Privacy Policy

Cylo Australia Pty Limited (Cylo) is an Insurance Australia Group Limited (IAG) business and acts as agent of the issuer Insurance Australia Limited (IAL) trading as CGU Insurance ABN 11 000 016 722 AFSL 227681, pursuant to a binder agreement.  Where personal information is collected, used, and disclosed for the same purposes by both businesses, the word, "we" or "us" is used.
‍
Last updated on 4 August 2023. 

‍As Cylo Australia Pty Limited (Cylo) is an Insurance Australia Group Limited (IAG) business, this Privacy Policy must be read together with the IAG Master Privacy Policy, which describes how IAG collects, holds, uses, and discloses your personal information. A copy of the IAG Master Privacy Policy is available at: www.iag.com.au/master-privacy-policy. You can also request a hard copy of either Privacy Policy by contacting Cylo. If the information in this Privacy Policy conflicts with information in the IAG Master Privacy Policy, the information in this Privacy Policy will override the IAG Master Privacy Policy. 

By visiting any of our websites, applying for, renewing, holding or using any of our products or services or providing us with your information, you agree to your information being collected, held, used and disclosed as set out in this Privacy Policy and the IAG Master Privacy Policy.
‍
Introduction
The protection and privacy of your personal information is a priority to us. This means handling your personal information in a responsible manner in accordance with the Privacy Act and the Australian Privacy Principles. This Privacy Policy explains how we collect personal information about you, and how we treat your personal information. It details the type of personal information we collect, how we may use that information, who can access it and how we protect it.

The information we collect
We collect information which is reasonably necessary to provide our services for underwriting and administering your insurance, claims handling, market and customer satisfaction research and to develop and identify products and services that may interest you.

We will only collect your sensitive information if you have provided us with consent to do so or if the collection is required or permitted by law.

You do not have to provide us with your personal information.

However, if you don't it may affect our ability to assist you or provide you with a product or service you would like. If you want to deal with us while not identifying yourself (for example, anonymously or by using a pseudonym) we will let you where it is practical for us to do so (for example, where you make a general enquiry of us).

Please tell us if you wish to do this and we will indicate whether, considering the nature of the transaction, it is practical and reasonable to do so.

The information we collect and hold generally about you includes name, address, and contact details (such as phone number and email address).

However, we may also collect and hold other information required to provide services or assistance to you, including your employment, details of your previous insurances, claims history, financial details such as your credit card or bank account number (for example, if the product or service is being paid for in this way or we are making a claim payment), your bank account or credit card details.

How we collect your information
We may collect your personal information in various ways, including via person-to-person contact directly from you, telephone, the internet (including our website), hard copy forms or email. Whenever you choose to deal with us directly, we will, where it is practicable and reasonable, collect this information directly from you.

However, there may be occasions when we collect your personal information from someone else. This may include from publicly available records or databases (including phonebooks, public websites or social media), your insurance broker or financial adviser, joint insureds on your policy, other insurers, our distributors, business partners or agents or related entities,  another party involved in claim, investigators, the Insurance Reference Services (IRS) and its members, third parties who provide services to us or on our behalf, anyone you have authorised to deal with us on your behalf, and/or our legal advisers.

We may also seek to collect personal information about someone else from you (for example, if you request a product or service jointly with another person). However, you must not provide us with information about another person unless you have clear consent from that person to do so and let them know about this Privacy Policy and where to find it.

The purposes for which we collect, hold, use and disclose your information
We only hold, use and disclose your personal information for the purpose for which it was provided to us, other related purposes and purposes permitted by law, or purposes to which you otherwise consent. The purposes for which we collect, hold, use and disclose your personal information include:

