Protecting your privacy

About Westfund

Westfund is a member-owned, not-for-profit health fund. Westfund’s Vision is to be more than a health fund. We’re a not-for-profit organisation building a new kind of health care for collective good. By investing in making communities healthier, by expanding access to affordable health care for members and by bringing out the best in our people, we’re helping Australians to feel good while making a positive social impact.

When you become a member or use our services, you’re trusting us with your personal information. We know this is a big responsibility.

We’ve developed this Privacy Policy to help you understand what information we collect, why we collect it, and how you can update, manage and correct your information. Our staff are trained to respect your privacy in accordance with our standards, policies and procedures and the Australian Privacy Principles (APPs) contained within the Privacy Act 1988 (Cth) and other State and Territory laws that regulate health information (such as the Health Records and Information Privacy Act 2002 (NSW)).

We do not, and never will sell your personal information.

This Privacy Policy is reviewed annually. The most up-to-date version of our privacy policy can always be found on our website. Where we make a material change to our privacy policy, we will notify you in writing.

Other terms may also apply to you and the information we hold about you. For example, we may provide a privacy collection statement at the time we collect personal information from you (such as when you first sign up as a member or apply for a particular program or service). This privacy collection statement may include additional terms.

In this document, ‘we, ‘us’, ‘our’ and ‘Westfund’ refers to Westfund Limited ABN 55 002 080 864.

What is personal information and sensitive information?

In this privacy policy, you will see the terms ‘personal information and ‘sensitive information’ used:

  • ‘personal information’ means information or an opinion about you as an identified individual (or as an individual who is reasonably identifiable).
  • ‘sensitive information’ is a sub-set of personal information and includes information about your health and health services provided to you. Sensitive information is subject to greater protection under privacy laws.
Who does this policy apply to?

This Privacy Policy applies to anyone whose personal information is collected through interactions with Westfund including current and past members of Westfund; patients or clients of our health services; prospective employees and applicants; and other individuals, such as service providers and contractors.

What kind of personal information do we collect and hold and what do we use it for?

We only collect personal information about you which is reasonably necessary for our functions or activities. The types of personal information we collect will depend on your relationship with us, for example whether you are a Westfund policyholder or whether you are only utilising some of our services – like getting a quote online or visiting one of our dental or optical centres.

Members and prospective members

If you are a member or have applied for cover with Westfund, this section outlines the kinds of information we collect and how we use it:

 

What information we collect

Why we collect it

Full name, email, phone and address

To provide you with information regarding our products and services (including personalised quotes) and to administer your policy.

Relationship status, age, gender, state or territory of residence, and income range and details of prior health insurance

To provide you with an accurate quote for your policy and to make the communications you receive from us more relevant.

Relationship of dependants to the policy holder

To verify that your dependents are eligible to be covered under your policy.

Transfer details relating to any previous health fund membership

To ensure continuity of cover by determining your eligibility for benefits, or if waiting periods will apply.

Information about pre-existing conditions

To inform you accurately of any waiting periods that may apply to your policy.

 

Pre-existing conditions do not affect your health insurance premium.

Information relating to pre- existing conditions, medical or ancillary service providers and clinical services and procedures

To ensure the ongoing management of your cover, claims, or care with Westfund. To deliver high-quality care to members and non-members using our clinical services.

Credit card or bank account details

So that you can pay your premium by direct debit. We require bank account details so that we can pay claims directly to your bank account.

Government identifiers (such as your Medicare number)

To enable you to collect the Federal Government rebate. This is a requirement under the Private Health Insurance Act 2007 (Cth). We also require this number for correspondence with Medicare. Your Medicare number is not used for any other purpose, including as a way of identifying you.

Details of your interactions with Westfund, including claim information, notes and call recordings as well as any additional information provided through surveys and research.

To manage our ongoing relationship with you, including paying claims and improving our service. We use this kind of information to better understand and develop our health products and services and to improve the member experience with relevant communications. We may also use this kind of information to identify programs and services to help you better manage health conditions and to recommend insurance products which may be more suitable to your needs.

Your marketing and communications preferences

To ensure that non-essential communications you receive from us (including marketing communications) reflect your preferences.

Details of your interest or participation in health management programs

To deliver health and wellbeing programs and services, either directly or via our partners and to send you relevant information regarding programs and services that may interest or benefit you.

Employee details (for Corporate policies)

To verify that you are eligible for a corporate discount or promotion with Westfund or to collect your premiums directly from your employer (where applicable).

