Privacy Policy

Table of Contents

Introduction

At Rival Insurance Technology Inc., respecting privacy is an important part of our commitment to our clients and employees. That is why we have developed The Rival Insurance Technology Inc. Privacy Code. The Privacy Code is a statement of principles and guidelines regarding the minimum requirements for the protection of personal information provided to the Company by its clients and employees. The objective of the Privacy Code is to promote responsible and transparent personal information management practices in a manner consistent with the provisions of the Personal Information Protection and Electronic Documents Act (Canada).

Rival Insurance Technology Inc. will continue to review Privacy Code to make sure that it is relevant and remains current with changing industry standards, technologies and laws.

Summary of Principles

Principle 1 – Accountability
Rival Insurance Technology Inc. is responsible for personal information under its control and shall designate one or more persons who are accountable for the Company’s compliance with the following principles.

Principle 2 – Identifying Purposes for Collection of Personal Information
Rival Insurance Technology Inc. shall identify the purposes for which personal information is collected at or before the time the information is collected.

Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information
The knowledge and consent of a client or employee are required for the collection, use, or disclosure of personal information, except where inappropriate.

Principle 4 – Limiting Collection of Personal Information
Rival Insurance Technology Inc. shall limit the collection of personal information to that which is necessary for the purposes identified by Rival Insurance Technology Inc. The Company shall collect personal information by fair and lawful means.

Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information
Rival Insurance Technology Inc. shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required by law.

Principle 6 – Accuracy of Personal Information
Personal information shall be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used.

Principle 7 – Security Safeguards
The protection of personal information is of paramount concern to Rival Insurance Technology Inc. Rival Insurance Technology Inc. shall protect personal information by security safeguards appropriate to the sensitivity of the information, and it is prepared to take appropriate and timely steps in the event of any incidents involving personal information in accordance with applicable privacy laws including, without limitation, complying with mandatory breach reporting and record keeping requirements.

Principle 8 – Openness Concerning Policies and Procedures
Rival Insurance Technology Inc. shall make readily available to clients and employees specific information about its policies and procedures relating to the management of personal information.

Principle 9 – Client and Employee Access to Personal Information
Rival Insurance Technology Inc. shall inform a client or employee of the existence, use, and disclosure of his or her personal information upon request and shall give the individual access to that information. A client or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

Principle 10 – Challenging Compliance
A client or employee shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for Rival Insurance Technology Inc.’s compliance with The Rival Insurance Technology Inc. Privacy Code.

Scope and Application

The ten principles that form the basis of The Rival Insurance Technology Inc. Privacy Code are interrelated and the Company shall adhere to the ten principles as a whole. Each principle must be read in conjunction with the accompanying commentary. As permitted by the Personal Information Protection and Electronic Documents Act (Canada), the commentary in The Rival Insurance Technology Inc. Privacy Code has been drafted to reflect personal information issues specific to the Company.

The scope and application of The Rival Insurance Technology Inc. Privacy Code are as follows:

  • The Rival Insurance Technology Inc. Privacy Code applies to personal information collected, used, or disclosed by the Company in the course of commercial activities.
  • The Privacy Code applies to the management of personal information in any form, whether oral, electronic or written.
  • The Privacy Code does not impose any limits on the collection, use or disclosure of the following information by Rival Insurance Technology Inc.:
    1. an employee’s name, title or business address or business telephone number;
    2. information that the Company collects, uses or discloses for journalistic, artistic or literary purposes and does not collect, use or disclose for any other purpose; or
    3. other information about the individual that is publicly available and is specified by regulation pursuant to the Personal Information Protection and Electronic Documents Act (Canada).
  • The Privacy Code will not typically apply to information regarding the Company’s corporate clients. However, such information may be protected by other Company policies and practices and through contractual arrangements.
  • The application of Privacy Code is subject to the requirements and provisions of the Personal Information Protection and Electronic Documents Act (Canada), the regulations enacted thereunder, and any other applicable legislation or regulation.

Definitions

collection: The act of gathering, acquiring, recording, or obtaining personal information from any source, including third parties, by any means.

consent: Voluntary agreement for the collection, use and disclosure of personal information for defined purposes. Consent can be either express or implied and can be provided directly by the individual or by an authorized representative. Express consent can be given orally, electronically or in writing, but is always unequivocal and does not require any inference on the part of Rival Insurance Technology Inc. Implied consent is consent that can reasonably be inferred from an individual’s action or inaction.

client: An individual who purchases or otherwise acquires or uses any of Rival Insurance Technology Inc.’s products or services or otherwise provides personal information to Company in the course of the Company’s commercial activities.

