IRS Privacy Policy

This Privacy Policy relates to how Insurance Reference Services Limited (IRS, we, us or our) collects, holds, uses and discloses your personal information. This policy does not cover how its members (IRS Members) (you can find a list of our members collect, hold, use or disclose your personal information and we recommend you refer to their privacy policies as to how our members handle your personal information.

We are bound by and adhere to the Privacy Act 1988 (Cth) and the Australian Privacy Principles under that Act (Privacy Act) and the terms of this Privacy Policy.

By providing us with any sensitive information identified in this Privacy Policy provided to you at the time of collection of your sensitive information, you consent to our collection use, holding and disclosure of such sensitive information in accordance with and as set out in this Privacy Policy.

1. How IRS collects your personal information?

We collect your personal information either;

  • from you as a visitor to our website at (Website) or when you contact us via email, telephone or in person;
  • from IRS Members disclosing an individual’s personal information to us as part of the IRS Database.

We collect personal information (including sensitive information) directly from you through your use of the Website and when you contact us by email, telephone, in person or otherwise in connection with our services, functions or activities.

We also collect your personal information (including sensitive information) indirectly from IRS Members as part of your policy holder claim history data with that IRS Member. This information is collected and disclosed by IRS Members to IRS in accordance with each IRS Member’s privacy policy and/or privacy collection statement.

If you provide us with the personal information of another individual, you warrant that you have informed them of this, provided this Privacy Policy to them and that you have their permission to provide their personal information to us. In addition, where you have provided us with any sensitive information of another individual you warrant that you have obtained that individual’s consent for us to collect, use, hold and store their sensitive information in accordance with this Privacy Policy.

2. What kinds of personal information and sensitive information do we collect about you?

This Privacy Policy uses the definition of "personal information" which is defined in the Privacy Act and in summary, refers to any information which can, directly or indirectly, be used to identify you (or another individual, as the case may be). When we use the term “sensitive information” it has the same meaning as in the Privacy Act.  When we refer to the term personal information in this Privacy Policy it includes sensitive information.

The kinds of personal information that we collect about you includes your contact details, employment history, date of birth, driver’s license number, details of insurance claims, as a third party involved in any claim, and other information that is relevant to our functions or activities.

We may also collect, hold, use or disclose sensitive information about you such as mental and physical health, disability, racial or ethnic origin, criminal convictions or religious or political affiliation, either directly from you with your prior consent or from IRS Members or from third parties in connection with processing and dealing with information received from the public to help combat insurance fraud.

3. How do we use your personal information?

The IRS only holds, uses and discloses personal information for purposes directly related to its functions or activities and for which the information was originally collected or, otherwise, in accordance with the Privacy Act.

We also collect personal information, such as that referred to in section 2 above, about you from IRS Members for the purposes managing the IRS claims database (IRS Database) which is operated by third parties engaged by IRS to assist IRS Members with the:

  1. prevention of insurance fraud where the intent in using the IRS Database is to provide added information to confirm the accuracy of information provided by applicants;
  2. management of insurance claims where the intent in using the IRS Database is to analyse claims and the management of claim payments;
  3. management of claims investigation and loss assessment processes;
  4. validation of prior claim disclosure at time of quotation and assessment of underwriting risk where the intent in using the IRS Database is to provide complete information to enable insurers to assess material and moral risk;
  5. benchmarking analysis to show how an individual IRS Member is performing against industry norms (not against named IRS Members or named persons); and
  6. identity verification.

4. Who has access to your personal information? 

The use and disclosure of the personal information in the IRS Database is restricted to:

  1. authorised employees and representatives of IRS including those engaged in underwriting, fraud detection, investigation, loss assessment and claims management;
  2. IRS Members by way of access to the IRS Database to support claims management, claims investigation, loss assessment, fraud detection and validate risk underwriting;
  3. Federal, State or Territory police authorities and government bodies/agencies as authorised or required by law or a court or tribunal order;
  4. Government agencies that are an enforcement body (being a Federal or State authority that is responsible for administering, or performing a function under a law that imposes a penalty or sanction or a prescribed law) by Legally Enforced Access (LEA) being requests for relevant claims history made to IRS by police authorities, a crimes commission, a royal commission, regulators, and by court order;
  5. other third parties, including the Service Provider; and
  6. an individual in relation to their own ‘My Insurance Claims Report’ which can be viewed at ; and
  7. otherwise as authorised or required by law or a court or tribunal order.

The disclosure of personal information in the circumstances outlined in sections (1)-(7) above will include the disclosure of your sensitive information.

We do not knowingly disclose your personal information to any overseas recipients.

5. Cookies

We may use "cookies" on the Website. A cookie is a small amount of information which is transferred to the hard drive of your computer and which can identify your web browser but not you. Individuals can disable their web browsers from accepting cookies. If you do so, you can still access the Website, but not all services may be available.

6.Security of your personal information

We hold personal information in an online database managed by our third party (the Service Provider). We may also hold electronic copies of documents containing personal information (e.g. queries, complaints, forms and other relevant documents) in an online database.

Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we will take reasonable steps to protect your personal information we cannot guarantee or warrant the security of any personal information you transmit to us via the internet. We also take reasonable steps to protect your personal information once it reaches us.

7. Accessing and correcting your personal information held by the IRS

You may access your personal information held by us by ordering your own ‘My Insurance Claims Report’ at

You may make or seek access to and/or correction of your personal information, by contacting us by email, your insurer in relation to personal information concerning an insurance claim or the Service Provider on 13 23 33 or +61 39828 3200.

If we do not agree to provide access to your personal information or to amend or annotate your personal information we hold about you, you may seek a review of our decision with the Office of the Information Commissioner (OAIC) as set out below.

8. Complaints

You can send any queries about this Privacy Policy, correction or access requests or complaints about our alleged breach of this Privacy Policy or the Privacy Act to or to The Privacy Officer, Insurance Reference Services Limited, Level 4, 56 Pitt Street, Sydney NSW 2000.

Our Privacy Officer will investigate the issue and determine the steps to be taken to resolve the complaint and we will notify you in writing if we require any additional information and also of the outcome of the investigation. A written response will usually be provided within 30 days of receipt of the complaint by IRS.

If you are not happy with the outcome of our investigation you can complain to the OAIC, please see their contact details at

9. Changes to this Privacy Policy

We may, from time to time, update this Privacy Policy so please ensure you review it periodically for changes. If any changes are significant or substantial, we will let you know on our Website or by email if you have provided us with your email address.

Your continued use of the Website, our services, or the provision by you or on your behalf by an IRS Member of further personal information about you to us after a notice that the Privacy Policy has been revised will be deemed to be your acceptance of (and in the case of sensitive information, consent to) the revised Privacy Policy.

This Privacy Policy was last revised on 22 April 2022.