Privacy

All GSC employees and other persons or organizations who act for or on behalf of GSC, are responsible for the protection of your information. Our Privacy Officer is responsible for overseeing our privacy program, which includes policies, procedures and staff training to ensure that our employees are adhering to these privacy principles. GSC’s internal audit department also regularly monitors the adherence to these privacy principles. See section 10 of this policy for the contact information of our Privacy Officer.

We ask for your personal information for various purposes related to the administration of your benefits plan, including:

• To provide you with benefits coverage;
• To confirm your identity and the accuracy of your information;
• To create and administer your account when you register for our service, including through our website, apps and service providers;
• To determine eligibility for services for you and your dependents;
• To transfer personal information with other benefit carriers for the coordination and continuation of benefits;
• To bill and collect premiums;
• To process claims and administer the products and services we provide;
• To communicate with service providers relating to the services provided to you by them;
• To communicate with Plan Sponsor(s) and Employers, as applicable, with respect to any claims for services not covered by the benefit plan;
• To provide payment to you and/or service providers for eligible claims and services;
• To retain appropriate records with GSC;
• To protect you and us from errors, misrepresentations, fraud, and/or contravention of laws or criminal activity;
• To audit, investigate and take steps as may be needed and connected to the prevention or suppression of suspected or proven improper or fraudulent claims;
• To perform medical underwriting;
• To analyze data to help us make decisions and improve the products and services we offer;
• To combine GSC data with external data for health management purposes or programs that we offer;
• To facilitate sharing of data to monitor health outcomes;
• To anonymize the personal information and to use that anonymized information in studies, reports and other programs that we offer; and
• To perform any other activities that a person would reasonably expect are associated with the administration of your benefits plan.

We may also analyze how you use our products and services, including through our websites and other electronic means. This might include your preferences for certain products, demographics, interests and lifestyle activities. If we know this information, we can offer products and services that are more relevant to you. With this information, we might recommend other products or services offered by GreenShield that you or your dependents might be interested in, and send you details about them. You can opt to unsubscribe from our promotional marketing lists at any time, however we may still communicate with you from time to time about matters directly related to the administration of your benefits plan.

Your consent can be either express or implied. Express consent can be verbal or written. For example, when you sign an enrollment form you are giving us written consent to use your personal information to provide you and your dependents with benefits.

Consent can be implied or inferred from certain actions. For example, if you present your benefit identification card to a pharmacist/dentist in lieu of paying for a prescription/dental procedure, it can be implied as consent for the pharmacist/dentist to provide your personal information to GSC to obtain payment for the service rendered, and for GSC to process the related claim for payment and provide other services.

For our existing groups and benefit plan participants, we will continue to use and disclose your personal information previously collected in accordance with this privacy policy, unless you inform us otherwise. We will infer that consent has been obtained for the continued use or disclosure of your personal information by the processing of any existing or future benefit claims that you submit for reimbursement or access to other services.

We may collect, use or disclose your personal information without your consent in the following limited circumstances:

• Emergencies that may threaten your life, health or security. We will subsequently inform you of this disclosure;
• For legal reasons. We may be compelled to release your information by a court of law or other legal or regulatory authority. In those instances, we will only disclose the information that we are legally required to provide;
• For the purposes of investigating a breach of an agreement or a contravention of laws that has been, is being, or is about to be committed and it is reasonable to expect that disclosure with your knowledge or consent would compromise the investigation; and
• For the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that the disclosure with your knowledge or consent would compromise the ability to prevent, detect or suppress the fraud.
  In accordance with provisions provided for in the Personal Information Protection and Electronic Documents Act.

You may withdraw your consent for us to collect, use, keep, or disclose your personal information, subject to legal or contractual restrictions and reasonable notice. However, withdrawing your consent, may impact our ability to process and reimburse your claims under your benefits plan.

