At the OTIP Group of Companies1 (“OGC”), respecting your privacy and protecting your personal information is an important part of how we do business. We value the trust you have in us and we are committed to protecting your privacy.
We are accountable for all personal information in our possession or control, including any personal information transferred to third parties for processing.
We will identify the reasons for collecting personal information before or at the time of collection. We will collect information for reasonable purposes as outlined in this policy as well as purposes described in the terms and conditions of any product, service, program, contest, promotion or event. In addition to the member’s name, address, email and telephone number, we may require information to:
We will obtain consent for the collection, use and disclosure of personal information, subject to certain legal, medical or security reasons which may make it impracticable to seek consent. Individuals can provide consent to the collection, use and disclosure of their personal information expressly (oral, written or electronic) or it may be implied depending on circumstances and sensitivity of the information.
When quoting or issuing a policy, it is our understanding that in addition to the individual insured providing their consent, they have obtained consent from all persons named in the insurance policy for the collection, use and disclosure of their personal information, for the purposes outlined above.
Individuals can withdraw consent at any time. If this should happen, we will explain the implications of withdrawing consent.
We will limit the collection of personal information to only that which is needed to properly provide products, services and benefits and to fulfill legal or regulatory requirements. Information will be collected by fair and lawful means. If a member’s information is being collected by telephone, the call may be recorded for the following reasons:
The information we gather about our members varies, depending on the request and/or the service provided and may be collected verbally, electronically or in writing. Examples of the types of information we may collect directly or indirectly include but is not limited to:
In most cases, we will collect the information directly from the individual, or from their authorized representative(s). In some cases, and with the individual’s consent, we may need to ask an independent source to verify or provide supplemental information. These sources could include service providers we retain, other insurance companies or financial institutions, employers, benefit administrators or credit reporting agencies. In the case of medical or health-related information, additional sources could include doctor(s), other healthcare providers or facilities. In some circumstances, we may collect personal information from public sources such as the internet or third-party service providers.
We will use or disclose personal information only for the purpose for which the information was collected, unless an individual gives consent to use or disclose it for another reason. Information may be disclosed to service providers and authorized agents/representatives who perform various functions for us. Individuals’ personal information may be disclosed to third parties in certain circumstances:
We may, where not prohibited by law, consolidate and share member personal information within the OTIP Group of Companies to better manage our business and the relationship we have with our members for the purposes described in this policy. Sensitive personal information, such as health and medical information, will never be shared or used for a purpose other than the original purpose for which it was collected.
As part of a business transaction, including the purchase or sale, merger or amalgamation or a financing arrangement pertaining to OGC’s business assets, we may be required to share members’ personal information with applicable third parties to complete such a transaction.
We will keep personal information for as long as necessary for the identified purposes or as required by law.
We will keep the personal information in our possession or control accurate, complete, current and relevant based on the most recent information available to us. Individuals may challenge the accuracy and completeness of personal information about them and have it amended as appropriate. Depending on the nature of the information challenged, amendment involves the correction, deletion or addition of information. Where appropriate the amended information will be transmitted to third parties having access to the information in question.
We will protect personal information within our custody with safeguards appropriate to the sensitivity of the information. We use reasonable physical, organizational and technological safeguards and appropriate training of employees, to prevent the theft, loss, misuse, alteration, unauthorized access or disclosure of personal information under our control.
Any unprotected e-mail message may be subject to interception, loss or alteration. We are not responsible for damages related to e-mail messages sent by members or e-mail messages sent by us to individuals at their request.
We will be open about the procedures used to manage personal information and upon request, we will provide specific information about our practices relating to the management of personal information.
Upon request, we will advise individuals of the existence, use and disclosure of their personal information. Individuals can request to have their information amended or corrected. We will respond to an access to information request within the timelines prescribed by each province’s privacy legislation. It is important to verify that the individual requesting the information is in fact the person whom the information belongs to. For this reason, we require that all inquiries be in writing and that our responses, in writing, are sent to the address we have on file. Access to information will be provided at minimal cost.
We are unable to provide access to information in the following circumstances:
Individuals may challenge our information handling practices and/or our compliance with privacy legislation. Privacy complaints and inquiries should be directed to OGC’s Privacy Officer as outlined in the complaints process.
If an individual has a privacy related concern or complaint, the employee will listen to the individual’s concerns, identify the problem and offer solutions. If the situation cannot be resolved, the individual will be directed to contact OGC’s Privacy Office either by telephone or in writing.
Quebec – TW Insurance Services (Orbit)
230 Boulevard Saint-Joseph O.
Drummondville QC J2E 0G3
OGC Privacy Officer
PO Box 218
Waterloo ON N2J 3Z9
Depending on the nature of the inquiry or complaint, we will:
1The OTIP Group of Companies includes: