Aviva Canada Inc. and its subsidiary companies (“Aviva”) takes the protection of personal information seriously.
The Privacy Office (“Privacy”) oversees compliance with this Policy and privacy legislation. There are also dedicated Privacy Champions within each business unit to help ensure your privacy is protected.
Whose personal information does Aviva collect, use, and disclose?
Most of the personal information collected relates to the individual who purchased a policy with Aviva but may also extend to other individuals as well such as a joint policyholder, or third-party individuals who file a claim against an Aviva policyholder
In addition to that, we may also ask for personal Information about other individuals such as other household or family members you are asking Aviva to insure.
If you provide us with personal information about someone else, we will assume you have obtained their permission, where required. This Policy will also apply to their personal information, so you are encouraged to have them read it to ensure their understanding.
How does Aviva get my consent to use my personal information?
Aviva’s collection, use and disclosure of your personal information is based on your consent. Consent can either be express or implied. It may also be obtained by third parties collecting information on Aviva’s behalf. See the “what third parties are involved in the collection, use and disclosure of my personal information” section below for further details.
Express consent means that you have provided your consent verbally or in writing such as on a call with a handler, through a website tick box or signing your name on an application. Implied consent means that your consent can be inferred, including from your actions and the nature of your relationship with us. Whether we obtain your express or implied consent depends on the sensitivity of the information and the circumstances.
Occasionally, we may not require your consent to collect, use or disclose your personal information under privacy legislation. These may be in situations such as, when we are investigating fraud or breach of your insurance contract, conducting surveillance, or responding to a court order.
What personal information does Aviva collect, use, and disclose?
The personal information collected, used, and disclosed includes:
- General data – includes your name, date of birth, marital status, country of residence and your relationships to other people, e.g., family members on a joint insurance policy;
- Contact data – includes your address, telephone number and e-mail address;
- Identification data – includes government issued identification numbers, e.g., your driver’s license number and social insurance number.
- Product data – includes information about quotes, policies and claims, any other information relevant to your Aviva products, including policy and claim history, and any information relevant to your eligibility in a group plan, including educational background, professional association membership and employment details;
- Claims data – if a claim is made under an insurance policy, this includes information about the claim collected from you and relevant third parties, e.g., adjusters, assessors, medical professionals, and service providers (medical information), employers (employment information), education institutions (educational information), experts, witnesses, the police and private investigators, and other third-party vendors;
- Fraud and sanctions related data – includes information obtained as a result of our investigations, e.g., conducting checks of publicly available sources and information obtained from checks of fraud databases and sanctions lists;
- Vehicle and driving-related data - includes driving license type, driving convictions, prior motor vehicle claims, prior motor vehicle insurers, vehicle plate number, vehicle mileage, vehicle feature information, vehicle identification number, theft prevention and tracking data, dashcam footage and telematics data, including Aviva Journey.
- Data about your property – includes information about occupiers, property valuations, surveys, the value of your property contents, the design and structural layout of your property.
- Financial data – includes credit and payment card numbers, bank account details, payment information, tax information, details of income, assets, liabilities, and mortgages;
- Credit assessment data – includes information received from credit agencies, e.g., credit rating and details of bankruptcy orders, voluntary arrangements, and court judgments;
- Vulnerability data – information that helps us identify if you might have additional support requirements in order for us to better meet your needs;
- Authentication data – includes account log-in information, passwords, and memorable data for accessing your Aviva accounts;
- Telephone recordings and online chat transcripts – information obtained during recordings of telephone calls or online chats with our representatives and call centers;
- Marketing and communication preferences, and customer feedback – includes marketing and communication preferences, complaints, and details of your customer experience;
What are the reasons that Aviva collects, uses, and discloses my personal information?
