Member login icon Login
Get a quote
Member login icon Login GET A QUOTE

At CBHS we help you manage your health challenges. We believe in offering you the services, support and tools you need to live your best life.
Health and Wellness Programs are available to support eligible members towards a healthier lifestyle. Each Health and Wellness Program is subject to its own eligibility criteria.
Contact us for more information and to confirm your eligibility for a program.

CBHS HEALTH FUND LIMITED PRIVACY POLICY

 

CBHS Group Privacy Policy

 

1 Scope

1.1 CBHS Overview

The CBHS Group provide Private Health Insurance Policies or products to persons who are eligible to become members of one or more of the CBHS Group entities.

1.2 Purpose of this document

This policy explains how we collect, use and protect your personal information. It applies to all personal information we handle, whether we collect it through our website, in person, from third parties or through other means.

1.3 Quick Summary

  • We collect information you provide to us (or is provided about you) and information we gather when we interact with you.
  • We use this information to provide our services and improve your experience.
  • We protect your information using secure systems and processes.
  • You have rights regarding your personal information, including access and correction rights.

 

    2 Types of information we collect

    Basic identifying and contact details:

    • Name, address, email address and phone number
    • Your professional details

    Service related information:

    • Depending on the nature of the services we are providing to you, we may collect your date of birth, gender, marital status, photograph, and signature
    • Payment and transaction details for products and services you've purchased from us
    • Information necessary to pay claims or other moneys we owe you
    • Records of our interactions with you, such as system notes and call recordings of our telephone conversations with you
    • Membership information of previous health funds and details of insurance policies you held with them
    • Your preferences for our services and your marketing preferences
    • Feedback and survey responses

    Eligibility details:

    • Information about you or your family members’ current or past employment with or by the Commonwealth Bank of Australia or any of its current or past subsidiaries, contractors, or franchisees
    • Relevant Government-issued documents if you wish to access a benefit or exemption under an Australian law
    • Details of when you have registered for the Australian Government Rebate on private health insurance and your income tier for rebate purposes
    • Your household or family income information necessary to assess your eligibility for Government rebates and incentives in relation to your insurance policy

    Digital Information:

    • IP address and general location information derived from your IP address
    • Search and browsing behaviour
    • Website usage patterns
    • Cookie preferences
    • Digital membership card usage data
    • Device information when accessing your digital membership card
    • Authentication data for digital card access

    Professional information (for job applicants and workers):

    • Employment history
    • Educational and technical qualifications
    • Professional experience
    • Required authorisations and licences
    • Professional registrations

    Sensitive Information: We handle sensitive information with extra care and protection, and we only collect this information with your consent or when legally permitted. This includes:

    • Health information:
    • Medicare number
    • Health information received through our claims process and/or applications for treatments/health services
    • Individual or family medical history (to provide healthcare services and support tailored to your needs/ to ensure we can provide safe and appropriate services)
    • Health related information such as your diet and lifestyle
    • Treatment reports
    • Cultural and background information
    • Racial or ethnic origin (to provide culturally appropriate services)
    • Religious beliefs (when relevant)
    • Criminal record checks (if we need to verify your background before hiring you)
    • Professional memberships (to assess your suitability for employment)

     

      3 Purposes for which we collect information

      We collect information for the purposes of running our business and providing, administering, and marketing our products and services as set out below.

      Business operations

      • To manage our relationship with you as a customer or supplier
      • To process and deliver our products and services
      • To collect and process insurance policy contributions or premiums and process claims and benefit payments
      • To assess and communicate to you the coverage and benefits of the products and services provided to you
      • To enroll you in specialised health and wellbeing programs
      • To handle your inquiries, support requests, and communications
      • To maintain accurate records for billing and administration
      • To verify your identity when required or permitted by law
      • To provide and maintain your digital membership card
      • To verify your membership status when you present your digital card
      • To enable access to healthcare services using your digital card

