CDSPI Privacy Policy
The protection of personal information is a fundamental part of doing business at CDSPI and CDSPI Advisory Services Inc. (“CDSPI”). Protecting the privacy and confidentiality of personal information is important to us and this policy sets out how we collect, use and disclose personal information in a manner that protects the personal privacy of our clients and employees.
What is Personal Information?
“Personal Information” means any information about an identifiable individual. This includes factual or subjective information from which an individual’s identity can be reasonably determined. It also includes data points that when combined with other information could identify an individual.
Personal information that may be collected by CDSPI includes, but is not limited to: an individual's name, address, telephone number, preferred language, date of birth, social insurance number, occupation, information about your spouse, family or household members, claims history, medical information and history and financial information. We may also collect your banking or credit card information to make insurance premium payments, or to make an investment contribution or redemption.
Personal information may be collected in a variety of forms including written, electronic and video or audio recordings.
THE TEN PRIVACY PRINCIPLES
At CDSPI, we follow 10 privacy principles. The principles are based on the federal government's Personal Information Protection and Electronic Documents Act.
1. ACCOUNTABILITY
CDSPI is responsible for personal information under its control and has designated an individual or individuals who are accountable for compliance with this Privacy Policy.
A Privacy Officer has been designated as accountable for CDSPI compliance with this Privacy Policy including applicable privacy regulations and guidelines. Where appropriate, the responsibilities of the Privacy Officer may be delegated to another individual or individuals within the organization. The Privacy Officer oversees our privacy program.
2. IDENTIFYING PURPOSES
CDSPI will identify the purposes for which personal information is collected at or before the time the information is collected.
CDSPI collects personal information in various ways, including applications and forms, during claims processing, phone calls, personal meetings or through other means. CDSPI will specify the identified purpose for collecting the information at or before the time of collection. Depending on the way in which the information is collected, this can be communicated orally or in writing.
We use your information to help us deliver and manage our products and services, including when we:
- verify your identity;
- communicate with you;
- comply with regulatory reporting obligations;
- assess your eligibility for products and services;
- evaluate and recommend products and services;
- process an application for insurance policy, an investment plan or an insurance claim;
- prevent and detect fraud;
- respond to complaints;
- conduct data analytics;
- obtain your opinion following an interaction with CDSPI or in connection with a product or service; and
- help you take advantage of the benefits of being a client of CDSPI.
CDSPI will not collect, use, or disclose information beyond that required to fulfill the purposes specified at the time of collection. We may pool your information with other peoples’ information for research and to create statistical reports. These reports will not identify you.
In some cases, the use and disclosure of your information is a core part of the product or service. In these cases, if you don't agree with this use and disclosure, you may need to choose a different product or service.
CDSPI may occasionally inform individuals by email of other financial products and services that we believe meet your changing needs. If you don’t wish to receive these offers, contact CDSPI and we’ll update our records. Individuals may access the CDSPI website to update their email marketing preferences or can use the unsubscribe link included in our commercial electronic messages.
When personal information that has been collected is to be used for a purpose not previously identified, the new purpose will be identified prior to use and unless the new purpose is required by law, the consent of the individual is required before the information can be used for the new purpose.
3. CONSENT
CDSPI must obtain the knowledge and consent of the individual for the collection, use, or disclosure of personal information, except where inappropriate.
Consent is required for the collection of personal information and the subsequent use or disclosure of this information. Typically, CDSPI will seek consent for the use or disclosure of the information at the time of collection. In certain circumstances, consent will be sought after the information has been collected but before use (for example, when CDSPI wants to use the information for a purpose not previously identified). By providing information about a third party, such as a family member or employee, you represent that you have obtained that person's consent to the collection, use and disclosure in accordance with this Privacy Policy.
CDSPI may seek consent in a variety of ways, depending on the circumstances and the type of information collected. CDSPI will generally seek express consent when the personal information is likely to be considered sensitive (such as medical or income records). Consent may be given by an authorized representative of an individual such as a person who has power of attorney or a legal guardian. Implied consent may be inferred in circumstances where the information is less sensitive and consent to collection, use or disclosure can be reasonably inferred. Generally, consent is valid for the length of time needed to achieve the identified purposes.
In certain limited circumstances, CDSPI may collect, use, or disclose personal information without the knowledge or consent of the individual. For example, legal, medical, or security reasons may make it impossible or impractical to seek consent. For example, the collection of personal information for the investigation or detection of fraud or for law enforcement purposes may make it impractical to obtain consent. This may also occur when the individual whose consent is required is a minor, seriously ill or otherwise incapacitated and obtaining consent is inappropriate or impossible.
An individual may withdraw their consent at any time on reasonable notice, subject to legal or contractual restrictions. However, the ability of CDSPI to provide services to an individual who withdraws their consent may be limited and CDSPI will inform the individual of the implications of withdrawing consent.
4. LIMITING COLLECTION
CDSPI will limit its collection of personal information to that which is reasonably necessary for the purposes it has identified. Information shall be collected only by fair and lawful means.
CDSPI will not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is reasonably necessary to fulfil the purposes identified.
Information will be collected in a manner that complies with the CDSPI’s obligations to identify the purpose of collection and to obtain the consent of the individual to collection, use and disclosure of personal information.
We may also collect personal information when you use our corporate website such as when you request to meet an advisor. All personal information collected, whether through our website or otherwise, is governed by this Privacy Policy.
