In the Employee Benefits business, we collect highly sensitive personal information concerning our clients and their employees. As the success of our business depends on the trust of our customers, we take this responsibility very seriously and hold that information in the strictest confidence.
The Dupuis Langen Group is committed to protecting the confidentiality and security of our clients’ personal information and to ensure your privacy, we have adopted the ten privacy principles established by the Canadian Standards Association’s MODEL CODE FOR THE PROTECTION OF PERSONAL INFORMATION.
What is Personal Information ?
Under the PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA), personal information is broadly defined as information – oral,
written or electronic, about an identifiable individual. It includes, but is not limited to, the following:
- name, address and telephone number
- age, gender, race, family and marital status
- medical and health information
- identification numbers (social insurance number, personal health number etc.)
- financial and employment information
- beneficiaries and dependent information
What is NOT Personal Information?
Personal information does not include the name, title or business address, telephone number or email address of employees (i.e. business card
information). Any data that we have collected in which the “personal identifiers” have been removed, making it impossible to determine the
identity of the person to whom it relates, is not considered to be personal information.
The Privacy Principles
The Dupuis Langen Group is responsible for personal information in its possession or control, including information that has been transferred to a third party for processing. All employees are obligated to protect the personal privacy of group and individual policy holders, lives insured and their beneficiaries and dependents.
2. Identifying Purposes
The purposes for which personal information is collected will be identified at or before the time the information is collected. This will generally be done through application or claim forms. Personal information is required to:
- determine eligibility for benefits
- provide ongoing service, establish and maintain communication, and respond to inquiries
- assess the suitability of products & services, or provide information on other products & services that may be more appropriate
- meet legal and regulatory requirements
For these purposes we may share the personal information we collect with a Third Party Benefit Administrator, or with Insurance Companies as they may require it to provide the coverage an employee is entitled to. Dupuis Langen will not collect, use, or disclose information beyond that required to fulfill the specified purposes.
When personal information that has been collected is to be used for a purpose not previously identified, the new purpose will be identified prior to use and the consent of the individual will be obtained unless the new purpose is to investigate a potential breach of contract, the prevention or detection of fraud, or for law enforcement purposes.
The knowledge and consent of the individual are required for the collection, use and disclosure of personal information. This consent is typically requested on application or claim forms. The way in which Dupuis Langen seeks consent may vary, depending on the circumstances and type of information collected. Dupuis Langen will generally seek express consent when the information is likely to be considered sensitive. Implied consent would generally be considered appropriate when information is less sensitive. Consent may also be given by an authorized representative (such as a legal guardian or a person having power of attorney), although the authority of such a representative may be restricted by law or company policy.In certain circumstances, personal information can be collected, used or disclosed without the knowledge and consent of the individual. For example, legal, medical or security reasons may make it impossible or impractical to seek consent. When information is being collected for the investigation of a potential breach of contract, the prevention or detection of fraud, or for law enforcement purposes, seeking the consent of the individual might defeat the purpose of collecting the information. Similarly, seeking consent may be impossible or in appropriate when the individual is a minor, seriously ill, or otherwise incapacitated.An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Dupuis Langen will inform the individual of the implications of such withdrawal, which may include termination of a policy or the inability to process a claim.
4. Limiting Collection
The collection of personal information will be limited to what is reasonably necessary for the purposes identified by Dupuis Langen. Information will be collected only by fair and lawful means.
5. Limiting Use, Disclosure and Retention
Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal Information will be retained for the time necessary to fulfill the purposes for which it was collected, and to meet any legal or regulatory requirements. Under no circumstances will Dupuis Langen sell any client lists.
Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is intended. Individuals can ensure their records are current by providing us with any changes to their personal information, such as address, dependent and beneficiary changes. Individuals have the right to challenge the accuracy of their personal information and amend it as necessary.
Personal information will be protected by security safeguards to protect against loss or theft, unauthorized access, disclosure, copying, use, or modification. Only authorized employees and service providers will have access to the personal information we collect.
Methods of protection will include:
- physical measures (i.e. restricted building access for employees, visitors and service providers, off-site backups, archiving)
- organizational measures (i.e. security clearances)
- technological measures (i.e. the use of passwords and firewalls)
Dupuis Langen will make readily available to individuals specific information about its policies and practices relating to the management of personal information.
9. Individual Access
Upon request, we will give individuals access to their private information, subject to any legal or business restrictions.
10. Challenging Compliance
An individual may address a challenge concerning compliance with this policy to Dupuis Langen’s Compliance Officer at email@example.com Dupuis Langen will inform individuals who make inquiries or lodge complaints about our protocol for the handling of complaints. Dupuis Langen will investigate and respond to all complaints in accordance with that protocol. If a complaint is found to be justified, Dupuis Langen will take appropriate measures, and if necessary, will amend its policies and procedures.
Your Privacy Matters To Us. As licensed professionals, we hold ourselves to the highest ethical standards when dealing with our clients’ private
information and we will take all reasonable measures to ensure it is protected, treated with respect, and kept confidential.