NIBA - Logo small
Need A Broker Logo
Insure Your Future logo
niba-insure-your-future-horizontal_logo

Privacy Policy

NIBA PRIVACY POLICY

The Privacy Act 1998 (Cth) (Privacy Act) and its Australian Privacy Principles (APPs), set out standards for the collection, use, disclosure and handling of personal information. This Privacy Policy sets out how the National Insurance Brokers Association (NIBA and “we”) collects, uses, discloses and handles personal information consistent with these standards.

NIBA is committed to protecting the privacy of, and ensuring the accuracy and security of personal information collected from, its members, consumers and other parties.

What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether it is recorded in a material form or not.

Sensitive information is a subset of personal information and includes information or an opinion about a person’s racial or ethnic origin, political opinions, membership of a political, trade or professional association or a trade union, religious or philosophical beliefs or affiliations, sexual orientation or practices, criminal record, health information, genetic information or biometric information or templates.

See the Privacy Act for full details of what is and is not included.

What information do we collect and hold?

The kinds of personal information we collect and hold vary depending on the services and/or products we are providing, but generally can include:

  • Your contact information such as full name (first and last), e-mail address, current business address, postal address (if different to business address) and phone numbers;
  • Details relating to your education and qualifications;
  • Details relating to your employment (if applicable) or your previous employment;
  • Your date of birth and gender;
  • Information relevant to our functions, activities, products and/or services, including our conference and events;
  • Information relevant to finding an appropriate insurance broker;
  • Information relevant to employment in the insurance broking industry;
  • Other information such as your opinions, statements and endorsements collected personally or via surveys and questionnaires, including but not limited to your views on the products and/or services offered by us; and
  • Any relevant payment or billing information, (including but not limited to bank account details, direct debit, credit card details, billing address).

The kinds of sensitive information we may collect and hold generally can include:

  • criminal record; and
  • membership of a professional or trade association.

How do we collect and hold personal information?

We only collect personal information by lawful and fair means and where it is reasonably necessary for, or directly related to, one or more of our functions or activities.

Unless it is unreasonable or impracticable for us to do so, or as provided otherwise under this Privacy Policy, we will collect your information directly from you through your use of our websites or when you contact NIBA by email or telephone.

We may also obtain personal information indirectly, in which case who it is from will depend on the circumstances. We may, for instance, obtain it from public sources, your employer or agent, another NIBA member or insurance intermediaries, anyone appointed to review and handle complaints or disputes, professional indemnity and other insurers and anyone appointed to handle a claim thereunder, regulatory or other law enforcement or government bodies, and persons who we enter into business alliances with.

We attempt to limit the collection and use of sensitive information from you unless we are required to do so in order to provide our services and/or products to you. However, we do not collect sensitive information without your consent.

We hold the personal information we collect within our own data storage devices or with a third party provider of data storage. We have set out details of how we protect the security of your personal information below.

The purposes for which we collect, hold, use and disclose your personal information.

We collect, hold, use and disclose your personal information where it is reasonably necessary for, or directly related to, one or more of our functions or activities, to offer and administer our various products and/or services or otherwise as permitted by law.

Such purposes include:

  • identifying you;
  • responding to enquiries and providing assistance (including with respect to finding an appropriate insurance broker and employment in the insurance broking industry);
  • developing, maintaining and administering our products and/or services (for example our publications, guidance documents, research reports and the Insurance Brokers Code of Practice);
  • processing payments;
  • processing survey or questionnaire responses;
  • conducting market research and customer satisfaction research, and collecting general statistical information using common internet technologies such as cookies;
  • providing you with marketing information regarding other products and/or services (of ours or a third party);
  • quality assurance and training purposes;
  • performing administrative operations (including accounting and risk management);
  • establishing and administering alliances and other arrangements with other organisations in relation to the promotion, administration and use of our respective services and/or products; and
  • any other purpose identified at the time of collecting your information.

We do not use or disclose personal information for any purpose that is unrelated to our services and/or products and that you would not reasonably expect (except with your consent). We will only use your personal information for the primary purposes for which it was collected or as consented to.

We do not use sensitive information to send you direct marketing communications without your express consent.

If we do propose to disclose or use your personal information other than for the purposes listed above, we will first seek your consent prior to such disclosure or use.

We do not sell, trade, or rent your personal information to others.

Who do we disclose your personal information to?

We have a duty to maintain the confidentiality of our members’ affairs, including their personal information. Our duty of confidentiality applies except where disclosure of personal information relating to a member is with your or their consent, or compelled by law. In some cases, personal information may be made available to your employer.

In addition to disclosing personal information to NIBA members and your employer, we usually only disclose personal information to third parties who assist us or are involved in the provision of our functions, activities, services and/or products and, in those cases, your personal information is disclosed to them only in connection with the relevant function or activity, with the services and/or products we provide to you or with your consent. We may also disclose personal information for direct marketing purposes explained in more detail below.

The third parties to which personal information may be disclosed include:

  • NIBA members and your employer;
  • our related companies, agents, contractors and other representatives who provide functions, activities products and/or services for us;
  • our insurers, other insurers and reinsurers;
  • your agents or representatives;
  • premium funders;
  • other insurance intermediaries;
  • our legal, accounting and other professional advisers;
  • data warehouses and consultants;
  • social media and other similar sites and networks;
  • publishers of industry newsletters, magazines and journals;
  • credit agencies;
  • training providers;
  • anyone either of us appoint to review and handle complaints or disputes;
  • regulators or government bodies;
  • other industry associations, and our alliance and other business partners; and
  • any other parties where permitted or required by law.

These parties are prohibited from using your personal information except for the specific purpose for which we supply it to them and we take such steps as are reasonable to ensure that they are aware of the provisions of this Privacy Policy in relation to your personal information.

