Privacy Statement

Last updated: 21 May 2026
Effective date: 21 May 2026

This Privacy Statement explains how PCASA Operations Pty Ltd (ABN 80 163 004 055), on behalf of the Brightside Group of companies, including relevant related entities and operating companies (together, Brightside, we, us or our), collects, uses, discloses, stores and protects personal information.

This Privacy Statement applies to personal information collected through our websites, online services, customer service channels, claim administration services, product or plan administration services, business activities, and interactions with our customers, claimants, retailer clients, service providers, partners and website visitors.

This Privacy Statement should be read together with any product disclosure statement, terms of use, claim documentation, collection notice, consent notice, cookie notice, or other privacy notice provided to you at the time your personal information is collected.

1. Our commitment to privacy

Brightside is committed to handling personal information in a fair, lawful, transparent and secure manner. We take reasonable steps to comply with applicable privacy laws and regulatory requirements in the countries where we operate, including the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles.

Where privacy laws in another jurisdiction apply to our handling of your personal information, we will take reasonable steps to handle your information in accordance with those requirements.

2. Personal information we collect

The types of personal information we collect depend on your relationship with us and the services we provide. This may include:

  • name, contact details, address, email address and telephone number;
  • product, plan, policy, warranty, protection product or service details;
  • claim information, supporting documents, claim history and claim outcome information;
  • payment, billing or transaction information, where applicable;
  • communications with us, including emails, phone calls, web forms and customer service records;
  • information provided by retailer clients, insurers, administrators, repairers, assessors, service providers, business partners or related entities;
  • identity verification information, where required to provide services, manage claims, prevent fraud, or comply with legal obligations;
  • marketing preferences and consent records;
  • website usage information, cookie information, device information and online interaction data.

We only collect personal information where it is reasonably necessary for our business functions, where you have provided consent, where it is required or authorised by law, or where it is otherwise permitted under applicable privacy laws.

3. Website usage, cookies and tracking technologies

When you visit our website, our systems and service providers may automatically collect technical and usage information, including:

  • your IP address;
  • the date and time of your visit;
  • pages viewed and documents downloaded;
  • browser type, device type and operating system;
  • referring website or search engine;
  • approximate location derived from your IP address;
  • interactions with website features, forms, links, buttons or pages.

Our website may use cookies, pixels, tags, analytics tools, scripts and similar tracking technologies to operate the website, support security, improve website performance, understand how visitors use our website, measure engagement, and improve our services.

Some cookies are strictly necessary for website operation, security and fraud prevention. Other cookies or tracking technologies, such as analytics, advertising or marketing technologies, may be non-essential and may be subject to consent or opt-out rights depending on your location and applicable law.

Where required by applicable law, we will request your consent before placing non-essential cookies or using non-essential tracking technologies. You may manage your cookie preferences through the cookie banner, cookie settings tool, browser settings, or other privacy choices made available on our website.

4. Cookie preferences and consent management

Our website may provide a cookie banner or consent management tool that allows you to:

  • accept all cookies;
  • reject non-essential cookies;
  • manage cookie preferences by category;
  • change your preferences at a later time through a cookie settings or privacy choices link.

Cookie categories may include:

  • Strictly necessary cookies: required for website operation, security, network management, fraud prevention, load balancing or similar essential functions.
  • Analytics cookies: used to understand website usage and improve website performance.
  • Functional cookies: used to remember preferences or improve user experience.
  • Marketing or advertising cookies: used to measure advertising performance, personalise content, support campaigns or understand engagement.

If you reject non-essential cookies, some features may not work as intended, but strictly necessary cookies may still be used.

5. Global Privacy Control and opt-out preference signals

Where required by applicable privacy laws, our website will take reasonable steps to recognise and respect browser-based opt-out preference signals, such as Global Privacy Control (GPC), where technically supported by our consent management tools.

Where a valid GPC or similar opt-out signal is detected, we may treat it as a request to opt out of the sale or sharing of personal information, or as a request to disable non-essential analytics, advertising or marketing tracking, depending on applicable law and our technical configuration.

You may also exercise your privacy choices by using the privacy choices link on our website or by contacting us at [email protected].

6. Do Not Sell or Share My Personal Information / Your Privacy Choices

Brightside does not sell personal information in exchange for money.

However, some privacy laws may define certain disclosures, transfers or use of cookies, analytics, advertising technologies, pixels or similar technologies as a “sale” or “sharing” of personal information, particularly where information is made available to third-party technology, analytics or advertising providers.

Where applicable, you may opt out of the sale or sharing of your personal information by:

  • using the “Your Privacy Choices” or “Do Not Sell or Share My Personal Information” link on our website;
  • managing your cookie preferences through our cookie settings tool;
  • enabling a supported browser-based opt-out preference signal such as Global Privacy Control;
  • contacting us at [email protected].

7. How we collect personal information

We may collect personal information directly from you when you:

  • visit or interact with our websites;
  • complete an online form;
  • contact us by email, telephone, web form or other communication channel;
  • submit a claim, enquiry, complaint or service request;
  • participate in a survey, promotion, marketing activity or customer feedback process;
  • interact with our customer service, claims, support or administration teams.

We may also collect personal information from third parties where permitted by law, including:

  • retailer clients, partners, distributors or product providers;
  • insurers, underwriters, administrators, assessors, repairers, suppliers or service providers;
  • related entities within the Brightside Group;
  • identity verification, fraud prevention, analytics, hosting, technology or security providers;
  • publicly available sources or regulatory authorities, where relevant.