 

Patients of our health services

If you are a patient or client of our health services (whether or not you are a member of Westfund), this section outlines the kinds of information we collect and how we use it:

 

What information we collect

Why we collect it

Full name, email, phone and address

To create an accurate clinical record and to contact you about the care you have received.

Government identifiers (such as your Medicare number)

To assess and claim any benefits you may be entitled to for your treatment.

Information about your health cover

To assess and claim any benefits you may be entitled to for your treatment.

Credit card or bank account details

To administer and collect payments for treatment you receive.

Your medical history, your family medical history, medications you are taking or treatments you are having, details of other health professionals involved in your

care

To deliver high-quality and safe clinical care.

 

Prospective employees and applicants

We collect personal information when recruiting people to work with us, such as your name, date of birth, gender, contact details, qualifications, and work and study history (including information in a resume, cover letter, references or included as part of the application process).

 

We may also collect personal information from third parties in ways which you would expect (for example, from recruitment agencies or referees you have nominated).

 

Before offering you a position, we may collect additional details such as your tax file number and superannuation information and other information necessary to conduct background checks to determine your suitability for certain positions.

 

This Privacy Policy does not apply to Westfund’s employee records.

How do we collect your information?

We will collect personal information directly from you where possible. However, there may be times where we are required to collect personal information from other sources. For insurance policies that cover more than one person, such as couples or family policies, we collect personal information about all individuals who are on the policy from the person who is taking out the policy. For example, where one parent is taking out a family policy, that parent may provide us with the details of their partner and children.

 

There are several ways information can be collected from you. These include:

 

  • when you open, start or complete an application form or other type of form in relation to our products and services;
  • when you contact us in person, by phone, mail, email or online;
  • when you make a claim;
  • when you visit our offices or Care Centres;
  • when you visit our website, use the Westfund mobile application, subscribe to or use one of our products or services;
  • when you participate in a health, corporate or wellness service;
  • when you participate in one of our community programs, research or marketing initiatives.

 

We may also collect your personal information from a third party. The type of third party who might provide information to us will vary depending on the nature of our interaction with you. While this is not an exhaustive list, third parties include:

 

  • health service providers such as hospitals, medical practitioners or allied health professionals;
  • authorised persons or persons who act on your behalf;
  • another insured person on your policy;
  • other health insurers (for example, where you have transferred from another health insurer);
  • a broker or intermediary who has introduced you to Westfund;
  • a service provider engaged by us to assist in providing goods or services or administering our business;
  • government agencies (such as Medicare).
How is personal information used on our website and online services?

We collect information about how you use our website and online services for the purposes of analytics, marketing and site performance measurement. This allows us to enhance our member experience, our products and services and online functionalities. This information is accessed using website forms, tags and Cookies and is shared with secure, industry-standard third parties to analyse this data and perform some marketing functions. Subject to your marketing preferences, this information enables Westfund to tailor marketing to you, based upon your demographic information, use of our online services and the information you input.

What cookies do we use?

Westfund uses different types of Cookies to fulfil specific purposes but in general they are used to improve the customer experience in using the Westfund digital assets. Some of the purposes of the different Cookies we use are described below.

 

  • Some Cookies are essential to the site (like Members Online) in order to facilitate the log-in process and enable members to use its features. Without these Cookies, we may not be able to provide certain services or features, and the site will not perform as we intended.
  • We use Cookies to allow us to remember the choices visitors make while browsing the site to provide enhanced and more personalised content and features, such as customising webpages based on your interests.
  • We use Cookies to receive and record information about visitors' computers, devices, and browsers, potentially including your IP address, browser type, and other software or hardware information. If you access the site from a mobile or other device, we may collect a unique device identifier assigned to that device, geolocation data, or other transactional information for that device for web analytics purposes
  • We and our service providers and advertisers use analytics Cookies to collect information about the use of the site and enable us to improve the way it works. For instance, which pages visitors go to most, email and advertising views, click-throughs and your frequent searches. The information allows us to see the overall patterns of usage on the site, help us record any difficulties visitors have with the site and show us whether our advertising is effective or not. Further information can be found on Google’s website including the Google Analytics Cookie policy.
  • We and our service providers and advertisers use advertising Cookies to deliver ads that we believe are more relevant to our visitors and their interests. For example, we may use targeting or advertising Cookies to limit the number of times you see the same ad on our site, to measure the effectiveness of our advertising campaigns and to customise the advertising and content you receive.           

 

For more information, please refer to Westfund Terms of Use on our website which applies to both the website and online services.

For what purposes do we collect, hold, use and disclose your personal information?

