As of January 1, 2004, organizations in Canada that collect, use or disclose personal information in the course of commercial activities will have to comply with the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”). As required by the legislation, Investia Financial Services Inc. has put in place policies and procedures to effectively safeguard any confidential information that we have on file or collect going forward. These apply to all of the operating companies within the iA Financial Group. To meet our obligations, we closely follow the ten fundamental principles set out under PIPEDA.
iA Financial Group is composed of Industrial Alliance Insurance and Financial Services Inc. and its subsidiaries (“we/us”). Together, we are committed to protecting our clients’, employees’ and representatives’ (“you/your”) privacy, and to ensuring the confidentiality of the personal information provided to us in the course of our business.
1. PERSONAL INFORMATION
Personal Information is any information about an individual that identifies him or her, such as financial, lifestyle or health information, but not their name, or business title, address, telephone and email.
Personal information has to be protected regardless of its characteristics or its form, whether written, graphic, audio, visual, computerized or any other form.
2. PURPOSE OF INFORMATION COLLECTION
Collecting information about you is necessary in order for us to provide you with high quality services. The nature and sensitivity of the information we collect about you varies according to the services we provide you and to legal requirements imposed on us (such as information required for tax purposes).
The purposes for which we collect personal information about you are identified at or before the time of collection. For example, information may be collected while submitting an application, opening an account, or submitting a claim.
Purposes for collecting information generally include providing products or services requested, confirming your identity, protecting against fraud, or dealing with matters concerning the relationship between us.
When we obtain personal information from you, we initially require your consent to collect, use or disclose the information for the purposes specified. We will obtain your consent for any additional use, disclosure or collection, or if the purpose is changed.
We generally seek your express written consent in order to collect, use or disclose personal information. Where appropriate, we may accept your verbal consent. Occasionally, we may imply consent where we can infer consent from your action or inaction.
Consent must be given by you or your authorized representative such as a legal guardian or a person having a power of attorney.
You may withdraw your consent at any time, subject to legal or contractual restrictions. We will inform you of the consequences of such withdrawal, including the possibility that we may not be able to provide a product or process a request. If you choose to withdraw your consent, we will record the decision in our file.
In limited circumstances, we may collect, use or disclose personal information without your knowledge and consent. This occurs when legal, medical, or security reasons may make it impossible or impractical to seek consent, or when information is being collected for the investigation of a potential breach of contract, the prevention or detection of fraud, or for law enforcement purposes.
4. LIMITS TO COLLECTION, USE AND DISCLOSURE
We only collect the personal information we need directly from you or from a third party where you allow us to collect the information. We cannot use your personal information for other purposes without your consent or disclose your personal information to anyone except with your consent.
We may however collect, use or disclose your personal information without your consent as permitted or required by law.
We limit the collection, use and disclosure of your personal information to the purposes we have identified to you. Your personal information is only accessible to certain authorized persons, and only to the extent necessary to perform their duties.
We will occasionally share your personal information with service providers or agents to ensure the proper administration of products, or to provide you with the services you require. In certain circumstances, we may use service providers outside Canada, including the United States. We are responsible for the service provider’s compliance with privacy legislation, and will ensure that the level of protection of personal information is comparable to that provided by us.
You have the right to know, on request, to whom the information was disclosed. Only in rare instances are we prevented by law from making such disclosure. We maintain accurate records, recording to whom we disclose personal information and in what circumstances it was disclosed.
5. SHARING PERSONAL INFORMATION
We may establish a list of clients (names, addresses and telephone numbers) and share this list with companies within iA Financial Group. You may request that your name be removed from such a list by writing to the Privacy Officer at the address provided below.
With your consent, we may also share your personal information with companies within iA Financial Group in order to know you better, better meet your needs and offer the best possible service and client experience. If you do not want to receive such offers for products and services, you may choose not to provide your consent.
We do not sell your personal information to third parties.
We make every possible effort to ensure that your personal information is as accurate and complete as necessary for the purposes it is collected, used, or disclosed.
We only retain your personal information for as long as needed for the purposes that it was collected. We must destroy this information in accordance with the law and our file retention guidelines. When we destroy your personal information, we make sure that confidentiality is secured and that no unauthorized person can access the information during the destruction process.
We are responsible for your personal information in our possession or control, including information that may be transferred by us to third parties for processing. We require such third parties to keep personal information under strict standards of privacy and protection.
Our staff is trained on these processes and procedures and is provided with information about privacy laws.
We have implemented and continue to implement rigorous safeguards so that your personal information remains strictly confidential and is protected against loss or theft, as well as unauthorized use, disclosure, access, copying, or modification.
Protection methods include organizational measures such as requiring security clearances and limiting access to a “need-to-know” basis, physical measures (e.g. building access cards for employees, visitor registration and identification cards, off-site backups and archiving), and technological measures such as the use of passwords and encryption (e.g. the use of firewalls and routinely changing passwords).
10. REQUEST FOR ACCESS TO INFORMATION AND AMENDMENTS
You have the right to be informed whether we hold personal information about you and to see that information. You also have the right to enquire as to how we collected your information, how we used it and to whom it may have been disclosed.
This information will be provided to you within a reasonable time from the date we receive your written request. We may charge a reasonable fee for processing your request.
In certain limited and specific circumstances, we may refuse to provide to you the requested information. Exceptions to your access right can include information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, information that has been obtained in the course of an investigation of a potential breach of contract or fraud, information that is prohibitively costly to provide, and information that is subject to litigation or other privilege.
In cases where we hold medical information about you, we may refuse to provide you with direct access to this information and may instead request that a health care professional be designated to provide the information to you.
You may challenge the accuracy and completeness of your personal information. We will respond to an amendment request within a reasonable time.
Any request for access to information or request for an amendment may be sent to the following address:
11. COMPLAINTS AND CONCERNS
Our employees and representatives are trained to respond to questions or concerns about your personal information. Should you be unsatisfied with our employee’s or representative’s response, you may contact the Privacy Officer at the address mentioned above.
In addition, any complaint concerning the protection of personal information should be addressed to the Privacy Officer.
12. REVIEW OF THE POLICY
This Policy shall be reviewed every three years. It shall also be reviewed whenever there are substantive changes to legislative or regulatory requirements.1.