Privacy Policy

Effective date:  September 1, 2025

ECG Insurance Limited Partnership (“ECGILP”, “we”, “us”, or “our”) is committed to protecting your privacy and ensuring the confidentiality and security of your personal information.

This Privacy Policy (“Policy”) explains how we collect, use, disclose, retain, and protect personal information in connection with the benefits products and administrative services we provide. It also outlines your rights and how you can exercise them.

Our privacy practices are guided by the Canadian Standards Association’s Model Code for the Protection of Personal Information and comply with applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and relevant provincial legislation.

Not all sections of this Policy apply to every individual.

The type of personal information we collect and how we use it depends on your relationship with ECGILP—for example, as a website visitor, plan member, claimant, employer, union, association, or service provider.

1. Scope

This Policy applies to all personal information collected, used, or disclosed by ECGILP in the course of providing benefits products and services, including but not limited to:

  • Member, claimants and policyholder communications;
  • Employers, unions, trustees, organizations, and associations;
  • Enrollment, claims, and benefits administration;
  • ECGILP operated websites, portals, and digital tools;
  • Paper-based or electronic correspondence;
  • Customer service interactions;

ECGILP may delegate certain administrative or claims-handling functions to authorized third-party service providers. In all cases, ECGILP remains responsible for ensuring personal information is handled in accordance with this Policy and applicable laws.

This Policy applies to all employees, contractors, and authorized third-party service providers who handle personal information on our behalf.

2. Personal Information

“Personal Information” includes any information about an identifiable individual, such as name, identification number, date of birth, email address, Social Insurance Number, health and financial records, and employment details. Where applicable, this also includes information about other individuals, such as a spouse, common-law partner, children, and beneficiaries.

Personal information may also include any other information necessary for benefits administration, claims processing, underwriting, or regulatory compliance, as permitted or required by law.

3. Collection of Personal Information

ECGILP collects personal information only to the extent necessary to administer and underwrite insurance coverage, process claims, and meet legal or regulatory obligations. Information may be collected directly from you, or indirectly from your employer, plan sponsor, healthcare provider, broker, organization, association, government department or other authorized third parties involved in the administration or delivery of benefits.

Depending on the nature of your coverage and relationship with ECGILP, the types of personal information we may collect include, but are not limited to:

  • Identification and contact details;
  • Employment and plan-related information;
  • Health and medical information relevant to eligibility, claims, or underwriting;
  • Financial and banking information required for premium payments or claim reimbursements;
  • Dependant and beneficiary information;
  • Information from healthcare professionals, insurers, and reinsurers for claim or risk assessment purposes.

Personal information may also be collected for underwriting, pricing, or reinsurance purposes to evaluate risk, determine premiums, manage exposure, and ensure adequate coverage.

We collect personal information through various means, including electronic forms, paper documents, claims submissions, correspondence, telephone conversations, electronic communications, and interactions with our secure online services. In some cases, calls may be recorded for quality assurance, training, or verification purposes.

Examples of purposes for collecting personal information include, but are not limited to:

  • Verifying eligibility for benefits coverage;
  • Enrolling eligible dependants;
  • Administering claims, entitlements, or contributions;
  • Underwriting and assessing risk, including determining premiums and evaluating coverage;
  • Communicating important updates or regulatory information;
  • Detecting and preventing fraud or unauthorized activity;
  • Meeting legal and regulatory obligations.

We may also collect personal information through the use of cookies and similar tracking technologies when you use our Online Services. Cookies help improve your experience by storing your preferences and simplifying future visits. You can manage your preferences and control how cookies are used by accessing your browser settings.

Use of Personal Information

ECGILP uses personal information to administer and manage insurance coverage, process claims, and support related operations in accordance with applicable laws and contractual obligations. Personal information is used only for purposes that a reasonable person would consider appropriate under the circumstances, including but not limited to:

