In addition to these terms, your use of the Site is also governed by the Privacy Policy for the QBE Division you are dealing with at https://www.group.qbe.com/privacy-policy. In the event of any conflict the terms of the Privacy Policy for the QBE Division you are dealing with shall prevail.

Any personal information provided to or collected through the QRisk site is disclosed to and controlled by companies in the QBE Insurance Group as set out in the applicable Divisional Privacy Policy (collectively "QBE", "we", "us" or "our"). Further information about the companies in the QBE Insurance Group can be found at http://www.group.qbe.com.

What information do we collect and process?

We may collect and process the following:

• Information you provide in answering risk management questionnaires; and
• Information obtained through other QRisk processes which may include personal information, namely contact information previously provided

which may include first and last names of your partners, employees, agents and contractors, their email addresses and contact telephone numbers.

How is this information used?

Personal information provided through the risk management questionnaires will only be used by QBE for the following purposes:

• To review your risk management activity and enable QBE to provide you with tailored feedback and risk improvements to help you improve your risk profile
• To assist QBE in understanding your organisation and to enable us to make more informed underwriting decisions

Contact information will only be used in connection with QRisk:

• For the purposes of managing your access to and use of the QRisk system
• To provide you with information, products or services in connection with your policy.
• If you are located within the UK or the EU, for our legitimate business interests. For further information see the QBE EO Privacy policy at https://qbeeurope.com/privacy-policy/

We may also use your contact information to provide you with information about our risk management services, forums and seminars which we think may be of interest to you and we may contact you about these by post or telephone or by email if you have previously consented to this or it relates to policies previously purchased by you or where your consent can be implied. For further information on marketing and your rights to withdraw consent or object to the processing of your personal data for direct marketing purposes please refer to the relevant Divisional Privacy Policy.

Non-personal information provided in the risk management questionnaires is used for other purposes such as management reporting and statistical analysis.

Security

We maintain reasonable administrative, technical and physical safeguards in order to protect against theft, loss, unauthorized access, use, modification and disclosure of personal information. Unfortunately, no collection or transmission of information, especially transmission over the internet or another publically accessible communication network can be guaranteed to be 100% secure and therefore, we cannot ensure or warrant the security of any such information. We store the information that we collect on secure servers located in QBE infrastructure and otherwise take reasonable precautions to protect your personal information in our custody or control from unauthorised access, use and disclosure, using security measures that are appropriate having regard to the sensitivity of the information and the potential harm which might be caused.

Where we have given you (or where you have chosen) a password, you are responsible for keeping this password confidential. We ask you not to share a password with anyone outside your organisation. You may, at your discretion and sole risk, disclose your password to your broker.

We restrict access to your information as appropriate within QBE to those who need to know that information for the purposes set out above.

Who do we disclose information to?

We may disclose your personal information to any member of the QBE Insurance Group which has undertaken to keep such information confidential.

We will only disclose your personal information to third parties for the following purposes and in accordance with any express terms set out in the applicable Divisional Privacy Policy:

• If we have obtained your consent or it is for the purposes of a contract you have entered into
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation (this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction)
• Which provide a service to QBE (e.g. outsourced IT providers, third party surveyors or risk management consultants)
• If we sell or buy any business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such business under conditions that protect its confidentiality and comply with applicable privacy legislation

Where we transfer personal information to other members of our group and to service providers, we will only allow your personal information to be used for the purposes set out above and we will ensure that these parties agree to take appropriate and reasonable measures to secure and protect the personal information from unauthorised access.

Disclosure to overseas recipients

Some of these third parties may be located in countries overseas, including the United States, Philippines, India, China, the UK and countries within the EU where there may not be in place data protection laws which are substantially similar to, or serve the same purposes as, the data protection laws of your country of residence. However, we will only transfer your personal data where we are satisfied that adequate levels of protection are in place to protect the integrity and security of any information being processed and compliance with applicable privacy and data protection laws. There is a possibility that the recipient may be required to disclose it under a foreign law. Where this occurs, such a disclosure isn’t a breach of the Australian Privacy Act.

This Privacy and Cookies Policy does not cover links to third party websites accessed from this site.

Cookies

Cookies are small text files that are placed on your computer when you visit certain webpages. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. You can set your browser not to accept cookies. However, you may not be able to use QRisk if these settings have been adopted. For further information about cookies and how to manage your browser settings visit www.allaboutcookies.org.

QRisk uses the following cookies which are used to control access to the system and to maintain identification that you are authorised to use the system and for analytics purposes:

“FedAuth” – SharePoint security cookie. This holds information to say the user is logged into SharePoint.

“.ASPXAUTH” – ASP.net membership cookie. This holds information to say the user is logged into the website via the ASP.net membership provider.

“citrix_ns_id” – Application firewall cookie. When you first connect to our Application Firewall it generates a session cookie which it uses to track which server you are connected to.

“_ga” – Google Analytics cookie. We use Google Analytics to assist with monitoring, and identifying areas of the site that can be improved. The _ga cookie is used to uniquely identify you as a visitor to this site. This is achieved by generating two random 32-bit numbers and setting them in a cookie, no personal information or data is tracked.

“_gat” – Google Analytics cookie. We use Google Analytics to assist with monitoring, and identifying areas of the site that can be improved. Your personal details are not tracked. The _gat cookie is used by Google Analytics to limit the collection of data on high traffic sites. It expires after 10 minutes.

Your rights 

You have certain rights in relation to the personal information which we hold about you as set out in the applicable Divisional Privacy Policy Please contact us as set out in the Contact section below if you have any questions or wish to exercise any of these rights or  if any personal information which we hold needs to be updated.

Changes to our privacy policy

We may revise this privacy policy from time to time and will place any updates on this webpage. It is your responsibility to keep abreast of the changes made to this policy by reviewing periodically this policy, including when you access the QRisk website. Your continued use of the QRisk website constitutes your agreement to this policy and of any updates to it.

Contact

If you have any questions about our processing of your personal information via this website or wish to discuss the information we hold about you please contact us at: QRisk.Support@qbe.com or using the contact details set out in the applicable Divisional Privacy Policy.