OUR COMMITMENT TO PRIVACY
SCOPE OF POLICY
In accordance with PIPA, this Policy addresses personal information about individuals and does not apply to information collected, used or disclosed with respect to corporate or commercial entities. However, corporate and commercial information is protected by other BenefitDeck policies and practices and through contractual arrangements.
This Policy does not impose any limits on the collection, use or disclosure of the following information by BenefitDeck:
. your business contact information; or
. publicly available information recognized under PIPA.
In this Policy:
"BenefitDeck" means BenefitDeck Consulting Ltd., a British Columbia company.
"collection" means the act of gathering, acquiring, or obtaining personal information from any source, including third parties, by any means.
"consent" means voluntary agreement to the collection, use and disclosure of personal information for specified purposes. Consent may be express or implied. Express consent may be given orally or in writing, if it is unequivocal and does not require any inference on the part of BenefitDeck. Implied consent exists when BenefitDeck can reasonably infer consent based upon your action or inaction.
"disclosure" means making personal information available to a third party.
"personal information" means information about an identifiable individual but does not include his or her business contact information. Personal information does not include information concerning corporate or commercial entities. It also does not include information that cannot be associated with a specific individual.
"PIPA" means the British Columbia Personal Information Protection Act, S.B.C. 2003, c.63.
"third party" means an individual or organization other than BenefitDeck and you.
"Privacy Officer" means an individual designated by BenefitDeck who is accountable for compliance with this Policy by BenefitDeck and whose contact particulars are set forth at the end of this Policy.
"use" means the treatment and handling of personal information by and within BenefitDeck.
BenefitDeck is accountable and responsible for personal information under its control. BenefitDeck has designated a Privacy Officer who is accountable for BenefitDeck's compliance with this Policy.
Ultimate accountability for BenefitDeck compliance rests with the BenefitDeck's Board of Directors who delegate day-to-day accountability to the Privacy Officer. Other individuals within BenefitDeck may be accountable for the day-to-day collection and processing of personal information or to act on behalf of the Privacy Officer.
BenefitDeck will adopt procedures to protect personal information, receive and respond to complaints and inquiries, train staff regarding privacy policies and procedures and communicate policies and procedures to you.
When collecting information, BenefitDeck will state the purpose of collection and will provide, on request, contact information for the Privacy Officer who can answer questions about the collection.
BenefitDeck collects your personal information for the following purposes:
. to provide and administer products and services requested and to use and disclose the information for any purpose related to operation of accounts and provision of requested products and services;
. to determine your potential needs and financial capabilities, including obtaining health claims and other relevant reports;
. to determine which products and services may meet your potential needs;
. to evaluate applications and determine insurance risks;
. to provide personal information to third party suppliers of products and services such as insurance companies, custodians, trustees, financial institutions, benefit administrators, claims assessors, insurance companies, brokers and others engaged in the insurance products and services industry;
. to provide personal information to third parties (such as those listed above) to update your personal information;
. to protect BenefitDeck, yourself and others from fraud and error and to safeguard the financial interests of BenefitDeck;
. to authenticate your identity;
. to provide personal information to our associate brokers (and anyone else contracting with or otherwise involved with BenefitDeck) in order to obtain quotations for and ordering products or services (or both) requested by you, and to obtain their recommendations and opinions on related matters;
. to collect debts owed to BenefitDeck;
. to manage or transfer assets or liabilities of BenefitDeck, for example in the case of an acquisition or merger, the provision of security for a credit facility or the change of an insurance carrier; and
. to comply with legal and regulatory requirements.
Uses of personal information:
. BenefitDeck, its employees and associates may use your personal information to offer additional or alternate products and services which we believe is beneficial and appropriate to you and may add your personal information to our database for this purpose;
. BenefitDeck may share your information with its insurance suppliers, employees, associates and with reputable third parties so that they may perform their services to you;
. BenefitDeck and other associates may contact you for survey, seminar, contest, or focus group invitation purposes and for newsletter delivery.
You may instruct BenefitDeck to refrain from using or sharing your personal information in any or all of the ways described above at any time by providing written notification to our Privacy Officer. BenefitDeck acknowledges that the sharing of your personal information in any or all of the ways described above is at your option and confirms that you will not be refused access to any product or service merely because you have advised BenefitDeck to stop using or sharing your personal information in any or all of the ways shown.
When your personal information is to be used for a purpose not previously identified, the new purpose will be disclosed to you prior to such use, and your consent will be sought unless the use is authorized or required by PIPA or other law.
BenefitDeck will obtain your consent to collect, use or disclose personal information except where BenefitDeck is authorized or required by PIPA or other law to do so without consent. For example, BenefitDeck may collect, use or disclose personal information without your knowledge or consent where:
. BenefitDeck is collecting or paying a debt;
. BenefitDeck is obtaining legal advice; or
. BenefitDeck reasonably expects that obtaining consent would compromise an investigation or proceeding.
Your consent may be express or implied, or given through an authorized representative such as a lawyer, agent or broker.
