Our Commitment to Privacy
Scope of Policy
This Policy addresses personal information about identifiable individuals and does not apply to information collected, used or disclosed with respect to corporate or commercial entities.
This Policy does not impose any limits on our collection, use of disclosure of certain publicly available information.
The Plan is accountable and responsible for personal information under its control. The Plan has designated a Privacy Officer to ensure compliance with this Policy by the Plan.
When collecting personal information about you, the Plan will explain the purpose of the collection and will answer your questions about the collection.
Most of your personal information will be collected directly from you through the various application forms and other documents you complete and through discussions with our representatives. Some of your information may be collected from other sources such as your employer, union, physicians, and government sources.
Your information may be disclosed to the following third parties for the purposes described below:
- the Plan’s privacy officer
- the Plan’s broker, insurer, consultant, service providers and other professional advisors
your employer and union
- the Plan’s trustees
- the Canada Revenue Agency (e.g. in respect of your taxable income and benefits) and
- other third parties as permitted or required by law
The Plan and its trustees and other representatives may collect, use and disclose personal information about you for the following purposes:
- authenticating your identity
- determining your eligibility for enrolment in the Plan
- enrolling you in the Plan and providing coverage under the Plan
- providing and administering requested products and services (including through third party service providers such as insurance companies)
- processing and collecting payments and debts owed to us
- processing and administering claims and benefits
- analyzing and reconciling claims and financial valuations
- administering appeals and complaints
- auditing claims and entitlement to benefits
- protecting the Plan, and others from fraud and error
- determining whether carriers are adjudicating claims properly
- managing or transferring the Plan’s assets or liabilities
- reporting to Plan members
- complying with legal requirements and acting pursuant to legal authorizations
If we want to use your personal information for a new purpose, we will obtain your consent to do so unless the use is authorized or required by law.
We will obtain your consent to collect, use or disclose personal information except where we are authorized or required by law to do so without consent. For example, we may collect, use or disclose personal information without your knowledge or consent where:
- the information is publicly available, as defined by statute or regulations
- we are obtaining legal advice
- we reasonably expect that obtaining consent would compromise an investigation or proceeding
Other exceptions may apply.
Your consent can be express, implied or given through an authorized representative such as a lawyer, agent, broker, or insurance carrier. It can also be given verbally, in writing, electronically, through inaction (e.g. if we notify you that we want to collect, use or disclose your personal information for various purposes and you do not object) or otherwise.
You may withdraw consent at any time (subject to legal, contractual and other restrictions) if you give reasonable notice to us. After we have received such notice, we will inform you of the likely consequences of withdrawing consent, which may include our inability to provide certain services to you or to continue our relationship with you.
Limits on Collection of Personal Information
We will not collect personal information indiscriminately and will limit our collection of your personal information to what is reasonably necessary to provide benefits pursuant to secure agreements (either directly or indirectly) and for the purposes which you consented to. We may also collect information as authorized by law.
Limits for Using, Disclosing, and Retaining Personal Information
We will only use and disclose your personal information for the purposes to which you have consented unless otherwise authorized or required by law.
We will keep personal information secure by means of electronic measures such as passwords and firewalls.
We will take reasonable steps, through contractual or other reasonable means to ensure that a decision affecting you for at least seven years after using it to make the decision.
We will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that: (a) the original purpose is no longer being served by retention of the information, and (b) retention is no longer necessary for legal or business purposes.
We will take due care when destroying personal information to prevent unauthorized access to the information.
The Plan will make a reasonable effort to ensure that personal information it is using or disclosing is accurate and complete. In most cases, we will rely on you to ensure that certain information, such as your street address, or telephone number, is current complete and accurate.
If you demonstrate the inaccuracy or incompleteness of personal information, the Plan will amend the information as required. If appropriate, we will send the amended information to third parties to whom the information has been disclosed.
When a challenge regarding the accuracy of personal information is not resolved to your satisfaction, the Plan will annotate the personal information under its control with a note that a correction was requested but not made.
Safeguarding Personal Information
The Plan protects the personal information in its custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
The Plan will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protections is implemented by its suppliers and agents who assist in providing benefits to you. Some specific safeguards include:
- physical measures such as locking certain filing cabinets
- organizational measures such as restricting access to files and databases as appropriate
Note: Confidentiality and security are not assured when information is transmitted through e-mail or wireless communication.
You have a right to access your personal information held by us.
Upon written request and authentication of identity, we will provide you with your personal information under our control, information about the ways in which that information is being used and a list of the individuals and organizations to whom such information has been disclosed.
We will make personal information available within 30 days or provide written notice where additional time is required to fulfill the request.
In some situations, we may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purpose of an investigation. We may also be prevented by law from providing access to certain personal information.
Where an access request is refused in whole or in part, the Plan will notify you in writing, giving the reason for refusal and outlining further steps which are available to you.
Any inquiries, complaints or questions regarding this policy or our compliance with privacy legislation should be directed in writing to our privacy officer, Lynn Cross, at firstname.lastname@example.org or:
Canadian Benefits Consulting Group
2300 Yonge Street, Suite 3000
Toronto, ON M4P1E4