Introduction

Angelic Insurance Group Pty Ltd (ABN 58 638 131 807) (referred to as “Angelic Insurance”, “we”, “us” or “our”) is committed to protecting your personal information. This Privacy Policy outlines how we collect, use, store, and disclose your personal information, both offline and online (including through our website, phone calls, and other interactions). We handle personal information in accordance with applicable privacy and data protection laws in the regions where we may operate whether directly or indirectly, including (but not limited to) the Australian Privacy Act 1988 (Cth) and Australian Privacy Principles, the United Kingdom Data Protection Act 2018 and UK GDPR, the European Union General Data Protection Regulation (EU GDPR), South Africa’s Protection of Personal Information Act 2013 (POPIA), Hong Kong’s Personal Data (Privacy) Ordinance, and all applicable data protection laws in South East and South Asian jurisdictions. We endeavor to uphold the highest standards of privacy compliance across all jurisdictions.

Personal Information

In this Policy, “personal information” means any information or opinion about an identified individual, or an individual who is reasonably identifiable, whether true or not and whether recorded in material form or not. This includes, for example, a person’s name, contact details, date of birth, identification documents, financial and health information, and opinions about the person. It may also include sensitive information, which is a special category of personal information given higher protection under law. Sensitive information can include details such as racial or ethnic origin, political or religious beliefs, trade union or professional memberships, sexual orientation or practices, criminal records, health or genetic information, or biometric identifiers. We will collect and process sensitive information as permitted by law, with your consent and for purposes necessary for our services (for example, health information for insurance underwriting or claims, or criminal history if relevant for certain insurance policies).

By using our services or providing your personal information to us, you acknowledge that you have read and understood this Privacy Policy. Where you provide us with personal information about another individual (such as a family member, employee, or client), you must have that person’s consent to do so and you should inform them of this Privacy Policy. If you do not agree with any aspect of this Policy, please do not provide your personal information to us; however, note that we may be unable to offer certain products or services without the necessary information.

Personal Information We Collect

We only collect personal information that is reasonably necessary for our business functions and activities as an insurance broker, claims advocate, risk management and consulting service provider. The types of personal information we may collect include, but are not limited to:

• Identification details:

  Name, address (mailing and street address), date of birth, gender, telephone numbers, email address, and other contact information.

• Insurance details:

  Information about your insurance needs and history, such as details of your assets or property, employment or business operations, previous or current insurance policies, claims history, and desired coverage.

• Financial information:

  Payment details (e.g. bank account or credit card numbers), income or salary information, and credit history (if relevant to premium funding or insurance underwriting).

• Health and lifestyle information:

  For certain insurance products (such as life or health insurance), we may collect health information, medical history, habits (e.g. smoking status), or family medical history. This is considered sensitive information and will only be collected with your consent and used for the specific purpose for which you provided it (for example, to obtain an insurance quote or process a claim).

• Professional or business information:

  If you are a commercial client, we may collect information about your business or employer (e.g. business name, industry, company size, ABN or registration number, role/title of contact persons) and any relevant risk management or compliance information.

• Claims information:

  If you submit an insurance claim, we may collect information relevant to the claim, including but not limited to incident descriptions, police or medical reports, photographs, witness statements, repair quotations, and any other information necessary to assist you in liaising with the insurer for the assessment and processing of your claim.

• Online usage information:

  When you use our website or online services, we may collect information such as your IP address, browser type, device identifiers, browsing history on our site, and interactions with our online advertisements.

• Other information you choose to provide:

  Any other personal information you voluntarily provide to us in the course of interacting with us. This could include feedback, survey responses, or information provided during phone calls and correspondence.

• From third parties you authorise:

  We may collect information about you from third parties when it is not practical to collect it directly from you, or where you have asked or consented for the third party to share your information with us. For example, we might receive your details from:

  • Your employer or association (if we provide group insurance or you are an insured under a corporate policy);
  • Other intermediaries (such as a referral from your mortgage or insurance broker, accountant or an underwriting agency);
  • Insurance companies or reinsurers (e.g. past insurers providing claims histories);
  • Medical professionals or assessors (for claims or underwriting information, with your consent);
  • Credit reporting agencies or financial institutions (for premium funding or credit eligibility, as permitted by law);
  • Business partners or referral partners who have collected your information with your consent.

In some cases, you may choose to deal with us anonymously or under a pseudonym (for example, when making an initial general enquiry). Where lawful and practicable, we will accommodate such requests. However, for most of our services (such as arranging insurance cover or handling claims), it is impractical for us to do so without knowing your identity. If you choose not to provide certain information that we request, or if you provide inaccurate information, we may not be able to provide you with the full range of our services or the appropriate advice or insurance products.