8. How we use personal information

We may use personal information for purposes including:

  • providing, administering and supporting products, plans, services and claims;
  • assessing, investigating, managing and paying claims;
  • communicating with you about your product, plan, claim, enquiry or service request;
  • verifying identity, preventing fraud, managing risk and protecting our business;
  • managing relationships with customers, retailer clients, partners and service providers;
  • providing customer support and responding to complaints or enquiries;
  • improving our websites, services, systems, processes and customer experience;
  • conducting reporting, analytics, research, quality assurance and training;
  • sending marketing communications where permitted by law or with your consent;
  • complying with legal, regulatory, contractual, audit and compliance obligations;
  • enforcing our rights and protecting the rights, property or safety of Brightside, our customers, partners, service providers or others.

If you do not provide requested personal information, we may not be able to provide certain services, process a claim, respond to your request, or meet our legal or contractual obligations.

9. Marketing communications

We may use your personal information to contact you about products, services, offers, updates, research or information that may be relevant to you, where permitted by law or where you have consented.

You may opt out of marketing communications at any time by using the unsubscribe link in our communications, updating your preferences, or contacting us at [email protected].

Even if you opt out of marketing communications, we may still send you non-marketing communications, such as service messages, claim updates, security notices, legal notices or important account-related information.

10. Disclosure of personal information

We may disclose personal information to:

  • insurers, underwriters, administrators, assessors, repairers, suppliers and service providers;
  • retailer clients, business partners, distributors or product providers, where relevant to your product, plan, service or claim;
  • related entities within the Brightside Group;
  • technology, hosting, analytics, security, communication and customer support providers;
  • professional advisers, auditors, consultants, legal advisers and insurers;
  • payment, fraud prevention, identity verification or risk management providers;
  • regulators, law enforcement agencies, courts, tribunals, government bodies or dispute resolution bodies;
  • other parties where you have consented, where required or authorised by law, or where reasonably necessary to protect our rights, property, security or legal interests.

We do not disclose personal information unless there is a valid business, legal, regulatory, contractual or service-related reason to do so.

11. Overseas disclosure and international operations

Brightside operates in multiple countries and may use service providers, related entities or business partners located in Australia, New Zealand, Singapore, Malaysia, Ireland, Slovenia, Croatia, the Philippines and other jurisdictions relevant to our business operations.

Your personal information may be stored, accessed or processed in countries outside your country of residence. Where we disclose personal information overseas, we take reasonable steps to ensure that appropriate safeguards are in place, such as contractual protections, access controls, security measures, and privacy obligations appropriate to the nature of the information and the applicable legal requirements.

12. Data retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Statement, including to provide services, manage claims, comply with legal and regulatory obligations, resolve disputes, maintain records, manage risk, and enforce our rights.

Retention periods may vary depending on the type of information, the purpose for which it was collected, applicable legal requirements, contractual obligations, limitation periods and business needs.

When personal information is no longer required, we will take reasonable steps to securely destroy, delete, de-identify or anonymise it, unless we are required or permitted by law to retain it.

13. Security of personal information

We take reasonable technical, organisational and administrative steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure.

These steps may include access controls, user permissions, authentication, monitoring, encryption where appropriate, secure storage, staff training, vendor due diligence, system security controls, incident response processes and physical security measures.

No method of transmission or storage is completely secure. If we become aware of a data breach that is likely to result in serious harm or that requires notification under applicable law, we will take reasonable steps to contain, assess and respond to the incident, including notifying affected individuals or regulators where required.

14. Access, correction and privacy rights

You may have rights under applicable privacy laws to request access to, correction of, deletion of, restriction of, portability of, or objection to the use of your personal information.

You may also have the right to withdraw consent, opt out of marketing communications, opt out of certain tracking technologies, or make a complaint about how we handle your personal information.

To exercise your privacy rights, contact us at [email protected]. We may need to verify your identity before responding to your request. We will respond to privacy requests within the time required by applicable law.

In some circumstances, we may be unable to fulfil a request, such as where we are required or permitted to retain information by law, where the request would compromise another person’s privacy, or where an exemption applies. If this occurs, we will explain our decision where required or appropriate.

15. Children’s privacy

Our website, products and services are intended for adults and are not directed to children.

We do not knowingly collect, use or disclose personal information from children without appropriate parental or guardian consent where required by applicable law.

If we become aware that personal information has been collected from a child without the required consent, we will take reasonable steps to delete the information or otherwise handle the matter in accordance with applicable legal and regulatory requirements.

Parents or guardians who believe that a child has provided personal information to us may contact us at [email protected] to request review, correction or deletion of the information.

16. Links to third-party websites

Our website may contain links to external websites, social media pages, partner websites or third-party services. We are not responsible for the privacy practices, content, security or availability of those external websites or services.

You should review the privacy statements and cookie notices of any third-party website or service you access.

17. Complaints

If you have a concern or complaint about how we handle your personal information, please contact us at [email protected].

Please include sufficient information for us to understand and investigate your complaint. We will review your complaint and respond within a reasonable period or within the timeframe required by applicable law.

If you are not satisfied with our response, you may have the right to contact the relevant privacy regulator in your jurisdiction.

18. Privacy contact

For privacy-related enquiries, requests to access or correct personal information, deletion requests, consent withdrawal requests, complaints, cookie preference questions, or other privacy rights requests, please contact:

Privacy Officer
Email: [email protected]

Please include “Privacy Request” in the subject line so your request can be directed to the appropriate team.

19. Website owner information

PCASA Operations Pty Ltd
ABN 80 163 004 055
Building E Suite 1A, 24-32 Lexington Drive
Bella Vista, NSW 2153
Australia

20. Changes to this Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our business, services, technology, legal requirements, regulatory expectations or privacy practices.

When we make changes, we will update the “Last updated” date at the top of this page. We encourage you to review this Privacy Statement periodically.

Document owner: Privacy / Compliance Team
Review frequency: At least annually, or earlier where there are material changes to our privacy practices, legal requirements or website technologies.