      Communication and support

      • To respond to your questions and support requests
      • To inform you about your membership, benefits and important updates
      • To provide benefit statements and policy updates
      • To communicate with hospitals and other health care service providers about your cover and benefits
      • To handle inquiries made through our website or platforms
      • To manage your participation in surveys, feedback sessions, or events

      Service improvement

      • To conduct analysis, market and product research 
      • To improve our business operations and services
      • To develop and enhance our applications and platforms
      • To understand how our services are used

      Marketing and promotions

      • To send you promotional information about our services, products, offers, programs or events
      • To inform you about products or services that may interest you
      • To manage your marketing preferences
      • To conduct competitions, promotions, and special offers
      • To provide additional benefits or rewards to our customers (including digital cards)

      Employment purposes

      • To assess employment applications
      • To evaluate candidate qualifications
      • To manage professional certifications and licences
      • To maintain employment records

      Legal and compliance

      • To comply with our legal obligations and any reporting requirements we have
      • To detect and prevent fraud
      • To handle complaints
      • To respond to court orders or legal processes
      • To maintain required business records
      • To fulfill regulatory requirements or reporting obligations
      • To protect our legal rights and interests or as authorised by law

       

      4 How we collect information

      4.1 Collection of information

      We collect information in the following ways or circumstances:

      • Directly from you: when you interact with us (including when you visit a HealthHub), contact us, fill out forms and enter into contracts with us
      • Automatically when you: visit our website, use our technologies, interact with our online services
      • Publicly available information: public registers, telephone or business directories, social media platforms and the internet.
      • From third parties: where legally permitted, we may collect information from third parties, including:
      • The policyholder – where you are part of a joint or family policy, the main member or authorised person may provide us with your information
      • Health services – we may collect information about health services you have received or when you make a claim directly from the health service provider (e.g., a hospital, medical or allied health provider) you have dealt with
      • Services providers – we may collect your information from our services providers who help us provide services to you, including health management program partners
      • Relevant Government departments – we may collect your information from Government departments we deal with in relation to insurance policies including but not limited to the Department of Health, the Department of Home Affairs, the Private Health Insurance Ombudsman, and the Office of the Australian Information Commissioner
      • Other private health insurers – we may collect your information from your previous private health insurer (for example, information on your transfer certificate)
      • People you authorise – where you authorise a third party to provide information to us, we may collect such information, including referees of job, business opportunity applicants or member referrals
      • Employment checks – collection of information for employment purposes including but not limited to reference and background checks

      4.2 Couples and family health insurance policies

      If you have a couples or family health insurance policy with us, we will collect personal and sensitive information about other members on the policy from the policy holder who establishes or makes changes to the insurance policy. If you are a policy holder and provide us with information about your partner or a dependent who is 16 years or over, you should:

      • Request their consent to provide us with their information (and only provide their information where they have consented)
      • Advise them of the personal information you have provided
      • Advise them that our privacy practices are set out in this policy and how they can access this policy; and
      • Advise them they are entitled to access their information by contacting us.

      If you are an insurance policy holder and provide us with information about your partner or a dependent who is 16 years or over, by providing that information you acknowledge that you are creating or have created the insurance policy on behalf of your co-insureds, and you warrant that:

      • You have their authority to agree to the relevant terms including consenting to the uses set out in this Policy on their behalf.
      • You have made them aware of the information set out in this Policy and informed them of how they can obtain access to this Policy; and
      • You have their consent to provide the information to us - and for us to use that information for the purposes set out in this Policy - and as otherwise permitted by law, including the relevant privacy laws.

      If an insurance policy holder lodges a claim on a dependent’s behalf, we act in reliance on the above warranties given by the insurance policy holder and accordingly assume the dependent(s) have given their consent to the insurance policy holder to provide all the information we need to process their claim(s).

      Where a policy holder sets up access to a digital membership card, we may collect and use mobile numbers and verification information (for example, verification codes and authentication factors) to issue digital card invitations, verify identity, enable access to the digital card and administer the membership.

