133 423

Privacy policy

HBF is committed to ensuring the way it collects and handles your personal information is in accordance with the Privacy Act 1988 (Cth). This Privacy Policy outlines our approach to managing the personal information of our members and stakeholders.


We are HBF Health Limited (ABN 11 126 884 786). At HBF, we exist to deliver for our members in the moments that matter. We achieve this by providing our members with products and services including private health insurance and health and wellness services. To conduct our business, we may need to collect, use, retain and disclose your personal information.

References to “HBF”, “HBF Health”, “we”, “us” or “our” in this policy refer to HBF Health Limited and its related bodies corporate, other than those entities that conduct the HBF Dental, Queensland Country Health Fund (including Queensland Country Dental, Queensland Country Care Navigation and Territory Health), HBF Physio and Life Ready businesses. To view the privacy policies of these businesses, please visit their respective websites.


Your privacy is important to us.

As an Australian business, HBF is required to comply with the Privacy Act 1988 (Cth) (Privacy Act), which includes the Australian Privacy Principles. We may also be subject to State and Territory legislation when we deal with health information.

This Privacy Policy explains how we manage your personal information.

Additionally, we may use privacy notices or “Collection Statements”, which tell you more about how we handle your personal information during your interactions with us. Privacy notices and Collection Statements should always be read or listened to carefully, as we may seek your consent to certain uses or disclosures of your personal information that are described in these Privacy Notices or Collection Statements.


Our Privacy Policy complies with the Australian Privacy Principles and addresses how we manage personal information.

It covers the following:


Our Privacy Policy applies to anyone whose personal information we collect, including the following individuals:

  • current and past members of HBF
  • prospective members of HBF (for example, those to whom we provide quotes and people who visit our website)
  • participants and volunteers in the community events we hold, (for example, HBF Run for a Reason)
  • participants accessing health and wellness services such as flu vaccinations, wellness workshops, health checks and chronic disease management programs
  • health service providers (in relation to their agreements with us)
  • current and former employees
  • individuals who provide their personal information to HBF for the purposes of applying for employment, community grants or with respect to the opportunity to supply goods or services to HBF, and
  • other individuals including authorised representatives, service providers, contractors and volunteers.


What is personal information?

"Personal information" is defined in the Privacy Act as information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not, or is recorded in a material form or not. It includes, but is not limited to, information such as your name, age, gender, address, contact details and sensitive information. Sensitive information includes, but is not limited to, health information, genetic information and some biometric information.

What type of personal information do we collect?

The type of personal information we collect about you depends on your relationship with us, for example whether you are a member of HBF or only utilising some of our services, such as our community events.

Some of the personal information HBF may collect from or about you includes:

  • identifying information such as your name, gender and date of birth
  • contact information such as your home address, home and mobile phone numbers, email address, and in some cases your work contact details or other details of your employment
  • government-issued identifiers including Medicare, Tax file, Provider, Drivers Licence, and Pension Concession numbers
  • identifiers provided by health service provider organisations and agencies, for example AHPRA numbers
  • financial information, such as bank account and credit card details
  • sensitive information, including information about your health, health services provided to you and your claims
  • information about your activities, including lifestyle interests, diet, exercise, and health related information
  • information about involvement in other programs you participate in, and information about your usage of our website, applications, or any other online presence.

How and when do we collect personal information?

We will collect personal information directly from you where possible. However, there may be times where we collect personal information about you from other sources.

We may collect personal information from you at various times, including:

  • when you open, start or complete an application form or other type of form in relation to our products and services
  • when you contact us in person, by phone (including from call recordings), mail, email or online
  • when you make a claim
  • when you visit a premise from which we operate
  • when you visit our website, use the HBF mobile application (HBF App), subscribe to or use one of our products or services, and
  • when you participate in a health, corporate or wellness service.

Information collected from third parties

We may collect your personal information from another person covered by your policy, from a person authorised to provide us with your personal information on your behalf, or from an agency or organisation on whose behalf we are providing you with services or products.

We may also collect information about you from other sources, such as from:

  • a third party including a hospital, dentist or optometrist or other health service providers who have treated you
  • a person or organisation who has facilitated or paid for your insurance cover
  • an educational institution, government agency or adviser who has dealt with you (or their authorised representatives)
  • HBF health service contractors who have provided you with services
  • a service provider engaged by us or a third party who partners with us to assist in providing goods or services or administering our business
  • relevant databases and directories if you are a health service provider publicly available sources or networking services
  • CCTV cameras in operation at our offices and retail centres
  • the main policy holder (or person setting up a policy to cover you) at the time the policy was established, and
  • another health fund, if you have requested a transfer of your health insurance between that fund and us. We also obtain information from other sources, including where:
  • we provide products and services on behalf of or in conjunction with others, including business partners
  • we need information from third parties relating to a product or service we provide to you, or relating to a health insurance claim
  • we need information to prevent or minimise the risk of fraud, and
  • you have consented to third parties sharing the information with us, such as people you have authorised to deal with your policy.

