Student Parachute is a trading name of Crisis Cover Pty Ltd (ACN 632 630 187). We respect your privacy and are committed to protecting it. This Privacy Statement (“Statement”) provides an overview of how we, via our websites, mobile applications, products and services, handle privacy, and how we protect your Personal Information.
This Privacy Statement applies to the Student Parachute websites, mobile applications, products and services that link to or reference this Statement and describes how we handle Personal Information and the choices available to you regarding collection, process, access, and how to update, correct and delete your Personal Information.
What this Statement Covers
This Statement describes the following details of our collection and processing of Personal Information concerning you.
- Personal Information we collect;
- How Personal Information is processed;
- The transfer of data to third parties;
- The accuracy, integrity and security of your Personal Information;
- The retention and destruction of your Personal Information;
- Rights available to you as it pertains to your Personal Information;
- The Personal Information of children under 13 years of age; and
- Contact info if you have any questions regarding the use of your Personal Information.
Personal Information We Collect
We may collect data or ask you to provide certain data about yourself or those travelling with you, including Personal Information, when you use our websites, products and services and interact with us, for the purpose of helping us manage our relationship with you. “Personal Information” is any information that relates to an identified or identifiable individual, and may include name, address, email address, phone number, login (account number, password), marketing preferences, date of birth, or payment card number. We may also collect Personal Information from trusted third-party sources and engage third-parties to collect Personal Information to assist us. This data may include:
- Contact details, such as name, mailing address, email address and phone number;
- Address and billing data, including credit card and payment data;
- Your account history with us;
- Information about your medical history and the medical history of any other person travelling with you;
- Health information, about anyone who requires assistance under their membership;
- Any details contained within identity documents provided to us including government identifiers such as a passport number;
- The type of medical and non-medical assistance you have been provided with either by us, our service providers or your own medical practitioner;
- Information about your university, student visa, travel plans and country of residence;
- Data you provide to us to receive technical and/or customer assistance interactions;
- Details of your visits to our Site including, but not limited to, traffic data, location data, weblogs, and other communication data, and the resources that you access.
When you choose to provide us with Personal Information about third-parties, this data will only be used for the specific reason for which you elect to provide it. It is your responsibility to ensure that when you disclose to Us the Personal Information of individuals other than yourself – such as your fellow travellers – you abide by applicable privacy and data security laws, including informing users and third-parties that you are providing their Personal Information to us, informing them of how it will be transferred, used, or processed, securing appropriate legal permissions and safeguards required for such disclosures, transfers and processing. If you choose to provide us with a third-party's Personal Information (such as name, email, and phone number), you represent that you have the third-party's permission to do so. Examples include members traveling with your party or individuals that require medical or protection services. You also acknowledge that when we interact with such third-party individuals whose Personal Information you share with us, it is our duty to inform them that we obtained their Personal Information from you. Where applicable, third-parties may unsubscribe from any future communication using the below e-mail address. If you believe that one of your contacts has provided us with your Personal Information and you would like to request that it be removed from our database, please contact us at firstname.lastname@example.org.
How we collect your health information
Your health information, such as pre-existing medical conditions, is generally required to arrange our products and services or to provide you with medical assistance.
If you provide health information to your agent or consultant to provide to us as part of the membership application or during the delivery of assistance services, we rely on you having provided them with your consent to disclose this information to us. In addition, when you provide information, including sensitive information about other individuals listed on your membership, we rely on you to inform them of the information you are providing, how we will use, hold, collect and disclose this information and on you obtaining their consent.
If we do not have your consent, we will not collect your sensitive personal information. This is subject to some exceptions including where the collection, use and disclosure of the information:
- is necessary for the provision of emergency assistance;
- is required by law; and
- is necessary for the establishment, exercise or defence of a legal claim.
