APTUS BENEFITS INC. – PRIVACY POLICY

Aptus Benefits Inc. (“Aptus”) recognizes the importance of privacy and the sensitivity of personal information.  Aptus is committed to respecting the privacy rights of all individuals, including customers, employees, volunteers and other individuals involved with Aptus, by ensuring that their personal information is collected, used, and disclosed in accordance with applicable privacy legislation including, the British Columbia Personal Information Protection Act.

A.            SCOPE

This privacy policy applies to all personal information collected, used, disclosed, and retained in any form by Aptus about our customers, employees, volunteers, and other individuals involved with Aptus.

Personal information includes any information about an individual that does or could identify an individual, including information relating to personal characteristics, physical description, activities or views.  It does not include aggregated information that cannot be associated with a specific individual.  Personal information also does not include name, title, or business contact information.

The application of this policy is subject to the requirements and provisions of applicable federal and provincial privacy legislation and any other applicable legislation or regulations.

Aptus may change the terms of this policy from time to time and will make available any updated version of this policy.

B.            PRINCIPLES

1.            Accountability

Aptus is accountable for personal information in its custody or control.

Aptus will continue to implement procedures to protect the privacy of personal information with safeguards appropriate to the sensitivity of the information.  For example, Aptus will safeguard personal information in its custody or control from loss or theft and from unauthorized access, use, disclosure, copying or modification through appropriate security measures depending on the sensitivity, format and storage of the personal information.  As well, Aptus will use care when destroying or disposing of personal information to prevent unauthorized access, use or disclosure of any personal information.

Aptus will seek assurances regarding the privacy of personal information that has been transferred to a third party for use or processing by requiring that those third parties safeguard all personal information as required by law.

Aptus employees with access to personal information are expected to respect the confidentiality of such information.

2.            Notice and Consent

Aptus will generally obtain consent from individual customers, employees, volunteers and others regarding the purpose for collection, use or disclosure of personal information before, or at the time it collects the personal information, except as required by law.  Consent may be express, deemed or implied.

Except in limited circumstances, the consent of an individual may be withdrawn at any time.  These limited circumstances include where the personal information is required to provide the good or service, or the withdrawal of the consent would frustrate the performance of a legal obligation.  The withdrawal of consent may restrict Aptus’s ability to provide a particular good or service— if this is the case, Aptus will explain the situation to assist the individual in making the decision.

Pursuant to applicable provincial legislation, Aptus will provide notice to its employees and volunteers before collecting, using or disclosing personal information reasonably necessary for establishing, managing, or concluding the employment or volunteer relationship.  Notice may be express, constructive or implied in the circumstances.

In determining the appropriate form of consent, or notice if applicable, Aptus will consider the sensitivity of the personal information and the reasonable expectations of the subject individual.

In seeking consent or in giving notice of collection, Aptus will explain in plain language the purposes for which personal information will be collected, used or disclosed.  The purposes may be expressed orally or in writing.

Aptus may collect personal information using a variety of means, including written and verbal communications and through its website.

Aptus collects, uses and discloses personal information for a variety of purposes, including:

(a)            to understand the needs and preferences of its customers, employees, and volunteers;

(b)            to develop, enhance, market or provide benefits and pension products and services to meet the needs or expectations of its customers, including obtaining health claims and other relevant reports to determine the potential needs and financial capabilities of its customers;

(c)            to maintain complete and accurate customer files for business purposes (e.g. provide and administer products and services requested, operate accounts, etc.);

(d)            to evaluate applications and determine insurance risks;

(e)            to provide personal information to third party suppliers of products and services such as mutual fund companies, custodians, trustees, financial institutions, benefit administrators, claims assessors, insurance companies, brokers and others engaged in the financial products and services industry.

(f)            to protect Aptus and its customers from fraud and errors and to safeguard the financial interests of Aptus;

(g)            to authenticate Aptus’s customers’ identities;

(h)            to provide personal information to Aptus’s associate brokers (and anyone else contracting with or otherwise involved with Aptus) in order to obtain quotations for and ordering products or services (or both) requested by Aptus’s customers, and to obtain their recommendations and opinions on related matters;

(i)            to manage and develop business and operations, including personnel and employment matters, and billing for goods and services;

(j)            to meet legal and regulatory requirements;

(k)            to collect debts owed to Aptus;

(l)            to manage or transfer Aptus’s assets or liabilities, for example in the case of an acquisition or merger, the provision of security for a credit facility or the change of a carrier;

(m)            to comply with lawful requests from government agencies (e.g. Revenue Canada); and

(n)            such additional purposes that are identified to an individual.