How We Collect Personal Information

We collect personal information through fair and lawful means. The ways we collect information about you include:

• Directly from you:

  Most information will be collected directly from you. You might provide personal details when you fill out our proposal forms or online forms, speak with us on the phone, meet with our representatives, correspond via email or post, or use our website or mobile applications. For example, you provide personal information when requesting an insurance quote, applying for a policy, lodging a claim, or subscribing to our newsletters.

• From third parties you authorise:

  We may collect information about you from third parties when it is not practical to collect it directly from you, or where you have asked or consented for the third party to share your information with us. For example, we might receive your details from:

  • Your employer or association (if we provide group insurance or you are an insured under a corporate policy);
  • Other intermediaries (such as a referral from your mortgage or insurance broker, accountant or an underwriting agency);
  • Insurance companies or reinsurers (e.g. past insurers providing claims histories);
  • Medical professionals or assessors (for claims or underwriting information, with your consent);
  • Credit reporting agencies or financial institutions (for premium funding or credit eligibility, as permitted by law);
  • Business partners or referral partners who have collected your information with your consent.

  In all cases, we will only collect information from third parties where it is necessary for us to provide our services or manage a policy/claim, and where it is reasonable to expect that we would obtain such information. You authorise us to contact such third parties for the purposes of providing you with the services you have requested (for example, to obtain claims information or confirm details for underwriting). If we receive personal information about you from a third party without your initiation, we will take reasonable steps to ensure you are made aware of that collection and this Privacy Policy.

• Automated means (website and digital technologies):

  When you visit our website or use our online services, we automatically collect certain technical information. This may include usage data (pages visited, links clicked, time and date of visit), your IP address, browser type, cookies and web beacon data, and other device or network information. Some of this information may be capable of identifying you and is therefore treated as personal information if it identifies you or can be reasonably associated with you. We collect this data to understand how our website and services are used, to improve user experience, and to tailor our marketing. In many cases this information is collected in aggregate and does not directly identify individuals.

If you provide us with personal information about another person (for example, adding a family member to a policy, or if you are an insurance broker or agent giving us data about your client), you must have the authority or consent of that individual to do so.

Your Obligations When Providing Others’ Information

You should inform them that you are disclosing their information to us and advise them that they can review our Privacy Policy for details on how we will handle their information. By submitting another individual’s personal information to us, you represent and warrant that you have obtained that person’s consent to the disclosure (or that you are otherwise legally entitled to provide it to us) and that they understand we may collect, use, and disclose their information for the purposes described in this Policy. We rely on you to ensure that any such personal information is provided in accordance with applicable privacy laws.

Cookies and Online Tracking

Like many organisations, Angelic Insurance uses cookies and similar tracking technologies on our website and online services. Cookies are small text files placed in your web browser that help store preferences and enhance your experience. We may use cookies to facilitate site navigation and login (for example, to remember your settings or keep you logged in during your session), to collect statistical information on site usage, and to personalise content for you. Cookies themselves do not tell us your email address or identity; however, they may uniquely identify your browser or device. In some cases we may link information from cookies or web analytics to personal information you have provided, but only for the purposes stated in this Policy.

We may also use third-party analytics and advertising tools (such as Google Analytics, Facebook Pixel, or similar) that utilise cookies or web beacons. These tools help us understand how users interact with our site, measure the effectiveness of our advertisements, and deliver more relevant ads. For example, third-party vendors like Google and Facebook may use cookies to show our ads on other sites or social media feeds to people who have visited our website. Any personal information we share with third-party platforms for these advertising purposes (such as your email address for custom audience matching) is hashed or de-identified before transmission. If you do not wish to be included in our marketing audiences, you can opt out as described in the Direct Marketing section of this Policy.

You can control cookies and tracking technologies via your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, or be notified when you receive a new cookie. You can also often opt out of certain third-party tracking cookies. Please note that disabling cookies on our site may affect some functionality — for example, you may not be able to use certain features or your user experience may degrade.

Our website may contain links to external websites or social media platforms. Please be aware that once you leave our site or are redirected to a third-party service, we do not control and are not responsible for the privacy practices or content of those external sites. We encourage you to read the privacy policies of any third-party websites you visit. This Privacy Policy applies solely to personal information handled by Angelic Insurance via our own services.

Why We Collect Personal Information (Purposes of Use)

We collect, hold, and use personal information to conduct our insurance and risk management business and provide services to you. In general, we will only use your personal information for the purpose for which it was collected, or for related purposes that you would reasonably expect. The primary purposes for which Angelic Insurance collects and uses personal information include:

• Providing our products and services:

  To identify you and verify your authority to engage our services; to assess your insurance needs and risk profile; to obtain insurance quotes on your behalf; to arrange, amend, or renew insurance policies as your broker; to process insurance applications; and to generally administer the insurance products and services you have with us. We use your information to liaise with insurers, underwriting agencies, and other intermediaries in order to place cover or make changes as you request.

