PRIVACY POLICY

2. ABOUT OUR ORGANISATION

Our organisation is an APP entity required to comply with the Australian Privacy Principles under the Privacy Act 1988 (Cth). We conduct business activities across various sectors and provide products and services to assist our clients and customers in achieving their objectives.

Contact Details:

• Business Address: Suite 6, 294-296 Rokeby Road, Subiaco WA 6008
• Postal Address: PO Box 1570, Subiaco WA 6904
• Telephone: 1300 270 257
• Email: [email protected]
• Website: https://insuranceclaimssolutions.com.au/

Privacy Contact:

For all privacy-related enquiries, complaints, access requests, and correction requests, please contact our Privacy Officer:

• Privacy Officer: Rachel Jacomb
• Email: [email protected]
• Telephone: 0416 653 128
• Postal Address: PO Box 1570, Subiaco WA 6904

3. ANONYMITY AND PSEUDONYMITY (APP 2)

Where it is lawful and practicable, you may have the option of not identifying yourself or of using a pseudonym when dealing with us. However, in many circumstances involving our business operations, it is not practicable for us to deal with you anonymously or pseudonymously because:

(a) we are required under Commonwealth or State laws to verify your identity and collect specific personal information before providing certain products or services;

(b) our contractual obligations to suppliers, service providers, and other third parties may require us to collect and verify your personal information;

(c) the nature of our services or products requires us to assess your circumstances, requirements, and needs, which can only be achieved through collection of your identified personal information; and

(d) third parties we work with may require identified personal information to assess applications and provide services.

Where anonymity or pseudonymity is possible, such as for general enquiries about our services, we will inform you of this option.

4. COLLECTION OF PERSONAL INFORMATION (APP 3 AND APP 5)

4.1 Types of Personal Information We Collect

We only collect personal information that is reasonably necessary for, or directly related to, our functions and activities as a business organisation. The personal information we collect may include the kinds of personal information that the entity collects and holds, which may comprise:

(a) identification information such as your name, date of birth, address, telephone numbers, email address, and government-issued identification details;

(b) business and commercial information including employment details, business relationships, transaction history, preferences, and requirements related to our products and services;

(c) sensitive information (where consent is provided or collection is otherwise authorised) such as health information where relevant to our services, membership of professional or trade associations, or other sensitive information directly related to the products or services we provide; and

(d) information about your use of our website including IP addresses, browser information, page views, session duration, and cookie data.

4.2 Collection Methods

We collect personal information about you primarily from you directly, including through application forms, questionnaires, interviews, telephone conversations, electronic communications, and our website. We may collect personal information from other sources only where:

(a) you have consented to such collection;

(b) we are required or authorised by law to do so; or

(c) it is unreasonable or impracticable to collect the information directly from you.

Third party sources may include credit reporting agencies, other service providers (where you have engaged multiple providers), employers (for verification purposes), accountants, lawyers, real estate agents, valuers, insurers, government agencies, and publicly available sources.

4.3 Notification of Collection

At or before the time we collect your personal information (or as soon as practicable afterwards), we will take reasonable steps to notify you of:

(a) our identity and contact details as set out in this Privacy Policy;

(b) the purposes for which we are collecting your personal information as described in section 5 below;

(c) the fact that you are able to access and seek correction of your personal information in accordance with sections 12 and 13 below;

(d) the consequences if you do not provide the personal information, which may include our inability to provide you with appropriate products or services, process your applications, or comply with our legal obligations;

(e) the types of organisations to which we usually disclose personal information as described in section 5.4 below;

(f) whether we are likely to disclose your personal information to overseas recipients and the countries in which such recipients are likely to be located, as described in section 7 below; and

(g) how to make a complaint about our handling of personal information and how such complaints will be dealt with, as described in section 14 below.

5. USE AND DISCLOSURE OF PERSONAL INFORMATION (APP 6)

5.1 Primary Purposes

We use and disclose your personal information for the purposes for which the entity collects, holds, uses and discloses personal information, including the following primary purposes:

(a) assessing your requirements, circumstances, and needs to provide appropriate products, services, and recommendations;

(b) processing applications for products and services including any applications to third parties on your behalf;

(c) facilitating the provision of products and services by our suppliers, contractors, and service providers;

(d) ongoing account administration, customer service, and relationship management;

(e) complying with our legal and regulatory obligations under applicable Commonwealth and State laws and regulations; and

(f) maintaining our business records and managing our client and customer relationships.

