The English version of this Privacy Policy (available at: https://unitecare.ai/privacy-and-data-security-policy) shall prevail over all other language versions. Any documents or communications in other languages are provided for convenience only, and the English version shall constitute the official version.
uniteCare (hereinafter collectively referred to as "we", "us", or "our") respects your privacy. Our Privacy Policy explains:
(1) how we collect, use, and disclose information obtained through our websites, networks, and applications (collectively referred to as the “Platform”) as well as other services provided to institutional customers (together with the Platform, referred to as the “Services”); and
(2) the choices you may make regarding information processing.
We also describe how you may contact us regarding our privacy standards. This Privacy Policy is incorporated by reference into the uniteCare Terms of Use.
On our Platform, you may choose to use certain features provided by other entities. These features include international tuition payment, bank card application services, SIM card application services, etc. (these features will be prominently displayed on our webpages). They are operated by third parties that are not affiliated with uniteCare and may collect information directly from you. These third parties may use your information in accordance with their own privacy policies and standards.
We may obtain your information in various ways, such as information voluntarily provided by you, information obtained in our role as a payment transaction processor, or information automatically transmitted when you use a device to access the Platform.
When you use the Services, you may provide us with the following types of information:
Your Account Information
To create an account, you are required to provide your mobile phone number, email address, and password.
Payment Information
When you purchase insurance through our Platform, we will request the applicant’s name, date of birth, address, telephone number, identification number, school attended, course type, commencement date, graduation year, and other information. Where necessary, you will also need to provide information of accompanying persons. As part of the payment process, or in order to process refunds or chargebacks, we and/or our partners may require the payer’s credit card information or financial account information, such as bank account number, name, and bank code.
Insurance Application Information
We may request that you apply for services provided by third parties through us and provide relevant information. This information may include admission offers, passport and visa information. Such information will be shared with these third parties so that they can evaluate and respond to your application.
Referrals
In order to invite others to use the Platform, you may be required to submit their email address.
Messages and Support Requests
When you communicate with us via email, chat, messages or other means, we will collect the information you submit. You may choose to submit a summary of the issues you encounter or speak directly with our representatives. Providing summaries of issues encountered, screenshots, documents or information will assist in resolving the issue.
Platform Usage
When you browse our website and perform certain actions, we will collect information about you. This information includes links you click; the type, size and file name of attachments you upload to the Platform; the use of analytical technologies to hash, filter or otherwise clean content; and the collection of click data regarding how you interact with and use Platform features.
Device Information
We collect information regarding the computer, mobile phone, tablet or other devices you use to access the Platform. This includes browser type, IP address, device identifiers and crash data. We will also use your IP address or country preference to provide you with a better user experience.
We may receive information from others, including:
Financial Institutions and Service Providers
In processing your payment transactions, we may cooperate with multiple service providers, including banks and non-bank financial institutions such as payment service providers. In order to process payments, financial institutions or service providers may share payer account information with us, such as account name, number, bank code and other identifying information.
Designated Entities
Before creating your account for you, we may obtain your name and email address from our medical service providers and other entities so that we may contact you and encourage you to make payments through our Platform. In addition, these designated entities may also use the Platform to communicate with you and manage collections.
To ensure proper website operation, the system will automatically store Cookie information locally. Cookies usually contain identifiers, site names and some numbers and characters. Through Cookies, websites can store webpage resource information to ensure proper loading and display. We will not use Cookies for any purposes other than those stated in this Policy, nor will we store Cookie information on backend servers. You may manage or delete cookies according to your own preferences. For details, please refer to AboutCookies.org.
In addition to Cookies, we will also use web beacons, pixel tags and other similar technologies on our website. When you access our Platform or open our emails, we and our third-party service providers may automatically collect certain information, for example, the emails we send to you may contain click URLs linking to content on our website. If you click the link, we will track this click. Information collected in this way includes IP address, browser characteristics, device ID and features, operating system version, language preference, referring URL and Platform usage.
We may associate this data with your personal profile to help us understand your product or service preferences and improve customer service.
We cooperate with third-party partners such as analytics and advertising partners who may collect information about your use of other websites and online services over time. For more information regarding Google Analytics and the options Google provides regarding your information, please visit:
https://policies.google.com/technologies/partner-sites
We may, in accordance with applicable laws, use information about you for the following purposes:
• To provide and improve the services.
• Authentication details during login.
• We use your information to verify accounts and activities, monitor suspicious or fraudulent activities, and identify violations of policies.