Company: Rival Insurance Technology Inc.

disclosure: Making personal information available to a third party.

employee: An employee of or independent contractor to Rival Insurance Technology Inc.

personal information: Information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization.

Privacy Code: the Rival Insurance Technology Inc. Privacy Code.

third party: An individual or organization outside of Rival Insurance Technology Inc.

use: The treatment, handling, and management of personal information by and within Rival Insurance Technology Inc. or by a third party with the knowledge and approval of Rival Insurance Technology Inc.

The Rival Insurance Technology Inc. Privacy Code in Detail

Principle 1 – Accountability

Rival Insurance Technology Inc. is responsible for personal information under its control and shall designate one or more persons who are accountable for the Company’s compliance with the following principles.

1.1
Responsibility for compliance with the provisions of The Rival Insurance Technology Inc. Privacy Code rests with the Rival Insurance Technology Inc. Privacy Officer who can be reached at 1-888-291-3588 or via e-mail at privacy@cssionline.com. Other individuals within the Company may be delegated to act on behalf of the Privacy Officer or to take responsibility for the day-to-day collection and/or processing of personal information.

1.2
Rival Insurance Technology Inc. shall make known, upon request, the title of the person or persons designated to oversee the Company’s compliance with The Privacy Code.

1.3
Rival Insurance Technology Inc. is responsible for personal information in its possession or control. The Company shall use contractual or other means to provide a comparable level of protection while information is being processed or used by a third party.

1.4
Rival Insurance Technology Inc. shall implement policies and procedures to give effect to The Privacy Code, including:

  1. implementing procedures to protect personal information and to the company’s compliance with The Privacy Code;
  2. implementing procedures to receive and respond to complaints or inquiries;
  3. training and communicating to staff about the Company’s policies and procedures; and
  4. developing information materials to explain the company’s policies and procedures.

Principle 2 – Identifying Purposes for Collection of Personal Information

Rival Insurance Technology Inc. shall identify the purposes for which personal information is collected at or before the time the information is collected.

2.1

Rival Insurance Technology Inc. collects personal information only for the following purposes:

  • Protecting the Company against inaccuracy;
  • Administering employee benefits plans;
  • Client payment processing;
  • Employee payroll direct deposits;
  • Complying with federal, provincial and local laws, regulations and by-laws;
  • Delivering services to clients and their customers where the personal information is collected, retained and disclosed for purposes including, without limitation, in support of transactions such as quoting, requesting, binding, or updating any policy of insurance or the processing of insurance claims.

Further reference to “identified purposes” mean the purposes identified in this Principle.

2.2
Rival Insurance Technology Inc. shall specify orally, electronically or in writing the identified purposes to the client or employee at or before the time personal information is collected. Upon request, persons collecting personal information shall explain these identified purposes or refer the individual to a designated person within the Company who can explain the purposes.

2.3
When personal information that has been collected is to be used or disclosed for a purpose not previously identified, the new purpose shall be identified prior to use. Unless the new purpose is permitted or required by law, the consent of the client or employee will be acquired before the information will be used or disclosed for the new purpose.

Principle 3 – Obtaining Consent for Collection, Use or Disclosure of Personal Information

The knowledge and consent of a client or employee are required for the collection, use, or disclosure of personal information, except where inappropriate. In certain circumstances personal information can be collected, used, or disclosed without the knowledge and consent of the individual.

3.1
In obtaining consent, Rival Insurance Technology Inc. shall use reasonable efforts to ensure that a client or employee is advised of the identified purposes for which personal information will be used or disclosed. The identified purposes shall be stated in a manner that can be reasonably understood by the client or employee.

3.2
Generally, Rival Insurance Technology Inc. shall seek consent to use and disclose personal information at the same time it collects the information. However, Rival Insurance Technology Inc. may seek consent to use and/or disclose personal information after it has been collected, but before it is used and/or disclosed for a new purpose.

3.3
Rival Insurance Technology Inc. may require clients to consent to the collection, use and/or disclosure of personal information as a condition of the supply of a product or service only if such collection, use and/or disclosure is required to fulfill the explicitly specified, and legitimate identified purposes.

3.4
In determining the appropriate form of consent, Rival Insurance Technology Inc. shall take into account the sensitivity of the personal information and the reasonable expectations of its clients and employees.

3.5
3.5 The purchase or use of products and services by a client, or the acceptance of employment or benefits by an employee, may constitute implied consent for Rival Insurance Technology Inc. to collect, use and disclose personal information for the identified purposes.

3.6
A client or employee may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Clients and employees may contact Rival Insurance Technology Inc. for more information regarding the implications of withdrawing consent.

