Updated on September 19, 2023
The protection of your personal information is of utmost importance to us.
Also, when purchasing a Blue Cross product, our various insurance policies include specific provisions regarding the handling and protection of personal information.
Feel free to contact us if you have any questions about how your personal information is handled (see below for contact information).
Canassurance Hospital Service Association (operating in Canada in the provinces of Quebec and Ontario as Québec Blue Cross®, Ontario Blue Cross™ and Blue Cross Canassurance®) and its subsidiaries Canassurance Financial Corporation and Canassurance Insurance Company (collectively, “Blue Cross”, “we”, “us” and “our”) acknowledge our obligation to adopt, implement and maintain procedures that meet and comply with the requirements of the Personal Information Protection and Electronic Documents Act (PIPEDA) and any other applicable provincial privacy legislation in the conduct of their business .
We are committed to establishing a transparent process to respect our customers’ privacy and we undertake to comply with the following statements concerning the manner in which we collect, use, disclose and manage personal information in our possession and under our control that can be used, directly or indirectly, to identify a person (“you,” “your” and “yours”).
We regularly update our Policy, which is written as transparently as possible in clear and simple language. We want to help you better understand our privacy practices.
By providing us with your personal information, you consent to our collection, use, retention and disclosure of your personal information in accordance with this Policy, as amended from time to time, or in any other manner in accordance with applicable privacy legislation.
Your consent is required when you purchase an insurance product, file a claim, or at any other time when the collection of new personal information is required in the course of our business relationship with you. Note that, subject to applicable legislation, your consent may be given explicitly, verbally or in writing, or in some cases, implicitly.
By providing us with the requested information, including, without limitation, your personal information, you certify that this information is true, accurate and complete in all respects, and you acknowledge that we rely on such information to provide you with information, products or services.
You can withdraw your consent to our collection, retention, use and disclosure of your personal information at any time, subject to legal restrictions.
However, if you withdraw your consent, you understand that it may have an impact on our business relationship with you. For example, we may be unable to provide you with insurance coverage, assistance or other products or services. In some cases, even if you withdraw your consent, we may continue to retain, use and disclose your personal information due to our legal or contractual obligations.
If you refuse to allow us to collect some kinds of personal information, we may be unable to provide you with the requested product or service.
When we collect personal information, by the means deemed most appropriate, we inform you of the manner in which your personal information is collected, used and disclosed and we obtain your consent before or during its collection.
We collect your personal information in person, through our website, by mail, email, online chat or telephone. For example, we may collect your personal information when you use our website, submit an insurance application, fill out one of our forms, purchase one of our products, use one of our services, or communicate with us.
Directly from you
We may collect your personal information directly from you or through our representatives, including our brokers and other authorized representatives.
Directly from a related person
Depending on the product or service we offer, we may collect information from a third party related to you, such as a parent, spouse, or other dependent, for example. We ask for their consent to collect your personal information, and they certify that they have obtained your consent to provide it to us. Note that even if we obtain your personal information from a related person, you always retain the right to access and correct it.
From other sources
Depending on the product or service we offer, we may also collect personal information from other sources, including, without limitation, any physicians, health professionals, hospitals, clinics, pharmacies, other medical or related institutions, insurance companies, governments or regulatory authorities, or other organizations, institutions or persons holding records or information about you or your health. In all cases, we undertake to obtain your consent prior to collecting your personal information, whether it is collected by us directly or through a third party (except to the extent that collection from a third party is authorized by law).
We only collect personal information that is necessary for us to provide you with our insurance products and services, fulfil our obligations, and any other purposes identified prior to the collection. As part of our business relationship with you, we may collect personal information about you that includes:
Information about your products and services
Information about communications arising from your relationship with us
These are just examples. Some of this personal information is collected only for specific products and services. As a result, we do not collect personal information associated with these products and services if you have not purchased them. For example, trip-related information is only collected for products that include travel insurance coverage.