• To process your payment transactions and notify you of payment status;
• To provide your information to insurance providers to support the assessment and management of your application throughout the insurance application process;
• To comply with and enforce relevant laws and regulations, industry standards and our policies;
• To prevent potential illegal or prohibited activities and enforce our Terms of Use;
• To respond to your inquiries, resolve disputes and provide support;
• We use collective learning regarding how users use our Platform to troubleshoot problems, identify trends, usage and patterns in order to better analyse, operate and improve our business and Services (including enhancing user experience, managing communications and functionality, and developing new products and Services);
• To communicate with you regarding Platform-related matters, such as sending personalised payment reminders and offers;
• To compare information to ensure accuracy and verify information with third parties;
• If we have collected your personal information in an actual or potential commercial relationship, we will further develop our business relationship with you;
• To de-identify or aggregate data collected through the Platform and use it for any purpose;
• To satisfy other purposes that you have agreed to, which should be reasonably expected by you, or authorised or required by law, where required by law or where we believe it is necessary to protect legal rights, we will use your information in connection with legal proceedings, regulatory matters, audit functions, mergers or financing.
In accordance with applicable laws, we may share your information for the purposes described in Section B of this Privacy Policy. This includes sharing your information in the following ways:
• In order to process your insurance application, we will share certain information with designated insurance service providers we represent.
• In order to perform our Services or meet our legal and regulatory obligations, we may need to transfer your personal information to organisations outside your country of residence.
• We may share your information with service providers who assist us in providing Services. In some cases, in order to successfully process your payment or refund, we may share bank/payment receipt documents sent by you with cooperating financial institutions to assist in processing payment or refund. Our contracts require these financial institutions to use your personal information only for purposes related to Services provided to us, and not for their own benefit.
• In addition, your information may be shared with other financial institutions, industry associations, anti-fraud organisations and law enforcement agencies to identify and prevent money laundering, terrorism financing and other financial crimes.
• If required by law or legal process, or in order to comply with the law, or when we believe, in our sole discretion, that disclosure of personal information is appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or illegal activity, or to investigate violations of our Terms of Use and other agreements.
• If we are involved in a merger, acquisition, financing due diligence, reorganisation, bankruptcy, receivership, sale of company assets or transfer of Services to another provider, your information may be sold or transferred as part of such transaction.
• We will not rent, sell or share your personal information with unrelated companies for their direct marketing purposes unless we have obtained your permission.
• Except for the primary purpose of collecting personal information or secondary purposes reasonably related to it, we will not collect, hold, use or disclose your personal information. Secondary purposes may include, for example, where our service providers and third parties (such as technology and support service providers) need access to your personal information in order to provide Services to us.
• If a third party fails to comply with uniteCare’s privacy policy, we remain responsible for the processing of personal data transferred to such third party.
In order to prevent financial fraud, monitor abnormal payment behaviour or support insurance application assessment processes, uniteCare may conduct automated analysis of certain user data, including risk scoring and behavioural profiling.
Such automated processing will not produce legal effects or similarly significant impacts on users without human intervention.
You have the right to request human intervention and to express your views regarding the outcome of automated decision-making.
We will only collect and process your information where there is a legal basis under applicable law. This means we collect and use your information:
• To allow you to access and use the Platform, provide support to applicants and customers, and fulfil other obligations related to our agreement with you and/or to take steps at your request prior to entering into such agreement (please refer to our Terms of Use https://unitecare.ai/terms-of-service);
• To comply with legal and regulatory requirements that uniteCare must adhere to;
• To pursue our legitimate interests, provided that such legitimate interests are not overridden by your interests or fundamental rights and freedoms.
Our legitimate interests include:
• Protecting the security and integrity of the Services and our payers and customers;
• Monitoring, identifying, preventing and reporting fraud, money laundering, terrorism financing, other illegal activities and prohibited use of our Platform;
• Establishing, exercising or defending legal rights and claims;
• Improving the Platform and the delivery and effectiveness of our Services;
• Measuring and understanding the effectiveness of advertising and/or providing you with information about other similar goods and services we offer.
Depending on the specific service scenario, uniteCare may act as a Data Controller, Data Processor, or Joint Controller in processing your personal data:
• In the insurance application and underwriting process, uniteCare may act as a Joint Controller and jointly determine the purposes of data processing with partner insurance service providers;
• In the payment processing and refund processing process, uniteCare may act as a Data Processor and process relevant data in accordance with the instructions of partner payment institutions;
• In anti-money laundering (AML) and anti-fraud monitoring processes, uniteCare may independently process relevant data based on regulatory obligations.
Where uniteCare acts as a Data Processor, it will process your personal data strictly in accordance with the contractual arrangements with its partner institutions.
