Table of contents
- SCOPE AND CONSENT
"Customer" : A company that has a business relationship with ORCHESTRO for Us to perform or provide a service or access to our web platform and the services provided by or through it.
"Individual" : You, the person whose data ORCHESTRO has processed, including, an employee of ORCHESTRO, an employee of a Customer, or a person using any ORCHESTRO Service (hereinafter defined).
"Personal Information" : Any data element or combination of data elements that enables the identification of an Individual, including, but not limited to: name, address, human resources data, personal health information, name of your beneficiaries, spouse and dependant, financial information (such as number of bank account), claim history, government identification such as social insurance number, biometric identifier, driver’s license number, credit card number, or bank account number; and any other information provided by you or by your employer that may fall within this category.
"Services" : Include any ORCHESTRO application, product, service, tool, feature, technology, content, website and the services available by or through an ORCHESTRO web platform in order to provide management services and technological solutions to our Customers for an efficient management group insurance and its subscriber’s claims, collective retirement saving plans, human resources, record of employment, payroll and social benefits.
SCOPE AND CONSENT
We are liable for Personal Information We process and for Personal Information We provide to sub-contractors for processing or custody. Accordingly, contractual obligations are used to provide a comparable level of protection to Personal Information that has been transferred to a contractor to be processed. ORCHESTRO’s liability for a third party’s performance of its obligations is set forth in each agreement We sign with our Customers, and We assume liability for the performance of the services and obligations subcontracted to such contractors.
Our Services also involve the transfer of data to third parties (for example, financial institutions, tax agencies, insurance company) as instructed by Customers (usually employers who are our clients and with whom you have an agreement). In these cases, ORCHESTRO does not have a direct relationship with the third party and is not liable for the processing of data in their possession. These third parties have their own independent obligations with respect to the data, usually by operation of law or through contracts with employers.
COLLECTION OF INFORMATION
ORCHESTRO does not collect data indiscriminately; We only collect Personal Information that is necessary to provide our Services and to comply with applicable laws and regulations. Our Services can be used by a variety of industries in connection with their administrative functions, payroll, services, products, and activities, so a broad range of information about you may be uploaded to or sent through our Services through indirect sources (i.e. not provided by you directly) such as employers or benefit providers. Without information about you, we may not be able to provide the Services or the support for Services that you, your employer, benefit provider, or our Customers (third parties with whom you have an agreement) request.
Our Services are not targeted or directed at children under the age of 13 and we do not allow the creation of an Account for them. Personal information about children under the age of 13 is only collected and stored when it is provided by, and therefore with the consent of, the legal guardian and such information is only used for the purposes of providing our Services.
2.2.1 Information We Collect from Other Sources
We may collect information about you from third parties who are authorized to provide that information under the terms of an agreement you have with them or under the terms and privacy policies of their services. Such third parties may include your employer, benefit provider, third-party verification services, mailing list providers, and publicly available sources. Where lawful, this information may include your Social Insurance or other government- issued identification number. In most cases, our Customers (who may be your employer or benefit provider) are responsible for notifying you of the purpose of the information they provide us with and for obtaining your consent when they collect your Personal Information. When Personal Information is transferred to Us through our Services by our Customers, it shall be deemed to have been collected with the appropriate notification and consent. We assume no responsibility for obtaining or validating that appropriate consent has been obtained with respect to data transferred to Us by third parties including organizations and Customers.
2.2.2 Information You Provide
We collect Personal information you provide when you sign up for, or make changes to an Account and when you provide information as part of our identity or account verification process. We also collect information you provide when you respond to our surveys or otherwise communicate with Us.
The information We collect about you includes:
Identification information about yourself and your immediate family members, such as name, personal and work email addresses, mailing address, phone number, photograph, birthdate, Social Insurance Number or other government-issued identification number;
Employment and benefits related information such as hire date, job title, remuneration, performance related data, and benefits, vacation and sick leave entitlements and usage;
Financial information, including bank account numbers;
Tax information, including withholding allowances and tax filing status;
Other historical, contact, and demographic information.
We also collect information you upload to or send through our Services, including:
Information about products and services you may receive (including type of health benefits, corporate benefits and other data);
Information you may provide about you or your business (including appointment, staffing availability, employee, payroll and contact data);
Information you may provide to a benefit provider or employer using our Services.
