Privacy Policy

Who we are

HICAPS Pty Ltd ABN 11 080 688 866 is a wholly owned subsidiary of the National Australia Bank Ltd (NAB) ABN 12 004 004 937. NAB and all of its other subsidiaries are referred to in this policy as the NAB Group. For more information on the NAB Group personal information handling practices, please see NAB’s Privacy Policy National Australia Bank privacy policy - NAB.

We respect your personal information and this Privacy Policy explains how we handle it. By providing personal information to us, you consent to the collection, use and disclosure of your information in accordance with this Privacy Policy and any other arrangements that apply between us.

What personal information do we collect and hold?

The types of information that we collect and hold about you could include:

  • identification information such as your name, postal or email address, telephone numbers, and date of birth;
  • patient health fund identification information such as patient names, health fund name and number;
  • other contact details;
  • information about how you interact with us when you use internet or mobile banking (such as information about how you use your devices);
  • health claims details (including claim item codes and the benefit paid);if you are a health service provider, your AHPRA / Medicare registration number, practice location and modality;
  • financial information such as your nominated account for settlements / direct debits and a bank statement for account verification purposes;
  • if you are a patient claiming Medicare benefits, your card details for the purpose of paying your benefit;
  • device information, such as which browser you use, your operating system language and how you use your device;
  • your location or activity including IP address and geolocation data based on the GPS of your mobile device (when accessing our services), and whether you’ve accessed third party sites;
  • other information we think is necessary for the provision and promotion of our products and services and the operation of our business.

Over the course of our relationship with you, we may collect and hold additional personal information about you, including transactional information, account or policy information, and details about any complaints, enquiries or other interactions we have with you about your product or service.

 

What sensitive information do we collect?

If you are a patient or consumer whose information is collected by us during the course of running our HICAPS business, we may collect sensitive information about you, such as your health claim details (including item codes for benefits paid to you and health information) as part of the provision of the HICAPS services. Such information is used for purposes directly related to our on-the-spot health fund and scheme claims processing services.  Unless permitted or required by law, we will only collect sensitive information with your consent.

How we collect information from you

We’ll collect your personal information from you directly whenever we can, for example when you fill out a form with us, when you’ve given us a call, used our website (including via cookies) or mobile applications.  Sometimes we may collect personal information where it is provided to us by a person appointed to act on your behalf (including health service practitioner groups).

Sometimes we collect your personal information from third parties. If we collect information that can be used to identify you, we will take reasonable steps to notify you of that collection.

How we collect your information from other sources

Sometimes we collect information about you from other sources. We may collect information about you that is publicly available (for example from public registers or social media), or made available by third parties. We do this where:

  • you are a patient of a health service provider who uses our services to process health fund and/or scheme claims that you may be eligible for;
  • we distribute or arrange products on behalf of others, including our business partners;
  • we can’t get hold of you and need to update your contact details;
  • we need information from third parties about an application you make through us;
  • we need information for fraud prevention purposes;
  • we can learn insights about your product needs;
  • you have consented to third parties sharing it with us, such as organisations we have loyalty programs with or we sponsor;
  • at your request, we exchange information with your legal or financial advisers or other representatives.

We may combine information that we hold about you with information appropriately collected from external sources such as those described above. We may do this in order to gain insights about you so that we can serve you better. Where any insights are provided to third parties, such insights are de-identified, aggregated information and do not contain any information that identifies you or any other individual.

When the law authorises or requires us to collect information

We may also collect information about you if we are required or authorised by law to do so. There are laws that affect HICAPS, including company and tax law, which require us to collect personal information in certain circumstances [provide an example – the nab example is identity verification under anti-money laundering laws?].  

What do we collect via your online activity?

When you use NAB Group websites or mobile applications, we may collect information about your location or activity including IP address, telephone number and whether you’ve accessed a third-party website. This is done to ensure we can verify you and you can receive information from us, to identify ways we can improve our services for you and to understand you better. Some of this website or application information is collected using cookies. For more information on how we use cookies and tracking tags see our Cookies Policy www.nab.com.au/cookies.

If you commence completing but don’t submit an online form, we may contact you using any contact details you’ve supplied or that we have for you to offer help. We also know that some customers like to engage with us through social media channels. We may collect information about you when you interact with us through these channels. For all confidential matters, please interact with us via private messaging if you wish to use social media or by another private channel.

