Alert Bar message
Pembridge Logo Banner

Pembridge Privacy Policy

August 2018


Pembridge Insurance Company (“Pembridge”) is committed to protecting your privacy. We collect information from you – including Personal Information - based on the insurance products you wish to learn more about, the insurance products you apply for, the way you pay for your insurance policies, and, in the event of a claim, the claims services you require. Please read this Privacy Policy to learn more about how we handle your Personal Information and privacy concerns.

What is Personal Information?

Personal Information is information about an identifiable individual. Personal Information includes facts, which, when combined with other information, can identify an individual. It can include:

  • Contact information (name, address, telephone number, email address)
  • Date of birth
  • Marital status
  • Information about your residence, like square footage or mortgage holder information
  • Driver’s licence information
  • Information about your vehicle and driving behaviours such as Vehicle Identification Number (VIN), prior accidents/highway traffic violations, if enrolled in our My_BRIDGE program, time of use and driving activity (e.g. hard stops)
  • Bank account information
  • Credit card number

If we collect information that is appropriately and properly connected to an identifiable individual, we then consider it to be Personal Information and it will be subject to this Privacy Policy.

Personal Information does not include information that cannot identify an actual individual.

What Personal Information does this Policy apply to?

This Privacy Policy applies to Personal Information collected by Pembridge.

If we receive Personal Information or non-Personal Information that is linked to Personal Information from a company with which we maintain a business relationship, this Privacy Policy will also apply to it.

Please refer to your Brokerage’s website or contact your Brokerage representative for a copy of their Privacy Policy.

How is my Personal Information used?

The Personal Information we collect is used to:

Provide Products and Services

When your Broker provides your Personal Information to Pembridge, this allows Pembridge to:

  • Evaluate your coverage needs
  • Assess risk and underwrite insurance risks
  • Verify your identity
  • Verify the ownership of real and personal property
  • Provide a quote for insurance to you through your Broker
  • Send policy documents, renewal offers, policy change information, and any other administrative documentation regarding your policy or policies
  • Process payment for your insurance policy or policies
  • Communicate with your Broker, solicit feedback regarding our products and services, and respond to inquiries made on your behalf
  • Adjust and investigate claims, including the co-ordination of medical assessments and review of records containing Personal Health Information
  • Settle claims

Comply with Legal Obligations

As an insurance company, Pembridge must comply with applicable federal and provincial legislation and regulations. Various statutes and regulations have reporting requirements, which may require Pembridge to disclose your Personal Information to government agencies or bodies.

Conduct Business Operations, Market Research and Advertising

Pembridge collects Personal Information in order to:

  • Provide secure premises for its customers, employees, and the public
  • Manage and upgrade Pembridge websites, policy systems and apps
  • Verify data, conduct data analysis, and compile statistics
  • Determine premiums for insurance products
  • Assess risk and consumer behaviour to understand current and future consumer interests
  • Develop products, services and events
  • Collaborate with strategic business partners via third party vendors to market insurance, auto, home and related products and services.
  • Promote, advertise or market products, services, discounts and events offered by Pembridge or companies with whom Pembridge maintains business relationships
  • Detect, prevent, and suppress fraud and other illegal activity

Special Note Regarding Personal Health Information

If Pembridge collects Personal Health Information, as defined in law, either from you or from a Third Party with your prior written consent, it will be used for the adjusting and management of your claim. Pembridge does not use Personal Health Information for any purpose other than in relation to a claim made by you.

How is my Personal Information collected?

From You:

Most of the Personal Information we collect comes from your Broker, either over the telephone, in writing, through Pembridge application or through a third party application. You provide your consent to your Broker, either verbally, in writing, or electronically, for the collection, use and disclosure of your Personal Information in accordance with this Privacy Policy, and, depending on the circumstances, for other purposes identified prior to the collection of your Personal Information. We may also collect, use and/or disclose Personal Information about you from Government Bodies and Third Party Service Providers.

When you use Pembridge’s website or Pembridge’s portal, we may use cookies, web beacons, or other technologies to store non-personal information to Analyze browsing behaviour to improve our online content.

If you choose to delete or disable web-based technologies that monitor your browsing behaviour, you may not be able to take advantage of some features of Pembridge’s websites. Please refer to the applicable Terms of Use to learn more.

