Privacy statement

Privacy Policy

Provencher Verreault Insurance

1. Context

Assurances Provencher Verreault is a for-profit legal entity under the provincial system working as a broker in the sale and renewal of home, vehicle, and business damage insurance. The company offers damage insurance services to both individuals and businesses. As part of its activities, the company obviously processes personal information about its customers. To simplify the text of this policy the name Assurances PV is used. This policy aims to ensure the protection of personal information and to govern the way in which Assurances PV collects, uses, communicates, stores and destroys it or how it otherwise manages it. In addition, it aims to inform any interested person about the way in which Assurances PV processes their personal information. It also covers the processing of personal information collected by Assurances PV by technological means.

Financial services laws and AMF regulations

Assurances PV is subject to numerous provincial and federal laws for the financial services and insurance industry as well as the regulations of the AMF (Autorité des Marchés Financiers). In cases where there is a contradiction between Law 25 and the laws and regulations governing the financial services industry then the latter laws will take precedence over Law 25 and this privacy policy. This policy also applies the principles set out and published by the Chamber of Damage Insurance.

2. Application and definitions

This policy applies to Assurances PV, which includes in particular its officers, employees, consultants, as well as to any person who otherwise provides services on behalf of Assurances PV. It also applies to the Assurances PV website, as well as all websites controlled and maintained by Assurances PV.

It covers all types of personal information managed by Assurances PV, whether it is the information of its clients, potential or current, its consultants, its employees, its members, or any other persons (such as visitors to its websites or others).

For the application hereof, aPersonal informationis information which concerns a natural person, and which allows, directly or indirectly, to identify them. For example, this could include name, address, email address, telephone number, marital status , health information , etc.

Sensitive personal informationis information for which there is a high degree of reasonable expectation of privacy, e.g. ex. health information, banking information, date of birth, driver’s license number, etc.

Theprofessional or business contact detailsof an individual do not constitute personal information, for example an individual ‘s name, title, address, email address or work telephone number.

More particularly and for the sake of precision, within the meaning of the Act respecting the protection of personal information in the private sectorof Quebec, and as of September 22, 2023, sections 3 (collection, use, communication), 4 (conservation and destruction) and 6 (data security) do not apply to personal relating to the exercise of a function in a company, such as his name, his title, his function, as well as the address, email address and telephone number of his workplace.

These same paragraphs also do not apply to personal information that is publicunder the law, as soon as this policy comes into force.

3. Collection, use and communication

For most of our retail brokerage services, including website access, and the insurance products we offer, our policy requires that we collect only a limited amount of data. We will ask you to provide us with your last name, first name, civic address, email, telephone number, plus various specific personal information related to the nature and delivery of the insurance product.

If you are a current or potential business partner, we collect basic data about the people we communicate with, such as their names, titles and contact information.

If you apply for employment with Assurances PV, we will collect the data you provide to us by email or paper in person, such as your resume and any forms you may have to complete.

Assurances PV will also inform the individuals concerned, at the time of collection of personal information, of any other information collected, of the purposes for which it is collected.

Assurances PV applies the following general principles regarding the collection, use and communication of personal information:

Consent:

  • In general, Assurance PV collects personal information directly from the individual concerned and with his or her consent, unless an exception is provided for by law. Consent may be obtained implicitly in certain situations, for example, when an individual chooses to provide his or her personal information after being informed by this policy of use and disclosure for the purposes identified in this policy. Thus, this policy and the information it contains will be available to the person concerned at the time of collection of personal information.
  • Assurances PV must also obtain the consent of the data subject before collecting their personal information from third parties (where this situation applies), before communicating it to third parties or for any secondary use thereof. However, Assurances PV may act without consent in certain cases provided for by law and under the conditions provided for therein.
  • The data subject has the right to request assistance to understand the scope of the consent requested.

Consent (express) :

  • In the case of sensitive personal information, consent must be obtained expressly (explicitly):
  • When a company wishes to use it for purposes other than those for which it was collected (art. 12 of the LPRPSP)
  • When this information will be communicated to a third party (art. 13 al. 2 of the LPRPSP). For example, sensitive personal information is collected in the context of obtaining an automobile insurance quote. If the firm wishes to use this information to offer home insurance, express consent must be obtained separately.