  • Administering insurance coverage — verifying identity and eligibility, enrolling plan members, dependants, and beneficiaries, maintaining accurate records, and managing benefits under the policy.
  • Underwriting and risk assessment — evaluating applications, determining eligibility and premiums, assessing risk, and arranging or managing reinsurance.
  • Claims management — adjudicating, processing, and paying claims; verifying information; coordinating with healthcare providers and other insurers.
  • Reinsurance and risk transfer — sharing necessary information with reinsurers for the purposes of risk assessment, claims review, or compliance with reinsurance obligations.
  • Coordinating with authorized parties — such as organizations, associations, consultants, auditors, regulators, plan sponsors, trustees, healthcare providers, and government bodies to ensure accurate plan administration, compliance, and service delivery.
  • Conducting audits, investigations, and quality control activities — to ensure operational integrity, regulatory compliance, and continuous improvement.
  • Managing risk and meeting legal, contractual, and regulatory obligations, including:
    • Preventing and detecting fraud, misrepresentation, or criminal activity;
    • Responding to lawful requests or orders from courts, law enforcement, or regulatory authorities; and
    • Complying with tax reporting and related regulatory requirements.
  • Customer service and communication — responding to inquiries, providing policy information or updates, and facilitating service delivery through our various channels.
  • Collecting feedback — through optional surveys, service evaluations, and online tools to improve performance, user experience, and service quality.
  • Business operations and improvement — monitoring quality, conducting internal analysis, training, and enhancing administrative and claims processes.

With your consent, ECGILP may also use personal information to provide information about products, services, or features that may be relevant to your coverage. You may withdraw or adjust your consent for such communications at any time by contacting us.

4. Disclosure of Personal Information

ECGILP does not sell or commercially share your personal information. We disclose personal information only when necessary to carry out legitimate business purposes, fulfill our contractual and legal obligations, or as otherwise permitted or required by law.

Personal information may be disclosed to authorized third parties, including but not limited to:

  • Reinsurers – to underwrite, assess, manage, or audit risks, or fulfill contractual reinsurance obligations.
  • Plan sponsors, employers, organizations, associations or policyholders – to confirm eligibility, administer benefits, and manage plan participation.
  • Health care providers and professionals – to obtain information required to adjudicate or verify claims and coordinate care or services.
  • Agents, brokers, and advisors – who assist in providing insurance products, advice, and customer support.
  • Service providers and administrators – including technology vendors, call centres, claims processors, and data hosting providers who perform services on our behalf.
  • Auditors, consultants, and legal counsel – for professional, regulatory, or operational purposes.
  • Regulatory authorities, law enforcement, and government agencies – to comply with legal or regulatory obligations, court orders, or lawful requests.
  • Other insurers or financial institutions – for purposes such as coordinating benefits, detecting fraud, or managing joint claims.

Some of these recipients may be located outside of your province or outside Canada. When information is transferred or accessed internationally, it may be subject to the laws of those jurisdictions, including access by government authorities. ECGILP ensures that appropriate contractual, technical, and organizational safeguards are in place to protect your personal information, consistent with Canadian privacy standards.

We may also disclose limited, de-identified, or aggregated information for statistical, analytical, or reporting purposes, provided that such information cannot reasonably be used to identify an individual.

All third parties acting on our behalf are required to protect personal information in accordance with our privacy and security standards and applicable laws.  

5. Protection of Personal Information

ECGILP takes the protection of personal information seriously. We maintain comprehensive physical, organizational, and technological safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, alteration, misuse or destruction.

Our security measures are aligned with industry standards and are continuously reviewed and updated to address evolving threats, technologies, and regulatory requirements. These safeguards include, but are not limited to:

  • Administrative controls – policies, procedures, and role-based access protocols governing how personal information is handled and accessed by employees and authorized representatives.
  • Technical controls – encryption of sensitive data during transmission and storage, secure authentication, network monitoring, and layered firewalls to protect against unauthorized access or cyber threats.
  • Physical safeguards – secure facilities with restricted access, monitored environments, and controlled document storage and disposal processes.
  • Training and awareness – ongoing privacy and security training for employees, emphasizing confidentiality, responsible data handling, and compliance with applicable privacy legislation.
  • Third-party oversight – contractual and operational measures to ensure that service providers and partners protect personal information in a manner consistent with ECGILP’s security and privacy standards.

We regularly conduct audits, risk assessments, and testing of our systems to ensure that our safeguards remain effective and appropriate to the sensitivity of the information.

While no method of transmission or storage is completely secure, ECGILP takes every reasonable step to protect the personal information under its control and to promptly address any security concerns should they arise.

6. Use of Technology and Analytics

ECGILP’s digital services — including its websites, portals, and mobile applications (collectively, “Online Services”) — may use technologies such as cookies, log files, and analytics tools to improve functionality, enhance performance, and support service delivery. These technologies help us understand how users interact with our Online Services so we can improve usability, security, and the overall user experience.

