How We Protect Your Data

Privacy Policy

ABEX’s Privacy Practices

ABEX (ABEX Affiliated Brokers Exchange Inc.) respects our clients’ right to privacy and is committed to protecting our clients’ personal information. In the course of operating our business ABEX may collect personally identifiable information from our clients, employees and others. Our privacy policy is based on the Personal Information Protection and Electronic Documents Act (PIPEDA).

The Personal Information Protection and Electronic Documents Act (PIPEDA) sets out ground rules for how private sector organizations may collect, use or disclose personal information in the course of commercial activities. PIPEDA also applies to federal works, undertakings and businesses in respect of employee personal information. The law gives individuals the right to access and request correction of the personal information these organizations may have collected about them.

More information on PIPEDA is available here. Rest assured, the information you share with ABEX will be kept private and confidential.

In this privacy policy ABEX (ABEX Affiliated Brokers Exchange Inc.) is referred to as: “ABEX”, “we”, “us”, or “our”

Definition of Personal Information

“Personal Information” is defined as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. This is a very broad definition and may include most types of information held such as race, medical, criminal, employment and financial history. The legislation only applies to information collected, used or disclosed in the course of commercial dealings.

Please click here for a full definition of Personal Information: http://www.priv.gc.ca/leg_c/interpretations_02_e.asp

The 10 Principles of ABEX’s Privacy Policy

1. Accountability

ABEX is committed to open and fair privacy practices which comply with the Personal Information Protection and Electronic Documents Act, as well as any other applicable legislation.

ABEX is accountable for all personal information under its possession, custody or control, whether supplied to us directly by you or by a third party, or that we have provided to a third party for processing.

We understand it is our responsibility to ensure all staff are well trained and well informed of our legal responsibility surrounding security. Even though numerous individuals within ABEX are responsible for the day-to-day collection and processing of personal information, our Privacy Officer is ultimately accountable for the handling of personal information under the control of ABEX and for ensuring that the principles set out in this privacy statement are being complied with.

Please see Principle 10 for information on how to contact our Privacy Officer regarding your specific privacy questions or concerns.

2. Identifying Purposes

ABEX collects personal information in the course of providing services to our clients. ABEX will inform an individual of the purposes for which Personal Information is collected at or before the time the information is collected.

Examples include:

  • establish your identification
  • understand your needs and eligibility for products and services
  • recommend products and services to meet your needs
  • provide you with ongoing services
  • service your ongoing insurance needs
  • establish and maintain communications
  • respond to your inquiries
  • underwrite and price your policy application and any subsequent policy changes or renewals
  • enable us to acquire or renew your insurance policy
  • allow us and our insurance company partners to accurately rate your policy
  • allow us and our insurance company partners to investigate and settle your claims
  • protect you and us from error or fraud
  • comply with legal requirements
  • report to regulatory or industry entities
  • analyze business results, compile statistics, perform administrative tasks such as accounting and information system activities and conduct marketing and underwriting research and modeling.
Personal information which we collect through our website

Our web server may automatically record certain technical information related to your visit to our website. This information is anonymous and does not identify you personally. It includes things such as: the Internet domain for your Internet service provider; the Internet Protocol (IP) address of the computer accessing the website; the date and time that you visited this website; and a record of which pages you viewed while you were visiting this website.

We may use this information to statistically analyze site usage, in order to make our site more useful to visitors, to diagnose problems with our servers and to help us to better design our website.

If we require your Personal Information for any purpose other than as identified above, ABEX will seek your consent prior to using it.

3. Obtaining Consent

ABEX will obtain consent before or when we collect, use or disclose personal information about an individual,except in certain circumstances where consent is not required. An individual may choose to withdraw consent at any time.

If we choose to use personal information already in our custody for a purpose which was not identified at the time we initially collected the information, unless the new purpose is required by law, we will seek the consent of the affected individuals before using this information for these purposes.

We do not collect personal information that is not necessary for the purposes we identify when we collect it. We will not refuse to provide a service to an individual if they choose not to provide us with their personal information, unless their failure to provide such information makes us unable to provide such service.

General

We issue or arrange issuance of an insurance policy with our insurance company partners with the understanding that, in addition to providing your consent, you have obtained the consent from all persons named in your insurance policy for the collection, use and disclosure of their Personal Information, for the purposes outlined above.

