Privacy Policy

The Personal Information we collect and hold about you and other individuals will differ depending on our relationship, including the type of communications between us and the products and services we provide. Different types of Personal Information will be held if you are a consumer insurance policyholder or claimant, or you have enquired about our services, compared to where you benefit from insurance coverage under an insurance policy taken out by another policyholder (for example, you are insured under a corporate policy taken out by your employer).

Likewise, we will hold different Personal Information if you are a commercial insurance broker or appointed representative, a witness, or another individual with whom we have a relationship. 

As we are in the business of providing insurance, claims handling, assistance and related services, the Personal Information we hold and process, depending on our relationship, includes:

Type of Personal Information	Examples
1. Contact information	Name, address, email, telephone number and social networking profile details
2. General information	Gender, marital and family status, date and place of birth, physical characteristics (appropriate to the circumstances), your status as director or partner, or other ownership or management interest in an organisation, your signature, and other identifiers
3. Education and employment information	Educational background, employer details and employment history, skills and experience, professional licenses, memberships, and affiliations
4. Insurance and claim information	Policy and claim numbers, relationship to policyholder, insured, claimant or other relevant individual, date and cause of property damage, loss or theft, injury, disability or death, activity records (for example, driving records), and other information relevant to insurance policy issuance, and claim assessment and settlement. For liability insurance, this will include details of the dispute, claim or proceedings involving you.
5. Government and other official identification numbers	Social security or national insurance number, passport number, tax identification number, driver’s license number, or other government issued identification numbers or documents
6. Financial information and account details	Payment card number (credit or debit card), bank account number, or other financial account number and account details, credit history, credit reference information and credit score, assets, income, and other financial information, account log-in information and passwords for accessing insurance policy, claim and other accounts, and AIG Digital Services
7. Medical condition and health status	Current or previous physical, mental or medical condition, health status, injury or disability information, medical diagnosis, medical procedures performed and treatment given, personal habits (for example, smoking or consumption of alcohol), prescription information, and medical history
8. Other sensitive information	Information about religious beliefs, ethnicity, political opinions or trade union membership (for example, if an insurance application is made through a third-party marketing partner that is a professional, trade, religious, community or political organisation), sexual life and orientation, or genetic or biometric information We may obtain information about criminal records or civil litigation history (for example, for preventing, detecting, and investigating fraud). Information provided voluntarily to us (for example, preferences expressed regarding medical treatment based on religious beliefs) (where collected in accordance with applicable law)
9. Telephone recordings	Recordings of telephone calls with our representatives and call centers
10. Photographs and video recordings	Images (including photographs and pictures) or video recordings created in connection with our insurance or other business activities, including for claims assessment, administration and settlement, claim disputes, or for other relevant purposes as permitted by law, as well as CCTV recordings captured by equipment on our premises
11. Information to detect, investigate or prevent crime, including fraud and money laundering	Insurers commonly collect, hold, and share information about their previous dealings with policyholders and claimants with the intention of the detection, investigation and prevention of fraud, money laundering and other criminal activities. In this regard, we may have a duty at law to disclose such information to the relevant regulators, government authorities, enforcement agencies and/or other government bodies.
12. Information enabling us to provide products and services	Location and identification of property insured (for example, property address, vehicle license plate or identification number), travel plans, age categories of individuals to be insured, details of the risks to be insured, prior accident or loss history, and cause of loss, status as company officer or director, or partner, or other ownership or management interest in an organisation, history of disputes, civil or criminal proceedings or formal investigations involving you, and information about other insurance held
13. Marketing preferences, marketing activities and customer feedback	Marketing preferences, information relating to competition, prize draw or other promotion entry, or responses to voluntary customer satisfaction surveys To improve our marketing communications, we may collect information about interaction with, and responses to, our marketing communications
14. Online activity information	We will receive Personal Information about you when you use AIG Digital Services; this may include your social media account identifier and profile picture, your IP address and other online identifiers (to the extent that they are Personal Information), and other Personal Information that you provide to us online If you choose to connect your social media account provided by another social media service provider to your account on any of the AIG Digital Services, Personal Information from your other social media account may be shared with us, which may include Personal Information that is part of your social media account profile, or the profiles of your friends and other connected individuals
15. Supplemental information from other sources	We and our service providers may supplement the Personal Information we collect with information obtained from other sources (for example, publicly available information from online social media services and other information resources, third-party commercial information sources, and information from our group companies and business partners). We will use any such supplemental information in accordance with applicable law (including obtaining your consent where required)

We use Personal Information to carry out our business activities.  The purposes for which we use your Personal Information will differ based on our relationship, including the type of communications between us and the services we provide. Personal Information will be used for different purposes if you are a policyholder, insured or claimant under an insurance policy, a commercial insurance broker or appointed representative, a witness or another individual with whom we have a relationship.

