The protection of personal information is an integral part of doing business at First Rate Insurance Inc. Protecting personal information is important to us and this policy sets out how we collect and manage personal information in a manner that protects the personal privacy of our clients, contractors and employees.
What is personal information?
“Personal information” means any factual or subjective information concerning an identifiable individual. Personal information may be collected concerning a variety of individuals with whom our company does business, including from group and individual insureds, beneficiaries.
Personal information can be collected in a variety of forms, including written (such as correspondence and memoranda) as well as electronic communications and records, video or audio recordings and photographs.
Examples of personal information include information concerning an individual’s name, age, sex, health, personal characteristics or personal and financial circumstances. Personal information can also include such things as identification numbers (such as SIN or employee numbers), banking and income information, employment records, credit records and medical information.
Personal information does not include the name, title or business address, telephone number or e-mail address of employees of an organization.
In respect of your privacy, everyone at First Rate Insurance follows 8 privacy principles:
- First Rate Insurance will identify the purposes for which personal information is being collected before or at the time that the information is collected.
- First Rate Insurance collects personal information in a number of ways. For example, information may be collected on an application or claim form, during a personal interview or through other means. Prior to or at the time of collection, First Rate Insurance will identify the purpose of collection. This may be communicated in writing or orally, depending upon the manner in which the information is collected.
- Persons collecting personal information are expected to be able to explain to individuals the purposes for which the information is being collected.
- First Rate Insurance will not collect, use, or disclose information beyond that required to fulfil the purposes specified at the time of collection.
- Unless the new purpose is required by law, before using personal information for a purpose not previously identified, the company will identify the new purpose and obtain the consent of the individual to its use.
- First Rate Insurance must obtain the knowledge and consent of the individual to the collection, use and disclosure of personal information, except where inappropriate.
- Usually, First Rate Insurance will obtain consent for the use or disclosure of personal information at the time of collection. Sometimes, consent will be obtained after the information has been collected but prior to use (for example, when the company wishes to use information for a purpose not previously identified).
- First Rate Insurance may seek consent in a variety of ways, depending on the circumstances and the type of information collected. The company will generally seek express consent when the personal information is likely to be considered sensitive (such as medical or income records).
- Sometimes consent may be obtained from an authorized representative, such as a legal guardian or person holding a power of attorney.
- Implied consent may be inferred in circumstances where the information is less sensitive and consent to collection, use or disclosure can be reasonably inferred.
- In certain limited circumstances, personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. When information is being collected for the investigation of a potential breach of contract, the prevention or detection of fraud or for law enforcement purposes, seeking the consent of the individual might defeat the purpose of collecting the information. Similarly, seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or otherwise incapacitated.
- An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. First Rate Insurance will inform the individual of the implications of such withdrawal, which may include termination of a policy, termination of benefits or inability to process a claim.
- The collection of personal information will be limited to that which is reasonably necessary for the purposes identified by First Rate Insurance. Information shall be collected only by fair and lawful means.
- The company will not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is reasonably necessary to fulfil the purposes identified.
- Information will be collected in a manner that complies with the company’s obligations to identify the purpose of collection and to obtain the consent of the individual to collection, use and disclosure of personal information.
- First Rate Insurance will not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or in accordance with the exceptions set out above. Personal information will be retained only as long as necessary for the fulfilment of those purposes.
- Personal information that has been used to make a decision about an individual will be retained long enough to allow the individual access to the information after the decision has been made.
- Furthermore, sensitive information (such as SIN and Driver’s Licence numbers) are NOT inputted into any computers or remote servers operated by First Rate Insurance and information, which is no longer required to fulfil its purpose (such as Credit Card numbers) shall be destroyed in accordance with the Record Retention policy of First Rate Insurance.
- Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used.
- The extent to which personal information shall be updated will depend upon the use of the information, taking into account the interests of the individual. Information will be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual.
- First Rate Insurance will not routinely update personal information, unless such a process is necessary to fulfil the purposes for which the information was collected.
- Personal information will be protected by security safeguards appropriate to the sensitivity of the information.
- First Rate Insurance has implemented security safeguards and appropriate training to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
- Security safeguards vary depending on the nature and format of the information collected. The methods of protection include physical, organizational and technological measures designed to limit access to authorized persons, ensure the integrity of the information and protect it from unauthorized use or disclosure.
- Security safeguards also include steps to ensure that all third parties with whom we contract and who may be required to handle personal information have implemented comparable security measures.
Protecting Personal Information
We understand the importance of protecting personal information. For that reason, we have taken the following steps:
Paper information is either under supervision or secured in a locked or restricted area.
Electronic hardware is either under supervision or secured in a locked or restricted area at all times. Encryption and passwords are used on computers.
Paper information is transmitted through sealed, addressed envelopes or boxes by reputable couriers or Canada Post.
- First Rate Insurance will make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- The information made available shall include:
- the means of gaining access to personal information held by the company;
- a description of the type of personal information held by the company and a general account of its use;
- a copy of this policy and any other brochures or information that explain or elaborate upon this policy; and
- what personal information is made available to related organizations or subsidiaries.
- Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Upon request, First Rate Insurance will inform an individual whether or not it holds personal information about the individual, will permit the individual to access the information and provide an account of the use made of the information, including any disclosure to third parties (if any). First Rate Insurance may direct to have sensitive medical information available through a medical practitioner designated by the individual.
- In certain situations, First Rate Insurance may not be able to provide access to all of the personal information it holds about an individual. Exceptions to the access requirement will be limited and specific, and the reasons for denying access will be provided to the individual upon requests. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, information that has been obtained in the course of an investigation of a potential breach of contract or fraud, and information that is subject to solicitor-client or litigation privilege.
- First Rate Insurance will respond to an individual’s request within a reasonable time and at minimal or no cost to the individual. The requested information will be provided or made available in a form that is generally understandable. For example, when abbreviations or codes are used an explanation will be provided upon request. If the individual requests copies of any of the documents in the Company’s file, a reasonable fee may be charged for duplication.
- When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, First Rate Insurance will amend the information as required. Depending on the nature of the information challenged, amendment may mean the correction, deletion or addition of information. For further information, contact the Privacy officer at firstname.lastname@example.org.