We are committed to ensuring that your personal information is protected.
It is important to understand that our companies provide a wide range of services and we may use and disclose your personal information in different ways.

Who are WE?

Operating since 1983, Secure Sentinel provides a range of services which can help you handle the loss of theft of your registered possessions. Secure Sentinel membership can help prevent fraudulent use of your lost or stolen registered possessions and assist with their retrieval.

What does our Privacy Policy do?

Our Privacy Policy is designed to provide you with general information about how Secure Sentinel collects, stores, uses and discloses your personal information.

We may also seek your specific consent in relation to the collection, use or disclosure of your personal information. We will collect, use and disclose your personal information in accordance with privacy legislation and this Privacy Policy.
If you wish to obtain information about how your personal information is being dealt with by one of our businesses then you should contact them directly.

What is "personal information"?

Personal information is information about an identifiable individual and includes facts or an opinion about you that identifies you or by which your identity can be reasonably determined.

Secure Sentinel collects, uses or discloses personal information in accordance with its obligations under the Australian and New Zealand privacy regimes and this Privacy Policy.

What type of personal information do we ask you for?

We will usually ask you for a broad range of personal information.

The details of exactly what personal information we need will be found on:

• the written forms we ask you to complete;
• the questions we ask you on the telephone;
• our web sites via the internet.

You can expect to be asked for the following types of personal information:

• your name, address and contact details;
• date of birth;
• mother's maiden family name;
• e-mail address;
• your gender; or
• information about your use of our product / service.

How do we store your personal information?

We store your personal information in a variety of ways. These may include:

• in computer systems or databases;
• in hard copy or paper files; and
• in telephone recordings.

Why do we need your personal information?

The collection of your personal information is essential to enable us to conduct our business of offering and providing our range of financial products and services.

We generally collect your personal information for the purposes of:

• identifying you when you are doing business with us;
• protecting your personal information from unauthorised access;
• establishing your requirements and providing you with the appropriate product or service;
• setting up, administering and managing our services;
• assessing and investigating a loss report made by you under one of our products.

We are required to collect your personal information to satisfy our legal obligations, even when you may not be sure why it is relevant. Examples include under the Anti-Money Laundering and Counter Terrorism Financing Act (Cth) and the Corporations Act (Cth) in Australia.

How do we get your personal information?

If we can, we collect your personal information from you.

You give us your personal information in a number of ways such as completing an application form, requesting a product or service over the phone or Internet. We also collect personal information at other times during the course of our relationship with you. This may be when you advise us of a change in contact details, renew your membership, make a loss report or seek a variation to your membership details.

We may not be able to always collect your personal information from you directly. Sometimes we collect your personal information from other sources. Examples of where we may receive personal information about you from another source and why this may happen are:

• where required or authorised under our relationships with our distributing corporate partners;
• market research organisations for the purpose of product development, customer research or marketing.

Do we need your consent to collect, use and disclose your personal information?

The privacy legislation in Australia and New Zealand does not always require us to seek your consent to the collection, use and disclosure of your personal information. However, in compliance with the privacy regimes there are some circumstances where we are required to or choose to ask you for your consent.

We may ask for your express consent or infer your consent.

We will obtain your express consent by asking you to:

• provide positive verbal consent such as "Yes" or "I agree";
• read and sign a consent form;
• read and sign a document which may also contain a consent request;

We will also respond to your express requests for contact, for example, if you ask us to call you or contact you at a certain pre-arranged time or frequency.

During our business relationship with you and depending on the products and/or services you choose from Secure Sentinel, we may ask for your express consent on a number of occasions.

We may also infer your consent in certain circumstances. Your consent may be inferred by:

• your conduct with us such as:
  • continuing your telephone call with us, after you have heard the recorded message telling you the call may be recorded;
  • continuing to speak to a person at a branch or service centre when they are asking you questions;
  • when you send us or provide us with personal information voluntarily; and
• our business relationship with you such as:
  • you purchasing or acquiring a product or service from us.

How do we use and disclose your personal information that we have collected?

We use and disclose your personal information for the purposes for which we collected it.

In Australia, we may also use and disclose your personal information for a secondary purpose related to the purpose for which we collected it, where you would reasonably expect us to use or disclose your personal information for that secondary purpose. In the case of sensitive information, any secondary purpose, use or disclosure will be directly related to the purpose of collection.

In New Zealand, we may use and disclose your personal information for a secondary purpose only if that secondary purpose is directly related to the purpose of collection.

We may also use and disclose your personal information to another party in other circumstances in compliance with the privacy regimes in Australia and New Zealand including where:

• you have given express or inferred consent or authorised us to do so;
• we are required or authorised by law to disclose your personal information, for example, to a court in response to a subpoena or to the Australian Taxation Office, to AUSTRAC as part of our reporting requirements or a direction issued by the New Zealand Inland Revenue Office.

