Canada

Data Privacy

Introduction

BMS takes your privacy seriously and we understand that you care about how your personal information is used and shared. We will only collect and use your personal information in accordance with the terms of this Privacy Notice and in a manner that is consistent with our obligations and your rights under the law.

Please read this Privacy Notice carefully as it is intended to help you understand what information we collect, why we collect it, and how you can contact us.

If, at any time, you have any concern about how your personal information is being processed by us, please contact us at operations.ca@bmsgroup.com.


About us

BMS Canada Risk Services Ltd. (BMS) is a Canadian insurance broker registered in Ontario 863268157, whose registered office is at 979 Bank Street, Suite 200, Ottawa, ON K1S 5K5. BMS are authorised and regulated by the Registered Insurance Brokers of Ontario (RIBO). BMS Group Limited are the data controller responsible for the operation of the website at www.bmsgroup.com.

Other members of the BMS group of companies may be a data controller responsible for processing your personal information. In this Privacy Notice, references to “BMS”, “we”, “us” or “our” are to the BMS group of companies or the particular BMS group company providing services, as applicable in the circumstances. Further detail of our trading companies can be found at https://www.bmsgroup.com/regulation.


Use of the website

BMS are committed to protecting and respecting your privacy in relation to information that we may collect while operating the website. This policy together with our website Terms of Use set out the basis on which we will process any personal information which we collect from you, or which you provide to us.

Our website may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

We collect information relating to your use of the website to enable us to better understand how visitors use the website. Examples of such information include the time and date of each visitor request, the site which referred you to our website, language preference and browser type. We may also collect information relating to the use of applications, computer or device type and the version of underlying operating system and software being used. From time to time, we may release such information in the aggregate, for example by publishing a report on trends in the usage of its website.


Information that we may collect about you

In order for us to provide services and carry out our usual business activities, we need to collect and process personal information about you. The types of personal information that are processed may include:

  • Identification details
  • Financial information
  • Risk details
  • Policy information
  • Credit and anti-fraud data
  • Previous and current claims
  • Special categories of personal information

How we use your information

We will use and disclose the information we have about you in the normal course of carrying out our insurance and advisory business activities. We may also use your information for purposes which are outside of the usual insurance or advisory services lifecycle, but necessary for the proper provision of such services, such as complying with our legal or regulatory obligations. We may also use your information for limited marketing purposes as further detailed below.

We shall ensure that our personal information processing is carried out lawfully, fairly, in a transparent manner and in compliance with the data protection legislation including the Personal Information Protection and Electronic Documents Act (PIPEDA) and the office of the Privacy Commissioner of Canada. This may include entering into such other written agreements with you as may be required from time to time to enable us to comply with the data protection legislation.

We undertake to treat any and all information in our possession relating to your business as private and confidential, including personal, sensitive and special category data and we will retain this information securely to prevent unauthorised access. We have policies and procedures in place to protect, manage, and amend as appropriate for our activities and these are subject to regular audit.


Who do we share your personal information with?

Personal information that you provide to us may be disclosed to our employees, contractors, BMS group companies and third parties where required for the provision of our services or usual business activities.

We may also be required to disclose your information:

  • to our regulator to fulfil regulatory obligations;
  • to our professional advisers;
  • where we have a public duty to disclose information; or
  • where we are legally obliged to disclose the information.

Personal information will not be disclosed by us to others outside of the BMS group without your prior consent or except as is set out in this Privacy Notice.
In some circumstances, it may be necessary to transfer your information (which may include personal information and sensitive information) including to locations outside of the European Economic Area. Where this is necessary, we will take appropriate technical and organisational measures to ensure that your personal information is adequately protected. We will not sell personal information that we hold to any third party. We may aggregate and/or anonymise information and provide it to others for the purpose of sharing information and data about the activities we undertake in connection with the services. We may be remunerated in this respect.


The use of your personal information for marketing purposes

BMS will, on occasion, use information received in respect of customers or prospective customers to communicate about other BMS products, services or events that we think may be of further interest. We will only do so where the marketing can be considered a legitimate purpose allowed for by data protection legislation. Your personal information will only be used by companies within BMS for this purpose and will not be shared with third parties.

You have the right to object to our use of your personal information for direct marketing purposes whereupon we will cease such activity immediately. If you wish BMS to stop sending you marketing material you can contact us at operations.ca@bmsgroup.com.


Retention of your personal information

We will keep your personal information only for so long as is necessary or required by law or regulation and for the purpose for which it was originally collected.


Security

We maintain appropriate security standards and procedures with a view to preventing unauthorised access, use, alteration or destruction of personal information. We use leading technologies such as (but not limited to) data encryption, fire walls and server authentication to protect the security of your personal information.


Privacy notice changes

We may update this Privacy Notice from time to time at our sole discretion. Your use of the website, provision of personal information or receipt of services will constitute your acceptance of the Privacy Notice in effect at that time.


lf you have a complaint

lf you have a complaint regarding the use of your personal information by BMS then please write to operations.ca@bmsgroup.com.


Your rights in respect of personal information

Right to receive personal information
You have a right to request a copy of the personal information we hold about you. Should you wish to do so, please contact operations.ca@bmsgroup.com. Your request should make it clear what type of information you are seeking. No fee is payable for such a request. Upon receipt of your request we shall respond promptly and within one calendar month of receipt.

Correcting errors
If you think that any personal information we hold about you is wrong or incomplete, you have the right to challenge it. If the data does turn out to be wrong, we will update our records accordingly. If we believe the data is accurate after completing their checks, we will continue to hold and keep it although you can ask us to add a note to your file indicating that you disagree or providing an explanation of the circumstances.

Objecting to the use of personal information
You have the right to lodge an objection with us about the processing of your personal information. If you want to do this, you should contact us using the contact details set out above. Please be aware that under the data protection legislation, your right to object doesn’t automatically lead to a requirement for processing to stop, or for personal information to be deleted, in all cases.

Right to restrict processing
In some circumstances, you can ask us to restrict how we use your personal information. This is not an absolute right, and your personal information may still be processed in some circumstances.

Right to erasure
The right to erasure is also known as ‘the right to be forgotten’. Individuals can make a request for erasure verbally or in writing and we have one month to respond to such a request. The right is not absolute and only applies in certain circumstances.

Rights in respect of automated decision making
You have rights in respect of automated decision making, including profiling, which has legal consequences for you or similarly significant effects. Whilst we have checks and measures in place to ensure that our technology works, you can request human intervention, let us know your concerns and contest the decision if you think the automated system has reached the wrong decision.