2.2.3 Information We Collect from Your Use of our Services
We collect information about you when you use our Services, including:
Transaction Information. When you use our Services to make, accept, request or record payments, We collect information about when and where the transactions occur, the names of the transacting parties, a description of the transactions, the payment amounts, the withholding amounts, bank account information and address. When you use our Services to make, accept, request or record employment or benefits related information, We collect information about the type of information provided including type of benefit applied for, sick leave and vacation entitlements available and used;
Location Information. We collect information about the location of your device through our application. To learn how to disable the collection of location information, please see the Section titled “Your Choices” below;
Device Information. We collect specific information about your device when you access our Services, including your hardware model, operating system and version, unique device identifier, mobile network information, and information about the device’s interaction with our Services. We may also identify other software running on the device for malware-prevention purposes but will not collect any content from such software;
Use Information. We collect information about how you use our Services, including your access time, browser type and language, and Internet Protocol (“IP”) address;
Information Collected by Cookies and Web Beacons. We use several technologies to collect information when you use our Services, such as sending cookies to your computer or mobile device and using web beacons. Cookies are small data files that become stored on your hard drive or in your device’s memory when you visit a website or view a message. Among other things, cookies support the integrity of our Services, retain your preferences and account settings, and help evaluate and compile aggregated statistics about user activity. We may also collect information using web beacons which are electronic images that may be used in our Services or emails. Web beacons may be used to deliver cookies, track the number of visits to our website, understand usage and campaign effectiveness, and determine whether an email has been opened and acted upon. To block or delete cookies, please see “Your Choices (Section 8)” below.
2.2.4 Third-Party Analytics
USE OF PERSONAL INFORMATION
We may use information about you to provide, maintain, and improve our Services, such as:
Processing or recording transactions including those related to your employees, employment, or health plans;
Transferring data to third parties designated by Customers (such as banks, the Canada Revenue Agency, and benefit providers) as part of the Services provided to employers;
Displaying historical transaction or usage information;
Developing new Services;
Delivering the information and support you request, including technical notices, security alerts, and support and administrative messages;
Preparing and distributing communications, conducting surveys, collecting feedback about our Services and responding to inquiries;
Improving, personalizing, and facilitating your use of our Services including measuring, customizing, and enhancing our Services, including the design, content, and functionality of our applications and websites, or to track and analyze trends and usage in connection with our Services.
We may use information about you:
To protect our rights or property, or the security or integrity of our Services;
To verify your identity (for example, some of the government-issued identification numbers we collect are used for this purpose);
To investigate, detect, and prevent fraud, security breaches, and other potentially prohibited or illegal activities;
To protect Us, users of our Services or the public from harm or potentially prohibited or illegal activities;
To comply with any applicable law, regulation, legal process, or governmental request;
With our subsidiaries, group companies, contractors and other affiliates, for the purposes outlined in this policy;
In connection with, or during the negotiation of, any merger, sale, transfer or acquisition of company stock or assets, financing, acquisition, divestiture, or dissolution of all or a portion of our business;
With third parties to provide, maintain, and improve our Services, including your employer, health plan and other benefit providers, financial institutions and service providers who access information about you to perform services on our behalf (for example, fraud prevention, identity verification, and fee collection services);
With other users or Customers of our Services with whom you interact through your own use of our Services. For example, we may share information when you make or receive a payment using our Services, file/update leave of absence requests using our Services, or file/maintain health plan claims using our Services;
With your consent;
For any other purpose disclosed to you in connection with our Services.
When required to provide information in response to a legal enquiry, ORCHESTRO exercises reasonable caution to ensure that the order or request is valid and only legally required Personal Information is disclosed. If ORCHESTRO has knowledge that a third party uses or discloses Personal Information in an unapproved manner, ORCHESTRO takes reasonable steps to prevent or stop the use or disclosure.
We also may share aggregated information with third parties that does not specifically identify you or any individual user of our Services.
We may, and we may use third-party service providers to, process and store your information in Canada. If We transfer Personal Information outside a local jurisdiction We do it only with adequate protections in place and in compliance with applicable laws.
Nonetheless, ORCHESTRO cannot guarantee that unauthorized third parties will never be able to defeat our security measures or use your Personal Information for improper purposes. In the event that any information in our possession or under our control is compromised as a result of a security breach, we will take reasonable steps to investigate the situation and, where appropriate, notify those Customers and Individuals whose information may have been compromised and take other steps in accordance with applicable laws or regulations.
