Protecting the confidentiality of your personal information has always been an important part of the way we do business. To ensure that we protect your privacy, My Mutual has adopted the Insurance Bureau of Canada Model Personal Information Code. This Code sets out how and why we collect and use personal information about our policyholders. It also explains limited circumstances under which we may need or be required to disclose it.
"Personal information" means information that identifies you as a specific individual. It does not include the sort of general information that could be found in a business directory or a telephone book.
Effective January 1, 2004, the Government of Canada implemented the last phase of the Personal Information Protection and Electronic Act (PIPEDA). This federal statute applies to insurance companies and many other industry sectors.
This legislation establishes rules and principles for the use and disclosure of personal information based on the ten privacy principles developed by the Canadian Standards Association. These principles recognize that we live in an era when commercial information is exchanged and circulated by electronic means. It balances the individual's right to privacy in their personal information with the reasonable need of organizations to collect, use or disclose personal information.
Under the legislation, an organization may collect, use or disclose personal information only for limited purposes that a reasonable person would consider to be appropriate in the circumstances.
The PIPEDA requires us to provide the same safeguards for your privacy that we have always provided on a voluntary basis. Our Privacy Code sets out these principles in simple terms. It explains how we ensure that your privacy and the confidentiality of your personal information are protected.
The Ten Privacy Principles
Principle #1: Our Accountability for the Collection, Use or Disclosure of Personal Information
As a policyholder or customer of My Mutual, you have a right to expect that your insurer is accountable for the personal information it collects and uses. "Policyholders" and "customers" mean our current and former insured's, applicants for insurance and claimants under one of our policies.
We are responsible for maintaining and protecting your personal information while it is under our control. This includes any personal information that may need to be disclosed to third parties for processing or other administrative functions.
To help ensure the confidentiality of your personal information, we have established policies and procedures to ensure that we comply with the PIPEDA. We have designed a privacy officer who is responsible for our company's compliance with the ten privacy principles by the Canadian Standards Association.
If you have any questions or inquiries about how your personal information is stored, or when it may need to be disclosed to others, our privacy officer is there to assist and explain our policies to you.
Principle #2: Identifying Our Purpose for the Collection, Use or Disclosure of Personal Information
Before or when we collect information about you, we will explain how we intend to use it. My Mutual collects personal information only for the following purposes:
- to provide ongoing customer service to our policyholder;
- to help us understand our customer's needs better;
- to develop, enhance, market or provide insurance products and services;
- to enable us to underwrite your policy of insurance and set a fair premium;
- to provide us with the information that we need to adjust a claim in a fair and expeditious way;
- to meet our legal and regulatory requirements under the Insurance Act and other statutes.
Unless we are required by law, My Mutual will not use or disclose any personal information that has been collected without documenting the new purpose and obtaining your consent. If you have any questions about these purposes, our privacy officer will be pleased to explain them to you.
Principle #3: Obtaining Your Consent for the Collection, Use or Disclosure of Personal Information
My Mutual will make a reasonable effort to make sure that our policyholders understand and consent to how their personal information will be used by the Company.
We will obtain your consent if we need to use your information for any other purpose and before collecting information from third parties such as other insurers and insurance service companies.
In certain circumstances, however, personal information may need to be collected, used or disclosed without the knowledge and consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent.
The PIPEDA recognizes that when information is being collected for the detection and prevention of fraud or for law enforcement, seeking the consent of an individual may defeat the purpose of collecting the information. Seeking consent may also be impossible or inappropriate when the individual is a minor, seriously ill, or mentally incapacitated.
In obtaining your consent, we will always use reasonable efforts to ensure that you are advised of the identified purposes for which any personal information collected will be used or disclosed.
Principle #4: Limiting Our Collection of Personal Information
We will always limit the collection of personal information to that which is necessary for the identified purposes. Typically, this is information that is required to enable us to underwrite your policy of insurance and charge a fair premium. We may need to collect personal information from other sources including credit bureaus.
Under certain circumstances we need to collect information to assist us in adjusting or investigating a claim. This may involve the use of licensed and regulated independent insurance adjusters or investigators. We will always collect personal information by fair and lawful means.
Principle #5: Limiting the Use, Disclosure and Retention of Personal Information
Personal information will not be used or disclosed for purposes other than for which it was collected, except with your consent or as permitted or required by law. Your personal information will be retained only as long as it is necessary to fulfill those purposes.
My Mutual may disclose a customer's personal information to the following organizations:
- Another insurance company for the reasonable provision of insurance services. This may include another insurance company that is subscribing to the risk insured under our policy.
