This policy is compliant with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and addresses two broad issues:
- The way in which Heartland collects discloses and protects personal information; and
- The right of policyholders to have access to personal information about themselves and, if necessary, to have the information corrected.
We take our commitment to protecting your personal information seriously.
The types of personal information that we may collect depend on the insurance products you apply for and purchase, the services you have access to and use, the payment method you use, and the way you communicate with us. The type of information that we collect may include but is not limited to the following:
- age, gender, and marital status
- driving record
- previous insurance and claims experience
- medical and health information
- employment information (including occupation and income)
- banking information, insurance scoring, payment records
- identification numbers (e.g. driver’s license, social insurance numbers and vehicle identity numbers), assets and liabilities
Personal Information does not include general sources of public information such as:
- Personal information consisting of the name, address and telephone number of a subscriber that appears in a telephone directory that is available to the public, where the subscriber can refuse to have the personal information appear in the directory;
- Personal information including the name, title, address and telephone number of the individual that appears in a professional or business directory, listing or notice, that is available to the public, where the collection use and disclosure of the personal information relates directly to the purpose for which the information appears in the directory, listing or notice;
The Personal Information Protection and Electronic Documents Act (PIPEDA) sets standards and regulations governing the collection, use and disclosure of personal information by private sector organizations.
This legislation establishes rules and principles for the use and disclosure of personal information based on the ten privacy principles developed by the Canadian Standards Association. These principles recognize that we live in an era when commercial information is exchanged and circulated by electronic means. It balances the individual’s right to privacy in their personal information with the reasonable need of organizations to collect, use or disclose personal information.
An organization may collect, use or disclose personal information only for limited purposes that a reasonable person would consider to be appropriate in the circumstances. The Personal Information Protection and Electronic Documents Act requires us to provide the same safeguards for your privacy that we have always provided on a voluntary basis. Our Personal Information Protection Policy sets out these principles in simple terms. It explains how we ensure that your privacy and the confidentiality of your personal information are protected.
The Ten Privacy Principles
The objective of our Privacy Protection Policy is to ensure the protection of Heartland’s Policyholders’ Personal Information. This includes personal information residing within Heartland and personal information provided to other third parties in the conduct of commercial activities. To attain this goal, Heartland complies with the following ten principles of privacy accountability:
Principle 1: Accountability
We are responsible for all personal information while it is under our control, whether supplied to us directly by you or by a third party or that we have provided to a third party for processing.
We have established policies and procedures to ensure that we comply with the Personal Information Protection and Electronic Documents Act. We have designated a Privacy Officer who is responsible for our company’s compliance with the ten privacy principles developed by the Canadian Standards Association.
If you have any questions or inquiries about how your personal information is stored, or when it may need to be disclosed to others, our Privacy Officer is there to assist and explain our policies to you. Please see below to contact our Privacy Officer regarding your specific privacy questions or concerns.
Principle 2: Identifying Purpose
Heartland shall inform individuals of the purposes for which Personal Information is collected at or before the time the information is collected.
Heartland collects personal information from but is not limited to, government agencies, brokers, agents, insurers, other insurance reporting or data sharing agencies, credit bureaus and directly from you to:
- Provide communication and customer service to our policyholder
- Underwrite and price your policy application, policy changes and subsequent renewals
- Investigate and settle claims in a fair and expeditious way
- Service your ongoing insurance needs
- Report to regulatory or industry entities, including data-sharing agencies
- Analyze business results, compile statistics, perform administrative tasks such as accounting and information system activities and conduct marketing and underwriting research and modelling
- Provide you with information on our products and services
- Train employees and monitor for quality assurance
- Act as required or as authorized by law
If we require your personal information for any purpose other than as identified above, Heartland will seek your consent prior to using it.
Where permitted by law, your consent may be obtained to collect and use your credit information for the purposes of offering you a discount on our products.
Principle 3: Consent
Heartland requires the knowledge and consent of the individuals for the collection, use, or disclosure of their Personal Information, except in certain circumstances where consent is not required.
