PRIVACY POLICY

Updated – October 2023

At Ta Planif, protecting your personal information and respecting your privacy is an integral part of our corporate culture. It is a constant priority! We make sure to implement robust security measures to ensure the protection of your personal information.

The personal information you entrust to us is essential for our business relationship with you. We know it is valuable and we are committed to doing everything we can to protect it.

In the following lines, we will explain to you, in complete transparency, the reasons and objectives for which we collect your personal information, how we process it and how we protect it, in accordance with the law on the protection of personal information in the private sector (LRQ Chapter P-39.1).

This document explains our practices for the collection, use and disclosure of personal information about individuals, as well as the measures in place to ensure that this information is processed appropriately.

For any questions related to the protection of personal information, please contact our Privacy Officer at the following coordinates:

Contact Information:

Philippe Mainguy Rochette
1145 rue du Maquignon
Bromont, QC, J2L 3G1
pmainguyrochette@taplanif.ca

6 Key Principles Guiding Our Personal Information Management:

  1. Consent: We obtain your consent before collecting, using, or sharing your personal information.
  2. Limited Collection: We only collect, use, and disclose the information necessary to fulfill our mandate as entrusted by you.
  3. Security and Confidentiality: We implement sound management and protection practices to keep your personal information secure and govern its use.
  4. Transparency: We are transparent about our practices, clearly explaining why and how we collect your information.
  5. Accountability: Our employees, suppliers, partners, and advisors acting on our behalf must respect our privacy practices. We constantly ensure that these requirements are met by all. Our awareness and training initiatives help them remain vigilant and sensitive to the protection of your information.
  6. Respecting Your Rights: You have rights related to the personal information we hold about you. You can exercise them at any time by contacting us.

1. What is Personal Information?

Any information that concerns an individual (person) and allows them to be identified, directly or indirectly.

2. Who is Affected by Our Privacy Policy?

Any individual who communicates with us, regardless of the means used, as well as any individual about whom we collect personal information in the course of our activities. Our policy continues to apply even after the objectives for which the personal information was collected, used, or disclosed have been met. For example, if you fall into one of these categories of individuals, our privacy policy applies to you.

Examples:

  • You do business with Ta Planif, through one of its advisors (i.e., you are a client);
  • You are a former client;
  • You communicate with us without being a client;
  • You browse our websites;
  • You apply for a job with us;
  • You are a trustee, mandatary, or liquidator of a person who does business with us.

3. When Do We Collect Your Personal Information?

Mainly during discussions and meetings held with you before and at the time of offering you products and services, opening accounts, subscribing to an insurance product, and over time to serve you well and keep your information up to date.

4. How do we collect your consent for the collection, use and retention of your personal information?

Obtaining your consent

We always obtain your consent, unless the law allows us to do otherwise.

We ask for your consent before collecting, using or disclosing your personal information. We may collect this consent directly from you or through your advisor.

Your consent is valid for the period necessary to achieve the purposes for which we requested it. It then remains valid to fulfill our retention obligations described in the law and in our retention schedules. (unless you withdraw your consent. See the section below entitled "How do we respect your rights?")

Your consent is only valid for the purposes we have declared to you. If we wish to collect, use or disclose your personal information for other purposes, we will ask for your consent again, except in cases where we are allowed to do so without obtaining your consent.

We may ask for your consent in different ways:

  • In writing
  • Verbally
  • By phone
  • Electronically or digitally
  • By videoconference

Cases where your consent is not required

We may use your personal information without obtaining your consent if the law allows us to do so, for example if the use is to your advantage or if it is compatible with the purpose of the collection.

We may also use or disclose your personal information without obtaining your consent to comply with our legal obligations. For example:

  • To comply with an order from a court or other body;
  • To prevent or detect fraud;
  • As part of an investigation.

5. How and from whom do we collect your personal information?

We mainly collect your personal information directly from you.

We may collect your information directly from you when you communicate or interact with us or when you update your account preferences and settings. We may also collect your information indirectly and from sources. When required, we obtain your consent.

In certain situations, when necessary, we may also collect it from other people, depending on the circumstances and the products or services you hold, such as, for example, from:

  • Your employer;
  • Professionals you do business with such as accountants, tax specialists, notaries, lawyers;
  • Public bodies;
  • Credit reporting and intelligence agencies;
  • Public and private databases that may contain information about you;
  • Partners in the distribution of our products and services, for example product issuers or insurance companies;
  • A representative who represents you;

We may collect your personal information in a variety of ways. For example:

  • By phone;
  • In person;
  • Using our forms (paper or online) and our digital interfaces;
  • Using technologies that collect personal information about you, such as cookies, when you visit our website.