Data protection law seeks to ensure that the way Personal Information is processed is fair. To comply with the law, we need to tell you the legal justification we rely on for using your Personal Information. While the law provides several legal justifications, this Policy describes the main legal justifications that may apply to our purposes for using Personal Information.

We may be required to obtain Personal Information from you to comply with applicable legal requirements, and certain Personal Information may be needed to enable us to fulfil the terms of our contract with you (or someone else), or in preparation of entering into a contract with you (or someone else), or for pursuing a right and/or legitimate interest of ours or of third parties. We may inform you of this at the time that we are obtaining the Personal Information from you.  In these circumstances, if you do not provide the relevant Personal Information to us, we may not be able to provide our products or services to you.  If you would like further information, please contact us using the details below (see section below ‘Who to contact about your Personal Information?’).

Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Information, those legitimate interests will be set out in a supplemental privacy notice (which is tailored to our relationship with you where this is useful to provide you with a full picture of how we collect and use Personal Information), but in any event our legitimate interests will usually be:

• pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing);
• compliance with applicable legal and regulatory obligations, and any guidelines, standards, and codes of conduct (for example, by carrying out background checks or otherwise preventing, detecting or investigating fraud or money laundering);
• improvement and development of our business operations and service offering, or those of a third party;
• protection of our assets, information, business, shareholders, employees and customers, or those of a third party (for example, ensuring IT network and information security, enforcing claims, including debt collection);
• to keep our IT network/systems secure, prevent/detect crime and ascertain compliance with internal roles for using the system; and
• analysing competition in the market for our services (for example, by carrying out research, including market research)

We may need to collect, use, and disclose Personal Information in connection with matters of important public interest, for instance when complying with our obligations under both local and foreign anti-money laundering and terrorist financing laws and regulations, and other laws and regulations aimed at preventing financial crime.  In these cases, the legal justification for our use of Personal Information is that the use is necessary for matters of public interest, legitimate interest, or legal obligation. Additional justifications may also apply depending on the circumstances.

Sensitive/Special Categories of Personal Information

For more sensitive/special categories of Personal Information we will rely on either:

• your consent; or
• one or more of the other legal justifications set out below (however other legal justifications may be available):
  • the use is necessary for the establishment, exercise or defense of legal claims, or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the processing of Personal Information); 
  • the use is necessary for the purposes of preventive or occupational medicine, medical diagnosis or the provision of health or social care or treatment; or
  • the use is necessary for complying with a legal obligation.

These more sensitive/special categories of Personal Information include Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning an individual’s sex life or sexual orientation.

Processing of Personal Information relating to criminal convictions and offences is subject to the requirements of applicable law.

We use Personal Information to carry out our business activities.  The purposes for which we use your Personal Information will differ based on our relationship, including the type of communications between us and the services we provide. Personal Information will be used for different purposes if you are a policyholder, insured or claimant under an insurance policy, a commercial insurance broker or appointed representative, a witness or another individual with whom we have a relationship.

The main purposes for which we use Personal Information are to:

A. Communicate with you and other individuals.

B. Make assessments and decisions (automated and non-automated, including by profiling individuals) about: (i) the provision and terms of insurance and (ii) settlement of claims and provision of assistance and other services.

C. Provide insurance, financial services, claims and assistance services, and other products and services which we offer, including claim assessment, administration, settlement and dispute resolution and administering, maintaining, managing and operating such products and/or services including any renewals. Such activities include: (i) sending you important information regarding changes to our policies, other terms and conditions, renewal of policies, AIG Digital Services and other administrative information; (ii) processing, assessing and determining any applications or requests made by you for insurance products or services; (iii) processing your Personal Information in connection with any claims made under any insurance products or in respect of any services provided by us including, without limitation, making, defending, analysing, investigating, processing, assessing, determining or responding to such claims; (iv) performing any functions and activities related to the insurance products and/or services provided by us including, without limitation, obtaining reinsurance, auditing, reporting and general servicing and maintenance of online and other service.

D. Assess your eligibility for payment plans and process your premium and other payments.

E. Improve the quality of our products and services, provide staff training and maintain information security (for example, for this purpose we may record or monitor phone calls).

F. Prevent, detect, and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks.

G. Carry out research and data analysis, business, and process enhancements, including analysis of our customer base and other individuals whose Personal Information we collect, complete market research, including customer satisfaction surveys, for the purposes of business innovation and assess the risks faced by our business, in accordance with applicable law (including obtaining consent where required).

When we refer to “data analytics”, we mean the use of your Personal Information to analyse, measure and understand various different aspects of our relationship with you, our products and our services, including how you and other people use our services, how our products are performing, and the ways you interact with us and us with you.

H. Provide marketing information in accordance with preferences you have told us about (marketing information may be about products and services offered by our third-party partners subject to your expressed preferences). We may carry out marketing activities in accordance with your preferences by using email, SMS and other text messaging, post, or telephone.

I. Allow you to participate in competitions, prize draws and similar promotions, and to administer these activities. These activities have additional terms and conditions, which will contain more information about how we use and disclose your Personal Information where this is useful to provide you with a full picture of how we collect and use Personal Information, so we recommend that you review those too.

J.Personalise your experience when you use AIG Digital Services or visit third party websites by presenting information and advertisements tailored to you, identify you to anyone to whom you send messages through the AIG Digital Services, and facilitate sharing on social media.

K. Manage our business operations and IT infrastructure, in line with our internal policies and procedures, including those relating to finance and accounting; billing and collections; IT systems operation; data and website hosting; data analytics; business continuity; records management; document and print management; and auditing.

L. Manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Information.

M. Comply with applicable laws and regulatory obligations (including laws and regulations outside your country of residence), for example, laws and regulations relating to anti-money laundering, sanctions and anti-terrorism; comply with legal process and court orders; respond to requests from public and government authorities (including those outside your country of residence); meeting the requirements to make disclosure pursuant to any law binding on us or for the purposes of complying with any regulations or guidelines issued by any regulatory or other authorities which have jurisdiction over AIG Australia or any AIG Affiliates; and for audit, compliance, investigation and inspection purposes.

N. Establish, enforce, and defend legal rights to protect our business operations, and those of our group companies or business partners, and secure our rights, privacy, safety or property, and that of our group companies or business partners, you, or other individuals or third parties; to enforce our terms and conditions; and pursue available remedies and limit our damages.

O.Matching any Personal Information held by us relating to you from time to time for any of the purposes listed in this Privacy Policy.

P. Conducting background and identity checks, such as for the purposes of verifying your identity in order to respond to your request to be provided with a duplicate policy or other documentation, any request made by you to change your address in our records, or any request by you to change your bank account or payment or other details in our records.

Q. Conducting credit checks on you- such as analysing, verifying and/or checking your credit, payment and/or status in relation to your ability to use the services.

R. Carrying out due diligence or other screening activities in accordance with legal or regulatory obligations or risk management procedures that may be required by law or that may have been put in place by us.

S. Determining any amount of indebtedness owing to or from you and collecting or recovering any amount owing from you or any person who has provided security or an undertaking for such liabilities of yours.

T. Enabling an actual or proposed purchaser, assignee, transferee, participant or sub-participant of AIG’s rights or business to evaluate the transaction intended to be the subject of a reorganisation, merger, sale, joint venture, assignment, transfer, participation, or sub-participation.

By applying for insurance with AIG and/or in accessing and using AIG Digital Services, you consent to the collection, use, disclosure and/or otherwise processing of any of your Personal Information in the ways described in this Privacy Policy. We may also, where required, obtain your consent for the collection, use, disclosure and/or otherwise processing your Personal Information as described in this Privacy Policy through other relevant documentation (such as through application forms). Any consent given by you will not be affected by the termination or expiry of your insurance policy.

Unless otherwise restricted by the applicable law, you may withdraw your consent to the collection, use, disclosure, or processing of any of your Personal Information at any time by contacting us (please see section titled “Who to contact about your Personal Information” in this Privacy Policy for the contact details). We will effect your withdrawal of consent within a reasonable period or required period after receiving your request. We will, thereafter, cease to collect, use, or disclose your Personal Information, unless required under applicable laws.

Should you withdraw your consent, we may not be able to provide you with the services that you have requested  and we will inform you of the consequences of such withdrawal of consent where applicable.

We are committed to detecting and preventing fraud, and other financial crime.  We take this commitment very seriously and use Personal Information in a number of ways for this purpose. 

