Privacy Policy

1.0 Overview

SCM Insurance Services Inc. and its subsidiaries, divisions and limited partnerships, namely SCM Insurance Services GP Inc., ClaimsPro LP (“ClaimsPro”), SCM International Programs Group LP (“IPG”), Pario Engineering & Environmental Sciences LP (“Pario”), Xpera HR Services Inc. (“Xpera HR”) and Xpera Risk Mitigation & Investigation LP (“Xpera"), (collectively, “SCM”, “we”, “our” or “us”) are committed to privacy. This privacy policy details how and for what purposes we collect, use and share personal information.

2.0 Policy Scope

This policy generally applies to personal information we collect whenever you interact with us, for instance if you visit our websites (including https://claimspro.ca/ , https://confidenceline.com/ , https://esmsolutions.ca/ , https://indemnipro.ca/ , https://ipgclaims.com/ , https://pario.ca/ , https://parioquantify.ca/ , https://www1.scm.ca/ , https://xpera.ca/ ) contact us through email, and apply for a job with SCM. It also applies to personal information we receive from our clients and business partners, including when we investigate, evaluate and settle first or third-party claims. This policy also provides details on how personal information is collected, used and disclosed by Xpera for security and investigation services and by Xpera HR for pre-employment and background screening services, as well as through the ConfidenceLine whistleblowing hotline.

This policy does not apply to SCM’s collection, use and disclosure of personal information about its employees.

3.0 Policy

3.1 Personal Information

In this policy, “personal information” generally means any information that can be used, either alone or in combination with other information, to identify an individual. This includes information such as your name, contact details, birth date, drivers license number and health card information. It may also include other types of more technical information, but only when this information can identify you as an individual.

Generally, “personal information” does not include information that is used for the purpose of communicating or facilitating communication with an individual in relation to their employment, business or profession, such as the individual’s name, position name or title, work address, work telephone number, or work email address.

3.2 Types of Personal Information We Collect

We limit the collection of personal information to what is reasonably required to provide our services to our clients, to respond to any other requests you may make and for the other purposes described below under Use of Personal Information. Depending on your interaction with us, we may collect the following categories of personal information:

• Your name and contact information, which may include your email address, home address and phone number.

• Claim-related information, which may include your insurance policy details, estimates, notes, photographs, surveillance video footage, media reports, statements, social media posts (e.g. posts about your birthday, travels, friends and family, events, whereabouts), correspondence, details of subrogation, written statements, information on alleged injuries ( e.g. the nature and extent of an injury, the name of medical providers, details regarding medical appointments, medical reports), occupation and employment information, allegations on financial losses or damages, financial records, loans, mortgages, tax records, property work orders, professional and specialist reports, first responders’ reports, property ownership records, specialist reports, invoices, prior insurance claims, settlement recommendations, agreed settlements, and, in circumstances where we believe there exists some potential for fraud or arson, information about financial motivations, debts, financial pressures, prior losses, and information about any of any outstanding and unmet obligations.

• Job-related information, such as information about your work experience and education, when you apply for a position with SCM.

• Information related to online activity, including IP addresses, date and time of your visit, your time zone, your browser and operating system, the sections you visited on our websites and your language preferences.

• Whistleblowing-related information (Xpera HR services only), such as information relating to events you have experienced or witnessed and that are reported using the ConfidenceLine service.

• Pre employment, tenancy, and other background screening information (Xpera and Xpera HR services only), such as your date and place of birth, current and previous addresses, date of entry into Canada, social insurance number, credit history, gender, driver’s license number and permit class number, driver’s abstract, copies of government-issued identification cards, previous employer details and work history, education, credentials and other references.

• Information relating to fraud investigations and vehicle recovery (Xpera only): such as your financial motives, interpersonal disputes, vehicle identification numbers, criminal history or other similar information.

3.3 How We Collect Personal Information

We collect personal information in a variety of ways, including:

• Directly from you. We may collect personal information directly from you under some circumstances, for instance if you contact us (including by email, phone, etc.), if you apply for a position at SCM (including through a third party), if you visit our offices or through your business interactions with SCM. We may also collect personal information directly from you in the event of a claim where you are an insured person or where you submit a third-party claim, where you are subject of to our background checks and verifications services or where you use the ConfidenceLine.

• From our business partners and clients. If you are insured by a client of SCM, your insurer, their agents and brokers may provide us with personal information about you, where such personal information is relevant to a claim or to our business relationship with our clients. We may also receive personal information about you from our clients who have retained our services to conduct background checks and verifications on you.

