THIS POLICY DESCRIBES HOW PERSONAL INFORMATION ABOUT YOU MAY BE COLLECTED, USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO, AND/OR CORRECT, THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. YOUR PRIVACY RIGHTS
From January 1, 2004, all businesses engaged in commercial activities must comply with the Personal Information Protection and Electronic Documents Act, and the Canadian Standards Association Model Code for the Protection of Personal Information, which it incorporates. The Act gives you rights concerning the privacy of your personal information.
ExamOne, Canada is responsible for the personal information we collect and hold. To ensure this accountability, we have developed this policy, and trained our employees about our policies and practices.
II. WHAT IS PERSONAL INFORMATION
Personal Information or “PI” for short is defined as any information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.
For example, your PI includes information that relates to your physical or mental health, race, origin, color, religion, age, marital status, education, medical, criminal or employment history, information relating to financial transactions, identifying number, an unlisted address or unlisted telephone number, fingerprints, and blood type, among others. In addition, some information that is otherwise publicly available is not protected by the Act.
III. HOW WE COLLECT, USE AND DISCLOSE YOUR PERSONAL INFORMATION.
We collect, use and disclose personal information for many different reasons. Below, we describe the different categories of our uses and disclosure as well as give you some examples of each category.
A. Collection, Use, Disclosure, and Retention of Personal Information. Principles of Personal Information:
- ExamOne will not collect any personal information about you unless it relates directly to the insurance underwriting activities our organization performs. ExamOne will obtain your consent before or at the time the information about you is collected, with very few exceptions. Normally, we ask for your consent in writing, but in some circumstances, we may accept your oral consent. Sometimes, your consent may be implied through your conduct with us or we may not ask for your specific consent in a case of urgency or where we believe you would consent if asked and it is impractical to obtain your consent. Any information previously collected about you will not be re-collected. In order for us to continue to use the previously collected information, we need your consent. You may also withdraw your consent in writing, to stop any future uses or disclosure (to the extent we have not taken any action relying on that consent). Your withdrawal will not have an effect on the use or disclosure occurring prior to our receipt of your withdrawal.
- ExamOne will notify you about the purpose for which information about you is requested at or before the information about you is collected. This notification may be provided orally or in writing. In the event ExamOne wishes to use your information for a new purpose, you will be notified, and have an opportunity to provide or refuse your consent.
- After obtaining your consent, ExamOne may only use or disclose your PI for the purpose for which the information was collected, or for a use consistent with that purpose. For example, we may use information we obtain throughout the underwriting process, and disclose it to the company from which you are applying for insurance. We will use or disclose such information only for the purpose for which it was collected, unless we have your consent, or unless the use or disclosure fits into one of the exceptions listed below. When information is to be used or disclosed for a purpose not previously identified to you, such new purpose will be identified for you prior to use or disclosure, and your consent will be requested.
- Whenever possible, ExamOne will collect PI directly from you, unless you have authorized otherwise. We collect information only by lawful and fair means and not in an unreasonably intrusive way.
- ExamOne will take reasonable steps to ensure that your PI is accurate, up-to-date, and as complete as possible. If ExamOne holds information about you and you can establish that it is not accurate, up-to-date and complete, we will take reasonable steps to correct it. If any of your information changes, please inform us so that we can make any necessary changes.
- We retain personal information for only as long as we need it to effectively provide our services and for a reasonable length of time thereafter in case we need to meet any potential obligations or legal or government requirements. We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it, and when the hardware is discarded, we ensure that the hard drive is physically destroyed. Clinical specimens, including blood, urine, and saliva, are disposed of according to applicable US state and federal laws.
B. Exceptions to Consent. Under certain circumstances we may use and/or disclose your PI without your consent or knowledge. For example:
- When disclosure is authorized, or required by law. For example, we will disclose PI when a law, court order or a subpoena requires that we disclose information. We will also make disclosures when the Attorney General of Canada requires it for proceedings involving the Crown in right of Canada or the Canadian Government.
- For governmental investigation activities. For example, we will provide information to assist the government when it conducts an investigation, audit or inspection of an organization or other person based upon breach of an agreement or a contravention of federal or provincial law, or if the information relates to national security, the defence of Canada or the conduct of international affairs.
