In order to provide our clients with the products and services they require and to ensure that we make informed underwriting and claims decisions, it is necessary that we obtain information about our clients and/or their businesses. The information with which we are entrusted is often of a personal nature. Our clients have the right to expect that any personal information they provide to us or that we obtain from other sources in order to make underwriting or business decisions will be kept in confidence and that access to that information will be restricted to those having a legitimate need to review or use that information.
As of January 1, 2004, the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) applies to the operations of insurance companies in Canada. PIPEDA sets out in law the rights of the consumer and details the duties and responsibilities of companies that collect information of a personal nature. A number of provinces have since enacted similar legislation. Trisura Guarantee Insurance Company (“Trisura”) intends to fully comply with all aspects of PIPEDA and applicable provincial legislation.
Personal Information
Personal Information, as defined in PIPEDA, means information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. Personal information that we collect may include name, address, contact information, marital status, work history, assets, liabilities, income, banking records, health records, claims history and other information of a personal nature relating to an individual. The type of information we collect is dependent on the type of product the individual requires from us. We will limit the personal information we collect to that necessary for us to make informed underwriting and business decisions. Trisura operates on a principle of limited collection, meaning that it will collect only that information necessary for the purposes that have been identified and specified at or before the time of collection (see also Purposes for Collections and Processing of Personal Information section below).
How We Collect Personal Information
We may obtain personal information directly from the client and/or through insurance brokers, other insurers, banks, credit bureaus, applications, transactions, consumer reports or by other legitimate means.
Purposes for Collections and Processing of Personal Information
We typically collect, use and sometimes disclose personal information for purposes which include: assessing insurance applications and issuing policies; making underwriting and business decisions; compiling statistics; communicating with our clients; evaluating, investigating, paying out or defending claims against our insureds; detecting or preventing illegal activity such as fraud or money laundering; meeting legal or regulatory obligation such as those relating to sanctions, anti-terrorism and other internal security policies and procedures; and managing our business environment including our IT systems. We will explain to the client why we require personal information and will restrict our use of this information to the purposes identified.
Consent
Canada’s privacy laws stipulate that an individual’s meaningful consent is required prior to or at the time we collect his or her personal information. Consent is also required prior to disclosing any personal information to a third party, except in certain situations identified in the legislation. If personal information is collected through a third party such as an insurance broker, administrator, external claims adjuster or others, then that third party has the responsibility of obtaining appropriate consent for the collection, use and disclosure of personal information, and Trisura will rely on that consent. Consent may be express or implied. Express consent may be written or oral. Implied consent may be inferred in accordance with the legislation and depending on the context or the nature of the transaction under which personal information is collected. For example consent may be implied when an individual requests products from Trisura and provides personal information, when an existing client requests further products or policy renewals, or when a client continues to use our products or services without objection after receipt of this Privacy Policy.
Please note that if an individual refuses consent to the collection, use or disclosure of his or her personal information then Trisura may be unable to provide the product or service requested.
Protection of Personal information
Trisura will take all necessary and reasonable precautions to protect the information provided to us by our clients. Trisura uses a number of manual and electronic controls to protect personal information that has been entrusted to us. These controls include restricted access to our premises, user authentication, encryption, firewall technology and the use of detection software.
Trisura only allows access to an individual’s personal information to those employees who require it in their work. Employees who have access to personal information are made aware of the responsibility they have for protecting that information and are required to make proper use of the manual and electronic controls available to them. Our employees are subject to disciplinary procedures for the unauthorized use or disclosure of an individual’s personal information.
Disclosure of Personal Information
From time to time in the normal course of business, it is necessary for Trisura to provide an individual’s personal information to a third party such as, but not limited to, a broker, reinsurer, legal counsel, regulator, adjustor, repairer, affiliated company or administrator. Trisura discloses personal information, including to its affiliated companies in other jurisdictions, only for the reasons listed in this Privacy Policy, or if legally required to do so. Trisura limits the disclosure of personal information to only those identified purposes for which the personal information was collected. Trisura advises each third party to whom it provides personal information that Trisura requires the party to comply with Canada’s privacy laws and to also take steps to protect that information. Information on third parties is available from the Chief Privacy Officer.
As stated above, we will only disclose an individual’s personal information with the individual’s consent, except in situations where to do so would cause undue delay in providing requested services or where Trisura is legally required to disclose such information.
Personal Information Transfer Outside of Canada
Trisura may transfer personal information to locations outside of Canada, or may transfer personal information to service providers for processing outside of Canada, in furtherance of the purposes outlined in this Privacy Policy. By sharing personal information with Trisura, the individual consents to the collection, use, processing and transfer of such information in accordance with this Privacy Policy to a foreign jurisdiction such as the United States of America. Trisura will take all reasonable precautions to ensure that transferred data is treated in accordance with this Privacy Policy.
Retention of Personal Information
Trisura will retain an individual’s personal information for as long as is necessary to fulfill the purposes for which it was collected or as required by law. Disposal of any personal information no longer required will be done in a safe and complete manner.
Accuracy and Accessing Your Personal Information
An individual has the right to be allowed access to his or her personal information, subject to any legal restrictions. For example, if to allow access would reveal any personal information about a third party then access may be limited or denied. If there are reasons why access is denied, the individual requesting access will be advised in writing. Trisura is committed to keeping accurate and complete data records of the personal information it collects. Should an individual demonstrate that any information held is inaccurate or incomplete, please contact our Chief Privacy Officer at the email listed below and Trisura will make the appropriate changes to such information.
Privacy Breach
In the unlikely event that Trisura experiences an incident involving the loss of or unauthorized access to or disclosure of personal information where a reasonable person would consider that there exists a real risk of significant harm to an individual as a result, Trisura will comply in all respects with the applicable provisions of federal and provincial privacy laws with regard to privacy breach notification, and will take all necessary steps to reduce the risk of harm to the affected individual as a result of the breach.
Contact Information
Individuals may contact Trisura’s Chief Privacy Officer in order to obtain further information about Trisura’s personal information practices, to gain access to the individual’s personal information collected by Trisura, or to challenge Trisura’s compliance with privacy laws and regulations.
Requests for further information access to personal information or complaints about Trisura’s handling of personal information should be directed to Trisura’s Chief Privacy Officer, as follows:
Trisura Guarantee Insurance Company
333 Bay Street, Suite 1600, Box 22
Toronto, Ontario
M5H 2R2