Westfund may collect, hold, use or disclose your personal information if it is required for the purposes of conducting our business or if required or permitted under law. We’ve outlined examples of some of these purposes below:

 

  • to manage and administer our products and services;
  • to assess claims and pay benefits;
  • to collect government rebates you may be entitled to;
  • to collect and process premiums;
  • to research, develop and expand our products and services;
  • to manage enquiries and complaints;
  • to conduct internal administrative process (for example, audit and assurance, quality assurance, risk management, fraud and loss prevention, and training); and
  • to comply with any applicable

 

We may also use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.

Who do we disclose your personal information to?

In order to carry out the purposes outlined above, we may disclose your personal information to persons or organisations such as:

 

  • hospitals and health service providers from whom you have sought, or intend to seek, treatment;
  • government agencies (such as Medicare, the Australian Tax Office, Commonwealth Ombudsman, the Department of Health and APRA);
  • other private health insurers (for example, when you transfer to or from another insurer);
  • authorised persons or persons who act on your behalf;
  • contractors and service providers, such as mailing houses, marketing agencies, information technology service and support providers, data processing and analytics agencies, and website maintenance and development service providers;
  • our contract management service, the Australian Health Services Alliance (ahsa.com.au);
  • our advisors (such as auditors, actuaries, consultants and legal advisers);
  • our commercial partners for the purposes of co-marketing opportunities.

 

We may also disclose personal information where disclosure is required by law (for example, in response to a subpoena or a compulsory notice from a court, tribunal or government body).

How is your personal information secured?

The personal information we collect about you is kept on an electronic record system in secure databases (including trusted third party storage providers in Australia). Personal information may also be collected in paper-based documents and converted to electronic form for use or storage (with the original paper-based documents either archived or securely destroyed).

 

Personal information held by Westfund is secured by the following methods:

  • securing our premises with access controls;
  • ensuring all systems, servers, computers, databases and networks are secured with password protection and encryption;
  • ensuring various access levels for staff to limit access to information and roles; and
  • providing our staff with regular privacy and information security training.

 

Any information held off-site is done so under rigorous contractual arrangements with third-party providers.

 

All third-party computer systems and file storage facilities are subject to secure access controls. All third-party arrangements are regularly assessed to ensure they meet regulatory requirements.

 

We will keep your personal information for as long as we need it to provide you with the products and services you requested from us and to comply with legal requirements. We will take reasonable steps to securely destroy or de-identify personal information we no longer require.

How is personal information handled for couples and family health insurance policies?

If you are insured under a health insurance policy which covers more than one person, such as a ‘family’ or ‘couples’ policy, you should make yourself aware of the privacy settings applicable to your policy.  Information about the health services received, claims made and benefits paid (claims history) for each person under the same health insurance policy is accessible to the other persons under the insurance policy.

 

A dependant who is 16 years or older (and in some situations, under the age of 16), may contact Westfund to request that their claims history be kept private from other persons under the insurance policy.

 

Westfund may, in its discretion, decline to disclose the claims history of a person insured under the same policy where it cannot be satisfied that such disclosure reflects the current intention of the insured person. In that circumstance, Westfund may seek clarification from the insured person.

 

It is important to consider the privacy settings applicable to your policy where there are changes in the relationships amongst persons insured under the policy (for example, as children and young people mature or if partners separate). In that circumstance, you should contact us to change the privacy settings applicable to your policy or discuss whether different insurance arrangements are appropriate to your circumstances.

How can I organise additional privacy protections as a victim of family violence or identity theft?

If you are a victim of family violence or identity theft, or have personal safety concerns relating to the personal information we hold about you, we may be able to provide further privacy protections for you. Please do not hesitate to discuss these options with us by contacting the Privacy Officer, using the contact details below.

Is my personal information used for direct marketing?

We may use your personal information to contact you (including by phone, text message or email) about products or services which we think may be of interest to you. This may include our own or third parties’ products or services.

 

If you wish to change your communications preferences, or do not wish to receive marketing material from us, you can contact us at any time by:

 

  • calling us on 1300 937 838 or 1800 027 912
  • emailing us at [email protected] or
  • using the unsubscribe function on communications you

 

If you request not to receive marketing material, please be aware that we will still contact you in relation to our on-going relationship with you. For example, we will still send you notices that are relevant to your policy or the products and services you have received from us.

How do we use your personal information for health and well-being programs?

We use personal information that we collect in providing health insurance (including health information) to develop programs that are intended to improve the health and wellbeing of members.

 

In some instances, these programs are offered to all members. In other instances, members who are most likely to benefit from the programs may be contacted and specifically invited to participate (for example, programs for members who are affected by, or at risk of, particular illnesses or conditions).