- For research purposes. In certain limited circumstances, we may use PI in order to conduct or support statistical, scholarly study, or research activities. In this case, we must notify the Privacy Commissioner of Canada prior to use.
- In emergency situations. We may disclose PI because of an emergency that threatens the life, health or security of an individual. In this case, we will inform you in writing of the disclosure.
- For legal activities. We may provide your PI to a lawyer who is representing ExamOne.
- For debt collection. We may disclose your PI for the purpose of collecting a debt owed by you to ExamOne, if any.
C. Security Safeguards.
ExamOne, Canada takes all reasonable precautions to ensure that your personal information is kept safe from loss, unauthorized access, modification or disclosure.
Among the steps taken to protect your information are:
- premises security such as supervised or locked cabinet storage;
- restricted file access to personal information;
- deploying technological safeguards like passwords, security software and firewalls to prevent hacking or unauthorized computer access;
- paper information is transmitted through sealed, addressed envelopes or boxes by reputable companies;
- electronic information is transmitted either through a direct line or is anonymized or encrypted;
- internal password and security policies.
We use a number of consultants and agencies that may, in the course of their duties, have limited access to personal information we hold. These include computer consultants, office security and maintenance, bookkeepers and accountants, a file storage company, temporary workers to cover holidays and illness, credit card companies, website managers, cleaners and our landlord. We restrict their access to any personal information we hold as much as is reasonably possible. We also have their assurance that they follow appropriate privacy principles.
IV. YOUR RIGHTS ASSOCIATED WITH YOUR PI
You have the following rights with respect to your PI:
A. The Right to Access Your PI. In most cases, you have the right to look at or get copies of your PI that we have, but you must make the request in writing. However, we reserve the right to confirm the identity of the person seeking access to personal information at or before complying with any access requests. Summary information is available upon request. More detailed requests which require archive or other retrieval costs may be subject to a small fee. In certain situations, we may deny your request for access. If we do, we shall explain why.
Your rights to access your personal information are not absolute.
We may deny access when:
- denial of access is required or authorized by law;
- we have disclosed information to a government institution for law enforcement or national security reasons;
- information relates to existing or anticipated legal proceedings against you;
- when granting you access would have an unreasonable impact on other people’s privacy;
- when granting access could harm an individual’s life or security;
- to protect our organization’s rights and property; or
where the request is frivolous or vexatious.
ExamOne, Canada does not use your Social Insurance Number as a way of identifying or organizing the information we hold upon you.
B. The Right to Receive an Accounting of Uses and Disclosures. You have a right to request and receive a list of instances in which we have disclosed your PI to third parties. We will attempt to be as specific as possible in identifying the organizations to which we have disclosed your PI. At a minimum, we will provide you a list of organizations to which we may have disclosed your PI.
C. The Right to Correct or Update Your PI. If you believe that there is an error or omission in your PI, you have the right to request that we correct the error or omission. You must provide the request and your reason for the request in writing. If you can establish that the information we hold is inaccurate, we will take reasonable steps to correct it. We will also take reasonable steps to advise any third parties to whom we have disclosed your personal information of the correction. If we refuse your request to correct information, we shall explain why.
V. COMMUNICATING WITH US
E-mail is not a 100% secure medium, and you should be aware of this when contacting us to send personal or confidential information.
VII. REQUEST FOR ACCESS/CORRECTION
10101 Renner Boulevard
Lenexa, Kansas 66219
Attn: Chief Privacy Officer
Or you may contact our Chief Privacy Officer directly at 1-800-873-8845 or firstname.lastname@example.org
If you are not satisfied with our response, the Privacy Commissioner of Canada can be reached at:
112 Kent Street
Web site: www.privcom.gc.ca
VIII. EMPLOYMENT INQUIRIES
If you apply to ExamOne, Canada for a job, we need to consider your personal information, as part of our review process. We normally retain information from candidates after a decision has been made, unless you ask us not to retain the information. If we offer you a job, which you accept, the information will be retained in accordance with our privacy procedures for employee records.
IX. WEB SITE
On our web site, like most other commercial websites, we may monitor traffic patterns, site usage and related site information in order to optimize our web service. We may provide aggregated information to third parties, but these statistics do not include any identifiable personal information.
X. EFFECTIVE DATE OF THIS POLICY
This policy went into effect on January 1, 2004.