5.2 Secondary Purposes

We may also use and disclose your personal information for related secondary purposes that you would reasonably expect, including:

(a) conducting assessments and obtaining reports from third parties where relevant to the products or services we provide;

(b) verification of information you have provided through appropriate third party sources;

(c) internal business processes including staff training, quality assurance, and business planning;

(d) managing complaints and disputes; and

(e) exercising our rights and performing our obligations under contracts and at law.

5.3 Permitted Situations

We may use and disclose your personal information without your consent where permitted under the Privacy Act, including:

(a) where required or authorised by Australian law or court order;

(b) for enforcement of the criminal law or of a law imposing a pecuniary penalty, or for the protection

of public revenue;

(c) to assist in locating a missing person;

(d) to establish, exercise, or defend a legal claim;

(e) where there are reasonable grounds to suspect unlawful activity has been engaged in;

(f) to prevent or lessen a serious threat to life, health, or safety; and

(g) for research purposes where certain conditions are met.

5.4 Disclosure to Third Parties

We may disclose your personal information to the following types of organisations:

(a) suppliers, contractors, and service providers who assist us in providing our products and services;

(b) product and service providers for the purpose of obtaining quotes and processing applications on your behalf;

(c) credit reporting agencies and similar assessment agencies where relevant to our business activities;

(d) professional service providers including lawyers, accountants, valuers, and other advisors engaged in connection with our business activities;

(e) government agencies and regulatory bodies as required by law, including taxation authorities, corporate regulators, and other relevant government departments;

(f) our related entities, authorised representatives, agents, and business partners in connection with the provision of our services;

(g) technology service providers who assist with our IT systems, data storage, and website operation;

(h) professional indemnity insurers and legal advisors in connection with insurance claims and legal matters; and

(i) potential purchasers or investors in connection with any proposed sale or restructure of our business, subject to appropriate confidentiality arrangements.

6. DIRECT MARKETING (APP 7)

6.1 Marketing Communications

We may use your personal information to inform you about products, services, and opportunities that we believe may be of interest to you. This may include information about:

(a) new products and services offered by us or our business partners;

(b) changes to existing products and services;

(c) educational content and updates related to our industry or business sector; and

(d) invitations to events, seminars, webinars, and other promotional activities.

6.2 Consent and Opt-Out

We will only use your personal information for direct marketing purposes where:

(a) you have consented to receiving such communications;

(b) you would reasonably expect us to use your information for such purposes; or

(c) we have otherwise acquired your personal information and you have not made a request not to receive direct marketing communications.

How to Opt-Out:

If you do not wish to receive direct marketing communications from us, you may:

(a) use the “unsubscribe” link included in electronic marketing communications;

(b) contact us by email with “Unsubscribe” in the subject line;

(c) telephone us and request to be removed from marketing communications; or

(d) write to us at our postal address requesting removal from marketing communications.

We will process your opt-out request within a reasonable timeframe and will not charge you for

making such a request. Even after opting out of marketing communications, we may still contact you for purposes directly related to the services we provide to you.

7. CROSS-BORDER DISCLOSURE (APP 8)

7.1 Overseas Disclosure

7.2 Countries of Disclosure

The countries in which such recipients are likely to be located include, but are not limited to:

(a) United States of America (for technology services and cloud storage providers);

(b) Singapore (for business service providers and technology services);

(c) New Zealand (for related entities and service providers);

(d) United Kingdom (for professional services and technology providers);

(e) European Union countries (for technology and professional services); and

(f) other countries as may be required to facilitate specific transactions or services at your request.

7.3 Safeguards for Overseas Disclosure

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles in relation to the information. These steps may include entering into contractual arrangements with overseas recipients that require compliance with privacy principles substantially similar to the APPs, or:

(a) verifying that the overseas recipient is subject to laws or binding schemes that provide substantially similar protection to the APPs;

(b) obtaining your explicit consent to the overseas disclosure after informing you that APP 8.1 will not apply to the disclosure; or

(c) ensuring that the disclosure is required or authorised by Australian law.

