Our commitment to your data privacy.
By entrusting us with your personal data, we are building a relationship of trust together because we want to prove ourselves worthy.
Your personal data is therefore our top priority.
XN Financial® (hereinafter “XN Financial”), comprises the following entities: XN Financial Services Inc., XN Financial Services (Canada) Inc., and is operated for your personal use and information. XN Financial strives to protect your personal data and we have committed to ensuring the best level of security and privacy, notably in compliance with the General Data Protection Regulation No. 2016/679 (the “GDPR”) and with applicable Canadian Privacy Laws (all together “Data Protection Regulations”).
Our personal data processing policy is based on the following six principles:
- Lawfulness of processing: personal data collection and processing are legitimate and based on a legal basis identified in accordance with the objective (or purpose) and the context in which it is processed.
- Purpose of processing: we do not use your personal data for any other purpose. We collect your personal data strictly for the defined purposes.
- Period for keeping personal data: we establish a limited period for keeping your personal data, in accordance with the purposes and lawfulness of processing.
- Security and privacy: We strive to protect and secure your personal data. We take whatever measures needed to ensure a level of security appropriate to the risk between the controller and the processor. In assessing the appropriate level of security, we take into account the risks of each type of processing (sensitive data, purpose of processing).
- Transparency: When we collect your personal data, we will tell you how we intend to use it and if we need to share it with other parties.
- Individuals’ rights: You shall have the right to obtain from us the confirmation of your personal data and, where appropriate, the right to correct them. Where applicable, you can request the erasure, portability, restriction of processing or to object to this processing.
These documents explain how we process, notably, collect, use and store your personal data.
Last update: October 2020
Insured Party: the physical person to whom the coverages of an insurance policy apply (whether or not the said person is the subscriber), the said policy being designed, distributed and/or managed by XN Financial.
Data or Personal Data: means any information relating to a Concerned Person.
Concerned Person: refers to an identified or identifiable physical person; is deemed to be an “identifiable physical person”, i.e. a physical person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that physical person.
Personalized Space: means a space on a Site accessible to Insured Parties under the conditions provided for in the General Terms and Conditions of Use of the Site and by means of a user name and a password.
Controller: means the physical person or legal entity, the public authority, the service or whatever other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Services: refers to the XN Financial services for brokers and companies as well as the Site.
Processing or Process: means any operation or set of operations performed using processes that may or may not be automated, applied to personal data or sets of personal data, such as the collection, recording, structuring, storage, adaptation or alteration, retrieval, consultation, use, or disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
User: means any physical person who accesses a Site, even without logging in and having access to a Personalized Space.
2. PERSONAL DATA PROTECTION
2.1 Identify and contact details of the controller
Personal Data is collected and processed by:
XN Worldwide Insurance (Montreal-Canada)
2310-600 De Maisonneuve Blvd. West
Montreal, QC, Canada H3A 3J2
2.2 Contact details of the Privacy Officer
XN Financial has appointed a Privacy Officer who can be contacted at:
XN Worldwide Insurance
2310-600 De Maisonneuve Blvd. West
Montreal, QC, Canada H3A 3J2
2.3 Collection methods
Your Data is collected directly by XN Financial when you enter your Data in the contact forms, questionnaires and other means provided to you as part of use of the Site’s services (recruitment, free callback request, estimate request, Personalized Space, etc.), or as part of a membership or subscription form to one of our services and/or products.
Your Data may also be collected indirectly during your browsing on the Site (for example, via cookies), or by other companies in the Henner Group, or may be transferred by insurers, client companies or our partner brokers within the scope of the fulfillment of insurance policies, and for the purposes of using the services of Personalized Spaces, or by recruitment firms as part of a recruitment procedure.
Within the scope of collection, the following Data is processed:
- Identity data (last name, first name, address, telephone number, email address, date of birth, country of origin, etc.);
- Social Insurance Number for products which earn investment income, in order to comply with the presiding revenue authority’s income reporting requirements. Providing your social insurance number is optional and will only be used for verification purposes to ensure your account privacy and will enable XN Financial to keep your information separate from that of other customers with a similar name.
