1. Your privacy is important to us
We know that how we collect, use, disclose and protect your information is important to you, and we value your trust. That’s why protecting your information and being clear about what we do with it is a vital part of our relationship with you.
During the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application or claim form, receive terms and conditions or a product disclosure statement. When you receive this further information, please consider it carefully. Please also visit our website regularly as we update this policy from time to time.
2. How do we collect your personal information?
Information we collect from you
We collect information from you in a number of ways when you request or use our products or services. For example, you might provide us with
information at application or claim time. We might also collect information from you when you contact us, visit us, or visit our website. We generally
record inbound and outbound telephone calls for operational purposes such as complaint handling and reporting, quality assurance, and staff
The information we collect from you may include your identity and contact details, other details such as gender and marital status, lifestyle
information, financial information and health information.
When you use our website or mobile applications, we may collect information about your location or activity including your IP address, telephone
number and whether you’ve accessed third party sites. Some of this website information is collected using cookies, which don’t personally identify you
We also use Google Analytics to monitor search behavior and to measure traffic flows. Further information regarding Google Analytics can be found at www.google.com/analytics/.
Our website may contain links to non-Sovereign websites. Whilst such links are provided for your convenience, you should be aware that the privacy
practices and reliability of the information published on the linked websites might not be the same as ours.
Information we collect from others
We collect information about you from others, such as service providers, medical professionals, agents, advisers, brokers, other insurers, banks and
other financial institutions, credit reporting and fraud prevention agencies, employers (whether current or not) or family members.
For example, if you apply for life or income protection insurance, we may collect health and lifestyle information from your general practitioner
or another medical professional. We may also collect health information when you make a claim, when you change your policy or when we are
investigating your policy.
We may also collect information about you that is publicly available, for example from public registers or social media.
We only collect information from others with your consent. You provide your consent when you complete our application and claim forms. Please take
the time to read these carefully.
What happens if you don’t give us consent to collect your personal information?
If you don’t provide us with your personal information when requested, revoke your consent for us to collect personal information from other parties,
or provide us with incomplete information during the course of our relationship with you, we may no longer be able to provide you with certain
products or services, such as insurance cover or assessment of your claim.
3. How do we use your personal information?
We use your information to provide you with insurance services
We use the information we collect about you to sell you our products and services and, once you take out an insurance policy, to provide insurance
services to you. Insurance services include offering you advice, managing and maintaining your policies and assessing and investigating your policies.
For example, we may use your information to:
- establish your identity and the identity of others specified on a policy;
- assess applications and conduct underwriting;
- provide you with quotes and set up your premiums;
- administer our products and services, including calculating commission payments to advisers;
- assess insurance claims and whether you have met your duty of disclosure at application time;
- manage our relationship with you;
- ensure that the products you have and services you receive are meeting your needs and are improved where necessary;
- assess complaints about the products you use or services you receive;
- manage and monitor our risks, including identifying and investigating any illegal activity, such as fraud;
- comply with our legal and ethical obligations – such as sanctions checking or anti-money laundering and countering financing of terrorism laws; or
- cancel, transfer or change your insurance policies.
We may use your personal information for other reasons. Please note that you can opt out of some of these uses. To do so, please contact us on 0800
500 108 (+64 9 487 9963 if overseas).
We may also use your personal information to:
- conduct customer analysis and research, to ensure that the products and services we offer are the best they can be;
- price and design our products and services;
- improve customer experience and train our staff;
- contact you within a reasonable time following the lapse or cancellation of your policy, or where a quote or application is not proceeded with, for
marketing or survey purposes;
- identify and tell you about other products or services that we think may be of interest to you (you can opt out of this); or
- conduct special offers or campaigns (you can opt out of this).
Improvements in technology enable organisations, like us, to collect and use your personal information to get a more integrated view of customers and
provide better products and services.
In order to do this, we (or third parties we contract) may conduct ‘data matching’ by combining your information with information available from a
wide variety of external sources, including census or Statistics New Zealand data. We (or third parties we contract) are then able to analyse the data in
order to gain useful insights which can assist us to meet the purposes set out above.
We may also use your information in other ways where permitted by law.
4. Who do we disclose your information to?
Our group of companies
Sovereign is part of the AIA group of companies. We may share your information with other AIA group of companies to meet the purposes set out in
section 3 above.
