This Privacy Policy sets out how (we or us) collects, stores, uses and discloses personal information in relation to any of its products and services.

This Policy is designed to tell you what will happen to the information you provide to us through this website or through any other form of communication with us, our wholly-owned subsidiaries, or our agents or contractors. Please be sure to read this entire Privacy Policy before using this website or submitting personal information to us or our agents or contractors.

We respect your rights to privacy under the Privacy Act 1988 (Cth) (the “Act”) and we comply with all of the Act’s requirements in respect of the collection, management and disclosure of your personal information.

Europ Assistance Australia Pty Ltd is the data controller for personal information collected through this website. Personal information collected via this website is processed by Europ Assistance Australia Pty Ltd and is not automatically accessed by other group entities, unless otherwise described in this Policy.

Personal and Sensitive Information

This Privacy Policy concerns any of your personal information or sensitive information which is provided to us.

When used in this Privacy Policy, the term “personal information” has the meaning given to it in the Act. In general terms, it is any information that can be used to personally identify you. This may include your name, address, telephone number, email address and profession or occupation. If the information we collect personally identifies you, or you are reasonably identifiable from it, the information will be considered personal information.

Sensitive information is any personal information about your racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record or health information. We will take all reasonable steps to ensure that we only collect sensitive information (including health information) that is relevant for the required purposes of collection and does not unreasonably intrude on your personal affairs.

Your consent

By using this website or otherwise providing us directly, or through others, with personal information, you agree with the terms of this Privacy Policy and consent to the collection, use, and disclosure of that information in accordance with this Privacy Policy, the Privacy Act 1988 (Cth) as amended (including the New Zealand’s Privacy Principles) and other applicable privacy laws such as GDPR.

Our website

Passive information collection

As you navigate through this website, certain information can be passively collected (that is, gathered without you actively providing the information) through various technologies, such as cookies, internet tags or web beacons and navigational data collection.

Cookies and similar technologies

When you access our website, we may send a “cookie” (which is a small summary file containing a unique ID number) to your computer. This enables us to recognise your computer and greet you each time you visit our website without bothering you with a request to register. It also enables us to keep track of services you view so that, if you consent, we can send you news about those services. We also use cookies to measure traffic patterns, to determine which areas of our website have been visited and to measure transaction patterns in the aggregate. We use this to research our users’ habits so that we can improve our online services.

This website may use and combine such passively collected anonymous information to provide better services to website visitors, customise the website based on your preferences, compile and analyse statistics and trends and otherwise administer and improve the website for your use. Such information is not combined with personally identifiable information collected elsewhere on the website unless you have consented.

We use Google Analytics, Google AdWords Conversion tracker, and other Google services that place cookies on a browser across the website. These cookies help us increase the website’s effectiveness for our visitors. These cookies are set and read by Google. We use data from Google Analytics Demographics, Interest Reporting and 3rd party audience data to help us understand how people find and use our site. To opt out of Google tracking, please visit here.

Our cookies do not collect personal information. If you do not wish to receive cookies, you can set your browser so that your computer does not accept them. Analytics cookies are only placed where you have provided consent through our cookie banner. You may withdraw consent at any time.

We may log IP addresses (that is, the electronic addresses of computers connected to the internet) to detect and prevent fraud, analyse trends, administer the website, track users’ movements, and gather broad demographic information.

Artificial Intelligence

We may use automated systems, including artificial intelligence (AI), to support our products, services and business operations. This may include activities such as risk assessment, claims processing, fraud detection, analytics and service improvement.

We take reasonable steps to ensure these systems are used responsibly, with appropriate governance, oversight and controls (including human review where appropriate). Personal information used in such systems is handled in accordance with this Privacy Policy.

We may also use trusted third-party providers to support these capabilities and require them to meet appropriate privacy, security and confidentiality standards.

Security

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online. We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the Internet. Accordingly, any personal information or other information that you transmit to us online is transmitted at your own risk.

Links

Our website may contain links to other websites operated by third parties. We make no representations or warranties in relation to the privacy practices of any third-party website, and we are not responsible for the privacy policies or the content of any third-party website. Third-party websites are responsible for informing you about their own privacy practices.

Unsolicited information

If we receive unsolicited personal information, we will determine whether the information could have been collected if it had been solicited in the first place. If the information could have been collected, all principles under this Policy applied to solicited personal information will apply to the unsolicited information received.

If we determine that the information collected could not have been collected by us, we will aim to destroy or de-identify the information as soon as practicable, but only if lawful and reasonable to do so.

How we collect your personal information

We collect personal information that is necessary for our business activities and to provide and develop our services. We may do this in a number of ways, including:

• directly from you, when you provide it to us or our agents, partners, service providers or contractors;
• from publicly available resources;
• by analysing our own records of your use of our services and website;
• third parties whom you have asked to provide your personal information to us;
• people who are involved in a claim or assist us in assessing, investigating, processing or settling claims, including witnesses, medical service providers, external claims data collectors and verifiers;
• law enforcement, dispute resolution, statutory and regulatory bodies;
• marketing organisations, including through the use of purchased lists;
• industry databases;
• through social media vehicles such as Facebook, Twitter and others; and
• via online product reviews.