•       Responding to enquiries or complaints in respect of a product, service or claim
•       Providing you with our products and services and any assistance you request from us (for example, processing requests for quotes, applications for insurance, underwriting and pricing policies, offering excesses and discounts, issuing renewing or amending policy, managing and assessing claims made under or against a policy which you hold, processing claims or payments, recovering money paid to you or debts you have incurred, etc)
•       Maintaining or administering your account policies, processing payments you have authorised and processing third party authority arrangements
•       Maintaining and improving our products and services, our customer service practices and our internal business processes
•       Processing your survey or questionnaire responses for the purpose(s) notified in the survey or questionnaire (if you have chosen to participate in such)
•       Better understand our customers' needs and tailor our future products and services accordingly (including by conducting market research and analytics)
•       Contacting you (including by email, telephone, SMS, mail, social media or targeted digital advertising) to provide you with offers and marketing information about products and services (of ours, our agents and distributors, our related entities and other organisations) which we believe may be of interest to you if you opt-in to receive such (if you have opted-in, you can contact us at any time to ‘opt out’ of receiving such marketing communications, or simply follow the unsubscribe instructions in the relevant communication)
•       For facilitating our ordinary business operations (including general business reporting, modelling and analysis and managing our IT infrastructures, databases, websites and for statistical and maintenance purposes)
•       Quality assurance, audit and training purposes
•       Complying with, and assisting our related entities, agents, brokers, business partners, distributors and insurance advisers in complying with, any applicable law, code (including the General Insurance Code of Practice, as amended from time to time) or regulation, and assisting with government, law enforcement agencies and regulators (including anti-money laundering, sanctions, anti-slavery, and prevention of fraud and other criminal activity)
•       For confirming and providing evidence of the fact that you have insurance issued by Cylo
•       Other purposes including:
           •     complying with legislation, regulation and industry codes that are applicable to us
           •    any other purpose communicated to you at the time we collected your personal information or as required or permitted by law

However, we will only use and disclose your sensitive information for the purposes for which it was initially collected, other directly related purposes and purposes permitted by law, or purposes to which you otherwise consent.
‍
Who we disclose your information to
‍We will disclose your information to our related entities and third parties (including those who provide services to us or on our behalf), for the purposes set out under the section ‘The purposes for which we collect, hold, use and disclose your information above, other related purposes and purposes permitted by law, or purposes to which you otherwise consent. These related entities and third parties include:
‍
•       Our agents, business partners and distributors (including financial institutions, credit unions and other third parties with whom we have a commercial or referral arrangement)
•       Insurance advisers (such as authorised representatives and insurance brokers) who offer or arrange one of our products or services on our behalf
•       Insurance reference bureaux (including Insurance Reference Services, and Insurance Fraud Bureau of Australia), underwriters and re-insurers (and their representatives)
•       Other insurance providers, a joint insured on your insurance policy, any other person listed on your insurance policy or anyone else who has your authority
•       In the case of some claims (or likely claims) other insurers, third party, assessors, investigators, or another third party involved in the claim or claims process, (for example, to obtain or provide information relevant to an assessment of your claim) and any agents, representatives or subcontractors of the above
•       Complaint and dispute resolution bodies (including the Australian Financial Complaints Authority)
•       Our third-party service providers (including recovery agents, media publishers, lawyers, suppliers, mailing houses, marketing agencies and companies, market researchers, IT experts and infrastructure providers, analytics service providers, physical and electronic storage providers and payment service providers) and professional advisers and consultants and any agents, representatives or subcontractors of any of those third-party providers, advisors and consultants
•       Government bodies, regulators, law enforcement agencies and any other parties where required or permitted by law
•       Our related entities and businesses, agents, and distributors, or so that they can support our operators, and also offer you products and services if you have opted-in to receive information about such products and services

If the ownership or control of our business changes, we may transfer and disclose your personal information to the new owner.
‍
DISCLOSURE TO OVERSEAS RECIPIENTS
Some of the organisations we use to assist us in providing you with our products and services are located overseas. If we share your personal information with an organisation that's located outside of Australia we'll do all we can to ensure there are arrangements in place to protect your personal information, or otherwise obtain your consent before doing so.

We may disclose your personal information to service providers located in the United States of America, Malaysia, Singapore, South Africa, the United Kingdom, Scotland, Republic of Ireland, Brazil, Fiji, the Netherlands, England, Philippines, Israel, Germany, India, New Zealand, Luxembourg, Finland and Italy. The location of our overseas service providers may vary from time to time.
‍
‍Security of your information
‍We will hold your personal information in:
•    Computer systems
•    Electronic databases
•    Digital records
•    Hard copy or paper files
‍
We take reasonable steps (including any measures required by law) to ensure your information is protected and secure.