5. LIMITING USE, DISCLOSURE AND RETENTION
CDSPI will not use or disclose personal information for purposes other than those for which the information was collected, except with the consent of the individual or as required by law. Personal information will be retained only as long as necessary for the fulfilment of those purposes.
CDSPI employees commit annually to protecting the confidentiality of the personal information they need while performing their duties and must regularly take security and privacy training.
Personal information may be disclosed to our partners and suppliers to manage business and legal obligations. This includes cloud, web-hosting and data-processing services, insurance and investment providers, claims providers and legal services. Our partners must contractually agree to comply with and abide by our strict standards for the protection and confidentiality of your personal information as set forth in this Privacy Policy.
Certain situations require us to disclose your personal information to courts, law enforcement authorities and other agencies. Similarly, we may need to disclose some of your personal information to third parties, such as other financial institutions, payment processing companies, credit reporting agencies and public and private fraud and claims databases.
CDSPI will retain personal information that has been used to make a decision about an individual for long enough to allow the individual access to the information after the decision has been made.
The types of products and services CDSPI offers requires personal information to be kept for extended periods of time. Personal information that is no longer required to fulfil its purpose shall be destroyed in accordance with CDSPI’s data retention and destruction policies and procedures.
CDSPI will never sell your personal information to anyone.
6. ACCURACY
CDSPI will make reasonable efforts to ensure that personal information will be as accurate, complete, and up to date as is necessary for the purposes for which it is to be used.
The extent to which personal information will be accurate, complete, and up to date will depend upon the use of the information, taking into account the interests of the individual. Information will be sufficiently accurate, complete, and up to date to minimize the possibility that inappropriate information may be used to make a decision about the individual.
CDSPI will not routinely update personal information unless it is necessary to fulfill the purposes for which it was collected.
7. SAFEGUARDS
CDSPI will protect personal information with security safeguards appropriate to the sensitivity of the information.
CDSPI has implemented security safeguards and appropriate employee training to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. CDSPI will protect personal information regardless of the format in which it is held.
Security safeguards will vary depending on the sensitivity of the information that has been collected, the amount, distribution, and format of the information, and the method of storage. More sensitive information will be safeguarded by a higher level of protection.
The methods of protection will include:
- physical measures, such as restricted security card access to the CDSPI’s offices, locked filing cabinets, and restricted access to files;
- organizational measures, such as limiting access on a "need to know" basis; and
- technological measures, such as the use of passwords and encryption.
CDSPI will use all reasonable efforts to ensure that unauthorized parties do not gain access to the information during its disposal or destruction.
Security safeguards also include steps to ensure that all third parties with whom we contract and who may be required to handle personal information have implemented comparable security measures.
8. OPENNESS
CDSPI will make readily available to individuals, specific information about its policies and practices relating to the management of personal information.
CDSPI makes the following information available:
- the name or title, and the address, of those accountable for CDSPI's policies and practices and to whom complaints or inquiries can be forwarded;
- the means of gaining access to personal information held by CDSPI;
- a description of the type of personal information held by CDSPI and a general account of its use;
- a copy of this privacy policy, and any other brochures or information that explain or elaborate upon this policy; and
- what personal information is made available to related organizations or subsidiaries.
9. INDIVIDUAL ACCESS
Upon request, CDSPI will inform an individual of the existence, use and disclosure of their personal information and will give the individual access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
Upon request, CDSPI will inform an individual as to whether or not it holds personal information about them, and, if possible, the source of that information. CDSPI will allow the individual access to this information and where possible provide an account of the use made of the information, including any disclosure to third parties. CDSPI may choose to make sensitive medical information available through the individual’s physician or a medical practitioner designated by the individual.
In certain situations, CDSPI may not be able to provide access to all the personal information it holds about an individual. Exceptions to the access requirement will be limited and specific, and the reasons for denying access will be provided to the individual upon request. Access to information may be denied if among other reasons, the information contains references to other individuals, the information is subject to solicitor-client or litigation privilege, the information cannot be disclosed for legal, security or commercial proprietary reasons, or the information is prohibitively costly to provide.
CDSPI will respond to an individual’s request within a reasonable time and at minimal or no cost to the individual. The requested information will be provided or made available in a form that is generally understandable. If the individual requests copies of any of the documents in CDSPI’s file, a reasonable fee may be charged for duplication.
An individual may be required to provide sufficient information about their identity or the nature of the information they have provided to CDSPI to permit CDSPI to provide an account of the existence, use, and disclosure of their personal information. The information provided will only be used for this purpose.
When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, CDSPI will amend the information as required. Depending upon the nature of the information challenged, amendment could involve the correction, deletion, or addition of information. Where appropriate, the amended information will be transmitted to third parties having access to the information in question.
When a challenge is not resolved to the satisfaction of the individual, CDSPI will record the substance of the unresolved challenge. The individual will also be entitled to place in the file a statement as to their position and the documents they rely on in support of that position.
10. CHALLENGING COMPLIANCE
An individual will be able to address a challenge concerning compliance with this Privacy Policy to the Privacy Officer at CDSPI
CDSPI will inform individuals who make inquiries or raise concerns of the applicable complaint handling process.
CDSPI will investigate and respond to all complaints. If a complaint is found to be justified, CDSPI will take appropriate measures, including, if necessary, amending its policies and practices.
CONTACT INFORMATION
An individual may request to review their personal information in our files or request a correction to such personal information by contacting our Privacy Officer using the methods below:
Mail:
ATTN: The Privacy Officer
CDSPI
2005 Sheppard Ave East, Suite 500,
Toronto, ON M2J 5B4
E-mail: privacy@cdspi.com