Olympia Benefits Inc. Privacy Policy

Olympia Financial Group Inc. (“Company”) is committed to respecting and protecting the confidentiality of our customers' personal information for privacy and the safeguarding of all personal information entrusted to us. Protecting our customers' privacy and the confidentiality of their personal information is an important aspect of the Company's operations. As a provider of financial products and other related services, the collection and use of our customers' personal information is fundamental to our day-to-day business operations. Our goal is to provide our customer with the best personal service possible. That includes treating our customers' personal information appropriately in accordance with this Privacy Policy. The Company has always been committed to keeping our customers' personal information accurate, confidential, secure and private. The Company follows comprehensive privacy policies and security practices in compliance with laws and regulations, to garnish our customers trust through integrity in everything the Company does.

  1. Definition of Personal Information

    Personal information is information about an identifiable individual, but does not include the name, title, business address or telephone number of an employee of an organization. It includes information that the customer has provided to the Company or was collected by the Company from other sources with the customer's consent or authorization. It could include details such as the customer's name and address, telephone number and other contact information, age and gender, personal financial records, securities ownership information, identification including Social Insurance Number, and employment background.

  2. Ten Principles of Privacy

    The Company is firmly committed to safeguarding our customers' confidentiality and protecting their personal, financial and business information. The principles that follow apply to the Company's interaction with our customers. These ten principles of privacy are interrelated and must be read in conjunction with the accompanying commentary.

    • Principle #1: Accountability

      The Company takes our commitment to securing our customers' privacy very seriously. Each and every one of our employees and representatives is responsible for maintaining and protecting our customers' personal information and therefore must abide by this Privacy Policy, which outlines the Company's commitment to privacy in the handling of personal information. Each staff member and representative is accountable for all personal information in their possession or custody, including any personal information disclosed to third parties for processing or other administrative functions.

    • Principle #2: Identifying the Purpose of Collecting Personal Information

      The Company will identify the purposes for which it collects personal information, before or when the information is collected. The Company will ask for personal information for the following purposes:

      To verify our customers' identity and to protect against fraud

      To administer and update account records, respond to inquiries and fulfill our contractual service obligations

      To understand the customers' instructions, and

      To comply with legal or regulatory requirements.

      The Company will not use our customers' information for any purpose for which they would reasonably expect the Company not to use it. No person shall collect personal information on behalf of the Company unless the collection is expressly authorized by statute, used for the purposes of law enforcement or necessary to the proper administration of a lawfully authorized activity.

    • Principle #3: Obtaining the Customer's Consent

      The Company will make a reasonable effort to ensure that the customer understands how their personal information will be used. The Company will seek to obtain the customers' consent to collect, use or disclose any personal information. The Company will not make attempts to deceive the customer into providing their consent.

      A customer's consent can be express, implied, or given through an authorized representative. Express consent may be provided in writing, orally or electronically. Implied consent occurs when the Company can reasonably infer consent from an action taken or not taken, or where the circumstances reasonably requires that the Company have and use the information to fulfill the customer's directions. A customer may, at any time, withdraw their consent as long as:

      They provide reasonable notice

      The Company is not legally required to collect, use or disclose the customer's information

      Withdrawing their consent does not impede the Company's ability to fulfill the Company's legal or contractual requirements.

      The Company, however, may collect, use or disclose personal information without the customer's knowledge or consent in exceptional circumstances where such collection, use or disclosure is permitted or as required by law.

      The Company will not obtain consent through deceptive or misleading practices.

    • Principle #4: Limits for Collecting Personal Information

      The Company limits the amount and type of personal information collected and therefore, collects only the information needed. The Company will collect personal information for the purposes identified. The Company collects personal information using policies and procedures which are fair and lawful. The Company may ask the customer to provide the following personal information:

      Social insurance Number (SIN) for tax reporting purposes as well as other government purposes, such as when opening a registered retirement savings plan. This is done to comply with the Canada Revenue Agency's reporting requirements. The Company may also collect and use the customer SIN for administrative purposes, such as an internal identification number to accurately identify customers that have similar names.

      Contact Information such as the customer's name, address, telephone number or email address.

      The information that the customer provides to the Company is always their choice. The customer may in some situations not provide the Company with certain information. However, if the customer chooses not provide the Company with certain information, the Company may not be able to provide the level of service that the customer expects. The Company may monitor or record incoming or outgoing telephone calls with the customer for our mutual protection (e.g. to ensure that all instructions are carried out properly, to document that the Company has made the required disclosures to the customer, and to ensure that high customer service levels are maintained). The Company will make certain that the customer is informed of the purposes listed above where the customer is directly engaging in business with the Company. If a new purpose for using a customer's personal information develops, the Company will ask for the customer's consent.

    • Principle #5: Limits for Using, Disclosing and Retaining Personal Information

      The Company will only use or disclose personal information for the reason(s) it was collected, unless the customer gives consent to use or disclose it for another reason, or it is permitted or required by law. However, in the ordinary course of the Company fulfilling its obligations, the Company may have to share personal information with other parties. For example, the information of securityholders or plan participants will also be available to the issuer or plan sponsor. Under no circumstances will the Company sell or give lists of clients to other companies for their own use and, if the Company obtains client lists from another organization, we require that organization to confirm their compliance with all relevant privacy legislation.

      Under certain exceptional circumstances, the Company has a legal duty or right to disclose personal information without the customer's knowledge or consent to protect matters which include the Company or the public interest. Personal information may be released to legal or regulatory authorities in cases of suspected money laundering, insider trading, manipulative or deceptive trading, or other criminal activity, for the detection and prevention of fraud, or when required to satisfy the legal or regulatory requirements of government, regulatory authorities or other self-regulatory organizations.