In the event of a personal data security incident, uniteCare will report such incident to the relevant supervisory authority within 72 hours after becoming aware of the incident, and will notify affected users without undue delay.
When providing your personal information overseas, uniteCare will adopt the following cross-border transfer safeguards in accordance with applicable laws and regulations:
• entering into Standard Contractual Clauses (SCCs) with overseas recipients;
• executing Data Processing Agreements (DPAs);
• conducting Transfer Impact Assessments (TIAs);
to ensure the security and legality of personal data during cross-border transfers.
Your personal information may be transferred to insurance service providers, payment processing institutions or emergency medical assistance partners located in Australia, Member States of the European Union, the United States and the People’s Republic of China, solely for the purposes of providing the Services described in this Policy.
You may have certain rights regarding the personal information we collect and maintain about you and how we communicate with you.
When we request information from you on the Platform, you may always choose not to provide such information to us. However, if you refuse to provide certain information to us, this may affect the functionality of the Platform.
If you are located in a country with stricter privacy rights protections (such as Europe, the United Kingdom, etc.), you may instruct us not to share your personal information with third parties, except in the following circumstances:
(i) with our service providers and financial institutions that have entered into contracts with us to provide services on our behalf;
(ii) where we are acquired or where we transfer all or part of our business or assets;
(iii) where processing is required by legal process or law;
(iv) with other financial institutions, trade organisations, anti-fraud organisations and law enforcement agencies to identify and prevent fraud, money laundering, terrorism financing and other financial crimes; or
(v) where we believe, in our sole discretion, that disclosure of personal information is appropriate to prevent physical harm or financial loss, or in connection with investigations of suspected or actual fraud or illegal activity.
You may access, modify or update certain personal information submitted on our Platform by logging into your account. Subject to applicable law, you may have the right to request access to and receive other personal information we hold about you, to update and correct inaccuracies in your personal information, and where appropriate, to delete such information or request a copy of your information. To exercise these rights, please contact us as described below (see Section N of this Privacy Policy). In certain circumstances, your rights to access, update, correct or delete personal information may be restricted in accordance with local legal requirements.
If your data needs to be shared with third parties, such as payment partners, you will need to contact these third-party service providers directly to exercise your rights.
• If you have authorised us to use or process your data, you may request that we cease using or processing it.
• You may contact us to withdraw your authorisation; however, this will not affect any processing that has already been carried out prior to withdrawal.
• If personal data covered by this Privacy Policy is to be used for a new purpose that is materially different from the purpose for which it was originally collected or subsequently authorised, or is to be disclosed to a non-agent third party in a manner not described in this Policy, uniteCare will provide you with an opportunity to opt out of such use or disclosure. Requests to opt out should be made to us as outlined in the “Contact Information” section below.
uniteCare maintains reasonable safeguards by combining administrative, technical and physical measures to protect the personal information you provide from accidental, unlawful or unauthorised destruction, loss, alteration, access, interference, modification, disclosure or misuse.
We attach great importance to the security of personal information and adopt various reasonable and feasible measures to protect your personal information:
Data Security Technical Measures
We have adopted security protection measures that meet industry standards as well as commonly accepted security technologies within the industry to prevent your personal information from unauthorised access or modification, and to avoid personal information leakage, damage, or loss:
• We adopt encryption technologies to encrypt and store your personal information. We ensure the security of transactions and personal information from multiple aspects including security management, strategy, processes, and network architecture for the systems that store your personal data.
• Our network services adopt encrypted transmission technologies such as Transport Layer Security protocols and provide browsing services through HTTPS to ensure the security of your personal information during transmission.
• When using your personal information, such as displaying personal information or performing related calculations, we will adopt various data desensitisation technologies, including content substitution and data encryption, to enhance the security of personal information during use.
• We will adopt security testing and intrusion detection and prevention technologies to implement malicious code prevention measures and protect the security of your personal information.
Other Security Measures Adopted to Protect Personal Information
We manage and regulate the storage and use of personal information by establishing data classification and grading systems, data security management standards, and secure development standards:
• We adopt strict data access permissions and multi-factor authentication technologies to control and protect personal information. By signing strict confidentiality agreements with personnel who have access to information, and implementing monitoring and auditing mechanisms, we ensure comprehensive security control of data and prevent misuse.
• We conduct personal information security audits by adopting code security inspection and data access log analysis technologies.
• We have established a dedicated information security department and an information security working group under it, with information security officers in each group responsible for personal information security matters.
• We will also organise security and privacy protection training courses to strengthen employees’ awareness of the importance of protecting personal information.