Depending on the interactions we may have with you, and subject to the uses permitted by law, personal information that you provide to us or that is collected from a third party may be used for the following purposes:
To verify your identity
To determine your eligibility for products and services that you request
To administer your products and services
For internal administrative purposes
- When we have anonymized it
- When we obtain the express consent of the individual in question
- When its use is for compatible purposes
- When its use is clearly to the benefit of the individual in question
- When its use is necessary for other purposes prescribed by law
We limit the information we provide to authorized individuals to that which they need to perform their duties.
For the above-mentioned purposes, we may disclose your personal information to certain third parties to which it must be provided for the purposes for which it is collected, including:
Within our organization
Within our organization, access to your personal information is limited to authorized employees, officers, directors, mandataries, consultants, agents and representatives who require it to perform their duties.
Partners and providers
In our contracts with these partners and service providers, we provide for the protection and handling of your personal information. Among other things, we require them to maintain the confidentiality of this personal information, to use it solely for the purposes of the contract, to destroy it at the end of the contract, to notify our Chief Privacy Officer of any breach or attempted breach of confidentiality obligations, and to authorize audits of their confidentiality obligations by our Chief Privacy Officer.
Entities to which you have given your consent to share your personal information with us
Other entities authorized by law or regulation
Authorities, courts, and other law enforcement agencies
We may need to share some of your personal information when required by law, as in the case of a search warrant, court order or subpoena. We may also be required to disclose your personal information to regulatory authorities such as the Autorité des marchés financiers (AMF).
Employee training and supervision
Protecting the confidentiality of our customers’ personal information is important to us. Our staff places a high value on our security and privacy policies. We provide excellent mandatory privacy training and awareness programs to all our employees. We are committed to enforcing our Policy at all times in accordance with applicable privacy legislation.
We follow industry best practices to safeguard the personal information we hold and protect against loss, theft, unauthorized access, disclosure, reproduction, use or modification. For this purpose, we have also implemented reasonable, appropriate and consistent procedures, practices and standards, including those established by the AMF.
We apply security measures that can take several forms:
Administrative security measures
Physical security measures
Technological security measures
All data is classified according to criteria based on its level of integrity, availability and confidentiality. Appropriate security measures vary based on this classification. Sensitive data such as personal information is protected accordingly.
Your business relationship with us may require you to share confidential information with us by email. However, you must understand that we cannot guarantee the security of all personal information you send us by email. Please be aware that you send such information at your own risk. In addition, when you communicate with us by email, you authorize us to communicate with you by email. To ensure your security and the protection of your personal information when sharing personal information by email, you can use encryption software or a password.
In addition, we have also created a secure site for filing documents available at https://qc.bluecross.ca/depot for Quebec Blue Cross and https://on.bluecross.ca/depot for Ontario Blue Cross. We recommend that you use this site to share personal information with us.
Generally speaking, we try to retain your personal information only as long as necessary for the purposes for which we obtained it. However, you must understand that in order for us to govern ourselves as insurers in accordance with industry best practices, in particular those regarding fraud detection and insurance risk assessments, or to comply with legal or regulatory requirements, we may be required to retain your personal information for longer periods of time. To this end, we have established a data retention schedule that we make available to all our employees. This schedule helps our team better manage your personal information and ensure that it is retained in accordance with the legislative and regulatory requirements we are subject to.
At the end of the retention period provided for in our data retention schedule, your personal information will be securely destroyed and/or anonymized in accordance with applicable legislation, industry best practices and security practices we adopt from time to time. To be clear, “anonymization” means the irreversible removal of information so that you can no longer be identified, directly or indirectly.
Your personal information is hosted and processed on our servers and servers owned by our third-party providers. We take all necessary steps to ensure your personal information is protected in accordance with applicable privacy laws and this Policy.
In addition, please bear in mind that all paper documents we receive that contain personal information about you are stored in our computer systems. Indeed, for safety and environmental reasons, we now promote a paperless culture. As a result, we have been digitizing paper documents for several years and we encourage our customers to use our electronic forms and other digital communications to reduce paper use.
Note as well that your personal information may be stored and disclosed outside of your province of residence and/or Canada. For example, your personal information may be stored on cloud solutions, which may require the transfer of data outside your home province or even Canada. By providing us with your personal information, you are consenting to the transfer of this personal information outside your province of residence, including to countries other than Canada. If your data is transferred outside Canada, local government authorities may have access to it, in accordance with the applicable legislation of the country in question.
