Reinsurance
Product Family
Resources and Tools
About AXA XL
About AXA XL

Canada - Privacy Notice

By means of our general privacy notice disclosure and this Canada specific privacy notice, we inform you about the processing of your personal data by AXA XL and the rights that have been granted to you in accordance with applicable Canadian data protection legislation. If you would like to exercise one of those rights or us to take action on your personal data subject to local laws and regulations, you can submit a request here.

AXA XL, together with other members of its group, including but not limited to those listed at https://axaxl.com/insurance/our-companies and https://axaxl.com/reinsurance/our-companies (AXA XL or we or us) are committed to compliance with data protection laws. This Privacy Notice describes how AXA XL collects, uses, shares and secures your personal information and non-personal confidential information when we provide our services as an insurance and reinsurance business. It also describes your choices regarding use, access and correction of your personal information. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.

1. Data Controllers responsible for the Processing of your Personal Data

Catlin Canada Inc.
100 Yonge St Suite 1200
Toronto, ON, M5C 2W1
Canada

XL Services Canada Ltd
First Canadian Place
100 King Street West St Suite 3020
Toronto, ON, M5C 1C9
Canada

We recognise the importance of protecting the privacy and the rights of individuals in relation to their personal information. This document is our privacy policy and it tells you how we collect and manage your personal information.

We respect your rights to privacy under the Personal Information Protection and Electronic Documents Act (S.C. 2000, c.5) (Act) and we comply with all of the Act’s requirements in respect of the collection, use, management and disclosure of your personal information.

If you require further information about how we deal with your personal data under European Economic Area (EEA) data protection laws, please refer to AXA XL’s European Privacy Notice at https://axaxl.com/privacy-and-cookies or contact our Privacy Officer using the details further below.

What is your personal information?

When used in this privacy policy, the term “personal information” has the meaning given to it in the Act.  In general terms, it is any information about you, including information that can be used to identify you.  This may include identifying information such as your name, date of birth, address, telephone number, email address and profession or occupation as well as information about you such as financial information and health information.

Consent

We rely on your consent to collect, use, retain and disclose your personal information, except where consent is not required by law.  When you apply for or purchase our products or services and you provide us or one of our brokers with the requested personal information for that purpose, we rely on your implied consent to the collection, use, retention, disclosure of your personal information as set out in this privacy policy.  Where we or one of our brokers has asked to you sign a form indicating your consent or to confirm your consent verbally, we rely on your express consent in those circumstances. In some cases, consent is not required under applicable law, such as where the personal information is specified in the regulations to the Act or where the Act sets out specific exceptions to the consent requirement.

What personal information do we collect and hold?

We may collect the following types of personal information:

  • your contact details, including your name, mailing or street address, email address, telephone number and facsimile number;
  • your employment details, including your profession, occupation or job title, your employer’s details and salary;
  • your financial details, including your tax file number, lists of personal assets and banking details;
  • other personal information that may be specific to the insurance policy you are taking out with us, such as your age or birth date, names and contact details of any dependents or beneficiaries, claims history, criminal history, driving history, aviation history, details of property to be insured and health and medical information;
  • your employment-related information if you apply for a position with us;
  • details of the products and services you have purchased from us or which you have enquired about, together with any additional information necessary to deliver those products and services and to respond to your enquiries; and
  • any additional information relating to you that you provide to us directly through our websites or indirectly through use of our websites or online presence, through our representatives or your agents or representatives (such as brokers), or otherwise.

We may also collect some information that is not personal information because it does not identify you or anyone else. For example, we may collect anonymous answers to surveys or aggregated information about how users use our website.

In certain instances, we may be required to collect your name, address, date of birth and other verification information under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (S.C. 2000, c. 17) and its regulations.

How do we collect your personal information?

Except where we collect your personal information from third parties as described below, we collect your personal information directly from you unless it is unreasonable or impracticable to do so. When collecting personal information from you, we may collect it in various ways including:

  • when you complete an application or order for an insurance policy;
  • when you request changes to your insurance policy;
  • when you make a claim or when we investigate a claim under your insurance policy;
  • through your access and use of our website;
  • during conversations between you or your representatives and us or our representatives; or
  • when you apply for a position with us.

We may also collect personal information from third parties including:

  • people who are involved in insurance decisions and claims such as investigators, claims adjusters, actuaries, professional advisors, medical practitioners, hospitals and other health care providers and third-party claims managers;
  • our related bodies corporate;
  • publicly available sources, including government registries;
  • brokers, third party administrators, insurance intermediaries, other insurance companies, reinsurers and reinsurer associations, cedants and cover holders or other underwriting organisations; and
  • other external organizations such as recruitment agents, service providers, credit reporting agencies and financial institutions, insurance industry associations, law enforcement agencies and other government entities or any other third parties other than those listed above who assist us with complaints made by you or with incidents and claims involving you.

Credit Bureaus

To help us make credit decisions about you, prevent fraud, verify your identity and prevent money laundering, we may, on occasion, request information about you from the files of consumer reporting agencies with your consent.

What happens if we can’t collect your personal information?

If you do not provide us with the personal information described above, some or all of the following may happen:

  • we may not be able to provide the requested products or services to you, either to the same standard or at all;
  • we may not be able to process or consider your claim;
  • we may not be able to provide you with information about products and services that you may want;
  • we may be unable to communicate with you or on your behalf regarding a claim;
  • if you are applying for a position with us, we may be unable to consider your application for a position; or
  • we may be unable to tailor the content of our websites to your preferences and your experience of our websites may not be as enjoyable or useful.

For what purposes do we collect, use, retain and disclose your personal information?

We collect personal information about you so that we can perform our business activities and functions and to provide best possible quality of customer service.

We collect, use, retain and disclose your personal information for the following purposes:

  • to provide products and services to you and to send communications requested by you;
  • to assess risk, underwrite and establish rates for insurance coverage, process applications for insurance coverage, and administer insurance products;
  • to reinsure insurance risks;
  • to determine and verify identity;
  • to process, investigate, evaluate, and respond to any claim and to manage and administer claims and claims payments;
  • to answer enquiries and provide information or advice about existing and new products or services;
  • to communicate with you and to others on your behalf in relation to your rights and any claims;
  • to conduct business processing functions including providing personal information to our related bodies corporate, contractors, service providers or other third parties such as insurance industry associations;
  • to compile statistics and perform analyses of our business;
  • to detect and prevent fraud;
  • for the administrative, marketing (including direct marketing), planning, product or service development, quality control and our analysis and research purposes;
  • to provide your updated personal information to our related bodies corporate, contractors or service providers;
  • if you have applied for a position with us, to evaluate and process your application;
  • to update our records and keep your contact details up to date;
  • to process and respond to any complaint made by you;
  • to respond to requests by third parties in accordance with the rules of court related to the production of documents; and
  • to monitor and investigate transactions and to comply with any law, rule, regulation, legal process, lawful and binding subpoena, warrant or court order, or any determination, decision or direction of a regulator, or in co-operation with any governmental authority of any country.

Your personal information will not be shared, sold, rented or disclosed other than as described in this Privacy Policy.

To whom may we disclose your information?

We may disclose your personal information to:

  • claims investigators, actuaries, underwriters, professional advisors, third party administrators and third party claims managers;
  • our related bodies corporate;
  • brokers, reinsurers, cedants and cover holders or other underwriting organisations;
  • contractors or service providers for the purposes of operation of our website or our business, fulfilling requests by you, and to otherwise provide products and services to you including, without limitation, web hosting providers, IT systems administrators, mailing houses, couriers, payment processors, data entry service providers, electronic network administrators, debt collectors, and professional advisors such as accountants, management, finance, operations and compliance staff, legal advisors, business advisors and consultants;
  • to a witness or another party to a claim made by you, to a repairer, supplier, an organisation that provides you with banking facilities, engineers, property appraisers and any other expert that we may need to engage for the purpose of claims assessment;
  • injury management providers including medical practitioners, rehabilitation advisers and health care providers;
  • suppliers and other third parties with whom we have commercial relationships, for business, marketing, and related purposes; and
  • any organisation for any authorised purpose with your express consent.

We may also disclose your personal information to a counterparty to a corporate transaction and their professional advisors as part of any sale, merger, financing, corporate reorganization, change in control or other business transaction involving all or part of our business or assets. In such cases, the information recipients will be required to limit their use of the information for the purposes of due diligence and completion of the transaction, and will be subject to strict non-disclosure obligations. Any post-closing use and disclosure of your personal information will be limited to the purposes set out in this policy or for such other purposes for which you may provide your consent.

Marketing materials

We or our related bodies corporate may send you marketing communications and information about our products and services that we consider may be of interest to you. These communications may be sent in various forms, including mail, SMS, fax and email, in accordance with applicable laws, such as Canada’s anti-spam legislation[i] (CASL). We will either rely upon our existing business relationship with you, another form of implied consent or an exemption under CASL, or we shall seek your express consent to send you those direct marketing communications by any of those methods. If you indicate a preference for a method of communication, we will endeavour to use that method whenever practical to do so. In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details below) or by using opt-out facilities provided in the marketing communications and we will then ensure that your name is removed from our mailing list and the lists of our related bodies corporate.

We do not provide your personal information to other organisations for the purposes of direct marketing.

Retention

We retain personal information for only as long as necessary to fulfil the purposes for which it was collected, unless a different retention period is required by law.

How can you access and correct your personal information?

