In the field of insurance and financial services, Industrial Alliance Insurance and Financial Services Inc. ("the Company") and its subsidiaries are required to collect information of a personal nature including health, lifestyle and financial situation about their respective clients, employees and representatives. The Company is aware of the sensitivity of such information and has always made sure that it is kept strictly confidential.
The purpose of this Policy is to confirm, formalize and promote the protection of personal information in the possession and control of the Company.
1. Personal Information
Personal information is defined as being any information concerning an individual and enabling that person to be identified.
Personal information must be protected regardless of its characteristics or its form, whether written, graphic, audio, visual, computerized or otherwise.
2. Purposes of Information Collection
The Company shall identify the purposes for which personal information is collected at or before the time of collection. Any persons mandated by the Company to collect information or persons who collect information that is submitted to the Company, must be able to explain to the individuals concerned the purposes for which the information is being collected.
Information will generally be collected from individuals through various forms such as enrolment, account opening or claim forms which, if produced by the Company, shall indicate the purposes of the information collection. The sole objective of the information collected from the individuals will be to provide the products or services requested and to respond to their needs or the Company’s needs for the duration of their relationship with the Company.
Where the Company collects personal information from an individual, the Company informs the individual of the purposes for which it will be used and obtains the individual’s consent at or before the time of collection, as well as when a new use is identified. Every person must be informed of any further collection, use or communication of personal information about them and provide express consent for these purposes.
The Company seeks express written consent in order to collect, use or disclose personal information through various forms used by the Company. Where appropriate in the circumstances, the Company may accept verbal or implied consent.
Consent must be given by the individual or an authorized representative such as a legal guardian or a person having power of attorney.
Any person may withdraw their consent at any time, subject to legal or contractual restrictions. The Company must inform the person of the consequences of such withdrawal, including the possibility that the Company may not be able to provide a product or the inability to process a request.
The Company may be required to collect, use or disclose personal information without an individual’s knowledge or consent for legal, medical or security reasons. The Company must also disclose personal information to institutions regulating its activities and public bodies having the authority to investigate.
4. Limitations to Collection, Use, Disclosure and Retention
The Company must always proceed by fair and lawful means in the collection, use, disclosure or retention of information. The Company must not collect, use or disclose information except with the consent of the individual or as required by law.
The Company must limit the amount and type of information collected to that which is necessary to fulfil the purposes identified. The Company shall only collect personal information from the individual concerned, unless this individual consents to the Company collecting it from a third party.
Personal information held by the Company is only accessible to persons having the authority to access such information. They use such information only to the extent necessary for carrying out their duties.
The Company shall retain personal information only as long as necessary for the fulfilment of the purposes for which it was collected and the information must be destroyed in accordance with the law and the Company’s guidelines with respect to the retention of files.
The Company shall occasionally share personal information concerning individuals with suppliers or agents to ensure the management of the selected products or to provide the required services. These suppliers or agents must agree to comply with privacy legislation before any information is communicated.
Some subsidiaries of the Company may establish a nominative list of their respective clients (names, addresses and telephone numbers) and share this list with other subsidiaries of the Company. If applicable, the purpose of this list shall be to allow the Company to better serve its clients by offering relevant and available products and services. Clients may request that their name be removed from this list by writing to the Privacy Officer at the address provided in Section 8 of this Policy.
The Company shall apply methods intended to ensure that personal information is as accurate and complete as necessary for the purposes for which it is to be used.
The Company shall not routinely update personal information, unless such a process is necessary to fulfil the purposes for which the information was collected.
The Company is responsible for personal information in its possession or control, including information that has been transferred to a third party for processing. The Company requires any such third parties to keep personal information under strict standards of privacy and protection, as required by law.
The Company shall ensure that each department has implemented procedures to apply the principles of this Policy. The Company shall adequately inform and train its employees on the Company’s policies and procedures with respect to the protection of personal information.
The Company has implemented and continues to implement appropriate safeguards for the purpose of ensuring that personal information remains strictly confidential and that it is protected against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification.
The Company places great importance on the security of transactions carried out through this application. This is why the software uses strong (minimum 128-bit) encryption. Encryption is a way to ensure the integrity of the information exchanged between the application and the Company’s servers.
8. Request for Access to Information or Amendments
The Company’s policies and procedures concerning the protection of personal information shall be readily available to anyone. The Company must inform an individual of the existence, use, and disclosure of his or her personal information and his or her right to access the information.
The Company shall respond to an individual’s request for information within a reasonable time. In addition, the fee charged for processing the request shall also be reasonable
A subsidiarie of the Company holding medical information may refuse to provide access to this information directly to the individual concerned and may ask that a health care professional be designated to receive communication regarding that person. The designated professional will then communicate information to the individual concerned.
An individual may challenge the accuracy and completeness of his or her personal information and have it amended as appropriate. The Company shall respond to any amendment request within a reasonable time.
Any request for access to information or request for amendment must be sent to the following address:
Industrial Alliance Insurance and Financial Services Inc.
1080 Grande Allée West
PO Box 1907, Station Terminus
Quebec City QC G1K 7M3
9. Complaints and Concerns
The Company’s employees and representatives should be trained to assist clients with questions or concerns relating to personal information. If the employee or representative dealing directly with the client does not satisfy these concerns, the client may contact the Privacy Officer at the address provided in Section 8 of this Policy.
If a client wishes to make a complaint concerning the protection of personal information, he or she may contact the Privacy Officer at the address provided in Section 8 of this Policy. For a justified complaint, the Company will make the appropriate corrections and modify its practices and procedures if necessary.
* This Policy reflects the legislation applicable in Canada regarding the protection of personal information.