Your Privacy Rights
From January 1, 2004, organizations engaged in commercial activities in Canada must comply with the Personal Information Protection and Electronic Documents Act (the “Act”).
The Act governs the way we collect, use, maintain and disclose personal information and sets out 10 fair information principles outlining our obligation as a private organization.
Certain provinces also have provincial privacy legislation applicable to private sector companies as well:
• British Columbia’s Personal Information Protection Act;
• Alberta’s Personal Information Protection Act;
Private sector companies that are subject to the provincial privacy legislation listed above are exempt from the Act with respect to the collection, use or disclosure of personal information by them that occurs within the applicable province. However, the Act continues to apply to the collection, use or disclosure of personal information by those organizations beyond provincial borders.
What is Personal Information?
“Business contact information” is a category of personal information under the Act that is defined as “any information that is used for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession such as the individual’s name, position name or title, work address, work telephone number, work fax number or work electronic address”. While the Act permits organizations to collect, use and disclose business contact information without consent, that permission is limited to collection, use and disclosure solely for the purpose of communicating or facilitating communication with the individual in relation to his/her employment, business or profession.
Additionally, certain types of publicly available information may be collected, used and disclosed without consent, but only for those purposes as listed in the regulations to the Act. Publicly available information, as specified in the regulations enacted under the Act, and the purposes for which such information may be collected, used or disclosed without consent, are as follows:
a. personal information consisting of the name, address and telephone number of a subscriber that appears in a telephone directory that is available to the public, where the subscriber can refuse to have the personal information appear in the directory;
b. personal information including the name, title, address and telephone number of an individual that appears in a professional or business directory, listing or notice, that is available to the public, where the collection, use and disclosure of the personal information relates directly to the purpose for which the information appears in the directory, listing or notice;
c. personal information that appears in a registry collected under a statutory authority and to which a right of public access is authorized by law, where the collection, use and disclosure of the personal information relates directly to the purpose for which the information appears in the registry;
d. personal information that appears in a record or document of a judicial or quasi-judicial body, that is available to the public, where the collection, use and disclosure of the personal information relate directly to the purpose for which the information appears in the record or document; and
e. personal information that appears in a publication, including a magazine, book or newspaper, in printed or electronic form, that is available to the public, where the individual has provided the information.
Our Privacy Commitment: The 10 Fair Information Principles
Principle One: Accountability
Westmount Guarantee Insurance Group Inc.
600 Cochrane Drive, Suite 205
Markham, Ontario L3R 5K3
Attn: Privacy Officer
Principle Two: Identifying Purposes
When Westmount collects personal information, we will state and explain the purpose of such collection.
We collect personal information from you directly or through other sources such as insurers to:
- Respond to requests and queries you submit to us;
- Allow you to register for Westmount products and services, including creation of user accounts where applicable;
- Communicate and assist you about your coverage and claims;
- Communicate tailored insurance related products and services to you offered by other insurance companies based on these preferences, if you have opted-in to receive such communications;
- Prevent, detect and suppress fraud, unauthorized or illegal activities;
- Conduct analyses and evaluations to understand consumer trends and usage related to our products in order to improve our products, services and marketing communications;
- Train our employees and monitor quality assurance;
- Comply with applicable laws.
Unless required by law, we shall not use or disclose personal information for any purpose, other than the purpose for which it was originally collected, without first identifying and documenting the new purpose and obtaining the appropriate consent.
Principle Three: Consent
We obtain consent to collect, use, or disclose their personal information either explicitly from you or implicitly through your conduct with us. Normally, we ask for your consent in writing, but in some circumstances, we may accept your verbal consent. Express consent can be given by an action such as by clicking “accept” on a computer screen. Implied consent can be given when you interact with us such as submitting us a query through our website or registering for our products and services.
Consent may be given by you as the individual or by your authorized representative (e.g. power of attorney, legal guardian). In such cases, we will verify the authorization of these representatives.
You can withdraw your consent to the collection, use and disclosure of your personal information at any time. However, if you choose to withdraw your consent, we may not be able to provide you with the products and services you request, and in some cases could mean that we cannot provide you with insurance coverage.
There are certain situations where consent is not required for the collection, use and disclosure of personal information in accordance with the Act, such as:
- if the collection and use are clearly in the interests of the individual and consent cannot be obtained in a timely manner;
- if the collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;
- if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records;
- if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
- if the disclosure is made to another organization and is reasonable for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that the disclosure with the knowledge or consent of the individual would compromise the ability to prevent, detect or suppress the fraud;
- if required by law.
Principle Four: Limiting Collection
We never collect information indiscriminately and will limit collection of information to that which is reasonable and necessary for the purposes of such collection, as described above or at the point of collection.
We collect information from you in a variety of ways when you use our products and services. Where possible, we collect personal information directly from you. We also collect information from third parties as permitted by law in order to verify and provide information about the products and services you may request. When we do so, we do it with your consent, or otherwise confirm the third party lawfully collected the information and can share it with us.