Do we use and disclose your personal information for research and product development and enhancement purposes?

Secure Sentinel is interested in knowing what sorts of products and services will best meet the needs of our member / customers. To do this, we need to engage in research and development processes.

This may mean conducting research tasks such as market research or it may mean developing specific customer propositions for our customers by looking at the products / services you already have purchased from Secure Sentinel.

Where possible and practicable, we will use aggregated or de-identify information to conduct our research and product development. However, sometimes we may need to use personal information to understand how we can improve our products and enhance your experience with us.

We may perform these research tasks in-house, or we may outsource the activity to a third party. If we do outsource to a third party we will ensure they comply with the Australian and/or New Zealand privacy regimes.

Do we use and disclose your personal information for marketing purposes?

We will not use your personal information for marketing purposes if you have told us that you do not wish to receive all or some marketing material.

Secure Sentinel will only use and disclose your personal information for the purposes we have told you in this Privacy Policy and our Privacy Statements and in compliance with the privacy regimes in Australia and New Zealand.

We will not use and disclose sensitive information for the purposes of marketing.
How do you tell us you do not want us to use and disclose your personal information for marketing purposes?

If you do not want us to use and disclose your personal information for the purpose of marketing products and services to you, you should contact us and tell us.
You can tell us by:

• calling the number provided to you in the information and product documentation you received when you selected your product or service from us;
• e-mailing the business via their email address available in your product documentation or via our internet site.

If you have told us you no longer wish to receive information about a Secure Sentinel brand product and/or service, we will not contact you about any other products or services that Secure Sentinel brand offers. You can, however, change your mind about receiving information about our products and services at any time - just let us know.

Who do we usually disclose your personal information to and receive personal information from?

Some examples of the parties to whom we may disclose your personal information to and receive personal information from are:

• intermediaries including your financial institution;
• customer research organisations;
• government, law enforcement or statutory bodies;
• Financial Ombudsman Service, Financial Industry Complaints Service;
• where required or authorised under our relationship with our distributing corporate partners;

Secure Sentinel will only disclose your personal information to and receive personal information from these parties, for the purposes we have told you in this Privacy Policy and our Privacy Statements and in compliance with the privacy regimes in Australia and New Zealand.

Do we disclose your information to people overseas?

We operate in Australia and New Zealand. Our business is trans-Tasman and therefore we will have instances where for the purposes detailed in our Privacy Policy.

There are also other instances where we may have to send your personal information overseas or collect personal information from overseas. These instances include:

• when you have asked us to do so;
• when we are authorised or required by law to do so;
• certain electronic transactions.

Secure Sentinel will only send your personal information overseas or collect personal information about you from overseas for the purposes we have told you about in this Privacy Policy and our Privacy Statements and in compliance with the privacy regimes in Australia and New Zealand.

What will happen if you do not provide your personal information to us?

If we request personal information about you and you do not provide it, we may not be able to provide you with the product / service that you request or manage / undertake a loss report on your behalf.

In addition, if we are required to comply with certain legislation to provide you with the products / services you choose, then collection of certain personal information will be mandatory.

What if you want to be anonymous?

It is not possible for us to provide you with our products / services unless we have identified you. The law requires that you identify yourself to us.

If it is lawful and practicable to do so, we may offer you the opportunity to deal with us anonymously.

What if you want to know what personal information we hold about you?

You can request access to the personal information we hold about you by contacting us.

If accessing your personal information will take an extended period of time, we will inform you of the likely delay. For more detailed requests for access to personal information, for example, access to information held in archives, a fee may be charged to cover the associated cost of retrieval and supplying this information.
If you wish to lodge a request to access your personal information you can contact us by:

• calling the number provided to you in the information and product documentation you received when you selected your product or service from us;
• emailing our business via our email address available in your product documentation or via our internet site.

Are we able to deny your request for access to your personal information?

In some circumstances we are able to deny your request for access to personal information. The privacy regimes in Australia and New Zealand outline circumstances under which we may not agree to allow you access to some or all of the personal information that you have requested. The types of circumstances where we may deny you access to personal information include where the:

• request is frivolous or vexatious;
• disclosure may prejudice the prevention, investigation and detection of offences or relate to existing or legal proceedings; or
• disclosure would have an unreasonable impact or involve the unwarranted disclosure of the affairs of another individual.

If we deny your request for access, we will tell you why.

It is important to note there are a number of reasons which may also prevent us from giving you access to your personal information simply because it is not practicable. For example:

• we may not hold any personal information about you;
• you have asked for personal information about someone else and are not authorised to do so;
• we no longer have the personal information you are asking for, as it has been destroyed or de-identified.

Do we keep your personal information up-to-date?

We rely on the accuracy of the personal information we hold about you to efficiently provide our financial products and services to you.