What personal information do we collect and why?

Where required under applicable laws, we process personal information on the basis of one or more of the following grounds:

• to perform a contract or take steps at your request prior to entering into a contract (this includes to provide you with a quote, issue and manage your travel insurance policy, and handle any claims or assistance you request);
• to comply with legal and regulatory obligations;
• for our legitimate business interests (such as fraud prevention, security and service improvement), where those interests do not override your rights; or
• with your consent, which may be withdrawn at any time.

The type of personal information we collect may include your name, date of birth, address, postcode, telephone numbers, email address, and information on how you use, and your preferences regarding, travel insurance and similar products and services as well as information about how you interact with our website.

We may also collect sensitive information such as health information (i.e. pre-existing medical conditions), religious beliefs (i.e. to determine whether there are certain repatriation practices we need to respect), or other sensitive information reasonably necessary for assessing, administering or delivering our services, and only where permitted by law.

We may analyse personal information (including sensitive information where permitted by law) to prevent, detect and investigate fraud, financial crime, sanctions breaches and irregularities. This may include risk profiling and monitoring activities conducted in our legitimate interests and to comply with applicable laws. In cases of proven fraud, information may be shared with insurers, law enforcement or specialist investigation providers.

If we are not provided with the personal or sensitive information that we request, we may not be able to meet your request or provide our products or services to you.

We collect, hold, use and disclose your personal information for the following purposes connected with our business operations, which include to:

• verify your identity;
• assessing insurance risks;
• facilitate the provision of our products and services to you (including facilitating a claim or an assistance matter);
• address or respond to any requests from you;
• inform you of existing and proposed products and services which we provide;
• better understand your needs around travel insurance;
• develop and improve the quality and scope of the products and services we provide, and seek your feedback;
• handling complaints and disputes;
• detecting, investigating and preventing fraud;
• provide you with access to protected areas of our website;
• conduct anti-money-laundering, sanctions and counter-terrorism financing checks;
• assess the performance of the website and to improve the operation of the website;
• conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties;
• undertake administrative activities, marketing (including direct marketing), planning, product or service development, quality control and research, including by us and our related bodies corporate, contractors or service providers; or Commercial Partners;
• to provide your updated personal information to our related bodies corporate, contractors, service providers or commercial partners;
• update our records and keep your contact details up to date; and
• comply with any law, rule, regulation, lawful and binding determination, decision or direction of a regulator, or in co-operation with any governmental authority.

Purpose of Collecting Health Information and Automated Decision-Making

We collect health information to assess the risk associated with pre-existing medical conditions for our travel insurance policies. This information is shared with our external provider, based in Australia, who uses algorithms to generate a risk score based on the medical conditions declared. Our provider does not receive your identifiable data, only the conditions entered in isolation are used. The algorithms consider various factors which helps determine the likelihood of a medical incident occurring overseas and the associated costs. The risk score produced by our provider assists us in making informed decisions regarding whether we can cover the medical conditions and any additional premiums required for such cover.

Other uses of personal information

We may also use your personal information for purposes related to those described above which would reasonably be expected by you.

We will not use your information for purposes other than those described above unless we have your consent or as permitted by law (including for law enforcement or public health and safety reasons).

Sharing your personal information

We may disclose your personal information in certain circumstances, such as where we are required or authorised by law or where you have consented to us doing so.

This may include where the use or disclosure is reasonably necessary;

• to assist in locating a missing person;
• to establish, exercise or defend a legal or equitable claims;
• for the purpose of a confidential alternative dispute resolution; and for other matters identified in the Act.

We also may disclose your personal information to:

• our employees, related bodies corporate, contractors or service providers or commercial partners for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide services to you;
• suppliers, commercial partners and other third parties with whom we have commercial relationships, for business, marketing, and related purposes;
• others in accordance with a request made by you;
• our related companies and business partners and commercial partners; and
• persons engaged in providing us with professional, business, technology and corporate services, when reasonably required (including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, solicitors, business advisors and consultants).

When making such a disclosure we will take reasonable steps to ensure that the recipient is bound by privacy obligations.

We will not disclose your sensitive information for any purpose, other than the purpose for which it was collected unless you otherwise consent.

Does my personal information leave New Zealand?

We will only send your personal information outside New Zealand for any one or more of the following purposes:

• providing you the services set out under any applicable insurance policy we provide to you or any other similar service we provide to you;
• if we are authorised to do so by law;
• for any of the purposes set out in this Privacy Policy (but only to parties that are subject to obligations in relation to personal information no less onerous than those in this Privacy Policy); or
• if you have consented to us doing so.

Your personal information may be disclosed to entities and parties located overseas, including European Countries (EEA), Malaysia, UK, USA, Japan and the Philippines. Your personal information may also be disclosed to entities and parties in the countries, regions nominated under your insurance policy, or any other regions where you may require assistance. Where personal information is disclosed overseas, we take reasonable steps to ensure appropriate safeguards are in place, including contractual obligations or other mechanisms required by law, to protect your personal information. Some overseas jurisdictions may have different data protection laws, and in certain circumstances, we may not be able to ensure equivalent protection.