Consent may be provided orally, in writing, electronically, through inaction (such as when you fail to notify BenefitDeck that you do not wish your personal information collected/used/disclosed for optional purposes following reasonable notice to you) or otherwise. For example, oral consent could be expressed over the telephone when information is being collected; electronically when submitting an agreement, application or other information; or in writing when signing an agreement or application form.
You may withdraw your consent at any time, subject to legal or contractual restrictions, provided reasonable written notice of withdrawal of consent is given by you to BenefitDeck. Upon receipt of your written notice, BenefitDeck will inform you of the likely consequences of the withdrawal, which may include the inability of BenefitDeck to provide certain products or services for which the delivery of that information is a prerequisite.
4. LIMITS ON COLLECTION OF PERSONAL INFORMATION
BenefitDeck will not collect personal information indiscriminately and will limit its collection of your personal information to what is reasonably necessary to provide a product or service and which is reasonably necessary for the purposes consented to by you. BenefitDeck may also collect information as authorized by PIPA or other law.
5. LIMITS FOR USING, DISCLOSING AND RETAINING PERSONAL INFORMATION
Your personal information will only be used or disclosed for the purposes set out above and as authorized by PIPA and other law.
BenefitDeck will keep personal information used to make a decision affecting an individual for at least one year after using it to make the decision.
BenefitDeck will destroy, erase or make anonymous documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for legal or business purposes.
BenefitDeck will take due care when destroying personal information so as to prevent unauthorized access to such information.
BenefitDeck will make a reasonable effort to ensure that personal information it is using or disclosing is accurate and complete. In most cases, BenefitDeck will rely on you to ensure that certain information, such as your street address, e-mail address or telephone number, is current, complete and accurate.
If you demonstrate the inaccuracy or incompleteness of personal information, BenefitDeck will amend the information as required. If appropriate, BenefitDeck will send the amended information to third parties to whom the information has been disclosed.
When a challenge regarding the accuracy of personal information is not resolved to your satisfaction, BenefitDeck will annotate the personal information under its control with a note that a correction was requested but not made.
7. SAFEGUARDING PERSONAL INFORMATION
BenefitDeck protects the personal information in its custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
BenefitDeck will take reasonable steps, through contractual or other reasonable means, to ensure that its suppliers and agents who assist in providing products and services to you implement a comparable level of personal information protection. Some specific safeguards include:
. physical measures such as fire-resistant filing cabinets and relevant office shelving which are locked during non-business hours;
. organizational measures such as restricting employee access to files and databases as appropriate;
. electronic measures such as passwords and firewalls;
. investigative measures where BenefitDeck has reasonable grounds to believe that personal information is being inappropriately collected, used or disclosed.
. confidentiality and security are not assured when information is transmitted through e-mail or other wireless communication.
. BenefitDeck will not be responsible for any loss or damage suffered as a result of a breach of security or confidentiality when you transmit information to BenefitDeck by e-mail or other wireless communication or when BenefitDeck transmits such information by such means.
BenefitDeck is open about the policies and procedures it uses to protect your personal information. Disclosure of our policies and procedures will be made available in writing and electronically. However, to ensure the integrity of our security procedures and business methods, BenefitDeck will not disclose sensitive information about its policies and procedures.
BenefitDeck will make available a description of the type of personal information held by BenefitDeck, and a general description of its use and disclosure.
9. PROVIDING ACCESS
You have a right to access your personal information held by BenefitDeck.
Your personal information, which is or will be contained in files, statements, claims receipts and account agreements will be provided upon request and authentication of identity.
Upon written request and authentication of identity, BenefitDeck will provide you with your other personal information under its control, information about the ways in which that information is being used and a description of the individuals and organizations to whom such information has been disclosed.
BenefitDeck may charge a reasonable fee for providing personal information in response to a PIPA access request and will provide an estimate of any such fee upon receiving a written access to personal information request. BenefitDeck may require a deposit for all or part of the fee.
BenefitDeck will make personal information available within 30 days or provide written notice where additional time is required to fulfil the request.
In some situations, BenefitDeck may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purpose of an investigation or where disclosure of the information would reveal confidential commercial information that, if disclosed, could harm the competitive position of BenefitDeck. BenefitDeck may also be prevented by law from providing access to certain personal information.
Where an access request is refused in whole or in part, BenefitDeck will notify you in writing, giving the reason for refusal and outlining further steps which are available to you.
BenefitDeck will, on request, provide information regarding its complaint response procedure.
BenefitDeck Consulting Ltd.
170-422 Richards Street,
Vancouver, BC V6B 2Z4
"Donald Chu at BenefitDeck has helped our organization achieve the goal of providing meaningful enhancements to our benefits plan and financial savings that fit our budget. Further, Donald has helped us negotiate a longer low rate guarantee period compared to our previous arrangements. I'm very pleased to recommend services of BenefitDeck Consulting Ltd."
— Mark Chesley, CFO, Kobelt Manufacturing Ltd.