Collection:

  • In all cases, Assurances PV only collects information if it has a valid reason to do so. Moreover,collection will only be limited to necessary informationwhich it needs to fulfill the intended objective.
  • Please note that Assurances PV services are not aimed at minors, and more generally, Assurances PV does not intentionally obtain personal information concerning minors.

Collection from third parties:

  • PV Insurance may have to collect personal information from third parties. Unless there is an exception provided for by law, Assurances PV will request the consent of the person concerned before collecting personal information concerning them from a third party. If such information is not collected directly from the person, but from another organization, the person concerned may request the source of the information collected from Assurances PV.

Possession and use:

Assurances PV ensures that the information it holds is up to date and accurate when it is used to decide relating to the person concerned.

PV Insurance may only use an individual’s personal information for the reasons stated herein or for any other reasons provided at the time of collection. As soon as Assurances PV wants to use this information for another reason or another purpose, new consent must be obtained from the person concerned, which must be obtained expressly if it involves sensitive personal information. However, in certain cases provided for by law,

Assurances PV may use the information for secondary purposeswithout consentof the person, for example:

  • When this use is clearly for the benefit of that person.
  • When necessary to prevent or detect fraud.
  • When necessary to evaluate or improve protection and security measures.

Limited access. Assurances PV applies measures to limit access to personal information only to employees and persons within its company who have the authority to read it and for whom this information is necessary in the performance of their duties.

Communication outside Quebec:

It could one day be possible for personal information held by Assurances Provencher Verreault to be communicated outside of Quebec, for example , when Assurances Provencher Verreault uses cloud computing services in connection with the sale of damage insurance and whose server(s) are located outside Quebec or when Assurances Provencher Verreault does business with subcontractors located outside the province.

Additional information on the technologies used:

  • Use of cookies

Cookies are data files transmitted to a website visitor’s computer by their Web browser when they visit that site and can serve several purposes.

The websites controlled by Assurances Provencher Verreault use cookies in particular:

  • To memorize visitor settings and preferences, for example for the choice of language and to allow monitoring of the current session.
  • For statistical purposes to know the behavior of visitors, the content consulted and to enable the improvement of the website.
  • We will retain this data for up to 24 months following the end of the service.

The websites controlled by Assurances Provencher Verreault use the following types of cookies:

Assurances Provencher Verreault also collects personal information through technological means such as web forms integrated into a website controlled by Assurances Provencher Verreault (for example, its contact form) as well as other platforms or form tools (e.g. Microsoft Forms).

If Assurances Provencher Verreault collects personal information by offering a technological product or service that has confidentiality settings, Assurances Provencher Verreault must ensure that these settings offer the highest level of confidentiality by default (cookies are not targeted).

4. Retention and destruction of personal information

Unless a minimum retention period is required by applicable law or regulation, Assurances PV will only retain personal information for the period necessary to achieve the purposes for which it was collected. Assurances PV keeps your personal information for a period of 10 years.

At the end of the retention period or when the personal information is no longer necessary, Assurances PV will ensure:

  1. to destroy them, Or
  2. to anonymize them (i.e. they no longer irreversibly allow the person to be identified and it is no longer possible to establish a link between the person and the personal information) to use them for serious and legitimate purposes.

The destruction of information by Assurances PV is carried out in a secure manner according to the company’s internal policies, to ensure the protection of this information.

Please contact the Assurances PV Privacy Officer (indicated in this policy) to find out more.

5. Responsibilities of PV Insurance

Generally speaking, Assurances PV is responsible for protecting the personal information it holds.

The person responsible for the protection of personal information at Assurances PV is the director of information technology and cybersecurity. He must ensure compliance with applicable legislation regarding the protection of personal information. The manager must approve the policies and practices governing the governance of personal information. More specifically, this person is responsible for implementing this policy and ensuring that it is known, understood, and applied.

In the event of the absence or inability to act of this manager, the CEO will assume the functions of the person responsible for the protection of personal information.

Assurances PV staff members having access to personal information or being otherwise involved in its management must ensure its protection and comply with this policy.

The roles and responsibilities of Assurances PV employees throughout the life cycle of personal information may be specified by any other Assurances PV policy in this regard, where applicable.

