or
(ix) Criminal record
that is also personal information; or
(b) Health information about an individual; or
(c) Genetic information about an individual that is not otherwise health information; or
(d) Biometric information that is to be used for the purpose of automated biometric verification or biometric identification; or
(e) Biometric templates.
Collection of Personal Information
Lexon collects personal information in order to carry on its business as a professional indemnity insurer.
The information which Lexon collects will depend upon the reason for which it is collected. The main reasons are:
- To investigate and advise on circumstances which may result in a claim being made;
- To determine whether indemnity is available for a particular claim;
- To defend or resolve claims made against an insured practice or individual – in the course of defending or resolving claims, Lexon is likely to collect personal information about the insured, employees of the insured, the person or organisation making the claim, and any relevant third parties. The type of personal information collected will vary from matter to matter.
- To provide the Queensland Law Society Inc. with recommendations and advice regarding levies and other amounts payable pursuant to the Queensland Law Society Indemnity Rule 2005 (including, but not limited to, levy calculations).
- For statistical or other reporting – from time to time, Lexon may be required to provide reports to the Queensland Law Society Inc., to governmental or quasi-governmental authorities, to its underwriters and reinsurers, or to other applicable regulatory bodies. The type of personal information collected will vary depending on the reporting required.
- To respond to comments, enquiries or requests directed to Lexon.
The types of personal information Lexon may collect includes but is not limited to:
- Queensland Law Society Practising Certificate number.
- Qualifications and employment history.
- Date of birth.
- Residential address.
- Postal address.
- Email address.
- Home telephone number.
- Work telephone number.
- Mobile telephone number.
- Occupation and business address.
- Financial information including details of employer, income, name of bank or financial institution.
Lexon may ask an individual to provide sensitive information including but not limited to information regarding the individual’s membership of a professional association such as the Queensland Law Society. In addition, if Lexon is defending or attempting to resolve a claim made against an insured practice or individual, Lexon may collect sensitive information regarding the insured, the claimant and any relevant third parties.
Lexon will only collect sensitive information in circumstances where:
- It is reasonably necessary for one or more of the services Lexon provides or functions Lexon carries out; and
- The relevant individual consents to the collection of the information; or
- Lexon is required or authorised by law to collect the sensitive information.
Lexon will, if it is reasonable or practicable to do so, collect personal information directly from the relevant individual.
Sometimes Lexon will collect personal information from a third party or a publicly available source. For example, Lexon may need to collect personal information from an individual’s legal adviser, from an individual’s past or current employers, from an individual’s medical practitioners, from an individual’s financial institution, etc.
If Lexon receives personal information that was not solicited, Lexon will determine as soon as reasonably practicable whether Lexon could have lawfully collected that information as part of its functions or activities. If Lexon is not satisfied that the information could be lawfully collected, then Lexon will (if it is lawful and reasonable) destroy the information or ensure that it is de-identified.
Individuals may choose to deal with Lexon anonymously or under a pseudonym where lawful and practical. Where anonymity or use of a pseudonym will render Lexon unable to provide the relevant service or do business, you may be requested to identify yourself.
For example, whenever documents are to be submitted to a court, a government agency or a financial institution, it is essential that Lexon record an individual’s name accurately.
Use and Disclosure of Personal Information
Any personal information collected by Lexon will only be used and disclosed for the purpose for which it has been provided to Lexon or as authorised under law.
Personal information provided to Lexon may be shared with its related companies. Lexon will take all reasonable and practical measures to keep such information strictly confidential.
Lexon may use an individual’s contact details in order to send the individual newsletters or other materials associated with its services. An individual may at any time opt out of receiving such materials by contacting Lexon (see the Contacting Us section for more information).
In order to perform one or more of our functions or activities, Lexon may transfer an individual’s personal information to offshore recipients in countries including but not limited to Singapore. In these circumstances, Lexon will take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the information.
Personal information may need to be disclosed to external service providers or third parties engaged by Lexon in order for those service providers to fulfil their service obligations to Lexon. For example:
- IT service providers who assist in managing Lexon’s servers and networks may need to access personal information in order to maintain the servers and networks.
- Solicitors, barristers and experts engaged by Lexon may require access to personal information held by Lexon in order to investigate and advise on circumstances which may result in a claim being made, to determine whether indemnity is available for a particular claim, and to defend or resolve a claim.
Like many other businesses, Lexon relies on third party suppliers or contractors to provide specialised services such as web hosting, cloud computing technology and data storage services.
Where personal information is disclosed to an external party, Lexon will take reasonable steps to ensure that the external party treats such information confidentially and in accordance with the APPs.