How We Process Your Personal Information
We use your Personal Information for the purposes described below:
On the basis of providing services to you or entering into a contract with you at your request, in order to:
- Create and manage your Student Parachute membership, when you purchase services from us and when needed to access communications and services;
- Assess an application for a membership, including assessing any existing medical conditions;
- Verify your identity and entitlement to products or services, when you contact us or access our services;
- Provide you with assistance when travelling;
- Provide you with pre and post departure advice and information;
- Process your purchase transactions;
- Update you on the status of your membership and service requests; and
- Provide you with technical and customer support.
On the basis of your consent, in order to:
- Subscribe you to and send updates or alerts;
- Send you marketing communications and information on new products, services and assets;
- Communicate with you about, and manage your participation in contests, offers or promotions;
- Solicit your opinion or feedback, including providing opportunities for you to test software and applications;
On the basis of legal obligations, we are obligated to, for instance, keep records for tax purposes or answer compelling orders and provide information to public authorities.
On the basis of our legitimate interest in the effective delivery of services and communications to you as well as to our other customers and partners, in order to:
- Communicate commercial promotions and provide quotes for our products and services;
- Research and implement product improvements and product updates;
- Evaluate and improve the performance and quality of our products, services, mobile applications and websites;
- Provide you with a customized experience when you visit our websites;
- Allow interoperability within our applications;
- Secure our systems and applications;
- Allow for the provisioning of services; and,
- Enforce our legal rights.
On the basis of our legitimate interest, we and our third-party partners, may combine the data we collect from you over time from our websites, products and services with data obtained from other sources. We combine your data with other sources to improve user experience on our websites and services we provide. In some instances, we and the third-parties we engage may automatically collect data through cookies, web logs and other similar applications. This data is used to better understand and improve the usability, performance, and effectiveness of our websites, products and services to help tailor content or offers for you. Please reference the "Tracking Technologies, Cookies & Do-Not-Track" section below for more information.
Marketing and Community Networking
We have a legitimate interest in promoting our commercial offerings and to optimize the delivery of communications to that effect to our customers and audiences that are most likely to find them relevant. We will therefore collect and process data to that end as explained below. However, where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you. If you do not want to continue receiving any marketing materials from us, you can contact email@example.com.
In addition to the purposes described above, we may, in compliance with applicable legal requirements, use your Personal Information to provide you with advertisements, promotions and information about products and services tailored to you and your needs. Contact details, including phone numbers, mail and email addresses, may be used to contact you. If you do not want us to use your Personal Information in this way, you can simply choose not to consent to such use of your data on the webpages and/or forms through which such Personal Information is collected. You can also exercise this right at any time by contacting us as explained below.
Data from Third-Parties
Third-parties may provide us with Personal Information they have collected about you from you or from further online and offline sources, such as marketing data from our partners and third-parties that is combined with information we already have about you, to provide you with more relevant communications and better tailored offers. We make reasonable efforts to verify that the third-parties we engage for such purposes are reputable and law-abiding and we will not solicit them to disclose to us Personal Information we do not have a lawful purpose to collect and process. However, we are not liable for any processing of your Personal Information by such third-parties prior to, during or after them providing it to us. We may combine such Personal Information with the Personal Information we already have about you to provide you with a better experience, evaluate your interest in our products or improve the quality of our offerings.
Tracking Technologies, Cookies & Do-Not-Track
- Ensure the proper functioning of our websites and the proper delivery of legitimate electronic communications;
- Tailor information presented to you based on your browsing preferences, such as language and geographical region;
- Collect statistics regarding your website usage;
- Provide us with business and marketing information; and
- In some cases, to enable a third-party to deliver future advertising for our products and services to you when you visit certain websites owned by third-parties.
We use different kinds of cookies:
- Essential cookies are necessary to provide you with services and features available through our websites. Without these cookies, services you may need, such as shopping carts or e-billing, cannot be provided.
- Analytics or customization cookies collect data that is either used in aggregate form to help us understand how the website is being used or how effective our marketing campaigns are, or to help us customize the website for you.
If you do not wish to receive cookies you may be able to refuse them by not agreeing to the use of them upon entering the website. If you do so, we may be unable to offer you some of our functionalities, services or support. If you have previously visited our websites, you may also have to delete any existing cookies from your browser.
We gather certain data automatically and store it in log files. This data may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data. We may combine this log data with other data we collect about you. We do this to improve services we offer you, to improve marketing, analytics, or site functionality.
There are different ways you can prevent tracking of your online activity. One of them is setting a preference in your browser that alerts websites you visit that you do not want them to collect certain data about you. This is referred to as a Do-Not-Track (“DNT”) signal. Please note that our websites may not recognize or act in response to DNT signals from web browsers. There is currently no universally-accepted standard for what a company should do when a DNT signal is detected. In the event a final standard is established, we will assess how to appropriately respond to these signals. For more detailed information about cookies, Do-Not-Track and other tracking technologies, please visit www.allaboutcookies.org and https://allaboutdnt.com.
Third-Party Data Collection
Cookies may also be placed by third-parties to deliver tailored information and content which may be of interest to you, such as promotions or offerings, when you visit third-party websites after you have left our websites. We do not permit these third-parties to collect Personal Information about you beyond such cookies (e.g., email address) on our site.
Social Media Features and Widgets
How We Disclose Your Personal Information
We do not sell, lease, rent or give away your Personal Information. We only disclose your Personal Information as described below, within Crisis Cover, with our partners, with service providers that process data on our behalf, to third-parties in connection with the delivery of assistance services to you, and with public authorities, as required by applicable law. Processing is only undertaken for the purposes described in this Statement. If we disclose your Personal Information, we require its recipients to comply with adequate privacy and confidentiality requirements, and security standards.
We may provide your Personal Information to our partners for the purpose of allowing them to conduct Student Parachute business. Our partners go through our third-party risk management and assessment process and only after that are they authorized to promote and sell our products and services. Our partners may use your Personal Information to communicate with you and others about our products or services. If you do not wish to receive promotional emails from our partners, you can unsubscribe by contacting firstname.lastname@example.org.
Service Providers Processing Data on Our Behalf
We may use contractors and service providers to process your Personal Information on our behalf for the purposes described in this Statement and the relevant product and service privacy notices accessible below. We contractually require service providers to keep data secure and confidential and we do not allow our data processors to disclose your Personal Information to others without our authorization, or to use it for their own purposes. However, if you have an independent relationship with these service providers their privacy statements will apply to such relationships. Such service providers may include in particular contact centers, payment card processors and marketing/survey/analytics suppliers.
In certain instances, it may be necessary for us to disclose your Personal Information to public authorities or as otherwise required by applicable law. No Personal Information will be disclosed to any public authority except in response to:
- A subpoena, warrant or other process issued by a court or other public authority of competent jurisdiction;
- A legal process having the same consequence as a court-issued request for data, in that if Student Parachute were to refuse to provide such data, it would be in breach of local law, and it or its officers, executives or employees would be subject to liability for failing to honour such legal process;
- Where such disclosure is necessary for us to enforce our legal rights pursuant to applicable law;
- A request for data with the purpose of identifying and/or preventing credit card fraud.
However, we may disclose Personal Information to government authorities (such as consulates) when required to provide assistance services to you, and if necessary to prevent or lessen a serious and imminent threat of bodily or other significant harm to you or a person travelling with you.
To fulfil service or product obligations
Before discussing the progress of medical and non-medical assistance that we provide with third parties (other than the parties involved in providing such a service), for example, a relative or companion, we will obtain appropriate consent from you, your parent or guardian, power of attorney or executor (as relevant).
Below are examples the types of entities we may collect your personal information from and may disclose your personal information to during the course of providing medical and non-medical assistance to you. This is not an exhaustive list:
- FocusPoint International Inc, and their subsidiaries;
- The Healix Group of Companies
- Thrive Therapeutic Software Limited, and their subsidiaries;
- Your insurer;
- Your school, university or college;
- Other persons listed as being a member on your membership;
- Your travel or study agent, broker or the consultant who sold you the product;
- Your employer (if a corporate product);
- Transportation and accommodation providers;
- Travel consultants and wholesale travel agencies;
- Medical practitioners and specialists;
- Medical providers such as hospitals;
- Emergency assistance providers;
- Security providers and consultants;
- Family members in the event of a medical emergency;
- Record management and storage businesses;
- Companies who perform statistical analysis on our behalf;
- Accreditation or certification organisations;
- Our professional advisors including lawyers, accountants, tax advisors and auditors;
- Debt collection agencies and other parties that assist with debt-recovery functions;
- Consulates and government authorities;
- Police and law enforcement bodies to assist in their functions;
- Courts of Law or as otherwise required or authorised by law;
- Data retrieval agencies; and,
- Printing, mail and distribution companies.
Cross-Border Transfers of Personal Information
We may process data in many countries. To conduct our business, and in accordance with this Statement, your Personal Information may be transferred by and between Crisis Cover in the United Kingdom and in Australia, to FocusPoint in the United States to the Healix Group of Companies and Thrive in the United Kindom, and to other subsidiaries and third-party vendors of Crisis Cover and those providers located worldwide.
By purchasing a membership through us, you are consenting to us sending your information to overseas parties if required to provide you with medical and non-medical assistance. The countries we typically disclose your personal information to under these circumstances are generally located in the geographic regions you travelled during the duration of your membership.
In the process of continuing to develop our business, we may also occasionally acquire subsidiaries or other business entities. As a result of such transactions, and for maintaining a continued relationship with you, we may transfer your Personal Information to a related affiliate.
While we are committed to protecting your information from misuse, loss or interference when your personal information is sent to third parties overseas, in some cases we may not be able to take reasonable steps to ensure that those third parties do not breach applicable privacy laws and the information may not be subject to the same level of protection as is provided for under the privacy laws of your home country. You may not be able to seek redress in any jurisdiction in the event of any misuse, loss or interference with your personal information.
Where Personal Information originating from the European Economic Area is transferred to Crisis Cover entities or to third-party vendors engaged by us to process such Personal Information on our behalf who are located in countries that are not recognized by the European Commission as offering an adequate level of Personal Information protection, such transfers are covered by alternate appropriate safeguards.
How We Protect Your Personal Information
We take reasonable and appropriate administrative, technical, organizational, and physical security and risk management measures in accordance with applicable laws to ensure that your Personal Information is adequately protected against accidental or unlawful destruction, damage, loss or alteration, unauthorized or unlawful access, disclosure or misuse, and all other unlawful forms of processing of your Personal Information in our possession.
Securing Personal Information is an important aspect of protecting privacy. We apply policies, standards and supporting security controls at the level appropriate to the risk level and the services provided. In addition, appropriate security controls are communicated to application owners and technology teams across the business to support secure development of products and a secure operating environment.
While Crisis Cover has security measures in place to protect your data, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, Crisis Cover cannot warrant or ensure the security of any information you transmit to us or we transmit on your behalf, or to you, in the course of providing services over the internet.
We maintain administrative, technical, and physical safeguards for the protection of personal information. Our security measures include, but are not limited to
- Physical Safeguards
We lock doors, control access to our facilities, implement a clean desk policy, and apply secure destruction to media containing your Personal Information.
- Technology Safeguards
We use network and information security technologies such as anti-virus and endpoint protection software, encryption, intrusion detection and data loss prevention, and we monitor our systems and data centers to ensure that they comply with our security policies.
- Organizational Safeguards
Personal Information Breaches
Crisis Cover takes every reasonable measure to prevent Personal Information breaches. When these do occur, we have a process in place to take swift action within our responsibilities. These actions will be consistent with the role we have in relation to the products, services or processes affected by the breach. In all cases, we will work together with affected parties to minimize effects, to make all notifications and disclosures that are required by applicable law or otherwise warranted, and to take action to prevent future breaches. We systematically outline responsibilities in case of Personal Information breaches in our contracts, both with customers as well as with our vendors.
