This policy explains how your private information is managed by Xtras Health Plan Ltd, how it is collected and how it is used.

We may change the way we handle personal information from time to time for any reason.

Privacy Policy may be updated from time to time, If we do so,we will up date this Privacy Policy. The latest version is available at https://xhp.com.au

Personal information includes any information or opinion, about an identified individual or an individual who can be reasonably identified from their information. The information or opinion will still be personal information whether it is true or not and regardless of whether we have kept a record of it.

The information that we seek to collect about you is to provide you a service in relation to your membership of Xtras Health Plan Savings Scheme. If you do not allow us to collect all of the information we request, we may not be able to deliver all of those services effectively.

Information that is collected could include your name, address, contact details and date of birth.We may also collect your tax file number if we are authorised to collect it and if you choose to supply it.

Generally, we only information if it is necessary to provide you with service and you have consented to that collection. For example, we may collect your details for informed financial consent for treatment that you have requested of a Preferred Provider using Xtras Health Plan Platform.

The main reason we collect, use, hold and disclose personal information is to provide you our membership services. This includes:

• checking whether you are eligible for membership e.g. Australian resident status or Citizenship
• assisting you where online applications are not completed as required by our Authorisations.
• providing you our service; and
• helping you access and manage your membership.

We may also use your information to comply with legislative or regulatory requirements in any jurisdiction, prevent fraud, crime or other activity that may cause harm in relation to our services and to help us run our business. We may also use your information to tell you about services we think may interest you.

We collect most personal information directly from you. For example, we will collect your personal information when you apply for our service or talk to us in person or on thephone.

We also collect information from you electronically. For instance, when you visit our website or when every our apply for or access Xtras Health Plan website.

Sometimes we collect personal information about you from other people ororganisations.This may happen without your direct involvement .For instance, we may collect personal information about you from:

• Publicly available sources of information, such as public registers.
• Health partners, who provide health services to you.
• Commercial information service providers, such as companies that provide fraud prevention reports.

We are required or authorised to collect:

• certain identification information about you by the Anti-Money Laundering and Counter-Terrorism FinancingAct2006 (Cth) and Anti-Money Laundering and Counter-Terrorism Financing Rules Instrument 2007 (No.1).
• Your Tax File Number, if you choose to provide it, by the Income Tax Assessment Act 1936 (Cth);C

Information we hold about you is stored electronically in secure data centres located in Australia.

• access to information systems is controlled through identity and access management.
• employees are bound by internal information security policies and are required to keep information secure.
• all employees are required to complete training about information security; and
• we regularly monitor and review our compliance with internal policies and industry best practice.

We take reasonable steps to destroy or permanently

De-identify any personal information after it can no longer be used.

We may be required to provide personal information that we have about you to

• Fraud bureaus or other organisations to identify investigate or prevent fraud or other misconduct.
• External dispute resolution schemes; and regulatory bodies, government agencies and law enforcement bodies in any jurisdiction.

We do not disclose your information to anyone overseas except if required under the law, AML/CTF provisions, FATCA CRS provisions.

We will use your personal information to offer you services as intended for in the platform and that which we believe may interest you, but we will not do so with out your permission. Communications may take various forms, including by mail, telephone, email, SMS or other electronic means, such as through social media or targeted advertising

• We are required or authorised by law or where we have a public duty to do so.
• We are otherwise permitted to disclose the information under the Privacy Act.
• You may opt-out at any time by informing us via email. The email is [email protected]

We will collect information from you electronically, for instance through internet browsing, mobile or tablet applications.

Each time you visit our website ,we collect information about your use of the website, which may include the following:

• The date and time of visits.
• Which pages are viewed.
• How users navigate through the site and interact with pages (including fields completed in forms and applications completed).
• Location information about users.
• Information about the device used to visit our website; and IP addresses.

We use technology called cookies when you visit our site. Cookies are small pieces of information stored on your hard drive or in memory. They can record information about your visit to the site, allowing it to remember you the next time you visit and provide a more meaningful experience.

One of the reasons for using cookies is to offer you increased security. The cookies we send to your computer cannot read your hard drive, obtain any information from your browser or command your computer to perform any action.

We won’t ask you to supply personal information publicly over Facebook, Twitter, or any other social media platform that we use. Sometimes we may invite you to send your details to us via private messaging, for example, to answer a question about your account. You may also be invited to share your personal information through secure channels to participate in other activities, such as competitions.

You can request access to the personal information we hold about you. You can also ask for corrections to be made. To do so, please contact us

There is no fee for requesting that your personal information is corrected or for us to make corrections. In processing your request for access to your personal information, a reasonable cost may be charged. This charge covers such things as locating the information and supplying it to you.

There are some circumstances in which we are not required to give you access to your personal information.

If we refuse to give you access to or to correct your personal information we will give you a notice explaining our reasons except where it would be unreasonable to do so.

If we refuse your request to correct your personal information, you also have the right to request that a statement be associated with your personal information noting that you disagree with its accuracy.

If we refuse your request to access or correct your personal information, we will also provide you with information on how you can complain about the refusal.

If you are concerned about how your personal information is being handled or if you have a complaint about us, please contact us.

We will acknowledge your complaint as soon as we can after receipt of your complaint. We will let you know if we need any further information from you to resolve your complaint.

We aim to resolve complaints as quickly as possible. We strive to resolve complaints within five business days but some complaints take longer to resolve .If your complaint is taking longer, we will let you know what is happening and a date by which you can reasonably expect a response.

If you are unhappy with our response, there are other bodies you can take your complaints to.

Under the Privacy Act you may complain to the Office of the Australian Information Commissioner about the way we handle your personal information.

The Commissioner can be contacted at: GPO Box 5218

Sydney NSW 2001

Phone: 1300 363 992

web: www.oaic.gov.au