Security Incident Handling
• The Internet environment is not 100% secure, and we will endeavour to ensure the security of any information you send to us. If our physical, technical, or management safeguards are compromised, resulting in unauthorised access, public disclosure, tampering, or destruction of information that causes damage to your legitimate rights and interests, we will bear the corresponding legal responsibilities.
• In order to address risks such as personal information leakage, damage, or loss, we have formulated multiple systems that clearly define the classification and grading standards for security incidents and vulnerabilities as well as the corresponding handling procedures. We have established a dedicated emergency response team for security incidents, which will initiate security response plans in accordance with incident handling standards to control losses, analyse, locate, formulate remedial measures, and jointly conduct traceability and enforcement with relevant departments.
• Once a personal information security incident occurs, we will immediately take remedial measures in accordance with applicable laws and regulations to effectively avoid harm caused by information leakage, tampering, or loss, and report to relevant regulatory authorities as required. Where the relevant regulatory authority determines that such incident may cause harm to you, we will notify you in a timely manner of the basic circumstances of the incident and its potential impact, the measures we have taken or will take, recommendations for your own prevention and risk mitigation, and remedial measures available to you. We will also promptly notify you of incident-related information by email, letter, telephone, or push notification. Where it is difficult to notify each personal information subject individually, we will adopt reasonable and effective methods to publish announcements.
• If you discover that your personal information has been disclosed, especially if your account or password has been compromised, please contact us immediately through the contact information specified under the section “How to Contact Us” at the end of this Policy so that we may take appropriate measures.
Personal information collected and generated by us within the territory of the People’s Republic of China will be stored within the territory of the People’s Republic of China. If you use cross-border business services or where it is necessary for business purposes to transfer your personal information overseas, we will, in accordance with applicable laws and regulations and the requirements of relevant regulatory authorities, inform you of matters including the name or designation and contact details of the overseas recipient, the purpose and method of processing, the categories of personal information to be transferred, as well as the means and procedures by which you may exercise your rights against the overseas recipient, and obtain your explicit consent.
In addition, prior to providing your personal information overseas, we will conduct security assessments, obtain personal information protection certification from professional institutions, or enter into contracts with overseas recipients in accordance with the standard contracts formulated by the national cyberspace administration authorities, in order to meet the conditions for providing personal information overseas. At the same time, we will require the recipient to process such personal information in accordance with applicable laws and regulations and the requirements of relevant regulatory authorities, and to adopt corresponding confidentiality and security measures.
For example, if you are located overseas, when providing international travel insurance claims services and emergency medical assistance services to you, we may transfer your personal information across borders to emergency rescue service providers, business partners, or local public authorities.
Unless otherwise provided by laws and regulations, we will retain your personal information only for the period necessary for the purposes described in this Policy and within the time limits prescribed by applicable laws, regulations, and regulatory requirements. After your personal information exceeds our retention period, we will delete or anonymise such personal information.
In order to further enhance the security of user data during transmission, storage, and access, the uniteCare 3.0 platform has implemented the following technical and organisational security control measures:
A. Transport Layer Security Controls
The platform enforces the use of TLS 1.3 encryption protocols across the entire site and adopts the HTTP Strict Transport Security (HSTS) policy to ensure that data transmission between user terminals and platform servers, as well as between servers, is fully encrypted, thereby effectively preventing data eavesdropping, tampering, and man-in-the-middle attacks (MITM).
B. Data Classification and Segregated Storage
A data classification management mechanism is implemented based on data sensitivity. Highly sensitive personal information (such as identity information, medical information, and financial account information) is stored using physically segregated storage architecture. Access to such data is strictly restricted through a “Four-Eyes Principle” access control policy, ensuring that the reading, modification, or export of critical data requires dual authorisation.
C. End-to-End Audit Logging System
The platform has deployed an end-to-end data access audit system that records user personal data access, modification, download, and export activities at millisecond-level granularity, and supports anomaly detection and traceability analysis to prevent unauthorised access and potential internal data misuse risks.
uniteCare ensures that our employees are aware of and comply with our security policies. We require all personnel to undergo regular training on security policies, regardless of their department. Personnel who have direct contact with customers will receive additional training on emerging risks, such as identity theft.
All uniteCare employees are required to sign confidentiality agreements or specific confidentiality undertakings upon joining the company. After commencing work at uniteCare, employees must fully understand and comply with these terms and maintain the confidentiality of all information to which they have access in the course of their work (including internal uniteCare information, customer information, and third-party information). This requirement applies during the period of employment and at any time after termination of employment.
