Privacy Policy

Our commitment to your data privacy.

Last updated : October 2023

By entrusting us with your personal data, we are building a relationship of trust together because we want to prove ourselves worthy.

Your personal data is therefore our top priority.

XN Financial® (hereinafter “XN Financial”), comprises the following entities: XN Financial Services Inc., XN Financial Services (Canada) Inc., and is operated for your personal use and information. XN Financial strives to protect your personal data and we have committed to ensuring the best level of security and privacy, notably in compliance with the General Data Protection Regulation No. 2016/679 (the “GDPR”) and with applicable Canadian Privacy Laws (all together “Data Protection Regulations”).

Our personal data processing policy is based on the following six principles:

  • Lawfulness of processing: personal data collection and processing are legitimate and based on a legal basis identified in accordance with the objective (or purpose) and the context in which it is processed.
  • Purpose of processing: we do not use your personal data for any other purpose. We collect your personal data strictly for the defined purposes.
  • Period for keeping personal data: we establish a limited period for keeping your personal data, in accordance with the purposes and lawfulness of processing.
  • Security and privacy: We strive to protect and secure your personal data. We take whatever measures needed to ensure a level of security appropriate to the risk between the controller and the processor. In assessing the appropriate level of security, we take into account the risks of each type of processing (sensitive data, purpose of processing).
  • Transparency: When we collect your personal data, we will tell you how we intend to use it and if we need to share it with other parties.
  • Individuals’ rights: You shall have the right to obtain from us confirmation of your personal data and, where appropriate, the right to correct them. Where applicable, you can request the erasure, portability, restriction of processing or to object to this processing. You can also withdraw your consent at any time, and access to your personal data. For more information, please see the ‘’Your rights as Concerned Person’’ section below.

You can find our obligations and your rights in the General Terms and Conditions of Use on our website as well as in the Privacy policy.

These documents explain how we process, notably, collect, use and store your personal data.

The purpose of this XN Financial Privacy Policy is to inform you about the collection, processing and use of your personal data, and the rights you have in connection with the use of the websites and online platforms, the subscription and the servicing of insurance policies designed, distributed and/or managed by XN Financial.

XN Financial reserves the right to modify this Privacy Policy at any time, due to changes to its websites and online platforms, configuration changes, changes within XN Financial or regulatory changes, or for any other legitimate reason.

1. DEFINITIONS

For the purposes of this Privacy Policy, the following terms – whether capitalized or not – will have the following meanings:

Insured Party: the physical person to whom the coverages of an insurance policy apply (whether or not the said person is the subscriber), the said policy being designed, distributed and/or managed by XN Financial.

Personal Data or Personal Information: means any information which relates to a person and allows that person to be identified either directly or indirectly. This information may include, but is not limited to, your name, mailing address, e-mail address and telephone number. Personal Information does not include information that has been anonymized or aggregated in such a way that there is no serious possibility it can be used to identify an individual, whether on its own or in combination with other information. Personal Information can be sensitive (“Sensitive Information”) if, due to its nature, in particular its medical, biometric or otherwise intimate nature, or the context of its use or communication, it entails a high level of reasonable expectation of privacy. Under the GDPR, Sensitive Information is Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

Concerned Person: refers to an identified or identifiable physical person; is deemed to be an “identifiable physical person”, i.e. a physical person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that physical person.

Personalized Space: means a space on a Site accessible to Insured Parties under the conditions provided for in the General Terms and Conditions of Use of the Site and by means of a username and a password.

Controller: means the physical person or legal entity, the public authority, the service or whatever other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Services: refers to the XN Financial services for brokers and companies as well as the Site.

Site: refers to the XN Financial website accessible at http://xn.com and online platforms, including public spaces accessible to all Users, and Personalized Spaces through which XN Financial provides Insured Parties with services under the terms of insurance policies designed, managed and/or distributed by XN Financial. The Sites, including the Personalized Spaces, are subject to the General Terms and Conditions of Use (CGU) which this Privacy Policy supplements.

Processing or Process: means any operation or set of operations performed using processes that may or may not be automated, applied to personal data or sets of personal data, such as the collection, recording, structuring, storage, adaptation or alteration, retrieval, consultation, use, or disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. YOUR CONSENT TO COLLECTION, USE AND DISCLOSURE

XN collects, uses, discloses and retains personal information that you provide to us with your consent.

We collect, use and disclose your Personal Data with your consent or as permitted or required by law.  How we obtain your consent (i.e. the means we use) and the form of it (i.e. either express or implied) will depend on the circumstances, as well as the sensitivity of the information collected.  If you choose to provide Personal Information to us, we will assume that you consent to the collection, use and disclosure of such Personal Information as outlined in this Privacy Policy.

We will seek your consent at the time your Personal Data is collected. The consent you give is valid only to achieve the purposes for which it was requested. In the situation where we would want to use your Personal Information for a purpose other than the one identified at the time of collection, we will seek your consent prior to such new use.