We may also use passive tracking technologies and third-party analytics tools to collect information from you if you access our website. These tools may automatically monitor and track information relation to activities on our website, including the Internet Protocol (IP) address of your computer, the IP address of your Internet Service provider, the date and time you access the website, the Internet address of the website from which you linked directly to the website, the operating system you are using, the pages of the website you visit, the website pages you read and the images viewed, and the content you download from our website.
Principle Five: Limiting Use, Disclosure and Retention
Westmount only uses or discloses your personal information for the purpose for which it was collected, unless you consent to it otherwise.
We also share information about you with companies that perform marketing and other services for us (collectively, “Service Providers”). Our Service Providers are not authorized by us to use or disclose your information except as necessary to perform services on our behalf or comply with legal requirements. If you do not wish us to provide your personal information to those Service Providers, we may be unable to provide you with the services you request or adequately respond to your query.
There are also certain situations where we will disclose your personal information, such as:
- When we are required or authorized by law to do so (e.g., if a court issues a subpoena);
- When you have consented to the disclosure;
- When the product and services we are providing to you require us to give your information to a Service Provider;
- To protect ourselves against fraud;
- When it is necessary to establish or collect amounts owed to us.
Disclosure Outside Canada
Occasionally, we may use Service Providers located outside of Canada to process and/or store personal information for us. Please note that personal information in the custody of these Service Providers may be subject to access by the law enforcement authorities of those jurisdictions in which the Service Providers are located. Our Privacy Officer can provide further information about our policies and practices regarding Service Providers located outside of Canada and how these Service Providers, collect, use, disclose or store personal information on our behalf.
Disclosure in the Event of Business Change
In the event our business undergoes a fundamental change such as, for example, a sale or financing, merger, transfer of all or a portion of our business or assets (“Business Change”), we may disclose your personal information to the counterparties to the transaction and their professional advisors as necessary for them to conduct due diligence and to complete the transaction, provided that the counterparties and their professional advisors are required to maintain the personal information as confidential and provided that any successor to our business may only use and disclose your personal information for those purposes for which you have provided consent to us. Following such Business Change, you may contact the entity to which we disclosed your personal information with an inquiry concerning the processing of that information.
We keep your information as long as reasonably required to complete our dealings with you, or as required by law, whichever is longer. You can also request that we remove your information from our records by contacting our Privacy Officer. Subject to our requirements for continued retention of your information (i.e., audit purposes) or to fulfill our legal obligations, we will make every reasonable effort to honour your request.
Principle Six: Accuracy
Westmount will make reasonable efforts to ensure that the personal information we possess and control is accurate and complete. In some cases, depending on the services we offer, you may be able to update and correct the information we hold about you through your user account or profile.
Principle Seven: Safeguards
Westmount has policies and procedures to ensure reasonable physical, technical and organizational measures are in place to protect the personal information we hold about you safe from loss, unauthorized access, modification or disclosure. However, we cannot take responsibility for theft, misuse, unauthorized disclosure, loss, alteration or destruction of data by a third party (such as a hacker). Among the measures we take to protect your information are:
- Premises security;
- Restricted file access;
- Technological safeguards such as firewalls; and
- Internal password and security policies.
Principle Eight: Openness
Upon request to our Privacy Officer, Westmount will provide an explanation of our privacy policies and practices and how we handle your personal information.
Principle Nine: Individual Access
You have a right to review any of the information that we hold about you and learn about how we have used it or to whom we have disclosed it by contacting our Privacy Officer. We may require additional information from you in order to verify your identity prior to providing you access.
In some cases, we may charge a reasonable administrative fee to obtain the information you request from us. We will advise you of this fee at the time of your request.
Subject to any exceptions prescribed by law, you can access and correct your personal information and challenge the accuracy and completeness of the information we have about you. We may deny access when required or authorized by law. For example, we may deny access when granting access would have an unreasonable impact on other people’s privacy or when necessary to protect our confidential commercial information and the requested information cannot be severed from the balance of the record in which it is contained. If we deny your request for access to, or refuse a request to correct information, we shall explain why.
Principle Ten: Challenging Compliance
If we are unable to resolve the complaint or you are dissatisfied by our response, you can voice your concerns to the Office of the Privacy Commissioner of Canada or your applicable provincial privacy commissioner. Our Privacy Officer would be happy to provide their contact details upon request.
Personal Information of Minors
We do not knowingly solicit information of any kind from individuals under the age of majority in their jurisdiction of residence (“Minors”) without the required consent from parents/guardians. If we become aware of any information we possess that may belong to a Minor, we will immediately obtain parental consent to delete this information from our servers. If you are a parent/guardian and you suspect that your child may have submitted personal information to us, please contact our Privacy Officer.