For more information about our security practices, please visit https://orchestro.ca/
RETENTION AND DISPOSAL OF INFORMATION
ORCHESTRO retains Personal Information about you only as long as reasonably necessary to provide you and/or our Customers the Services or as legally required. When Personal Information is no longer necessary or relevant for the identified purpose or to fulfil a legal or business requirement, it shall be securely destroyed by making it anonymous in a non-recoverable manner or by electronically erasing it.
ACCURACY OF PERSONAL INFORMATION
NOTICE OF AND CONSENT TO THE COLLECTION AND USE OF PERSONAL INFORMATION
ORCHESTRO provides notice as to the purposes for which Personal Information is collected, used, retained, and disclosed. In most cases, Customers are responsible for notification of purpose and for obtaining appropriate consent when they collect Personal Information and Personal Information that is transferred to ORCHESTRO by our Customers to be processed shall be deemed to have been collected with appropriate notification. ORCHESTRO assumes no responsibility for obtaining or validating that appropriate consent has been obtained in respect of data transferred to ORCHESTRO by organization(s)/Customers. In some cases, ORCHESTRO collects Personal Information directly from the Individual, for example, when Individuals visit an ORCHESTRO website, ORCHESTRO application or when Individuals use certain confidential services. In these cases, ORCHESTRO is responsible for obtaining appropriate consent, except where inappropriate or if the collection is required/permitted by law without consent. Where appropriate, ORCHESTRO describes any choices available within the Services to Individuals and obtains appropriate consent. Individuals who seek to vary or withdraw consent that has been obtained by ORCHESTRO directly may do in writing in the manner set out in Section 9 of this policy. Subject to legal or contractual restrictions, ORCHESTRO shall abide by the withdrawal or variation of consent, and shall advise the Individual of the consequences of a change in the scope of consent. In cases where consent has been obtained by the Customer, the individual will be referred to the Customer. Unless required by law, ORCHESTRO shall not use or disclose Personal Information for any purpose other than the purpose for which it was originally collected without first identifying and documenting the new purpose and obtaining the appropriate consent. Once data has been de-identified, aggregated or summarized it shall no longer be considered Personal Information, and Individuals cannot seek to have their information removed from an aggregated data set, nor is consent for further use required.
YOUR CHOICES :
Personal Information. You may access, change, or correct certain information about you or your family members by logging into your Account at any time, or by contacting your employer (or other appropriate third party), or by making a request to Us as per Section 10 of this policy, in which case we may need to verify your identity and we may need to notify our Customer before granting access or otherwise changing or correcting your information.
Location Information. We may require location information to provide certain mobile applications, so if you do not consent to the collection of this information you cannot use our corresponding Services. You can stop our collection of location information at any time by changing the preferences on your mobile device but please note that certain aspects of our mobile application and Services may no longer function. Also, you may stop our collection of location information via mobile application by following the standard uninstall process to remove all ORCHESTRO mobile applications from your device.
Cookies. When you access or use the Services, our web server may send a cookie to your computer or mobile device (as the case may be). Some cookies we use last only for the duration of your web or application session and expire when you close your browser or exit the application, other cookies last longer and are used to remember you when you return to use the Services. Some cookies used in the Services are set by Us and others are set by third parties who deliver services on our behalf. Most web and mobile device browsers are set to automatically accept cookies by default. You can change your browser settings to prevent automatic acceptance of cookies or to notify you each time a cookie is set. Please note that by blocking or deleting cookies used in the Services, you may not be able to take full advantage of the Services.
Access. Unless ORCHESTRO is permitted or required by law to prohibit access, We make Personal Information available for review and updating, either directly through the self-service feature in our Services, by directing Individuals to the employer or the Customer with whom the Individual has an agreement, for access, or through an access request made to established contacts within ORCHESTRO. Where applicable, Individuals may contact ORCHESTRO in the manner set out in Section 9 of this policy.
ORCHESTRO Assurances et Rentes collectives Inc.
Attention: Privacy Department
450-5700, boul. Des Galeries Blvd,
Québec (Québec) G2K 0H5
Or by email at: email@example.com
or by phone at: 1 (844) 327-7912 x 2
We may request additional details from you and may need to consult with other parties to investigate and address your concern. We aim to respond to all inquiries and complaints within 45 days. We shall investigate all complaints, and if yours is found to be justified, We shall take appropriate measures, including, if necessary, amending our policies and practices. We will keep records of your request and any resolution. If you are dissatisfied with the results of our investigation you may be entitled to contact the Privacy Commissioner in your jurisdiction or to the Office of the Privacy Commissioner of Canada at the address below:
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3