• Claims management and advocacy:

  If you suffer a loss or event that could lead to a claim, we use your information to assist you with notifying the insurer, managing the claim process, advocating on your behalf (where applicable), and achieving settlement of claims. This includes collecting relevant information about the claim incident and engaging with loss adjusters, assessors, repairers, and insurers to facilitate your claim.

• Consulting and risk management services:

  We may use your information to provide additional advisory services you have requested, such as risk management consultations, insurance program reviews, training, or other consulting engagements. This helps us tailor our services to your specific circumstances and requirements.

• Communicating with you:

  To contact you and communicate about your policies, quotes, or claims, including sending confirmations, invoices, renewal notices, policy documentation, updates, and support messages. We also communicate with you in response to enquiries you send us, to address any feedback or complaints, and to provide customer support.

• Internal record-keeping and administration:

  To maintain accurate business records, such as keeping a record of your transactions with us, your communications and consent preferences, and any claims or complaints. Good record-keeping helps us comply with our legal obligations and to efficiently manage our operations.

• Improving our services and business development:

  We may use personal information for analytics, research and development to better understand our clients and the market. This can include analysing how our services are used, conducting client satisfaction surveys, and evaluating the effectiveness of our marketing strategies. The insights we gain help us develop new insurance offerings or value-added services, improve our website and digital tools, and enhance the overall client experience. We may also use aggregated and de-identified data to analyse business trends or perform benchmarking; such aggregated data is not subject to privacy laws and we may use or share it for any purpose.

• Offering additional benefits and marketing:

  To offer you additional products, services or promotions that we believe may be of interest or benefit to you. This may include insurance products offered by our partners, financial services related to your needs, or value-added services (for example, risk mitigation tools or partner loyalty programs). We may also send you newsletters or industry updates, or invite you to events and seminars. All direct marketing communications to you will include a clear opt-out mechanism.

• Developing alliances and partnerships:

  As part of our commercial strategy, we may use personal information to develop, administer and enhance alliances or referral arrangements with other organisations. For example, we might partner with an insurance underwriting agency, a financial institution, or a risk management firm to provide complementary products or services. We may share limited personal details with such partners to explore offering combined services or special offers to our clients. Any such use of your information will be done in a manner consistent with privacy laws and, where required, with your consent.

• Regulatory and legal compliance:

  To comply with our legal obligations and industry requirements. For example, we may use personal information for verifying identity under anti-money laundering laws, fulfilling duties under insurance legislation, preparing reports for regulators or law enforcement (when required), handling disputes or litigation, and responding to requests from government authorities. We also use personal information for internal and external audits within our group, quality assurance checks, and to maintain appropriate records in case of future legal inquiries.

• Other purposes with your consent or as notified:

  We may use your personal information for any purpose to which you have consented, or as otherwise permitted or required by law. If we intend to use your information for a purpose not listed above or not immediately obvious to you, we will inform you at the time of collection or seek your consent before proceeding.

We will not use your personal information for purposes unrelated to our business functions unless we have your consent or an applicable legal exception. We do not sell your personal information to third parties for their marketing purposes. If you have any questions about why we are requesting specific information, please ask us and we will explain how that information relates to the provision of our services.

Disclosure of Personal Information (Who We Share It With)

In the course of our operations, and for the purposes listed above, Angelic Insurance may need to disclose your personal information to third parties. The common types of third parties we share information with include:

• Insurers and insurance intermediaries:

  As an insurance broker, we routinely share relevant personal information with insurance providers to arrange coverage or manage claims on your behalf. This includes insurance companies, reinsurers, underwriting agencies, wholesale brokers, Lloyd’s of London correspondents (if seeking coverage through Lloyd’s market), and insurance reference bureaus or databases. For example, when we seek quotes or place an insurance policy, we provide the insurer with the information on your proposal (such as your contact details, insurance history, and risk details). Similarly, when assisting with a claim, we share information about the claim with the insurer and any appointed loss adjusters or investigators. These recipients use your information to decide whether to insure you (and on what terms) or to assess and process your claims. They may in turn disclose information to their reinsurers or professional advisors.