Storage of Your Personal Information
The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house as well as third-party servers in Australia, the United Kingdom, and the United States, as well as anywhere Crisis Cover, and our other vendors and partners operate.
Links to Other Websites
Our websites may contain links to other websites, which are owned or operated by other companies. If you choose to visit any linked websites, we encourage you to review their privacy statements carefully, as they may differ from ours. We are not responsible for the content or privacy practices of websites that are owned by companies us. Our websites may also link to co-branded websites that are maintained by us and one or more of our business partners, who are collecting your Personal Information pursuant to their own privacy practices. We encourage you to read the privacy statements on any co-branded site to which you link for information on the privacy practices of that site.
Our websites are not directed to, nor do we knowingly collect data from, children under 13 years of age, except where designed specifically to assist you by providing travel assistance and/or security services. In such cases, we will only collect and process Personal Information related to any child under 13 years of age which you choose to disclose to us or otherwise instruct us to collect and process.
Managing Your Personal Information
How long we retain or store your Personal Information
We will hold your Personal Information on our systems for the longest of the following periods: 1. As long as necessary to maintain our ongoing business relationship, or as needed to provide you with the products, services or information which you are entitled to or can otherwise reasonably expect to receive from us; 2. For as long as necessary for the purpose for which we collected it or for which you supplied it to us in accordance with any product or service relevant activity or process; 3. Any retention period that is necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements; or 4. The end of the period in which litigation or investigations might arise in respect of our business relations or other interactions with you.
For the sake of clarity where Crisis Cover is a data controller processing your Personal Information for our own purposes, your Personal Information will be deleted or de-identified when it is no longer needed for its originally stated processing purposes, or any additional compatible purpose for which Crisis Cover may lawfully further process such data.
Moreover, where Crisis Cover is a data processor processing your Personal Information for the purposes and on the instructions of another data controller or data processor, we will comply with the time limits agreed with that other Controller or Processor unless we are compelled by applicable laws and regulations to delete such data sooner, or to retain it further.
Your Privacy Rights
Pursuant to the Privacy Shield Principles, the EU GDPR, and other applicable privacy laws, you have the right to:
- Know what Personal Information Crisis Cover has about you;
- Ensure your Personal Information is accurate and relevant for the purposes for which Crisis Cover collected it;
- Make your Personal Information portable to another data controller;
- Withdraw your consent to Crisis Cover processing your Personal Information; and
- Have your Personal Information erased.
If you would like to review, correct, receive a copy of, or erase the Personal Information we have about you or withdraw your processing consent, please send us your request to email@example.com. Unless a legal exemption applies, we will respond to all such requests within thirty (30) days. If we refuse your request, we will notify you of our reasons for the refusal to the extent required and how you may complain about the refusal.
We ask individual users to identify themselves and to specify the information requested to be accessed, corrected, or erased before processing such requests, and we may decline to process requests that are unreasonably repetitive and vexatious, require disproportionate technical effort (for instance, requests concerning information residing on backup tapes), jeopardize the privacy of others, or would be extremely impractical, or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. However, we will not charge you for the making of the request or to correct, update, or erase your Personal Information.
If you have any questions or concerns regarding the way in which your Personal Information is being processed or you want to exercise your rights above, please contact the Student Parachute data privacy officer, who serves as our data protection contact and can be contacted at firstname.lastname@example.org.
For further information about the privacy rights of Australia residents, please visit the website of the Office of the Australian Information Commissioner at www.oaic.gov.au.
If you are an Australian resident and we do not resolve concerns about privacy to your satisfaction, you may have rights to escalate your complaint to a regulatory authority. You may contact the Office of the Australian Information Commissioner on the privacy hotline 1300 363 992.
Changes to this Statement
We reserve the right to revise or modify this Statement. In addition, we may update this Privacy Statement to reflect changes to our data practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.