On request, persons collecting personal information will elaborate on the purpose or object for such collection or refer the individual to the designated person who can do so.

Personal information will not be used or disclosed for any new purpose without first identifying the new purpose and providing notice to or obtaining the consent of the individual, as applicable, unless permitted by law.

In some circumstances, Aptus may collect, use or disclose personal information without notice or consent.  Some examples include where:

(a)            it is reasonable to expect that the collection with the consent of the individual would compromise the availability or the accuracy of the personal information and the collection is reasonable for an investigation or a proceeding;

(b)            the collection is necessary to determine the individual’s suitability to receive an honour, award or similar benefit;

(c)            it is clearly in the individual’s best interest and the appropriate notice or consent cannot be obtained in a timely manner;

(d)            there is an emergency that threatens an individual’s life, health, or personal security;

(e)            it is to a lawyer representing Aptus; and

(f)            it is required or authorized by law.

3.            Limiting Collection, Use, Disclosure, and Retention of Personal Information

Aptus will take reasonable steps to limit the amount and type of personal information it collects uses and discloses.  Aptus only collects personal information which is reasonably necessary for its identified purposes.  Aptus will keep personal information for only as long as necessary for the identified purposes or as required by law.

If personal information has been used to make a decision about an employee or another individual, Aptus will keep the personal information for at least one year and, if necessary, a reasonably sufficient additional period to allow the individual to have access to it after the decision has been made.

Aptus will maintain controls, schedules, practices and procedures for retention and destruction of personal information.

4.            Access, Openness, and Compliance

Aptus is open about its privacy policy and will make this policy available to customers, employees, and volunteers, and to other individuals upon request.  On request, Aptus will also advise if and how an individual can access their personal information.

Any individual may request to be informed of the existence, use and disclosure of personal information pertaining to him or her.  Upon a good faith request in writing, Aptus will respond to the individual making the request within 30 business days of the request.  Aptus may extend the response time in certain cases.  Unless exempted by law, Aptus will provide the individual with access to his or her personal information under Aptus’s possession or control and an accounting of the collection, use and disclosure of his or her personal information.

Except for employee personal information, Aptus may charge a reasonable fee for access.  Aptus may provide an estimate of the fee in advance and in some cases may require a deposit for all or part of the fee.  The requesting individual may be asked to prove their identity.

Aptus will not disclose personal information that:

(a)            could reasonably be expected to threaten the safety or physical or mental health of an individual other than the individual who made the request;

(b)            can reasonably be expected to cause immediate or grave harm to the safety or to the physical or mental health of the individual who made the request;

(c)            would reveal personal information about another individual; and

(d)            would reveal the identity of an individual who has provided personal information about another individual, such as reports, assessments, and reviews, and the individual providing the personal information does not consent to disclosure of his or her identity.

In some cases, Aptus may not provide access to personal information.  Examples of when this may occur are:

(a)            it is work product information and/or disclosing the personal information could reveal confidential commercial or corporate information;

(b)            if the personal information is protected by solicitor-client privilege;

(c)            if the personal information relates to existing or anticipated legal proceedings against the individual making the request;

(d)            if the personal information is collected for purposes of an investigation or the information is the result of an arbitration, mediation, or other formal dispute resolution process;

(e)            where the request is frivolous or vexatious; and

(f)            where the denial of access is required or authorized by law;

If Aptus denies an individual’s request for access to personal information, Aptus will advise the individual of the reason for the refusal.

Aptus will use reasonable efforts to ensure that personal information is accurate and complete for the purposes for which it is to be used.  An individual is permitted to challenge the accuracy and completeness of their personal information and, in appropriate circumstances, Aptus will amend its records.  Any differences as to accuracy or completeness that cannot be resolved will be noted in the individual’s file, if applicable.

Aptus will not disadvantage an individual because the individual, acting in good faith, has invoked or may invoke, the provisions of this policy or any applicable federal or provincial privacy legislation.

C.            INQUIRIES

Aptus’s Privacy Officer may be contacted at:

Susan Murphy
Aptus Benefits Inc.
205-409 Granville St.

Direct Line: 604.424-8035
E-mail:  smurphy@aptusbenefits.ca

 

Any concern, inquiry, or request related to privacy should be directed to the Privacy Officer.