Depending on your relationship with us (for example, as a consumer policyholder; non-policyholder insured or claimant; witness; commercial broker or appointed representative; or other person relating to our business), Personal Information collected about you and your dependants may in certain circumstances include:

General identification and contact information:

Your name; address; e-mail and telephone details; gender; marital status; family status; date of birth; passwords; educational background; physical attributes; activity records, such as driving records; photos; employment history, skills and experience; professional licences and affiliations; relationship to the policyholder, insured or claimant; and date and cause of death, injury or disability.

Identification numbers issued by government bodies or agencies: Passport number; tax identification number; or driver’s or other licence number.

Financial information and account details: Payment card number; bank account number and account details; credit history and credit score; assets; income; and other financial information.

Medical condition and health status: Current or former physical or mental or medical condition; health status; injury or disability information; medical procedures performed; personal habits (for example, smoking or consumption of alcohol); prescription information and medical history.

Other sensitive information: In certain cases, we may receive sensitive information about you.  In addition, we may obtain information about your criminal record or civil litigation history in the process of preventing, detecting and investigating fraud.

Telephone recordings: Recordings of telephone calls to our representatives and call centres.

Information enabling us to provide products and services: Location and identification of property insured (for example, property address, vehicle licence plate or identification number); travel plans; age categories of individuals you wish to insure; policy and claim numbers; coverage/peril details; cause of loss; prior accident or loss history; your status as director or partner, or other ownership or management interest in an organisation; and other insurance you hold.

Marketing preferences and customer feedback: You may let us know your marketing preferences, enter a contest or prize draw or other sales promotion, or respond to a voluntary customer satisfaction survey.  

We will only use your Personal Information for the purpose for which it is obtained, subject to certain exceptions set out in the Privacy Act 1993.  Depending on the purpose for which the Personal Information was obtained and on the specific circumstances, we may use your Personal Information to:

• Communicate with you and others as part of our business.
• Send you important information regarding changes to our policies, other terms and conditions, the Site and other administrative information.
• Make decisions about whether to provide insurance and assistance services, including claim assessment, processing and settlement; and, where applicable, manage claim disputes.
• Assess your eligibility for payment plans and process your premium and other payments.
• Provide improved quality, training and security (for example, with respect to recorded or monitored phone calls to our contact numbers).
• Prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks.
• Carry out market research and analysis, including satisfaction surveys.
• Provide marketing information to you (including information about other products and services offered by selected third-party partners) in accordance with preferences you have expressed.
• Personalise your experience on the Site by presenting information and advertisements tailored to you.
• Identify you to anyone to whom you send messages through the Site.
• Allow you to participate in contests, prize draws and similar promotions, and to administer these activities.  Some of these activities have additional terms and conditions, which could contain additional information about how we use and disclose your Personal Information, so we suggest that you read these carefully.
• Manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management.
• Resolve complaints, and handle requests for data access or correction.
• Comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence).
• Establish and defend legal rights; protect our operations or those of any of our group companies or insurance business partners, our rights, privacy, safety or property, and/or that of our group companies, you or others; and pursue available remedies or limit our damages.

Due to the global nature of our business, for the purposes set out above we may transfer Personal Information to parties located in other countries (including the United States and other countries that have a different data protection regime than is found in New Zealand).  For example, we may transfer Personal Information in order to process international travel insurance claims and provide emergency medical assistance services when you are abroad.  We may transfer information internationally to our group companies, service providers, business partners and governmental or public authorities.  In all such cases, we will ensure that your Personal Information continues to be held and used by the overseas recipient in accordance with the requirements of the Privacy Act 1993 and any other applicable laws or regulations.

Subject to continuing to comply with the requirements of the Privacy Act 1993, AIG may make Personal Information available to:

• Our group companies
  The Privacy Officer is responsible for the management and security of jointly used Personal Information.  Access to Personal Information within AIG is restricted to those individuals who have a need to access the information for our business purposes.
  