We also take reasonable precautions to ensure that any information you provide to us through our websites is transferred securely from our servers to our mainframe computers, including through use of Transport Layer Security (TLS) Version 1.2 protocols.

You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, policy details, etc) and you should notify us as soon as possible after you become aware of any security breaches.
‍
Accuracy, access and correction
We take reasonable steps to ensure the information we collect and hold about you is accurate, complete and up-to-date. However, we rely on you to advise us of any changes to your information or corrections required to the information we hold about you.

Please let us know as soon as possible if there are any changes to your information or if you believe the information we hold about you is not accurate, complete or up-to-date.

We will, on request, provide you with access to the information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial to access your information. We may ask you to complete a ‘Personal Information Access Request Form’ and may charge you a service fee for retrieving and sending the information to you. Please contact us using the contact details for Cylo (below) if you require access to the information we hold about you.  
‍
‍What if you have a complaint?
We will always do our best to provide you the highest level of service but if you are not happy or have a complaint or dispute, here is what you can do.

Contact Cylo:
•    Go to our website at www.cylo.ai and use the contact us messaging feature
•    Contact us via our email at contact@cylo.ai
•    Call us on 1800 595 502
‍
If we are not able to resolve your complaint when you contact us or if you would prefer not to contact the people who initially handled your complaint, the next step of our complaint and dispute resolution process is to contact IAG Customer Relations team using the contact details below:
‍
Contact IAG Customer Relations team:
•    Free Call: 1800 045 517
•    Email: customer.Relations@iag.com.au 

Customer Relations will contact you if they require additional information or have reached a decision relating to your complaint. Customer Relations will advise you of the progress of your complaint and the timeframe for a decision in relation to your complaint.

We expect our procedures will address your complaint in a fair and prompt manner.

If you are unhappy with the decision made by Customer Relations, the next step is that you may wish to seek an external review of the decision by raising your complaint with the Australian Financial Complaints Authority (AFCA).

You have a right in certain circumstances to have your privacy complaint determined by AFCA. AFCA can determine a complaint about privacy where the complaint forms part of a wider dispute between you and us or when the privacy complaint relates to or arises from the collection of a debt.

AFCA is an independent dispute resolution body that is recognised as an external dispute resolution (EDR) scheme under the Privacy Act 1988 (Cth) by the Office of the Australian Information Commissioner (OAIC) to handle particular privacy-related complaints and is an approved EDR scheme by the Australian Securities and Investments Commission (ASIC). We're bound by AFCA determinations, provided the dispute falls within AFCA Terms of Reference.

You have two years from the date of our letter outlining our final decision to make an application to AFCA for a determination.

You can access AFCA dispute resolution services by contacting them at:
•    The Australian Financial Complaints Authority
•    Website: www.afca.org.au
•    Email: info@afca.org.au
•    Phone: 1800 931 678 (free call)
•    Mail: GPO Box 3, Melbourne, Victoria 3001 

If you are unhappy with AFCA's determination in relation to your complaint, or if AFCA is unable to hear your complaint, the next step is that you may wish to raise your complaint with the OAIC.

The OAIC is an independent government agency with primary functions that relate to privacy, freedom of information and government information policy. The OAIC's responsibilities include conducting investigations, reviewing decisions, handling complaints, and providing guidance and advice. The OAIC will act as an impartial third party when addressing your complaint. The OAIC will investigate your complaint, and where appropriate, make a determination about your complaint, provided it is covered by the Privacy Act 1988 (Cth).

The contact details for the OAIC are:
•    Website: www.oaic.gov.au
•    Email: enquiries@oaic.gov.au
•    Phone: 1300 363 992
•    Mail: Office of the Australian Information Commissioner, GPO Box 5218, Sydney, NSW 2001

Revision of our Privacy Policy
We reserve the right to revise this Privacy Policy or any part of it from time to time. Please review this policy periodically for changes. Your continued use of our websites, products or services, requesting our assistance, applying for or renewal of any of our products or services or the provision of further personal information to us after this Privacy Policy has been revised, constitutes your acceptance of the revised Privacy Policy.