You may withdraw your consent to our collection, use or disclosure of your Personal Data at any time by contacting us using the contact information in the “Contact Us” section below.  However, before we implement the withdrawal of consent, we may require proof of your identity. In some cases, withdrawal of your consent may mean that we will no longer be able to provide certain products or services.

If you provide Personal Data about another individual to us, it is your responsibility to obtain the consent of that individual to enable us to collect, use and disclose his or her information as described in this Privacy Policy.

3. PERSONAL DATA PROTECTION

3.1 Identity and Contact Details of the Controller

Personal Data is collected and processed by:

XN Worldwide Insurance – Canada Montréal
2310-600 De Maisonneuve Ouest
Montréal, QC, Canada H3A 3J2

3.2 Contact Details of the Privacy Officer

XN Financial has appointed a Privacy Officer who can be contacted at:

Privacy Officer
XN Worldwide Insurance
600 De Maisonneuve Blvd. West, Suite 2310
Montreal, Quebec H3A 3J2
privacy@xn.com

3.3 Collection Methods

When you visit our site, we collect some personal information about you.

Your Data is collected directly by XN Financial when you enter your Data in the contact forms, questionnaires and other means provided to you as part of use of the Site’s services (recruitment, free callback request, estimate request, Personalized Space, etc.), or as part of a membership or subscription form to one of our services and/or products.

Your Data may also be collected indirectly during your browsing on the Site (for example, via cookies), or by other companies in the Henner Group, or may be transferred by insurers, client companies or our partner brokers within the scope of the fulfillment of insurance policies, and for the purposes of using the services of Personalized Spaces, or by recruitment firms as part of a recruitment procedure.

Within the scope of collection, the following Data is processed:

  • Identity data (last name, first name, address, telephone number, email address, date of birth, country of origin, etc.);
  • Social Insurance Number for products which earn investment income, in order to comply with the presiding revenue authority’s income reporting requirements. Providing your social insurance number is optional and will only be used for verification purposes to ensure your account privacy and will enable XN Financial to keep your information separate from that of other customers with a similar name.
  • Data pertaining to family, economic, heritage or financial situation, personal life and living conditions, having a connection with the commercial relationship (civil status, marital status, information on spouse and children, etc.);
  • Data pertaining to professional and non-professional life, having a connection with the commercial relationship (occupation and professional field, information on the employer, website, name of the previous insurer and the previous insurance policy, information on movable assets such as vehicles or objects, type of policy desired, country of expatriation/secondment, affiliation to a health insurance fund, welfare plan, desires/preferences concerning an insurance policy, etc.);
  • Health data (information about hospitalizations, about needs for optical appliances, dental care, and about planned treatments, etc.);
  • Data for tracking the commercial relation (data pertaining to the organization and the handling of competitions or draws, and whatever promotional operation, loyalty actions, prospection, studies, surveys, product tests, data about a person’s contributions, comments, explanations about how the User came to know about XN Financial, reasons for a contact request, etc.);
  • Data pertaining to the access to Personalized Space: registration data such as access code and access data such as user name and password;
  • Location and connection data;
  • Data pertaining to the selection of people (career path, job offer sought, etc.), notably to join the appointed broker list: first and last name, brokerage firm, email, phone number, city, state/province and any other information the Concerned Person may give;
  • Data pertaining to the determination and assessment of risk and the management of claims and benefits;
  • Where appropriate, Data pertaining to offenses, criminal convictions and precautionary measures concerning the Insured Party, concerned parties or parties to a policy.

3.4 Purposes and Legal Basis of Data Processing

We process your personal data to provide and improve our services to you. We also use it to meet our legal obligations.

Your Personal Data is processed by XN Financial for the following legal purposes and on the following legal bases.

Purpose (objective sought) Legal bases (basis or reason for the Processing
Provide the Services, which includes providing with the services such as investigation or handling claims, products, and functionality offered through our Services and fulfilling your requests Performance of a contract
Authenticate your account credentials and identify you, as necessary to log you into the Services and ensure the security of your account. Performance of a contract
Communicate with you about your account or use of our Services, products, and/or functionality. Consent
Management of access, security, maintainability, evolutions and audiences of sites and platforms accessible online (Google Analytics) XN Financial’s legitimate interest in ensuring the availability and proper functioning of its Sites, the improvement of its Services as well as the promotion of its businesses through its Sites
Recruitment Management XN Financial’s legitimate interest in recruiting people for the purposes of its business
The conclusion, management (including commercial) and fulfillment of Insured Parties’ insurance policies Performance of a contract
Commercial prospection (including commercial prospecting and loyalty actions, development of sales statistics, contact requests, information or estimate requests, rights management or management of Users’ and Insured Parties’ opinions about products, services or content, etc.) Consent
Protect against, investigate, and deter fraudulent, unauthorized, or illegal activity. Legal obligations and XN Financial’s legitimate interest in being able to protect itself against fraud
Comply with our policies, procedures and legal obligations, including complying with law enforcement or government authority requests, addressing litigation-related issues, and exercising rights or obligations conferred by law. Legal obligation
As otherwise consented to by you for a new purpose, notably regarding sensitive information and as required or permitted by applicable law. Consent or legal obligation.