• From an insured person. We may also collect personal information about you from an insured person in the context of a claim.

• From authorities or other official sources: such as police and fire departments and official registries, agencies and administrative bodies, where significant property losses are claimed, where we suspect arson or where arson may have occurred or when necessary to conduct background checks and verifications.

• From media sources: such as social media or media reports about you.

• From specialized databases: such as databases containing information about driver licenses or allowing us to conduct a media search.

• From online technologies: If you activate the technologies further described below or if the applicable law permits us to do so, we may collect certain types of information electronically when you interact with our sites, emails, social media accounts, online advertising, or through technologies such as cookies, web beacons, single pixel gifs and analytics engines. This information helps us understand what actions you take on our sites and allows our sites to work correctly.

• • Cookies, which are small text files that are saved on your computer when you visit a website so that information can be saved between visits, such as your login credentials or language preferences.
  • Other technologies, such as analytics engines, which, if you activate certain of these functions, may pull usage data from multiple sources and help manage and collect this data to use for personalization, interest-based advertising, customizing content and other methods to gain insights into our customers’ needs and preferences. For instance, we use Google Analytics which allows us to see information on user website activities including, but not limited to, page views, source and time spent on our websites. You may opt out of our use of Google Analytics by visiting the Google Analytics opt-out page.
  • Through these technologies, we may collect personal information as follows:

• Third-Party Social Networks. Third-party social networks that provide interactive plug-ins to enable social network features (e.g., LinkedIn) on the websites may use cookies to gather information on your use of the websites. How this collected data is used by a third party is dependent on the privacy policy of the social network, which is available on the appropriate parties’ website. SCM encourages you to review the privacy policies of third parties as well. Third parties involved may use these tracking methods such as, but not limited to, cookies to achieve their own business goals and purposes by relating and combining information about your usage of our websites to any other personal information they may have collected on you. We may also obtain and use analytical and statistical information from third-party social networks to help us measure performance and effectiveness of content we display on social networks, for example, by measuring impressions and clicks on the content SCM promotes.

3.4 Use of Personal Information

We may use your personal information for the following purposes:

• Providing our services. We use personal information as necessary to provide and deliver our services to our clients. For instance, we may notably use your personal information for:

• • Claim adjusting, managing and processing services;
  • Pre-employment or tenancy application background checks services;
  • Whistleblowing hotline services.
  • Personal security and investigation services;
  • forensic engineering and environmental science services as well as to provide assessments of damage and determination of cause services related to incidents.

• Communicating with you. If you contact us with a question or inquiry, of if we need to communicate with you when providing our services, we may use your personal information to communicate with you in a variety of ways, including by email, telephone, SMS and direct mail . We may also communicate with you for business development purposes and to promote our services and offers. For greater certainty, we do not share SMS consent or phone numbers for the purpose of sending SMS messages with any third parties for marketing or any other unrelated purposes. Your phone number will only be used for the specific purposes for which you provided it, such as receiving communications from us directly.  

• Processing job applications. If you apply for a position at SCM, we may use your personal information as necessary to process and evaluate your application.

• Managing our business. We use your personal information for several reasons in connection with our business operations, which may include exercising due diligence to prevent or reduce our commercial risk and to ensure the security of our information, system or network.

• For other purposes as permitted or required by law. For example, we may use the information we collect to protect the security of that information and our websites or to comply with a legal requirement, if necessary.

We may also request your consent to use your personal information for other specific purposes.

3.5 Sharing Your Personal Information

We may share your personal information as follows:

• With our service providers. We may disclose your personal information to other organizations and businesses that provide services to us for the purposes set out in this Policy, such as mandated professionals in the context of a claim, including private investigators, engineers, architects, environmental consultants, medical professionals, translators, transcriptionists, affiliates, and others. Other service providers who may be provided with personal information include professional services, communications services and mail services. We require these service providers to protect personal information with appropriate security safeguards and to limit their use of personal information to what is necessary to carry out their mandate.

• With persons or entities which we must contact to conduct a pre-employment or tenancy background check: We may disclose your personal information with the references you provided, your former employers, the schools and institutions you represented having attended and entities responsible for the credentials you listed. We may also provide your personal information with any other agencies, administrative bodies and databases which allow us to verify information about you in the context of a background check.