       

      5 Who we disclose information to

      5.1 Third parties

      The types of persons or organisations we usually disclose information to are:

      Healthcare providers and related services

      • Hospitals or healthcare service providers from whom you have received, or from whom you intend to seek, treatments
      • Providers of specialised health or wellbeing programs (including Health Management Programs)
      • The Australian Health Service Alliance (AHSA) who assists us to assess and pay claims and provide reports to the Government in relation to treatments and services you received in hospitals and other health care facilities. AHSA’s privacy policy and contact details can be accessed from the following link – AHSA Privacy Policy. You can make a privacy breach complaint to the AHSA or ask them for access to or request them to correct the information they hold about you.
      • Online review platform providers we have partnered with to help you provide reviews of services you received from healthcare providers
      • Other private health insurers, that you transfer to or from

      Service providers

      • IT service providers including to provide and maintain digital cards
      • Data storage providers
      • Web hosting and server providers
      • Payment processors
      • Marketing, research and advertising providers
      • Analytics providers
      • Support providers and call centre providers
      • Providers that administer or fulfil member rewards or benefits

      Professional advisers

      • Bankers
      • Auditors
      • Actuaries
      • Insurers and insurance brokers
      • Legal advisers

      Business partners

      • Our existing or potential agents
      • Our business partners or contractors
      • Corporate transactions

      If we merge with or are acquired by another company, or sell our business assets:

      • Your information may be disclosed to our advisers
      • Your information may be disclosed to the potential purchaser's advisers
      • Your information may be included in the transferred assets

      Legal, government and regulatory bodies

      • Australian Government departments or agencies (such as the Australian Taxation Office, Medicare, the Australian Prudential Regulation Authority, the Australian Securities & Investments Commission, the Private Health Insurance Ombudsman, the Department of Health and the Department of Home Affairs)
      • Courts and tribunals
      • Regulatory authorities including as required for reporting obligations
      • Law enforcement officers

      Other parties

      • Third parties you have authorised
      • Emergency services when necessary
      • Any other parties as required or permitted by law

      5.2 Joint and Family Policies

      If you are covered as part of a joint or family policy, you should be aware of who else on the policy can access your personal information.

      All claims’ payments and general insurance policy information will be sent to the person listed as the main member.

      A Policy Holder can:

      • Change details on the insurance policy
      • Change the level of cover
      • Add and remove persons from the insurance policy
      • Receive benefits on behalf of dependents; and
      • Terminate the insurance policy.

      Each person on a policy may contact us using the General Enquiries contact details in Section 12 to advise us who may receive information about their health claims.

      Policy Holders and authorised adult dependents have authority to deal with CBHS in relation to their policy. Each Policy Holder and any authorised person will be able to view all personal information in connection with the insurance policy including information relating to claims made by the person listed as the main member and any co‑insured persons. 

      5.3 Relationship breakdowns

      If any members of a policy become separated or divorced, we require that the impacted members notify us as soon as reasonably practicable to prevent privacy breaches and update your policy, as you may no longer be eligible to be covered under a policy together. Please inform us promptly if this occurs so that we can take steps to enforce these processes. It is your responsibility to ensure that each person takes out their own policy. We cannot confirm the insured status of your child under the insurance policy of your ex-partner or provide details about your ex-partner's insurance policy to you.

       

      6 Overseas disclosure

      6.1 Storage and access

      We store your personal information in Australia. However, your information may be accessed from or transferred to locations outside Australia in these circumstances:

      • When our service providers are located overseas
      • When we work with overseas business partners
      • When using cloud-based services or data storage solutions

      6.2 Our approach to overseas disclosure

      Before disclosing your personal information overseas, we take reasonable steps to ensure that the recipient treats your information in accordance with applicable law by only sending what is necessary, requiring recipients to protect your information through contractual agreements which require the recipient to comply with the privacy standards in applicable law or through other mechanisms that provide comparable safeguards and by monitoring how recipients handle your information.

      If you request us to disclose your information to an overseas recipient that we do not have a relationship with, we will provide you a clear statement explaining the potential consequences of disclosing the information to the overseas recipient.

