At the OTIP Group of Companies¹ (“OGC”), respecting your privacy and protecting your personal information is an important part of how we do business. We value the trust you have in us, and we are committed to protecting your privacy.

Accountability

We are accountable for all personal information in our possession or control, including any personal information transferred to third parties for processing. We will designate a Privacy Officer who is accountable for the organization’s compliance with applicable data privacy laws.

Identifying the purposes for which information is collected

We will identify the type of personal information OGC collects, uses and discloses and the reasons for collecting, using, and disclosing personal information before or at the time of collection. We will collect information for reasonable purposes as outlined in this policy as well as purposes described in the terms and conditions of any product, service, program, contest, promotion or event. We may require personal information to:

• Establish one’s identity and authenticate individuals accessing personal information and services
• Understand one’s needs and eligibility for products, services and benefits
• Recommend products, services and coverage to meet one’s needs
• Make you aware of new products, services and benefits
• Provide you with ongoing services
• Establish and maintain communications
• Respond to enquiries
• Train employees and monitor for quality assurance
• Enable us to acquire or renew an insurance policy
• Provide rehabilitation recommendations and services
• Draft billings and conduct accounting services related to our products, services and benefits
• Conduct research and data analysis to help us make decisions and improve the products and services we offer
• Investigate, evaluate, negotiate and settle claims
• Protect you and us from error or fraud
• Comply with legal requirements

We may analyze how you use our products and services, including through our websites and mobile applications, to improve your experience and to provide relevant information.

Obtaining consent

We will obtain consent for the collection, use and disclosure of your personal information, subject to certain legal, medical or security exceptions which may make it impracticable to seek consent. You may provide consent to the collection, use and disclosure of your personal information expressly (oral, written or electronic) or consent may be implied depending on circumstances and sensitivity of the information. Consent may be given by the individual or by an authorized representative (such as a person having power of attorney, or a legal guardian). We may verify authorization by requesting identification of the representative and the reason for representation.

When quoting or issuing an insurance policy, it is our understanding that in addition to you providing your consent, you have obtained consent from all persons named in the insurance policy for the collection, use and disclosure of your personal information, for the purposes outlined above.

You can withdraw consent at any time. If this should happen, we will explain that withdrawing consent may impact our ability to provide you with our products and services. We will offer you the ability to manage the use of your personal information by allowing you to:

• Manage your communication preferences within your account
• Opt-out of receiving marketing and/or other commercial messages by unsubscribing through the digital message
• Manage cookies on your browser

Limiting the collection of personal information

We will limit the collection of personal information to only that which is needed to properly provide products, services and benefits and to fulfill legal or regulatory requirements. Information will be collected by fair and lawful means. If your information is being collected by telephone, the call may be recorded for the following reasons:

• To establish a record of the information provided
• To verify instructions
• To analyze, review and improve customer service
• To assist in staff training

The information we gather may vary, depending on the request and/or the service provided and may be collected verbally, electronically or in writing. Examples of the types of information we may collect directly or indirectly include but is not limited to:

• Name, address, telephone number and email address
• Age, sex, family and marital status
• Voiceprint
• Driving record
• Driver’s license number
• Previous insurance history and claims experience
• Vehicle information
• Proof of ownership
• Details of the property you wish to insure
• Details related to any loss or injury
• Medical and health information
• Employment and income information
• Banking information and credit rating
• Identification numbers (including social insurance number when required for financial and/or tax reporting reasons)

In most cases, we will collect the information directly from you, or from your authorized representative(s). In some cases, and with your consent, we may need to ask an independent source to verify or provide supplemental information. These sources could include service providers we retain, other insurance companies or financial institutions, employers, benefit administrators, plan sponsors, or credit reporting agencies. In the case of medical or health- related information, additional sources could include doctor(s), pharmacies, paramedical service providers, other healthcare providers or facilities. In some circumstances, we may collect personal information from public sources such as the internet or third party service providers.

Limiting the use, disclosure and retention of personal information

We will use or disclose personal information only for the purpose for which the information was collected, unless you give consent to use or disclose it for another reason. Information may be disclosed to service providers and authorized agents/representatives who perform various functions for us. Your personal information may be disclosed in certain circumstances:

• To employees, consultants and contractors, who need the information in the performance of their duties
• To service providers who need the information in the performance of their duties for us, to provide services to you, to resolve your concerns and to satisfy your obligations to us. Types of service providers and third parties we may disclose your personal information to may include:
  1. Third party administrators and insurers that provide operational support and services such as claims processing, underwriting, and benefits administration;
  2. Information technology providers to enable our business operations;
  3. Payment processing suppliers, like banks and credit card processors to process and issue payments to and from your account;
  4. Print service providers to process and send communications;
  5. Fraud detection services to help us prevent fraud, identify and investigate potentially fraudulent activity, or to enhance our detection tools;
  6. Health care service providers to support health management services and programs;
  7. Legal representatives and auditors when we respond to complaints, seek legal advice, pursue or respond to legal actions or ensure compliance with audit requirements.

In some cases, service providers may be located in other provinces or jurisdictions outside of Canada and personal information may be subject to the laws of those jurisdictions. When information is provided to our service providers, we will require them to protect the information in a manner that is consistent with our Privacy Policy, practices and applicable laws.

We may, where not prohibited by law, consolidate and share your personal information within OGC to better manage our business and the relationship we have with you for the purposes described in this policy. Sensitive personal information, such as health and medical information, will never be shared or used for a purpose other than the original purpose for which it was collected without your consent.