• Our related companies and representatives:

  We may share personal information with our corporate group entities, subsidiaries, parent company, or affiliated organisations as needed for business operations, consolidation of records, or group-level compliance. This includes any companies that are part of the Angelic Insurance Group and any joint venture partners. In addition, our authorised representatives, agents, and contractors may have access to personal information when they perform services on our behalf. We also may share your details with other insurance brokers or referral partners within our network if that is necessary to provide you with a product or service (for instance, if we refer you to a specialist broker in another region or if a partner broker introduced you to us). All such intra-group or network disclosures are made on a confidential basis and only for consistent purposes related to managing or improving the services we provide to you.

• Service providers (suppliers and contractors):

  Like most businesses, we engage a range of third-party service providers to support our operations. We may disclose personal information to IT and technology providers (for data storage, cloud computing, CRM software, email and website hosting, data analytics), payment system operators or premium funding companies (if you choose to pay monthly & finance your premiums), mailing and printing houses (for sending out documents or marketing materials), marketing or advertising agencies, debt collectors (if you fall into arrears), and professional advisors such as lawyers, accountants, auditors, and consultants. We only share the information necessary for these service providers to perform their functions for us. For example, if we engage a mailing house to send out renewal notices, they will receive your name and address; or if an IT backup service is used, they might host a database that contains your personal records. We require our service providers to keep your information secure and use it only for the purposes we specify.

• Business partners and affiliates:

  We may share your information with our business partners, alliance partners, or associates in order to enhance your customer experience or offer you additional services. This includes instances where we have a joint marketing arrangement or a strategic alliance with another company (for example, a partnership with a financial planning firm, a health services provider, or a global insurance network). If you are referred to us by, or we refer you to, such a partner, we might exchange some of your details with them to streamline the referral or to credit them for the referral. We may also disclose limited information (such as your name, contact, and industry or coverage type) to certain partners so they can offer you their services directly. Our goal in sharing data with partners is to provide you with a more integrated or improved service offering. You can opt-out of receiving third-party offers as described in the Direct Marketing section if you prefer not to have your details shared for marketing of partner services.

• Courts, regulators and law enforcement:

  We may be required to disclose personal information to government agencies, regulators, courts, tribunals, or law enforcement in compliance with applicable laws. For example, we might respond to a subpoena or court order, provide information to our regulators (such as the Australian Securities and Investments Commission or the Australian Financial Complaints Authority) during audits or investigations, or share information with police and fraud prevention agencies to investigate or report illegal activities. We only disclose what is lawfully requested or required in such cases. In the event that you initiate a complaint or dispute with an external dispute resolution authority, we reserve the right to disclose any and all relevant information held on file whether favourable or unfavourable to your position where such disclosure is reasonably necessary to respond to or defend against the complaint, or to comply with our legal and regulatory obligations.

• Credit reporting and financial institutions:

  If you obtain premium funding (a loan to pay insurance premiums) or if we need to perform credit checks (where permitted), we may disclose personal and credit-related information to credit reporting agencies or financial institutions. Similarly, if you fail to pay for services we provided, we may notify credit reporting bodies or engage debt collectors, which involves sharing your contact information and payment history. Any credit-related handling will comply with relevant credit reporting laws.

• Business transfers:

  In the event that we sell or transfer all or part of our business or assets, your personal information may be disclosed to the prospective purchaser and their advisors as part of a confidentiality-bound due diligence process, and ultimately transferred to the entity that acquires ownership. For example, if Angelic Insurance were to merge with another brokerage or be acquired by a third party, client information would typically be part of the transferred assets so that the new owner can continue servicing you. In such cases, we will ensure the recipient undertakes to handle personal information in line with this Privacy Policy or provides notice of any changes.

• Others with your consent:

  Where you have consented to a disclosure or it is directed by you, we will share your information accordingly. For instance, at your request we might provide your insurance details to your lawyer, family member, or another person you nominate. You may also authorise us to share information with a specific third party (for example, an accounting firm that is analysing your accounts). We will consider that an informed consent and act accordingly.

We do not sell, trade, or rent your personal information to unrelated third parties for their own use. We also do not disclose your information for any purposes other than the ones outlined above, unless: (a) it is required or authorised by law; (b) it is permitted by this Privacy Policy; or (c) with your further consent. Furthermore, nothing in this Privacy Policy prevents us from sharing information that has been de-identified or aggregated in a way that no longer identifies you; such data is not considered personal information and may be used or disclosed freely.

Overseas Disclosure of Personal Information

Angelic Insurance operates in multiple jurisdictions and works with international partners. Consequently, some of the parties listed in the previous section (such as insurers, reinsurers, cloud service providers, or business partners) may be located overseas or may store your data on servers located outside your country. For example, we have business operations and alliances in Australia, South Africa, Hong Kong, and the United Kingdom (as well as relationships in other regions, such as the broader EU, United States, and South & Southeast Asia). It is likely that in servicing your needs, your personal information could be transferred to or accessible from one or more of these countries. This typically happens when we seek insurance terms from international insurance markets, use global cloud infrastructure, or collaborate with support teams or parent companies based overseas.