  
• Other insurance and distribution parties
  In the course of marketing and providing insurance, and processing claims, AIG may make Personal Information available to third parties such as other insurers; reinsurers; insurance and reinsurance brokers and other intermediaries and agents; appointed representatives; distributors; affinity marketing partners; and financial institutions, securities firms and other business partners.
  
  
• Our service providers
  External third-party service providers, such as medical professionals, accountants, actuaries, auditors, experts, lawyers and other outside professional advisors; travel and medical assistance providers; call centre service providers; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; banks and financial institutions that service our accounts; third-party claim administrators; document and records management providers; claim investigators and adjusters; construction consultants; engineers; examiners; jury consultants; translators; and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
  
  
• Governmental authorities and third parties involved in court action
  AIG may also share Personal Information with governmental or other public authorities (including, but not limited to, workers’ compensation boards, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and/or that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages. 
  
  
• Other Third Parties
  We may share Personal Information with payees; emergency providers (fire, police and medical emergency services); retailers; medical networks, organisations and providers; travel carriers; credit bureaus; credit reporting agencies; and other people involved in an incident that is the subject of a claim; as well as purchasers and prospective purchasers or other parties in any actual or proposed reorganisation, merger, sale, joint venture, assignment, transfer or other transaction relating to all or any portion of our business, assets or stock.
  
  Personal Information may also be shared by you, on message boards, chat, profile pages and blogs, and other services on the Site to which you are able to post information and materials.  Please note that any information you post or disclose through these services will become public information, and may be available to visitors to the Site and to the general public.  We urge you to be very careful when deciding to disclose your Personal Information, or any other information, on the Site.

AIG will take such necessary measures required to keep your Personal Information secure, as required to comply with the Information Privacy Principles under the Privacy Act 1993.  If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Information you might have with us has been compromised), please immediately notify us.  When AIG provides Personal Information to a service provider, the service provider will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Information.

In accordance with the Privacy Act 1993, AIG will not keep Personal Information for longer than is required for the purpose for which the Personal Information may be lawfully used.  AIG will retain your Personal Information in accordance with the Privacy Act 1993

If you provide Personal Information to AIG regarding other individuals, you agree: (a) to inform the individual about the content of this Privacy Policy; and (b) to obtain any legally-required consent for the collection, use, disclosure, and transfer (including cross-border transfer) of Personal Information about the individual in accordance with this Privacy Policy.

If you have insurance cover with AIG, we may provide you with opportunities to tell us your marketing preferences, including in our communications to you. Subject to certain exceptions, we will not send you marketing-related emails unless we have obtained your express consent to do so.  We will also allow you to opt-out from receiving any marketing-related e-mails from AIG in accordance with the Unsolicited Electronic Messages Act 2007.

You may gain access to or request correction of your Personal Information by writing to:

The Privacy Manager
AIG
PO Box 1745
Shortland Street
Auckland 1140
New Zealand

While access to this personal information may generally be provided free of charge, we reserve the right to charge for access requests in some limited circumstances.

“Other Information” is any information that does not reveal your specific identity, such as:

• Browser information;
• Information collected through cookies, pixel tags and other technologies;
• Demographic information and other information provided by you; and
• Aggregated information

We and our third-party service providers may collect Other Information in a variety of ways, including:

• Through your internet browser:  Certain information is collected by most websites, such as your IP address (i.e., your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, time of the visit and the page(s) visited.  We use this information for purposes such as calculating Site usage levels, helping diagnose server problems, and administering the Site.
  
  
• Using cookies:  Cookies are pieces of information stored directly on the computer you are using.  Cookies allow us to recognise your computer and to collect information such as internet browser type, time spent on the Site, pages visited and language preferences.  We may use the information for security purposes, to facilitate navigation, to display information more effectively, to personalise your experience while visiting the Site, or to gather statistical information about the usage of the Site.
  
