Privacy & Security

The protection and privacy of your personal information is a priority to us.

Privacy & Security

The protection and privacy of your personal information is a priority to us. This means handling your personal information in a responsible manner in accordance with the Privacy Act and the Australian Privacy Principles.

Our Privacy Policy contains details about how we collect, use and disclose your personal information generally and our Online Security Statement provides additional security information about how we ensure the security of your personal information when you deal with us online.

Online Security Statement

Please read this statement along with our Privacy Policy

We take the protection of your personal information very seriously, so we regularly revise and update our security measures to keep your information private and meet industry standards.

Steps we take to protect your personal information

  • We encrypt your information as it travels between your computer and our computers. We use a form of Transport Layer Security (TLS) to stop anyone intercepting your information.
  • Your personal information is stored on computer systems which are protected by a combination of firewalls, secure logon processes, encryption and intrusion monitoring technologies.
  • We use a recognised payment service provider to process any insurance payments you make using this website. This service provider is committed to protecting your personal information on our behalf.
  • In certain circumstances we will collect and use your IP address to protect the security of our website.
  • We regularly test our websites and infrastructure for vulnerabilities and take action where needed.
  • We apply security patches to software provided by vendors.

Steps you can take to protect your personal information

It’s still very important that you take some steps to help keep up security when you’re online:

  • Protect your personal information, such as usernames, passwords and policy details, by not allowing anyone to see you entering them, and avoid public Wi-Fi usage.
  • Notify us as soon as possible if you become aware of any security breaches.
  • Use a strong password for your account. Try to think of something that is easy to remember, but hard to guess, such as a passphrase.
  • Change your password regularly and try not to reuse the same password on more than one site.
  • Don’t let your browser save your password for our websites.
  • Be wary of websites, emails or phone calls that claim to be from us. Please contact us if you are unsure.
  • Keep an eye on your accounts and check for any unauthorised transactions.
  • Keep your devices up to date with firewall enabled, anti-malware software, anti-virus software and security updates.

How do you make sure you’re going to the right website?

  • Always go directly to our website by typing the address rather than following links found in emails or elsewhere online.

Keeping safe with email

  • Never disclose personal, financial or debit/credit card information by email. Contact us if you’re unsure of the legitimacy of any email that appears to have come from us.
  • We will never ask for sensitive or personal information such as usernames, passwords or policy details if you haven’t asked for our help first.

By helping us with these things, we can both work to make your world a safer place. To report any concerns around the security or privacy of your information please email

Read more at StaySmartOnline, an Australian Government online safety and security website.

Privacy Policy


CGU Insurance (CGU) is a trading name of Insurance Australia Limited ABN 11 000 016 722 (“we”, “our”, “us”).

Last updated on 6 August 2021

Your privacy is important to us and we are committed to handling your personal information in a responsible way in accordance with the Privacy Act. This is our Privacy Policy and it sets out how we collect, store, use and disclose your personal information. We recommend that you read it carefully.

As CGU is an Insurance Australia Group Limited (IAG) business, this Privacy Policy must be read together with the IAG Master Privacy Policy, which describes how IAG collects, holds, uses and discloses your personal information. A copy of the IAG Master Privacy Policy is available at:

By visiting any of our websites, applying for, renewing, holding or using any of our products or services or providing us with your information, you agree to your information being collected, held, used and disclosed as set out in this Privacy Policy and the IAG Master Privacy Policy.

The information we collect

We collect the information necessary for us to provide you with the products and services you have requested from us, for the purposes set out under the section ‘How We Use and Disclose Your Information’ below, or if the law otherwise allows or requires us to do so.

We will only collect your sensitive information if you have provided us with consent to do so

You do not have to provide us with your personal information. 
However, if you don't it may affect our ability to assist you or provide you with a product or service you would like. If you want to deal with us while not identifying yourself (for example, anonymously or by using a pseudonym) we will let you where it is practical for us to do so (for example, where you make a general enquiry of us). 
Please tell us if you wish to do this and we will indicate whether, taking into account the nature of the transaction, it is practical and reasonable to do so

The information we collect and hold generally about you and other individuals (such as your spouse, partner or children or other joint insureds) includes name, address, date of birth, and contact details (such as phone number, fax number and/or email address).

