Collection, use and disclosure

Typically, Morneau Shepell receives your personal information directly from you or your authorized representatives, or from your employer, your employer’s authorized agents, association, insurer or benefits plan sponsor.

We limit the collection, use and disclosure of personal information to information that is necessary for the following purposes:

  • To perform services that we have been hired to do by your employer, association, insurer, benefits plan sponsor or by you. These services may include:
    • Employee and family assistance programs and services (“EFAP”);
    • Health management programs and services;
    • Organizational health and training programs;
    • Pension and benefits consulting services to assist in the design, delivery and management of the pension and benefits programs offered by an association, insurer or plan sponsors to their employees or members;
    • Pension, health & welfare and health benefit exchange administration services to assist in the administration of the pension, benefits, and/or insurance programs that associations, insurers or plan sponsors offer their employees or members; and
    • Group investment and benefits plans and programs developed and administered by Morneau Shepell;
  • To provide our employer, association, insurer and plan sponsor clients and their employees and members with information about our services, products and their usage and to enhance our overall service delivery.
  • To conduct research, compile aggregate data, statistics and reports and to perform analytics about Morneau Shepell’s services, service standards and trends for use by Morneau Shepell, its clients and our respective third party service providers.  These forms of data, statistics and reports do not contain any information that could reasonably be used to identify you personally.
  • For audit, quality control and legal and regulatory compliance purposes including the protection of our interests in civil or criminal proceedings, to resolve any disputes that we may have and to enforce our agreements.

We will retain personal information for as long as necessary for the purpose for which it has been collected, or as required or permitted by law.
As Morneau Shepell continues to develop and grow, we may buy or sell parts of a business. As our businesses consist primarily of the delivery of services to clients, information regarding the particular accounts or services being purchased or sold could include personal information and be one of the transferred business assets.

Consent

We will collect, use and disclose your personal information with your consent and only for the purposes we disclose to you, or as otherwise required or permitted by law. Consent may be expressed or implied. For example by participating in your benefits plan, you consent to our collection and use of your personal information for the purposes of providing services related to such plan. Further, your consent may be obtained directly by us or through your association, insurer, employer or benefits provider.

You may withhold or withdraw your consent for us to collect, use and disclose your personal information, as long as there are no legal or contractual reasons preventing you from doing so. Depending on the circumstances, however, withdrawal of your consent may impact our ability to continue to provide you with the products and services you have requested, or, in the case of insurance and group insurance benefits, it may prevent us from keeping your coverage in force, or properly evaluating and processing any claims.

Safeguards

We will employ safeguards to protect personal information from unauthorized access, disclosure, copying, or use, by using various methods of protection, appropriate to the sensitivity of the information.  The methods of protection include:

  • Physical measures (locked filing cabinets, restricted access to files and offices);
  • Technological measures (passwords, encryptions, firewalls, and audits);
  • Organizational controls (security clearances, limiting access on a "need-to-know" basis, staff training, confidentiality agreements, policies and procedures); and
  • Contractual confidentiality covenants.

Morneau Shepell will also employ care in the disposal or destruction of personal information to protect against unauthorized parties from gaining access to the information.

Please note that confidentiality and security are not assured when information is transmitted through email or other electronic communication. While Morneau Shepell makes every effort to secure all communications within our control and on our premises, please be advised that no method of delivery is absolutely secure and any communication of personal information may be accidentally or deliberately intercepted by third parties.

Use by and disclosure to third parties

We may need to share your personal information with third parties who support us in providing or promoting our services. We require these third parties to keep your information confidential and secure and to have privacy policies and security standards with respect to personal information that are comparable to ours. When we disclose information to third parties, we will redact your personal information to the extent possible and will only share the personal information required to satisfy third party requests.

Privacy and the internet

Morneau Shepell collects information about you through your visits to our websites using cookies. Cookies are files sent to your browser from a web server and stored on the hard drive of your device to allow a website to identify that device whenever a user returns to the website. We use these cookies for a variety of reasons, most commonly to distinguish you from other users and to help us compile aggregate statistics about our websites. We also use cookies to personalize your visit and make it more efficient.

