At YourHSA, we are dedicated to protecting your privacy and safeguarding your personal and business information.
YourHSA follows comprehensive privacy policies and security practices in compliance with laws and to support our commitment of trust through integrity in everything we do.
Any personal information you do provide is protected under the federal Personal Information Protection and Electronic Document Act (PIPEDA) or British Columbia's or Alberta's Personal Information Protection Act. This means that, at the point of collection, you will be informed that your personal information is being collected, the purpose for which it is being collected and that you have a right of access to the information.
Our Privacy Principles
We are firmly committed to safeguarding your confidentiality and protecting your personal and business information. The principles that follow apply to all of our dealings with you.
Use of Information
Sharing of Information
Safety of Information
Accuracy of Information
Right to Access
Choice and Consent
We are responsible for the personal information we collect and we have designated a Privacy Officer who is accountable for our compliance with applicable privacy legislation.
When YourHSA enters into a service agreement with a third party for the delivery of customer products and services, it uses contracts or other means to ensure that the practices of the third party with regard to privacy protection are compatible with those of YourHSA.
YourHSA may gather personal information directly from you, from insurance brokers or general agents, from health specialists, hospitals, clinics or other facilities of a medical or paramedical nature, from insurance companies, from any other organization or person that maintains files or personal information on you. When you request products or services, we will ask you to provide only the information that enables us to complete your request, to provide better service or to offer you products and services we believe you might be interested in.
Information essential for fulfilling our services includes:
- Information establishing your identity, such as your name, address, phone number, title, business phone number, email address, date of birth, social insurance number (if applicable for tax purposes), and account numbers;
- Information related to transactions arising from your relationship with and through us, and from other software providers, third party administrators, insurers, brokers and general agents;
- Information you provide on an application for the provision of our products and services, such as your annual income, place of employment, date of birth, medical history and dependant information;
- Information about financial behaviour such as your payment history and credit worthiness.
- Information about your health may be collected for insurance products and services.
- Information pertaining to business clients will include your business name, address, phone number, email address, industry type, detail(s) on the owner(s), operator(s) and director(s).
- Additional information may be requested to help us determine your eligibility for products and services that we offer.
Providing us with your information is always your choice. However, in dealings involving insurance and related financial services, your decision to withhold particular details may limit or prevent us from providing the products or services you have asked for.
We are continuously striving to improve our service offerings to you. Therefore, we routinely collect non-personal aggregate information from surveys, public archives and Web sites to help us understand the interests of our clients and to manage our risks.
Use of Information
We use your personal for the purposes communicated to you in your agreement(s) with us, for example to:
- Verify your identity;
- Provide you with the products and services requested;
- Communicate to you any benefit, feature and other information about products and services you have with us;
- Respond to any special needs or inquiries you may have;
- Better understand your situation and determine your eligibility for products and services we offer;
- Manage our risks and operations;
- Meet regulatory and legal requirements.
- If we have your social insurance number, we may use it for tax related purposes. We may also share it with credit reporting agencies as an aid to identify you.
- We may communicate with you through various channels including telephone, computer or mail using the contact information you have provided.
- With your consent, we may use your information to promote our products and services and that of third parties we select, which we believe you will be interested in.
- If you deal with multiple YourHSA companies (e.g. Your HSA Inc, Your Financial Solutions Inc, Your HSA Group Inc), we may, where not prohibited by law, consolidate all information to better manage our business and the relationship we have with you.
- If for any reason your information is required to fulfill a different purpose then that of your original intent, we ask for your consent before we proceed.
Note that sensitive information such as health or financial records will never, under any circumstances, be shared or used for a purpose other than that of the original intent.
Sharing of Information
Under certain circumstances, your personal information may be shared among YourHSA companies or other third parties.
Sharing your personal information among YourHSA companies, can allow us to help you achieve your goals. It's part of building and maintaining a positive relationship with you. We may use this information to better understand your needs and to promote products and services we believe may interest you.
This would only be done with your consent. We may communicate with you through various channels, including telephone, computer or mail, using the contact information you have provided. However, if you would prefer that we not share your information among our group of companies or if you do not wish to receive special offers promoting products and services, kindly let us know by following the instructions in Consent and Choices.
If you choose not to have your information shared, you will not be refused services, for that decision. We will respect your choice and may advise other YourHSA companies of your preference for the sole purpose of honoring your choices.
We may share your information with other YourHSA companies:
- With your consent;
- For the purposes of fraud or crime prevention, suppression or detection;
- To enable YourHSA companies to meet regulatory, legal, financial or other reporting obligations;
- As permitted or required by law.
