|
|
Privacy of personal information is important to
Kompass Claims Management Group. We are committed to collecting,
using and disclosing personal information responsibly and only to
the extent necessary for the services we provide. We strive to be
open and transparent regarding the handling of personal information.
This document describes our privacy policies.
WHAT IS PERSONAL INFORMATION?
Personal information is information about an identifiable individual.
Personal information includes information that relates to: an individual’s
personal characteristics (e.g., gender, age, income, home address
or phone number, ethnic background, family status); health (e.g.,
health history, health conditions, health services received by them);
or, activities and views (e.g., religion, politics, opinions expressed
by an individual, an opinion or evaluation of an individual). Personal
information is different from business information (e.g., an individual’s
business address and telephone number). This is not protected by
the privacy legislation.
WHO WE ARE
Our organization is Kompass Claims Management Group. Ms. Phyllis
Bergmans is the executive director and only full-time employee.
We use a number of consultants and agencies that may, in the course
of their duties, have limited access to personal information we
hold. These include consultants, bookkeepers, accountants and lawyers.
We restrict their access to any personal information we hold as
much as is reasonably possible. We also have their assurance that
they follow appropriate privacy principles.
WE COLLECT PERSONAL INFORMATION: PRIMARY PURPOSES
In order to fulfill our consulting role, we collect, use and disclose
personal information in order to serve our clients.
For our clients, the primary purposes for collecting personal information
is to ensure appropriate insurance-related benefits are being paid
or will be paid. Examples of the type of personal information we
collect for those purposes include the following: information about
a client’s health history and employment history, physical
condition and function and social situation, in order to assess
what their healthcare needs are; and to advise them of their options.
WE COLLECT PERSONAL INFORMATION: RELATED AND SECONDARY PURPOSES
Like most organizations, we also collect, use and disclose information
for purposes related to or secondary to our primary purposes. The
most common examples of our related and secondary purposes are as
follows:
- To invoice clients for goods and services.
- The costs of the services provided by the organization to clients
that are paid for by third parties such as insurers or legal community.
- Clients or other individuals we deal with may have questions about
our services after our services have been delivered. We retain our
client information for ten years after the last contact to enable
us to respond to those questions.
- Various government agencies (e.g., Canada customs and Revenue
Agency, Information and Privacy Commissioner, Human Rights Commission,
etc.) have the authority to review our files and interview our staf,f
as a part of their mandates. In these circumstances, we may consult
with professionals such as lawyers, accountants who will investigate
the matter and report back to us.
- If Kompass Claims Management Group or its assets were to be sold,
the purchaser would want to conduct a “due diligence”
review of the company’s records to ensure that it is a viable
business that has been honestly portrayed to the purchaser. This
due diligence may involve some review of our accounting and service
files. The purchaser would not be able to remove or record personal
information. Before being provided access to the files, the purchaser
must provide a written promise to keep all personal information
confidential. Only reputable purchasers who have already agreed
to buy the organization’s business or its assets would be
provided access to personal information, and only for the purpose
of completing their due diligence search prior to closing the purchase.
PROTECTING PERSONAL INFORMATION
We understand the importance of protecting personal information.
For that reason, we have taken the following steps:
- Paper information is either under supervision or secured in a
locked or restricted area.
- Electronic hardware is either under supervision or secured in
a locked or restricted area at all times. In addition, passwords
are used on computers. All of our cell phones are digital, as these
signals are more difficult to intercept.
- Paper information is transmitted through sealed, addressed envelopes
or boxes by reputable companies.
- Electronic information is transmitted either through a direct
line or has identifiers removed or is encrypted.
- Staff are trained to collect, use and disclose personal information,
only as necessary to fulfill their duties and in accordance with
our privacy policy.
- External consultants and agencies with access to personal information
must enter into privacy agreements with us.
RETENTION AND DESTRUCTION OF PERSONAL INFORMATION
We need to retain personal information for some time to ensure
that we can answer any questions you might have about the services
provided and for our own accountability to external regulatory bodies.
However, we do not want to keep personal information too long in
order to protect your privacy.
We keep client files for ten years. We keep any personal information,
relating to our general correspondence with people who are not our
clients, newsletters, seminars and marketing activities for 1 year
after the newsletter, seminar or marketing activity is over.
We destroy paper files containing personal information by shredding.
We destroy electronic information by deleting it and, when the hardware
is discarded, we ensure that the hard drive is physically destroyed.
YOU CAN LOOK AT YOUR INFORMATION
With only a few exceptions, you have the right to see what personal
information we hold about you. Often all you have to do is ask.
We can help you identify what records we might have about you. We
will also try to help you understand any information you do not
understand (e.g., short forms, technical language, etc.). We will
need to confirm your identity, if we do not know you, before providing
you with this access. We reserve the right to charge a nominal fee
for such requests.
If there is a problem, we may ask you to put your request in writing.
If we cannot give you access, we will tell you within 30 days if
at all possible and tell you the reason, as best we can, as to why
we cannot give you access.
If you believe there is a mistake in the information, you have the
right to ask for it to be corrected. This applies to factual information
and not to any professional opinions we may have formed. We may
ask you to provide documentation that our files are wrong. Where
we agree that we made a mistake, we will make the correction and,
where appropriate, notify anyone to whom we sent this information.
If we do not agree that we have made a mistake, we will agree to
include in our file a brief statement from you on the point and,
as appropriate, we will forward that statement to anyone else who
received the earlier information.
DO YOU HAVE A CONCERN?
Our Information Officer, Ms. Phyllis Bergmans, can be reached at
613-249-0128, for further information or to address any questions
or concerns you might have.
If you wish to make a formal complaint about our privacy practices,
you may make it in writing to our Information Officer. She will
acknowledge receipt of your complaint; ensure that it is investigated
promptly and that you are provided with a formal written decision
with reasons.
For more general inquiries, the Information and Privacy Commissioner
of Canada oversees the administration of the privacy legislation
in the private sector. The Commissioner also acts as a kind of ombudsman
for privacy disputes. The Information and Privacy Commissioner can
be reached at:
112 Kent Street
Ottawa, Ontario K1A 1H3
Phone: (613) 995-8210 | (800) 282-1376 | TTY (613) 922-9190 | Fax
(613) 947-6850
www.privcom.gc.ca
|