Obtaining Consent

You can provide consent to the collection, use and disclosure of your Personal Information expressly or implicitly. Express consent can be given orally or in writing. It is given by agreement or action on the part of the customer, to acquire or accept a product or service. For example, express oral consent can be given over the telephone, or express written consent can be given by signing an application form or an agreement which may relate to Personal Information. Express consent by an action can be given by clicking an accept button on a computer screen. If oral express consent is given, ABEX will document and/or record the conversation, specifically the name, date, and details of the conversation in either hard or soft copy within the appropriate policy or claim file documentation in order that it may be easily located and accessed should this be necessary.

Implied consent can be inferred from the relationship between the parties or from the nature of the dealings between the parties. For example, when you give Personal Information to an insurance broker or agent for the purpose of obtaining insurance, it is reasonable to infer that there is implied consent to the disclosure of that information to the insurer to meet your insurance needs.

In addition, when you make changes to your policy or when your policy automatically renews, you are agreeing that any consent you have previously provided to us relative to your policy remains in effect unless the consent is otherwise withdrawn.

Who Can Give Consent

Consent may be given by the individual or by an authorized representative (such as a person having power of attorney, or a legal guardian). ABEX will verify authorization by requesting identification, the reason for representation, and if applicable, the approval of representation by the applicable individual.

When consent is not required

Knowledge and consent are not required in many circumstances under the law for the collection, use and disclosure of Personal Information, such as:

  • Where it would compromise the availability or accuracy of the Personal Information relating to the breach of an agreement or the contravention of any law, including the detection and prevention of fraud;
  • For compliance with subpoenas, search warrants, and other court or government orders;
  • When Personal Information is transferred to lawyers retained by ABEX pursuant to the contractual obligation in the insurance policy to defend legal actions against the insured;
  • When, under exceptional circumstances, ABEX may, under a public requirement, disclose Personal Information to appropriate authorities in matters of significant public interest;
  • Where the individual is a minor, seriously ill, or mentally incapacitated, and seeking consent is impossible or inappropriate;
  • Where the Personal Information is publicly available and is specified by the regulations;
  • When required by law.
Withdrawing your consent

Subject to certain legal and contractual restrictions and reasonable notice, you may refuse or withdraw consent to the collection, use or disclosure of Personal Information at any time by notifying our Privacy Officer in writing (please see Principle 10 for details).

In addition, you may also opt out of certain communications we may send you regarding other products and services. However, you should be aware that withdrawing your consent may affect our ability to respond to your insurance needs.

Anti-Spam Policy

ABEX maintains a strict no-spam policy in accordance with Canada’s Anti-Spam Legislation (CASL) and will ensure that no unsolicited electronic communications are sent to. If you receive unsolicited communications from ABEX, its affiliates or third-party licensors, please notify our Privacy Officer (contact information provided in Principle 10 below).

4. Limiting Collection

ABEX limits its collection of personal information to that which is reasonably required. We will not collect personal information which is not necessary to our business, as in the purposes mentioned above.

5. Limiting Use, Disclosure and Retention

ABEX will use and disclose personal information only for the intended purpose for which the information was collected. We keep personal information only for as long as necessary to satisfy it’s purpose or as required by law.

General

There are situations specific to the Property and Casualty insurance business where we will use, disclose and retain Personal Information as dictated by prudent insurance practices. Examples of these situations include:

  • Risk sharing: transfer of Personal Information to other insurers and/or to reinsurers;
  • Information services: disclosure for underwriting, claims, classification and rating purposes;
  • Insurance services: disclosures to providers of goods and services to ABEX such as insurance reporting or data sharing agencies, loss control managers, and claims adjusters;
  • Insurance intermediaries: brokers and agents.

We will not use or disclose your Personal Information for purposes not identified in Principle 2 unless we have your consent or it is required by law. We will keep your information only for as long as it is needed.

Disclosure within ABEX

ABEX may internally share your personal information for the purposes identified in this policy with its Canadian affiliates or other related companies outside of Canada. Only such companies with legitimate business reasons will have access to your Personal Information and must ensure that Personal Information in their possession is securely held.

Disclosure to Third Parties

We may disclose your Personal Information to third parties, which include brokers, agents, private investigators, and adjusters. Third Parties are also subject to PIPEDA and other applicable privacy legislation. Only those companies or individuals, who are authorized, based on their need to carry out work for the purposes identified in Principle 2, can have Personal Information disclosed to them.

Furthermore, should ABEX and/or any of its member companies become involved in any business transaction including purchase or sale, merger or amalgamation or a financing arrangement, pertaining to any of its business assets, your Personal Information may need to be shared with applicable third parties to complete such a transaction.