Information collected through these technologies is generally non-identifiable and may include browser type, device and operating system, pages visited, time spent, interaction patterns, and session data. This information is used for legitimate business purposes, including monitoring system performance, ensuring security, and optimizing user navigation.

ECGILP may also use third-party analytics providers to assist with data analysis and service improvement. Any personal information shared with these providers is limited to what is necessary for their services, and all third parties are required to adhere to privacy and security standards that meet or exceed Canadian privacy laws.

We may also use analytics tools or artificial intelligence–based systems to streamline interactions, support customer service, detect anomalies, or enhance operational efficiency. Any personal information processed by these tools is protected by the same privacy and security safeguards that apply to all other personal information we handle.

You can manage cookie and tracking preferences through your browser settings. Please note that disabling certain cookies or analytics tools may affect your ability to access or use certain features of our Online Services.

7. Accuracy of Personal Information

ECGILP is committed to ensuring that the personal information we collect, use, and disclose is accurate, complete, and up to date for the purposes for which it is used. Accurate information allows us to administer insurance coverage, process claims, assess risk, and comply with legal and regulatory requirements effectively.

We rely on individuals, employers, plan sponsors, organizations, associations, healthcare providers, and other authorized parties to provide accurate information and to notify us promptly of any changes.

Where feasible, individuals may review and update certain personal information through our secure Online Services. You may also request corrections or updates directly by contacting ECGILP’s Privacy Officer using the contact information provided in this Policy.

Upon receiving a correction request, ECGILP will take all reasonable steps to verify and update the information in accordance with applicable privacy laws. If a correction cannot be made for legal, contractual, or operational reasons, we will provide an explanation and, where appropriate, note the requested correction in our records.

8. Retention and Destruction

ECGILP retains personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law, regulatory obligations, or contractual agreements.

The retention period may vary depending on the type of information, the nature of the coverage, and applicable legal or regulatory requirements, including rules from provincial insurance regulators. In some cases, information may be retained for extended periods to support:

  • Claims administration and adjudication;
  • Risk management, underwriting, or reinsurance activities;
  • Audit, reporting, or compliance obligations;
  • Dispute resolution or legal proceedings;
  • Continuity of plan administration or servicing.

Once personal information is no longer required, ECGILP ensures it is securely destroyed, erased, or de-identified in accordance with industry standards, privacy legislation, and internal policies. This includes both physical records and electronic information.

We take reasonable steps to ensure that all records containing personal information, whether maintained internally or by authorized service providers, are protected and disposed of securely.

9. Policy Updates

ECGILP may update this Privacy Policy from time to time to reflect changes in our practices, legal or regulatory requirements, or service offerings. When we make updates, we will revise the “Effective Date” at the top of this Policy and provide notice as appropriate.

Your continued use of our services following any updates signifies your acceptance of the revised Policy. We encourage you to review this Policy periodically to stay informed about how we collect, use, and protect your personal information.

10. Consent

By providing your personal information to ECGILP — whether directly or indirectly through your employer, plan sponsor, union, organization, association, healthcare provider, or other authorized party — you consent to its collection, use, and disclosure as described in this Policy and as permitted or required by law.

Consent may be obtained in a variety of ways, including:

  • Explicit consent — through signed forms, online acknowledgments, or direct authorization;
  • Implicit consent — by submitting a claim, enrolling in a plan, contacting us, or using our Online Services;
  • Consent via authorized representatives — when your employer, union, plan sponsor, organization, association, or healthcare provider provides information to us for administration purposes.

11. Your Privacy Rights

ECGILP believes that individuals should have clear visibility and control over their personal information. You have the following rights regarding your personal information:

  • Access – Request access to the personal information we hold about you.
  • Correction – Request corrections if the information is inaccurate, incomplete, or outdated.
  • Inquiries – Ask questions regarding our privacy practices, policies, or the handling of your information.

Requests must be made in writing and may require verification. In some cases, we may be unable to fulfill your request due to legal, contractual, or regulatory limitations; in such instances, we will explain the reason and advise you accordingly.

Contact Us‍

ECGILP has designated a Privacy Officer responsible for overseeing compliance with this Policy and applicable privacy legislation.

Privacy Officer

ECG Insurance Limited Partnership
1345 Taylor Avenue
Winnipeg, MB, R3M 3Y9

Email: privacy@ecginsurancegroup.ca

You may contact the Privacy Officer with any questions, concerns, or requests related to your personal information.

ECG Insurance @ 2026. All rights reserved.
Terms of UsePrivacyAccessibility