6. What personal information do we collect?

We collect the personal information that is necessary to achieve the objectives described below (see table). In other words, the information that we absolutely need to carry out the mandate that you entrust to us. We only collect the information necessary to serve you on a daily basis and to meet our legal obligations.

Here are some examples of personal information that we may collect, depending on whether or not it is necessary to collect it:

  • Information used to identify you: Examples: First and last name, date of birth, mailing and email address, phone number, sex or gender, marital status, citizenship, country of birth, etc.
  • Information used to authenticate you: Examples: Digital ID and password, answers to authentication questions, government identifiers (passport number, driver's license number, social insurance number, etc.).
  • Information about your health: Examples: Medical history, health status, lifestyle habits.
  • Information about your insurance file: Examples: Insurance applications and proposals, information about the insurance policies you hold, information about the insured persons, prices, coverages, conditions and other guarantees, information collected when claims and benefits are requested, etc.
  • Financial information: Examples: Income, salary, financial statements, investments, information about the financial products you hold with us or elsewhere, investor profile, tax status, etc.
  • Employment information: Examples: Employment status, current employer, former employers.
  • Information about your products and services used and your transactions: Examples: Holding and overall view of your situation, including your profile, your needs and your objectives, information related to your transactions and operations (account or contract numbers, transaction or operation date and amount, description, etc.), customer, product, policy or contract number, information about the products held, authorized persons on the account, information about your insurance policies, insured persons and names of beneficiaries, etc.
  • Information about your loved ones: Examples: Name, age, financial situation and health status of spouse, children or parents, first and last name of a trusted person.
  • Digital information (websites, applications, social media, portals, etc.): Examples: IP address, location data, language preference, information about your device, operating system or browser, browsing preferences and habits.
  • Information about your communications with us: Examples: Reasons for doing business with us, telephone recordings and communications to improve your customer experience, written communications (e.g., your letters or emails), notes, reports and histories of your communications with us, information about your requests for information, your dissatisfaction or complaints, language preferences for communication.
  • Other information: Examples: Information about other people than you (e.g.: mandatary, tutor, temporary representative, assistant, beneficiary, spouse/partner, dependent or other insured person), information about your professional situation (e.g.: your education, occupation, association or professional order), residence and tax identification number, results of our verifications concerning, in particular, the fight against money laundering, cybercrime and fraud.

7. Why do we collect your personal information?

We collect, use, disclose and retain your personal information only to achieve the objectives listed below. We inform you of the purposes at the time of collection of your personal information at the latest.

We use the personal information we collect about you to serve you on a daily basis and to meet our legal obligations. If we plan to use your personal information for other reasons than these, we will inform you, unless the law allows us to use it otherwise.

Here are the purposes that may be essential to our relationship with you, depending on the products and services you request:

GOALS

WHY?

To identify you, update your information and verify its accuracy. Why?

  • To know who we are providing products and services to by verifying that you are who you say you are (identify you and validate your identity).
  • To ensure that your personal information is accurate, complete and up-to-date before we use it. However, it is your responsibility to inform us of any changes concerning you.
  • To respect your choices regarding your personal information, i.e. to provide you with personalized recommendations and offers.
  • To carry out our current activities and operations.
  • To process your requests for information, dissatisfaction and complaints.
  • To communicate with you using the contact information you have provided us.

To provide you with products and services that are tailored to your situation and that suit you. Why?

  • To interact with you.
  • To contact you if you request it and to answer your questions.
  • To understand your situation, your profile, your needs and your objectives.
  • To analyze your requests for products or services.
  • To assess whether you are eligible for the products and services requested.
  • To offer you services and products that meet your expectations and objectives.
  • To ensure good administration of your file and good follow-up.
  • To process your requests.

To comply with our legal obligations. Why?

  • To detect, prevent and contain fraud as well as unauthorized or illegal activities, such as money laundering and cyber threats.
  • To monitor business practices to ensure that they constitute sound business practices that meet requirements.
  • To adequately train our employees and representatives.
  • To comply with our legal obligations and the requirements of courts, regulatory authorities or self-regulatory organizations.
  • To respond to requests and orders from courts and government and regulatory agencies.
  • To fulfill our obligations to the tax authorities.
  • To comply with the US Foreign Account Tax Compliance Act (FATCA) which requires us to report to the US government accounts held by US citizens.
  • To comply with our legal obligations to combat money laundering and the financing of terrorist activities in Canada.
  • To fulfill our obligations to keep our records.

8. To whom can we disclose your personal information?

First, rest assured that we do not and will never sell your personal information to anyone.

In the normal course of business, we may disclose your personal information to other persons, organizations or companies, if this is necessary to achieve the objectives set out and for the purpose of fulfilling and carrying out the mandate entrusted to us by you.

