- Principle 1 — Accountability: An organization is responsible for personal information under its control and shall designate an individual or individuals who are accountable for the organization’s compliance with the following principles.
- Principle 2 — Identifying Purposes: The purposes for which personal information is collected shall be identified by the organization at or before the time the information is collected.
- Principle 3 — Consent: The knowledge and consent of the individual are required for the collection, use, or disclosure of personal information, except where inappropriate.
- Principle 4 — Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified by the organization. Information shall be collected by fair and lawful means.
- Principle 5 — Limiting Use, Disclosure, and Retention: Personal information shall not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law. Personal information shall be retained only as long as necessary for the fulfillment of those purposes.
- Principle 6 — Accuracy: Personal information shall be as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.
- Principle 7 — Safeguards: Personal information shall be protected by security safeguards appropriate to the sensitivity of the information.
- Principle 8 — Openness: An organization shall make readily available to individuals specific information about its policies and practices relating to the management of personal information.
- Principle 9 — Individual Access: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
- Principle 10 — Challenging Compliance: An individual shall be able to address a challenge concerning compliance with the above principles to the designated individual or individuals accountable for the organization’s compliance.
Collection, Use and Disclosure of Personal Information
Consent is obtained from you for the collection, use and disclosure of personal information, unless inappropriate. The purpose for which information is collected, used or disclosed is either obvious or if not, we state the purpose; either at or before the time the information is collected, used or disclosed. We collect only that personal information which is necessary to such purposes.
We typically collect, use and disclose personal information for insurance purposes such as assessment of risk, processing applications for insurance, providing insurance products and related services, investigating claims and to prevent or deter fraud. We consult our existing files for these purposes. We collect most information directly from the individual to whom the information relates. However, in the underwriting of insurance risks and the investigation of insurance claims, we verify information and obtain information from independent sources and organizations.
Collection, Use and Disclosure of Personal Information for Insurance Purposes
Subject to legal and contractual restrictions, an individual may decline or revoke consent to the collection, use and disclosure of personal information for insurance purposes. However, if that is the case, our insurance products and related services and benefits and the assessment of claims may be limited or terminated.
We do not sell any personal information to marketing companies.
Accuracy of Personal Information
We endeavor to ensure and maintain the accuracy of the information we collect and use. However, we rely on you to disclose material information to us and to inform us of any changes.
Safeguarding Personal Information
We hold your personal information in various internal systems and databases including shared drives, email, document management systems and in hard copy. We maintain physical, electronic, and procedural safeguards to protect the security of personal information from misuse and loss, as well as unauthorized access, modification or disclosure. We will keep your personal information only for so long as is necessary and for the purpose for which it was originally collected. In particular, we will keep your personal information for so long as there is any possibility that either you or we may wish to bring a legal claim under the contract, we have a legitimate business reason for the data, or where we are required to keep your personal data due to legal or regulatory reasons.
You can obtain written information about our policies and practices with respect to the use of service providers outside of Canada by contacting email@example.com
Disclosure of Personal Information
As a general rule, all personal information is held in strict confidence and except in limited circumstances it is not disclosed to anyone unless expressly or implicitly authorized by you.
Personal information is sought and exchanged with both affiliated and unaffiliated insurance companies, reinsurers and insurance industry organizations at the time of assessing an application for insurance, any renewal, extension, variation or cancellation of any issued policy, as well as in the event of any claim, to the extent necessary for industry statistical purposes or to assess and rate specific risk, determine the status of coverage and investigate claims. We also seek and disclose information to combat fraud; where permitted or required by law; or, at the request of government regulators.
Retention and Access to Your Personal Information
Personal information is retained only for as long as is necessary to fulfill the purpose for which it was collected and to satisfy legal and contractual obligations. Given the nature of insurance and the on-going exposure to potential claims, where necessary, some of the information we collect for insurance purposes is retained indefinitely. You have the right, with satisfactory identification and proof of entitlement, to access and verify your personal information or, if applicable, request a correction of your personal information. The right to access is not absolute. For example, there is no right to access information subject to a legal privilege. Access to personal health information may be obtained through your health care professional.
We may charge a reasonable fee in advance for copying and sending information you have requested and to which you have a right of access. Should this be the case, you will be advised.
Who do you contact if you have a question or complaint about how we handle your personal information?
If you have any questions or concerns about how we handle your personal information, please contact us at: firstname.lastname@example.org
For further information please contact us at:
Annuity/Structured Settlement Manager
Berkshire Hathaway Group
1314 Douglas Street, Suite 1400
Omaha, Nebraska 68102-1944