Privacy Policy
In order to provide our clients with the products and services they require and to ensure that we make informed underwriting and claims decisions, it is necessary that we obtain information about our clients and/or their businesses. The information with which we are entrusted is often of a personal nature. Our clients have the right to expect that any personal information they provide to us or that we obtain from other sources in order to make underwriting or business decisions will be kept in confidence and that access to that information will be restricted to those having a legitimate need to review or use that information.
As of January 1, 2004, the federal Personal Information Protection and Electronic Documents Act (“PIPEDA”) applies to the operations of insurance companies in Canada. PIPEDA sets out in law the rights of the consumer and details the duties and responsibilities of companies that collect information of a personal nature. A number of provinces have since enacted similar legislation. Trisura Guarantee Insurance Company (“Trisura”) intends to fully comply with all aspects of PIPEDA and applicable provincial legislation.
Personal Information
Personal Information, as defined in PIPEDA, means information about an identifiable individual,
but does not include the name, title or business address or telephone number of an employee of
an organization. Personal information that we collect may include name, address, contact
information, marital status, work history, assets, liabilities, income, banking records, health
records, claims history and other information of a personal nature relating to an individual.
The type of information we collect is dependent on the type of product the individual requires
from us. We will limit the personal information we collect to that necessary for us to make
informed underwriting and business decisions. Trisura operates on a principle of limited
collection, meaning that it will collect only that information necessary for the purposes that
have been identified and specified at or before the time of collection (see also Purposes for
Collections and Processing of Personal Information section below).
How We Collect Personal Information
We may obtain personal information directly from the client and/or through insurance brokers,
other insurers, banks, credit bureaus, applications, transactions, consumer reports or by other
legitimate means.
Purposes for Collections and Processing of Personal Information
We typically collect, use and sometimes disclose personal information for purposes which include:
assessing insurance applications and issuing policies; making underwriting and business
decisions; compiling statistics; communicating with our clients; evaluating, investigating,
paying out or defending claims against our insureds; detecting or preventing illegal activity
such as fraud or money laundering; meeting legal or regulatory obligation such as those relating
to sanctions, anti-terrorism and other internal security policies and procedures; and managing
our business environment including our IT systems. We will explain to the client why we require
personal information and will restrict our use of this information to the purposes identified.
Consent
Canada’s privacy laws stipulate that an individual’s meaningful consent is required prior to or
at the time we collect his or her personal information. Consent is also required prior to
disclosing any personal information to a third party, except in certain situations identified in
the legislation. If personal information is collected through a third party such as an insurance
broker, administrator, external claims adjuster or others, then that third party has the
responsibility of obtaining appropriate consent for the collection, use and disclosure of
personal information, and Trisura will rely on that consent. Consent may be express or implied.
Express consent may be written or oral. Implied consent may be inferred in accordance with the
legislation and depending on the context or the nature of the transaction under which personal
information is collected. For example consent may be implied when an individual requests
products from Trisura and provides personal information, when an existing client requests
further products or policy renewals, or when a client continues to use our products or services
without objection after receipt of this Privacy Policy.
Please note that if an individual refuses consent to the collection, use or disclosure of his or
her personal information then Trisura may be unable to provide the product or service requested.
Protection of Personal information
Trisura will take all necessary and reasonable precautions to protect the information provided to
us by our clients. Trisura uses a number of manual and electronic controls to protect personal
information that has been entrusted to us. These controls include restricted access to our
premises, user authentication, encryption, firewall technology and the use of detection
software.
Trisura only allows access to an individual’s personal information to those employees who require
it in their work. Employees who have access to personal information are made aware of the
responsibility they have for protecting that information and are required to make proper use of
the manual and electronic controls available to them. Our employees are subject to disciplinary
procedures for the unauthorized use or disclosure of an individual’s personal information.
Disclosure of Personal Information
From time to time in the normal course of business, it is necessary for Trisura to provide an
individual’s personal information to a third party such as, but not limited to, a broker,
reinsurer, legal counsel, regulator, adjustor, repairer, affiliated company or administrator.
Trisura discloses personal information, including to its affiliated companies in other
jurisdictions, only for the reasons listed in this Privacy Policy, or if legally required to do
so. Trisura limits the disclosure of personal information to only those identified purposes for
which the personal information was collected. Trisura advises each third party to whom it
provides personal information that Trisura requires the party to comply with Canada’s privacy
laws and to also take steps to protect that information. Information on third parties is
available from the Chief Privacy Officer.
As stated above, we will only disclose an individual’s personal information with the individual’s
consent, except in situations where to do so would cause undue delay in providing requested
services or where Trisura is legally required to disclose such information.
Personal Information Transfer Outside of Canada
Trisura may transfer personal information to locations outside of Canada, or may transfer
personal information to service providers for processing outside of Canada, in furtherance of
the purposes outlined in this Privacy Policy. By sharing personal information with Trisura, the
individual consents to the collection, use, processing and transfer of such information in
accordance with this Privacy Policy to a foreign jurisdiction such as the United States of
America. Trisura will take all reasonable precautions to ensure that transferred data is treated
in accordance with this Privacy Policy.
Retention of Personal Information
Trisura will retain an individual’s personal information for as long as is necessary to fulfill
the purposes for which it was collected or as required by law. Disposal of any personal
information no longer required will be done in a safe and complete manner.
Accuracy and Accessing Your Personal Information
An individual has the right to be allowed access to his or her personal information, subject to
any legal restrictions. For example, if to allow access would reveal any personal information
about a third party then access may be limited or denied. If there are reasons why access is
denied, the individual requesting access will be advised in writing. Trisura is committed to
keeping accurate and complete data records of the personal information it collects. Should an
individual demonstrate that any information held is inaccurate or incomplete, please contact our
Chief Privacy Officer at the email listed below and Trisura will make the appropriate changes to
such information.
Privacy Breach
In the unlikely event that Trisura experiences an incident involving the loss of or unauthorized
access to or disclosure of personal information where a reasonable person would consider that
there exists a real risk of significant harm to an individual as a result, Trisura will comply
in all respects with the applicable provisions of federal and provincial privacy laws with
regard to privacy breach notification, and will take all necessary steps to reduce the risk of
harm to the affected individual as a result of the breach.
Contact Information
Individuals may contact Trisura’s Chief Privacy Officer in order to obtain further information about Trisura’s personal information practices, to gain access to the individual’s personal information collected by Trisura, or to challenge Trisura’s compliance with privacy laws and regulations.
Requests for further information access to personal information or complaints about Trisura’s handling of personal information should be directed to Trisura’s Chief Privacy Officer, as follows:
Joanna Grossman
General Counsel, Chief Privacy Officer
Trisura Guarantee Insurance Company
333 Bay Street, Suite 1600, Box 22
Toronto, Ontario
M5H 2R2
Phone: (416) 607-2091
Email: Joanna.Grossman@Trisura.com