Privacy Policy

Privacy Policy
Last updated: 8 December 2025

1. Who We Are / Contact Information

Who we are: Viz Insurance Pty Ltd (ABN: 49 615 973 487 / AFSL 494857) and its related entities (“we”, “us”, “our”). We act as agent under binding authority for insurers from time to time.

Contact for privacy matters:

• Email: hello@vizinsurance.com.au
• Postal address: Suite SR118, 35–61 Harbour Drive, Coffs Harbour NSW 2450
• Phone: 1300 216 226

If you have any questions about our handling of your personal information, or wish to access, correct or delete your data, or lodge a privacy complaint, contact us at the above details.

2. Scope & Applicability

This policy applies to:

• Personal information you provide to us (via website, app, phone, email, brokers/agents, forms, claim submissions, onboarding, etc.);
• Personal information we collect or derive about you (usage data, analytics, website/app interactions, claims & underwriting data, payment history, etc.);
• Personal information collected by third parties on our behalf (e.g. brokers, partners, referral partners, service providers, investigators, claims assessors).

We are bound by the Privacy Act 1988 and the 13 Australian Privacy Principles (APPs), and we commit to handling your personal information in a transparent, fair, and secure manner.

This policy also applies to any optional digital features you choose to activate, including the VIZ Tradie Pass (digital wallet card), Self-Service Payment Update features, and any related online customer tools.

3. What Information We Collect & From Where

We may collect the following kinds of personal information:

• Identity & contact information: name, residential or business address, mailing address, phone number, email address.
• Business / employment / occupational information: profession/trade, business trading name, ABN/ACN, trading address, business structure, occupation details.
• Financial and payment information: premium payment information, payment method details (excluding full credit card details — see below).
• Insurance history & claims data: prior insurance policies, claims history, loss history, asset information, risk details relevant to underwriting or claims (within the bounds of our licensing permissions).
• Usage, device & technical data: IP address, browser and device identifiers, login activity, website/app usage, cookies/analytics identifiers, timestamps, pages visited.
• Other data relevant to underwriting, eligibility or claims notifications: for example where you submit additional information as part of a quote or claims notification (e.g. property details, occupation-related risk factors, optional information requested by insurers).

Sensitive information: where required (e.g. health data, disability information, criminal history, if ever requested for certain products), we will collect sensitive information only with your explicit consent, and only when reasonably necessary for the underwriting, claims or risk assessment.

We collect information in the following ways: directly from you (forms, phone calls, email, app), via brokers or referral partners, via third-party service providers, via cookies and analytics tools, and from publicly available data or third-party data sources (e.g. public registers, data enrichment providers) where disclosed at the time.

Digital Wallet (VIZ Tradie Pass):
If you choose to activate the VIZ Tradie Pass (Apple Wallet / Google Wallet), we may provide the digital wallet provider with limited policy information necessary to generate your wallet card, such as your name, policy number, occupation, policy period, insurer, and high-level cover details.
No sensitive information, financial information, or full address is shared for wallet card display.

Payment Update Functionality:
When you update your payment method through our secure online portal, we collect:

• your policy number,
• mobile number,
• SMS one-time password (OTP) verification, and
• tokenised payment method details.

We do not store or receive full credit card numbers or CVV details. These are processed directly by PCI-DSS compliant providers (e.g., PayDock, Stripe).

4. Purposes for Collection, Use and Disclosure

We collect, hold, use and disclose personal information for the following purposes (depending on the services you use and your relationship with us):

• To provide you with insurance quotes and issue insurance policies;
• To administer your insurance — manage your policy, accept payments, renewals, cancellations, endorsements;
• To lodge claims;
• To communicate with you — respond to enquiries, send notices, policy documents, claim correspondence, service updates;
• To comply with legal, regulatory and compliance obligations (e.g. anti-money laundering, ASIC/ regulator reporting, taxation, fraud prevention, dispute management, audit);
• To improve and personalise our products, services, underwriting and claims processes;
• To undertake risk assessments, loss history analyses, internal audits, fraud and anti-fraud measures, prevention of illegal activities;
• To manage our business operations — billing, payments, record-keeping, customer service, analytics, internal reporting;
• To send marketing communications (for our products or third-party partner offers), only with your consent or if you have not opted out, and to provide you with promotional offers, newsletters, updates;
• For any other purpose you explicitly consent to.
• To provide and administer optional digital features, including the VIZ Tradie Pass (digital wallet card) and Certificate of Currency generation;
• To verify your identity via SMS OTP when you make certain requests (such as updating a payment method);
• To securely process payment updates using third-party PCI-compliant providers;
• To deliver optional activation-based services, such as digital wallet notifications, pass updates, or other interactive features;

Where we disclose your personal information, this may include third-party insurers, reinsurers, brokers or agents, claims assessors, investigators, service-providers, mailing houses, cloud or IT providers, payment processors, and regulatory or law enforcement bodies when required.