Much of the data collection referenced is this section is done through the use of cookies. This information is used to improve our services and enhance online user experience (e.g. website statistics), and does not identify individual customers but does identify the specific internet browser used. Where we do identify you (such as if you log into internet banking or another online services), we will treat any of the above data that is linked to you in accordance with this policy and all applicable privacy law.

What do we do when we get information we didn’t ask for?

Where we receive unsolicited information, we will check whether that information is relevant to our functions or activities and whether we are permitted (or required) to retain it. If so, we’ll handle this information the same way we do with other information we collect about you. If not, we’ll ensure we take reasonable steps to destroy, de-identify, or otherwise make it inaccessible.

When will we notify you that we have received your information?

When we receive personal information from you, we will advise you how and why we collected your information, who we may disclose it to and outline how you can access it, seek correction of it or make a complaint. Where we collect your personal information from third parties, we will take reasonable steps to notify you of the circumstances and purposes of that collection. We recommend our customers regularly review our website to review updates to this policy.

How do we take care of your personal information?

The security of your personal information is important to us and we take reasonable steps to protect it from misuse, interference and loss, and from unauthorised access, modification or disclosure, including by:

·       implementing robust confidentiality and data security requirements and periodic mandatory privacy training for our employees;

·       maintaining appropriate document storage and data security policies;

·       embedding other security policies, processes and measures to control access to our systems and premises;

·       taking reasonable steps to ensure access to personal information is only provided to authorised persons;

·       ensuring third parties we appoint as our contractors or agents, including those located overseas, meet the NAB Group’s privacy policies and obligations;

·       using up-to-date electronic security systems, such as firewalls and data encryption on our websites.

We may store personal information physically or electronically with third party data storage providers. Where we do this, we use contractual arrangements and other measures to ensure those providers protect that information from unauthorised access, use or disclosure.

What happens when we no longer need your information?

We take steps to ensure that we keep your information for as long as we require it for one or more purposes described in this policy. We’re required by law to retain some information for certain periods of time. When we no longer require your information, we take reasonable steps to ensure that your information is destroyed, de-identified, or rendered inaccessible.

How we use your information

We use your information to provide you with the product or service you asked for, and for other purposes including:

  • giving you information about a product or service including help and guidance;
  • considering whether you are eligible for a product or service, including identifying or verifying you or your authority to act on behalf of a customer;
  • processing your application and providing you with a product or service;
  • administering the product or service we provide you, which includes answering your requests and complaints, varying products and services, conducting market research, and managing our relevant product portfolios;
  •  if you are a health service provider, updating third party partner directories on an ongoing basis for the purposes of maintaining your current information as part of these third-party directories (for example HealthShare) in relation to a product or service we make available to you;
  •  telling you about other products or services that may be of interest to you, or running competitions and other promotions (this can be via email, telephone, SMS, iM, mail, or any other electronic means including via social networking forums), unless you tell us not to;
  • identifying opportunities to improve our service to you and improving our service to you;
  • assisting in arrangements with other organisations (such as loyalty program partners) in relation to a product or service we make available to you;
  • allowing us to run our business and perform administrative and operational tasks (such as training staff, risk management; developing and marketing products and services, undertaking planning, research and statistical analysis; and systems development and testing)
  • preventing or investigating any fraud or crime, or any suspected fraud or crime;
  • as required by law, regulation or codes binding us; and
  • for any purpose for which you have given your consent.

You can let us know at any time if you no longer wish to receive direct marketing offers from the NAB Group. We will process your request as soon as practicable. Where you have subscribed to something specific (like to hear from one of our sponsored organisations) then these subscriptions will be managed separately. If you no longer wish to receive these emails click the unsubscribe link in the electronic communication received or email: hicaps.unsubscribe@hicaps.com.au

What happens if you don’t provide your information to us?

If you don’t provide your information to us, we may not be able to:

  • provide you with the product or service you want;
  • manage or administer your product or service;
  • update third party partner directories with your current information (i.e. HealthShare);
  • personalise your experience with us;
  • verify your identity or protect against fraud; or
  • let you know about other products or services from our Group that might better meet your financial, e-commerce and lifestyle needs.

