Sovereign's Privacy Policy

 

 

​1. Your privacy is important to us

We know that how we collect, use, disclose and protect your information is important to you, and we value your trust. That’s why protecting your information and being clear about what we do with it is a vital part of our relationship with you.

This Privacy Policy is for Sovereign’s customers and it sets out the way we comply with the requirements of the Privacy Act 1993 and Health Information Privacy Code 1994.

We provide life and disability insurance, health insurance, investments and home loans. Our home loans are managed by ASB Bank, so for information about the way information collected for this service, including your credit reports, is handled, refer to ASB Bank’s Privacy Policy.

During the course of our relationship with you, we may tell you more about how we handle your information. This could be when you complete an application or claim form, receive terms and conditions or a product disclosure statement. When you receive this further information, please consider it carefully. Please also visit our website regularly as we update this policy from time to time.

2. How do we collect your personal information?

Information we collect from you
We collect information from you in a number of ways when you request or use our products or services. For example, you might provide us with information at application or claim time. We might also collect information from you when you contact us, visit us, or visit our website. We generally record inbound and outbound telephone calls for operational purposes such as complaint handling and reporting, quality assurance, and staff training.

The information we collect from you may include your identity and contact details, other details such as gender and marital status, lifestyle information, financial information and health information.

When you use our website or mobile applications, we may collect information about your location or activity including your IP address, telephone number and whether you’ve accessed third party sites. Some of this website information is collected using cookies, which don’t personally identify you but do identify your browser. You can set your browser to refuse cookies but this may mean you won’t be able to take full advantage of our website. We also use Google Analytics to monitor search behavior and to measure traffic flows. Further information regarding Google Analytics can be found at www.google.com/analytics/.

Our website may contain links to non-Sovereign websites. Whilst such links are provided for your convenience, you should be aware that the privacy practices and reliability of the information published on the linked websites might not be the same as ours.

Information we collect from others
We collect information about you from others, such as service providers, medical professionals, agents, advisers, brokers, other insurers, banks and other financial institutions, credit reporting and fraud prevention agencies, employers (whether current or not) or family members.

For example, if you apply for life or income protection insurance, we may collect health and lifestyle information from your general practitioner or another medical professional. We may also collect health information when you make a claim, when you change your policy or when we are investigating your policy.

We may also collect information about you that is publicly available, for example from public registers or social media.

We only collect information from others with your consent. You provide your consent when you complete our application and claim forms. Please take the time to read these carefully.

What happens if you don’t give us consent to collect your personal information?
If you don’t provide us with your personal information when requested, revoke your consent for us to collect personal information from other parties, or provide us with incomplete information during the course of our relationship with you, we may no longer be able to provide you with certain products or services, such as insurance cover or assessment of your claim.

3. How do we use your personal information?

We use your information to provide you with insurance services
We use the information we collect about you to sell you our products and services and, once you take out an insurance policy, to provide insurance services to you. Insurance services include offering you advice, managing and maintaining your policies and assessing and investigating your policies. For example, we may use your information to:

  • establish your identity and the identity of others specified on a policy;
  • assess applications and conduct underwriting;
  • provide you with quotes and set up your premiums;
  • administer our products and services, including calculating commission payments to advisers;
  • assess insurance claims and whether you have met your duty of disclosure at application time;
  • manage our relationship with you;
  • ensure that the products you have and services you receive are meeting your needs and are improved where necessary;
  • assess complaints about the products you use or services you receive;
  • manage and monitor our risks, including identifying and investigating any illegal activity, such as fraud;
  • comply with our legal and ethical obligations – such as sanctions checking or anti-money laundering and countering financing of terrorism laws; or
  • cancel, transfer or change your insurance policies.

 

We may use your personal information for other reasons. Please note that you can opt out of some of these uses. To do so, please contact us on 0800 500 108 (+64 9 487 9963 if overseas).

We may also use your personal information to:

  • conduct customer analysis and research, to ensure that the products and services we offer are the best they can be;
  • price and design our products and services;
  • improve customer experience and train our staff;
  • contact you within a reasonable time following the lapse or cancellation of your policy, or where a quote or application is not proceeded with, for marketing or survey purposes;
  • identify and tell you about other products or services that we think may be of interest to you (you can opt out of this); or
  • conduct special offers or campaigns (you can opt out of this).

 

Improvements in technology enable organisations, like us, to collect and use your personal information to get a more integrated view of customers and provide better products and services.

In order to do this, we (or third parties we contract) may conduct ‘data matching’ by combining your information with information available from a wide variety of external sources, including census or Statistics New Zealand data. We (or third parties we contract) are then able to analyse the data in order to gain useful insights which can assist us to meet the purposes set out above.

We may also use your information in other ways where permitted by law.

4. Who do we disclose your information to?

Our group of companies
Sovereign is part of the AIA group of companies. We may share your information with other AIA group of companies to meet the purposes set out in section 3 above.

Third parties
We may share your personal information with a variety of third parties where this is permitted by law or required to meet the purposes set out in section 3 above. This can include:

  • any third party you authorise us to disclose your personal information to;
  • medical professionals such as medical practitioners, hospitals, or health service providers;
  • suppliers of outsourced functions, for example, mailing houses, research and insight agencies, debt collection agencies, consultants and professional services firms, information technology support and properties management;
  • brokers, agents, advisers and persons acting on your behalf (for example, guardians and persons holding power of attorney);
  • other individuals named on a policy, for example, policy owners or a payer;
  • persons involved in arrangements that provide funding to us, including persons who may acquire rights to our assets - this includes investors, reinsurers and rating agencies;
  • claims-related providers who help us with claims, such as occupational health and disability professionals, assessors and investigators;
  • other insurance companies, banks and other financial institutions, for example, so we can process a claim for mistaken payment or transfer a policy;
  • your current employer, former employers, group scheme policy owners, or other individuals or organisations involved in administering a group scheme;
  • data storage providers;
  • entities established to help identify illegal activities and prevent fraud; or
  • government or law enforcement agencies in New Zealand or overseas, where permitted or required by law - note that we will only share information with these agencies where we believe there are reasonable grounds for doing so.

 

Under 16s and special needs
If you are under 16, or have special needs, we may share your information with your parents or legal guardian or any person appointed to manage your affairs.

Sending information overseas
From time to time, we may send your information overseas, including to other members of the AIA group and to trusted service providers or other third parties which operate or hold information outside New Zealand.

We use cloud-based data storage providers located in Australia, Japan and USA. Your information may also be stored with them.

All of our customer service teams are located within New Zealand, including our call centre.

When we send your information overseas, we make sure that appropriate information handling and security arrangements are in place and/or contractual arrangements exist that place appropriate information handling and security obligations on the recipients or holders of the information (see section 5 below for more information). Please note that New Zealand law may not apply to some of these entities.

5. How do we keep your personal information secure?

Storing your personal information
We store your personal information in the following jurisdictions and locations:

  • In New Zealand:
    • At our head office in Takapuna, Auckland.
    • With ASB Bank – view their Privacy Policy.
    • Through our suppliers that provide IT support, document archiving and destruction services.
  • In Australia:
    • Through our suppliers that provide IT support and through a cloud-based data storage provider.
  • In Japan:
    • Through a cloud-based data storage provider.
  • In USA:
    • Through a cloud-based data storage provider.


Our security safeguards
Wherever your personal information is held, we take all reasonable steps to ensure that it’s safe and secure.

Staff education and training
Privacy training is a mandatory requirement for new and existing Sovereign staff.

Taking precautions when transferring your personal information to third parties (domestic and overseas).
When we send personal information overseas (as set out above), or use trusted third parties to handle or store personal information, we contractually require our business partners to ensure that appropriate information handling and security arrangements are in place.

Building security
We have protection in our building to guard against unauthorised access, such as security barriers, alarms, CCTV and guards (as required). We also have a clear desk policy, to ensure that personal information is not left in view of any external visitors.

System security
We take reasonable steps to protect our systems from unauthorised external and internal access. We have firewalls, intrusion detection systems and virus scanning tools. We limit access to our systems by requiring the use of passwords and ensuring that staff can only access the personal information they need to do their job.

When we send electronic personal information outside Sovereign, we use dedicated secure networks or encryption. We will only email personal information to a customer unencrypted with their express consent.

When you log into our website or apps, we encrypt data sent from your computer to our systems so no one else can access it.

Cloud security
As noted above, we use cloud-based data storage providers in Australia, Japan and the USA.

Personal information stored in Japan is protected by its local privacy legislation, the “Act on the Protection of Personal Information” (APPI), which is generally equivalent to NZ law. Our Australian provider is subject to privacy laws equivalent to those in NZ. Personal information stored in the USA is subject to local privacy laws, as well as the privacy audits and certifications of our cloud-based data storage providers.

Retaining and destroying your personal information
We will retain your personal information until it is no longer needed to complete insurance services relating to the policy, policy owner, life assured or payer or to meet any other legislative requirements. Please note that in certain instances it may be necessary for us to retain some of your personal information after you have ceased to hold your policy with us. It may also be necessary for us to retain information you provide us in an application even if you do not take out insurance with us. This is because the information may be relevant to future applications you may make, and could affect the terms we can offer you at a later date.

We destroy the information we no longer need in a secure manner.

6. How can you access, update and correct your personal information?

Can you get access to your information?
You have the right to ask us for a copy of any personal information we hold about you. As noted above, we may hold policy information, contact information and health and financial information about you. Please note that you may only request information about yourself, unless you have the consent of other parties to request information on their behalf.

You can request your information by calling us on 0800 500 108 (+64 9 487 9963 if overseas), emailing us at privacy@sovereign.co.nz, or writing to us. Alternatively, you may use the Office of the Privacy Commissioner’s ‘AboutMe’ tool for requesting information about yourself. Whichever way you request information, we must take steps to ensure that you are authorised to do so. This might involve conducting an identity check or verifying your signature.

We prefer that you request health information in writing. This is because your health information is particularly sensitive and we want to make sure we release it to the right person. It also ensures that we understand your request fully. However, if you do not wish to make a request in writing, please contact us to discuss it further.

You can also make a request for your personal information through your adviser or another representative. Your adviser or representative will need your consent to make this request. If the request is for health information, the consent will need to specify this.

It’s important that we have your correct details, such as your current address and telephone number. When making an access request, please make sure you update your contact details with us.

Is there a fee?
We will not generally charge you for making an access request. However, we may charge you a reasonable amount to process a subsequent request for the same information.

If we do charge, this charge will be limited to the costs of processing the request, not for the time taken to make a decision on whether we can release the information you seek.

These processing costs may include the staff resource needed to compile the information, copying or printing costs, and postage or courier costs. If there is an access charge, we will provide you with a verbal estimate before we start processing the access request. We will also follow up with a written estimate. If a charge applies, you will need to accept the charge and make the payment before we start processing the request.

How long does it take to access your information?
The Privacy Act requires us to make a decision on your access request – and convey this to you – within 20 working days of receiving it. However, we will try and respond to your request as soon as reasonably practicable. Where we cannot make a decision within 20 working days, we will let you know within this time and explain why.

Usually, we will release your information to you at the same time we respond. However, where we cannot do this, we will provide you with your information shortly afterwards.

Can we refuse to provide your information to you?
The Privacy Act permits us to withhold personal information from you in certain circumstances. For example, we can refuse to provide you with commercially sensitive information or legal advice that is subject to legal privilege. We might also refuse to provide you with information that is also about other people, if we have reason to believe that it would be unwarranted to do so.

If we decide to refuse your request, in whole or in part, we will tell you this within 20 working days and explain why. You can challenge our decision following the steps set out in Section 7.

Where we do not hold the information you have requested, but we know who does, we’re required to transfer your request to that other person or agency. We will do this as soon as possible within 10 working days, and let you know.

Can you correct your information?
You can ask us to correct any information we hold about you, or have provided to others, that you believe is inaccurate.

You can do this by contacting us on 0800 500 108 (+64 9 487 9963 if overseas). If the information that is corrected is information we have provided to others, you can ask us to notify them of the correction. We don’t charge a fee for these requests.

If we’re unable to correct your information, we’ll tell you why. Where we refuse to correct the information, we will, if appropriate, attach your request to the information as a “statement of correction”. You can challenge our decision following the steps set out in Section 7.

7. How do you make a privacy complaint?

We accept that sometimes we can get things wrong. If you have a concern about your privacy you have the right to make a complaint and we’ll do everything we can to put matters right.

If you have a concern about the way we’ve handled your personal information, you can ask to speak with our Resolution and Privacy Team, who may be able to help you understand Sovereign’s Privacy Policy or talk through your concerns with you.

If this does not resolve your concerns, you can lodge a complaint. Either call us on 0800 500 108 (+ 64 9 487 9963 if overseas) or complete the online form. We’ll review your situation and, in most cases, the team handling your complaint can resolve it straight away. If an initial resolution cannot be reached, your complaint may be escalated to our Resolution and Privacy team who will undertake a more in depth investigation.

Sovereign acknowledges every complaint we receive and will keep you updated on the progress we’re making towards fixing the problem. We will try to resolve your complaint within 10 working days, though it may take up to 20 working days if it’s particularly complex. However, if we’re unable to provide a final response within this timeframe, we’ll contact you to explain why and discuss a timeframe to resolve the complaint.

If you’re not satisfied with the way we’ve handled your complaint, and your privacy concerns are unresolved, you can make a complaint to the Office of the Privacy Commissioner by:

  • calling 0800 803 909;
  • emailing enquiries@privacy.org.nz; or
  • writing to the Office of the Privacy Commissioner, PO Box 10-094, The Terrace, Wellington 6143.

Although you don’t have to, we suggest you do this only after you’ve followed our internal complaint processes set out above.

8. Amendments to this policy

Over time our products and services may change, and the way we do business with you may evolve.

Please take the time to review this policy regularly as we may amend it from time to time to reflect changes in legislation, codes of practice, our business, or the products and services we provide to you.

This policy was last updated in July 2018.​​​

Rate our page - did you find this content helpful?YesNo

The information contained on this website is general in nature and is not intended as advice. It may not be relevant to individual circumstances and before making any investment, insurance or financial planning decision; you should consult a professional adviser. Copies of our disclosure statements are available on request, free of charge.​