5. Cross-border Disclosures & Overseas Data Transfers

Some of our digital service providers, including those supporting digital wallet functionality (e.g., PassKit), payment processing (e.g., PayDock, Stripe), and secure communications (e.g., Twilio), may store or process limited personal information in overseas jurisdictions, including the United States, the United Kingdom, and the European Union.

Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure that the recipient handles the information in accordance with the Australian Privacy Principles (APP 8). This includes: using binding contractual safeguards, data-processing agreements, security controls, and limiting access to only what is necessary.

If you would like more information about the countries involved or safeguards in place, you can contact us at the address above.

6. Use of Cookies, Analytics, Tracking & Marketing — Consent & Opt-out

We use cookies, web beacons, analytics tools (e.g. Google Analytics) and other tracking technologies to collect usage and technical information when you visit our website or app. This helps us understand how users interact with our services, improve the user experience, and for marketing and remarketing (advertising) purposes.

Your choice:

• You can refuse or disable cookies via your browser or device settings (which may affect website functionality).
• You can opt-out of marketing communications at any time by using the “unsubscribe” function in our emails or contacting us at hello@vizinsurance.com.au.

For any new or additional tracking technologies or marketing methods we introduce, we will seek your informed consent where required, before proceeding.

7. Data Security, Storage, Retention & Deletion

We take reasonable steps to protect personal information we hold from misuse, interference, loss, unauthorised access, modification or disclosure. These measures include, but are not limited to: encryption, access controls, secure storage, regular security assessments, staff training, vendor due diligence, and internal governance procedures.

We retain personal information only for as long as necessary for the purposes for which it was collected — to provide services, meet legal/regulatory obligations, manage claims and perform internal functions such as fraud prevention and audits. Once the information is no longer required, we will securely delete or de-identify it in accordance with any applicable laws and internal policy.

We also use SMS OTP verification to confirm your identity before allowing sensitive account actions such as payment updates.

8. Access, Correction, Erasure, and Other Rights

You may request access to personal information we hold about you, request correction of inaccurate information, or request erasure or anonymisation (where permitted), by contacting us at hello@vizinsurance.com.au or by postal mail.

We do not charge for straightforward access or correction requests. For complex requests (especially large data sets), we may charge a reasonable fee to cover administrative costs; we will inform you first.

We may refuse access (or erase data) in limited circumstances permitted under the Privacy Act (e.g. where providing access would unreasonably impact another person’s privacy, or risk to life/health, or where required by law).

You may also:

• Request that we cease sending you marketing communications;
• Object to certain uses of your personal information (where we rely on consent or legitimate interest);
• Request that we restrict or suppress processing (where possible).

9. Automated Decision-Making, Profiling, Underwriting & Risk Algorithms (if used)

If we use computerised or automated decision-making (including underwriting, risk scoring, profiling or behavioural analytics) that could reasonably be expected to significantly affect your rights or interests, we will:

• disclose that we do so;
• provide you with information about how the decision is made (in general terms), and which data are used;
• provide you with a means to request a human review or contest the decision (where feasible).

10. Complaints & Breach Response

If you believe that we have breached your privacy, please contact us at hello@vizinsurance.com.au. We will investigate your complaint under our internal complaints-handling and dispute-resolution procedures, and respond as soon as practicable.

In the event of a data breach, we maintain a Data Breach Response Plan. Where the breach is “likely to result in serious harm” to affected individuals, we will respond in accordance with regulatory requirements, including notifying affected individuals and the OAIC, as required by law.

11. Vendor Management, Outsourcing & Third-Party Service Providers

We may engage third-party service providers (including cloud providers, IT vendors, payment processors, investigators, claims assessors, mailing houses, marketing agencies). Before engaging any such vendor, we conduct due diligence and require contractual commitments that they will handle personal information in compliance with the APPs, maintain security standards, limit access, and only use data for purposes we specify.

Our key service providers for digital wallet, secure payment processing and identity verification include PassKit, PayDock, Stripe and Twilio, each of whom is contractually required to maintain adequate security and privacy safeguards.

12. Transparency, Accountability & Governance

We maintain internal policies, procedures and systems to ensure we comply with the Australian Privacy Principles and our internal compliance framework: including data classification, access controls, staff training, audits, vendor management, incident response, data-flow mapping and record-keeping.
We will review this Privacy Policy at least annually (or more frequently when required by legislative changes, significant practice changes, or internal audit findings).

We maintain internal documentation describing data flows for new digital services such as the VIZ Tradie Pass and the Payment Update feature to ensure transparency and alignment with the APPs.

13. Changes to this Policy

We may revise this Privacy Policy from time to time. When we do, we will post the updated version on our website and indicate the date of update. For material changes that significantly affect how we use or disclose your personal information, we may notify individuals via email, website notice or other appropriate means.

Your continued use of our services following a change constitutes acceptance of the updated Privacy Policy.