Collection, Use and Disclosure
Typically, Morneau Shepell receives your personal information directly from you or your authorized representatives, or from your employer, your employer’s authorized agents, association, insurer or benefits plan sponsor.
We limit the collection, use and disclosure of personal information to information that is necessary for the following purposes:
- To perform services that we have been hired to do by your employer, association, insurer, benefits plan sponsor or by you. These services may include:
- Employee and family assistance programs and services (“EFAP”);
- Health management programs and services;
- Organizational health and training programs;
- Pension and benefits consulting services to assist in the design, delivery and management of the pension and benefits programs offered by an association, insurer or plan sponsors to their employees or members;
- Pension, health & welfare and health benefit exchange administration services to assist in the administration of the pension, benefits, and/or insurance programs that associations, insurers or plan sponsors offer their employees or members; and
- Group investment and benefits plans and programs developed and administered by Morneau Shepell;
- To provide our employer, association, insurer and plan sponsor clients and their employees and members with information about our services, products and their usage and to enhance our overall service delivery.
- To conduct research, compile aggregate data, statistics and reports and to perform analytics about Morneau Shepell’s services, service standards and trends for use by Morneau Shepell, its clients and our respective third party service providers. These forms of data, statistics and reports do not contain any information that could reasonably be used to identify you personally.
- For audit, quality control and legal and regulatory compliance purposes including the protection of our interests in civil or criminal proceedings, to resolve any disputes that we may have and to enforce our agreements.
We will retain personal information for as long as necessary for the purpose for which it has been collected, or as long as we are required and/or permitted to retain such information by law.
As Morneau Shepell continues to develop and grow, we may buy or sell parts of a business. As our businesses consist primarily of the delivery of services to clients, information regarding the particular accounts or services being purchased or sold could include personal information and be one of the transferred business assets.
We will collect, use and disclose your personal information with your consent and only for the purposes we disclose to you, or as otherwise required or permitted by law. Such consent may be expressed or implied. For example by participating in your benefits plan, you consent to our collection and use of your personal information for the purposes of providing services related to such plan. Further, your consent may be obtained directly by us or through your association, insurer, employer or benefits provider.
You may withhold or withdraw your consent for us to collect, use and disclose your personal information, as long as there are no legal or contractual reasons preventing you from doing so. Depending on the circumstances, however, withdrawal of your consent may impact our ability to continue to provide you with the products and services you have requested, or, in the case of insurance and group insurance benefits, it may prevent us from keeping your coverage in force, or properly evaluating and processing any claims.
We will employ safeguards to protect personal information from unauthorized access, disclosure, copying, or use, by using various methods of protection, appropriate to the sensitivity of the information. The methods of protection include:
- Physical measures (locked filing cabinets, restricted access to files and offices);
- Technological measures (passwords, encryptions, firewalls, and audits);
- Organizational controls (security clearances, limiting access on a "need-to-know" basis, staff training, confidentiality agreements, policies and procedures); and
- Contractual confidentiality covenants.
Morneau Shepell will also ensure care has been taken in the disposal or destruction of personal information to protect against unauthorized parties from gaining access to the information.
Please note that confidentiality and security are not assured when information is transmitted through email or other electronic communication. While Morneau Shepell makes every effort to secure all communications within our control and on our premises, please be advised that no method of delivery is entirely secure and it is possible that any communication of personal information may be inadvertently or deliberately intercepted by third parties.
Use by and Disclosure to Third Parties
We may need to share your personal information with third parties who support Morneau Shepell in providing or promoting our services. Such third parties will be required to keep your information confidential and secure and to have privacy policies and security standards with respect to personal information that are comparable to ours. When we disclose information to third parties, we will redact your personal information to the extent possible and will only share the personal information required to satisfy such third party requests.
Privacy and the Internet
Personal Health Information – Employee Support Solutions and Absence Management Services
For clients using Absence Management Services or Employee Support Solutions, including Employee and Family Assistance Programs, the personal health information collected for the purpose of providing one service will not be used or disclosed for the purpose of providing any other service. Separate files are created for each service used by a client, and the personal health information from one file is not shared or combined with any other file. Internal access to personal health information is granted on a role-based “need to know” basis. This information may later be combined for use by Morneau Shepell in data analytics, in which case it will not be disclosed in a way that can reasonably be used to identify you personally.
Accuracy and Access
We will employ measures to keep personal information collected by us accurate and complete in order to minimize the possibility of using or disclosing incorrect personal information. Upon request, we will inform you of the existence, use, and disclosure of your personal information that we maintain.
You may also have access to your personal information at a cost intended to cover actual expenses and subject to the exceptions noted below. We may deny access to certain personal information we hold about an individual if the information is prohibitively costly to provide, if it contains references to other individuals, if it cannot be disclosed for legal, security or commercial proprietary reasons, if it is subject to solicitor-client or litigation privilege, if it contains information that may be harmful to your mental health or the mental health of others, or if such disclosure is otherwise prohibited by law. In such circumstances, we will advise you of the reason for denying the access request.
You are entitled to challenge the accuracy and completeness of the information we maintain and we will update or correct any factually inaccurate information.
Enforcement, Amendments and Privacy Concerns
If you have any concerns related to privacy issues or our handling of your personal information, or would like to withdraw a consent that you have previously provided to us, please do not hesitate to communicate in writing with our Privacy Officer so that your concerns can be investigated and resolved:
By regular mail:
Morneau Shepell Limited
895 Don Mills Road
Tower One, Suite 700
Toronto, ON M3C 1W3
By electronic mail:
Privacy Across Borders
Morneau Shepell may transfer and/or receive certain personal information across geographical borders to and/or from Morneau Shepell entities or service providers in other countries working on our behalf in accordance with applicable law.
Morneau Shepell respects the principles set out in cross-border privacy programs such as the Privacy Shield and Safe Harbour. These include notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability (the “Principles”).
Any questions or concerns regarding personal information received by Morneau Shepell from the EU/Switzerland should be directed first to our Privacy Officer as noted above. Morneau Shepell will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information by reference to the Principles contained in this Policy. For complaints of EU and Swiss individuals that cannot be resolved between Morneau Shepell and the complainant, Morneau Shepell agrees to participate in an internationally recognized dispute resolution process.
Compliance with Privacy Laws
It is Morneau Shepell’s policy to comply with the privacy legislation of each jurisdiction where we provide our services. Sometimes the privacy legislation and a person’s right to privacy are different from one country to another. If you are providing your personal information to us from a country other than the United States, you are consenting to the potential transfer of your personal information to these countries. Please note that that your personal information may be subject to access by law enforcement authorities in your country and in the United States if that is where your personal information is stored.