Disclosure Outside of Canada

ABEX and/or any of its member companies may use service providers located outside of Canada or related companies located outside of Canada to collect, use, disclose or store your Personal Information. Only those companies or individuals, who are authorized, based on their need to carry out work for the purposes identified in Principle 2, can perform such functions.

Where your Personal Information is collected, used, disclosed or stored outside of Canada, we will attempt to contractually protect it; however, it may be subject to the laws of that jurisdiction and may be accessed by the courts, law enforcement and national security services of that jurisdiction.

The jurisdictions where Personal Information may be collected, used, disclosed and stored include, but are not limited to the United Kingdom and the United States of America. To obtain further information on ABEX policies and practices with respect to service providers outside of Canada you may contact the ABEX’s Privacy Officer.

Retention Periods

The retention periods for Personal Information are consistent with the company Retention Policy, which in turn meets the provincial and federal legislation requirements. Your Personal Information will only be retained for as long as necessary for ABEX to serve you or as long as may be required for legal purposes. As soon as any of the Personal Information reaches its maximum retention period, it is destroyed, made anonymous, or archived from operating systems to a secured, limited access site.

Personal Information that still serves an identified purpose may be retained indefinitely provided that it is archived outside of the regular operating environment with more restrictive accessibility.

6. Accuracy

ABEX will keep the personal information in our possession or control accurate, complete, current and relevant, based on the most recent information given by an individual. Within a reasonable time of being notified, ABEX will update member records to reflect changes in personal information.

If ABEX has any doubt about your Personal Information being accurate, complete and/or up-to-date, given that there is a business need, you may be contacted to verify the information currently available, and amendments shall be made where necessary. If it is not possible to verify your Personal Information, or we are unable to contact you, no action, other than logging these limitations in your file are taken.

7. Safeguarding Information

ABEX will protect personal information with safeguards appropriate to the sensitivity of the information. We will protect personal information regardless of its format against unauthorized access, disclosure, copying, use or modification.

ABEX is responsible for safeguarding your Personal Information from loss, theft, unauthorized access, disclosure, copying, use, or modification, regardless of the format in which it is stored.

ABEX as a third party can not be held responsible if a data breach occurs at the first party to whom the data was originally supplied.

Methods of Safeguarding

The nature of the safeguards will vary depending on sensitivity, amount, distribution, format and method of storage of the Personal Information. In general, the following are observed:

  • Personal Information is never left unattended out in the open;
  • Access to Personal Information is only permitted when a legitimate business need exists;
  • Personal Information is not photocopied, modified, disclosed, or destroyed without the specific consent and order of the responsible employee;
  • When information is supplied to a third party, only necessary information is released from a sensitive file, rather than the complete file;
  • No unescorted individual is given access to floors where sensitive information is retained;
  • Passwords are changed on a periodic basis, and are not shared under any circumstances;
  • Sensitive files are segregated and only authorized individuals allowed access;
  • All mail received after hours is secured in the mail and supply area;
  • Information of a sensitive nature is transferred to third parties by secure means;
  • Offsite information is stored in a secure location.

ABEX employees are required to be diligent about safeguarding Personal Information. We take particular care with sensitive Personal Information such as:

  • Medical/hospital records;
  • Employment records;
  • Income tax returns;
  • Criminal records; and
  • Financial records.
Information Received from Third Parties

ABEX employees adhere to the same diligence for Personal Information received from outside ABEX and adhere to any higher standard of third parties if so contracted.

Destruction of Information

All Personal Information that is no longer required for its original purpose and has been retained for the minimum required term shall be destroyed, erased, made anonymous, or archived to the secure limited access site.

8. Openness

ABEX actively informs clients and employees of our privacy policy and practices for the management of personal information. The privacy policy is made readily available to employees and clients on our website www.abexinsurance.com.

Upon request, ABEX will provide an explanation of its Policy with respect to the management of Personal Information. You can contact our Privacy Officer with any inquiries or complaints or if you require further information.

9. Individual Access

Upon the receipt of a written request from individuals, ABEX will advise them of the existence, use and disclosure of their personal information and they will be given access to such information except as may be limited by law.

Individual reserves the right to request information be amended or corrected. Requests for disclosure must be made in writing, by email, or letter. ABEX will respond to an access to information request as soon as possible but not extending 30 days of receiving the request.

It is important to verify that the individual requesting information is in fact the person in question. For this reason we demand that all inquiries be in writing and that our responses, also in writing are sent to the address we have on file. Any alternative handling will require mandatory validation of the requestor’s identity and address information.