Depending on the product or service, we may collect or receive personal information about you and your dependents, including:

• First, Last Name, date of birth, gender, employer plan, salary;
• Address, postal code, email address, phone number(s), provincial government health ID (e.g. Ontario Health Insurance Plan); user ID/authentication;
• Banking information including account holder name, account number, transit number, and bank number;
• Claims detail information submitted to us, such as providers you have visited, prescription dispensing data and/or other information, including dependent relationship;
• Interaction and relationship data information with us, such as telephone recordings, communications (CRM data, emails, letters etc);
• Electronic/digital information such as geolocation, IP address, tracker, activities on our website/app etc; and
• How you use our products and services, including through our websites and other electronic means, and your preferences for certain products, demographics, interests and lifestyle activities.

We may collect or receive personal information from:

• Completed applications and forms;
• Your interactions with us, including engaging with us over social media and through surveys;
• Your advisor or other representative(s);
• Your plan sponsor or employer, if applicable;
• Your plan sponsor or employer’s insurance advisor and/or plan administrator, if applicable;
• Your doctor, pharmacist and/or other medical and health professionals;
• Medical facilities or providers;
• Professional regulatory bodies (e.g. College of Pharmacists);
• Governmental agencies;
• Industry drug pooling entity;
• Other carriers with which you have or have had coverage;
• Third party service providers that provide or have provided services related to the benefit plan (such as, but not limited to payroll, enrolment, claims handling services, travel assistance benefits providers, paramedical service providers); and
• Third parties, including GreenShield, to whom you have provided your consent for the collection, use and disclosure of your personal information for health-related programs.

Depending on the product or service, we may disclose personal information to:

• People, financial institutions and other parties we work with to administer the products and services we provide;
• Authorized employees, agents and representatives who need the information to complete their duties for us;
• Your advisor and any agency we work with that has direct or indirect supervisory authority over your advisor, and their employees;
• Your employer and benefit plan sponsor, as may be reasonably necessary to properly administer the benefits plan;
• Any person or third party organization you give consent to;
• People who are legally authorized to view your personal information;
• Other entities within GreenShield;
• Service providers who need this information to perform their services for us. Examples of the services include: data processing, data storage, administration of your benefits, printing and distribution services, claims analysis and fraud detection, health management programs; and
• People, organizations, and investigative bodies who work to prevent, detect, or investigate suspected fraud, breaches of agreement, or contravention of law.

When we disclose or allow access to personal information with anyone inside or outside of GSC, we will take the appropriate precautions to maintain the confidentiality of the information. This includes limiting the disclosure to what is reasonably required for the purposes listed in this privacy policy. We will attempt to satisfy requests for information in ways that do not disclose any personal information.

We keep your personal information as long as we need to for managing the products and services we provide you and for a reasonable time thereafter in order to meet our legal, regulatory and tax requirements. We have retention standards, which meet these requirements. We destroy your personal information when we no longer need to retain it, or we anonymize the information.

You can check your personal information to verify its accuracy. You can ask our Customer Service Representatives by phone at 1-888-711-1119 to obtain the personal information we hold about you, or if you have signed up for online access, you may visit our website at www.greenshield.ca and log on to the Plan Member section. There is no charge for verifying your personal information; however, depending on the circumstances, there may be a minimal charge for the retrieval of personal information that you request. We will inform you if there is a charge. If you identify information that requires correction, we will assist you in identifying the appropriate means to have the correction(s) made.

Whenever possible, we will correct any personal information which we may have given to an outside organization. If a third party has given us personal information which you tell us is wrong, we will give you the name and address of that party so that you can correct the information directly with them.

Our employees who have access to your personal information are made aware of how to keep it confidential. As a condition of employment with GSC, all employees sign an agreement requiring all information that they have access to be treated confidentially. They are also required to participate in annual security and privacy awareness training programs. We have security standards to protect our systems and your personal information against unauthorized access and use. This protects your personal information at all times when it is stored in data files or handled by our employees.

Your personal information will be kept in a secure environment using appropriate technical, physical and organizational measures designed to protect the information against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, as well as other forms of unlawful processing until it is no longer needed for the administration of the benefits plan, or as long as necessary for record retention and legal compliance purposes.

Although the sharing of personal information is inherently risky, we implement commercially-acceptable procedures to ensure our systems are secure. We will notify you in the event of a systems security breach resulting in the unauthorized release of your personal information where we assess a real risk of significant harm to you or your dependents.