3.7
Rival Insurance Technology Inc. may collect or use personal information without knowledge or consent if it is clearly in the interests of the individual and consent cannot be obtained in a timely way, such as when the individual is seriously ill or mentally incapacitated.

3.8
Rival Insurance Technology Inc. may collect, use or disclose personal information without knowledge or consent if seeking the consent of the individual might defeat the purpose of collecting, using or disclosing the information, such as in the investigation of a breach of an agreement or a contravention of a law.

3.9
Rival Insurance Technology Inc. may collect, use or disclose personal information without knowledge or consent in the case of an emergency where the life, health or security of an individual is threatened.

3.10
Rival Insurance Technology Inc. may use or disclose personal information without knowledge or consent to a lawyer representing the Company, to collect a debt, to comply with a subpoena, warrant or other court order, or as may be otherwise required or authorized by law.

Principle 4 – Limiting Collection of Personal Information

Rival Insurance Technology Inc. shall limit the collection of personal information to that which is necessary for the purposes identified by the Company. Rival Insurance Technology Inc. shall collect personal information by fair and lawful means.

4.1
Rival Insurance Technology Inc. collects personal information primarily from its clients or employees.

4.2
Rival Insurance Technology Inc. may also collect personal information from other sources including credit bureaus, employers or personal references, or other third parties who represent that they have the right to disclose the information.

Principle 5 – Limiting Use, Disclosure, and Retention of Personal Information

Rival Insurance Technology Inc. shall not use or disclose personal information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Rival Insurance Technology Inc. shall retain personal information only as long as necessary for the fulfillment of those purposes.

5.1
Rival Insurance Technology Inc. may disclose a client’s personal information to:

  • Government departments and/or agencies as required by law;
  • A person who is seeking the information in the capacity of agent or legal representative
  • An organization retained to evaluate a client’s creditworthiness
  • Taxation authorities
  • Regulators and licensing bodies
  • Law enforcement agencies when so compelled or when there are reasonable grounds indicating the client knowingly provided false information or is involved in unlawful activities
  • Public authorities if it appears there is imminent danger to life or property that can be averted or mitigated by disclosure of information
  • Identifying other products or services that may be of interest to the client

5.2
Rival Insurance Technology Inc. may disclose personal information about its employees to:

  • Government departments and/or agencies as required by law;
  • Providers of employee benefits plans for the purposes of determining eligibility, enrollment, underwriting, investigating and paying claims, prevention and detection of fraud, compiling statistics, and establishing and maintaining communications with plan participants;
  • Potential investors to permit the evaluation of the Company’s human capital as part of the overall investment due diligence process;
  • Governmental or quasi-governmental organizations engaged in providing project funding to permit the determination of the Company’s eligibility;
  • Insurers where the information is required to underwrite the related business risk;

5.3
Only Rival Insurance Technology Inc.’s employees with a business need-to-know, or whose duties reasonably so require, are granted access to personal information about clients and employees.

5.4
Rival Insurance Technology Inc. shall keep personal information only as long as it remains necessary or relevant for the identified purposes or as required by law. Depending on the circumstances, where personal information has been used to make a decision about a client or employee, Rival Insurance Technology Inc. shall retain, for a period of time that is reasonably sufficient to allow for access by the client or employee, either the actual information or the rationale for making the decision.

5.5
Rival Insurance Technology Inc. shall maintain reasonable and systematic controls, schedules and practices for information and records retention and destruction which apply to personal information that is no longer necessary or relevant for the identified purposes or required by law to be retained. Such information shall be destroyed, erased or made anonymous.

Principle 6 – Accuracy of Personal Information

Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.

6.1
Personal information used by Rival Insurance Technology Inc. shall be sufficiently accurate, complete, and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about a client or employee.

6.2
Rival Insurance Technology Inc. shall update personal information about clients and employees as necessary to fulfill the identified purposes or upon notification by the individual.

Principle 7 – Security Safeguards

The protection of personal information is of paramount concern to Rival Insurance Technology Inc. Rival Insurance Technology Inc. shall protect personal information by security safeguards appropriate to the sensitivity of the information, and it is prepared to take appropriate and timely steps in the event of any incidents involving personal information in accordance with applicable privacy laws including, without limitation, complying with mandatory breach reporting and record keeping requirements.

7.1
Rival Insurance Technology Inc. shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures, regardless of the format in which it is held.

7.2
Rival Insurance Technology Inc. shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.

7.3
All of Rival Insurance Technology Inc.’s employees with access to personal information shall be required to respect the confidentiality of that information.