Upon receipt of a written request from you, we will provide you with access to your personal information so that you may verify its accuracy or completeness and, if necessary, request that the information be updated and/or corrected. Your request must be detailed enough to allow us to verify your identity as well as identify the personal information that you wish to access.
You may request a copy of your personal information that is in our possession. However, a reasonable fee may be required to cover the costs of transcription, reproduction and handling. You will be informed of the costs prior to reproduction.
If you believe that the personal information we have about you is inaccurate, incomplete or ambiguous, or if the collection, disclosure or retention of this information is not authorized by law, you may request a correction in writing. We will then make the appropriate changes as required. Your application must be detailed enough to allow us to verify your identity as well as identify the personal information that you wish to correct.
You may make a written request to delete personal information about you if it is out of date or not relevant to the purpose of the file. Beyond these rights, we may refuse any request to delete your personal information. In particular, we may refuse a request to delete your personal information if its retention is required as part of our activities as insurers, if it is necessary to comply with any legislative, regulatory or contractual obligations, or for any other purpose that justifies its retention.
You may first submit a complaint about your personal information. We investigate all complaints. Following the investigation, if the complaint is justified, we will take all necessary steps to correct the situation.
If you believe that your personal information has not been handled in accordance with the law, you may also file a written complaint with a privacy control authority.
Your requests and complaints are very important to us. Processes have been established to ensure that your requests are processed within 30 days of receipt. Please note that in certain circumstances permitted under applicable legislation, the 30-day period may be extended.
For more information regarding the handling of your personal information, or to make a request or complaint regarding its handling, see the relevant sections of this Policy or write to:
Chief Privacy Officer
Canassurance Hospital Service Association and its subsidiaries
1981 McGill College Avenue, Suite 105
Montreal, Quebec H3A 0H6
When the law allows us to send you commercial electronic messages, or when you consent to receive commercial electronic messages from us, you understand that this correspondence may include our newsletter, information content, exclusive product and service offers, or invitations to participate in contests.
You may withdraw your consent at any time by writing to us at the following email address whether you are in Quebec or in Ontario: firstname.lastname@example.org. Note that you can also always unsubscribe from Blue Cross commercial e-mails by clicking on the "Unsubscribe" link at the bottom of the e-mail.
When you unsubscribe, we will remove you from our lists within 10 business days, in accordance with the provisions of Canada’s anti-spam legislation.
The Blue Cross virtual assistant was created to answer your general questions only. This tool cannot advise you on the purchase of an insurance product. For reasons of confidentiality, please do not transmit your personal information during your interactions with the virtual assistance. Please be aware that your interactions with our virtual assistant may be recorded while you use it.
Our websites may contain links to third-party websites or applications. You understand that these third parties may be able to collect and disclose your personal information. When you leave our site, our Policy no longer applies. Note that we have no control over the personal information practices of these third-party sites. It is your responsibility to consult their privacy policies.
A cookie is a text file containing small amounts of information that is used by a website to record certain information about your browsing activity on the device you used to connect to the Internet. Most web pages contain elements from multiple web domains and your browser may receive cookies from many sources when browsing our website.
Strictly necessary cookies
Strictly necessary cookies are essential for the website to function and allow you to navigate the site and access its features. You cannot disable these cookies. You can configure your browser to block or be informed of these cookies, but this may affect some parts of the website.
Functionality cookies are used to enhance and customize website functionalities and optimize the user experience on our website. You may disable these cookies. In that case some or all of these services may not work properly.
Performance cookies are used to measure website audience and content performance. You can disable these cookies.
Advertising and marketing cookies
Advertising and marketing cookies also help us better understand your preferences in order to personalize content for you. They can be used to profile your interests and show you relevant advertising on other websites. This kind of cookie does not affect navigation quality on the website or basic website features. You can disable these cookies. In that case, we will be unable to provide you with targeted advertising.
You can refuse the use of these cookies which are not necessary for the proper functioning and security of our website.
Web browsers usually also let you control most cookies in their settings. For more information, please see the instructions on your web browser’s website. However, some services will not work or will work only partially if the cookies are disabled.