AIG INSURANCE COMPANY OF CANADA
AIG and Individual Privacy
We at AIG Insurance Company of Canada (referred to as “AIG”, “we”, “our”, or “us”) abide by these Privacy Principles and want you, our applicants, policyholders, insureds, claimants, and any other individuals who provide us with personal information (referred to as “Customers” or “you”), to be aware of how and why we handle personal information. We work hard to respect and maintain your privacy. However, the very nature of our business is such that the collection, use and disclosure of personal information are fundamental to the products and services we provide.
For the purposes of these Privacy Principles personal information means information about an identified or identifiable individual. For example: an individual’s name, birth date, address, age, health and financial information is personal information which AIG may collect, use and in certain circumstances, where necessary, disclose, in the course of providing insurance services and carrying on business.
1. Consent and Personal Information
AIG obtains consent for the collection, use, and disclosure of personal information, except where consent is not required by law. AIG does not obtain your consent for the collection, use and disclosure of business contact information. By applying for or purchasing AIG’s products and services, you are providing your consent to our collection, use, and disclosure of your personal information as set out in these Privacy Principles. AIG relies on the broker’s advice where the insurance broker tells AIG that we have a Customer’s consent to collect information.
Consent may be obtained by AIG and its affiliated companies directly or through a broker or agent, an insurance adjuster, claims administrator, investigator, or lawyer when personal information is collected for claims purposes.
An individual may decline to consent, or revoke consent, to the collection and use of personal information for insurance purposes but in that case, insurance products and related services and the assessment of applications, claims or complaints may be limited or terminated.
2. Collecting Personal Information
We may collect information directly from the individual concerned on applications for insurance and through direct interactions with us, including via AIG websites, software applications made available by us for use on or through computers and mobile devices (the “Apps”), our social media pages set forth in the links in the footer on AIG.com and other means (for example, from your application and claim forms, telephone calls, emails and other communications with us, as well as from claim investigators, medical professionals, witnesses or other third parties involved in our business dealings with you). We also collect information from various third-party sources such as: insurance brokers, adjusters, other insurance intermediaries, third party administrators, government, industry associations, and other entities that have information about you. For instance, we may obtain your driving record, claims history and/or credit history, where permitted by law, to assist us in underwriting your application for insurance. We and our service providers may supplement the personal information we collect with information from other sources, such as publicly available information from social media services, commercially available sources and information from our affiliates or business partners. This information from third parties is subject to the privacy policies under which the information was collected.
3. Using Personal Information
Personal information is typically collected and used by us for insurance purposes such as: assessing risk, processing applications for insurance coverage, establishing rates, administering insurance products, developing and improving insurance products and services and other services, including actuarial and pricing tools and risk engineering, risk management and loss prevention programs for our insurance clients, claim assessment, processing and settlement, and, where applicable, managing claim disputes. AIG also uses personal information to detect and prevent fraud, to detect, prevent, and respond to actual or suspected information security incidents, compile statistics, verify and provide information to insurance industry associations, report to regulatory or industry entities in accordance with laws and prudent insurance industry practices, and conduct market research. This may also include collecting and disclosing personal information about third parties with respect to claims made against AIG Customers. We may collect and use personal information for other purposes. We will notify you of such other purposes prior to the collection, and use of the personal information.
4. Use of Personal information for Marketing Purposes
AIG may collect and use personal information for marketing purposes, such as identifying and communicating with individuals who are most likely to find AIG products and services of interest. AIG may also disclose personal information to our affiliates to use for marketing purposes to offer you their products and services, which may be of interest to you. You may opt not to have us, or alternatively not to have our affiliates, collect, use or disclose personal information for marketing purposes in which case we and our affiliates will not use or disclose personal information for marketing purposes. Offers of upgraded or additional coverage, special offers and promotional mailings, and offers of additional products and services from our affiliates will not be sent by us or our affiliates. As an AIG customer, if you have not opted out of receiving marketing communications, you may receive marketing emails regarding AIG products and services. Each marketing email will include an unsubscribe mechanism, available for you at any time to remove your consent.
5. Accuracy of Your Personal Information
AIG maintains policies and procedures to ensure that the information we collect and use is accurate, up-todate, and as complete as possible. However, we rely on individuals to disclose all material information to us and to inform us of any changes required. A request to access or correct your personal information in our possession may be made by contacting the Privacy Officer at the address set out below in the section titled “Contacting the Privacy Officer,” and by providing valid proof of your identity.
