This Privacy Notice describes the way AXIS Capital Holdings Limited (“AXIS”) collects and uses information about individuals in all locations where AXIS conducts business in Canada.
Privacy laws in Canada generally define “Personal Information” as information about an identifiable individual or by which an individual’s identity can be deduced. We will only use your Personal Information for the purposes we collected it for. If we need to use your Personal Information for an unrelated purpose, we will provide notice to you and, if required by law, seek your consent. We may use or disclose your personal information without your knowledge or consent where required by applicable law or regulation.
What type of personal information do we collect about you?
The types of Personal Information we collect about you depends on your relationship with AXIS.
If you are an insured person or potential insured, we collect personal information of the policyholder, prospective insured, and related individuals in order to determine eligibility for, underwrite, and administer insurance policies. In some instances, we may need to collect sensitive personal information, such as information about your medical and criminal history.
If you are a claimant making a claim under an AXIS policy, we may need to collect your contact information, as well as information about your claim and previous claims. We may also need to collect sensitive personal information, depending on the nature of your claim.
If you are a business partner, we will collect your business contact details.
The types of Personal Information we may collect include:
- Name, address, phone number, email
- Company affiliation
- Gender
- Marital status
- Date and place of birth
- Government identification numbers: social insurance, passport, tax, driver’s license
- Family information
- Banking information
- Health information/medical history
- Criminal history
- Credit history and credit score
- Claims/policy numbers
How do we collect information about you?
If you are an insured or potential insured, we collect information from you or your representative through the policy application process. We may also collect information about you from your family members or employer, credit reference agencies, anti-fraud databases, sanctions lists, and relevant government agencies, including public registers or databases as well as credit reference organizations.
If you are a claimant, we will collect information about you when you notify us of a claim, or if the claim is made by someone with a close relationship to you or who otherwise has authority to make a claim on your behalf. We may also collect personal information about you from others who are involved in the claim, including lawyers, witnesses, experts, and adjusters. Finally, we may consult other public sources to validate the claim or protect against fraud or other financial crime.
If you are a business partner, we will collect information about you when you or your company provides that information to us as part of the business relationship.
We may also collect information about anyone who contacts us for any other purpose using the contact form on our website. By using our website, you consent to the collection and use of your Personal Information for the purposes and terms set out in this Notice. If you have any objections to the terms in this Privacy Notice, you should not provide us with any of your Personal Information, as by providing your Personal Information to us, you will be deemed to have consented to the processing of such data. If you have any hesitations or are unsure about any of the terms contained herein, we invite you to connect with us at the contact details provided below.
Why do we collect information about you?
We may collect your Personal Information for the following purposes:
If you are an insured or potential insured:
- Account setup, including background checks
- Evaluating risks to be covered
- Risk modelling and underwriting
- Customer service communications
- Payments to/from individuals
- Direct marketing
- Complying with legal or regulatory obligations
If you are a claimant:
- Managing insurance or reinsurance claims
- Defending or prosecuting legal claims
- Investigating or prosecuting fraud
- Complying with legal or regulatory obligations
Information collected automatically online
Our website may use cookies and other technologies such as web server logs to collect information about website visitors automatically. The information collected does not directly identify anyone, but we or third parties who provide this technology may combine this information with other information about your online activities over time and across different devices and online properties. For more information on how these cookies work, please see our 'Cookies Policy'. Note that like many websites, our website is not designed to respond to "do not track" requests from browsers.
Disclosure
Sometimes we may be required to share Personal Information for legal reasons. For example, if we are required to do so by a regulation, court order, subpoena, or other legal process. We may also share information when we believe it's necessary to comply with the law or to respond to a government request, or when we believe disclosure is necessary or appropriate to protect AXIS, our clients and business partners, or others.
We may share personal information in the event of a corporate sale, merger, acquisition, dissolution, or similar event. If such an event takes place, we'll post a prominent notice on our applicable website(s) of any change in ownership, as well as any choices you may have regarding your personal information.
We may also disclose your personal information for the purposes described in this Privacy Notice to authorized employees, administrators, affiliates, vendors, service providers and other third parties in the insurance sector, such as consultants, program administrators, managing general agencies, coverholders, claims administrators, brokers, reinsurers, law enforcement, regulators and governmental entities.
Some third parties to whom we can disclose your personal information may be located outside your province of residence. Whenever we disclose your personal information, we see to the implementation of adequate risk controls and data protection measures.
Links to other websites
Our website may offer links to other websites that are not maintained by AXIS. When visiting one of these linked websites, you are subject to the other organization’s privacy notice and other policies. We are not responsible for, or able to monitor or control, the policies and practices of other organizations.
Your Access to and Control Over Information
You may opt out of any future contact from us at any time. Except as required by law, we will cease the use or disclosure of your Personal Information in accordance with your instructions as soon as practicable. You can do the following at any time by contacting our Privacy Officer (details below):
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data
In each of the foregoing cases, we will make all reasonable efforts to promptly honour your request.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the Personal Information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the Personal Information that we hold about you, or we may have destroyed, erased, or made your Personal Information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your Personal Information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
Security
We take reasonable precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
We take the following specific steps to protect your information:
- Use internal access controls so only limited personnel have access to your information.
- Anyone with access to user information is trained on all relevant security and compliance policies.
- Servers that store visitor information are regularly backed up to protect against loss.
- All information is secured through modern security technologies like secure socket layer (SSL), encryption, firewalls, and secure passwords.
All access safeguards described above are in place to prevent unauthorized access to and/or use of information stored on or transmitted by our systems.
Retention of Information
We will only retain Personal Information for as long as necessary to fulfil the purposes for which the data is collected, or as required by law. We will make reasonable efforts to remove Personal Information that is no longer relevant for the purposes for which it was collected. Information will be destroyed in a manner such that information is no longer identifiable.
Changes to this Privacy Notice
This Privacy Notice is subject to change at our discretion. We will indicate changes to the Privacy Policy by updating the “Last Updated” date at the bottom of the Privacy Notice. Your continued use of this Site after any update to this Privacy Notice will constitute your acceptance of the changes.
How to Contact Us
Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Notice to:
Contact: Data Protection Officer Email: [email protected] Address: 70 York Street, Toronto, ON M5J 1S9 Phone: +1 416-361-7200
Published: 20 March 2024 v2.1