We understand that different countries have different data protection standards. When disclosing your personal information abroad, we take steps to ensure it remains protected. Angelic Insurance will only transfer personal information overseas for the purposes described in this Policy, and in doing so we will comply with applicable cross-border data transfer requirements. Our measures may include:

• Contracts and safeguards:

  Where feasible, we will enter into data transfer agreements or include standard data protection clauses in our contracts with overseas recipients, obligating them to handle your information in accordance with principles equivalent to those under applicable privacy laws. For example, transfers within our corporate group are governed by intra-group agreements requiring all offices to maintain a consistent level of privacy protection. We also carefully select reputable service providers and require similar contractual privacy commitments from them.

• Adequacy of protection:

  We may transfer data only to countries which have robust privacy laws or recognised adequate protection. Where a country’s laws are considered inadequate, we will ensure other safeguards (such as the contracts noted above or obtaining your consent) are in place.

• Verification of exceptions:

  In certain cases, we might rely on specific legal exceptions for international transfer. One such case is your consent — by providing us with your personal information and using our services, you consent to the disclosure of your information to third parties overseas, as needed, and acknowledge that those parties may not be bound by Australian (or your local) privacy laws. In those instances, we will not be accountable under local privacy legislation for any mishandling by the overseas recipient (though that recipient may be subject to their own country’s privacy laws). Another example is where the transfer is necessary for the performance of a contract with you or in your interest (e.g. arranging insurance with an overseas insurer). We will only rely on such exceptions in accordance with the relevant privacy law requirements.

The principal overseas locations where your data might be sent include United Kingdom and European Union countries (for example, for placement with London-based insurers or reinsurers, or group IT services hosted in the EU), South Africa (where we have partner operations and possibly data support centers), South & Southeast Asian Countries (for any back-office support or analytics services, or if you are based there and working with our local partners), Hong Kong (for clients or partners in HK, or data routing through regional hubs), and potentially the United States or other locations (for cloud storage or specialised service providers). This list is not exhaustive, but we will make information available upon request about where your personal data may be located. By using our services, you agree to such cross-border transfers as described.

If you have any questions about the international transfer of your personal information, or require details of the safeguards we have in place for a particular transfer, please contact us. We will be happy to provide you with further information, provided it does not violate commercial confidentiality. Our aim is to ensure your personal data remains secure and your privacy rights are respected, no matter where the data is located geographically.

Data Security and Retention

Security Measures

We take the security of your personal information very seriously. Angelic Insurance has implemented a range of physical, electronic, and managerial measures to protect your data from unauthorised access, alteration, misuse, loss, or disclosure. These measures include:

• Physical security controls at our offices and data centers (such as secure premises with access controls, alarm systems, and document storage in locked cabinets for any paper records).
• Computer and network security technologies, including firewalls, encryption, anti-virus/malware protection, and secure configuration of systems. We protect access to personal data by using user identifications, passwords and/or multi-factor authentication, and we restrict access to databases on a need-to-know basis.
• Training and policies for our staff and representatives on the importance of confidentiality and privacy, so that employees handle information in compliance with this Policy and our legal obligations. Each team member is required to adhere to internal information security policies and we regularly review these policies.
• Secure disposal and sanitisation procedures — when we no longer need personal information for any permitted purpose, and we are not required by law to retain it, we take reasonable steps to destroy or permanently de-identify the information. Paper records are shredded or incinerated, and electronic records are securely erased or rendered anonymous, as appropriate. We also utilise reputable secure data destruction services when necessary.

Despite our best efforts, please note that no method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. Data protection measures are never foolproof — for example, there is always a risk that our security could be breached by sophisticated cyber-attacks or insider bad actors. You can also play a role in keeping your data secure by maintaining the confidentiality of any passwords or account details related to our services, and by notifying us immediately if you suspect any unauthorised access to your personal information.

If we become aware of a data breach that is likely to result in serious harm to you, we will inform you and the relevant authorities as required by law. We will act as soon as reasonably possible to contain and investigate any such incident, and to mitigate its effects.

Retention of Information

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. For example, we may need to keep certain records to comply with financial or legal regulations (such as the Corporations Act or Tax laws in Australia which may require records to be kept for 7 years), or to have sufficient information in the event of a claim or dispute. When your personal information is no longer needed for any legitimate business or legal purpose, we will ensure it is securely destroyed or de-identified. In determining retention periods, we take into account our contractual obligations, statutory duties, and the expectations and rights of the individuals concerned.