Access to your information is restricted to authorized employees who have a legitimate business purpose for accessing it. For example, when you call us, visit us, or email us, designated employees will access your information to verify that you are the account holder or plan member and to assist you in fulfilling your requests.
Unauthorized access to and/or disclosure of your information by an employee of YourHSA is strictly prohibited. All employees are required to maintain the confidentiality of your information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
Outside Service Suppliers
We may use service providers to perform specialized services on our behalf such as customer service, claims adjudication, trust fund financial management, research, marketing, mail distribution or data processing. Our service providers may at times be responsible for processing or handling personal information. They are provided only the information necessary to perform the services. In addition, we require them to protect the information in a manner that is consistent with our privacy policies and security practices.
In the event our service provider is located in a foreign jurisdiction they are bound by the laws of the jurisdiction in which they are located and may disclose personal information in accordance with those laws.
Other Third Parties
We are committed to keeping your personal information confidential. We will only share your information with other third parties as indicated under your specific agreement with us and under the following special circumstances:
- To respond to valid and authorized information requests from domestic and international authorities;
- As permitted or required by law, to comply with laws, regulations, subpoena or court order;
- To help prevent fraud;
- To protect the personal safety of employees, clients or other third parties on YourHSA property.
Safety of Information
Ensuring your confidentiality by protecting your personal and financial information is fundamental to the way we do business. This commitment extends to our online services and any new technologies we employ.
Protecting your personal, business and financial information and safeguarding you from fraud are among our highest priorities. In addition to our stringent Privacy practices, we employ a diverse range of technologies and security mechanisms to ensure the safety, confidentiality and integrity of your information and transactions.
Whether you are communicating with us using email, in person or by telephone, our privacy principles, and security mechanisms, ensure that your personal information and your confidentiality are protected at all times.
Unencrypted email is not secure. We recommend that where possible, you use the secure email function (e.g. Message Centre) provided within some of our online services to communicate with us. Otherwise, you can contact us, to find out your options for secure communications with us.
At no time should you include personal or confidential information in an unencrypted email.
To help our customers recognize fraudulent email and websites pretending to represent a legitimate company, YourHSA will never ask you to provide personal, login or account information through unsolicited email. Should you receive an email requesting this type of information, do not respond.
If you receive an unsolicited call that claims to be from YourHSA, requesting account or other personal information, do not respond. Instead, discontinue the call and independently verify the phone number. Only call back once you have ensured it is a legitimate YourHSA phone number.
We use several layers of proven security technologies and processes to provide you with secure online access to your account and information. These are continuously evaluated and updated by our experts to ensure that we protect you and your information. These include:
Secure Socket Layer (SSL) Encryption
When you successfully login to our secure website using an authentic user ID and password, our web servers will establish a secure socket layer (SSL) connection with your computer. This allows you to communicate with us privately and prevents other computers from seeing anything that you are transacting, so you can conduct online business with us safely. SSL provides 128-bit encrypted security so that sensitive information sent over the Internet during online transactions remains confidential.
To protect our users, we provide secure private websites for any business that users conduct with us. Users login to these sites using a valid username and a password. Users are required to create their own passwords, which should be kept strictly confidential so that no one else can login to their accounts.
We use a multi-layered infrastructure of firewalls to block unauthorized access by individuals or networks to our information servers.
Computer Anti-Virus Protection
We are continuously updating our anti-virus protection. This ensures we maintain the latest in anti-virus software to detect and prevent viruses from entering our computer network systems.
The information you send to one of our secure private websites is automatically verified to ensure it is not altered during information transfers. Our systems detect if data was added or deleted after you send information. If any tampering has occurred, the connection is dropped and the invalid information transfer is not processed.
Accuracy of Information
We do the utmost to ensure the information we have about you is accurate and complete. As we make decisions based on the information we have, we encourage you to help us keep our information current. Contact us at any time if you wish to verify the accuracy or update the information we have about you.
Right to Access
In the normal course of business, you receive periodic access to information in the form of transaction activity records, including account statements and claim confirmations. This information is routinely available to you through mailings, secure online sites and telephone.
If you want to verify the accuracy of other personal information we hold about you, you may submit a written request to us to obtain access to such information. To avoid delays in obtaining your information, please provide sufficient detail to permit us to identify you and the specific information that you are requesting.
Please note that there may be instances where access may be restricted as permitted or required by law. Examples may include information that is subject to legal privilege, information containing confidential commercial information and information relating to a third party. If applicable, we will advise you of the reasons for restricting access subject to any legal or regulatory limitations.
If you have any questions about our privacy policies and how they relate to you please contact us.
Choice and Consent
You are always in control of your personal information. If you do not wish to receive promotional materials from us or you do not want your personal information shared with other YourHSA companies, simply contact us.