Access and correction

You may request access to any of the personal information we hold about you by contacting us as specified below. Where we hold information that you are entitled to access, we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you). We reserve the right to charge a reasonable fee for the costs of retrieval and supply of any requested information. We will not charge for simply making the request and will not charge for making any corrections to your personal information.

There may be instances where we cannot grant you access to the personal information we hold. For example, we may need to refuse access if granting access would interfere with the privacy of others or if it would result in a breach of confidentiality. If that happens, we will give you written reasons for any refusal.

We will take all reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up to date. If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it. We will consider if the information requires amendment. If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it. We will provide you with written notice including the reasons for our refusal to correct your personal information as per you request and the complaint mechanisms available to you.

We will acknowledge your request within 10 business days and will respond to your request within a reasonable time.

Erasure

You may request the deletion of your personal information at any time. However, please note that certain categories of data may be retained for legal, regulatory, or operational purposes and cannot be erased within our standard data retention period (generally for a period of 7 years, unless a longer period is required or permitted by law, or reasonably necessary to manage legal, regulatory or dispute matters). To submit a request, please contact us. We will assess your request and inform you of the outcome.

Direct Marketing

From time to time, we may use your personal information so that we, our wholly owned subsidiaries, agents, contractors or commercial partners can provide you with information about our or their products and services or to request your feedback for marketing or promotional purposes.to advise you about or offer you other products or services that may be relevant and of interest to you. These products and services may not be related to the products or services provided by us. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable marketing laws, such as the Spam Act 2003 (Cth). If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so.

By using our website, or by purchasing our products, or by otherwise providing us directly, or through others, with personal information, you consent to the use of your personal information for purposes of direct marketing as set out above for until such time that you unsubscribe / opt-out.

You always have the right to opt-out of receiving such information. If you do not want to receive these offers from us (including product or service offerings from us on behalf of our business commercial partners), please advise our agents, use the opt-out page in our website or contact us at enquiries@europ-assistance.co.nz. Alternatively, you can use the unsubscribe link in any electronic direct marketing message that you may receive from us.

We do not use or disclose sensitive information for the purposes of direct marketing unless we have previously obtained your consent.

Security

We will take all reasonable precautions to safeguard your information from loss, misuse, unauthorised access, modification, disclosure or destruction. You should keep in mind that no Internet transmission is ever completely secure or error-free. In particular, e-mails sent to or from this website may not be secure.

We may hold your information in either electronic or hard copy form. Personal information is destroyed or de-identified when no longer needed or when we are no longer required by law to retain it (whichever is the later). The personal information you provide to create your quotation will be destroyed after 30 days if you do not complete a purchase.

Data Breach Notifications

A data breach occurs when personal information held by us is lost, or subjected to unauthorised access or disclosure. This may include incidents such as:

• Loss or theft of devices containing personal data
• Unauthorised access to personal information
• Accidental disclosure of personal information to the wrong recipient

If you become aware of a potential data breach involving us, please notify us immediately by emailing compliance@europ-assistance.com.au

We will assess the incident in accordance with the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme, and take appropriate steps, including notifying affected individuals and the OAIC if required.

Links to other websites

This website may contain links or references to other websites to which this Privacy Policy may not apply. You should check their own privacy policies before providing your personal information.

Anonymity

If you have general enquiries or if you are using this website, you can be dealt with anonymously however given the nature of our services, it is not possible to deal with you on an anonymous basis outside of those circumstances.

How we process your personal information

• Lawfully, fairly and transparently: we have identified the valid grounds for the Processing and provide you with transparent and clear information on how, why, how long and by whom your personal information will be processed. We will not process your personal information in a way that is unduly detrimental, unexpected or misleading.
• Purpose limitation: we collect personal information only for specified, explicit and legitimate purposes. Further Processing incompatible with those purposes is not allowed.
• Minimisation: we process only personal information strictly necessary to pursue the purposes for which it is collected and will therefore not request unnecessary personal information from you.
• Accuracy: we do not process inaccurate personal information and, where necessary, we will keep personal information up to date. When it is discovered that personal information is inaccurate in respect of the purposes for which it is processed, we will take reasonable steps to correct or erase it timeously.
• Storage limitation: we will keep personal information only as long as reasonably necessary for the purposes for which it is processed but generally for a period of 7 years from the date of your policy purchase, claim or complaint. Following the expiration of this retention period, personal information may be retained but only in a form which does not permit the identification of the individual i.e. through obfuscation, redaction, anonymisation, etc.
• integrity and confidentiality: we ensure that appropriate organisational and technical measures are in place to protect personal information and avoid unauthorised or unlawful Processing, accidental loss, destruction or damage.

How to contact us

If you wish to exercise your right to opt-out of receiving our marketing materials, or you have any questions or concerns about this Privacy Policy or our information practices (including whether and what type of health information we hold about you), please contact us at:
E: compliance@europ-assistance.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Office of the Privacy Commissioner

Changes to this Privacy Policy

Our Privacy Policy may change from time to time as updated on this website. Before providing us with personal information, please check this Policy on our website for any changes.

Last updated: May 2026