6. Data security

Assurances PV undertakes implementing reasonable security measures to ensure the protection of the personal information it manages. The security measures in place correspond, among other things, to the purpose, quantity, distribution, medium and sensitivity of the information.

Thus, this means that information that can be described as sensitive (see the definition provided in section2) will have to be subject to greater security measures and will have to be better protected.

In accordance with what was previously mentioned regarding limited accessto personal information, Assurances PV applies necessary measures to impose constraints on the rights to use its information systems so that only employees who must have access to it are authorized to access it.

7. Rights of access, rectification, and withdrawal of consent

To exercise their rights of access, rectification or withdrawal of consent, the data subject must submit awritten requestfor this purpose to the person responsible for the protection of personal information of Assurances PV, at the email address indicated in section 9.

Subject to certain legal restrictions, data subjects may request access to their personal information held by Assurances PV and request its correction if it is inaccurate, incomplete or ambiguous. They may also demand the cessation of the dissemination of personal information concerning them or that any hyperlink attached to their name allowing access to this information by technological means be deindexed when the dissemination of this information contravenes the law or to a court order.

They can do the same, or even require that the hyperlink allowing access to this information be reindexed, when certain conditions provided for by law are met.

The person responsible for the protection of personal information at Assurances PV must respond in writing to these requests within 45 days of the date of receipt of the request.

Any refusal must be reasoned and accompanied by the legal provision justifying the refusal. In these cases, the response must indicate the remedies under the law and the time limit for exercising them.

The manager must help the applicant understand the refusal if necessary. Subject to applicable legal and contractual restrictions, data subjects may withdraw their consent to the communication or use of the information collected.

They can also ask Assurances PV what personal information is collected from them, the categories of people at Assurances PV who have access to it and their retention period.

8.Process for handling complaints related to personal information

Receipt of a complaint related to the protection of personal information.

Any person who wishes to make a complaint relating to the application of this policy or, more generally, to the protection of their personal information by Assurances PV, must do so in writing by contacting the person responsible for the protection of personal information of PV Insurance, to the email address indicated in section 9.

The individual must indicate their name, contact details, including a telephone number, as well as the subject and reasons for their complaint, giving sufficient detail so that it can be evaluated by Assurances PV. If the complaint made is not sufficiently precise, the person responsible for the protection of personal information may request any additional information that he considers necessary to be able to evaluate the complaint.

Handling a complaint related to the protection of personal information.

Assurances PV undertakes to treat any complaints received confidentially.

Within 60 days following receipt of the complaint or following receipt of all additional information deemed necessary and required by the person responsible for the protection of personal information of Assurances PV to be able to process it, the latter must evaluate it and formulate a response reasoned written statement by email to the complainant.

This evaluation will aim to determine whether the processing of personal information by Assurances PV complies with this policy, any other policies, and practices in place within the organization and the applicable legislation or regulations.

If the complaint cannot be processed within this period, the complainant must be informed of the reasons justifying the extension of the deadline, the progress of the processing of his complaint and the reasonable time necessary to be able to provide him with a final answer.

Assurances PV must create a separate file for each complaint addressed to it. Each file contains the complaint, the analysis and documentation supporting its assessment, as well as the response sent to the person who made the complaint.

9. Approval

This policy is approved by the person responsible for the protection of personal information at Assurances PV, whose business contact details are as follows:

Responsible for the protection of personal information
Mr. Sébastien Lafrenière
Director of IT and Cybersecurity
620-7055 boul. Taschereau
Brossard, QC
J4Z 1A7
E-mail: [email protected]
For any requests, questions, or comments under this policy, please contact the person responsibleby email or post.

10. Publication and modifications

This policy is published on the Assurances PV website, as well as on all websites controlled and maintained by Assurances PV, to which this policy applies, in relation to the personal information collected there. This policy is also disseminated by any means likely to reach the people concerned.

We reserve the right to update this Policy at any time. The most recent version of the Policy can be consulted by visiting our website. Your use of our website may also be subject to additional terms described in the Terms of Use and elsewhere on the website.

*Notes: Please note that the use of the masculine gender is intended to simplify this policy and make it easier to read.

Last updated: 2024-04-15

    FOLLOW US