Any responses shall be provided in an understandable manner with adequate explanation of abbreviations or codes. Upon request, ABEX will provide access to Personal Information in an alternative format for individuals with sensory disabilities, if conversion to an alternate format is reasonable and necessary.

Time-frame for Responding to the Request

Responses shall be made within 30 days of receipt of the request. However, if an extension is required, a notice of extension for up to an additional 30 days will be sent to you, within 30 days of receipt of the request, stating the reasons for the extension, the new time limit and explaining your right to complain to the Privacy Commissioner of Canada, or if applicable, the provincial privacy commissioner about the extension.

Refusal of Request for Disclosure

If a request for disclosure is denied, we will provide an explanation. The individual will be informed that he/she can challenge the denial of the request through ABEX Privacy Officer via the Complaints Handling Process (see Principle 10 for details) or the Federal or Provincial Commissioner.

Examples of acceptable reasons for non-disclosure include:

  • Prohibitive cost
  • Personal Information that contains information about other individuals that cannot be severed
  • Legal and security litigation, or commercial proprietary reasons
  • Disclosure could reasonably be expected to threaten the life or security of another individual
Amending Details

If you successfully demonstrate the inaccuracy or incompleteness of Personal Information, ABEX will amend the information, as required (correction, deletion, addition).

Where appropriate, the amended information shall be transmitted to applicable third parties having access to the information in question.

Maintenance of Records

All amendments resulting from this process are formally recorded with an explanation given, if necessary.

When a challenge is not resolved to the satisfaction of the individual, ABEX will record the substance of the unresolved challenge. When appropriate, the existence of the unresolved challenge will be transmitted to third parties having access to the information in question.

Personal Information that is the subject of a request or has been used to make a decision about an individual will be retained as long as is necessary to allow the individual to exhaust any recourse that they may have under the applicable privacy legislation.

Cost of the Disclosure

We may charge you for providing access to your information but only after first advising you of the approximate cost.

10. Challenging Compliance: Questions and/or Complaints Regarding Privacy

Individuals may challenge ABEX on our handling and practices of personal information and/or our compliance with privacy legislation. Complaints and inquiries should be directed to the Privacy Officer.

Recognizing and Recording a Complaint or Inquiry

If you feel at any time that we are not complying with the principles set out in our Privacy Policy, you may contact our Privacy Officer in writing.

The Privacy Officer or designate receives all inquiries and complaints, coordinates responses, ensures responses meet Privacy requirements, and ensures that responses are timely.

Investigating

All complaints received are investigated. If we find a complaint is justified, ABEX attempts to resolve it. If necessary, we modify our policies and procedures to ensure that other individuals will not experience the same concerns.

The investigation will involve a review of the facts in order to understand your complaint by:

  • Referring to the individual file (information both in the database and on paper);
  • Referencing the Privacy Policy;
  • Discussion with staff member(s) who were dealing with the individual/file;
  • Any other sources or documentation that may provide relevant information.
Acknowledging and Responding

If the inquiry/complaint cannot be resolved immediately, we will advise you that your inquiry/complaint is being reviewed and when you can expect an answer. If you have any concerns about our policy or treatment of your Personal Information and we have not been able to resolve it, you will be advised to contact the office of the Privacy Commissioner of Canada, or if applicable, the provincial privacy commissioner. Our Privacy Officer will provide this contact information on request.

Follow up

The Privacy Officer or designate will, if warranted and appropriate, contact you to verify whether or not the matter has been resolved satisfactorily.

If the solution means that ABEX needs to alter its practices and procedures then the Privacy Officer or designate is responsible for ensuring such changes are made.

Monitoring of Complaint Handling Procedures

On a periodic basis, the Privacy Officer or designate will review the complaints process to ensure a fair, appropriate, and prompt process is in place.

Updates to our Policy

ABEX is always considering opportunities to improve or update communication to its clients, streamline its business, but at all times be compliant with the law. Our Privacy Policy as a result, is not necessarily a static document. ABEX, therefore, reserves the right to alter the Privacy Policy from time to time. Such changes will be effective 10 days following the posting of the change on ABEX web site. For the most up to date information, please revisit our web site www.abexinsurance.com or contact our Privacy Officer.

How to Contact ABEX’s Privacy Officer

Privacy Officer: Jad McGregor

IN WRITING

ABEX Affiliated Brokers Exchange Inc.

139 Northfield Dr. W., Suite 206

Waterloo, Ontario, N2L 5A6
By Phone: 1-888-643-2217

By Email: service@abexinsurance.com

For additional support, please visit our contact page.

Scroll to Top