What happens if you don’t give us your personal information?

If you choose not to provide us with the information we have requested, we may not be able to provide you with our services and/or products or properly manage and administer the services and/or products provided to you or others.

Anonymity and Pseudonymity

You have the option of not identifying yourself or using a pseudonym provided:

  • we are not required or authorised by or under an Australian law, or a court/tribunal order, to deal with individuals who have identified themselves; or
  • it is not impracticable for us to deal with you on that basis.

It will generally be impracticable for you to deal with us anonymously or using a pseudonym if you wish to use our services or products.

What we expect of you and third parties we deal with

When you provide us with personal information about other individuals, we rely on you to have made them aware that you will or may provide their information to us, the purposes we use it for, the types of third parties we disclose it to and how they can access it (as described in this document). If it is sensitive information we rely on you to have obtained their consent to the above. If you have not done either of these things, you must tell us before you provide the relevant information.

If we give you personal information, you and your representatives must only use it for the purposes we agree to.

Where relevant, you must meet the requirements of the APPs set out in the Privacy Act, when collecting, using, disclosing and handling personal information on our behalf.

You must also ensure that your agents, employees and contractors meet the above requirements.

Security of your personal information

We endeavour to protect any personal information that we hold from misuse and loss, unauthorised access, modification and disclosure.

We maintain security over our electronic data stores through computer and network security; for example, we use firewalls (security measures for the Internet) and other security systems such as user identifiers and passwords to control access to computer systems where personal information is stored.

Transfer of information overseas

We may disclose your personal information to some of our business associates, service providers and other third parties who are located overseas. Where they are located may change from time to time, but may include Canada, Hong Kong, Ireland, New Zealand, Singapore, South Africa, United Kingdom and United States of America. You can contact us for more information.

When we send personal information overseas, we will take reasonable steps to ensure the recipient does not breach the Privacy Act.

Direct Marketing

We may use your personal information, including any email address you give to us, to provide you with information and to tell you about our services, products and/or events or any other direct marketing activity, including those offered by third parties which we consider may be of interest to you. We will only do this where it is within your reasonable expectations, or where you have consented. You can opt out of direct marketing communications at any time by contacting us using the details provided in this Privacy Policy or by using the unsubscribe facility included in our communications.

Our websites

You are able to visit our websites without providing any personal information. We will only collect personal information through our websites with your prior knowledge for example where you submit an enquiry or application online.

Email addresses are only collected if you send us a message and, in those cases, your contact details will not be automatically added to a mailing list unless you have consented to that being done.

Cookies

A cookie is a small string of information that a website transfers to your browser for identification purposes. The cookies we use may identify individual users. Cookies can either be “persistent” or “session” based.

  • Persistent cookies are stored on your computer, contain an expiration date, and are mainly for the user’s convenience.
  • Session cookies are short-lived and are held on your browser’s memory only for the duration of your session; they are used only during a browsing session, and expire when you quit your browser.

We may use both session and persistent cookies. This information may be used to personalise your current visit to our websites or assist with analytical information on site visits.

Most internet browsers can be set to accept or reject cookies. If you do not want to accept cookies, you can adjust your internet browser to reject cookies or to notify you when they are being used. However, rejecting cookies may limit the functionality of our websites.

Accuracy of and access to your Personal Information

We will take reasonable steps to ensure that the personal information you provide is accurate, complete and up to date, whenever it is used, collected or disclosed.

Throughout our dealings with you we will take reasonable steps to confirm the details of your personal information we hold and ask you if there are any changes required.

The accuracy of personal information depends largely on the information you provide to us, so we rely on you to:

  • let us know if there are any errors in your personal information you become aware of; and
  • keep us up-to-date with changes to your personal information (such as your name or address).

You are entitled to request access to the personal information we hold about you and to seek correction or updates to that information at any time by contacting us. We will respond to your request within a reasonable period and, where required by law, provide access or make the requested correction.

In certain circumstances permitted by law, we may refuse access or may provide access in an alternative form. Examples of such circumstances include where:

  • the information may have an unreasonable impact on the privacy of others;
  • the request is frivolous or vexatious;
  • the information relates to existing or anticipated legal proceedings and would not be accessible by the process of discovery in those proceedings;
  • the information would reveal our intentions in relation to negotiations in such a way as to prejudice those negotiations; and
  • providing access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process.

If we refuse access or to give access in the manner requested by you, we will let you know why in writing and provide you with details about how to make a complaint about the refusal.

If we make a correction to your personal information, we may retain a copy of the previous information for our records or as required by law.

In most cases we do not charge for receiving a request for access to personal information or for complying with a correction request. If any charge applies, we will tell you.

Complaints regarding the handling of your personal information

If you believe:

  • your privacy may have been prejudiced;
  • we or our representatives have breached the Privacy Act or APPs,

then you have the right to make a complaint about the matter.

In the first instance, your complaint should be addressed in writing to us (see How to contact us and opt out rights section for contact details). We will investigate the matters raised by you and respond directly to you.

If you are dissatisfied with our response, or you have not received a response from us of any kind to your complaint within 30 days, you should refer the matter to the Office of the Australian Information Commissioner (OAIC) in accordance with the Privacy Act.

OAIC can be contacted on 1300 363 992, by email at enquiries@oaic.gov.au or at www.oaic.gov.au.

Updating this Privacy Policy

This Privacy Policy was most recently updated on 18 November 2025. In the event that this Privacy Policy or any part thereof is amended or modified in the future, the revised version will be available at our office or on our website.

How to contact us

If you wish to gain access to your personal information, want us to correct or update it, have a complaint about a breach of your privacy, wish to withdraw your consent to any of the uses of your information including receiving offers of products and/or services from us, or have any other query relating to our Privacy Policy, please contact us.