MVA is an independent motor accident management company and collects information on behalf of insurance companies in order to assess and manage insurance loss under the terms and conditions of the insurance policy.
Collection and Storage
MVA collects personal information from you in a number of different ways. We may collect personal information directly from you or in the course of our dealings with you, for example when you:
- Provide confirmation of personal information provided to us regarding your claim.
- Apply for a position of employment with us.
- Use our website or services (including via cookies).
- Contact and correspond with us.
Where possible we will collect personal information directly from you. The personal information we collect about you may include (but may not be limited to) your name, address, date of birth, contact details, Internet Protocol (IP) address, occupation and education/work history, employer, legal and industry areas of interest, and information specific to the management and loss assessment of a vehicle, and is used for the purposes of your claim under your insurance policy.
We may also, if you consent, collect personal information about you from insurance companies, automotive repair companies, from publicly available sources of information or in some instances from third parties including recruitment agencies, previous employers, government departments and third-party service providers which provide criminal, bankruptcy and other checks.
MVA will take reasonable steps to keep any personal information we hold about you secure.
We only collect personal information where it is reasonably necessary for one or more of our functions or activities, such as assessing, administering and processing an accident claim, or assessing an individual for employment. The purposes for which we collect, use, and hold your personal information may include:
- Verifying your identity.
- Contacting you (including via electronic messaging such as SMS and email, by mail, by phone or in any other lawful manner).
- Providing you with services.
- Facilitating our internal business operations, including internal record keeping and the fulfilment of any legal requirements.
- Developing and improving our services and obtaining feedback.
- Complying with any law, binding regulation, court order, or official request, or where we are permitted by law.
If we are not able to collect personal information about you, we may not be able to administer or process your claim for assessment and repairs; or accept your expression of interest or application for employment with us.
Use and Disclosure
MVA may use or disclose your personal information for the purpose for which it was collected. Parties to whom we may disclose your personal information include:
- Loss Assessors.
- Repairers and Suppliers.
- Insurance Companies.
- Investigators and Recovery Agents.
- Legal and other professional advisors.
- Contracted Advisors and Service Providers who assist us in operating our business (including data storage services, email filtering, virus scanning, payment processors, IT suppliers.
- Third parties to whom you have agreed we may disclose your information.
- The police, any relevant authority or enforcement body.
- Where the use or disclosure is authorised or required by or under an Australian law or court/tribunal order.
Disclosure of personal information overseas We are assisted by a variety of external service providers to deliver our services, some of whom may be located overseas. These third parties are too numerous to list, and they change from time to time. Some examples of the types of third parties include technology service providers who may be located in Canada and the United States of America.
In many cases, we impose contractual restrictions equivalent to those imposed on us under the Privacy Act in respect of collection and use of personal information by those third parties.
You consent to this overseas disclosure and agree that by providing that consent, APP 8.1 under the Privacy Act no longer applies. APP 8.1 requires entities to take such steps as are reasonable in the circumstances to ensure that the overseas recipient does not breach the APPs in relation to the information.
Information about Events, the Website and Our Services
We will never knowingly send unsolicited commercial electronic messages. More information on the Spam Act 2003 (Cth) is available from the regulator’s website: www.acma.gov.au/spam.
If you use our services or subscribe to our mailing list, we may use or disclose your information (excluding sensitive information) for direct marketing purposes and to contact you via email, SMS or other means in order to provide you with updated information about our services, the Website, our events, or to provide you with other information about our products or services.
You will be able to opt-out of direct marketing at any time with no charge to you or request us to provide you with our source of information, by email to email@example.com, or through the unsubscribe link found in all marketing emails we send. We will then ensure that your name is removed from our mailing list.
If you receive communications from us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, you should contact us using the details provided below.
We store personal information in different ways, including in paper and in electronic form. The security of your personal information is important to us. We take appropriate measures to protect the personal information we hold from interference, misuse, loss, unauthorised access, modification or disclosure, including electronic and physical security measures.
The personal information we do collect is hosted on third-party data servers located in Australia and Canada. We take all reasonable steps to ensure any third-party data storage suppliers we partner with have appropriate cyber and physical security controls in place.
Where personal information we hold is no longer required for our business or legal purposes, we delete the information or permanently de-identify it, subject to specific laws in respect of data retention.
The information we keep about you
Our aim is to always have accurate, complete, up-to-date and relevant personal information.
You may access the personal information we hold about you upon making a written request. We will respond to the request within a reasonable period. We may charge a reasonable fee for processing your request (but not for making the request for access).
We may decline a request for access to personal information in circumstances prescribed by the Privacy Act or other relevant legislation, and if we do, we will give you a written notice that sets out the reasons for the refusal (unless it would be unreasonable to provide those reasons).
If, upon receiving access to your personal information or at any other time, you believe the personal information we hold about you is inaccurate, incomplete or out of date, please notify us immediately. We will take reasonable steps to correct the information so that it is accurate, complete and up to date.
If we refuse to correct the personal information, we will give you a written notice that sets out our reasons for our refusal (unless it would be unreasonable to provide those reasons), including details of the mechanisms available to you to make a complaint. There is no fee for making any corrections to your personal information.
How to contact us or make a complaint
We will take any privacy complaint seriously. We will aim to resolve any such complaint in a timely and efficient manner, and our target response time is 30 days.
We expect that our procedures will deal fairly and promptly with your complaint. However, if you remain dissatisfied, you can also make a formal complaint with the Office of the Australian Information Commissioner (OAIC). To lodge a complaint, visit the ‘Complaints’ section of the OAIC’s website, located at https://www.oaic.gov.au/privacy/privacy-complaints, to obtain the relevant complaint forms, or contact the Information Commissioner’s office.