Personal Information is collected by ESG and its representatives for the purposes of:
- communicating with you;
- servicing your ongoing membership services including insurance needs;
- analyzing business results, compiling statistics, performing administrative tasks such as accounting and information system activities and conducting marketing and underwriting research and modelling;
- reporting to regulatory or industry entities;
- providing you with information on our products and services;
- training employees and monitoring for quality assurance; and
- acting as required or authorized by law.
At ESG, we identify to our customers the rationale for collecting the personal information at or prior to its actual collection. Our customers in turn must expressly consent to its collection, or consent may be implied by their actions. It’s our promise to ensure that the personal information collected on our customers is only used for the purpose for which it was originally intended.
We take our commitment to protecting personal information seriously. For more information.
Privacy in Canada
Federal Legislation: Personal Information Protection and Electronic Documents Act
The Personal Information Protection and Electronic Documents Act (PIPEDA) sets standards and regulations governing the collection, use and disclosure of personal information by private sector organizations.
This law impacts the way private corporations, federal agencies, not-for-profit organizations, and associations handle personal information. At the same time, it clearly establishes a code of practices to ensure that the personal information of Canadians is handled respectfully and privately.
The province of Quebec was the first jurisdiction in North America to enact comprehensive personal information protection legislation for the private sector. An Act respecting the Protection of Personal Information in the Private Sector sets out fair information practices for businesses operating in Quebec.
The provinces of Alberta and British Columbia enacted their own privacy laws, the Personal Information Protection Act of British Columbia and the Personal Information Protection Act of Alberta, on January 1, 2004.
As other provinces enact similar legislation, organizations conducting commercial activity within a province will be subject to the provisions of their provincial laws rather than PIPEDA. However, PIPEDA will continue to regulate cross-border, inter-provincial and international trade and commerce.
Definition of Personal Information
“Personal Information” is defined as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. This is a very broad definition and may encompass most types of information held such as race, medical, criminal, employment and financial history. The legislation only applies to information collected, used or disclosed in the course of commercial activities.
However, Personal Information does not include certain prescribed sources of public information such as:
- Personal Information consisting of the name, address and telephone number of a member that appears in a telephone directory that is available to the public, where the subscriber can refuse to have the Personal Information appear in the directory;
- Personal Information including the name, title, address and telephone number of the individual that appears in a professional or business directory, listing or notice, that is available to the public, where the collection use and disclosure of the Personal Information relates directly to the purpose for which the information appears in the directory, listing or notice;
- Personal Information that appears in a registry collected under statutory authority and to which a right of public access is authorized by law, where the collection, use and disclosure of the Personal Information relate directly to the purpose for which the information appears in the registry;
- Personal Information that appears in a record or document of a judicial or quasi-judicial body, that is available to the public, where the collection and disclosure of the Personal Information relates directly to the purpose for which the information appears in the record or document; and
- Personal Information that appears in a publication, including a magazine, book or newspaper, in printed or electronic form, that is available to the public, where the individual has provided the information.
- ESG shall inform individuals of the purposes for which Personal Information is collected at or before the time the information is collected. [Principle Two]
- ESG requires the knowledge and consent of the individual for the collection, use, or disclosure of Personal Information, except in certain circumstances where consent is not required. [Principle Three]
- ESG shall only collect Personal Information that is necessary for the identified purposes and such information shall be collected by fair and lawful means. [Principle Four]
- ESG shall not use or disclose Personal Information for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. ESG shall only retain Personal Information as long as necessary for the fulfillment of such purposes. [Principle Five]
- ESG shall ensure that Personal Information is as accurate, complete, and up-to-date as is deemed necessary for the purposes for which it is to be used. [Principle Six]
- ESG shall protect Personal Information by establishing and operating security safeguards appropriate to the sensitivity of the information, which is held, and to prevent any unauthorized activity relative to the information. [Principle Seven]
- ESG shall make available to individuals upon receipt of a written request, specific information about its policies and practices relating to the management of Personal Information and its complaints handling process. [Principle Eight]
- ESG shall, upon the receipt of a written request from individuals, inform them of the existence, use, and disclosure of any Personal Information about them, and they shall be given access to such information except as may be limited by law. ESG shall amend Personal Information as deemed appropriate to ensure continued accuracy. [Principle Nine]
- ESG shall provide a means for individuals to challenge compliance with the above with ESG’s Privacy Officer. [Principle Ten]
Updates to our Policy
Date policy posted: May 15, 2020