7.4
In the event of a data breach where it is reasonable to believe that the breach poses a real risk of significant harm to the affected individuals, Rival Insurance Technology Inc. will carry out the following mandatory reporting as soon as feasible after determination that a breach has occurred:

  1. Notification of affected individuals
  2. Notification of the Office of the Privacy Commissioner
  3. Notification of any other organization or government institution to reduce the risk of harm or to mitigate harm. For example, in the case of a breach where SIN information is accessed, the Canada Revenue Agency may be advised.

7.5
Rival Insurance Technology Inc. will maintain records of all security breaches to verify compliance and to encourage better data security practices.

Principle 8 – Openness Concerning Policies and Procedures

Rival Insurance Technology Inc. shall make readily available to clients and employees specific information about its policies and procedures relating to the management of personal information.

8.1
Rival Insurance Technology Inc. shall make information about its policies and procedures easy to understand, including:

  1. the title and address of the person or persons accountable for Rival Insurance Technology Inc.’s compliance with The Rival Insurance Technology Inc. Privacy Code and to whom inquiries and/or complaints can be forwarded;
  2. the means of gaining access to personal information held by Rival Insurance Technology Inc.;
  3. a description of the type of personal information held by Rival Insurance Technology Inc., including a general account of its use; and
  4. a description of what personal information is made available to related organizations (e.g., subsidiaries).

8.2
Rival Insurance Technology Inc. shall make available information to help clients and employees exercise control of the collection, use and/or disclosure of their personal information and, where applicable, privacy-enhancing services available from the Company.

Principle 9 – Client and Employee Access to Personal Information

Upon request, Rival Insurance Technology Inc. shall inform a client or employee of the existence, use, and disclosure of his or her personal information and shall give the individual access to that information. A client or employee shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

9.1
Upon request, Rival Insurance Technology Inc. shall afford clients and employees a reasonable opportunity to review the personal information in the individual’s file. Personal information shall be provided in understandable form within a reasonable time, and at minimal or no cost to the individual.

9.2
In certain situations, Rival Insurance Technology Inc. may not be able to provide access to all the personal information that it holds about a client or employee. For example, the Company may not provide access to information if doing so would likely reveal personal information about a third party or could reasonably be expected to threaten the life or security of another individual. Also, Rival Insurance Technology Inc. may not provide access to information if disclosure would reveal confidential commercial information, if the information is protected by solicitor-client privilege, if the information was generated in the course of a formal dispute resolution process, or if the information was collected in relation to the investigation of a breach of an agreement or a contravention of the laws of Canada or a province.

9.3
Upon request, Rival Insurance Technology Inc. shall provide an account of the use and disclosure of personal information and, where reasonably possible, shall state the source of the information. In providing an account of disclosure, Rival Insurance Technology Inc. shall provide a list of third parties to which it may have disclosed personal information about the individual when it is not possible to provide an actual list.

9.4
In order to safeguard personal information, a client or employee may be required to provide sufficient identification information to permit Rival Insurance Technology Inc. to account for the existence, use and disclosure of personal information and to authorize access to the individual’s file. Any such information shall be used only for this purpose.

9.5
Rival Insurance Technology Inc. shall promptly correct or complete any personal information found to be inaccurate or incomplete. Any unresolved differences as to accuracy or completeness shall be noted in the individual’s file. Where appropriate, the company shall transmit to third parties having access to the personal information in question any amended information or the existence of any unresolved differences.

9.6
Clients and employees can obtain information or seek access to their individual files by contacting the Rival Insurance Technology Inc. Privacy Officer.

Principle 10 – Challenging Compliance

A client or employee shall be able to address a challenge concerning compliance with the above principles to the designated person or persons accountable for Rival Insurance Technology Inc.’s compliance with The Rival Insurance Technology Inc. Privacy Code.

10.1
Rival Insurance Technology Inc. shall maintain procedures for addressing and responding to all inquiries or complaints from its clients and employees regarding the Company’s handling of personal information.

10.2
Rival Insurance Technology Inc. shall inform its clients and employees about the existence of these procedures as well as the availability of complaint procedures.

10.3
The person or persons accountable for compliance with The Rival Insurance Technology Inc. Privacy Code may seek external advice where appropriate before providing a final response to individual complaints.

10.4
Rival Insurance Technology Inc. shall investigate all complaints concerning its compliance with The Privacy Code. If a complaint is found to be justified, the Company shall take appropriate measures to resolve the complaint including, if necessary, amending its policies and procedures. A client or employee shall be informed of the outcome of the investigation regarding his or her complaint.

Additional Information

For more information regarding The Rival Insurance Technology Inc. Privacy Code, please contact us.

Please visit the Privacy Commissioner of Canada’s web site at www.priv.gc.ca/.