As part of a business transaction including purchase or sale, merger or amalgamation or a financing arrangement pertaining to OGC’s business assets, we may be required to share your personal information with applicable third parties to complete such a transaction.

We will keep personal information only as long as necessary for the identified purposes or as required by law. When personal information is no longer required, it is destroyed or anonymized.

Keeping personal information accurate

We will keep the personal information in our possession or control accurate, complete, current, and relevant based on the most recent information available to us. You can check your personal information to verify its accuracy by calling our organization, or depending on the product or service, log on to your account and review your personal profile. You may challenge the accuracy and completeness of personal information about you and have it amended as appropriate. Depending on the nature of the information challenged, amendment involves the correction, deletion, or addition of information. Where appropriate the amended information will be transmitted to third parties having access to the information in question.

Safeguarding information

We will protect personal information within our custody with safeguards appropriate to the sensitivity of the information. Access to personal information is restricted to employees and individuals who require access to perform their job or fulfill their duties to us. We use reasonable physical, organizational, and technological safeguards and appropriate training of employees, to prevent the theft, loss, misuse, alteration, unauthorized access, or disclosure of personal information under our control.

While OGC takes all reasonable measures to protect data and safeguard personal information, there is always inherent risk when processing personal information. Risks may arise from bad actors or human error. If you receive a call or email from OGC requesting your sensitive personal information and you are not certain the request is legitimate, you should contact OGC to confirm that the request was legitimate. We also recommend that you use unique and strong passwords for your online account(s) and you do not share your passwords with anyone.

OGC uses emails, facsimiles, and other electronic transmissions (collectively “email”). Email cannot be guaranteed to be secure, unchanged, error free or safe, because such transmissions can be intercepted, diverted, altered, lost, or destroyed, and could arrive late or otherwise be adversely affected during initiation or transmission. OGC is not responsible for damages related to email messages sent by you to OGC or email messages sent by OGC to you at your request.

Openness

We will be open about the procedures used to manage personal information and upon request, we will provide specific information about our practices relating to the management of personal information, except where the information is considered proprietary.

At OGC, we recognize the transformative potential of innovations like Artificial Intelligence (AI). OGC supports the responsible use of AI technology which means we will design, develop and/or deploy AI with good intentions to empower employees and business solutions, minimizing unintended bias and risks, protecting privacy and security of data, ensuring transparency, and fostering trust. Responsible use of AI will be supported by oversight mechanisms, following ethical principles, and using data with integrity in a way that aligns with our Privacy Policy.

Providing access to personal information

 Upon request, we will advise you of the existence, use and disclosure of your personal information. You can request to have your information amended or corrected. We will respond to an access to information request within the timelines prescribed by each province’s privacy legislation. It is important to verify that the individual requesting the information is in fact the person whom the information belongs to. For this reason, we require that all inquiries be in writing and that our responses, in writing, are sent to the address we have on file. Access to information will be provided at zero or minimal cost, depending on the request. If a cost applies, we will inform you before proceeding.

We are unable to provide access to information in certain the following circumstances including:

• If doing so would likely reveal personal information about a third party, however, if the third party information can be removed, the remainder of the record can be provided
• If the information is subject to lawyer and client or another form of privilege
• If revealing the information would reveal confidential commercial information
• If revealing the information could reasonably be expected to threaten the life or security of another individual
• If providing access is prohibitively costly
• If the information relates to the actual or suspected breach of a policy or other agreement or the breach of a Canadian law
• If the information was generated in the course of a formal dispute resolution process

Questions and/or complaints about privacy

You may challenge our information handling practices and/or compliance with privacy legislation. Complaints and inquiries should be directed to OGC’s Privacy Officer/Director of Data Privacy, Risk and Compliance as outlined in the complaint process.

Complaints Process

If a you have a privacy related concern or complaint, an employee will listen to your concerns, identify the problem and offer solutions. If the situation is still unresolved, you will be directed to contact OGC’s Privacy Office either by telephone or in writing.

The Privacy Officer can be contacted at:

Head Office

OGC Privacy Officer

P.O. Box 218

Waterloo ON N2J 3Z9 

1-800-267-6847

privacy@otip.com

Depending on the nature of the inquiry or complaint, the Privacy Office will:

• Acknowledge the inquiry
• Investigate the situation
• Respond in a timely manner
• Answer any questions related to our Privacy Policy
• Take measures to modify our personal information handling practices if necessary

Changes to the Privacy Policy

 We may from time to time revise our Privacy Policy to reflect changes in legislation and/or our personal information handling practices. The most current version of the Privacy Policy will govern how we process personal information and will be available on our website, including the date when the policy was last updated. By continuing to use and participate in in OGC’s products, services and coverage, you agree to be bound by the most current version of the Privacy Policy.

¹This policy applies to all companies under the umbrella of Ontario Teachers Insurance Plan (OGC), whether an affiliated company or a subsidiary company, including:

• Ontario Teachers Insurance Plan
• OTIP/RAEO Benefits Incorporated
• OTIP/RAEO Insurance Brokers Inc.
• Curo Claims Services Inc.
• TW Insurance Services Ltd. operating as "Orbit Insurance Services" (includes Assurance Jean Claude Leclerc Inc., SMK Insurance Limited, Northstar Marine Insurance Inc., Higgins General Insurance Inc., Higgins Commercial Insurance Inc., and Dyck Insurance Agency (Wetaskiwin) Ltd.)

Updated June 1, 2024