We will take reasonable steps to ensure that any personal information about you which we collect, use or disclose is accurate, complete and up-to-date. This includes taking reasonable steps to correct inaccurate, incomplete or out-of-date personal information, if you have asked us to do so.

If we disagree with your request for correction of your personal information, we will attach a statement to the information of the correction that you seek but which has not been made.

Do we keep your personal information secure?

We will take all reasonable steps to protect your personal information from loss, misuse, unauthorised access, modification or disclosure.

We protect your personal information by:

• limiting physical access to our premises to authorised people;
• restricting access to personal information;
• entering into confidentiality agreements with all employees, contractors and third party organisations that may have access to your personal information - but providing access for the purposes we have told you about in our Privacy Policy and Privacy Statements;
• having in place stand-by systems and information backups to deal with major business interruptions;
• maintaining technology products to prevent unauthorised computer access;
• regularly reviewing and testing our technology in order to improve the level of security;
• destroying or de-identifying your personal information when it is no longer required by law or our record retention policies.

Do we collect your personal information electronically or via the Internet?

If you use our transactional or information web sites and communicate with us via your computer or via sms on your mobile then we may collect your personal information.

Our web sites rely on "cookies" to provide a number of services to you. A cookie is a piece of data that an Internet site sends to your browser and which may then be temporarily stored on your computer. Cookies generally allow the Internet site you are browsing to interact more efficiently with your computer. The cookies we use are non-persistent, meaning that they allow you to be logged in and operate efficiently with our web sites but once you have logged out of your session the cookies are no longer active.

Usually you can set your browser to notify you before you receive a cookie, so that you can decide whether to accept it, however sometimes, if you do not accept a cookie it may affect your use of our web site.

The cookies used by Secure Sentinel are not used to track your specific or personal browsing habits. Secure Sentinel does use these cookies to collect statistical information, such as how many visitors our Internet sites receive and how these users interact with the site, however, the information is specific to the session and where that person went, not who that person is. Secure Sentinel collects and uses this de-identified information to maintain and improve the operation of our Internet sites.

Security of your personal information online

Secure Sentinel maintains industry standard technology and procedures in respect to its information management and provision of online services. Secure Sentinel has an ongoing program of review and enhancement of its security measures. The reviews and updates address such matters as policies, processes and procedures and technology reviews such as software, virus protection and fire wall settings.

E-mail transmissions, such as sending us an email via Outlook, Outlook Express, Hotmail or Gmail, are not necessarily secure. If you have any concern about the security of the contents of your e-mail or any other transaction over the Internet then you should consider contacting us by other means, such as telephone or visiting a branch or service centre.

Secure Sentinel does however employ encryption techniques similar to other financial institutions and internet transactions systems globally. If you make a transaction involving the submission of personal information over the Internet to Secure Sentinel using one of our online forms or via "Secure Messages" then Secure Sentinel employs encryption technology to ensure the security of that personal information transmission.

Once Secure Sentinel has received your personal information, it is stored and protected by a range of security controls including firewalls, user identification requirements and audit trails. Secure Sentinel's systems and information technology infrastructure are regularly audited both by internal and external experts and regulatory bodies.

Can you complain about a breach of your privacy?
Yes you can. Please complain to us first. We would like to try and resolve your privacy complaint.
If you believe that Secure Sentinel has not protected your personal information as set out in this Privacy Policy you may lodge a complaint with us by:

• calling the number provided to you in the information and product documentation you received when you selected your product or service from us;
• emailing the business via their email address available in your product documentation or via their internet site.

If you are a New Zealand customer, please complain by contacting the Privacy Officer. Their contact details are:

New Zealand Privacy officer
PO Box 2993
Shortland Street
Auckland 1104

What if you are not satisfied with our response to your complaint?

If you are not satisfied with our response, you can refer your complaint to the relevant Privacy Commissioner.

In Australia.

You can contact the Federal Privacy Commissioner:

• By telephoning 1300 363 992
• By writing to:

Director of Complaints
Office of the Federal Privacy Commissioner
GPO Box 5218
Sydney, NSW 2001

In New Zealand.

You can contact the Privacy Commissioner:

• By telephoning - Auckland - 302 8655
• By telephoning - from outside Auckland - 0800 803 909
• By writing - Auckland - PO BOX 466 Auckland
• By writing - Wellington - PO BOX 10-094 Wellington

Does our Privacy Policy change?

Secure Sentinel reviews its policies, statements and procedures to keep up to date with changes in the law, technology and market practice. As a result we may update and change this Privacy Policy from time to time. If you have a concern or query about this Privacy Policy and how it operates please contact:

Secure Sentinel
Attn: National Manager
Locked Bag 4845
Chatswood NSW 2057

We encourage you to review this Privacy Policy on a regular basis.

Date of Issue: 26 May 2009