You may request access to any personal information we hold about you at any time by contacting us (see the details below).  Where we hold information that you are entitled to access, rectify or request disposal of we will try to provide you with suitable means of accessing it (for example, by mailing or emailing it to you).  We may charge you a fee to cover our administrative and other reasonable costs in providing the information to you.  We will not charge for simply making the request and will not charge for making any corrections to your personal information.

There may be instances where we cannot grant you access to the personal information we hold.  For example, we may need to refuse access in the following situations:

  • The information is subject to legal privilege;
  • The information would reveal personal information about other people;
  • The information could compromise the investigation of a claim;
  • The information is confidential commercial information;
  • The information was collected for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province; or
  • The information was generated in the course of a formal dispute resolution process.

If we are not able to provide access, we will give you written reasons for any refusal.

If you believe that personal information we hold about you is incorrect, incomplete or inaccurate, then you may request us to amend it.  We will consider if the information requires amendment.  If we do not agree that there are grounds for amendment, then we will add a note to the personal information stating that you disagree with it.

What is the process for complaining about a breach of privacy?

If you believe that your privacy has been breached, please contact our Privacy Officer using the contact information below and provide details of the incident so that we can investigate it.

We request that complaints about breaches of privacy be made in writing, so we can be sure about the details of the complaint after we have completed our enquiries, we will contact you to advise the outcome and invite a response to our conclusions about the complaint.  If we receive a response from you, we will assess it and advise if we have changed our view.

Do we disclose your personal information to anyone outside of Canada?

We may disclose personal information to entities located outside of Canada for the purposes listed above. These entities include the following:

  • our related bodies corporate, located in over 50 cities around the world. A list of those countries can be found on our website (www.axaxl.com);
  • our suppliers and service providers, located in the United States, India and Poland; and
  • other third parties located in foreign countries where it is necessary for the purposes of processing.

We take reasonable steps to ensure that the foreign recipients of your personal information do not breach the privacy obligations relating to your personal information. However, the laws of the recipient jurisdictions may provide for a different level of protection for personal information than is provided under Canadian laws and while the information is situated in such other jurisdictions it may be accessed by the courts, law enforcement and national security authorities.

Please contact the Privacy Office for more information on our policies regarding our use of service providers located outside of Canada.

Security

We take reasonable physical, organizational and technical steps to ensure your personal information is protected from misuse and loss and from unauthorised access, modification or disclosure.  We may hold your information in either electronic or hard copy form. Among the steps taken to protect personal information are:

  • premises security;
  • restricting file access to personal information on a “need to know” basis;
  • following least privilege access principles with respect to personal information, meaning that access by those with a “need to know” is limited to the minimum amount of information required to perform a task;
  • deploying technological safeguards such as firewalls and intrusion detection systems designed to identify and prevent hacking or unauthorized computer access;
  • logging system access IDs and time of access; and
  • documenting internal password management and security practices and policies.

As our website is linked to the internet, and the internet is inherently insecure, we cannot provide any assurance regarding the security of transmission of information you communicate to us online.  We also cannot guarantee that the information you supply will not be intercepted while being transmitted over the internet.  Accordingly, any personal information or other information which you transmit to us online is transmitted at your own risk.

Links

Our website may contain links to other websites operated by third parties.  We make no representations or warranties in relation to the privacy practices of any third-party website and we are not responsible for the privacy policies or the content of any third-party website.  Third party websites are responsible for informing you about their own privacy practices.

Recruitment

We ask for personal information from job applicants to assist with our recruitment process. The personal information you supply will be kept in a recruitment folder. Employees involved with short-listing and appointment will have access to this data. This could be managers, personnel and departmental support employees. We will not disclose this information to anyone outside of our organisation without your consent. If you are unsuccessful, we may retain your application for 12 months after the appointment has been made and, after that period, we will ordinarily dispose of your application form and any other papers submitted.

Information on your job application form may be held in hard copy or computer systems. We will observe strict confidentiality and disclosures will only be made for payroll, personnel administration and statistical purposes. We may use this information collected from your application for the purposes of monitoring the quality of opportunity in our employment policy.

We are committed to the principle of equal opportunities. Our policy is to attract, recruit and develop the most talented and capable individuals, regardless of age, gender, sexual orientation, marital status, religion, colour, race, ethnic origin, nationality or disability.

Contacting us

If you have any questions about this privacy policy, any concerns or a complaint regarding the treatment of your privacy or a possible breach of your privacy, please contact our Privacy Officer using the details set out below.

We will treat your requests or complaints confidentially.

Privacy Office
AXA XL
Post: 100 King Street West, Suite 3020, Toronto, Ontario, Canada M5X 1C9
Phone: (416) 928-8552
Email: dataprivacy@axaxl.com

Changes to our privacy policy

We may change this privacy policy from time to time. Any updated versions of this privacy policy will be posted on our website. Please review it regularly.

This privacy policy was last updated in February 2021.