      The Company has policies in place that govern the retention of personal information only for as long as deemed necessary for the identified intended purposes for which it was originally collected or as legally required.

    • Principle #6: Maintaining Accurate Personal Information

      The Company is committed to maintaining personal information as accurately, complete and up-to-date as necessary for the identified purposes for which it was collected. If the customer discovers inaccuracies in their personal information, or their personal information changes, the customer is responsible for notifying the Company, so that the necessary changes are made promptly. Subject to security requirements, corrections to personal information can be delivered to the Company by mail, fax, e-mail or through the website.

    • Principle #7: Appropriate Safeguarding of Personal Information

      The Company maintains appropriate safeguards to protect the sensitivity of the customer's personal information. The customer's personal information is secure within the Company, regardless of the format in which it is held. The Company has comprehensive security controls to protect against unauthorized use, access, alteration, duplication, destruction, disclosure, loss or theft of the customer's personal information.

      The Company maintains physical, electronic and procedural safeguards to protect the customer's personal information. Examples of safeguards include restricted access to the Company's information processing and storage areas, limited access to relevant information by authorized employees only, use of passwords, firewalls and encryption of electronically transmitted information, and the use of secure locks on filing cabinets and doors. The Company may store older records offsite in storage facilities maintained by companies that specialize in that service. Such companies are obligated to safeguard personal information in a manner consistent with the Company's privacy policy.

      Within the Company website, cookies or other information-tracking technologies may be used to improve the functionality or security of the Company web site, or to provide the customer with a more customized online experience. Please note that cookies cannot capture files or data stored on the customer's computer.

    • Principle # 8: Availability of Information about Policies and Procedures to Customers

      The Company is open about the policies and procedures it uses to manage personal information. Customers have access to information about these policies and procedures. The Company's Privacy Policy is available upon the customer's request. The information will be made available in a manner that is generally easy to understand. From time to time, we may make changes to this policy and inform you of changes, as required by law. The Privacy Policy is always available on the Company's website.

    • Principle # 9: Providing Customer Access to Personal Information

      When customers make a request in writing along with providing satisfactory identification and proof of entitlement, the Company will within a reasonable time inform them what personal information the Company has, what it is being used for, and to whom it has been disclosed. The Company may need specific information about the customer to enable the Company to search for, and provide the customer with, the personal information that the Company holds about them. When customers request in writing along with providing satisfactory identification and proof of entitlenent, the Company will provide them with access to their personal information. The Company will respond to the written request in a timely fashion. Customers can verify, update and correct their information as well as have obsolete information removed, by submitting such requests in writing. In certain situations, however, the Company may not be able to provide customers access to their personal information. The Company will explain the reasons for this lack of access and any recourse that the customer may have, except where prohibited by law.

      The Company may charge the customer a nominal fee for processing the customer request and if so, the Company will give the customer advance notice of the fee amount before proceeding with the customer request.

    • Principle # 10: Handling Complaints and Questions

      Customers may challenge the Company's compliance with this policy. The Company has policies and procedures to receive, investigate, and respond to customers' complaints and questions. Such questions or concerns should be directed to the Company's Privacy Officer by e-mail (Ombudsman@olympiatrust.com) or by mail (2300, 125 – 9th Ave. S.E. Calgary, Alberta T2G 0P6). Further documentation or information may be asked for at the time of the request to verify the customer's identity.

  3. Internet Services Privacy

    The safeguarding of personal information while interacting with the Company via the Internet is also extremely important. The Company applies the ten principles discussed above in caring for our customers' personal information. When browsing the Company's website, personal information, such as the customers email address, is not collected. Some areas of the Company website require information, such as the customer account number, to enable the customer to perform certain tasks (e.g. to review their accounts, use one of the website forms or tools, or correspond with the Company). In these cases, the Company will need to collect the information necessary to interact with the customer.

    If the customer visits us via the Internet, the Company may place a “cookie” on the customer browser that records the number of visits made by the customer to the Company's website. However, no personal information is collected. The Company uses cookies for internal web reporting and statistics. This information is gathered at an aggregate level and no individual or computer is identified. This information assists the Company to measure effectiveness of the Company website, monitor website usage, and to determine a response to the corporate marketing strategy and to ensure the ease of use.

  4. Regular Internet E-mail is Not Secure

    E-mail sent within the Company's IT system, is not secure. The Company will preserve the content of a customers' email, the customers' e-mail address and the Company's response, so that the Company can be effective and efficient in responding to any follow-up questions from the customer. The Company also retains this information to meet legal and regulatory requirements.

    Protection against Fraud

    The Company believes that working together is the best way to safeguard against financial fraud. The Company is dedicated to prevent, detect and investigate fraud and the Company works closely with government, industry associations and law enforcement, to prevent fraud from occurring. The Company invests in emerging and new technologies and maintains rigorous security procedures to ensure that the customer enjoys doing business with us in a safe and secure environment.

    Fraud prevention measures are built into the Company's due diligence process and regularly upgrade the Company's fraud detection/prevention systems.

    Fraud detection and prevention activities are part of the Company's normal business activities

    Although technologies can make it easier for fraud to occur, the Company employs around the clock sophisticated monitoring systems and controls to detect and prevent fraudulent activity.

  5. Policy Review

    This policy may be reviewed and updated more frequently, if and when, deemed necessary. The Policy may only be changed by the written action and approval of the Board.