In this context, here are some examples of who we may disclose your personal information to:

  • External partners providing financial products and services such as MICA Capital Inc., investment product issuers or insurance companies;
  • To courts, government agencies or regulatory authorities;
  • Websites and applications owned by other persons and organizations;
  • Companies offering technological, reprographic or document shipping services;
  • Service providers with whom we have entered into agreements for the storage of your personal information;
  • A person acting for you or at your request;
  • A person who holds an account jointly with you or who is otherwise involved in the relationship you have with us;

It is important to know that we only entrust our external suppliers and partners (third parties) with the personal information necessary for them to carry out their tasks, functions and contractual obligations concluded with us.

In addition, we ensure that these external partners (third parties) have good practices in information security and personal information protection.

We mainly keep personal information under our responsibility on a cloud storage space. The data stored by our partner is hosted in the United States. This partner is therefore subject to the laws of that country. Obviously, we make sure that they have good practices in information security and personal information protection.

9. How do we protect your personal information?

First, we have a governance framework in place that establishes the roles and responsibilities of everyone in our company with respect to the protection of personal information.

We apply very strict security measures to protect your personal information against any incident, regardless of the format in which we hold it. We strive to continuously adapt our security measures to technological advances.

Here is an overview of the measures in place to protect your personal information:

Physical security measures:

  • Physical control of visitors to our administrative premises upon arrival;
  • Restricted access to our administrative premises and to the premises where our servers are located;

Technological security measures:

  • Multi-factor authentication to access most of our different systems;
  • Encryption of data, when necessary for its storage or communication outside the organization;
  • Digital certificates;
  • Antivirus and Firewall;

Administrative security measures:

  • Regular training and awareness of staff on security and personal information protection policies, practices and procedures;
  • Verification of the identity of any person wishing to obtain personal information, whether online, by phone or in person.

10. Do we keep your personal information forever?

Of course not! We destroy your personal information after fulfilling our obligations.

That said, we keep your information for as long as necessary to:

  • Achieve the purposes for which we collected it, and;
  • Comply with the obligations imposed on us by the various laws and regulations that apply to our activities.

Even if you no longer do business with us, we must still keep it for a certain period of time to comply with our legal and regulatory obligations and to protect our rights in the event of a dispute.

We have established retention schedules to clearly establish these limits. Once the retention period has passed, we destroy your personal information definitively.

Destruction is carried out in a safe and secure manner, according to the best practices in existence.

11. How do we respect your rights?

Right to modify your consent

You can consult and modify your consent preferences for the collection, use and disclosure of your personal information at any time. However, please be aware that we will no longer be able to offer you our products and services if you withdraw your consent, which is essential to our relationship with you in order to allow us to offer you our products and services. Our contractual and legal obligations require us to keep certain personal information in order to continue to serve you.

Right to access your personal information

You can access the personal information we hold about you at any time. To do so, you must submit a written request to our Privacy Officer and explain the reasons for your request so that it is well understood and we can identify the documents containing the personal information you wish to access.

We will process your request within 30 days of receiving it, unless there are special circumstances. We will inform you if you have to pay transcription, reproduction or transmission fees. We will send you a written response. We will send you our response and the information you wish to access in a structured and commonly used technological format (e.g., a PDF file).

Among other things, you can ask us:

  • If we hold personal information about you;
  • How your personal information was collected, used and disclosed;
  • If another person or organization holds your personal information for us;
  • To consult the personal information we hold about you.

Important note: We cannot provide you with information that would reveal information about another person.

Right to modify, correct or rectify your personal information

If you wish to modify information that we hold about you, for example following a change of address or a change in your personal situation, it is your responsibility to contact us.

If you wish to correct inaccurate or incomplete information that we hold about you, you must contact us to make the request and provide us with the necessary information to justify your request.

Right to request the deletion of your personal information

You can ask us to delete your personal information. However, our response may vary depending on the situation. In some situations, we may not be able to delete your personal information due to our legal and regulatory obligations. If this is the case, we will explain the reasons why we cannot do so. In some cases, deleting your personal information will mean that we will no longer be able to serve you or offer you our products and services.

12. Updating or modifying this document

We may periodically make changes to this document to reflect regulatory and legislative changes and developments.

When we make changes to this document, we will update it and the amended version will replace the previous version.

In the event of significant changes, we will notify you in a timely manner by any appropriate means.

13. How to contact us?

Our Privacy Officer ensures that we comply with the rules described in this document and with our legal obligations.

Philippe Mainguy Rochette
1145 rue du Maquignon
Bromont, QC, J2L 3G1
pmainguyrochette@taplanif.ca