This Privacy Policy (Privacy Policy) sets out how Littlewoods Services Pty Ltd ACN 001 903 359 (‘we’, ‘our’ or ‘us’) handles personal information in accordance with the principles of the Privacy Act 1988 (Cth) (Privacy Act).

BY PROVIDING US WITH YOUR PERSONAL INFORMATION BY ANY MEANS, YOU CONSENT TO US COLLECTING, HOLDING, USING AND/OR DISCLOSING ANY OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

We only collect personal information that is reasonably necessary for the proper performance of our activities or functions.

This Privacy Policy may change over time in light of changes to privacy laws, technology and business practices. If you use our website regularly or enter into communication with us that involves the collection of your personal information, it is important that you check this Privacy Policy to ensure that you are aware of the extent of any consent, authorisation or permission you might give.  

1. WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT?
   

   a). We collect personal information, including sensitive information, where we consider it to be reasonably necessary for one or more of our business functions or activities, and will do so in accordance with the Privacy Act.

   b). ‘Personal Information’ means information or opinion about an identified individual, or an individual who is reasonably identifiable.

   c). ‘Sensitive information’ is personal information and includes information about an individual’s health, genetics, race, political opinion or membership, religion, philosophical beliefs, union membership, sexual orientation and criminal record.

   d). Examples of the types of personal information which we collect include but are not limited to; name, address and contact details, date of birth, gender, professional qualifications, licences held, financial information, employment history, residency status, credit history, criminal records and driving records

2. COLLECTING YOUR PERSONAL INFORMATION

   a). We collect personal information, including sensitive information, for the purpose of:-
   (i) identifying you and conducting appropriate checks;
   (ii) understanding your requirements and providing you with a product or service;
   (iii) providing you with our professional services, advisory , support services, tax, risk and regulatory compliance services and advice; and
   (iv) managing complaints and disputes.

   b). Your personal information is collected by us with your consent, which is generally obtained directly from you:
   (i) when you enter into a service agreement with us;
   (ii) when we are providing our services to you; 
   (iii) when you call us, email us or contact us by any other means (or when we contact you by any means); and
   (iv) as otherwise permitted by law.

   c). Sometimes, we may collect information through third parties, including:
   (i) our insurer, reinsurer and insurance intermediary clients;
   (ii) our clients’ brokers, intermediaries and insurance company customers
   (iii) regulatory bodies including but not limited to the Australian Prudential Regulation Authority and Australia Securities & Investments Commission;
   (iv) industry bodies including but not limited to the Australian Financial Complaints Authority and the Insurance Council of Australia;
   (v) the Australian Taxation Office;
   (vi) IT or Managed Service Providers;
   (vii) our third-party service providers (including credit rating or other agencies utilised for employment / fit an proper checks, public sources); and
   (viii) insurers, providers or firms if you have transferred or transitioned to us from those entities. 

3. DO YOU HAVE TO PROVIDE PERSONAL INFORMATION? 
   You can refuse to provide personal information or choose not to identify yourself, deal with us on an anonymous basis or use a pseudonym. However, a refusal to provide your personal information may mean that the product or service you requested is not provided.

4. HOLDING, USING AND DISCLOSING YOUR PERSONAL INFORMATION

   a). We can only collect, hold, use and disclose your personal information for the purpose it was collected, unless the use or disclosure for another purpose is with your consent or otherwise permitted by law. For example, we will use and disclose your personal information for a secondary purpose related to a purpose for which we collected it or where you would reasonably expect us to use or disclose your personal information for that secondary purpose.

   b).We may hold, use or disclose your personal information and data in our business operations  for the purpose of: 
   (i) contacting you in respect of the products and services we provide to you or other matters relating to you;
   (ii) answering your enquiries and generally providing customer service to you;
   (iii) carrying out internal business activities, including administration, quality and compliance reviews, risk management, training, accounting or audit and information technology activities;
   (iv) working with insurance intermediaries and distributors and group policy holders;
   (v) working with managed service providers, IT and cloud providers and or cyber security companies; \
   (vi) developing our products and services;
   (vii) conducting market research and analysis;
   (viii) conducting surveys or marketing promotions; and
   (ix) complying with laws and regulations.

   (c). We may disclose your personal information to:
   (i) Australian Prudential Regulation Authority;
   (ii) Australian Securities & Investments Commission;
   (iii) Australian Taxation Office;
   (iv) insurers, reinsurers that are largely domiciled in the United Kingdom, United States of America, Germany, France, Japan, Bermuda and Singapore,
   (v) third-party claims administrators and lawyers;
   (vi) service providers and third parties engaged by us or engaged to carry out business activities on our behalf, to administer services, arrange and provide legal advice, supply documents and for us to carry out internal business activities;
   (vii) our managed services and cyber security provider;
   (viii) our professional advisers, including our lawyers and auditors; and
   (ix) any person authorised by you.

5. USE OF COOKIES
   (a) We (or a third-party providing services to us) may use cookies, pixel tags, “flash cookies”, or other local storage provided by your browser or associated applications (each a “Cookie” and together “Cookies”). A Cookie is a small file that may be placed on your computer when you visit our Website. Most browsers now recognise when a Cookie is offered and permit you to refuse or accept it. If you are not sure whether your browser has this capability, you should check with the software manufacturer, your company’s technology help desk or your internet service provider. If Cookies are disabled, we may not be able to provide you with the full range of our services.

   (b) Cookies may collect and store your personal information. This Privacy Policy applies to personal information collected via Cookies. You consent and acknowledge that we collect your personal information through Cookies.