This means that if you are the main policy holder, we may collect information from you about people covered by your policy (partners or dependents). If you provide us with personal information about these people, you must inform them you have provided their information to HBF.

Information collected from our website and applications

We collect information about how you use our website and applications for the purposes of analytics, marketing and site performance measurement. This allows us to enhance our member experience, our products and services and online functionalities.

This information also enables HBF to tailor marketing to you, based upon your demographic information, use of the HBF App or website and the information you input. This information is accessed using cookies, if the privacy settings you have chosen on your device accept them.

Where you use our website to identify a map location, for example to locate an HBF branch you use the Google Maps API and are agreeing to the terms of the Google Privacy Policy.

For more information, please refer to HBF Terms of Use (available at www.hbf.com.au/about-hbf/legal/terms-of-use) on our website which applies to both the HBF website and applications.

Unsolicited personal information

Unsolicited personal information is personal information received by us where we did not request it and includes information sent to us intentionally or by mistake. If we receive unsolicited personal information, we will decide within a reasonable timeframe as to whether the personal information would be reasonably necessary for one or more of our associated functions or activities. If this is the case, we will notify you of the collection and retention of the information in accordance with the Privacy Act and obtain consent if required.

What if you choose not to provide personal information?

You have the option of remaining anonymous or using a pseudonym when dealing with us unless we are required or authorised under law to obtain your identity or if it would be impracticable to deal with you.

If you choose to remain anonymous and do not provide your personal information, it may be impracticable to:

  • provide you with information or the product or service you have requested or enquired about
  • accept your application or documentation, or
  • accept your goods, services or conduct business with you or your employer.

You may choose to remain anonymous when submitting a complaint, but not when submitting a specific complaint about your policy payment premiums.

We will advise you if your decision to withhold your identity prohibits us from processing your application or requested service.


How do we use your information?

How we use the personal information we collect about you depends on your relationship with us or the purpose for which we collect the information. In general terms, we only use your information for the purpose it was collected, or for a related purpose. We may also use your information if required or permitted by law, for any other purposes set out in a Collection Statement or for which you have consented.

When we collect your personal information, we may use this to:

  • manage our ongoing relationship with you
  • provide you with our products and services, or receive products and services from you or your employer
  • administer, process and audit private health insurance premiums or claims, and pay benefits if you have an insurance product with HBF
  • provide our members with an HBF provider search service or a service which advertises or indicates whether you (if you are an HBF registered medical gap provider, an ancillary provider, an HBF member plus dental provider or an HBF optical member plus provider) participate in a particular arrangement with us, either on our website or on third party websites
  • perform functions and activities relating to the management and development of our insurance and health services and the improvement of our business and operational processes and systems
  • conduct market research, marketing campaigns, target marketing and feedback campaigns to improve the health of members, the effectiveness of marketing activities, the member experience and the products and services HBF offers
  • assist health care providers conducting clinical trials and other research projects through the provision of data relevant to their research. This will only be done with your consent and in accordance with legislative requirements relating to the conduct of clinical trials
  • contact you (via mail, email, phone call or SMS) in relation to our community events, member initiatives and other products or services we think may be of interest to you, including the products or services of third parties during the period you have a relationship with HBF and after you cease purchasing any products or services from or through HBF
  • manage and resolve any legal matters, complaints or issues, and
  • comply with our legal obligations.

HBF, and our business partners, may use information gathering technologies such as first and third-party cookies, web beacons and click stream data to:

  • deliver, optimise, personalise and analyse our products and services
  • analyse trends, your use of the website and other technologies, and how you respond to any advertising or content
  • deliver targeted advertising to you via our website or other technologies based on your use and preferences, and
  • gather your personal information to conduct direct marketing, such as telemarketing and advertising via mail, email or SMS to tell you about HBF and other non-branded products and services.

How HBF manages your personal information to offer health and support services

If you are an HBF member, we may also use your personal or health information to assess your suitability for, and contact you about, health services which may be of benefit to you, including chronic disease management programs and health related services, whether run by HBF or offered by a third party.

Where HBF has identified you may benefit from participation in a health program, your personal information may be given to a provider of a health program, who will contact you to assess your suitability for the health program and to provide you with details of the programs available to you.

Information from our community event participants

If you are a participant in one of our community events, we will use your personal information to manage your participation in the event, inform you of any changes and keep you informed of our other health, wellbeing, fitness initiatives and community events held by HBF or our partners.