However, we may also collect and hold other information required to provide services or assistance to you, including your gender, employment, details of your previous insurances, sensitive information (such as health information and criminal records), claims history, your bank account or credit card details, your personal assets and those of your spouse or partner.

How we collect your personal information

We may collect your personal information in various ways, including via person-to-person contact directly from you, telephone, the internet (including our website), hard copy forms or email. Whenever you choose to deal with us directly, we will where possible collect this information directly from you.

However, there may be occasions when we collect your personal information from someone else. This may include from publicly available records or databases (including phonebooks, public websites or social media), your broker or financial adviser, CGU authorised representatives, joint insureds on your policy, other insurers, employers, our distributors, business partners or agents or related entities, medical practitioners and rehabilitation providers, another party involved in claim, investigators, the Insurance Reference Services (IRS) and its members, third parties who provide services to us or on our behalf, family members, anyone you have authorised to deal with us on your behalf, and/or our legal advisers.

We may also seek to collect personal information about someone else from you (for example, if you request a product or service jointly with another person). However, you must not provide us with information about another person unless you have clear consent from that person to do so and let them know about this Privacy Policy and where to find it.

How we use and disclose your personal information

We only use and disclose your personal information for the purpose for which it was provided to us, other related purposes and purposes permitted by law, or purposes to which you otherwise consent. Such purposes include:

  • responding to enquiries or complaints in respect of a product, service or claim;
  • providing you with our products and services and any assistance you request from us (for example, processing requests for quotes, applications for insurance, underwriting and pricing policies, offering excesses and discounts, issuing renewing or amending policy, managing and assessing claims made under or against a policy which you hold, processing claims or payments, recovering money paid to you or debts you have incurred, etc);
  • maintaining or administering your account policies, processing payments you have authorised and processing third party authority arrangements;
  • maintaining and improving our products and services, our customer service practices and our internal business processes;
  • processing your survey or questionnaire responses for the purpose(s) notified in the survey or questionnaire (if you have chosen to participate in such);
  • better understand our customers' needs and tailor our future products and services accordingly (including by conducting market research and analytics);
  • contacting you (including by email, telephone, SMS, mail, social media or targeted digital advertising) to provide you with offers and marketing information about products and services (of ours, our agents and distributors, our related entities and other organisations) which we believe may be of interest to you if you opt-in to receive such (If you have opted-in, you can contact us at any time to ‘opt out’ of receiving such marketing communications, or simply follow the unsubscribe instructions in the relevant communication);
  • for facilitating our ordinary business operations (including general business reporting, modelling and analysis and managing our IT infrastructures, databases, websites and for statistical and maintenance purposes);
  • quality assurance, audit and training purposes;
  • complying with, and assisting our related entities, agents, brokers, business partners, distributors and insurance advisers in complying with, any applicable law, code (including the General Insurance Code of Practice), as amended from time to time) or regulation, and assisting with government, law enforcement agencies and regulators (including anti-money laundering, sanctions, anti-slavery, and prevention of fraud and other criminal activity);
  • any other purposes identified at the time of collecting your information.

However, we will only use and disclose your sensitive information for the purposes for which it was initially collected, other directly related purposes and purposes permitted by law, or purposes to which you otherwise consent. 