8. GOVERNMENT RELATED IDENTIFIERS (APP 9)

We do not adopt, use, or disclose government related identifiers (such as tax file numbers, Medicare numbers, or driver licence numbers) as our own identifiers for individuals. Where we collect government related identifiers, we do so only:

(a) as required or authorised by Australian law;

(b) for the purposes for which the identifier was assigned; or

(c) where reasonably necessary to verify your identity or fulfil our obligations to government agencies.

We implement appropriate safeguards to protect government related identifiers from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.

9. UNSOLICITED PERSONAL INFORMATION (APP 4)

If we receive unsolicited personal information about you (information we have not requested), we will determine whether we could have collected that information under APP 3 if we had solicited it. If we determine that we could not have collected the information, and it is lawful and reasonable to do so, we will destroy or de-identify the information as soon as practicable unless we are required by law to retain it.

Where we determine that we could have collected the unsolicited information under APP 3, we will handle the information in accordance with this Privacy Policy and notify you in accordance with APP 5 if it is practicable and reasonable to do so.

10. DATA QUALITY (APP 10)

We take reasonable steps to ensure that the personal information we collect is accurate, up-to-date, and complete. We also take reasonable steps to ensure that personal information we use or disclose is, having regard to the purpose of use or disclosure, accurate, up-to-date, complete, and relevant.

To assist us in maintaining accurate records, we encourage you to:

(a) provide accurate and complete information when dealing with us;

(b) inform us promptly of any changes to your personal information; and

(c) notify us if you become aware of any errors in the personal information we hold about you.

11. DATA SECURITY (APP 11)

11.1 Security Measures

We implement technical and organisational measures to protect your personal information from

misuse, interference, loss, unauthorised access, modification, or disclosure. Our security measures

include:

(a) secure data storage systems with encryption and access controls;

(b) regular security assessments and updates to our IT systems;

(c) staff training on privacy and security requirements;

(d) confidentiality agreements with employees and service providers;

(e) secure transmission protocols for electronic communications;

(f) physical security measures for paper records and computer systems;

(g) regular backup and disaster recovery procedures; and

(h) monitoring and logging of access to personal information systems.

11.2 Data Retention and Destruction

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods may vary depending on the nature of the information and applicable legal requirements, and typically include:

(a) client and customer files: minimum 7 years from the date services were last provided or the relationship ended;

(b) application and transaction records: 7 years from the date of completion or application withdrawal;

(c) taxation and financial records: 7 years from the end of the financial year to which they relate;

(d) marketing consent records: until consent is withdrawn plus a reasonable period to ensure compliance with opt-out requests; and

(e) complaint records: 7 years from the date the complaint was resolved.

When personal information is no longer required, we take reasonable steps to destroy or de-identify it in a secure manner.

12. ACCESS TO PERSONAL INFORMATION (APP 12)

12.1 Right of Access

You have the right to request access to the personal information we hold about you. Subject to certain exceptions under the Privacy Act, we will provide you with access to your personal information within a reasonable timeframe.

12.2 How to Request Access

To request access to your personal information, please:

(a) contact our Privacy Officer using the contact details in section 2;

(b) specify the personal information you wish to access;

(c) provide sufficient information to enable us to verify your identity; and

(d) specify your preferred method of access (inspection, copy of documents, written summary, etc.).

12.3 Access Procedures

We will acknowledge your access request within 14 days and provide access within 30 days unless:

(a) we require additional time to locate records or consult with third parties, in which case we will notify you of the delay;

(b) we need to verify your identity or authority to request the information;

(c) an exception under the Privacy Act applies to the request; or

(d) we require payment of a reasonable charge for providing access.

12.4 Exceptions to Access

We may refuse access to personal information where:

(a) providing access would pose a serious threat to the life, health, or safety of any individual;

(b) providing access would have an unreasonable impact on the privacy of others;

(c) the request is frivolous or vexatious;

(d) the information relates to existing or anticipated legal proceedings;

(e) providing access would reveal commercially sensitive information;

(f) providing access would be unlawful; or

(g) denying access is required or authorised by law.

If we refuse your access request, we will provide you with written reasons for the refusal and information about how to make a complaint.