Each user of the Platform will be provided with our Global Privacy Policy, which sets out in detail how we collect and process personal information.
We retain your account information for as long as your account remains active and in accordance with our legal obligations. As a regulated entity, we comply with the statutory retention periods specified in regulations applicable to financial transactions and insurance transactions, including anti-money laundering, counter-terrorist financing, and other applicable laws. Thereafter, we will delete or anonymise your information; where this is not possible, we will securely store your information and isolate it from any further use until deletion becomes possible.
| Data Type | Retention Period |
|---|---|
| Identity verification information (KYC) | 5–7 years |
| Payment transaction records | 7 years |
| Insurance claims information | 10 years |
| Anti-fraud logs | 6 years |
| Marketing Cookie data | 13 months |
Our products, websites, and services are primarily intended for adults, and we attach great importance to the protection of minors’ personal information. If you are a minor under the age of 18, please ensure that your guardian carefully reads this Personal Information Protection Policy before you use our products and/or services, and that you obtain the consent of your guardian in advance. We protect minors’ personal information in accordance with relevant national laws and regulations.
We do not actively or directly collect personal information from minors. In cases where minors’ personal information is collected with the consent of parents or other guardians, we will only use or publicly disclose such information where permitted by law, with the explicit consent of parents or other guardians, or where necessary for the protection of children.
If there is evidence that a minor has registered to use our products and/or services without obtaining the consent of a guardian, we will consult with the relevant guardian and endeavour to delete the relevant personal information as soon as possible in compliance with applicable laws and regulations.
For children’s personal information that may involve individuals under the age of 14, we will further adopt the following measures for protection:
• For children’s personal information collected, in addition to complying with the provisions of this Privacy Policy regarding users’ personal information, we will adhere to the principles of legitimacy and necessity, informed consent, clear purpose, security protection, and lawful use, and will strictly store, use, and disclose such information in accordance with the requirements of laws and regulations such as the Regulations on the Protection of Children’s Personal Information on the Internet. Such information will not be retained beyond the period necessary to achieve the purposes of collection and use, and upon expiration, we will delete or anonymise the children’s personal information.
• Where you, as a guardian, choose to use our relevant services on behalf of the child under your guardianship, we may need to collect the child’s personal information from you in order to fulfil the necessary obligations of providing relevant services to you. Where it is necessary to collect children’s personal information in the course of specific services, we will obtain your authorisation and consent in advance and inform you of the purpose and use of such collection. If you do not provide the aforementioned information, you will be unable to access the relevant insurance services provided by us. In addition, you may voluntarily provide children’s personal information to us when using insurance products and services, consultation, evaluation, or feedback functions to share relevant information. You should be fully aware of this and make prudent decisions. As a guardian, you should properly fulfil your guardianship responsibilities to protect the security of children’s personal information.
• Children or their guardians have the right to access and correct children’s personal information at any time and may also submit requests to us for correction and deletion. If you have any opinions, suggestions, complaints, or reports regarding children’s personal information, please contact us. We will provide assistance to you at any time.
Our website may contain links to other websites. When you access other websites, we strongly recommend that you review the privacy policies or notices of those external websites. uniteCare shall not be responsible for the content or privacy standards of other websites.
uniteCare may revise this Privacy Policy from time to time to reflect any changes to our information policies. We will notify you by updating the “Last Updated” date at the top of this Privacy Policy. If we make any material changes, we will notify you through the Platform, email, or other means of communication. We encourage users to review this Privacy Policy periodically in order to understand our privacy practices. By continuing to use the Platform, you indicate your agreement to this Privacy Policy and any updates made to it.
If you have any questions, comments, or complaints regarding our collection, use, storage, or disclosure of personal information, please contact us using the details provided below.
uniteCare will take any privacy complaint seriously and is committed to resolving any issues in a timely and efficient manner. We request that you cooperate with us during this process and provide any relevant information that we may require. Where permitted by applicable laws, you also have the right to lodge a complaint with the data protection supervisory authority in your place of residence regarding the processing of personal information.
If you have any questions, comments, or suggestions regarding this Policy, or in relation to the protection of personal information of users in the European Union, you may contact us through the following data protection contact email address:
Email: legal@unitecare.com.au
Once you lodge a complaint with us, we will send you a written acknowledgement to confirm your concern, unless the complaint has been resolved within the prescribed timeframe. We will endeavour to resolve your complaint within 30 days from the date it is lodged and will keep you informed of the progress of the complaint throughout the process. We will make every effort to resolve any issues to your satisfaction and notify you of the results of our investigation as soon as possible.