We may share your personal information with a variety of third parties where this is permitted by law or required to meet the purposes set out in
section 3 above. This can include:
- any third party you authorise us to disclose your personal information to;
- medical professionals such as medical practitioners, hospitals, or health service providers;
- suppliers of outsourced functions, for example, mailing houses, research and insight agencies, debt collection agencies, consultants and
professional services firms, information technology support and properties management;
- brokers, agents, advisers and persons acting on your behalf (for example, guardians and persons holding power of attorney);
- other individuals named on a policy, for example, policy owners or a payer;
- persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets - this includes investors,
reinsurers and rating agencies;
- claims-related providers who help us with claims, such as occupational health and disability professionals, assessors and investigators;
- other insurance companies, banks and other financial institutions, for example, so we can process a claim for mistaken payment or transfer a
- your current employer, former employers, group scheme policy owners, or other individuals or organisations involved in administering a group
- data storage providers;
- entities established to help identify illegal activities and prevent fraud; or
- government or law enforcement agencies in New Zealand or overseas, where permitted or required by law - note that we will only share information
with these agencies where we believe there are reasonable grounds for doing so.
Under 16s and special needs
If you are under 16, or have special needs, we may share your information with your parents or legal guardian or any person appointed to manage your
Sending information overseas
From time to time, we may send your information overseas, including to other members of the AIA group and to trusted service providers or other third
parties which operate or hold information outside New Zealand.
We use cloud-based data storage providers located in Australia, Japan and USA. Your information may also be stored with them.
All of our customer service teams are located within New Zealand, including our call centre.
When we send your information overseas, we make sure that appropriate information handling and security arrangements are in place and/or
contractual arrangements exist that place appropriate information handling and security obligations on the recipients or holders of the information
(see section 5 below for more information). Please note that New Zealand law may not apply to some of these entities.
5. How do we keep your personal information secure?
Storing your personal information
We store your personal information in the following jurisdictions and locations:
- In New Zealand:
- At our head office in Takapuna, Auckland.
- Through our suppliers that provide IT support, document archiving and destruction services.
- In Australia:
- Through our suppliers that provide IT support and through a cloud-based data storage provider.
- In Japan:
- Through a cloud-based data storage provider.
- In USA:
- Through a cloud-based data storage provider.
Our security safeguards
Wherever your personal information is held, we take all reasonable steps to ensure that it’s safe and secure.
Staff education and training
Privacy training is a mandatory requirement for new and existing Sovereign staff.
Taking precautions when transferring your personal information to third parties (domestic and overseas).
When we send personal information overseas (as set out above), or use trusted third parties to handle or store personal information, we contractually
require our business partners to ensure that appropriate information handling and security arrangements are in place.
We have protection in our building to guard against unauthorised access, such as security barriers, alarms, CCTV and guards (as required). We also
have a clear desk policy, to ensure that personal information is not left in view of any external visitors.
We take reasonable steps to protect our systems from unauthorised external and internal access. We have firewalls, intrusion detection systems and
virus scanning tools. We limit access to our systems by requiring the use of passwords and ensuring that staff can only access the personal information
they need to do their job.
When we send electronic personal information outside Sovereign, we use dedicated secure networks or encryption. We will only email personal
information to a customer unencrypted with their express consent.
When you log into our website or apps, we encrypt data sent from your computer to our systems so no one else can access it.
As noted above, we use cloud-based data storage providers in Australia, Japan and the USA.
Personal information stored in Japan is protected by its local privacy legislation, the “Act on the Protection of Personal Information” (APPI), which is
generally equivalent to NZ law. Our Australian provider is subject to privacy laws equivalent to those in NZ. Personal information stored in the USA is
subject to local privacy laws, as well as the privacy audits and certifications of our cloud-based data storage providers.
Retaining and destroying your personal information
We will retain your personal information until it is no longer needed to complete insurance services relating to the policy, policy owner, life assured or
payer or to meet any other legislative requirements. Please note that in certain instances it may be necessary for us to retain some of your personal
information after you have ceased to hold your policy with us. It may also be necessary for us to retain information you provide us in an application
even if you do not take out insurance with us. This is because the information may be relevant to future applications you may make, and could affect
the terms we can offer you at a later date.
We destroy the information we no longer need in a secure manner.
6. How can you access, update and correct your personal information?
Can you get access to your information?
You have the right to ask us for a copy of any personal information we hold about you. As noted above, we may hold policy information, contact
information and health and financial information about you. Please note that you may only request information about yourself, unless you have the
consent of other parties to request information on their behalf.