Information from prospective, current and former employees

Where you are a prospective employee of HBF we will use your personal information to consider you for the role for which you have applied and may retain your personal information for consideration for future employment by HBF, unless you advise us not to. If you are a current or former employee, your personal information will be collected, used, disclosed and retained for purposes related to your employment with HBF or otherwise in accordance with law.

Direct marketing and opting out

We may use your personal information, including your telephone number, address and your email or other electronic addresses, to provide marketing communications as:

  • indicated in any Collection Statement provided to you as part of your relationship with us
  • otherwise set out in this policy, or
  • permitted by law.

Communications may be provided on an ongoing basis by telephone, electronic messages, online via the website social media and mobile applications, or other means. We may imply your consent to receive these communications from our existing business relationship or in some circumstances where you or your representatives have provided us with your contact details.

Additionally, we use your personal information for direct marketing and promotional research for the improvement and optimisation of your cover.

You may choose to opt out of our marketing activities at any time by advising us via the unsubscribe function or via other contact mechanisms provided in any marketing you receive. Alternatively, you may advise us by speaking to one of our

Member Sales and Retention Consultants on 133 423.

If you opt out of marketing, you may still receive service related communications from us.


Why do we disclose your personal information?

At HBF, we may disclose personal information where reasonably required for the purposes of conducting our business or if otherwise required or permitted under law. For example, we may need to disclose personal information to other people or organisations who assist us to provide you with products and services. This includes our service providers, agents, contractors, and business partners such as insurance product providers.

In order to deliver services and products, we may need to disclose your personal information for the purpose of:

  • assisting you to ascertain if your existing cover is adequate for your current and foreseeable future needs
  • offering or providing ancillary services, health management programs and services which may be of benefit to you
  • verifying you as a member to provide you with services offered by HBF
  • ensuring our records across HBF are consistent and accurate, and
  • improving your wellbeing, your opportunities and/or the value you get from your membership.

Our Collection Statements may provide further details about the purposes for which we disclose personal information.

To whom do we disclose personal information?

In general, the following include the parties to whom we may disclose personal information:

  • our agents and service providers
  • our professional advisors
  • health service providers
  • other persons covered by your policy as part of administering the policy and paying benefits
  • potential or actual buyers of our assets or business
  • payment system operators and financial institutions
  • your agents and advisors or other persons authorised by, or responsible for, you
  • government agencies
  • third party insurers whom we are authorised to represent if you purchase other insurance products through us
  • businesses or subsidiaries within HBF Health or other partners to improve your opportunities or improve your wellbeing and/or the value you get from your membership
  • service providers engaged by us or acting on our behalf to provide software or other IT services
  • service providers engaged by us or acting on our behalf to assist us to develop and implement software and services, including updates to or new versions of our mobile apps and our website.
  • other health funds, service providers or other third parties who assist us in the detection and investigation of fraud in relation to a transfer certificate requested by you or the main policy holder – including your co-insured and your employer (or their authorised representatives) if you have a corporate insurance product
  • the facilitators of our arrangements with doctors, health service providers and hospitals
  • the Australian Health Service Alliance (AHSA) who maintain their own privacy policy, and
  • other parties to whom we are authorised or required by law to disclose information.

Where you are an HBF registered medical gap provider, an ancillary provider, an HBF member plus dental provider, or an HBF optical member plus provider we may also disclose your personal information including any correspondence or billing address to third party website providers who provide us with provider search services which advertise or indicate whether you participate in a particular arrangement with us.

We may also disclose limited personal information to market research companies to gather independent feedback from you about the performance of HBF.

Disclosure of your personal information to overseas recipients

Generally, HBF use systems and customer service teams located within Australia. However, HBF may also use service providers who store personal information overseas. This means personal information may be transferred overseas as part of commercial arrangements between HBF and its service providers. Service providers located overseas may also be able to access your personal information which is stored in Australia.

At the time of the publication of this policy, the territories in which HBF either transferred or intends to transfer personal information may include the United States, United Kingdom, Canada, India, Singapore, Germany, Ireland and the Philippines.

A list of countries in which HBF has either transferred or intends to transfer personal information is available on our website.

HBF may disclose or provide access to recipients in countries not on this list where HBF’s service providers or other third parties hold data or maintain their IT operations.

Also, as part of our direct digital marketing campaigns, we may transfer some personal information, such as your email address, overseas to social media platforms and other digital content operators.

From time to time, we may also disclose your personal information to overseas organisations where you ask us to or provide express consent for us to do so. This includes that HBF may provide a transfer certificate or claims history containing your personal information to an overseas insurer nominated by you.

Information from our health, wellness and corporate services participants

HBF provides, or engages third parties to provide, a range of health and wellness services, such as flu vaccinations, group training sessions and chronic disease management services, to members and other individuals including those who receive these services through an arrangement between HBF and their employer or another organisation to which they belong. If you participate in these services HBF or the provider may disclose your personal information to related third parties such as its agents, service or professional, health service providers, persons authorised by or responsible for you, and to other parties to whom the health program provider is authorised or required by law to disclose personal information, including government agencies.