Direct Marketing and Your Choices

As part of our service, Angelic Insurance may send you direct marketing communications from time to time, including offers, updates, newsletters, or promotions related to our insurance products and services or those of our partners. We may contact you by various means, such as email, SMS, phone, or post. For example, we might send out newsletters with insurance tips, or inform you of new products, special discounts, or events that could benefit you. We endeavor to limit marketing to a reasonable frequency and to content that we believe is relevant to you based on our relationship. We may use your personal information to determine what communications might be of interest to you.

We will always give you the opportunity to opt out of direct marketing. If you prefer not to receive promotional communications from us or our partners, you can withdraw your consent or object at any time. To opt out, you can:

• Click the “unsubscribe” link (or follow the instructions) in any marketing email or SMS you receive from us.
• Contact us directly (by phone or email) and let us know that you do not wish to receive marketing material.
• If we call you, you can advise during the call that you do not want further marketing calls.

Please note that even if you opt out of marketing messages, we may still send you essential service communications related to your current policies or transactions — for example, renewal notices, invoices, regulatory disclosures, or important updates about your insurance cover. Those are not marketing communications but rather part of our service to you.

Third-Party Marketing

We will not sell your personal details to outside companies for their own marketing. However, as mentioned in earlier sections, we may work closely with partner companies and might jointly market to you. If we send you a marketing message that incorporates offerings from one of our partners, it will still come from us and you can opt out of future joint communications through us. In some cases, we might provide your contact details to a partner so that they can send an offer directly to you — but we will only do this if permitted by law or your consent (for instance, if the partner’s offer is an integral part of the product/service you already have with us). You can contact us to opt out of such information sharing. If you opt out, we will cease sharing your information with partners for direct marketing, and we will instruct our partners to stop any direct communications with you that were made possible by our data sharing.

Accessing and Correcting Your Personal Information

It is important to us that the personal information we maintain is accurate, complete, and up-to-date. If you believe that any information we hold about you is incorrect, incomplete, or outdated, you have the right to request that we correct it. We encourage you to keep us informed of any changes, for instance if you change address or contact number, or if there is an update to any information relevant to your insurance. When we become aware of an inaccuracy, we will take reasonable steps to correct the information in our records.

Access to Information

You also have the right to request access to the personal information we hold about you. To do so, please contact our Privacy Officer and provide enough information to verify your identity and locate the data you seek. We will respond to your request within a reasonable timeframe and, if possible, within any timeframes required by law. We will generally provide you with access to your information in the manner you request, provided it’s reasonable and practical to do so. In certain cases, we might charge a minimal fee to cover the administrative cost of retrieving and supplying the information — we will let you know in advance if a fee applies (note that we do not charge for simply making an access request, only for the costs of processing it in some cases).

There may be legal or administrative reasons why we cannot grant you access to some or all of the information you have requested. Refusal of access can occur, for example, if:

• Granting access would pose a serious threat to the life, health or safety of any individual, or to public health or safety;
• Access would have an unreasonable impact on the privacy of others (for instance, if the information requested includes personal details about other individuals);
• The information is subject to legal privilege (e.g., advice from a lawyer), or was collected in relation to a legal dispute or in the course of commercial negotiations;
• Giving access would be unlawful (e.g., we are prohibited from disclosing the information under a court order or by law);
• The request is frivolous, vexatious, or extremely impractical (e.g., it would require unreasonable effort to retrieve archived data); or
• We are otherwise permitted by law to refuse the request.

If we refuse access for any reason, we will provide you with a written explanation outlining the reasons for the refusal (except where we are not required to by law).

Correction of Information

If you request a correction and we agree that the information is inaccurate, incomplete or out-of-date, we will promptly correct it and notify you of the change. If we do not agree that the information needs correction (for example, if we believe it is accurate and there is no basis for change), we will let you know the reason and will note your request on the record as a “disputed correction”. You also have the right to request that we associate a statement with the record (so that future readers of the information know you allege it is incorrect). Our aim is to resolve any correction requests amicably and swiftly.

For individuals in certain jurisdictions (such as the UK, EU, and others with analogous rights), you may have additional rights regarding your personal data, which are addressed in the next section.

Additional Privacy Rights (EU/UK and Other Jurisdictions)

We are committed to respecting the privacy rights of individuals worldwide. If you are located in a jurisdiction that grants additional rights to data subjects (for example, under the EU GDPR, UK GDPR, or other privacy regulations), Angelic Insurance will ensure that you can exercise those rights as applicable. These rights may include:

• The right to access:

  As described above, you can ask us to confirm whether we are processing your personal information and request a copy of the information we hold about you. You are also entitled to certain information about how we process your data, which this Privacy Policy is intended to provide (e.g. the purposes of processing, categories of data, potential disclosures, etc.).

• The right to rectification:

  You can request that we correct any inaccurate personal information and complete any incomplete information we hold about you.

• The right to erasure:

  You can ask us to delete your personal information in certain circumstances. Common scenarios for a valid erasure request include when the data is no longer needed for the purposes it was collected, or if you withdraw consent (where consent was the legal basis for processing), or if you object to processing and we have no overriding legitimate grounds, or if we processed the data unlawfully. This is often referred to as the “right to be forgotten.” Please note that this right is not absolute — we may need to retain certain information if required by law or if an exemption applies (for example, we may refuse deletion if the personal data is needed for establishing or defending legal claims, or for compliance with a legal obligation). We will inform you if any such exception applies in the event of your erasure request.

• The right to restrict processing:

  You can request that we limit the processing of your personal information (essentially, hold but not actively use it) in certain situations. For instance, you may do so if you contest the accuracy of the data (for the period it takes for us to verify it), or if you believe the processing is unlawful but you prefer we restrict use rather than delete it, or if you have objected to processing and we are considering our legitimate grounds. If processing is restricted, we will still store your information but will not use it for any purpose except with your consent or as allowed by law (such as for legal claims or public interest reasons).

• The right to data portability:

  For data that you have provided to us and which we process by automated means under your consent or in performance of a contract, you have the right to request a copy in a structured, commonly used, machine-readable format, and/or to have that data transmitted to another data controller where technically feasible. In practice, this right may apply to certain information you provided via our online systems or forms. Data portability rights are subject to technical and legal limitations, but we will accommodate such requests to the extent required by law.

• The right to object:

  You have the right to object to our processing of your personal information in some cases. Notably, you can object at any time to processing for direct marketing purposes, and we will honor that objection. If we are processing your data on the basis of our legitimate interests, you can also object if you believe our legitimate interests in processing do not outweigh your fundamental rights and freedoms. In such a case, we will review your objection and, unless we have compelling grounds that override your rights (or the processing is needed for legal claims), we will stop the processing in question. If we do refuse an objection, we will provide you with information on our justification.

• The right not to be subject to automated decisions:

  Angelic Insurance does not typically make automated decisions (without human involvement) that produce legal or similarly significant effects about individuals. However, if this were to occur, you would have the right not to be subject to such a decision unless it is necessary for a contract, authorised by law, or based on your explicit consent. In general, insurance underwriting might involve some automated profiling or risk scoring by insurers, but our role is usually advisory and intermediated by human judgment.

• The right to withdraw consent:

  In circumstances where we rely on your consent to process personal information (for example, consent to collect health information, or consent to send marketing emails in jurisdictions requiring opt-in consent), you have the right to withdraw your consent at any time. If you withdraw consent, we will stop the processing that was based on consent. However, please understand that withdrawal of consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, and in some cases we may need to continue to retain or use certain information as allowed by law. If withdrawing consent for a particular service means we can no longer provide that service, we will let you know.

• The right to lodge a complaint with a regulator:

  If you believe we have infringed your privacy rights or data protection laws, you have the right to file a complaint with the supervisory authority or regulator in your country. For example, in Australia you can contact the Office of the Australian Information Commissioner (OAIC); in the UK, the Information Commissioner’s Office (ICO) is the relevant regulator; in South Africa, it is the Information Regulator (South Africa); in the EU, you can reach out to your country’s Data Protection Authority. We ask that you please attempt to resolve any concerns with us first by contacting us directly — we take privacy complaints seriously and will do our best to address your concerns. However, this does not affect your right to seek help from authorities at any time.

To exercise any of the above rights, please contact us. We will require you to verify your identity to ensure that we do not give out information to the wrong person. Please be aware that some rights may not be absolute and may only apply under certain conditions or in certain jurisdictions. We will explain how we will handle your request and either comply or explain any refusal. We will not charge you for making a request, and in general any substantive response will be provided free of charge, except in cases of excessive or unfounded requests where a reasonable fee may be permitted by law to cover administrative costs.

Our commitment is that your privacy rights will be respected and that we will facilitate your exercise of those rights in line with applicable law. We have internal procedures to ensure requests are handled within required timeframes and that we balance any conflicts (such as privacy of others or legal confidentiality) appropriately.

Complaints and Dispute Resolution

At Angelic Insurance, we value your trust and aim to address any concerns about privacy in a fair and efficient manner. If you have a complaint about how we have collected or handled your personal information, or if you believe we have breached this Privacy Policy or any applicable privacy laws (such as the Australian Privacy Principles, GDPR, POPIA, etc.), we want to hear from you.