The main reasons for collecting, using, and disclosing your personal information is to:
- Communicate with you and other individuals using your preferred method of communication, e.g., phone, email;
- Underwrite and price your policy application and any subsequent policy changes or renewals, including using automated decision making and profiling data to determine your insurance risk;
- Investigate and settle claims, including whether to pay your claim or pursue any losses against you or a third party;
- Validate your claims and driving history, including upon application for insurance, in the event of an incident or a claim, or mid-term adjustment, or at a time of renewal;
- Process payments when you purchase a product or service and any refunds;
- Provide products and services including insurance administration, determine eligibility for payment plans, taking payment, making changes where requested or necessary, managing renewals, claims assessments, settlements and dispute resolution and the provision of our applications and other technologies, e.g., telematics;
- Manage relationships with third parties, e.g., brokers, insurance intermediaries, insurance representatives and service providers;
- Keep your representatives informed such as providing your broker, insurance intermediary or insurance representative with information about the status of your claims;
- Prevent, detect, and investigate fraud and other crime, including by conducting fraud, sanctions and anti-money laundering checks, verifying your identity and information provided, conducting private investigations, using technologies to confirm vehicle identification number (VIN) authenticity, searching online and social media sites, and sharing fraud related information with industry bodies and other insurers;
- Improve our products and services, provide staff training, and maintain information security, including by recording and monitoring telephone calls;
- Provide you with marketing information;
- Conduct customer analysis, market research and focus groups, including customer segmentation, campaign planning, creating promotional materials, measuring ad effectiveness, gathering customer feedback and customer satisfaction surveys;
- Conduct data science analysis and research, including to ensure data accuracy and quality, for insurance risk and fraud modelling, and product and pricing refinement;
- Manage complaints, including to allow us to respond to any current complaints, or challenges you or others might raise later, for internal training and monitoring purposes and to help us to improve our complaints handling processes;
- Manage our business operations and analyze business results, including by conducting internal audits, quality assurance and training, financial analysis, and accounting, producing management information and performing administrative activities in connection with the services we provide;
- Manage our risk, including by taking out and maintaining appropriate insurance and reinsurance;
- Comply with applicable legal, regulatory, and professional obligations, including reporting to regulatory bodies, government authorities, industry entities and data sharing agencies, as well as to comply with law enforcement and to manage legal claims or act as required by law;
- Establish, enforce, and defend our legal rights or those of third parties, including enforcing terms and conditions, pursuing available remedies, and limiting our damages;
- Buy, sell, transfer, or dispose of any part of our business.
From whom does Aviva obtain my personal information?
Personal information is obtained directly from you, including from insurance application and claims forms that you complete, communications between you and Aviva, your participation in promotions and market research, your use of our applications and websites, as well as details from the devices you use to interact with those applications and websites. Where you are a joint policyholder or otherwise a beneficiary under a policy, we will also obtain personal information from the policyholder.
We may also obtain personal information from third parties. See the next section for further details.
What third parties are involved in the collection, use and disclosure of my personal information?
Third parties that may be involved in the collection, use and disclosure of your personal information include:
|Third parties that provide us with information||Third parties that use information on our behalf||Third parties to whom we disclose / communicate information|
|Insurance brokers, insurance intermediaries, insurance representatives or one of our business partners, who help us arrange, distribute, sell, manage, and underwrite our products and who provide insurance services.||X||X||X|
|Online quoters where you have used these online sites to obtain insurance quotes.||X||X||X|
|Third party service providers, including loss adjusters, autobody shops, roadside assistance providers, home restoration providers, healthcare professionals, claims handlers, legal professionals, accountants, vehicle theft tracking and recovery services, financial institutions, auditors, professional service firms, experts, and private investigators.||X||X||X|
|Third parties involved in a claim, including other insurers, brokers, insurance intermediaries, insurance representatives, claimants, and witnesses to an accident.||X||X|
|Credit reporting agencies, such as TransUnion.||X||X|
|Automobile manufacturers who may provide us with manufacturing details about the vehicles you drive.||X||X|
|Financial crime detection agencies, sanctions check providers and third parties who maintain fraud detection databases, conduct fraud modeling, or provide assistance with investigation in cases of suspected fraud.||X||X||X|
|Government agencies and regulatory bodies, including the police, the courts, provincial ministries of transportation.||X||X|
|Regulators, including the Office of the Superintendent of Financial Institutions (OSFI), the Canadian Council of Insurance Regulators (CCIR), privacy regulators and provincial insurance and financial service regulators.||X||X|
|Insurance industry bodies, including the Insurance Bureau of Canada (IBC), Équité Association, the Facility Association.||X||X||X|
|Insurance industry policy and claim history databases, including AutoPlus, CGI Inc. and DASH (Driver and Auto Search History).||X||X||X|
|Publicly available sources including Statistics Canada (e.g., census data).||X|
|Our reinsurers, who provide reinsurance services to us in respect of risks underwritten by Aviva, or insurers who insure Aviva under our group insurance policies.||X||X|
|Management consultants, data analysts and providers of data science services who support us with developing our products and prices and measuring the effectiveness of marketing.||X||X|
|IT and administrative service providers, including those who help operate our IT and back-office systems and our information security controls, and card payment processors.||X||X|
|Providers of marketing and advertising services, including media agencies, fulfilment partners, social media and other online platforms and advertising technology companies.||X||X||X|
|Third parties who provide rewards or incentives in relation to programs or products we offer.||X||X||X|
|Third parties in connection with any sale, transfer, or disposal of our business.||X|
|Third parties in connection with any acquisition of a business by us.||X||X|
What are Aviva’s retention and destruction policies?
