This privacy policy covers the HCF group of companies (HCF Group), being The Hospitals Contribution Fund of Australia Ltd, HCF Life Insurance Company Pty Ltd, Manchester Unity Australia Ltd, HCF Research Foundation Ltd, Treytell Pty Limited, HCF Pty Limited and HCF Nominees Pty Ltd.

We are committed to protecting your privacy and will handle your personal information in accordance with this privacy policy and in accordance with our obligations under the Privacy Act 1988 (Cth); other relevant State legislation dealing with privacy and health records. We also comply with the Spam Act 2003 (Cth); the Do Not Call Register Act 2006 (Cth); as amended from time to time.  If you are an Overseas Visitor Health Cover (OVHC) member in the European Union, the processing of your personal information will also be subject to the General Data Protection Regulation (2016/679) (GDPR) from 25 May 2018.

What sort of personal information do we usually collect?

Personal information is broadly, any information about or relating to you where you are identified by us, or can be identified. Sensitive information is a special subset of personal information which includes your health information.

For the purposes of this privacy policy, any references to “personal information” includes “sensitive information”.

The personal information that we may collect about you includes:

1. Information relevant to health, life, travel and pet insurance cover, dental, optical, retirement and health care services and other related products and services such as your:

  • name, residential, postal and email addresses, telephone and/or mobile number and other relevant contact details
  • family and marital status, date of birth, gender, ethnicity and employment details
  • bank account and credit card details and other relevant financial information
  • pet details, age, breed, veterinary history
  • marketing preferences
  • government related identifiers such as your Medicare number and Australian Tax Office file number
  • claims information and our analysis of this data, which includes your health information, expenses paid and claimed, the health care providers who treated you and the treatment you received
  • sensitive information, for example:
    • health records, medical history including but not limited to any pre-existing conditions and health services provided to you
    • usage of and data supplied to mobile applications and materials delivered on-line
    • criminal history.

2. Additional information in relation to life insurance cover and services, such as your:

  • income
  • insurance history.

3. Additional information in relation to retirement and health care services such as:

  • the name and contact details of nominated persons that we are authorised to deal with on your behalf
  • sensitive information, for example:
    • health and medical history and wishes
    • racial or ethnic origin
    • religious beliefs or affiliations.

4.  Additional information collected from our website or mobile applications such as your:

  • height
  • weight
  • blood pressure
  • cholesterol levels
  • lifestyle
  • mental health status
  • smoking history
  • exercise information
  • health questionnaire information, including any pre-existing conditions
  • family history, including any pre-existing conditions.

5. In respect of providers to the HCF Group, information such as your:

  • name, practice and/or business name, practice, postal and email addresses, telephone, fax and/or mobile number
  • government related identifiers such as your Medicare provider number, Australian Health Practitioner Regulation Agency number, Australian Company Number and/or Australian Business Number
  • claims information for your professional services, your charges and expenses, including out-of-pocket (gap) costs members pay you, and treatments performed, that you and/or our members provide to us from time to time including benefits payable, and results from our analysis of this data, such as out-of-pocket (gap) expenses
  • whether or not you are registered for and use HCF’s medical gap arrangements
  • feedback from our members on the service that you provide from time to time
  • practice/business bank account details.

How do we collect your personal information?

We may collect the personal information from you (or persons authorised by you):

  •  in person, via mail, email, mobile applications, our website or other internet applications (e.g. Facebook, Twitter)
  • by phone for verification and training purposes
  • from forms, claims and other correspondence
  • while you are using services provided by HCF.

We may collect personal information from comments, photos and/or videos submitted by the participating member of public under our promotional terms and conditions.

Sometimes we may need to collect personal information from third parties such as:

  •  health service providers (such as hospitals, general practitioners, optometrists, including HCF Eyecare and allied health providers) and electronic claiming software providers
  • another health insurer or re-insurer
  • brokers or agents
  • the policy holder, if you are a member or a dependent
  • government agencies
  • your employer or advisers
  • immigration or other agents
  • financial or educational institutions
  • if you are a provider, from the Department of Human Services, government regulatory agencies, electronic claiming software providers and our members
  • research companies that collect feedback from members on behalf of us.

What happens if you do not give us this information or do not wish us to use or disclose it for a purpose?

It is your right not to give us any information and not to identify yourself to us (interact anonymously or using a pseudonym) or to tell us that you do not wish us to use or disclose your personal information for a particular purpose or in a particular way. However, if you choose not to give us the personal information we request, or do not identify yourself to us or ask us not to use or disclose your information for a particular purpose, we may not be able to:

  1. Consider your application for insurance.
  2. Administer your policy.
  3. Enter into a contract to provide you with our product or service or provide you with relevant services.
  4. Manage or pay any claims you make under your policy.
  5. Provide you with relevant insurance, health, dental, optical or retirement and aged care services.
  6. Consider your recognition as a provider or register you and consequently pay our members for any services you provide in accordance with our arrangements or any other obligations.

How do we use your personal information?