      7 Cookies and Analytics

      7.1 What We Use

      We use cookies, tracking pixels, and similar technologies on our website and in our emails to improve your experience and our services.

      7.2 Cookies

      • Small text files stored on your device
      • Help remember your preferences
      • Enable certain website functions
      • Make your interactions with our website more efficient

      7.3 Tracking Pixels 

      • Tiny, invisible images in web pages and emails
      • Help us understand how you interact with our content
      • Allow us to measure email engagement
      • Enable more relevant content delivery

      7.4 How we use these technologies

      Essential Functions

      • Remember your login status
      • Maintain your session security
      • Store your preferences
      • Enable core website features

      Analytics and Performance

      • Understand how our website is used
      • Measure page views and traffic
      • Analyse user navigation patterns
      • Identify areas for improvement

      Personalisation

      • Remember your preferences
      • Tailor content to your interests
      • Improve your browsing experience
      • Provide relevant recommendations

      7.5 Your control

      • You can manage these technologies by:
      • Adjusting your browser settings to block or delete cookies
      • Using privacy-focused browser extensions
      • Configuring your email client to block images
      • Using our cookie preference settings

      Note: Blocking all cookies may affect website functionality and your user experience.

      7.6 Google Analytics

      We use Google Analytics to understand how people use our website. This involves cookies that collect information about your browsing activity. You can opt out of Google's advertising features through your Google account settings, browser add-ons, or your device's privacy settings. Google provides various tools and options to control how your data is used for advertising purposes. You can learn more about how Google uses your data and your available options on Google's privacy pages. 

      7.7 Advertising tools

      We use digital advertising tools (such as Meta Pixel) to understand how our ads perform and to show you more relevant advertisements across various platforms, including social media.

       

      8 How we hold and protect information

      8.1 Protecting your information 

      We use multiple layers of security to protect your information securely and have a range of security controls in place (including technical, operational and physical) designed to protect your personal information as set out below.

      Technical safeguards

      • Enterprise-grade encryption for data storage and transmission
      • Regular security testing and monitoring
      • Automated threat detection systems

      Operational security

      • Staff training on security and privacy
      • Strict access controls based on job requirements
      • Regular security audits and incident response procedures testing

      Physical security

      • Secure premises with controlled access
      • Secure disposal of physical documents
      • Equipment security protocols

      If we become aware of a data breach involving your personal information, we will assess the incident and take steps to contain and mitigate any harm. Where required under the Privacy Act, we will notify affected individuals and the Office of the Australian Information Commissioner as soon as practicable.

      8.2 How long we keep information

      We keep your personal information only as long as we need it for the purposes we collected it, or as required by law. When we no longer need it, we take reasonable steps to securely destroy or de-identify it.

      If we receive personal information that we did not request, we will assess whether we are permitted to hold it. If not, we will securely destroy or de‑identify the information as soon as reasonably practicable, unless we are required by law to retain it.

       

      9 Your privacy rights and choices

      9.1 Providing information

      You can choose whether to provide personal information to us, however, if you don't provide certain information, we may not be able to provide some services. Let us know if you don’t want to provide information and we will let you know when information is required versus optional.

      9.2 Access to information

      You can request access to the personal information we hold about you and we will respond to your request within a reasonable time. We may charge a reasonable administrative fee for providing access and if we cannot provide access, we will explain why and explore alternative ways to share relevant information.

      9.3 Correction rights

      You can ask us to correct any information that is inaccurate, out of date, incomplete, irrelevant or misleading and we will take reasonable steps to correct your information promptly. If we cannot make the correction, we will explain why and discuss alternatives. You can ask us to add a statement to your information noting your requested correction.

      9.4 Notifying others about correction of your information

      You may ask us to notify another person we previously disclosed your information to that we have corrected it. We will action your request as soon as reasonably practicable.

