Collecting personal information is a critical aspect of the retirement solutions that we offer at Common Wealth. In doing so, however, we understand the importance of the information we have collected to the individuals we have collected it from, and the importance of keeping that information confidential. We are committed to respecting the privacy rights of everyone whose personal information we have collected.
Why do we collect personal information?
We collect personal information for various reasons. Usually, it relates to the retirement solutions that we offer and the need to gather information in order to ensure that the right retirement solution is provided. We also collect personal information to support the administration of the plan and providing individuals with publications or other information that they ask for.
Personal information is collected for the purpose of:
• Determining eligibility for enrolment/selection of type of retirement solution to be provided
• Amending personal information required for determining the status of the plan member and the nature of their continuing enrolment
• Obtaining authorization for contributions/payments
• Meeting regulatory requirements such as tax reporting
• Communicating with members and third-party service providers regarding contributions and payments.
We can only use your personal information for the purpose for which it was obtained or for a use consistent with that purpose.
What personal information do we collect?
We only collect personal information that is directly related to one of the retirement solutions or services that we provide. Wherever possible, such information will be collected directly from the individual about whom it pertains. The amount and the type of the information collected will be limited to that which is needed to fulfil the identified purpose(s). We only collect what we need.
Typically, we would collect last name, given name, date of birth, gender, employee, marital status, beneficiary information, contact information, social insurance number, banking information, salary and other financial details. Depending upon the plan member, we may also collect beneficiary personal information such as: last name, given name, date of birth, gender, relationship to the member, as well as financial and banking information. We may also collect other information with the client’s express consent or as permitted or required pursuant to the Income Tax Act (Canada) and applicable law.
We may also collect personal information from other sources, as appropriate, including your employer.
Who sees your personal information?
We will not disclose your personal information without your consent unless it is allowed under applicable legislation. In this case, we will aim to disclose only the specific information that is needed under the circumstances and, wherever possible, will inform you about the disclosure.
Access to personal information within Common Wealth will be restricted to those staff members who need the information in order to carry out their job duties and to provide you with the retirement solution that you need. Those employees will maintain the information in the strictest of confidence and will not provide access to the information to anyone who is not authorized. The level of staff access to personal information will be granted on a need-to-know basis.
All individuals we hire under contract or otherwise are required to respect the provisions of applicable privacy legislation as well as this policy.
How do we protect your personal information?
In any organization, failure to protect personal information can increase the risk of a privacy breach. These privacy breaches can lead to things such as reputational harm, fraud or identity theft.
We endeavor to protect personal information from loss or theft, unauthorized access, use or disclosure, modification or destruction through appropriate administrative, technical and physical security measures and safeguards. We are committed to ensuring that the appropriate security measures are employed in the collection, storage and transfer of personal information.
The level of safeguards used to protect personal information will depend on the:
• sensitivity of the personal information;
• amount, distribution and format of the information; and
• method of storage.
We will continue to:
• develop and implement policies and procedures to protect personal information; and
• educate our staff about the importance of privacy.
Additional information about our methods of protection:
• personal information will not be shared through email
• identification confirmation before disclosing information to member
Wherever possible, we seek a person’s consent before we collect their personal information. The form of consent may vary depending on the circumstances and the type of information being requested. Consent can be express or implied and can be provided directly by the individual or by an authorized representative.
Express consent is preferred. Express consent can be given orally, electronically or in writing. Implied consent may be reasonably inferred from a person’s action or inaction. For example, providing a name and address to receive a publication or providing a name and telephone number to receive a response to a question. When determining the appropriate form of consent, we take into account the sensitivity of the personal information, the reasons we are collecting it, and the reasonable expectations of the person. When using personal information for a new purpose, we will document that new purpose and ask for consent again.
We will not use your personal information without your consent unless it is either:
• for the same purpose for which the information was originally collected or compiled,
• consistent with that purpose,
• for a purpose that may be disclosed pursuant to applicable privacy legislation.
Retention and destruction of personal information
Access or corrections to personal information
We make every effort to ensure that the information we use is accurate, up-to-date and as complete as possible. This also applies to personal information disclosed to third party service providers.
Reasonable efforts are made to ensure the Information of plan members is accurate, complete, and as current as required for the purposes for which it was collected. We have procedures in place to:
• Regularly update the personal information we receive;
• Keep a record of the source of the information used to make the changes;
• Ensure notification of any changes to third parties to whom the information was disclosed;
• Ensure that plan members are able to access, and request correction of their personal information; and
• Keep confidential and secure the information collected.
Upon written request, members can request access to their personal information and will be provided with such access in accordance with applicable privacy legislation. Plan members may not be able to access to some or all of their personal information in certain circumstances including but not limited to those circumstances where the information:
• Is unreasonably costly to provide;
• Contains references to other individuals;
• Cannot be disclosed for legal or security reasons;
• Is subject to legal privilege; or
• Has been deleted in accordance with its data retention procedures.
If we determine that the information of a Member is inaccurate or incomplete, we will correct that information within a reasonable amount of time (not to exceed 5 working days) and the corrected information will be sent to any third party service provider that requires the information.
Our roles and responsibilities
We are responsible for the personal information that we collect, retain, use, disclose, and destroy in the course of fulfilling our mandate. We will continue to develop policies and practices to ensure that personal information is handled in strict accordance with the applicable legislation. Our Privacy Officer is responsible for overseeing the implementation of those policies and practices.
Our Privacy Officer provides advice and guidance to Senior Management, managers, supervisors and employees of Common Wealth with respect to the treatment of personal information within our organization and will provide training to all staff as needed. The Privacy Officer will also act as the main point of contact for individuals seeking information or who have concerns about our handling of their personal information.
The Privacy Officer will also ensure that agreements with third-party service providers must include clauses setting out the responsibilities and obligations of such service provider to protect the plan member’s personal information and that of their beneficiaries pursuant to requirements under applicable legislation.
The Personal Information Protection and Electronic Documents Act (PIPEDA) requires us to report any breach of security safeguards involving personal information under our control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.
PIPEDA also requires us to notify the individual(s) affected of any breach of security safeguards involving the individual’s Personal Information under our control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to the individual.
Questions or complaints
Questions or concerns may be brought to the attention of any Common Wealth employee. If they are unable to help, the employee must refer the matter to their immediate supervisor or the Privacy Officer.
If you have any questions about this policy or about how we manage personal information, you may also contact: