Yamaha Motor Insurance Australia Privacy Policy

1. WHO ARE WE?

In this privacy policy “YMI”, “we”, “us” and “our” means Yamaha Motor Insurance Australia Pty Ltd ACN 603 882 980, which is a wholly owned subsidiary of Yamaha Motor Finance Australia Holdings Pty Ltd ACN 687 834 224  and its related bodies corporate (the “Yamaha Finance Group”).

YMI provides several insurance products throughout Australia. YMI also operates under the registered trading names of MI-BIKE Motorcycle Insurance and MI-BOAT Marine Insurance. 

This privacy policy explains how we manage, and how to contact us if you have any further queries about, your personal information that we collect, use and disclose in connection with:

  • use of the YMI website (www.yamaha-motor.com.au) (“Website”);
  • any enquiries or applications you make through the Website, or by email or telephone with us;
  • ·our assessment of your application for insurance, or ongoing administration of your insurance arrangements; and
  • the provision of our products and services,

(collectively, the “Services”).

This privacy policy also applies to information collected from candidates in connection with the application and recruitment process for employment with us. 

We are bound by the Privacy Act 1988 (Cth) (“Privacy Act”), the Australian Privacy Principles (“APPs”) contained in the Privacy Act  and any relevant codes upon which this privacy policy is based.

2. WHAT INFORMATION DO WE COLLECT?

PERSONAL INFORMATION

Personal information is information or an opinion about an identified individual or an individual who is reasonably identifiable. For most of the Services we provide, it is necessary for us to collect ‘personal information’ such as your name, identity details, contact details, demographic information such as address, preferences and interests about our products and services and other information relevant to customer surveys, social medial, product research and/ or offers. If the information about you cannot be reasonably connected to you, this privacy policy does not apply as your de-identified information is not personal information (for example, where we have aggregated and anonymised your personal information).

SENSITIVE INFORMATION

Personal Information also includes ‘sensitive information’. In the event you provide us any sensitive information such as health or disability information, we will ask for your consent to collect, use and disclose that information as permitted by law.

WEBSITE INFORMATION

When you use the Website or mobile applications, we may collect information about your location or activity including IP address, telephone number and whether you have accessed a third-party site from the Website. We refer to this information as ‘website information’.

Some of this website information  is collected using cookies (see section 11 ‘HOW WE USE COOKIES’) and is used to improve our services and enhance your online experience with us and does not identify the internet browser. Where we do identify you (such as where a customer has logged onto one of our online services), we will treat any use or disclosure of that information in accordance with this privacy policy.

EMPLOYMENT CANDIDATE PERSONAL INFORMATION

When you apply for employment with us or an entity in the Yamaha Finance Group, this privacy policy applies to the personal information you share with us or the Yamaha Finance Group, or that is otherwise acquired by us or the Yamaha Finance Group, during the application and/ or recruitment process, including but not limited to:

  • your name, address, email address, telephone number and other contact information;
  • personal information contained in your CV, resume, cover letter and other accompanying documents relating to your application;
  • personal information obtained from interviews and reference checks (including referee checks,  national police check and an insolvency check); and
  • personal information obtained from publicly available sources. 

3. WHAT WE DO WITH INFORMATION WE DID NOT ASK FOR

Where we receive unsolicited information, we will check whether that information is reasonably necessary for our functions or activities. If it is, we will handle this information the same way described in section 8 ‘HOW DO WE HANDLE  YOUR INFORMATION’. If not, we will ensure we de-identify it or destroy it.

4. WHY WE COLLECT YOUR INFORMATION?

We collect your information for the primary purpose of providing and improving the Services. This includes so we can:

  • underwrite and administer your insurance cover;
  • advise you about and determine what other services or products we can provide to you or that may interest you;
  • identify you and conduct necessary checks;
  • issue, manage and administer services and products provided including processing requests for quotes, applications for insurance, underwriting and pricing policies, answering your requests and complaints, varying products and services and taking legal and/or enforcement action;
  • issue you with a policy and manage claims and claims investigation, handling and settlement; and
  • engage in dispute resolution, complaints handling and reporting to dispute resolution bodies.

 

From time to time, we also collect your information for a secondary purpose (in addition to the primary purpose). Information may be applied towards a secondary purpose if the secondary purpose is related to a primary purpose of collection and the use or disclosure would be within your reasonable expectations. Relevant secondary purposes arising in connection with this privacy policy may include (without limitation) to:

 

  • comply with our legal obligations;
  • maintain and improve our services and products;
  • send promotional emails and make special offers or offer other services and products provided by us or those we have an association with, that might be of interest to you; and
  • carry out the application and recruitment process, which includes, but is not limited to, assessing your application and skills, identifying you, verifying your information, conducting reference checks (including referee checks, national police checks and insolvency checks), and complying with all applicable laws and regulations.

5. WHAT IF YOU DON’T PROVIDE US WITH YOUR INFORMATION?

If we are unable to collect personal information from or about an individual or an individual refuses to provide with us any forms, guides or documents as requested by us (such as a completed privacy consent form and relevant identity documents), we may not be able to do business with that individual or the organisation with which the individual is connected and/ or administer our services appropriately.

6. HOW DO WE COLLECT YOUR INFORMATION?

When required, we will collect personal information directly from the individual it relates to (unless you have consented to us collecting it from someone other than you or it is unreasonable or impracticable for us to do so or the law permits us to do so).  This may take place in a number of ways, such as when an application for a product or service is completed or a product or service is requested over the telephone, internet, via social media, SMS, email, or via our authorised dealers. 

If you provide us with information about someone else, you must only do so with their consent and agree to refer them to the online location of this privacy policy. 

7. AUTOMATED DECISION MAKING

When you apply for one or more of our products and/ or services, it is likely that we will use computer-based software that takes the personal information that has been input into our origination platform about you and provides us with insurance pricing and a decision to either accept, refer or reject your application for our products and/ or services.

We may review the computer-based decision made and take additional actions and steps regarding your application, whereby the decision provided is either a refer or reject decision. This is because we may need further information or certain information may need to be further investigated. The first decision made may not be the final outcome provided.

The kinds of personal information that are used in the operation of such computer-based software is as follows:

  • date of birth; and
  • postcode.

 

8. HOW DO WE HANDLE YOUR PERSONAL INFORMATION 

We may provide your personal information to other entities in the Yamaha Finance Group, and they may disclose or use your personal information for the purposes described in section 4 ‘WHY DO WE COLLECT YOUR INFORMATION’ in relation to products and services they may provide to you unless you tell us not to either verbally or in writing. Where you advise us that you do not wish to have your personal information provided to other entities in the Yamaha Finance Group, we may not be able to continue doing business with you or the organisation to which you are connected to. 

Entities in the Yamaha Finance Group may also use your personal information to help them provide products and services to other customers, but they will never disclose your personal information to another customer. At any time, you may advise us either verbally or in writing that you withdraw your consent by using the details described in section 16 ‘CONTACT DETAILS’. 

We will use and disclose your personal information for the purposes we collected it as well as purposes that are directly related, where you would reasonably expect us to. We may disclose your personal information to and/ or collect your personal information from:

 

  • the Yamaha Finance Group and other related bodies corporate;
  • any of our Yamaha Finance Group joint ventures where authorised or required;
  • customer, product, business or strategic research and development organisations;
  • extended warranty providers;
  • data warehouse, strategic learning organisations, data partners, analytic consultants;
  • social media and other virtual communities and networks where people create, share or exchange information;
  • publicly available sources of information;
  • clubs, associations, member loyalty or rewards programs and other industry relevant organisations;
  • a third party that we have contracted to provide financial services, financial products, or administrative services – for example:
  • information technology providers.
  • administration or business management services, consultancy firms, auditors, and business management consultants.
  • marketing agencies and other marketing service providers.
  • claims management service providers.
  • print, mail, and digital service providers; and
  • imaging and document management services.
  • any intermediaries, including your agent, adviser, a broker, representative or person acting on your behalf, other Australian Financial Services Licensee, other Australian Credit Licensees or our authorised representatives, advisers, and our agents;
  • a third-party claimant or witnesses in a claim;
  • a third-party as required by law;
  • accounting or finance professionals and advisers;
  • an employer, trustee or custodian associated with membership of a superannuation fund, investment/ managed fund, or life insurance policy;
  • government, statutory or regulatory bodies and law enforcement bodies;
  • policy or product holders or others who are authorised or noted on the policy as having a legal interest, including where you are an insured person but not the policy or product holder;
  • in the case of a relationship with a corporate partner such as a bank or a credit union, the corporate partner, and any new incoming insurer;
  • the Australian Financial Complaints Authority or any other complaint or external dispute resolution body;
  • insurers that we act as agent of under a binder authority, other insurers, reinsurers, insurance investigators and claims or insurance reference services, loss assessors and adjusters, financiers;
  • an authorised repairer associated with us;
  • legal and any other professional advisers or consultants;
  • hospitals and medical, health or wellbeing professionals;
  • debt collection agencies, organisations involved in valuing, surveying or registering an interest in a property taken or proposed to be taken as security for any loan facility, or which otherwise have an interest in such property, purchasers of debt portfolios;
  • ·vehicle manufacturers and/ or suppliers of any financed asset; and
  • any other organisation or person, where you have asked them to provide your personal information to us or asked us to obtain personal information from them, such as your family member.

We will use a variety of methods to collect and disclose your personal information from, including through written forms, telephone calls and electronic means. We may collect and disclose your personal information during the information life cycle, regularly, or on an ad hoc basis, depending on the purpose of collection.

9. OVERSEAS DISCLOSURE

Sometimes, for the same purposes as set out in section 4 ‘WHY DO WE COLLECT YOUR INFORMATION’, we need to provide your personal information to, or get personal information about you from, entities located overseas. Overseas entities may be required to disclose that information to relevant foreign authorities under a foreign law.

The countries we usually disclose your personal information to include India, Japan, New Zealand, Singapore, Philippines, United States of America, United Kingdom, Germany and France (although from time to time, there may also be other countries between which we need to transfer your information). This includes where we may store information about you in the cloud or other types of networked or electronic storage. As electronic or networked storage can be accessed from various countries through an internet connection, it is not always practical to know in which country information about you may be held.

We will ensure that appropriate safeguards are in place to protect your personal data to the extent it is transmitted outside Australia, either through adequate protection mechanisms (consistent with the Privacy Act) or compliance with the European Commission’s Standard Contractual Clauses (for data transfers between EU and non-EU countries) (which is considered to be industry best practice).

If there is a change of control of YMI or a sale or transfer of business assets, we reserve the right to transfer, to the extent permissible by law, our user databases, together with any personal information and non-personal information contained in such databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality.

10. YOUR PERSONAL INFORMATION AND OUR MARKETING PRACTICES 

Every now and then, we and any entities in the Yamaha Finance Group, may use the personal information collected about you for the provision of the Services to contact you (including via mail, SMS, email, telephone or online) about news, special offers, products and services that may be of interest to you. We will only use your personal information for the secondary purpose of direct marketing where:

  • we have collected your personal information;
  • it is reasonably expected that the information would be used for the purposes of direct marketing;
  • we provide a simple means through which you can request not to receive marketing communications; and
  • you have not requested that such communications cease.

You can contact us to update your marketing preferences at any time by using the details described in section 16 ‘CONTACT DETAILS’.

Our direct marketing is conducted by exchanging your personal information with other entities that provide us with specialised data matching, trending or analytical services, as well as general marketing services (you can see the full list of persons and organisations under section 8 ‘HOW DO WE HANDLE YOUR INFORMATION’). We may also collect your personal information for marketing through competitions and by purchasing contact lists.  

We, the Yamaha Finance Group and our service providers, may combine the personal information collected from you or others with information that is already held about you. We may also use online targeted marketing, data and audience matching and market segmentation to improve advertising relevance to you.

11. HOW WE USE COOKIES 

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets us know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve the Website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. 

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the Website.

12. LINKS TO OTHER WEBSITES

The Website may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, we strongly advise you to review the privacy policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. 

13. SECURITY OF YOUR PERSONAL INFORMATION

We take the security of your personal information seriously and will take all reasonable steps to protect your personal information from misuse, loss, unauthorised access, unauthorised modification and unauthorised use or disclosure.

Some of the ways we protect your personal information include, but are not limited to:

  • restricting personal information to staff who require it to perform their day-to-day functions only;
  • implementing certain technology to prevent unauthorised computer access including identifiers, passwords, firewalls and antivirus software;
  • encryption of data that has been stored;
  • secure storage of data at our office premises and back up facility located in Australia;
  • 'other security controls including but not limited to firewall and antivirus software on endpoints, annual penetration testing, data transmission over https and sftp;
  • implementing policies and procedure for handling of personal information and training of employees; and
  • securely storing hard copy documents. 

14. HOW TO ACCESS AND CORRECT YOUR PERSONAL INFORMATION

You can access most of the personal information we hold about you by using the contact details described in section 16 ‘CONTACT DETAILS’. We will need to confirm your identity before providing you access to the information requested. We will try to provide you the personal information requested within a reasonable period of your request.

We may charge an access fee to cover the cost of retrieving the information and supplying it to the person who has requested access.

Access to personal information may be refused in a number of circumstances, such as where the information relates to anticipated legal proceedings or the request for access is frivolous or vexatious. If we deny or restrict an individual's access, we will write to you explaining why access was refused or restricted.

It is very important for us to have your correct details to service you better. If you become aware that the information we hold about you is not correct or if you wish to update your information, please contact us by using the contact details described in section 16 ‘CONTACT DETAILS’. We will correct inaccurate personal information or credit related information within 30 days of a correction request and will send written notice confirming the correction within a reasonable period. In the event information was previously disclosed to another entity or third party, we will also take reasonable steps to notify them of the inaccurate information.

15. MAKING A COMPLAINT

If an individual believes that the privacy of their personal information has been compromised or would like to make a complaint, you can contact YMI on:

By phone: 1300 794 454

By email: Customer Service Email Help

We will investigate and respond to your complaint as soon as possible. If you disagree with our decision, you may refer your complaint to the Office of the Australian Information Commissioner(“OAIC”) by visiting www.oaic.gov.au, calling 1300 363 992, emailing enquiries@oaic.gov.au, or writing to GPO Box 5218 Sydney NSW 2001.

Further, you may also complain to the Australian Financial Complaints Authority (“AFCA”). AFCA’s details are:

Website: afca.org.au
Email: info@afca.org.au
Telephone: 1800 931 678 (free call)
In writing: Australian Financial Complaints Authority, GPO Box 3, Melbourne, VIC 3001

16. CONTACT DETAILS

If you would like more information about YMI’s approach to privacy, please contact our Customer Service on 1300 794 454, by email: Customer Service Email Help or by visiting our website: www.ymia.com.au

17. CHANGES TO THIS PRIVACY POLICY

This policy may change from time to time. Please visit our website regularly as we will let you know of any changes to this policy by a notification on our website. In addition, over the course of our relationship with you, we may tell you more about how we handle your information.  This could be when you complete an application or form. We recommend you review these statements as they may have more specific details for your product holding.

https://www.yamaha-motor.com.au/privacy/policies/ymi-australia-privacy-policy

18. DATA BREACH NOTIFICATION

In the event of an eligible data breach (as defined in the Privacy Act), we will:

  • comply with our obligations under the Notifiable Data Breaches scheme, including promptly investigating the breach.
  • where required, prepare a statement outlining the breach and provide it to the OAIC and notify affected individuals.
  • include details in that statement about the nature of the breach, the types of information involved, steps we recommend you take to protect yourself, and how you can contact us for further information.

If you have any questions about how we manage data breaches, please contact us by using the contact details described in section 16 ‘CONTACT DETAILS’.