13. CORRECTION OF PERSONAL INFORMATION (APP 13)

13.1 Right to Correction

You have the right to request correction of personal information we hold about you if you believe it is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

13.2 How to Request Correction

To request correction of your personal information, please:

(a) contact our Privacy Officer using the contact details in section 2;

(b) specify the personal information you believe requires correction;

(c) explain why you believe the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading; and

(d) provide evidence supporting the correction where possible.

13.3 Correction Procedures

We will acknowledge your correction request within 14 days and take reasonable steps to correct the information within 30 days if we are satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant, or misleading having regard to the purpose for which it is held.

13.4 Notification of Correction

If we correct personal information that we have previously disclosed to another entity, we will take reasonable steps to notify that entity of the correction if you request us to do so.

13.5 Refusal to Correct

If we refuse to correct personal information, we will:

(a) provide you with written reasons for the refusal;

(b) if you request, take reasonable steps to associate with the information a statement that you view it as inaccurate, out-of-date, incomplete, irrelevant, or misleading; and

(c) provide information about how to make a complaint about our refusal.

14. COMPLAINTS PROCEDURE

14.1 Making a Privacy Complaint

If you believe that we have breached your privacy or handled your personal information inappropriately, you may make a complaint to us. Privacy complaints should be made to our Privacy Officer using the contact details in section 2.

Your complaint should include:

(a) your contact details;

(b) details of the specific privacy concern or alleged breach;

(c) the outcome you are seeking; and

(d) any supporting documentation.

14.2 Complaint Handling Process

We will handle your privacy complaint in accordance with the following process:

(a) Acknowledgment: We will acknowledge receipt of your complaint within 7 days;

(b) Investigation: We will investigate your complaint thoroughly and fairly, which may involve consulting with relevant staff members and reviewing relevant records;

(c) Response: We will respond to your complaint within 30 days (or longer if the matter is complex, in which case we will notify you of the delay);

(d) Resolution: Our response will outline the outcome of our investigation and any steps we propose to take to resolve the matter; and

(e) Implementation: If we determine that a breach has occurred, we will take appropriate corrective action and implement measures to prevent similar breaches in the future.

14.3 External Complaint Options

If you are not satisfied with our response to your privacy complaint, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC):

Office of the Australian Information Commissioner

• Website: www.oaic.gov.au
• Telephone: 1300 363 992
• Email: [email protected]
• Postal Address: Director of Complaints, Office of the Australian Information Commissioner, GPO Box 5218, Sydney NSW 2001

You generally have 12 months from the date of our response (or 12 months from the date your complaint should have been resolved if we failed to respond) to lodge a complaint with the OAIC.

15. WEBSITE PRIVACY

15.1 Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. Cookies are small text files stored on your device that help us remember your preferences and understand how you use our website.

Types of Cookies We Use:

(a) Essential Cookies: Required for the website to function properly;

(b) Performance Cookies: Help us analyse how visitors use our website;

(c) Functionality Cookies: Remember your preferences and provide enhanced features; and

(d) Marketing Cookies: Used to deliver relevant advertisements and measure their effectiveness.

15.2 Managing Cookies

You can manage cookie preferences through your browser settings. However, disabling certain cookies may affect the functionality of our website.

15.3 Third Party Services

Our website may include links to third-party websites and services. We are not responsible for the privacy practices of these third parties, and we encourage you to review their privacy policies before providing any personal information.

16. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

(a) posting the updated policy on our website with the effective date;

(b) sending notification to clients and customers via email where we hold current email addresses; and

(c) providing notice through other communications where appropriate.

The current version of this Privacy Policy is available on our website and can be requested by contacting us using the details in section 2.

17. POLICY AVAILABILITY

This Privacy Policy is made available on our website and upon request to any individual by contacting us using the details in section 2. We will also provide this Privacy Policy:

(a) to new clients and customers as part of our onboarding process; and

(b) to existing clients and customers upon request or when material changes are made to the policy.

We will provide this Privacy Policy free of charge upon request.

18. EFFECTIVE DATE

This Privacy Policy is effective from 24 September 2025 and supersedes all previous versions.

This Privacy Policy was last updated on 1 November 2025.

For any questions about this Privacy Policy or our privacy practices, please contact our Privacy Officer using the contact details provided in section 2.