Go To U.S.
Client Services
  Sutton Special Risk Insurance Sutton Special Risk Insurance Sutton Special Risk Insurance Sutton Special Risk Insurance Sutton Special Risk Insurance Sutton Special Risk Insurance  
Sutton Special Risk Insurance
 
Sutton Special Risk Insurance
Sutton Special Risk Insurance
sutton- Our Partners
Sutton Special Risk Insurance
Sutton Special Risk Insurance


 

About Sutton Special Risk Insurance

Privacy Policy


This document sets out the obligations of Sutton Special Risk Inc. ("the Company") with regard to data protection and the rights of people with whom it works in respect of their personal data. In order to provide our products and services, the Company is required to collect sensitive and confidential personal information from our clients. We are committed to protecting the privacy and the confidentiality of such personal information. The following Privacy Guidelines have been developed in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), HIPAA, and Lloyd’s.

Personal Information includes any information, recorded or not, about an identifiable individual. This includes information such as name, age, sex, social insurance/security number, health status, health history, financial information or benefit claims information.

Personal Information does not include the name, title, business address or telephone number of an employee or an organization.

Accountability
Sutton Special Risk is responsible for the personal information in its control, including information that may be transferred to a third party service provider performing services for, or on its behalf.

Identifying Purposes
The purposes for which personal information is collected shall be identified before or at the time of collection.

Consent
Personal information is collected, used and disclosed only with the consent of the individual, or as otherwise permitted by law.

Consent to the collection, use, or disclosure of personal information may be expressed or implied, and may be given in writing, verbally, electronically or through an authorized representative.

Individuals may withdraw their consent at any time, subject to legal or contractual restrictions and reasonable notice. Individuals will be advised of the implications of such withdrawal, which may include the termination of a policy or the inability to process a claim.

Collection
Only personal information that is necessary for the purposes identified is collected. Such information is collected directly from the individual and may, with consent or as otherwise allowed by law, be collected from other sources.

Use, Disclosure And Retention
Personal information will not be used, disclosed or retained for purposes other than those for which the information was collected, except with the permission of the individual, or as permitted or required by law.

Accuracy
Any personal information that is collected, used or disclosed shall be as accurate, complete and current as is necessary the purpose for which it is collected.

Safeguards
Personal information will be protected by safeguards appropriate to the sensitivity of the information.

Openness
Specific information about our policies and practices relating to the management of personal information will be made available upon receipt of written request addressed to the Privacy Officer.

The information made available may include:
  • a description of the personal information held, and a general account of its use;
  • the means of gaining access to personal information held;
  • a copy of these guidelines;
  • an account of personal information made available to third party service providers.

Individual Access
An individual may request to be informed of the existence, use and disclosure of personal information pertaining to him or her. Appropriate access will be provided to such information held.

Sutton Special Risk may choose to make personal medical information available only through a physician designated by the individual.

In certain situations as permitted by law, access to all personal information held with respect to an individual may not be possible. Exceptions to the access requirement will be limited and specific, and the reasons for denying access will be provided to the individual.

Individuals may request correction to their personal information held, if such information is shown to be in error.

Data Protection Procedures
The Company shall ensure that all of its employees, contractors, agents, consultants, partners or other parties working on behalf of the Company comply with the following when processing and / or transmitting personal data:
  • All emails containing personal data must be encrypted;
  • Personal data may be transmitted over secure networks only – transmission over unsecured networks is not permitted in any circumstances;
  • Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable;
  • Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted;
  • Where Personal data is to be sent by facsimile transmission the recipient should be informed in advance of the transmission and should be waiting by the fax machine to receive the data;
  • Where Personal data is to be transferred in hardcopy form it should be passed directly to the recipient. Using an intermediary is not permitted unless otherwise unavoidable;
  • All hardcopies of personal data should be stored securely in a locked box, drawer, cabinet, file room or similar;
  • All electronic copies of personal data should be stored securely using passwords and suitable data encryption, where possible on a drive or server which cannot be accessed via the internet; and
  • All passwords used to protect personal data should be changed regularly and should not use words or phrases which can be easily guessed or otherwise compromised.
Organizational Measures
The Company shall ensure that the following measures are taken with respect to the collection, holding and processing of personal data:
  • All employees, contractors, agents, consultants, partners or other parties working on behalf of the company are made fully aware of both their individual responsibilities and the Company’s responsibilities under PIPEDA, HIPAA, and Lloyd’s.
  • All employees, contractors, agents, consultants, partners or other parties working on behalf of the Company handling personal data will be appropriately trained to do so.
  • Methods of collecting, holding and processing personal data shall be regularly evaluated and reviewed.
  • All employees, contractors, agents, consultants, partners or other parties working on behalf of the Company handling personal data will be bound to do so in accordance with the principles of PIPEDA, HIPAA, Lloyd’s and this Policy by contract. Failure by any employee to comply with the principles or this Policy shall constitute a disciplinary offence. Failure by any contractor, agent, consultant, partner or other party to comply with the principles or this Policy shall constitute a breach of contract. In all cases, failure to comply with the principles or this Policy may also constitute a criminal offence.
  • All contractors, agents, consultants, partners or other parties working on behalf of the Company handling personal data must ensure that any and all of their employees who are involved in the processing of personal data are held to the same conditions as those relevant employees of the Company arising out of this Policy and PIPEDA.
  • Where any contractor, agent, consultant, partner or other party working on behalf of the Company handling personal data fails in their obligations under this Policy that party shall indemnify and hold harmless the Company against any costs, liability, damages, loss, claims or proceedings which may arise out of that failure.

Concerns, Inquiries Or Requests
Any concern inquiry or request related to privacy should be made in writing to one of the following addresses:

privacyofficer@suttonspecialrisk.com

or

Privacy Officer
Sutton Special Risk Inc.
33 Yonge Street
Suite 270
Toronto, Ontario
M5E 1G4
 
Sutton Special Risk Insurance
  © 2015 Sutton Special Risk. All Rights Reserved. Sutton Reinsurance ~ Privacy Policy ~ Home