PRIVACY POLICY

What information is collected?

---

We only collect details that are both required and relevant to our insurance applications, endorsements, and questionnaires to issue, modify, and maintain insurance for our clients. We will not share any of this information with any third parties unrelated to the process of issuing an insurance policy.

---

Why is it collected?

---

In order for the insurers we represent to calculate premium they often require personal details about your insurance history. We collect this data on behalf of the insurer under a unique contract of utmost good faith. This simply means that we operate on the highest levels of honesty and integrity as an agent for both you and the insurance companies we represent. After collecting this information it is used to determine a rate. We collect information relevant to your policy, these include details like the vehicle you drive, your driving record, and where you live. This process is wholly regulated by the Financial Services Commission of Ontario.

---

How is it collected?

---

Like most businesses we collect data through phone, fax, e-mail, or Web Site requests. Other information may be gathered from insurance reporting systems common to all brokers. We only collect this data with your consent and only if necessary to confirm application details or gather additional information.

---

Why is it kept?

---

Information is stored on encrypted terminal servers. After collection, some of this data is purged from our system after set periods of time when it is determined it is no longer relevant. Information is collected solely to assess risk and maintain contact with our clients. At Northbrook Insurance Group Inc. we do not disclose your information to third parties for marketing purposes.

---

How is it secured?

---

We secure data by using advanced encryption. We understand that the more personal data we collect the more responsibility there is to protect this data. At Northbrook Insurance we utilize forms of data encryption to ensure data privacy. Collection of data on our Web Site is secured through a HTTPS/SSL protocol that encrypts sensitive personal data in transit.

---

Who has access to this information?

---

Information gathered by brokers is to be held in the strictest confidence and is only ever referred to insurers or staff underwriters on the basis of determining a rate, coverage, or making a change to an existing policy. Only the broker who issues a quote and our staff have access to your private information. Should you wish to proceed with an insurance policy then your personal information is referred through the underwriting channel to do so. However, this information is safeguarded and secured within our Company Intranet. This Intranet is password protected and only accessible by brokers and staff.

---

To whom is it disclosed?

---

The information gathered by our brokers and underwriters is only shared with our insurance carriers, or any other parties necessary in securing insurance for our client. These parties may include, but are not limited to insurance companies, other insurance brokers or agents, credit organizations, professionals working with us such as adjusters or lawyers, financial institutions.

---

When is it disposed?

---

Private data is held only as long as it reasonably should. As an example, credit card data collected to pay for a policy is only to be kept for a very short period of time after which it is to be purged from our system.

We are committed to protecting your privacy. In doing so we have taken certain measures to protect your personal information.

1. Accountability - As brokers we have access to much of our clients personal data in order to issue a policy. We must remain accountable for protecting the privacy of this sensitive data by having all staff and producers periodically sign off on privacy commitment in our internal policies and procedures and also through confidentiality and non-disclosure agreements. Our Privacy Officer will continually review our Privacy Policy on an ongoing basis to ensure as our business processes change our commitment to privacy does not.
2. Consent - We believe in informed consent. You must be informed that personal information will be used to determine a quote or issue a policy. We ask out clients for their consent to collect, use, and disclose personal information for these reasons before issuing a policy. Customers must be informed in a meaningful way of the purposes for the collection, use and disclosure of their personal information. We must then document their consent with their signature on a Client Consent Form, meeting guidelines outset by PIPEDA and our regulatory bodies.
3. Limiting collection - The collection of information should be limited to that which is only necessary in order to process an insurance application or endorsement. It should not be used outside of the intent for which is was originally disclosed. Information gathered can only be used for the disclosed purposes for which it was collected (generally only for insurance quotes, we must maintain the client's information strictly confidential and their personal details cannot be referred to third party businesses unless with their explicit written consent as per regulatory guidelines).
4. Limiting use, disclosure, and retention - We limit the use of your personal information to what is only necessary. It is retained for necessary periods of time and if not necessary it is purged from our systems (e.g. if collecting a credit card number to process policy payment, it should be disposed of after processing payment for the policy). We destroy, erase, or render anonymous information that is no longer required for an identified purpose or a legal requirement. We keep personal information used to make a decision about a person for a reasonable period of time. (e.g. when a client meets an underwriting declination rule this should be outlined in our agency manager notes and documented should the person request to obtain the information after a decision).
5. Accuracy - We are precise when collecting information, as a description of what personal information is made available to other organizations (including third parties and subsidiaries) and why it is disclosed. We allow access for our customers to update their personal records should they request them. Please contact our Privacy Officer for your personal records by referencing the contact information on the second page of this document.. We conduct a review of security procedures periodically to ensure updates are completed as our business changes.
6. Safeguards - We protect your information in encrypted servers that require password access. Our servers are located terminally away from our local desktops and laptops. We dispose of information that does not have a specific purpose or that no longer fulfils its intended purpose. All offices use paper shredders to destroy information that is no longer required that would be considered sensitive personal data. We protect personal information against loss or theft, the more data you collect the more secure the data should be kept (a reasonable amount of protection should be used to encrypt or securely connect computers sharing the sensitive data).
7. Openness and Honesty - We have organizational controls in place on a ‘need-to-know’ basis. Selected staff and brokers only have access to information that is pertinent to their jobs. We have a duty to inform our customers, clients, and employees of why we have our information collection practices in place. We operate on a contract of utmost good faith.
8. Individual access - Appropriate measures to correct all information handling practices will be handled immediately and policies should be updated based corrective actions dealt with in each formal complaint. Passwords to terminal servers are updated periodically.
9. Challenging compliance - When a customer has an issue with the security of their private data we handle all complaints seriously. It should also be noted that all complaints must be handled, regardless of their merit. Our goal is to make the process for challenging compliance simple and easy.

---

Privacy Internet Communication

---

As the privacy of communication over the Internet cannot be guaranteed, we do not assume any responsibility for any harm, loss, or damage that might occur by the sending of personal and confidential information.

---

Consent

---

In using this site, you signify your consent to our privacy policy. If you are not in agreement, please do not use the site. We reserve the right, at our discretion, to update, change, modify, add, or remove this policy from time to time, as appropriate. Should we make changes, we will publish these on the site in a timely fashion.

---

Please do not hesitate to contact our Privacy Officer should you have any questions.

Our Privacy Officer may be contacted as follows:

---

Name of Organization: Northbrook Insurance Group Inc.
ATTN: Privacy Officer
Address: P.O. 4600 Highway 7, Suite 215, Woodbridge, Ontario L4L 4Y7
Phone: 1.844.850.6633
Fax: 905.850.6644
Email: info@northbrook.ca

---

Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information which is under our control, and may be given access to, and challenge the accuracy and completeness of that information.

Users can opt out of sharing personal information at anytime, however, some information is required to request a quote and is up to the discretion of the user.

Users can also send an email request to info@northbrook.ca or call 1-844-850-6633 to request their information to be removed from Northbrook Insurance Group Inc. records at any time.