The specific retention period for your personal information will depend on your relationship with us and the reasons we hold your personal information.
To support us in managing how long we hold your data, we maintain a records retention policy and schedule, which includes guidelines on maximum retention periods and deletion.
As soon as personal information reaches its maximum retention period, steps are taken to either destroy or anonymize the personal information.
Is my personal information being transferred outside of Canada or between provinces?
Aviva, or third parties acting on our behalf, may need to transfer personal information outside of Canada or between provinces, including outside Quebec.
When transferring personal information internationally or interprovincially, we take steps to ensure the transfer is carefully managed to protect your privacy rights and that adequate safeguards are in place, including through contractual obligations with the party we are sending your information to.
The international jurisdictions where personal Information may be collected, used, disclosed, and stored outside of Canada include, but are not limited to, the United Kingdom, the European Union, and the United States of America. Personal information may be subject to the laws of these jurisdictions and may be accessed by the courts, law enforcement, governments, and national security services of that jurisdiction.
For information about our policies and practices regarding foreign transfers of personal information, please contact our Privacy Office (contact details below).
How is my personal information involved in automated and exclusively automated decision making?
We may use exclusively automated processes or those that involve a substantial degree of automation to make decisions. These automated processes may help us make predictions, including about your insurance risk, the likelihood that a claim will be made and its value, and the likelihood that a claim might be fraudulent. Automated decisions may also help us to determine the eligibility for your policy, the terms of the policy and the premium, including on renewal. Some renewals may be exclusively automated.
See the “how does Aviva handle my data rights” section for details on how you may learn more and submit observations about how your personal information is used to make exclusively automated decisions.
How does Aviva handle my data rights?
You have legal rights under privacy legislation in relation to your personal information.
We may ask you for proof of identity when you make a request to exercise any of these rights. We do this to ensure we only disclose information to the right individual.
We aim to respond to all valid requests within 30 days. It may take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than 30 days. We may also ask you to provide more details about what you want to receive or are concerned about.
We may not always be able to do what you have asked. This is because your rights will not always apply, e.g., if it would impact the privacy of others, or if the law allows us to deal with the request in a different way. We will always explain to you how we are dealing with your request. In some circumstances, such as withdrawal of consent, exercising a right might mean that we can no longer provide our products or services to you.
For all data rights requests, please contact our Privacy Office (contact details below).
How do I make a request for access?
You may ask us for a copy of your personal information together with details about how we use your information. This is commonly known as an ‘access request.’
This is not an absolute right and there may be circumstances where we will not be able to comply with your request. If this is the case, we will provide you with details about our refusal.
If you wish to make an access request, you must do so in writing. Please direct such written requests to our Privacy Office.
There may be fees associated to the transcription, reproduction, or transmission of the information you requested; in which case we will advise you of the approximate cost in advance.
How do I amend my personal information?
We do our best to ensure that your personal information is accurate and kept up to date. If you believe your information is inaccurate or incomplete, please contact our Privacy Office to request that we amend or correct it.
How do I withdraw my consent?
You are free to withdraw your consent at any time. However, this is not an absolute right, and we must balance your request against other factors such as legal, contractual, or regulatory requirements.
You must be aware that if you wish to withdraw your consent in a circumstance where it is required in order for Aviva to provide you with a particular product or service, Aviva may no longer be able to provide that product or service to you.
For further details on how to withdraw consent, please contact the Privacy Office (contact details below).
How do I make a complaint or challenge compliance?
If you feel at any time that we are not complying with our Policy or privacy legislation, or you are not satisfied with the handling of your personal information, please write to our Privacy Office (contact details below).
If we are unable to resolve your privacy concerns or complaints, you have the right to contact the Privacy Commissioner of Canada or the applicable provincial privacy commissioner. Our Privacy Office will provide this contact information on request. We ask that you please attempt to resolve any issues with us before contacting any privacy commissioner.
How do I learn more or make observations about exclusively automated decisions?
If you would like to know more about how your personal information is used to make decisions based exclusively on automated processing or would like to provide us with comments or observations about our use of exclusively automated decisions, please contact our Privacy Office.
How do I contact Aviva’s Privacy Office?
If you have any questions about this Policy or want to exercise your privacy rights, please contact our Privacy Office or Privacy Officer, Lori DeAcetis.
Privacy Office, Aviva Canada Inc.,
10 Aviva Way, Suite 100
Markham, ON L6G 0G1
Email us: firstname.lastname@example.org
Call us (toll-free): 1.844.398.2009
Updates to the Policy
This Policy is updated from time to time to take account of changes in our business activities, legal requirements and to make sure it is as transparent as possible, so please check back here for the current version. You can see when this Policy was last updated by checking at the top of this page.
Updated September 2023