6. Safeguarding Your Information
We apply appropriate safeguards to our computer networks and physical files. We restrict access to personal information to those AIG employees and non-employee workers, independent third-party service providers or technology service providers (“Authorized Administrators”) reinsurers, consultants or insurance representatives who need to know that information in order to underwrite, adjudicate or administer insurance products and services.
7. Disclosure of Personal Information
Personal information is disclosed by us to both affiliated and unaffiliated insurance companies, reinsurers, insurance and reinsurance brokers and other intermediaries and agents, appointed representatives, distributors, financial institutions and insurance industry organizations at the time of assessing an application for insurance and any renewal, extension, variation or cancellation of any issued policy, as well as in the event of any claim, to the extent necessary for statistical purposes or to assess and rate a specific risk, determine the status of coverage, and to investigate, administer and provide updates regarding claims. We also share information to investigate allegations of fraud; to detect, prevent, and respond to actual and suspected information security incidents; where permitted or required by law; to protect and defend legal claims; and, at the request of government institutions in accordance with applicable law.
AIG may retain an affiliated company, a reinsurer, or an Authorized Administrator to perform on our behalf certain functions in support of the products and services we provide. Such functions could include the underwriting, offering or administering of AIG insurance products and services or any related claims. Accordingly, in certain instances these affiliates or third parties require your personal information to the extent that it is necessary in the performance of those specific reinsurance, underwriting, marketing, consulting, administrative, analytical, rehabilitative, claims, investigation, reporting or related services. AIG obligates these affiliates and third parties to use and take steps to protect personal information in accordance with the requirements of these Privacy Principles.
Some AIG affiliates and Authorized Administrators may be located outside of the province in which you reside or in another foreign jurisdiction outside of Canada. When this occurs, the collection, use and disclosure of personal information will be subject to the laws of the jurisdiction in which it is situated. By communicating personal information to us, applying for and/or acquiring the products and services of AIG, you hereby consent to the AIG affiliates or Authorized Administrators located outside of Canada accessing, processing or storing your personal information (as the case may be) and disclosing such personal information as required by the governing laws of that jurisdiction. If you would like to obtain more information about our use of Authorized Administrators or any other service providers located outside of Canada, please contact the Privacy Officer at the address set out below in the section titled “Contacting the Privacy Officer”.
AIG may transfer your personal information as an asset in connection with any contemplated or actual sale, merger or other disposal of all or part of our business or assets, or as part of a corporate reorganization or other change in corporate control, including for the purposes of determining whether to proceed with such a transaction or fulfilling any records or other reporting requirements to such parties. In such circumstances, we will ensure that any transfer of personal information is handled by us in accordance with applicable law using appropriate data protection and security measures.
8. Retention and Access to Your Personal Information
We retain personal information for the purposes described in these Privacy Principles but only for so long as is necessary to achieve the purpose(s) for which the personal information was collected and as required by law. Personal information is stored at one of our offices in Canada, or at a location of one of our affiliates or Authorized Administrators in the United States or another foreign country, as defined under Section 7 - “Disclosure of Personal Information” above. Access to your personal information is limited to our employees and non-employee workers, agents, insurance intermediaries, reinsurers, and Authorized Administrators who need access in order to perform their job or provide services.
In addition, as financial services institution, we are required to comply with regulated minimum retention periods for personal information. We will provide you with further information, if applicable, to inform you of how we collect and use your personal information.
- If we retain personal information to comply with a regulatory requirement, we will keep the information for as long as required to comply with that obligation.
- If we retain personal information in order to provide a product or service (e.g insurance policy issuance or claims handling), we will keep the information for as long as the product or service is provided, and for a certain time period following expiry of the policy and the handling of any related claim.
The number of years varies depending on the nature of the product or service provided. For certain insurance policies it may be necessary to keep the personal information for several years after the expiry of the policy. Among other reasons, we retain the information in order to respond to any queries or concerns that may be raised at a later date with respect to the policy or the handling of a claim.
For further information about the period of time for which we retain your personal information, please contact the Privacy Officer at the address set out below in the section titled “Contacting the Privacy Officer.”
A request to access information in our possession may be made by contacting the Privacy Officer at the address set out below in the section titled “Contacting the Privacy Officer”. The right to access information is not absolute. Therefore, AIG may decline access to personal information about you that we have under our control, subject to any legal restrictions. Such instances of refusal may include but are not limited to the following:
- the information is subject to solicitor/client privilege;
- the information would reveal personal information about a third party;
- the information could compromise the investigation of a claim; or
- the information is confidential commercial information.
We may charge a reasonable fee in advance for copying and sending information you have requested and to which you have a right of access.
You may also request that we correct inaccurate personal information about you by contacting the Privacy Officer. The right to access information is not absolute. Therefore, AIG may decline to modify personal information that we have about you under our control under certain circumstances, subject to any legal restrictions (for example, if we have evidence to support the fact that the personal information is accurate).
9. Contacting the Privacy Officer
Requests for further information about our privacy policies and practices, personal information access or correction, or any concerns about how we handle your information with AIG should be referred to our Privacy Officer, as follows:
Mail: AIG Insurance Company of Canada 120 Bremner Blvd. Suite 2200 Toronto, ON Canada M5J 0A8
Toll-free phone: 1-800-387-4481
10. Internet Privacy Practices
We may collect your personal information through AIG websites or mobile applications. All personal information collected through our websites and mobile applications are subject to these Privacy Principles.
We may collect other personal information (“Other Information”) through our websites or mobile applications that may or may not reveal your specific identity. Other Information includes but is not limited to:
- browser information and settings;
- computer or mobile device information (such as device IDs)
- information collected through cookies, pixel tags, and other technologies;
- demographic information and other similar information provided by you;
- information about your physical location; and
- aggregated information.
We and our third party service providers may collect Other Information in a variety of ways, including, but not limited to, the following:
- Through your internet browser: Certain information is collected by us through your internet browser by most websites, such as your IP address (that is, your computer’s address on the internet), screen resolution, operating system type (e.g., Windows or Mac OS) and version, internet browser type and version, time of the visit and the page or pages visited. We use this information for purposes such as calculating our website usage levels, helping diagnose server problems, and administering our website.
- From you: Some information (for example, your location or preferred means of communication) is collected when you voluntarily provide it. Unless combined with personal information, this information may not identify you personally.
- Using your physical location: We may collect the physical location of your device by, for example, using satellite GPS, cell phone tower or WiFi signals. We may use your device’s physical location to provide you with personalized location-based services and content, for example, to provide location based reminders or offers when using applications. We may also share your device’s physical location, combined with information about what advertisements you viewed and other information we collect, with our marketing partners to enable them to provide you with more personalized content on our behalf and to study the effectiveness of advertising campaigns. In some instances, you may be permitted to allow or deny such uses and/or sharing of your device’s location, but if you choose to deny such uses and/or sharing, we and/or our marketing partners may not be able to provide you with the applicable personalized services and content. In addition, we may obtain the precise geolocation of your device when you use our mobile applications for purposes of providing travel or other assistance services to our clients who are enrolled in such services. In connection with providing travel or other assistance services, we may share your device’s precise geolocation information with our clients and other entities with whom we work. You may opt-out of our collection and sharing of precise geolocation information by deleting the mobile application from your device, by disallowing the mobile application to access location services through the permission system used by your device’s operating system, or by following any additional opt-out instructions provided in the privacy notice available within the mobile application.
- By aggregating information: We may share non-personally identifiable information collected from you and/or from your use of our Apps with our third party service providers in an anonymous and aggregated form for data analytics and to ensure you receive a better consumer experience, in order to improve and modify our products and services.
Please note that we may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as personal information under applicable law, then, in addition to the uses listed in this “Website Privacy Practices” section, we may use and disclose Other Information for all the purposes for which we use and disclose personal information.
11. Third Party Websites
These Privacy Principles do not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any website to which our website contains a link. The inclusion of a link on our website does not imply endorsement of the linked site by us or by our group companies.
12. Use of Site by Minors
Our website is not directed to individuals under the age of 18, and we request that these individuals do not provide personal information through our website.
13. Access Requests and Automated Decision Making
- You may submit a request to be informed of the types of personnel who may have access to your personal information within AIG.
- You may request that AIG cease disseminating your personal information or de-index any hyperlink attached to your name if the dissemination of the information contravenes the law or a court order. Under certain conditions prescribed by law, you may request AIG re-index the hyperlink to provide access to your personal information.
- As part of our business operations, we may render a decision based exclusively on an automated processing of your personal information. These decisions are made using automated computer software and systems without independent human judgment so that we may determine the type of product or services we are able to offer you. When automated decision making is used, we will provide you with more information prior to or at the time we intend to make the decision. You have the right to submit questions, comments, or complaints to the Privacy Officer at the address set out above in the section titled “Contacting the Privacy Officer”.
14. Changes to these Privacy Principles
AIG Canada reserves the right to modify these Privacy Principles from time to time. If these Privacy Principles change materially, we will take reasonable measures to notify you, including posting a copy of the revised Privacy Principles to our website. Accordingly, we recommend that you review our current Privacy Principles from time to time at Aig.ca.
Last Updated: October 2023