Privacy Policy

Protecting the confidentiality of your personal information has always been an important part of the way we do business. To ensure that we protect your privacy, we have adopted in principle the Insurance Bureau of Canada Model Personal Information Code. This Code sets out how and why we collect and use personal information about our policyholders. It also explains limited circumstances under which we may need or be required to disclose it.

“Personal information” means information that identifies you as a specific individual. It does not include the sort of general information that could be found in a business directory or a telephone book.

Effective January 1, 2004, the Government of Canada implemented the last phase of the Personal Information Protection and Electronic Documents Act (PIPEDA). This federal statute applies to insurance companies and many other industry sectors.

This legislation establishes rules and principles for the use and disclosure of personal information based on the ten privacy principles developed by the Canadian Standards Association. These principles recognize that we live in an era when commercial information is exchanged and circulated by electronic means. It balances the individual’s right to privacy in their personal information with the reasonable need of organizations to collect, use or disclose personal information.

Under the new legislation, an organization may collect, use or disclose personal information only for limited purposes that a reasonable person would consider to be appropriate in the circumstances.

The Personal Information Protection and Electronic Documents Act requires us to provide the same safeguards for your privacy that we have always provided on a voluntary basis. Our Privacy Code sets out these principles in simple terms. It explains how we ensure that your privacy and the confidentiality of your personal information are protected.

Our Privacy Code

Our Privacy Code is based on the following ten principles adopted by PIPEDA.

Principle #1: Accountability

You have a right to expect that your insurer is accountable for the personal information it collects and uses. “Customer” means a current and former insured, an applicant for insurance, a claimant under one of our policies, as well as an individual insured as part of a group or corporate policy. We are responsible for maintaining and protecting your personal information while it is under our control. This includes any personal information that may need to be disclosed to third parties for processing or other administrative functions.

To help ensure confidentiality, we have policies and procedures to ensure compliance with PIPEDA. We have designated a privacy officer responsible for our compliance. If you have any questions, our privacy officer is available to assist.

Principle #2: Identifying Purpose

We collect personal information only for the following purposes:

  • a) to provide ongoing service;
  • b) to help us understand customer needs better;
  • c) to develop, enhance, market or provide insurance products and services;
  • d) to underwrite your policy and set a fair premium;
  • e) to adjust a claim fairly and quickly;
  • f) to meet legal and regulatory requirements.

We do not use or disclose personal information for new purposes without your consent. Our privacy officer can answer questions regarding these purposes.

Principle #3: Consent

We will make reasonable efforts to ensure our customers understand and consent to how their personal information will be used. Consent will be obtained before using information for other purposes or collecting it from third parties.

In certain circumstances, collection, use, or disclosure may occur without consent—such as legal, medical, or fraud-related reasons.

Renewing your policy confirms your permission to collect, use, and disclose personal information as outlined in this policy.

Principle #4: Limiting Collection

We collect only the personal information necessary for the identified purposes, often to underwrite your policy and set a fair premium. We may also collect information from third parties such as credit bureaus, adjusters, or investigators. Collection is always by fair and lawful means.

Principle #5: Limiting Use, Disclosure & Retention

We do not use or disclose personal information beyond the identified purposes, except with consent or as required by law. We retain it only as long as necessary.

We may disclose personal information to:

  • a) other insurers;
  • b) reinsurers (with privacy obligations);
  • c) claims support professionals (e.g., adjusters, engineers);
  • d) medical professionals for Insurance Act assessments;
  • e) surveyors for underwriting purposes;
  • f) contracted individuals or companies for processing or statistical tasks;
  • g) brokers or agents for product development and marketing;
  • h) credit evaluators or collection agents;
  • i) public authorities if legally required;
  • j) law enforcement where permitted or required.

We do not sell or trade customer lists. Only employees with a business need-to-know may access personal information.

Information no longer necessary is destroyed, erased, or anonymized.

Principle #6: Accuracy

We strive to keep personal information accurate and up to date. Customers may be required to update their information through their broker or agent. Questions about accuracy can be directed to the privacy officer.

Principle #7: Safeguards

We use appropriate safeguards against loss, theft, unauthorized access, copying, use, modification, or disclosure. These apply regardless of format (electronic, physical, etc.). Third parties must comply with confidentiality agreements. All employees are required to uphold privacy obligations.

Principle #8: Openness

We are transparent about our privacy policies. Upon request, we will provide:

  • a) the title and contact for our privacy officer;
  • b) the contact for inquiries or complaints;
  • c) access procedures;
  • d) a description of the personal information we hold and its use.

This helps policyholders make informed choices.

Principle #9: Individual Access

We inform customers of the existence, use, and disclosure of their personal information upon request. You may access and correct your personal data. Written requests require identity verification for security.

Exceptions to access may include:

  • references to others,
  • legal or proprietary reasons,
  • medical restrictions,
  • or litigation privilege.

We will provide reasons for denial if applicable.

Access requests can be made to our privacy officer.

Principle #10: Challenging Compliance

You have the right to challenge our compliance with the policy. The privacy officer will investigate all complaints and, if justified, we will revise policies and procedures accordingly. In complex cases, legal consultation may occur before issuing a final response.

Privacy Questions or Comments?

If you have questions, concerns, or wish to withdraw consent regarding the use of your personal information, contact us.