Aegis

Trusted Financial Services

Privacy Policy

Last updated: 1 February 2026

1. Introduction

Aegis ("we", "us", "our") is committed to protecting the privacy of individuals who interact with our business. This privacy policy explains how we collect, use, store and disclose personal information in connection with our insurance and financial services in Australia. It is designed to meet our obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and to reflect sound practice for the insurance sector.

2. Scope

This policy applies to personal information we collect about customers, claimants, prospective customers, policyholders, agents, brokers, suppliers and website visitors. It covers personal information obtained in person, on the phone, via our website, by email, and from third parties.

3. What information we collect

We collect the kinds of personal information reasonably necessary for our business, including:

  • Identity and contact information (name, address, email, telephone).
  • Verification information (date of birth, driver licence, passport, tax file number where required).
  • Insurance-related information (policy details, payment and claims history, risk and underwriting information).
  • Sensitive information where required for underwriting and claims (health information, medical reports, criminal records) — we will only collect this where necessary and with appropriate consent or legal basis.
  • Financial information (bank account details, credit card details, income and employment details, credit information from credit reporting bodies).
  • Interaction data (communications, call recordings, notes, preferences and feedback).
  • Device and usage data from our website including cookies, IP addresses, and analytics data.

4. How we collect information

We collect personal information directly from you (for example, when you complete an application, make a claim or contact us). We may also collect information from third parties such as:

  • Agents, brokers and intermediaries;
  • Healthcare providers and medical specialists (for claims handling);
  • Government agencies and regulators where permitted or required by law;
  • Credit reporting bodies and identity verification services;
  • Other insurers, reinsurers and investigators (e.g. fraud checks); and
  • Service providers who assist us with administration, IT, hosting, analytics and marketing.

5. Purposes of collection and legal basis

We collect and use personal information to provide and administer our products and services, which may include:

  • Assessing eligibility and underwriting risks;
  • Processing applications, policies, claims and payments;
  • Detecting and preventing fraud and other unlawful activity;
  • Meeting regulatory and reporting obligations (including to APRA and ASIC where applicable);
  • Improving our products, services and customer experience;
  • Conducting research, analytics and trend reporting on an aggregated or de-identified basis;
  • Direct marketing where you have consented or where permitted by law; and
  • Operational purposes such as IT support, administration and risk management.

Where we collect sensitive information (for example health information needed to process a claim) we will take reasonable steps to obtain your consent or rely on another lawful basis permitted by the Privacy Act.

6. Disclosure and third parties

We may disclose personal information to third parties where necessary for the purposes described above. Typical recipients include:

  • Insurers, reinsurers and brokers;
  • Claims handlers, loss adjusters, investigators and legal advisors;
  • Medical and other health professionals for claims assessment;
  • Service providers who host systems, provide analytics, payments or customer support;
  • Government agencies, law enforcement or regulators where required by law; and
  • Other parties with your consent.

We require our service providers to handle personal information in accordance with this policy and applicable law. Where we engage overseas service providers, we will take reasonable steps to ensure adequate protection of personal information (see below).

7. Overseas disclosures

Some of our service providers may be located overseas or may transfer data to third parties in other jurisdictions (including for IT hosting and analytics). Where personal information is disclosed overseas we will take reasonable steps to ensure that the recipient handles the information in a way that complies with the APPs, or we will obtain your consent. If you would like details of the countries where overseas recipients are likely to be located, contact our Privacy Officer (details below).

8. Security

We take reasonable steps to protect personal information from misuse, interference, loss and unauthorised access, modification or disclosure. These steps include physical, technical and administrative safeguards such as access controls, encryption, network monitoring, secure disposal policies and staff training.

9. Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected and to meet our legal and regulatory obligations. Retention periods vary depending on the type of information and legal requirements (for example insurance-related records are generally kept for several years after a policy expires or a claim is finalised).

10. Access and correction

You may request access to the personal information we hold about you and request corrections if it is inaccurate. We will respond to your request within a reasonable period and may charge a small fee for retrieval or copying where permitted by law. We may refuse access in certain circumstances set out in the Privacy Act, and will provide reasons for any refusal.

11. Complaints

If you have a complaint about a breach of your privacy, please contact our Privacy Officer using the details below. We will investigate and respond within a reasonable timeframe. If you remain dissatisfied you may refer the matter to the Office of the Australian Information Commissioner (OAIC).

12. Cookies and online tracking

Our website uses cookies and similar technologies to collect information about how visitors use our site. This helps us improve the site, remember preferences and provide analytics. You can control cookies through your browser settings; however disabling some cookies may affect site functionality.

13. Marketing

We may use your personal information to send you marketing communications about products and services we think may be of interest. You can opt out of marketing at any time by following the unsubscribe link in the communication or by contacting us.

14. Changes to this policy

We may update this privacy policy from time to time. The updated policy will be posted on this page with an updated "Last updated" date. Significant changes will be communicated to existing customers where appropriate.

15. Contact us

For privacy enquiries, requests for access or correction, or to make a complaint, contact our Privacy Officer:

Privacy Officer
Aegis
Email: privacy@aegis.example.com
Phone: 1300 000 000
Postal: PO Box 000, Sydney NSW 2000

16. Additional information for insurance customers

For insurance products, we may also need to collect additional information to comply with legal and regulatory obligations, including fraud prevention, anti-money laundering and counter-terrorism financing checks, which may involve the use of public and government databases and disclosure to regulators. In some circumstances, failure to provide required information may result in declined applications, reduced cover or the inability to process claims.

This Privacy Policy is a general statement of our practices and does not form part of any contract of insurance. For policy-specific privacy information, please refer to the relevant policy documentation or contact us.