• With our clients: We may disclose your personal information to our clients and business partners where you have consented to such disclosures or where we are otherwise permitted do so by applicable laws.

• In the context of the sale or transfer of our business or other transaction. We may decide to sell or transfer all or part of our business to a third party, merge with another entity, secure our assets or proceed with any other financing or other strategic capital transactions (including insolvency or bankruptcy proceedings), restructuring, share sale or other change in corporate control. We may share your personal information when required for the purposes of such a transaction.

• Other permitted reasons. We may share your personal information when permitted or required by applicable law. This may be the case, for instance, if SCM is under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply SCM’s terms of use and other agreements; or to protect the rights, property, or safety of SCM, SCM’s customers, or others.

3.6 What Are Your Privacy Choices?

By using our services, interacting with us (for instance when you visit our websites, contact or email us), or when applying for a job with SCM, you are providing your consent to the collection, use and disclosure of personal information as set out in this policy. In some cases, your consent may be “implied” i.e. your permission is assumed based on your action or inaction at the point of collection, use or sharing of your personal information. We will generally obtain consent when we want to use personal information for a new purpose, in compliance with applicable privacy laws.

Upon reasonable notice, you may withdraw your consent to the use and disclosure of your personal information by SCM, subject to legal or contractual restrictions. To withdraw your consent, please send us a written request by using the contact information listed in the Contact us section below. Withdrawing your consent may impact the services we are able to provide to you.

3.7 Children

We do not knowingly collect, hold, use or divulge personal information from children under the age of 13, unless a parent, legal guardian or adult representative has consented to it.

3.8 Accessing and Correcting Your Personal Information

SCM respects your right to access your personal information and to request its rectification if it is inaccurate, incomplete or equivocal, subject to any applicable legal restrictions.

You also have the right to obtain more information about SCM’s processing of your personal information, including the categories of individuals who have access to your personal information within our organization and the applicable retention period for your information. To exercise these rights, please use the contact information listed in the Contact us section below.

3.9 How Do We Protect Your Personal Information?

To protect your personal information, we employ organizational, physical and technological safeguards. Our goal is to prevent unauthorized access, loss, misuse, sharing or alteration of personal information in our possession. We also use these safeguards when we dispose of or destroy your personal information.

3.10 How Long Do We Keep Your Personal Information?

We store your personal information for as long as is necessary to provide our services clients and business partners, to manage our business operations, and to comply with our legal and regulatory obligations. Once no longer required, your personal information will be securely destroyed or anonymized (so that it is, at all times, reasonably foreseeable in the circumstances that the information irreversibly no longer identifies you directly or indirectly) in accordance with our Record Retention and Destruction Policy.

3.11 Cross-border transfers of personal information

We may transfer and use your personal information outside of Québec and Canada and in a foreign country (such as Ireland, the United Kingdom, and the United States) with different privacy laws may provide a lower standard of protection for your personal information than your jurisdiction of residence. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country.

3.12 Data Governance

SCM maintains policies and practices which ensure the protection of your personal information, including:

• An internal Privacy Framework that defines the roles and responsibilities of our employees throughout the information life cycle and limits their access to such information on a “need-to-know” basis;

• Internal policies, processes and procedures to support the confidentiality, integrity and availability of personal information;

• A designated Privacy Officer to monitor our compliance with applicable data protection laws;

• Employee privacy and data security training as well as multiple policies and procedures relating to information security;

• Procedures for receiving, investigating and responding to complaints or inquiries regarding SCM’s information handling practices, including any security incidents involving personal information;

• A Record Retention and Destruction Policy governing the retention and destruction of personal information, as mentioned above under How long do we keep your personal information?; and

• Contractual protections and other measures to ensure that service providers with whom we share personal information maintain adequate privacy protections and standards.

3.13 Changes to the Privacy Policy

We may make changes to this policy from time to time. Any changes we make will be effective when we post the revised policy on our websites. If we make any significant changes to the policy, we will post a notice on our websites or contact you to inform you when required by law. By continuing to interact with us after the modified version of the policy has been posted, you are accepting the changes to the policy, subject to any additional requirements that may apply. The “Effective Date” at the top of this policy indicates when it was last updated.

3.14 Contact Us

If you have any questions about how we handle your personal information or if you want to exercise your privacy rights, please contact our Privacy Officer at:

Address: 145 King Street West, Suite 620, Toronto, ON M5H 1J8
Telephone: 877-279-2706
Email: privacy@scm.ca