There may be limited circumstances in which it is necessary for Lexon to collect a government related identifier such as a tax file number or Centrelink reference number. Lexon will not use or disclose government related identifiers unless required or authorized to do so by law or by a court or tribunal order, or in order to fulfill our obligations to a State or Territory authority.
Accuracy of Personal Information
Lexon will take reasonable steps to ensure that all personal information it collects, uses or discloses is accurate, complete and up-to-date.
If you believe your personal information is not accurate, complete or up-to-date, please contact Lexon (see the Contacting Us section for more information).
Personal information may be stored by Lexon in hard copy documents or electronically. Lexon is committed to keeping personal information secure and safe. Some of the ways we do this are:
- Requiring employees and contractors to enter into confidentiality agreements.
- Security measures for access to our computer systems.
- Providing a discreet environment for confidential discussions.
- Access control for our premises.
Lexon will review and update our security measures from time to time.
In addition, Lexon will review the personal information and sensitive information held from time to time, ensuring that information which is no longer needed for a purpose for which it was initially collected is destroyed or de-identified.
Your Privacy on the Internet
You may be able to access external websites by clicking on links Lexon has provided. Those other websites are not subject to Lexon’s privacy standards, policies and procedures. You will need to contact or review those websites directly to ascertain their privacy standards, policies and procedures.
Access to Personal Information
You may request access to personal information that Lexon holds about you (see the Contacting Us section for more information).
Lexon will acknowledge your request within 5 business days of the request being made. If access is being denied, Lexon will usually advise you in writing of the denial of access and the reasons for same within 15 business days of acknowledgement of the initial request. If access is being granted, access will usually be granted within 15 business days of acknowledgment of the initial request. Lexon will in any event advise you which timeframe applies to your request and if any delays are anticipated.
You will need to verify your identity before access to your personal information is granted.
While Lexon cannot and do not charge an “application fee” for you applying to access your personal information, Lexon may charge a fee for actually giving you access to your personal information in your preferred format (where reasonable and possible), which will cover Lexon’s costs involved in locating and collating information as well as reproduction costs.
Once your request has been processed by Lexon, you may be forwarded the information by mail or email or you may personally inspect it at the location where the information is held or another appropriate place. Whenever possible, Lexon will endeavor to make the information available to you in the manner requested by you unless it is unreasonable to do so (e.g. if you have asked for the information to be emailed to you, Lexon will endeavor to email the information to you. If the file size would be too large, Lexon may send you the information by hard copy instead of email).
If you are aware that Lexon holds personal information about you that is no longer accurate, complete or up-to-date, please contact Lexon (see the Contacting Us section for more information).
If you request access to your personal information, or if you request that Lexon correct your personal information, Lexon will allow access or make the correction unless it is considered that there is a sound reason to withhold the information, or not make the correction.
Under the Act, Lexon may refuse to grant access to personal information if:
- Lexon believes that granting access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety.
- Granting access would have an unreasonable impact upon the privacy of other individuals.
- Denial of access is required or authorised by law or by a Court or Tribunal order.
- Giving access would be unlawful.
- The request for access is frivolous or vexatious.
- Legal proceedings are underway or anticipated and the information would not be accessible by way of the discovery process in those proceedings.
- Giving access would reveal Lexon’s intentions in relation to negotiations between Lexon and you in such a way as to prejudice those negotiations.
- Giving access is likely to prejudice enforcement related activities conducted by, or on behalf of, an enforcement body.
- Giving access is likely to prejudice action being taken or to be taken with respect to suspected unlawful activity or serious misconduct relating to Lexon’s functions or activities.
- Giving access would reveal information in connection with a commercially sensitive decision making process.
If Lexon does not agree to make a correction to your personal information, you may provide a statement about the requested corrections, and Lexon will ensure that the statement is apparent to any users of the relevant personal information.
If Lexon does not agree to provide access to your personal information or to correct your personal information, Lexon will provide written reasons for the refusal and the mechanisms available to complain about the refusal (see the Complaints section for more information).
If you consider that there has been a breach of the Australian Privacy Principles, you are entitled to complain to Lexon (see the Contacting Us section for more information).
Lexon will acknowledge receipt of a complaint within 5 business days.
Lexon will investigate the complaint and attempt to resolve it within 20 business days after the complaint was received. Where it is anticipated that this timeframe is not achievable, Lexon will contact you to provide an estimate of how long it will take to investigate and respond to the complaint.
If you consider that Lexon has not adequately dealt with a complaint, you may complain to the Office of the Australian Information Commissioner on the below details:
Officer of the Australian Information Commissioner (OAIC)
GPO Box 5218
SYDNEY NSW 2001
1300 363 992
You may contact Lexon by mail, email or telephone as follows:
GPO Box 1439
BRISBANE QLD 4001
(07) 3007 1266