From Government Bodies and Law Enforcement Services:

If you apply for insurance with Pembridge, we may also collect Personal Information for verification and investigation purposes from government bodies and law enforcement services. Personal Information we collect from these sources may include:

  • Motor vehicle records;
  • Driving history records;
  • Vehicle ownership records;
  • Records regarding the identity and existence of lienholders, leaseholders, and mortgage holders;
  • Motor Vehicle Accident records;
  • Decoded provincial health insurance billing records;
  • Witness statements

From Third Party Service Providers:

Pembridge may also collect Personal Information from third party service providers, including but not limited to:

  • Industry data banks
  • Third party websites where you have entered your Personal Information for the purpose of receiving an insurance quote or marketing materials
  • Credit reporting agencies
  • Property inspectors
  • Healthcare providers
  • Information technology support providers
  • Claims Support and Investigation Services

Video Surveillance

For the safety of the public, Pembridge customers, and Pembridge employees, our premises may be outfitted with video surveillance systems. Video surveillance is collected strictly for security purposes and will not be disclosed to Third Parties unless required by law except in efforts to prevent fraud.

Can I withdraw my consent to the use of my Personal Information?

When you apply for insurance, you consent to the collection, use, and disclosure of your Personal Information for the purposes listed in the application, and for the purposes set out in this Privacy Policy. If and when you share information about additional household members and/or additional drivers, you confirm that these individuals have consented to the collection, use, and disclosure of their Personal Information for the same purposes.

You may, at any time, withdraw consent to the use of your Personal Information, subject to certain limitations, which may vary depending on whether you are a current Pembridge policy holder or have an ongoing claim with Pembridge:

I Am Not Yet Insured With Pembridge
If you are not already insured with Pembridge and you withdraw your consent to the use and/or disclosure of Personal Information, Pembridge will not be able to offer you an insurance policy.

I Am A Pembridge Policyholder
If you are insured with Pembridge, you may not withdraw your consent to the use or disclosure of your Personal Information contained on an Application for Insurance; Personal Information required for the administration of your policy; or Personal Information required for the processing of any claim(s). Pembridge cannot continue to insure individuals who do not consent to the use and disclosure of Personal Information required in any Application for Insurance. Further, in order to adjust claims, Personal Information, including but not limited to Personal Health Information, may be required. Insurance legislation and/or regulation in your province of residence contain provisions which govern your obligation to provide information to your insurer in the event you make a claim for coverage from your insurer. This information may include Personal Information.

I Am No Longer Insured By Pembridge and I Do Not Have Any Ongoing Claims
If you were insured with Pembridge in the past and you do not have any ongoing claims, you can choose to withdraw your consent to the use and/or disclosure of your Personal Information after your policy has been terminated and any claims have been fully resolved. Please note, however, that you may experience inconsistency in your premium with future insurers because we will be unable to verify your previous Pembridge policy and/or claim history during your insured term(s) with us.

Is my Personal Information disclosed to others?

We do not sell your Personal Information to Third Parties.

We may disclose Personal Information to the following Third Parties:
a) Other insurance companies
b) Consumer reporting agencies
c) Insurance industry databanks
d) Vehicle history databanks
e) Government bodies
f) Educational and research institutions
g) Benefit providers, contractors, and repair services
h) Adjusting, claims support, and legal service providers
i) Healthcare professionals and assessment facilities
j) Law enforcement agencies and/or bodies
k) Information technology support service providers
l) Payment processing providers
m) Telematics service providers
n) Select businesses with which Pembridge maintains relationships or with whom Pembridge has marketing agreements

Only relevant Personal Information is disclosed to these parties for the purposes identified in this Privacy Policy. We do not disclose all Personal Information to all Third Parties. We only disclose Personal Information that is required by the Third Party for the fulfillment of a purpose that is specifically relevant to them.

Pembridge may use affiliated service providers outside of Canada, including the Northern Ireland and India, who may have access to your Personal Information. Only individuals authorized to perform specified services will have access to your Personal Information.

Should there be a legal requirement, it is our policy to disclose Personal Information only when and to the extent legally required.

What measures do you take to ensure that my Personal Information is protected?

Pembridge complies with all federal and provincial legislation regarding the collection, use, disclosure and protection of Personal information.

Pembridge develops and maintains physical, procedural, and technical security measures to protect against theft, loss, and/or unauthorized access, use, alteration, destruction, or disclosure of Personal Information. These measures apply to our Corporate Head Office, agencies, storage facilities, and property.

