WHITLOCK INSURANCE SERVICES LTD.
Whitlock Insurance Services Ltd. (the “Company”) is committed to protecting the confidentiality and privacy of the personal information of all clients and other individuals whose personal information is held or controlled by the Company.
The Company will designate a Privacy Officer to oversee the protection of personal information in compliance with the BC Personal Information Protection Act, and the Company’s privacy policies and practices.
The Company will develop policies and practices necessary for compliance with the Personal Information Protection Act, including a process to respond to complaints that may arise, and will make information available on request about the policies and practices and the complaint process.
The Company will obtain consent for the collection, use, and disclosure of personal information, except in circumstances permitted by the Personal Information Protection Act or other law.
The Company will not, as a condition of providing a product or service, require an individual to consent to the collection, use, or disclosure of personal information beyond what is necessary to provide the product or service.
The Company will obtain express written or oral consent to the collection, use and disclosure of personal information, except in circumstances when the Personal Information Protection Act authorizes the collection, use, or disclosure without consent or deems the collection, use, or disclosure to be consented to.
Implied consent may be relied on when the purpose would be considered obvious to a reasonable person and the individual voluntarily provides the personal information for that purpose.
The Company may obtain consent to collect, use, or disclose personal information for specified purposes, if the Company sends notice to the individual that it intends to collect, use, or disclose personal information for those specified purposes and gives the individual a reasonable opportunity to decline to have the personal information collected, used, or disclosed for those purposes, the individual does not decline the collection, use, or disclosure for those purposes, or the collection, use or disclosure is reasonable having regard to the sensitivity of the personal information in the circumstance.
An individual may withdraw consent at any time, subject to legal or contractual restrictions, provided that reasonable notice of withdrawal of consent is given to the Company. On receipt of notice of withdrawal of consent, the Company will inform the individual of the likely consequences of the withdrawal of consent, which may include the inability of the Company to provide certain products or services, if the information is necessary to provide the products and services.
When collecting information, the Company will state the purpose of collection and provide on request the position or title and contact information for an officer who can answer the individual’s questions about the collection.
The Company will limit the collection of information to information that is necessary to provide a product or service or that is necessary for the purpose consented to by the individual or to information otherwise permitted to be collected by the Personal Information Protection Act or other law.
The Company will not use personal information for purposes other than those for which it was collected, except with the consent of the member or as required or authorized by law.
The Company will not disclose personal information for purposes other than those for which it was collected, except with the consent of the member, account holder, or other individual or as required or authorized by law.
When disclosing personal information the Company will take all reasonable steps to protect the interests of its members and other individuals.
The Company may share personal information with its subsidiaries and other carefully selected organizations with the consent of the member or as required or authorized by law.
Transaction information, such as copies of statements, transaction slips, and account agreements, will be provided upon request. The Company may charge a fee for doing so.
For other information, upon written request, the Company will provide the individual with the personal information under the control of the Company, information about the ways in which the personal information requested has been and is being used, and the names of individuals and organizations to whom the personal information requested has been disclosed. The Company may charge a minimal fee for providing information. The Company will provide an estimate of the fee upon receiving the access to information request. The Company may require a deposit for all or part of the fee.
The Company will assist individuals to complete an access to information request to ensure that the information wanted or needed is provided accurately, completely, and promptly.
An applicant may be required to provide sufficient information to permit the Company to provide an account of the existence, use, and disclosure of personal information it holds. The additional information provided will only be used for this purpose.
The Company may not provide information that it is not required to disclose and will not disclose information that it is required not to disclose by law, such as information that would reveal the identity of another individual without his or her consent.
The Company will endeavour to respond to an access to information request within 30 days. The Company may apply to the BC Privacy Commissioner for an extension under the Personal Information Protection Act.
If the Company refuses access to personal information, the Company’s response to the access to information request will provide the reasons for refusal and provide the name, position/title, address, and telephone number of an officer of the Company who can answer the applicant’s questions about the refusal. The Company may refuse to confirm or deny the existence of personal information collected as part of an investigation.
The Company will make a reasonable effort to ensure that personal information it is using or disclosing is accurate and complete.
If an individual demonstrates the inaccuracy or incompleteness of personal information, the Company will amend the information as required. If appropriate, the Company will send the amended information to third parties to whom the information has been disclosed.
When a challenge regarding the accuracy of personal information is not resolved to the satisfaction of the individual, the Company will annotate the personal information under its control with a note that the correction was requested but not made.
The Company will protect the personal information in its custody or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal, or similar risks.
The Company will take reasonable steps, through contractual or other reasonable means, to ensure that a comparable level of personal information protection is implemented by the suppliers and agents who assist in providing services to members, account holders, and other individuals.
The Company will keep personal information used to make a decision that affects the individual for at least one year after using it to make the decision.
The Company will, in accordance with its retention schedule, destroy, erase, or make anonymous documents containing personal information, as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for legal or business purposes.
The Company may retain personal information about members and account holders with their consent in order to assist in the provision of future products and services and for marketing purposes, such as sending information about products and services that may be of interest, and may update the information as necessary to provide products and services applied for.
The Company will take due care with the destruction of personal information so as to prevent unauthorized parties from gaining access to the information.
The Company will employ electronic and physical security safeguards appropriate to the sensitivity level of personal information, including:
- physical measures such as locked fire resistant filing cabinets and restricted access to offices
- organizational measures such as restricting employee access to files and databases
- electronic measures such as passwords and encryption
- investigative measures if the Company has reasonable grounds to believe that personal information is being inappropriately collected, used, or disclosed.
Members and other individuals may direct any inquiries or complaints regarding their personal information to the Company’s Privacy Officer. Contact information will be available by inquiring at any office or call centre of the Company.
The Company will, on request, inform members and other individuals of its complaint procedures, which will be accessible and simple to use.
The Company will ensure that inquiries, concerns, and complaints regarding personal information receive prompt attention and are resolved in a timely manner.
Where appropriate, members and other individuals will be informed of their right to file a complaint with the BC Privacy Commissioner and will be provided contact information.