Third party providers may also disclose your personal or health information to HBF so we can pay benefits for your participation in the health program or allow us to:

  • review, develop and improve the services
  • assess the outcomes of the services, and
  • contact you (via mail, email, phone call or SMS) in relation to our other health programs.

Information from our community event participants

If you are a participant in one of our community events, we may disclose your personal information to third parties such as the events organiser and their agents and service providers.


You have the right to access the personal information we hold about you. You can also request we correct any personal information we hold about you which is inaccurate. You can do this by:

  • Calling our Member Contact Centre on 133 423
  • writing to our Privacy Officer at GPO Box C101, Perth WA 6839 and including details of what you would like to know, see or correct
  • visiting your nearest HBF Branch or
  • contacting us via our website at hbf.com.au/contact-us

You will need to provide adequate identification to view or request that we make changes to your personal information.

Handling your request for access to or correction of your personal information

We will respond to your access request as quickly as possible and we will provide you with a written or emailed verified copy or details of your personal information that we hold. Depending on the nature of your request, and the accessibility of the information (for example, information may be archived), we will aim to respond within thirty days, but may be able to respond sooner than this.

In limited circumstances, we may refuse you access to your personal information. If this occurs, we will write to you to explain our reasons. Your request might be denied because:

  • your personal information has been archived, destroyed or de-identified and is no longer accessible
  • providing access will pose a threat to the life or health of someone
  • providing access would have an unreasonable impact on another person’s privacy
  • the information relates to anticipated or existing legal proceedings, or
  • giving access would be unlawful.

If you request that we correct any personal information that we hold about you which you consider to be incorrect, incomplete or inaccurate, we will correct the information. In limited circumstances, we may refuse to correct your personal information. If this occurs, we will write to you to explain our reasons.


HBF takes reasonable care to prevent unauthorised access, modification, disclosure, interference, misuse and loss of your personal information, and to protect the security of your personal information when transmitted over the internet.

We have a range of security controls and policies in place designed to protect your personal information, which include:

  • employee training on privacy and security of information
  • confidentiality requirements for employees, other representatives and third parties
  • system security with strictly privileged and role specific access to electronic files, and encryption for transmission of files. This system includes firewalls, intrusion detection systems and virus scanning software to protect your information from unauthorised access
  • building security including access passes, CCTV and alarm systems to prevent unauthorised access to our buildings
  • identification procedures which are applied prior to disclosure of information
  • contractual safeguards with the organisations to which your personal information is disclosed, and
  • policies on document and information security.

Inappropriate or inadvertent handling of your personal information

If we become aware that your personal information has been disclosed or used inappropriately, or there are concerns regarding the security of your personal information and we are unable to otherwise rectify the issue, we may contact you to inform you and to work with you to minimise or mitigate the consequences of the issue and advise you of any steps you could take to lower any risk of potential harm to you.


HBF has established a complaints escalation process and treats complaints very seriously, considering and dealing with each complaint on a case-by-case basis to completion.

If you have a complaint regarding our handling of your personal information, you may:

  • call our Member Contact Centre and speak to one of our Member Sales and Retention Consultants on 133 423 who will identify you accordingly
  • email HBF at memberservices@hbf.com.au or memberexperience@hbf.com.au
  • write to HBF addressed to the Privacy Officer, GPO Box C101, Perth WA 6839 including details of what you are concerned about, or
  • visit your nearest Branch (with appropriate identification).

If our Member Contact Team is unable to satisfy your complaint, the matter will, upon request, be escalated to the Member Relations Manager who will advise you of the outcome. If it remains unresolved it will be escalated to the relevant Executive General Manager for consideration.

If you are not satisfied with the resolution of your complaint you are entitled to contact the Office of the Australian Information Commissioner by mail, email or telephone on:

GPO Box 5218, Sydney NSW 2001
Phone toll free: 1300 363 992
TTY: 133 677 then ask for 1300 363 992
Email: enquiries@oaic.gov.au
Web: www.oaic.gov.au

Please select your state or territory

We need to confirm your location to show you the correct content, products and pricing.

Change your state or territory

If you change location, we'll reset your quote and refresh the page to show you the content, products and pricing relevant to your location.

WA NSW VIC SA TAS NT QLD ACT I'm visiting from outside of Australia

Please select your state or territory

We need to confirm your location to show you the correct content, products and pricing.

Change your state or territory

If you change location, we'll reset your quote and refresh the page to show you the content, products and pricing relevant to your location.

WA NSW VIC SA TAS NT QLD ACT I'm visiting from outside of Australia