- Data pertaining to family, economic, heritage or financial situation, personal life and living conditions, having a connection with the commercial relationship (civil status, marital status, information on spouse and children, etc.);
- Data pertaining to professional and non-professional life, having a connection with the commercial relationship (occupation and professional field, information on the employer, website, name of the previous insurer and the previous insurance policy, information on movable assets such as vehicles or objects, type of policy desired, country of expatriation/secondment, affiliation to a health insurance fund, welfare plan, desires/preferences concerning an insurance policy, etc.);
- Health data (information about hospitalizations, about needs for optical appliances, dental care, and about planned treatments, etc.);
- Data for tracking the commercial relation (data pertaining to the organization and the handling of competitions or draws, and whatever promotional operation, loyalty actions, prospection, studies, surveys, product tests, data about a person’s contributions, comments, explanations about how the User came to know about Henner, reasons for a contact request, etc.);
- Data pertaining to the access to Personalized Space: registration data such as access code and access data such as user name and password;
- Location and connection data;
- Data pertaining to the selection of people (career path, job offer sought, etc.), notably to join the appointed broker list: first and last name, brokerage firm, email, phone number, city, state/province and any other information the Concerned Person may give;
- Data pertaining to the determination and assessment of risk and the management of claims and benefits;
- Where appropriate, Data pertaining to offenses, criminal convictions and precautionary measures concerning the Insured Party, concerned parties or parties to a policy.
2.4 Purposes and legal basis of data processing
Your Personal Data is processed by XN Financial for the following legal purposes and on the following legal bases.
|Provide the Services, which includes providing with the services such as investigation or handling claims, products, and functionality offered through our Services and fulfilling your requests.||Performance of a contract|
|Authenticate your account credentials and identify you, as necessary to log you into the Services and ensure the security of your account.||Performance of a contract|
|Communicate with you about your account or use of our Services, products, and/or functionality.||Consent|
|Management of access, security, maintainability, evolutions and audiences of sites and platforms accessible online (Google Analytics)||XN Financial’s legitimate interest in ensuring the availability and proper functioning of its Sites, the improvement of its Services as well as the promotion of its businesses through its Sites.|
|Recruitment Management||XN Financial’s legitimate interest in recruiting people for the purposes of its business.|
|The conclusion, management (including commercial) and fulfillment of Insured Parties’ insurance policies||Performance of a contract|
|Commercial prospection (including commercial prospecting and loyalty actions, development of sales statistics, contact requests, information or estimate requests, rights management or management of Users’ and Insured Parties’ opinions about products, services or content, etc.)||Consent|
|Protect against, investigate, and deter fraudulent, unauthorized, or illegal activity.||Legal obligations and XN Financial’s legitimate interest in being able to protect itself against fraud.|
|Comply with our policies, procedures and legal obligations, including complying with law enforcement or government authority requests, addressing litigation-related issues, and exercising rights or obligations conferred by law.||Legal obligation|
|As otherwise consented to by you for a new purpose, notably regarding sensitive information and as required or permitted by applicable law.||Consent or legal obligation.|
The processing of Data pertaining to offenses, convictions or precautionary measures:
2.5 Mandatory/Optional nature of the collection
XN Financial informs you when the provision of an information item is mandatory (including when due to a legal, regulatory or contractual obligation, or simply in order to process your request or respond to you). If you do not provide this so-called “mandatory” information, XN Financial may be unable to respond to the request or form in question or to provide the Services.
Fields on a form that are not specified as mandatory are left to your discretion. It is up to you to choose to whether to fill them in or not.
2.6 Data recipient/Data transfer
Your Data is primarily intended for XN Financial, but may also be transferred, for the purposes of providing the Services, to XN Financial insurance and reinsurance partners, to XN Financial healthcare networks and to Henner Group companies.
Some companies in the Henner Group may be located in third-party countries* outside the European Economic Area and Canada.
*List at the present time: Tunisia, Switzerland, Malaysia, Hong Kong, Kenya, Ivory Coast, Singapore, United Arab Emirates and USA.
In this context, to guarantee an adequate level of protection of your Personal Data, the transfers are supervised by internal rules (Binding Corporate Rules, or BCRs) validated by the CNIL in compliance with the GDPR.
As part of the Processing, XN Financial may also transfer your Data to service providers, agents and suppliers, which can be located outside the European Economic Area or Canada, to complete internal operations of the Site, or for any operation related to XN Financial business, for the purposes specified in Article 2.4 herein, and only to the extent necessary for the accomplishment of the tasks entrusted to them. These service providers, agents and suppliers are required to maintain the confidentiality and security of your Data, and to implement the appropriate measures. If Personal Data are outside your country, they are subject to the laws of the country in which they are located and may be disclosed to governments, courts or law enforcement or regulatory agencies of that other country and in accordance with the laws of that other country. However, our practices regarding your personal information will at all times be governed by this Policy as well as appropriate safeguards such as the standard contractual clauses.
XN Financial may also transfer your Data if such disclosure is required by law, a regulatory provision or a court order, or if such disclosure is reasonably necessary to comply with court proceedings, and respond to any complaints or protect the security of your Data or your or XN Financial rights.