The following are some examples of what we do to protect Personal Information:

  • Only Pembridge employees have access to Pembridge premises or property that contain Personal Information. All others must be escorted by a Pembridge employee.
  • On an annual basis, all Pembridge employees must acknowledge and agree to Pembridge’s internal Code of Ethics, which includes a Privacy Policy and Information Security Policy. Employees who violate Pembridge’s internal Code of Ethics are subject to disciplinary measures.
  • Only necessary Personal Information is made available to Pembridge employees or Third Party Service Providers who require it in order to perform one or more of the purposes identified in the Privacy Policy. In such cases, the Personal Information made available is required in order to fulfil the purpose which is related to the employee’s job description or Third Party Service Provider’s scope of retention.
  • Electronic devices, including computers and mobile devices, are password protected and passwords must be changed on a regular basis
  • Before entering into agreements with Third Party Service Providers, Pembridge evaluates whether security standards and data handling procedures satisfy its requirements.
  • Pembridge requires Third Party Service Providers that it contracts to enter into confidentiality agreements and/or agreements which have clauses concerning confidential information.
  • Personal Information located offsite is stored in a secure location
  • Pembridge premises are outfitted with surveillance cameras
  • Security audits are conducted on information technology systems on a regular basis

What measures are in place to protect my information and/or address a concern?

Pembridge has a Privacy Incident Response Process that is triggered when there is suspected privacy incident involving the loss, theft or unauthorized access, disclosure, copying, use or modification of Personal Information. The Privacy Incident Response Process is activated regardless of the source of the notification.

The Privacy Incident Response Process involves, but is not limited to:
1. The implementation of immediate additional protective action extending to all affected Personal Information;
2. Assessment of which teams, locations and business units should be notified and/or involved;
3. Investigation into the causes of the incident and the exposure(s) that have taken place and/or may have taken place.
4. Notification of affected individuals so that necessary changes can be made to prevent further unauthorized

How long do you keep Personal Information?

Our current Record Information Management Practices are under review. Our target completion date of this review is January 2019.

As part of our Record Information Management Practice Review, we are determining appropriate retention periods which consider legal requirements and the purposes for which Personal Information was collected.

Regardless of whether you are a Pembridge customer, Pembridge protects the privacy of your Personal Information in accordance with our Privacy Policy and all applicable laws.

Where is my Personal Information stored?

The majority of our records are stored in the province in which you do business with us. Personal Information that you provide when applying for insurance or when making claim is kept in a designated file or record specific to you.

Hard copy records may be maintained at our head office in Markham, Ontario at a Pembridge office, or at a secure storage facility.

We keep Personal Information in electronically recorded formats on our servers in Canada. Some Personal Information is also securely transmitted in electronic formats to Pembridge Insurance Company servers in the United States of America. Allstate Insurance Company, Pembridge’s parent company, has strict security standards in place for the transmission and storage of all data. Information stored in the United States of America is subject to the laws and regulations of the United States of America.

From time to time, Pembridge may contract a Third Party Service Provider with servers in other jurisdictions in Canada and the United States. Any Third Party Service Provider we contract is required, at a minimum, to have the same security measures in place as we do. Our vendor selection is rigorous to ensure secure and appropriate protection of data, including Personal Information. Third Party Service Providers must agree to confidentiality clauses that safeguard Personal Information in any contract with Pembridge.

Who do I contact if I want a copy of my Personal Information?

Pembridge will make reasonable best efforts to provide you with Personal Information that you request. You are entitled to be informed of the existence, use, and disclosure of your Personal Information, subject to certain legal caveats. Pembridge may decline access to Personal Information where it would reveal Personal Information about another individual; if legal or regulatory requirements prohibit Pembridge from providing access to it; or if the Personal Information at issue is privileged as a result of legal proceedings.

For inquiries regarding access to your Personal Information, please contact Privacy Office. The Privacy Office is pleased to provide you with a right of access and review of your Personal Information in compliance with applicable law, and will make every effort to provide the Personal Information you have requested in a timely manner. You will be required to verify your identity before any of your Personal Information is released. In the event that there is any misinformation in your Personal Information, you are entitled to be given an opportunity to correct it.

Privacy Office


Telephone (Toll Free): 1-855-877-4080
905-946-7735

Mail or Courier:
Privacy Office, 27 Allstate Parkway, Suite 100, Markham, ON L3R 5P8

ombudsman@helpforyou.ca

Who do I contact if I have a privacy complaint?

If you have a privacy complaint, please contact the Privacy Office
Telephone (Toll Free): 1-855-877-4080
905-946-7735

Mail or Courier:
Privacy Office, 27 Allstate Parkway, Suite 100, Markham, ON L3R 5P8

ombudsman@helpforyou.ca