- Another person or corporation as part of conducting business. This may include a reinsurance company, subject to that corporation agreeing to manage personal information in accordance with these privacy principles;
- A person or corporation that is involved in supplying us with claims support services. This may include a licensed independent insurance claims adjuster or investigator, or a fire or forensic expert or engineer.
- A medical or rehabilitation specialist or assessment clinic that is providing an opinion to us pursuant to our rights and obligations under the Insurance Act.
- A company or an individual employed by My Mutual to perform data processing, accounting, actuarial or statistical functions on our behalf;
- A person or corporation involved in the development, enhancement, marketing or provision of our insurance products and services. This may include an insurance broker or agent.
- An agent used by My Mutual to evaluate your creditworthiness or to collect an outstanding account. This may include credit grantors and reporting agencies;
- A public authority or agent of a public authority, if the information is required to comply with a provincial or federal statute or regulation.
- A law enforcement agency, where our policyholder consents to such disclosure or disclosure is required by law or emergency.
My Mutual does not provide or sell its customer lists to any outside company for use in marketing or solicitation. Only employees with a business "need to know", or those whose duties require it, are granted access to personal information about our policyholders.
We keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Personal information that is no longer necessary or relevant for the identified purposes or required to be retained by law is destroyed, erased or made anonymous.
Principle #6: Keeping Your Personal Information Accurate
My Mutual makes every effort to ensure that personal information about its policyholders is as accurate, complete, and up-to-date as is necessary for the purposes for which it was collected.
This may require contact with your insurance broker to confirm or update personal information required for underwriting purposes. In addition, the Insurance Act and the terms and conditions of your policy of insurance may require you to notify us of material changes to your personal information. If you have any questions about the accuracy and completeness of the personal information that we have collected or retained, please do not hesitate to contact our privacy officer. If you need to update some aspect of your personal information, please contact your insurance broker or agent directly.
Principle #7: Safeguarding Your Personal Information
My Mutual takes steps to protect personal information with security safeguards appropriate to the sensitivity of the information.
Specifically, we have stringent security measures in place to protect personal information against such risks as loss or theft, computer hackers, unauthorized access, disclosure, copying, use, modification or destruction.
My Mutual protects your personal information regardless of the format in which it is held. We also protect personal information we disclose to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
All our employees with access to personal information are required as a condition of their employment to respect the confidentiality of personal information.
Principle #8: Openness Concerning our Privacy Practices
My Mutual pursues a policy of openness about the procedures it uses to manage personal information. We will make specific information about our policies and practices relating to the management of their personal information available to policyholders upon request.
We ensure openness by providing you with the following information:
- the title and address of the privacy officer accountable for our compliance with the policy;
- the name of the individual to whom inquiries or complaints can be forwarded;
- the means of gaining access to personal information held by our company; and
- a description of the type of personal information held by My Mutual, including a general account of its use
My Mutual makes information available to help our policyholders exercise informed choices regarding the use of their personal information.
Principle #9: Policyholder Access to Personal Information
My Mutual informs its policyholders of the existence, use, and disclosure of their personal information upon request and provides access to that information. Our customers are able to challenge or correct the accuracy and completeness of their personal information and have it amended when appropriate.
When a request is made in writing, we will inform you in a timely fashion, of the existence, use, and disclosure of your personal information and you will be given access to that information. In order to safeguard your personal information, we may require you to provide sufficient identification information to permit us to authorize access to your file.
In certain exceptional situations, we may not be able to provide you with access to all of the personal information we hold. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, information that is subject to solicitor-client or litigation privilege, or, in certain circumstances, information of a medical nature. If this is the case, the My Mutual will provide the reasons for denying access upon request.
Policyholders can obtain information or seek access to their individual files by contacting our designed privacy officer at the address described below.
Principle #10: Challenging Compliance
A policyholder has the right to challenge My Mutual’s compliance with the above principles by contacting the privacy officer accountable for our compliance with the policy.
My Mutual maintains strict procedures for addressing and responding to all inquiries or complaints from its customers about its handling of personal information. We inform our customers about our privacy practices as well as availability of complaint procedures, if necessary.
For more information, please contact our privacy officer directly through our Websites or by calling the Toll-free number.
If you make an inquiry or lodge a complaint, and are not satisfied with the outcome of that, you may challenge that outcome by writing a letter to our Chief Executive Officer, requesting reconsideration. If your concern remains unresolved to your satisfaction, you may address your concerns to the:
Financial Services Commission
6th Floor, 1919 Saskatchewan Drive
Copyright 2003, Canadian Association of Mutual Insurance Company (CAMIC) Association canadienne des compagnies d'assurance mutuelles (ACCAM)