For example, if relevant to our relationship with you, we will (where permitted by applicable law):

• submit your Personal Information (including details of any claims you make, for example, details of injuries) so that they appear on registers of claims which are shared between different insurance providers;
• search registers of previous claims when assessing a claim; and
• share your Personal Information with other insurers, fraud prevention agencies databases, and law enforcement agencies. 

For further details, please see the section below ‘Who is Personal Information shared with?' or please contact us using the details provided below (see section below ‘Who to contact about your Personal Information?’). 

Sometimes, as part of our business operations, decisions about you are taken using automated computer software and systems.  These decisions do not involve human input, and the software and systems apply pre-defined logic programming and criteria to make a decision and assess how we deal with you in connection with the provision of services.

For example, we sometimes use automated decision making as part of a process to:

• decide whether a travel insurance claim should be paid as requested (for example, if pre-specified criteria are met by responses that you provide, the claim will be paid automatically without the need for additional human intervention); or
• identify known pre-existing medical conditions in connection with our travel insurance business to decide whether we can offer insurance to you and on what terms; or
• generally, assess your eligibility for insurance using a pre-defined set of criteria.

In accordance with applicable laws/regulations, we provide you with more information in relation to any automated decision processes before or at the time that we intend to make decisions in this way. You have the right in certain circumstances/jurisdictions not to be subject to a decision which is based solely on automated processing. Please see the section below 'What are your Personal Information rights?' below for further details of this right.

Where required to do so, we will seek your consent prior to collecting your Personal Information for the abovementioned processes.

The AIG group comprises a number of companies, including, but not limited to, the AIG parent company American International Group, Inc., AIG PC Global Services, Inc., AIG Global Operations, Inc. and AIG Global Operations (Ireland) Limited.

Each AIG group company that processes your Personal Information is responsible for looking after it in accordance with this Privacy Policy, our internal standards and procedures, and the requirements of data protection law.

Your relationship with us will determine which of our group companies has access to and processes your Personal Information, and which of our group companies are the data controller(s) responsible for your Personal Information. A list of the key AIG group companies that are data controllers is available here www.aig.com/datacontrollers. Usually, if you are an individual policyholder, the AIG group company that underwrites your insurance policy will be the main company responsible for your Personal Information, the controller. Depending on our relationship with you, we will provide further information in a supplemental privacy notice tailored to our relationship

For more precise information about the specific company or companies in the AIG group that have access to and are responsible for your Personal Information (including the identity of the relevant AIG companies that are the data controller(s) for your Personal Information), please contact us using the details provided below (see section below ‘Who to contact about your Personal Information?’).

In connection with the purposes described above (see section above 'How do we use Personal Information?'), we sometimes need to share your Personal Information with third parties (this can involve third parties disclosing Personal Information to us and us disclosing Personal Information to them). 

These third parties may include:

Type of third party	Examples
Our group companies	We belong to the American International Group, Inc. group of companies. AIG has group companies throughout the world, both inside and outside Australia (for example, in the USA).  We may share your Personal Information with other group companies (including for administrative accounting purposes). AIG Australia is responsible for the management and security of jointly used Personal Information.  Access to Personal Information within AIG is restricted to those individuals who have a need to access the information for our business purposes. A list of the key AIG group companies is available here www.aig.com/datacontrollers
Other insurance and insurance distribution parties	Where permitted by applicable law, AIG may share Personal Information with other third parties, for example, other insurers, reinsurers, insurance and reinsurance brokers, other intermediaries and agents, appointed representatives, distributors, affinity marketing partners and financial institutions, securities firms and other business partners.
Statutory reinsurers	Where permitted or required by applicable law, AIG may share Personal Information with statutory reinsurers, including the Australian Reinsurance Pool Corporation for the purpose of its terrorism and cyclone reinsurance pools. The Corporation may share such information, only to the extent that it can be aggregated and de-identified, with other Australian Commonwealth government departments or agencies for natural hazard management and resilience purposes.
Our service providers	External third-party service providers, such as medical and security professionals, accountants, actuaries, auditors, experts, lawyers and other professional advisors; travel and medical assistance providers; call center service providers; roadside and accident assistance service providers; IT systems, support and hosting service providers; application service providers; printing, advertising, marketing and market research, and data analysis service providers; banks and financial institutions that service our accounts; third-party claim administrators; document and records management providers; claim investigators and adjusters; construction consultants; engineers; examiners; jury consultants; translators; and other third-party vendors and outsourced service providers that assist us in carrying out business activities.
Recipients of your social media sharing activity	Where you have friends and other connections associated with your social media account, other website users and your social media account provider may receive your Personal Information in connection with your social sharing activity (for example, if you connect a social media account provided by another social media service provider to your AIG Digital Services account or log into your AIG Digital Services account from another social media account).  By connecting your AIG Digital Services account and your other social media account you authorise us to share information with the provider of your other social media account and you understand that the use of the Personal Information we share will be governed by the other service provider’s privacy policy.  If you do not want your Personal Information shared with other users or with your other social media account provider, please do not connect your other social media account with your AIG Digital Services account and do not participate in social sharing while using AIG Digital Services.
Government authorities and third parties involved in legal proceedings	We may also share Personal Information with: (a) government or other public authorities (including, but not limited to, workers’ compensation boards, courts, regulatory bodies, law enforcement agencies, tax authorities and criminal investigations agencies); and (b) third-party participants in legal proceedings and their accountants, auditors, lawyers, and other advisors and representatives, as we believe to be necessary or appropriate.
Other third parties	We may share Personal Information with payees; emergency providers (fire, police and medical emergency services); retailers; medical networks, organisations and providers; travel carriers; credit bureaus; credit reporting agencies; other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our businesses, assets, companies or stock (i.e. company shares).   Where permitted by applicable law, Personal Information (including details of injuries) may be put on registers of claims and shared with other insurers. We may search these registers when dealing with claims to prevent, detect and investigate fraud. If you benefit from another party’s insurance policy or service arrangement with AIG (for example, a policy taken out by your employer), Personal Information relating to the administration of that insurance policy or service may be shared with that other party.

Personal Information may also be shared by you on message boards, chat, profile pages and blogs, and other AIG Digital Services to which you are able to post information and materials (including, without limitation, our Social Media Content).  Please note that any information you post or disclose through these services will become public information and may be available to visitors and users of the AIG Digital Services and to the general public.  We urge you to be very careful when deciding to disclose your Personal Information, or any other information, when using the AIG Digital Services.

Due to the global nature of our business activities, for the purposes set out above (see section entitled 'How do we use Personal Information?'), depending on the nature of our relationship with you, we will transfer Personal Information to parties located in other countries (including the USA, China, Mexico, Malaysia, Philippines, Singapore, Japan, and Bermuda and other countries that have data protection regimes which are different from those in the country where you are based).

For example, we may transfer Personal Information in order to process international travel insurance claims and provide emergency medical assistance services when you are abroad.  We may transfer information internationally to our group companies, service providers, business partners, government or public authorities, and other third parties.

When making these transfers, we will take steps to ensure that your Personal Information is adequately protected and transferred in accordance with the requirements of data protection law. 

This typically involves the use of standard contractual clauses approved or mandated by the relevant data protection authority or appropriate data transfer agreements. If there is no data transfer agreement in place, we may use other mechanisms recognised by the relevant privacy or data protection laws to assist in ensuring an adequate level of protection for Personal Information transferred overseas.

For further information about these transfers and to request details of the safeguards in place, please contact us using the details below (see section below ‘Who to contact about your Personal Information?’).

AIG uses reasonable and appropriate technical, physical, legal, and organisational measures, which comply with data protection laws to keep Personal Information secure, taking into account the nature, scope, context, complexity, risks and purposes of the processing of Personal Information. 

We have implemented appropriate data protection policies that provide for the aforementioned security measures. We also train our colleagues regularly on data protection and information security.

As most of the Personal Information we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Information is kept secure.  For example, we may use anti-virus protection systems, firewalls, and data encryption technologies.  We have procedures in place at our premises to keep any hard copy records physically secure.  AIG also has a dedicated team that monitors the global AIG network for any potential cyber and IT security threats. We also train our staff regularly on data protection and information security.

When AIG engages a third party (including our service providers) to collect or otherwise process Personal Information on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Information.  

We may record telephone calls with you so that we can:

• improve the standard of service that we provide by providing our staff with feedback and training;
• address queries, concerns, or complaints;
• prevent, detect, and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks; and
• comply with our legal and regulatory obligations.

In addition, we monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by:

• identifying and dealing with inappropriate communications; and
• looking for and removing any viruses, or other malware, and resolving any other information security issues.

AIG may store Personal Information either electronically (including in the cloud) or in paper form. We will keep Personal Information for as long as is necessary for the purposes for which we collect it.  The precise period will depend on the purpose for which we hold your information.  In addition, as a regulated financial services institution, there are laws and regulations that apply to us which set minimum periods for retention of Personal Information. We will provide you with further information if appropriate to give you a full picture of how we collect and use your Personal Information. 