We issue an insurance policy with the understanding that, in addition to providing your consent, you have obtained consent from all persons named in your insurance policy for the collection, use and disclosure of their personal information, for the purposes outlined above.
You can provide consent to the collection, use and disclosure of your personal information expressly or consent may be implied by your actions.
Where Heartland seeks express consent, it can be given in many ways. For example:
- An application form, either a paper or electronic version may be used to seek consent, collect information and inform the policyholder of the use that will be made of the information. By completing, signing and/or submitting the form, the policyholder is giving consent to the collection and the specified uses;
- Consent may be given orally when information is collected over the telephone;
- Consent may be given by agreement; and
- Consent may be given by actions on the part of the policyholder, for example by using, acquiring or accepting a product or service.
Implied consent can be inferred from the relationship between the parties or from the nature of the dealings between the parties. For example, when you give personal information to an insurance broker or agent for the purpose of obtaining insurance, it is reasonable to infer that there is implied consent to the disclosure of that information to the insurer to meet your insurance needs.
When your personal information is highly sensitive, for example, medical reports or financial records such as income tax returns, we obtain your express written consent before using it.
In addition, when you make changes to your policy or when your policy automatically renews, you are agreeing that any consent you have previously provided to us relative to your policy remains in effect unless the consent is otherwise withdrawn.
When consent is not required:
In certain circumstances, personal information may need to be collected, used or disclosed without the knowledge and consent of the individual.
- Collection of personal information for the detection and prevention of fraud; and
- Compliance with subpoenas, search warrants, and other court or government orders.
In either of these situations, obtaining consent might defeat the purpose of collecting the information.
Duty to Defend
- Heartland will transfer the personal information of policyholders to lawyers retained by Heartland pursuant to the contractual obligation in the insurance policy to defend legal actions against its policyholders.
Under certain circumstances, Heartland may disclose personal information under a public authority to appropriate authorities in matters of significant public interest.
Medical and Other
- Where the policyholder is a minor, seriously ill or mentally incapacitated, seeking consent may be impossible or inappropriate.
Withdrawing your consent:
Subject to certain legal and contractual restrictions and reasonable notice, you may refuse or withdraw consent to the collection, use or disclosure of personal information at any time by notifying our Privacy Officer in writing. In addition, you may also opt out of certain communications we may send you regarding other products and services. However, you should be aware that withdrawing your consent may affect our ability to respond to your insurance needs.
Principle 4: Limiting Collection
Heartland will always limit the collection of Personal Information to that which is necessary for the identified purposes and by fair and lawful means.
We only collect information that we require to do business with you. We will collect it openly, fairly and lawfully.
Principle 5: Limiting Use, Disclosure and Retention
Heartland will not use or disclose Personal Information for purposes other than for which it was collected, except with your consent or as permitted or required by law. Your personal information will be retained only as long as it is necessary to fulfil those purposes.
There are situations specific to the Property and Casualty insurance business where we will use, disclose and retain personal information as dictated by prudent insurance practices. Examples of these situations include:
- Risk sharing: transfer of personal information to other insurers and/or to reinsurers
- Information services: disclosure for underwriting, claims, classification and rating purposes;
- Insurance services: disclosures to providers of goods and services to Heartland such as insurance reporting or data sharing agencies, loss control managers, and claims adjusters
- Evaluation of your creditworthiness or collect an outstanding account. This may include credit grantors and reporting agencies;
- Insurance intermediaries: Brokers and Agents. We do not use or disclose your personal information for purposes not identified in Principle Two unless we have your consent or it is required by law.
- Employees with legitimate business reasons will have access to your personal information and must ensure that personal information in their possession is securely held.
Disclosure to Third Parties
- We may disclose your personal information to third parties, which include brokers, agents, private investigators, adjusters, and insurance service and claims providers. Third parties are also subject to PIPEDA and other applicable privacy legislation. Only those companies or individuals who are authorized, based on their need to carry out work for the purposes identified in Principle Two, can have personal information disclosed to them;
- Another company engaged by Heartland to perform data processing, policy, claim & billing processing, accounting, actuarial or statistical functions on our behalf;
- A person or corporation involved in the development, enhancement, marketing or provision of our insurance products and services;
- A public authority or agent of a public authority, if the information is required to comply with a provincial or federal statute or regulation;
- A law enforcement agency, where our policyholder consents to such disclosure or disclosure is required by law or emergency.