Who we disclose your personal information to

We will disclose your information to our related entities and third parties (including those who provide services to us or on our behalf), for the purposes set out under the section ‘How We Use and Disclose Your Information’ above, other related purposes and purposes permitted by law, or purposes to which you otherwise consent. These related entities and third parties include:

  • our agents, business partners and distributors (including financial institutions, credit unions and other third parties with whom we have a commercial or referral arrangement);
  • insurance advisers (such as CGU authorised representatives and insurance brokers) who offers or arranges one of our products or services on our behalf;
  • insurance reference bureaux (including Insurance Reference Services, and Insurance Fraud Bureau of Australia), underwriters and re-insurers (and their representatives);
  • other insurance providers, a joint insured on your insurance policy, any other person listed on your insurance policy (for example, a nominated driver) or anyone else who has your authority;
  • any credit providers that have security over your property;
  • in the case of some claims (or likely claims other insurers, third party), assessors, investigators, your employer, medical practitioners, rehabilitation witnesses, passengers, other drivers or another party involved in a claim (for example, to obtain or provide information relevant to an assessment of your claim or to recover monies on a claim you have made) and any agents, representatives or subcontractors or the above;
  • complaint and dispute resolution bodies (including the Australian Financial Complaints Authority);
  • our third party service providers (including recovery agents, media publishers, lawyers, suppliers, mailing houses, marketing agencies and companies, market researchers, it experts and infrastructure providers, analytics service providers, physical and electronic storage providers and payment service providers) and professional advisers and consultants and any agents, representatives or subcontractors of any of those third party providers, advisors and consultants;
  • government bodies, regulators, law enforcement agencies and any other parties where required or permitted by law;
  • our related entities and businesses, agents, and distributors, (for example, NRMA Insurance, or so that they can support our operators, and also offer you products and services if you have opted-in to receive information about such products and services.

If the ownership or control of our business changes, we may transfer and disclose your personal information to the new owner.

A small number of our related entities and third party service providers are located in countries outside of Australia (mostly in New Zealand, Singapore, South Africa, India, Philippines, the United Kingdom, Malaysia, Republic of Ireland, Israel and United States of America). If we do this, we do all we can to ensure there are arrangements in place to protect your personal information, or otherwise obtain your consent before doing so. 

Security of your personal information

We hold your personal information in:
  • Computer systems;
  • Electronic databases;
  • Digital records, and
  • Hard copy or paper files.

We take reasonable steps (including any measures required by law) to ensure your information is protected and secure. For any insurance payments you make via our websites, we use a recognised payment service provider that is required to take reasonable steps to protect your information.

We also take reasonable precautions to ensure that any information you provide to us through our websites is transferred securely from our servers to our mainframe computers, including through use of Secure Sockets Layer (SSL) protocols.

You must take care to ensure you protect your information (for example, by protecting your usernames and passwords, policy details, etc) and you should notify us as soon as possible after you become aware of any security breaches

Accuracy, access and correction

We take reasonable steps to ensure the information we collect and hold about you is accurate, complete and up-to-date. However, we rely on you to advise us of any changes to your information or corrections required to the information we hold about you.

Please let us know as soon as possible if there are any changes to your information or if you believe the information we hold about you is not accurate, complete or up-to-date.

We will, on request, provide you with access to the information we hold about you unless otherwise required or permitted by law. We will notify you of the basis for any denial to access your information. We may ask you to complete a ‘Personal Information Access Request Form’ and may charge you a service fee for retrieving and sending the information to you. Please contact us using the contract details below if you require access to the information we hold about you.

What if you have a complaint?

If you wish to make a complaint about a breach of this Privacy Policy or the Privacy Act 1988(Cth), you can contact us using our contact details below. You will need to provide us with sufficient details regarding your complaint, as well as any supporting evidence and/or information.

We will investigate the issue and determine our determination of your complaint.

If you are not satisfied with our determination, you can contact us to discuss your concerns or complain to the Office of the Australian Information Commissioner by contacting them:

How to contact us

If you have any questions or concerns about this Privacy Policy or its implementation contact us via:

Toll free line Monday to Friday on 1800 801 241 or on 13 24 81

While overseas +61 3 9601 8222

Revision of our Privacy Policy

We reserve the right to revise this Privacy Policy or any part of it from time to time. Please review this policy periodically for changes.

Your continued use of our websites, products or services, requesting our assistance, applying for or renewal of any of our products or services or the provision of further personal information to us after this Privacy Policy has been revised, constitutes your acceptance of the revised Privacy Policy.