1. Insurance, Health, Dental and Retirement and Health Care Services 

We use your personal information we collect, under our contract with you, to provide products and services to you (some of which may be provided by third party providers on our behalf such as HCF Eyecare) including insurance, health, dental, optical, retirement and health care services, recording your treatment, managing our relationship with you and to administer, process and audit claims.

We may also use your personal information for related purposes which you would reasonably expect for our legitimate interest in complying with applicable laws, assessing your insurance, health and related lifestyle needs, developing products and services that may better serve those needs, assessing your possible interest in any such products or services and with your consent, telling you about these, telling you about and otherwise publishing details of provider charges and out-of-pocket (gap) costs our members may have incurred, conducting risk forecasting functions (with your consent), improving our service delivery, resolving any legal and/or commercial complaints or issues and performing other functions and activities relating to the business of the HCF Group.

2. Developing programs for the benefit of our members

From the personal information that we collect from our members, in providing health insurance and associated services, we are able to develop programs that are intended for the benefit of members.

In some instances, participation in these programs is offered to all members. In other instances, the invitation to participate is targeted; at specific members who are most likely to benefit from participation in the programs.

Where the program is designed to assist members generally, we will inform members via a general communication of the availability of the program, for example, via the web site or through our publications or advertisements, and invite them to participate in the program by opting in to the program.

Where the program is designed to assist members with specific illnesses and conditions we will offer those members the choice of opting in to participate in the program. In relation to all programs:

  • participation is entirely voluntary
  • participation or non-participation will not affect your claims benefits or premiums or your client relationship in any way
  • if you do not wish to participate in a program after you are invited to join, you may decline the invitation or may, at any time, withdraw from any program in which you may have been enrolled.

Providers and other individuals

If you are a provider (such as a health provider), we collect and use information about the provider and their charges, that may include personal information, to administer claims, deal with complaints, obtain feedback on members’ experience, update members and understand costs including out-of-pocket (gap) costs. We may publish some, or all, of this information on our website or communicate it to our members in other ways, as a service to our members including by sharing it through other websites we partner with.

We may also collect and use or disclose personal information of other individuals, such as guardians or other authorised individuals or carers, representatives of third party service providers, HCF officers and directors and prospective employees, in order to provide our products and services, administer our business, manage job applications and comply with applicable laws.

Requests to stop direct marketing from us

We may communicate with you by telephone, electronically or mail, about our current and new products and services, including participation in any programs we develop, with your consent, which can be withdrawn at any time, at no detriment to you.

You may ask us at any time to stop sending you direct marketing information or being contacted by or on our behalf, in a particular way or at all. You can do this by;

Do we disclose information to third parties?

We may share or disclose your personal information, for the purposes of collection described above, to third parties or individuals, some of which may be located overseas in certain circumstances, including:

  1. The policyholder, if you are a dependant or another member (e.g. partner or children) on the policy, for the purposes of your HCF membership. Our contract with the policyholder requires us to have full and free communication with the policyholder on all aspects of the policy, including the benefits claimed by any member under the policy.
  2. Organisations that deliver services on our behalf or to us, such as third parties that we contract to assess or process claims, administer programs that we develop for the benefit of members, research companies contracted by us (to ask your opinions on improving the HCF Group’s service, benefits or product offerings), third party vendors who placed targeted online ads for us on their sites and mailing houses.
  3. Other service providers, for example, our advisors for the purposes of obtaining legal advice or our technology providers.
  4. HCF Eyecare (which is separately owned and operated by Eyecare Holdings Pty Ltd).
  5. Between companies within the HCF Group.
  6. Corporate partners (if you are an employee or member of that organisation) and third party websites who we partner with (if you are a healthcare provider).
  7. Fraud prevention agencies, government bodies and regulators including law enforcement bodies such as the Police, professional associations and industry bodies.
  8. Health service providers (where it is used to improve their ability to provide you with health services).
  9. Other insurers or reinsurers including other health insurers where you have moved your insurance to or from HCF.
  10. Where disclosure is otherwise authorised or required by or under applicable laws or any other legal or regulatory process.
  11. Other members and the public, such as where we publish details of our analysis of claims data and charges including out-of-pocket (gap) costs charged by health service providers for different treatments (no members will be identified).

We may disclose your personal information with your consent (if so required by applicable laws), to prevent and detect fraud and/or to protect and defend the rights and property of the HCF Group.

Any third parties to whom we disclose or permit access to your personal information, in the course of providing services on our behalf, will be subject to strict contractual restrictions to ensure that they protect personal information and keep it confidential, consistent with relevant privacy and data protection laws.

In the event that HCF or a part of the business undergoes re-organisation or is sold or licensed to a third party, any personal information we hold about you may be transferred to that re-organised entity, licensee or third party.

We do not normally give personal information about you to anyone who is not on your membership. You will need to give us written permission if you want someone who is not covered by your membership, such as a friend or carer, to deal with us on your behalf.

Overseas disclosures

Some organisations to which we disclose personal information may be located outside Australia. We will not disclose your personal information to an overseas recipient without taking such steps as are reasonable in the circumstances to ensure that the overseas recipient will not breach the Australian Privacy Principles set out in the Privacy Act 1988 (Cth).

If you are an OVHC member in the European Economic Area (EEA) we may use service providers based outside the EEA. We will take steps to ensure that your personal information will be afforded the level of protection required of us, under and in accordance with this Privacy Policy and applicable data protection laws and in accordance with current legally recognised data transfer mechanisms, such as appropriate European Commission approved standard contractual clauses (see

How is information from our websites and mobile applications collected and used?

We collect information when you:

  • complete an online form
  • give us your email address
  • access and use any of our services through our website and mobile applications.

We collect data from our website and mobile applications to help us understand which are the most popular items and when the peak usage times are, along with other information that helps us improve the content and make the navigation easier. Some of this information may be used to develop new services or enhance existing services provided to HCF members.

When you visit our website, it will send a cookie to your computer. This is a small piece of information stored on your hard drive which tells us that your computer has accessed our website. The cookie by itself will not be able to identify you. If you do not want to use cookies, you can set your browser to reject them.

Data from mobile applications may include information that you supply to the application as well as location information provided by the device location services, where you have given permission for the application to access these location services. This enables us to provide you with useful services such as finding health care providers close to your location.

HCF uses remarketing and web based analytics with Google Analytics to advertise online. Third-party vendors, including Google, show HCF advertisements on website sites across the Internet. HCF and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimise, and serve ads based on someone’s past visits to the HCF website.

What about linked websites?

We provide links to third party sites. Since we do not control these websites, we encourage you to review the privacy policies posted on these third party sites. We are not responsible for any practices on linked websites that might breach your privacy.

Storage and security of your personal information

We take reasonable steps to protect the personal information we hold from misuse, interference and loss, and unauthorised access, modification or disclosure and to destroy or de-identify personal information we no longer need, wherever possible.

In the case of clinical information collected by our HCF operated health service providers, such as our Dental Centres, your information will be held for at least seven years from the last time a health service was provided, in accordance with Health Records legislation. If someone under the age of 18 used the health service, the information will be held at least until that person has turned 25.

We will keep member personal information for as long as we maintain our relationship with you or otherwise as required for our business operations or by applicable laws, including to enforce our rights, for fraud prevention, to identify, issue or resolve legal claims and/or for proper record keeping purposes.

Your privacy rights

How to access and correct your personal information

We take reasonable steps to ensure that the information we hold about you is accurate, up-to-date, complete and relevant when we use it or disclose it. You should contact us if you think your personal information is wrong.

If you need to update your contact details, you can do so through the members’ section of our website at

If you have a question about this privacy policy or want to access or otherwise correct your personal information you can:

A request for access needs to include a full description of the personal information requested. If making a request in person, you will be asked for two forms of identification, one of which must have a photograph on it. If you request information over the phone, we will ask you identity-related questions so we can verify you.

Your request for access to your personal information will be documented, as will details of the request and the identity of the HCF employee who gave it to you. We will generally give access unless an exemption applies to certain information.

If you believe that the information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, you can request its correction. If we are satisfied that the information needs to be corrected, we will take reasonable steps to ensure that information is corrected and notify you of the correction. However there may be circumstances in which we may have to refuse a request for correction. In such a case you can request that we associate a statement, with that personal information, that you made a request for correction.

You will not be charged for accessing or correcting your information. We might have to charge for the reasonable cost of processing your access request, including photocopying, copying of radiographs, supplying written reports, administration and postage.

Overseas Visitor Health Cover Member

If you are an OVHC member you also have, in certain circumstances, the right to request that the personal information that is collected from you is erased, its further processing is restricted or to object to its processing and the right to data portability. You can also ask that personal information provided by you to us is transmitted to another party. You may also withdraw your consent where provided or object to the further processing of your personal information under certain circumstances.

If we refuse any request you make in relation to these rights, we will write to you to explain why and how you can make a complaint about our decision.

To make a request in respect of these rights or to make a complaint, contact us as set out above. You also have the right to lodge a complaint with a relevant data protection supervisory authority.

How we will respond to your request

We will acknowledge receipt of your request within 2 business days of receiving your request. We will do our best to deal with your request within 5 business days.

If we cannot help with your request, you will receive a written explanation as to why and details of what you can do to take the matter further if you are not satisfied with our response.

Do you have a concern or query in relation to privacy?

If you have any concerns or queries about privacy, you can

We will do our best to resolve your complaint as quickly as possible. However, if you are not satisfied with the result of your complaint to us, you can refer your complaint to the:
Office of the Australian Information Commissioner

Need further information?

For more information about privacy in general, you can visit the Office of the Australian Information Commissioner’s website at

Updating our Privacy Policy

We may review, amend or revise our Privacy Policy and the way we handle personal information from time to time. We will post the updated Privacy Policy on our website at and its terms will take effect from the date of posting.

Last updated: July 2018


100.4KB PDF