  
• Using pixel tags, web beacons, clear GIFs or other similar technologies:  These may be used in connection with some Site pages and HTML-formatted e-mail messages to, among other things, track the actions of Site users and e-mail recipients, measure the success of our marketing campaigns and compile statistics about Site usage and response rates.
  
  
• From you:  Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it.  Unless combined with Personal Information, this information does not personally identify you.
  
  
• By aggregating information:  We may aggregate and use certain information (for example, we may aggregate information to calculate the percentage of our users who have a particular telephone area code).

Please note that we may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law.  If we are required to treat Other Information as Personal Information under applicable law, then, in addition to the uses listed in the “Other Information We Collect” section above, we may use and disclose Other Information for all the purposes for which we use and disclose Personal Information.

If you are an individual based in the European Union (“EU”), where your details are provided to AIG in connection with providing or offering products or services to you, you have certain additional rights in accordance with the General Data Protection Regulation (“GDPR”), as described below.

AIG is a data controller and processor for the purposes of the GDPR and will process your personal information in accordance with its obligations under the GDPR.

In certain circumstances you may exercise the following rights in relation to your personal information relating to you (defined in the GDPR as “Personal Data”):

• Right to access your Personal Data (Art 15 GDPR).
• Right to rectify your Personal Data (Art 16 GDPR).
• Right to request that your Personal Data is erased (Art 17 GDPR).
• Right to restrict the use of your Personal Data (Art 18 GDPR).
• Right to data portability (in certain specific circumstances) (Art 20 GDPR).
• Right to object to processing of your Personal Data (Art 21 GDPR).

Where you have provided your consent to processing (e.g. to receive information about products and services), you may withdraw your consent at any time by emailing privacy.officerNZ@aig.com

How long we keep your information

AIG will retain your Personal Data for as long as is required to perform the service or for the purposes for which the data was collected, depending on the legal basis for which that data was obtained.

Where AIG requires your Personal Data to comply with contractual or other legal requirements, failure to provide this information may mean the AIG will not be able to provide certain services.

Legal Basis for Processing under the GDPR

In this section we provide information on the legal basis for our processing of your Personal Data as required by Art 13 and 14 of the GDPR:

• When you register your information online, such processing is necessary for the performance of our services, Art 6 (1) (b) GDPR.
• For sensitive data (including biometric data) as defined in the GDPR, we process such data on the basis of your prior consent, Art 9(2)(a) GDPR.
• For non-sensitive Personal Data which we need in order to perform the services, such processing is necessary for the performance of our services, Art 6 (1) (b) GDPR.
• With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art 6 (1) (f) GDPR, which is to provide or enhance our services.
• When you communicate with us or sign up for promotional material, we process such data on the basis of our legitimate interest, Art 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages.
• When we collect cookies or other tracking technologies, we process such data on the basis of your consent, Art 6 (1) (a) GDPR, and based on our legitimate interest, Art 6 (1) (f) GDPR, being to provide you with better customised services or marketing.
• When we aggregate data, such processing is either necessary for the performance of our services, Art 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art 6 (1) (f) GDPR, and our legitimate interest is to provide you with better or customised services and marketing.

Additional use of Personal Data

Additional use of your Personal Data that is not described in this Privacy Policy will only take place as required by statute or when we have obtained your consent.

Concerns by EU residents

Should you have any concerns in relation to AIG’s collection and/or processing of your Personal Data, then in addition to the process set out at section 10 above, you have the right to complain to a supervisory authority (within the meaning of the GDPR).  

This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site to which this Site contains a link.  The inclusion of a link on the Site does not imply endorsement of the linked site by us or by our group companies.

The Site is not directed to individuals under the age of sixteen (16), and we request that these individuals do not provide Personal Information through the Site.

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business and legal requirements.  We will place updates on our website.

Please take a look at the “LAST UPDATED” date at the top of this Privacy Policy to see when it was last revised.

By completing the Site, you consent to the use of your Personal Information and that of any other person insured by as stated in the Privacy Statement above.