How to Make a Complaint

You can contact us by using the contact details in the next section (Contact Us) and direct your complaint to our Privacy Officer. Please provide as much detail as possible about your issue, including what happened, the relevant time frame, and the impact on you. Any supporting documents or screenshots can be helpful. For example, if you think we improperly disclosed your information, tell us when and to whom; or if you unsubscribed from emails but still got one, let us know when you opted out and what you received. The more information you give, the better we can investigate.

Our Process

Once we receive your complaint, we will acknowledge it and begin an investigation. Our Privacy Officer will take charge of understanding the situation, which may involve reviewing our records, speaking with the staff members involved, and examining any relevant policies or communications. We aim to resolve all complaints promptly and fairly. In Australia, we will try to provide a written response within 30 days; in other jurisdictions, we will adhere to any specific timeline set by law for responding to privacy complaints (for instance, some regulations require response within 1 month, which we also consider a guideline). If we need more time due to complexity, we will let you know and provide an expected resolution timeframe.

Our written response will outline the outcome of our investigation. If we find that we did not meet our obligations, we will explain how we intend to rectify the issue or prevent it happening again. Depending on the nature of the issue, resolution might involve an apology, an offer of a solution (e.g., correcting data, updating processes), or steps to improve our practices. If we believe that we acted correctly and in compliance with our obligations, we will provide you with our reasons. In either case, you will have the opportunity to seek further review if you are not satisfied.

Escalation

If you are unhappy with our response, you have options to pursue the matter further. You can request that the matter be reviewed by a higher level within our company (for example, by a senior executive or our legal counsel). If you remain dissatisfied, you may refer your complaint to the relevant external body or regulator. For privacy issues in Australia, the regulator is the Office of the Australian Information Commissioner (OAIC) – they can be contacted via www.oaic.gov.au and have a complaints process. In the UK, you can contact the Information Commissioner’s Office (ICO) (www.ico.org.uk). In South Africa, the Information Regulator (South Africa) (www.justice.gov.za/inforeg/) handles data privacy complaints. In the European Union, you can approach the Data Protection Authority in your country of residence. We will provide you with the contact details for the appropriate body if needed.

For disputes related to our financial services (insurance broking), you may also have recourse to the Australian Financial Complaints Authority (AFCA) or similar dispute resolution schemes, but typically privacy-specific issues are best handled by privacy regulators or the courts.

We genuinely appreciate the opportunity to address your concerns directly. Your feedback not only helps resolve your individual issue but can also highlight areas where we can improve our processes or training. We do not ever retaliate against anyone for making a complaint in good faith – raising your voice about a privacy issue will not adversely affect the service we provide to you.

Contact Us (Privacy Officer)

If you have any questions, comments, or requests regarding this Privacy Policy or the handling of your personal information, please reach out to us. We are here to help. Below are our contact details for privacy matters:

Privacy Officer – Angelic Insurance Group Pty Ltd

Please direct any privacy-related enquiries or complaints to the Privacy Officer through one of the methods above. If you are contacting us from outside Australia, you may prefer to email for convenience. When you contact us, please provide your name and a way to get back to you (phone or email), and briefly state what your question or concern is about so we can assist you efficiently.

We will respond as promptly as possible to all legitimate requests. If your query is urgent, please mark it as such and we will do our best to prioritise it. For security and confidentiality reasons, we may need to verify your identity before disclosing or discussing any of your personal information, so please be prepared to answer a couple of verification questions.

Updates to This Privacy Policy

This Privacy Policy may be updated by Angelic Insurance from time to time, to reflect changes in our practices, legal obligations, or for other operational reasons. We reserve the right to amend or supplement this Policy at our discretion. Whenever we make a significant change, we will publish the updated Privacy Policy on our website (at the same URL or other prominent location). The updated version will be effective from the time of posting, or from a later date if specified. We encourage you to check our website periodically to ensure you are aware of the current version of our Privacy Policy. If the changes are substantial or require your consent under applicable laws (for example, if we plan to use your personal information for a new purpose that requires consent), we may additionally notify you through other means, such as by email or a notice on our homepage.

Your continued engagement with us (for example, using our services or website) after any changes to this Privacy Policy will be deemed acceptance of those changes, except where explicit consent is required and obtained.

Last updated: August 2025.

This Policy supersedes any previous privacy policy provided by Angelic Insurance Group Pty Ltd. We recommend that you retain a copy of this Privacy Policy for your records and refer to it as needed. Thank you for trusting Angelic Insurance with your insurance needs and your personal information, we value your business and your privacy.