- Should Heartland become involved in any business transaction including a merger or amalgamation or a financing arrangement, your personal information may need to be shared with applicable third parties to complete such a transaction.
Heartland does not provide or sell its customer lists to any outside company for use in marketing or solicitation. Only employees and third parties with a business “need to know”, or those whose duties require it, are granted access to personal information about our policyholders.
We keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law.
Principle 6: Accuracy
Heartland makes every effort to ensure that Personal Information about its policyholders is as accurate, complete, and up-to-date as is necessary for the purposes for which it was collected.
This may require contact with you or your insurance broker or agent to confirm or update personal information required for underwriting purposes. In addition, the Insurance Act and the terms and conditions of your policy of insurance may require you to notify us of material changes to your personal information.
If you have any questions about the accuracy and completeness of the personal information that we have collected or retained, please do not hesitate to contact our Privacy Officer. If you need to update some aspect of your personal information, please contact your insurance broker directly.
Principle 7: Safeguards
Heartland will protect Personal Information by establishing and operating security safeguards appropriate to the sensitivity of the information that is held, and to prevent any unauthorized activity related to the information.
Specifically, we have stringent security measures in place to protect personal information against such risks as loss or theft, computer hackers, unauthorized access, disclosure, copying, use, modification or destruction.
Heartland Farm Mutual Inc. protects your personal information regardless of the format in which it is held. We also protect the personal information we disclose to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.
All our employees with access to personal information are required as a condition of their employment to respect the confidentiality of personal information.
Principle 8: Openness
Heartland will make available to policyholders upon written request, specific information about our policies and practices relating to the management of their Personal Information.
We ensure openness by providing you with the following information:
- the title and address of the Privacy Officer accountable for our compliance with the policy;
- the name of the individual to whom inquiries or complaints can be forwarded;
- the means of gaining access to personal information held by Heartland and
- a description of the type of personal information held by Heartland, including a general account of its use.
Heartland makes information available to help our policyholders exercise informed choices regarding the use of their personal information.
Principle 9: Policyholder Access
Heartland will, upon written request from policyholders, inform them of the existence, use, and disclosure of any Personal Information about them and they will be provided access to that information except as may be limited by law. Our policyholders are able to challenge or correct the accuracy and completeness of their Personal Information and have it amended when appropriate.
When a request is made in writing, we will inform you in a timely fashion, of the existence, use, and disclosure of your personal information and you will be given access to that information. In order to safeguard your personal information, we may require you to provide sufficient identification information to permit us to authorize access to your file.
In certain exceptional situations, we may not be able to provide you with access to all of the personal information we hold. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security or commercial proprietary reasons, information that is subject to solicitor-client or litigation privilege, or, in certain circumstances, information of a medical nature. If this is the case, Heartland will provide the reasons for denying access upon request.
Policyholders can obtain information or seek access to their individual files by contacting our designated Privacy Officer at the address described below. We may charge you for providing access to your information but only after first advising you of the approximate cost. When a policyholder successfully demonstrates the inaccuracy or incompleteness of personal information, Heartland will correct the information as required.
Principle 10: Challenging Compliance
Heartland provides the ability for policyholders to challenge compliance with the above principles by contacting our Privacy Officer.
Heartland maintains strict procedures for addressing and responding to all inquiries or complaints from its customers about its handling of personal information. We inform our customers about our privacy practices as well as the availability of complaint procedures, if necessary.
Policy updated August 25, 2020
For Further Information
For more information, please refer to our website www.heartlandmutualinsurance.com or by calling our toll-free number: 1-800-265-8813.
How to contact our Privacy Officer:
Vice President, Human Resources
Heartland Farm Mutual Inc.
100 Erb Street East
Waterloo, ON N2J 1L9