Morneau Shepell websites may contain links to other third party sites that are not governed by this Privacy Policy. Although we endeavor to link only to sites with high privacy standards, our Privacy Policy will no longer apply once you leave our websites. We are not responsible for privacy policies employed by other third parties. We suggest, therefore, that you examine the privacy statements of those sites to learn how personal information may be collected, used and/or disclosed.

Personal health information – employee support solutions and absence management services

For clients using Absence Management Services or Employee Support Solutions including Employee and Family Assistance Programs, the personal health information collected for the purpose of providing one service will not be used or disclosed for the purpose of providing any other service. Separate files are created for each service used by a client, and the personal health information from one file is not shared or combined with any other file.  Internal access to personal health information is granted on a role-based “need to know” basis. This information may later be combined for use by Morneau Shepell in data analytics, in which case it will not be disclosed in a way that can reasonably be used to identify you personally.

Accuracy and access

We will employ measures to keep personal information collected by us accurate and complete in order to minimize the possibility of using or disclosing incorrect personal information. Upon request, we will inform you of the existence, use, and disclosure of your personal information.

You may also have access to your personal information at a cost intended to cover actual expenses and subject to the exceptions noted below. We may deny access to certain personal information we hold about an individual if the information is prohibitively costly to provide, if it contains references to other individuals, if it cannot be disclosed for legal, security or commercial proprietary reasons, if it is subject to solicitor-client or litigation privilege, if it contains information that may be harmful to your mental health or the mental health of others, or as may otherwise be required by law. We will advise you of the reason for denying the access request.

You may challenge the accuracy and completeness of the information and we will update or correct any factually inaccurate information.

Enforcement, amendments and privacy concerns

Under the leadership of Morneau Shepell’s Privacy Officer, privacy working groups comprised of individuals from across the organization are accountable for Morneau Shepell’s compliance with this Privacy Policy and the development and implementation of privacy practices and procedures.

Morneau Shepell uses a self-assessment approach to ensure compliance with this Privacy Policy, and periodically verifies that the policy accurately describes our practices, is publically accessible and conforms to the guiding principles of privacy including those of the Safe Harbor Framework referenced below.  This Privacy Policy may be amended from time to time as a result. We will post any revised policy on this website.

If you have any concerns related to privacy issues or our handling of your personal information, or would like to withdraw a consent that you have previously provided to us, please do not hesitate to communicate in writing with our Privacy Officer so that your concerns can be investigated and resolved:

By regular mail:
Privacy Officer
Morneau Shepell Limited
115 Perimeter Center Place NE, Suite 1050
Atlanta, GA 30346
United States

By electronic mail:
privacy-vieprivee@morneaushepell.com

Safe harbor framework

Morneau Shepell may transfer and/or receive certain personal information across geographical borders to and/or from Morneau Shepell entities or service providers in other countries working on our behalf in accordance with applicable law. Accordingly Morneau Shepell complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland.  Morneau Shepell adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement (the “Principles”).  To learn more about the Safe Harbor program, and to view Morneau Shepell’s certification, please visit http://www.export.gov/safeharbor/

Any questions or concerns regarding personal information received by Morneau Shepell from the EU/Switzerland should be directed first to our Privacy Officer as noted above.  Morneau Shepell will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the Principles contained in this Policy. For complaints that cannot be resolved between Morneau Shepell and the complainant, Morneau Shepell has agreed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (DPAs) to resolve disputes pursuant to the Safe Harbor Privacy Principles, as well as to cooperate and comply with the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland.  The EU DPAs panel may be contacted at ec-dppanel-secr@ec.europa.eu and the individual EU DPAs may be contacted directly as well (see http://europa.eu/european-union/about-eu/institutions-bodies/european-data-protection-supervisor_en). The contact information for the Swiss FDPIC can be found at: http://www.edoeb.admin.ch/kontakt/index.html?lang=en.

Compliance with privacy laws

It is Morneau Shepell’s policy to comply with the privacy legislation of each country where we provide our services. Sometimes the privacy legislation and a person’s right to privacy are different from one country to another. If you are providing your personal information to us from a country other than the United States, you are consenting to the potential transfer of your personal information to these countries. Please note that that your personal information may be subject to access by law enforcement authorities in your country and in the United States if that is where your personal information is stored.