We will provide you with regular opportunities to tell us your marketing preferences, including in our communications to you.

In certain countries, we may be required to obtain your consent for the use of your personal details for direct marketing purposes.

To tell us your marketing preferences, and to change your preferences if required, you can contact us by email at: privacy.manager@aig.com or by writing to: Privacy Manager, AIG Australia Limited, Level 13, 717 Bourke Street, Docklands VIC 3008

In addition, you can also opt-out of receiving marketing communications as follows:

• Receiving email messages and text messages from us:  If you no longer want to receive marketing emails or text messages from AIG, you can opt-out of receiving these marketing-related messages by clicking on the link to “unsubscribe” provided in each email message, following the stop instructions in a text message, or by contacting us using the addresses above.
• Receiving telephone communications and postal mail from us:  If you no longer want to receive marketing via telephone communications or postal mail from AIG, you may opt-out of receiving these marketing communications by contacting us using the addresses above.  You may also be able to contact a "Do not call" registry in your country to opt-out on a general basis from receiving marketing communications by telephone, although we may still contact you if you are listed on such a register if you have given your consent.
• Sharing of your Personal Information with our group companies for their marketing purposes:  With your consent we may share your Personal Information with our group companies for their own marketing purposes.  If you change your mind, you may opt-out of this sharing by contacting us using the addresses above.
• Sharing of your Personal Information with selected third-party partners for their marketing purposes:  If you have provided your consent we may share your Personal Information with our third-party partners for their own marketing purposes. If you change your mind, you may opt-out of this sharing by contacting us using the addresses above.

We aim to comply with your opt-out requests within a reasonable time period and in any event within any period prescribed by law.  Please note that if you opt-out as described above, we will not be able to remove your Personal Information from the databases of third parties with whom we have already shared your Personal Information (i.e. to those to whom we have already provided your Personal Information as of the date on which we respond to your opt-out request).  

Please also note that if you do opt-out of receiving marketing communications from us, we may still send you other important service and administration communications relating to the services which we provide to you, and you cannot opt-out from these service and administration communications.

The following is a summary of the data protection rights available to individuals in Australia in connection with their Personal Information. These rights may only apply in certain jurisdictions and/or circumstances and are subject to certain legal limitations or exemptions.

If you wish to exercise your rights, please contact us using the details below (see section below ‘Who to contact about your Personal Information?’).

Right	Description
Right of access to Personal Information	The right to receive a copy of the Personal Information we hold about you and information about how we use it. This right is applicable at all times when we hold your Personal Information (subject to certain exemptions)
Right to rectification of Personal Information	The right to ask us to correct Personal Information we hold about you where it is incorrect or incomplete. This right is applicable at all times when we hold your Personal Information (subject to certain exemptions).
Right to restrict processing of Personal Information	The right to request that we suspend our use of your Personal Information. This right only applies in certain circumstances. Where we suspend our use of your Personal Information, we will still be permitted to store your Personal Information, but any other use of this information while our use is suspended will require your consent, subject to certain exemptions. You can exercise this right if: • you think that the Personal Information we hold about you is not accurate, but this only applies for a period of time that allows us to consider if your Personal Information is in fact inaccurate; • the processing is unlawful and you oppose the erasure of your Personal Information and request the restriction of its use instead; • we no longer need the Personal Information for the purposes we have used it to date, but the Personal Information is required by you in connection with legal claims; or • you have objected to our processing of the Personal Information and we are considering whether our reasons for processing override your objection.
Right to object to processing of Personal Information	You have the right to object to our use of your Personal Information in certain circumstances. We may continue to use your Personal Information, despite your objection, where there are compelling legitimate grounds to do so or we need to use your Personal Information in connection with any legal claims. You can object to the use of your Personal Information for direct marketing purposes at any time (including if we are carrying out profiling related to direct marketing).
Right to withdraw consent to processing of Personal Information	Where we have relied upon your consent to process your Personal Information, the right to withdraw that consent.

If you have any questions, concerns or complaints about the way your Personal Information is used by us, you can contact us by email or post using the details below.

email: privacy.manager@aig.com

writing: Privacy Manager, AIG Australia Limited, Level 13, 717 Bourke Street, Docklands VIC 3008

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business activities, legal requirements, and the manner in which we process Personal Information.  We will place updates on this website and where appropriate we will give reasonable notice of any changes. In certain countries, where we process your Personal Information on the basis of your consent, we will seek further consent where there are material changes to the Privacy Policy as required by law.