 

Where the program is designed to assist members generally, we will inform members via a general communication of the availability of the program (for example, via the website or through our publications or advertisements).

 

Where the program is designed to assist members with particular illnesses and conditions, we may contact you directly to invite you to participate in the program.

 

If you do not wish to receive invitations to participate in health and wellbeing programs, you can update your communications preferences by;

  • calling us on 1300 937 838 or 1800 027 912
  • emailing us at [email protected] or
  • using the unsubscribe function on communications you receive.

 

Participation in health and wellbeing programs is entirely voluntary. Your decision to participate, or not to participate, will not affect your premiums or benefit entitlements in any way. You may withdraw from any program in which you may have been enrolled at any time.

Are we likely to disclose your personal information to overseas recipients?

We generally hold your information in Australia. In certain circumstances, we may transfer your personal information outside Australia. Technology allows for services to be provided by different service providers including some that are located overseas. We may use overseas service providers in order to provide our products and services or manage our relationship with you. The countries in which those third parties are likely to be based in parts of Western Europe, USA or New Zealand.

 

Unless we have your consent, or an exception under the Privacy Laws applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure the overseas recipient does not breach the Australian Privacy Principles in relation to your personal information.

Can you deal with us anonymously or with a pseudonym?

You can deal with us anonymously or with a pseudonym where it is lawful and practicable to do so.

 

For example, you may elect to remain anonymous or use a pseudonym if you make a general inquiry or contact us to obtain a quote.

 

Should you choose to become a member, you will need to provide your personal information. Your personal information is required to administer your policy (including collecting premiums and paying benefits). If you do not provide personal information, we may be unable to provide you with goods or services you have requested.

 

How can I access my personal information?

You are entitled to request access to personal information we hold about you.

 

A request for access can be sent to [email protected] It is important to include a description of the personal information you wish to access. We may ask you to provide information to verify your identity.

 

We do not charge a fee to give you access to your personal information, but you may be charged for the reasonable time and expense incurred in compiling information, depending on the nature and extent of your request.

 

Westfund will endeavor to respond to your request for access within 30 calendar days. We may decline your request to access or correct your personal information in certain circumstances permitted by the Privacy Act and applicable law. In that case, we will provide you with reasons for our decision.

 

Your request to access your information will be documented along with the Westfund staff member’s name that gave you the information.

How can I correct my personal information?

We endeavor to ensure that personal information we collect and hold is accurate, up-to-date and complete. You can help us to do this by letting us know if your personal details change or if you notice errors or discrepancies in information we hold about you.

 

If we become aware that information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading we will take steps to correct the information considering the purpose for which the information is held.

 

If you feel that any personal information we hold about you is not accurate, you are entitled to request correction of the information. Westfund will endeavor to respond to a request for correction within 30 calendar days.

 

You may also request that we notify any third party that Westfund has disclosed the inaccurate information to. We will take steps to have the other entity correct this information to the extent that it is practicable or lawful to do so.

 

If we refuse to make a correction at your request, you will be provided with reasons (to the extent it would be reasonable to do so). You may request that we associate a statement with your personal information about the requested correction. We will also provide you with information about how to make a complaint.

How do I make a complaint?

If you have any questions, concerns or complaints about how we manage your personal information, you can contact our Privacy Officer using the details below:

 

Contact: Privacy Officer

Email: [email protected]

Telephone: 1300 937 838 or 1800 027 912

Address: P.O. Box 235 Lithgow NSW 2790

 

If you make a complaint about privacy, Westfund will contact you (in writing and/or by telephone) to confirm receipt of your complaint and, if necessary, to advise you of any additional information Westfund requires to investigate your complaint.

 

Within 30 days of confirming receipt of your complaint (or receiving any further information Westfund requires to investigate the complaint), we will endeavor to have completed our investigation of your complaint and respond to you in writing with the outcome of the investigation of your complaint (including, if applicable, how Westfund proposes to resolve your complaint).

 

We will endeavor to resolve any complaints to your satisfaction. However, if you believe that we have not resolved the issue you may refer the matter to the Office of the Australian Information Commissioner using the contact details below

 

Website: oaic.gov.au (Privacy Complaint Form)

Telephone: 1300 363 992

Address: Office of the Australian Information Commissioner (OAIC)   

GPO Box 5218       

Sydney, NSW 2000

                                                                                                         

Further Information and Privacy Contact

Our Privacy Officer can be contacted using the following details:

 

Contact: Privacy Officer

Email: [email protected]

Telephone: 1300 937 838 or 1800 027 912

Address: P.O. Box 235 Lithgow NSW 2790