Sharing your information

We may exchange your information with other organisations (as described below) for any purposes for which we use your information.

Sharing with the NAB Group

We may share your personal information with other NAB Group members. This could depend on the product or service you have applied for and the NAB Group member you are dealing with. Where appropriate we integrate the information that we hold across the NAB Group to provide us with a complete understanding of you and your needs.

Sharing at your request

We may need to share your personal information with your representative or any person acting on your behalf (for example, financial advisers, lawyers, accountants, executors, administrators, trustees, guardians or auditors) and your referee such as your employer (to confirm details about you).

Sharing with third parties

We may disclose your personal information to third parties outside of the NAB Group, including:

  • those involved in providing, managing or administering your product or service;
  • authorised representatives of the NAB Group who sell products or services on our behalf;
  • approved third parties who are authorised to assess the validity of identification information;
  • insurers and Government schemes with whom you wish to submit a claim;
  • medical professionals, medical facilities or health authorities who verify any health information you may provide;
  • with financial institutions and payment processors that facilitate the processing of transactions;
  • third party partner directories;
  • organisations involved in debt collecting, including purchasers of debt;
  • fraud reporting agencies (including organisations that assist with fraud investigations and organisations established to identify, investigate and/or prevent any fraud, suspected fraud, crime, suspected crime, or misconduct of a serious nature);
  • organisations we sponsor and partners, including organisations the HICAPS has an arrangement with to jointly offer products or has an alliance with to share information for marketing purposes;
  • service providers that maintain, review and develop our business systems, procedures and technology infrastructure, including testing or upgrading our computer systems;
  • payments systems organisations including merchants, payment organisations, merchant scheme partners and organisations that produce cards or statements for us;
  • service providers with whom the practices of health service providers have a relationship, including for practice management software or data analytics software;
  • our joint venture partners that conduct business with us;
  • organisations involved in a corporate re-organisation or transfer of NAB Group assets or business;
  • organisations that assist with our product planning, analytics, research and development;
  • mailing houses and telemarketing agencies and media organisations who assist us to communicate with you, including media or social networking sites;
  • other organisations involved in our normal business practices, including our agents and contractors, as well as our accountants, auditors or lawyers and other external advisers (e.g. consultants and any independent customer advocates);
  • government or regulatory bodies (including the Australian Securities and Investment Commission and the Australian Tax Office) as required or authorised by law (in some instances these bodies may share it with relevant foreign authorities); and
  • where you’ve given your consent or at your request, including to your representatives, or advisors.

We will disclose business information (including, but not limited to business name, Provider Number, Registered Provider Location, telephone number, facsimile number, email address and website) to private health insurance companies with whom HICAPS has entered into an agreement, for the purpose of processing Transactions.

Sharing outside of Australia

We may store your information in cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries via an internet connection, it’s not always practicable to know in which country your information may be held. If your information is stored in this way, disclosures may occur in these countries.

Overseas organisations may be required to disclose information we share with them under a foreign law. In those instances, we will not be responsible for that disclosure.

 

Accessing your Information

You can request access to information we hold about you by contacting us via www.hicaps.com.au/support/contact-us. We will generally comply with such requests for access unless an exception applies under privacy law but if we validly deny your request, we will provide our lawful reason.

Correcting your Information

You can ask us to correct information we hold about you by contacting us via phone or email. Where we agree that the information needs to be corrected, we will update it. If we do not agree, you can request that we make a record of your correction request with the relevant information. To contact us visit www.hicaps.com.au/support/contact-us.

Complaints

If you have a complaint about how we have handled your personal information, please tell us about it. You are always welcome to contact us. We are committed to resolving your complaint and doing the right thing by our customers. Most complaints are resolved quickly, and you should hear from us within five business days (visit www.hicaps.com.au/support/feedback).

If you feel your issue hasn’t been resolved to your satisfaction, then you can escalate your privacy concern (see ‘Contact details for escalating complaints’)

Office of the Australian Information Commissioner:

  • Online: www.oaic.gov.au/privacy
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

Contact Us

We care about your privacy. Please contact us if you have any questions or comments about our privacy policies and procedures. We welcome your feedback.

You can contact us by:

 

Download the HICAPS Privacy Notification PDF

Version dated 22 October 2024.