You can request your information by calling us on 0800 500 108 (+64 9 487 9963 if overseas), emailing us at email@example.com, or writing to
us. Alternatively, you may use the Office of the Privacy Commissioner’s ‘AboutMe’ tool for requesting information about yourself. Whichever way you
request information, we must take steps to ensure that you are authorised to do so. This might involve conducting an identity check or verifying your
We prefer that you request health information in writing. This is because your health information is particularly sensitive and we want to make sure we
release it to the right person. It also ensures that we understand your request fully. However, if you do not wish to make a request in writing, please
contact us to discuss it further.
You can also make a request for your personal information through your adviser or another representative. Your adviser or representative will need
your consent to make this request. If the request is for health information, the consent will need to specify this.
It’s important that we have your correct details, such as your current address and telephone number. When making an access request, please make
sure you update your contact details with us.
Is there a fee?
We will not generally charge you for making an access request. However, we may charge you a reasonable amount to process a subsequent request for
the same information.
If we do charge, this charge will be limited to the costs of processing the request, not for the time taken to make a decision on whether we can release
the information you seek.
These processing costs may include the staff resource needed to compile the information, copying or printing costs, and postage or courier costs.
If there is an access charge, we will provide you with a verbal estimate before we start processing the access request. We will also follow up with a
written estimate. If a charge applies, you will need to accept the charge and make the payment before we start processing the request.
How long does it take to access your information?
The Privacy Act requires us to make a decision on your access request – and convey this to you – within 20 working days of receiving it. However, we
will try and respond to your request as soon as reasonably practicable. Where we cannot make a decision within 20 working days, we will let you know
within this time and explain why.
Usually, we will release your information to you at the same time we respond. However, where we cannot do this, we will provide you with your
information shortly afterwards.
Can we refuse to provide your information to you?
The Privacy Act permits us to withhold personal information from you in certain circumstances. For example, we can refuse to provide you with
commercially sensitive information or legal advice that is subject to legal privilege. We might also refuse to provide you with information that is also
about other people, if we have reason to believe that it would be unwarranted to do so.
If we decide to refuse your request, in whole or in part, we will tell you this within 20 working days and explain why. You can challenge our decision
following the steps set out in Section 7.
Where we do not hold the information you have requested, but we know who does, we’re required to transfer your request to that other person or
agency. We will do this as soon as possible within 10 working days, and let you know.
Can you correct your information?
You can ask us to correct any information we hold about you, or have provided to others, that you believe is inaccurate.
You can do this by contacting us on 0800 500 108 (+64 9 487 9963 if overseas). If the information that is corrected is information we have provided to
others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.
If we’re unable to correct your information, we’ll tell you why. Where we refuse to correct the information, we will, if appropriate, attach your request
to the information as a “statement of correction”. You can challenge our decision following the steps set out in Section 7.
7. How do you make a privacy complaint?
We accept that sometimes we can get things wrong. If you have a concern about your privacy you have the right to make a complaint and we’ll do
everything we can to put matters right.
If you have a concern about the way we’ve handled your personal information, you can ask to speak with our Resolution and Privacy Team, who may be
If this does not resolve your concerns, you can lodge a complaint. Either call us on 0800 500 108 (+ 64 9 487 9963 if overseas) or complete the online form. We’ll review your situation and, in most cases, the team handling your complaint can resolve it straight away. If an initial resolution cannot be
reached, your complaint may be escalated to our Resolution and Privacy team who will undertake a more in depth investigation.
Sovereign acknowledges every complaint we receive and will keep you updated on the progress we’re making towards fixing the problem. We will try
to resolve your complaint within 10 working days, though it may take up to 20 working days if it’s particularly complex. However, if we’re unable to
provide a final response within this timeframe, we’ll contact you to explain why and discuss a timeframe to resolve the complaint.
If you’re not satisfied with the way we’ve handled your complaint, and your privacy concerns are unresolved, you can make a complaint to the Office of the Privacy Commissioner by:
- calling 0800 803 909;
- emailing firstname.lastname@example.org; or
- writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143.
Although you don’t have to, we suggest you do this only after you’ve followed our internal complaint processes set out above.
8. Amendments to this policy
Over time our products and services may change, and the way we do business with you may evolve.
Please take the time to review this policy regularly as we may amend it from time to time to reflect changes in legislation, codes of practice, our business, or the products and services we provide to you.
This policy was last updated in July 2018.