   (c) Cookies may be used to provide you with our services, including to identify you as a user of our website, remember your preferences, customise and measure the effectiveness of our website and our promotions, advertising and marketing, analyse your usage of our website and services, and for security purposes.

   (d) You also may encounter Cookies used by third parties and placed on certain pages of our website that we do not control and have not authorised (such as webpages created by another user). We are not responsible nor liable for the use of such Cookies.

   (e) Our website may also include links to third party websites (including links created by users or members) and applications (“Linked Sites”). Organisations who operate Linked Sites may collect personal information including through the use of Cookies. We are not responsible nor liable for Linked Sites and recommend that you read the privacy policies of such Linked Sites before disclosing your personal information. For the avoidance of doubt Linked Sites are not subject to this Privacy Policy.

6. PROTECTING YOUR PERSONAL INFORMATION

   (a) We hold your personal information on our databases, digital recordings, and in hard copy or paper files. These storage mechanisms may be managed in a number of ways.  They may be managed by a third party storage provider with whom Littlewoods has a contractual relationship and may be managed locally and/or overseas. We take all reasonable steps to securely retain any information we hold.  We maintain security systems and procedures to manage and protect the use of records containing personal information. We regularly review our systems to ensure they are effective at keeping your personal information secure. 
   

   (b) The reasonable steps we take include protecting the information from misuse or loss and from unauthorised access, modification or disclosure. 
   

   (c) Where we no longer require your personal information for a permitted purpose under the APPs, we will take reasonable steps to destroy it.

   (d) Even after you terminate our services with us we will retain your information for as long as we reasonably need it for the purposes outlined in this Privacy Policy. For example, we may retain your information to prevent fraud, or to maintain systems security. We may also retain your information if required or allowed to by law, regulation or relevant standards and codes of conduct, or to fulfil our contractual obligations to a third party. In certain circumstances, including where we are prevented by technical or systems constraints, we may not be able to remove all of your personal information.

   (e) The transmission and exchange of information is carried out at your own risk. We cannot guarantee the security of any information that you transmit to us, or receive from us. Although we take measures to safeguard against unauthorised disclosures of information, we cannot assure you that personal information that we collect will not be disclosed in a manner that is inconsistent with this Privacy Policy.

7. ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

   (a) You are responsible for ensuring that your personal information is accurate, current and complete. 
   We will provide you with access to any information held about you on your request. For your protection, we may require you to confirm your identity before access to your personal information is granted.

   (b) In limited circumstances access may be refused if required or permitted by law. For example, you may be refused access to your personal information which relates to:

   (c) anticipated or existing legal proceedings where that information could not be subject to a process of discovery;
   (i) information regarding our negotiations with you; or
   (ii) legal advice we have received in relation to you. 

   (d) Access may be refused where providing access poses a serious threat to life, health or safety or if access may have an unreasonable impact on the privacy of other individuals.

   (e) If we refuse to provide you with access to your personal information, that decision will be detailed to you in writing. 
   

   (f) We do not charge a fee to access your personal information.

   (g) You have the right to request us to correct any inaccurate, out-of-date, incomplete, irrelevant or misleading personal information.  If you would like  access to your information or to correct the personal information we hold about you, please make the request in writing using the contact details provided below. 

8. NOTIFIABLE DATA BREACHES

   (a) In the event that there is a data breach we will take all reasonable steps to contain the suspected or known breach where possible. We will take immediate steps to limit any further access or distribution where possible and take all reasonable steps to ensure an assessment is completed within 30 days of the breach.

   (b) If remedial action we have taken has not been able to prevent the likely risk of serious harm and we have reasonable grounds to suspect  the data breach is likely to result in serious harm to any individuals involved, we will notify affected individuals and the Office of the Australian Information Commissioner.   
   

   (c) If remedial action is successful in making serious harm no longer likely, then no notification or statement will be made.

   (d) Where we notify individuals in accordance with clause (8b) above , we will as soon as practicable  provide a statement to each affected individual that will contain details of the breach and recommendations of the steps each individual should take. We will also provide a copy of the statement to the Office of the Australian Information Commissioner.

   (e) We will review the incident and take action to prevent future breaches.

9. DIRECT MARKETING MATERIALS
   We may send you direct marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list

10. COMPLAINTS
    (a) You can contact us using the details below to make a complaint about us handling your personal information.

    (b) We are committed to acknowledging your complaint in a prompt manner. We will review your complaint and will respond to you after we have carefully considered it (which may require further information from you). 
    

    (c) If you complain to us and feel that your complaint has not been satisfactorily resolved, or we have not responded within 30 days of you lodging your complaint you can contact The Office of the Australian Information Commissioner (OAIC) via post: GPO Box 5218 SYDNEY NSW 2001, email: enquiries@oaic.gov.au , phone: 1300 363 992 or via their website: https://www.oaic.gov.au . Complaints to the OAIC must be made in writing.  

11. CONTACTING US
    
    If you wish to contact us about the handling of, access to or correction of your personal information, you wish to  make a complaint, or have any concerns about how we have treated your personal information or whether we have complied with the Privacy Act, please contact us.

    Compliance Manager 
    Littlewoods Services Pty Ltd 
    Post: Level 21, 264 George Street, Sydney NSW 2000 
    Tel: (02) 9274 3000
    E-mail: complaints@lwds.com.au 
    If you receive communications purporting to be connected with us or our services that you believe have been sent to you other than in accordance with this Privacy Policy, or in breach of any law, please contact us immediately.

12. AMENDMENTS TO THIS PRIVACY POLICY
    
    We reserve the right to review, change, update, or withdraw this Privacy Policy from time to time. We encourage you to periodically review this Privacy Policy to be informed of how we protect your information.