      9.5 Marketing communications

      You can opt-out of receiving marketing communications at any time. Each marketing communication will include an unsubscribe option. You can change your marketing preferences by contacting us. We will process your request as soon as practicable. If you do unsubscribe from marketing communications, we will still contact you in relation to our continuing relationship with you. For example, we will send you notices and statements relevant to your membership and the products you hold with us.

      9.6 Dealing with us anonymously or using a pseudonym

      You can choose to deal with us anonymously or use a pseudonym when interacting with us, however, if you don't provide identifying information, we may not be able to provide some services. If you ask us, we will tell you what information is required for specific products or services and what information is optional.  This is not available where identification is required by law or to provide insurance services.

       

      10 Use of Location Services Data

      We may collect your precise or approximate location via our mobile application for the following purposes:

      • to verify your location when accessing services at participating healthcare providers
      • to help you locate nearby healthcare facilities and services covered by your policy
      • to provide location-based notifications about available health services or promotions
      • for security and fraud prevention
      • as permitted by law

      We collect this information when you enable our mobile application to use your device's location services. If you do not want us to use your location for the purposes above, you should turn off the location services in your account settings or mobile phone settings. If you do not provide geolocation data to us, it may affect our ability to provide certain location-based features.

       

      11 Artificial Intelligence (AI) Technologies

      11.1 Overview

      We use artificial intelligence and machine learning technologies in our business operations and services, including AI tools provided by third parties. We only use these technologies when legally permitted and necessary for our business.

      11.2 How we use AI

      We may use AI technologies to:

      • Conduct analysis and data processing
      • Generate and modify content and coding
      • Improve and optimise our services and operations
      • Automate routine tasks and communications
      • Personalise your experience with our services
      • Support quality assurance processes
      • Assist with customer support and queries

      11.3 Data protection and security

      When we work with third-party AI providers, we ensure they handle your personal information in accordance with privacy laws through contractual requirements and appropriate safeguards.

      11.4 Your rights and our commitments

      Any information generated or inferred about you by AI technologies is treated as personal information, and you maintain all the rights outlined in this privacy policy. When using AI with your personal information, we commit to:

      Transparency and control

      • We'll inform you when AI is used to make decisions that may significantly affect you
      • We maintain human oversight and review of significant AI-generated decisions
      • Our staff are trained to understand AI limitations and verify outputs before relying on them
      • We implement processes to verify the accuracy of AI-generated outputs

      Security

      • We use appropriate technical and organisational measures to maintain the security and integrity of your personal information
      • We regularly test and monitor AI outputs for accuracy and reliability

      Risk mitigation

      • We regularly assess and document risks associated with using AI to process personal information
      • We implement appropriate measures to address these risks
      • We continuously monitor AI performance and regularly review their impact

       

      12 Complaints and contacting us

      If you need to contact us or make a complaint, please follow the steps below. This is the same process whether you want to access your information, correct mistakes, change marketing preferences, or make a complaint about our privacy practices.

      Step 1: Contact us

      General contact details:
      Telephone:1300 654 123
      General enquiries email: help@cbhs.com.au
      Complaints email: complaints@cbhs.com.au

      Privacy Officer contact details:
      Telephone:1300 654 123
      Email: privacy@cbhs.com.au
      Address:
      Privacy Officer
      CBHS Health Fund Limited
      Locked Bag 5014
      Parramatta NSW 2124

      In your correspondence, you should include: your full name, contact details, clear details about your request or complaint/request, and any relevant dates or reference numbers.

      Step 2: Our response

      We will:

      • Verify your identity before processing your request
      • Investigate thoroughly (for complaints) or process your request (for rights)
      • Respond to you in writing within reasonable timeframes
      • Explain what actions we will take and keep you updated on progress
      • Not charge you for making a request (except for reasonable access fees if applicable)
      • Help you understand and exercise your rights

      Step 3: If you're not satisfied (complaints only)

      If you're not satisfied with our response to your complaint, you can:

      • Ask for a review by our senior management, or
      • Contact external bodies (details below):

       

      13 Amendments

      We may update this policy at any time by posting the revised version on our website. We recommend that you review our website regularly to stay current with any policy changes.