When we disclose your personal information to service providers, we take reasonable actions to ensure that the rules set out in this Policy are followed.
In the event of a change of ownership, sale, amalgamation, liquidation, reorganization or acquisition of XN Financial, in whole or in part, your personal information may be transferred as part of the transaction.
2.7 Data stored period
We will only keep personal information for as long as reasonably necessary to fulfil the relevant purposes set out in this Policy Privacy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which personal information will be kept, please contact us at firstname.lastname@example.org.
2.8 Your rights as concerned person
Under certain circumstances and in accordance with applicable Data Protection Regulations, you may also be entitled to the following rights:
|Right of access||Applies to all||By proving your identity and stating the subject of your request to the addresses below.|
|Right to rectification||In case of inaccurate, outdated or incomplete Data||
Depending on the case:
|Right to erasure||
Where the GDPR applies, in the following cases:
Depending on the case:
|Right of withdrawal of consent||At any time, when the Processing is based on consent from the Concerned Person||By proving your identity and stating the subject of your request to the addresses below|
|Right to object||Where the GDPR applies, unconditional and at any time for Processing pertaining to commercial prospection, including profiling for such purposes||
Depending on the case:
|Right to object||Excluding cases of commercial prospecting, when the Processing is based on legitimate interest, and provided that XN Financial is not able to demonstrate legitimate and compelling reasons;||
By email or postal mail to the addresses below:
|Right to data portability||
When the Processing is:
||By proving your identity and stating the subject of your request to the addresses below|
|Right to restriction of processing||
In the following cases:
By email or postal mail to the addresses below:
|Contact information for the exercising of email@example.com|
You also have the possibility of filing a complaint with the relevant data protection authority.
2.9 Automated decision-taking
In the event of non-payment of the Insured Party’s premiums, the follow-up, notice and delisting procedure is automated.
Since this processing gives rise to an automated individual decision, you have the following rights under the terms of the applicable Data Protection Regulations:
- The right to request the involvement of a person to verify the Processing in question and ensure the compliance of the decision applied to your situation;
- The right to challenge a decision taken automatically by XN Financial systems, by sending your request to your usual contact at your management unit (MU) or the XN Financial Complaints Department, at the following address: firstname.lastname@example.org
2.10 Data security and privacy
Use of Personal Information by Employees
Certain employees, agents, brokers and producers will be provided with information about an insured in order to serve that insured’s needs and provide the insured with information regarding specific products. These persons are instructed by XN Financial to use strict standards of care in handling the personal, confidential information of XN Financial’s insureds. The importance of protecting your information has been conveyed to XN Financial’s employees, and they are required to adhere to stringent policies and procedures relating to the safeguarding of your information. Electronic, physical, and procedural safeguards have been implemented in order to efficiently protect your information. Employees, agents, brokers and producers who do not conform to XN Financial's confidentiality rules are subject to disciplinary and/or contractual sanctions that include dismissal.
XN Financial’s policy is to limit access to customer information to those who need it to serve customers’ insurance needs.
Within the scope of its business, and in compliance with the applicable Data Protection Regulations, XN Financial undertakes to take all appropriate technical and organizational measures to ensure the security, availability, integrity, authenticity and confidentiality of your Personal Data and the resilience of its information systems.
In the event of any suspicion of risk, loss of your login credentials, or any other event that may entail risks to the Sites and Personal Data, please contact XN Financial without delay and, if the case concerns a loss or disclosure of your login credentials for your account and Personalized Space, we recommend that you immediately request a new password in your Personalized Area, in the “Change Password” tab.
Risk Related to Internet
Access to your account is secured by the latest Internet security protocol, provided that your web browser supports 128-bit encryption. The latest versions of Internet Explorer, Google Chrome, Mozilla Firefox or Apple Safari browsers all offer this feature. These browsers inform you when you are entering a secure environment.
Although every effort is taken to ensure no one else will see or obtain your personal data, complete confidentiality and security is not yet possible over the Internet. Internet use and communication is subject to interception, loss and alteration. You acknowledge and agree that XN Financial shall not be responsible for any damages you may suffer as a result of the transmission of confidential or sensitive information over the Internet, and that all such communications will be at your own risk.
2.11 Protection of personal information of children
Our Services are not intended for any minor individual (“children”). If you are a minor under the laws applicable to your place of residence, please do not provide us with any personal information without the express consent of a parent or guardian.
We do not voluntarily collect personal information from minor children. If you are a parent or guardian and you know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from minor children without verification of parental consent, we will take steps to remove that information from our servers.
3. COOKIES AND OTHER MEANS OF TRACKING
The Site may automatically collect information by means of cookies or means of tracking saved on your device during your consultation of the Site. For more information, please click here.