RiverStone International
Contact us

Riverstone International Australia Pty Ltd – Privacy Policy

1. Scope

This Privacy Policy sets out how RiverStone International Australia Pty Ltd, together with its related companies, including but not limited to RiverStone Holdings Limited and RiverStone Management Limited  (as applicable) (together the “RiverStone International Group” or “we” or “us” or “RiverStone Australia”) may collect, use, disclose or process personal information about policy holders, claimants and their agents in accordance with the Privacy Act 1988 (Cth), including the Australian Privacy Principles (“Privacy Act”). Where used in this Privacy Policy, “personal information” and “sensitive information” have the meanings given to these terms in the Privacy Act.

The collection of personal information and sensitive information by RiverStone Australia is required to enable us to deliver services regarding the administration of (re)insurance policies and products that we insure or reinsure (“Services”).

This Privacy Policy applies in addition to any other policies, notices, contractual clauses and consent clauses that apply to you in relation to the collection, use and disclosure of your personal information by us.

2. Personal information we collect about you

In order to deliver our Services, RiverStone Australia may collect and process the following personal information and sensitive information about you:

  • Contact information – including your full name, date of birth, address and contact details.
  • Identity documents – including government ID used to identify you such as passport or driver licence.
  • Financial information – including bank account information, credit scores and credit risk information where applicable.
  • Claim details – including details relating to a claim, which may include sensitive information such as medical reports and reports of criminal convictions (“Claim Details”). This may also include requests for assistance or support which contain details of any vulnerabilities, and financial information to support a claim.
  • Complaint information – including information relating to a complaint made by you or involving you, including Claim Details where the complaint relates to a claim.
  • Fraud information – meaning information relating to any criminal or fraudulent activities provided to us by you or third parties (such as anti-fraud agencies or other insurers).
  • Recruitment information – including information that you provide to us as our employee and when applying for a job with us.
  • Correspondence – including records of correspondence or details of any communication between you and RiverStone Australia and any personal information you provide throughout such correspondence.
  • Website visit information – including personal information relating to your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, captured through cookies and other tracking technologies on our websites.

By proceeding to engage RiverStone Australia to provide Services to you, you consent to the collection, use and disclosure of your personal information for the purposes listed in the ‘Purposes for Collection’ section below.  

From time to time, where we may need to collect additional personal information or sensitive information which has not been listed above, we will notify you of this via a collection specific notice at the time, or as soon as practicable after, the collection is made.

3. How we collect your personal information

When delivering our Services, personal information is collected from a number of different sources, including from you directly, or indirectly from third parties to whom you have provided your personal information.

Directly

  • We may collect your personal information from you directly at the time of transfer, variation, renewal or extension of a policy, or at such time at which a claim is made. This personal information will be collected primarily through your completion of proposal forms and claims forms.

Indirectly

  • Your personal information may also be provided to us by a third-party claimant where you may be involved in a claim as either a co-claimant, witness, or policy holder.
  • We may also collect your personal information indirectly from an agent or individual you have appointed to act on your behalf.
  • We may collect your personal information from an insurer where we act on behalf of that insurer or where we have entered into agreements with an insurer, including reinsurance and portfolio transfer agreements.
  • We may collect your personal information from an organisation, or employee of an organisation, which is insured by RiverStone Australia.
  • We may collect your personal information from other RiverStone International Group entities where claims or insurance products are managed by or migrated to RiverStone Australia.
  • Where your personal information is available via public sources, RiverStone Australia may access and collect your personal information from such publicly available sources.
  • We collect details of your visits to our websites and through cookies and other tracking technologies.

4. Purposes of collection of personal information

RiverStone Australia collects, uses and discloses your personal information, and where noted in this Privacy Policy, your sensitive information, for the following purposes:

  • for the administration and delivery of Services;
  • to facilitate claims processing, including managing (re)insurance claims, defending or prosecuting legal claims and investigating and prosecuting fraud;
  • general risk modelling and underwriting, and complying with legal and regulatory obligations/reporting;
  • undertaking due diligence for potential or actual mergers and acquisitions, transfers of books of business or company sales and reorganisations;
  • undertaking mergers and acquisitions, transfers of books of business, company sales and reorganisations;
  • for the management of complaints, including investigation of any such complaints;
  • for the recovery of payments;
  • for customer services purposes;
  • to identify you and carry out any required identity checks; and
  • for recruitment activities and management of ongoing employment.

5. Providing us with your personal information 

You are not obligated to provide us with your personal information and are not compelled under Australian laws to do so. However, if you chose not to provide us with your personal information, or do not allow us to collect or process personal information about you, we will be unable to carry out the activities necessary to deliver our Services to you, and as such will not be able to provide you with our relevant Services.

6. Disclosure of your personal information

Where required for the purposes set out above, we may disclose your personal information to third parties during the provision of our Services. These third parties include but are not limited to audit, financial and actuarial consultants, third party claims handlers, loss adjusters and solicitors.

We may also make disclosures of your personal information, where necessary and only for the above purposes, to other entities within the RiverStone International Group.

7. Overseas transfers of personal information

In providing our Services for the purposes noted above, RiverStone Australia may disclose your personal information to recipients outside of Australia (“overseas recipients”). Your personal information may be disclosed to overseas recipients such as third party claims handlers, loss adjusters, or solicitors located in the United Kingdom.

RiverStone Australia will also disclose your personal information to other entities in the RiverStone International Group located outside of Australia, including in the UK, US, Bermuda and the European Economic Area.

RiverStone Australia utilises cloud storage systems and repositories located in the United Kingdom, and as such your personal information may be transferred overseas to third party cloud providers for the purposes of information storage. Your personal information will be stored and handled in a way that complies with Australian privacy laws.

8. Access to and correction of your personal information

You have the right to request access to all personal information we hold about you, or to request the correction of personal information we hold about you. If you would like to make a request to access or correct your personal information, please do so in writing via email using the contact information listed in the ‘Contact Us’ section below. When making your request, we will ask you to provide us with evidence of your identity which must clearly show that you are the individual whose personal information the request relates to. 

9. Complaints

If you have any concerns about how we have handled your personal information, believe we have breached any of the relevant Privacy Act provisions, or wish to make a privacy-related complaint, please contact us in the first instancevia email using the contact information listed in the ‘Contact Us’ section below.

Please provide sufficient detail regarding your complaint and any supporting evidence. We will investigate the complaint and determine appropriate actions to resolve the complaint. We will notify you in writing of the outcome of our investigation and will follow up with you if we require any additional information.

If you are not satisfied with the outcome of our investigation you may make a complaint to the Office of the Australian Information Commissioner (OAIC) on their website www.oaic.gov.au or via the OAIC phone hotline at 1300 363 992.  

10. Contact Us

If you wish to make a request for access to or correction of your personal information, or if you wish to make a complaint, or if you would like to receive this Privacy Policy in another format (for example audio, large print or braille), please contact:

Data Protection Officer
RiverStone Management Limited
Park Gate
161-163 Preston Road
Brighton
East Sussex

United Kingdom
BN1 6AU

Email: DPO@rsml.co.uk

11. Changes to this Privacy Policy

We may change the content of our website or Services without notice, and consequently our Privacy Policy may change at any time in the future. We therefore encourage you to review it from time to time to stay informed of how we are using personal information. Revised versions of the Privacy Policy will be posted here.

This Privacy Policy is effective as of 1 June 2026.