The processing of Data pertaining to offenses, convictions or precautionary measures:

  • provided for by legal, regulatory and government provisions, whether at the time of subscription to the policy, or during its fulfillment and,
  • falling within the scope of litigation pertaining to XN Financial business.
  • Legal and regulatory obligations
  • XN Financial legitimate interest, with regard to its business, in ensuring the recognition, exercising or defense of its rights or your rights in law.

3.5 Mandatory/Optional Nature of the Collection

XN Financial informs you when the provision of an information item is mandatory (including when due to a legal, regulatory or contractual obligation, or simply in order to process your request or respond to you). If you do not provide this so-called “mandatory” information, XN Financial may be unable to respond to the request or form in question or to provide the Services.

Fields on a form that are not specified as mandatory are left to your discretion. It is up to you to choose to whether to fill them in or not.

3.6 Data Recipients

We may provide your personal data to our service providers and partners to provide our services.

Your personal data is stored and processed in data centers located in Canada.

However, your personal data may be transferred to countries outside your country, state, province of residence, which may have different data protection rules than in your country. While such information is outside of your country, it is subject to the laws of the country, state, province in which it is located, and may be subject to disclosure to the governments, courts or law enforcement or regulatory agencies of such other country, pursuant to the laws of such country. To guarantee an adequate level of protection of your Personal Data, the transfers will at all times continue to be governed by this Privacy Policy and by applicable laws. In particular, in order to ensure compliance with the GDPR, Binding Corporate Rules, or BCRs have been implemented and validated by the French Data Protection Authority, the Commission Nationale Informatique et Libertés (the “CNIL”) in compliance with the GDPR.

3.7 Location of your personal data

Your personal data is currently hosted in Canada and can be transferred to third parties outside of your country/state/province of residence.

Your Data is primarily intended for XN Financial, but may also be transferred, for the purposes of providing the Services, to XN Financial insurance and reinsurance partners, to XN Financial healthcare networks and to Henner Group companies.

As part of the Processing, XN Financial may also transfer your Data to service providers, agents and suppliers, which can be located outside Quebec, the European Economic Area or Canada, to complete internal operations of the Site, or for any operation related to XN Financial business, for the purposes specified in Article 3.4 herein, and only to the extent necessary for the accomplishment of the tasks entrusted to them. These service providers, agents and suppliers are required to maintain the confidentiality and security of your Data, and to implement the appropriate measures. If Personal Data are outside your country, they are subject to the laws of the country in which they are located and may be disclosed to governments, courts or law enforcement or regulatory agencies of that other country and in accordance with the laws of that other country. However, our practices regarding your personal information will at all times be governed by this Policy as well as appropriate safeguards such as the standard contractual clauses. XN Financial may also transfer your Data if such disclosure is required by law, a regulatory provision or a court order, or if such disclosure is reasonably necessary to comply with court proceedings and respond to any complaints or protect the security of your Data or your or XN Financial rights.

When we disclose your personal information to service providers, we take reasonable actions to ensure that the rules set out in this Policy are followed.

In the event of a change of ownership, sale, amalgamation, liquidation, reorganization or acquisition of XN Financial, in whole or in part, your personal information may be transferred as part of the transaction.

Please find below a list of XN’s principal service providers:

  • Microsoft
  • Salesforce
  • CoverGo
  • AWS
  • Vertafore
  • Iron Mountain
  • Backblaze
  • RDC

3.8 Data Stored Period

We will only keep personal information for as long as reasonably necessary to fulfill the relevant purposes set out in this Policy Privacy and in order to comply with our legal and regulatory obligations. If you would like further information regarding the periods for which personal information will be kept, please contact us at privacy@xn.com.

3.9 Opting Out of Communications

If you no longer want to receive marketing-related emails from us, you may opt-out of receiving marketing-related emails by clicking the “unsubscribe” link at the bottom of any email you receive from us, you may log-in to your account and make changes to your communication preferences.  You may also opt out by contacting us directly.

We endeavor to respond to your opt-out request promptly, but we ask that you please allow us a reasonable time to process your request.  Please note that if you opt-out from receiving marketing-related emails, we may still need to send you communications about your use of our products or services, or other matters.

3.10 Your Rights as Concerned Person

You also have the possibility of filing a complaint with the relevant data protection authority.

We will take steps to ensure that your Personal Information is kept as accurate, complete and up-to-date as reasonably necessary. We will not routinely update your Personal Information, unless such a process is necessary.

To make sure that the information we hold on you is accurate and up to date, please inform us promptly of any change in your Personal Information.

On written request and subject to proof of identity, you may consult the Personal Information that we have collected about you, and ask that any necessary corrections be made, where applicable, as authorized or required by law. The information required to identify you will only be used for this particular purpose.

In addition, under certain circumstances, you have the following rights:

For Individuals located in Québec For Individuals located in the EU
You may withdraw your consent to the disclosure or use of the Personal Information collected When the processing is based on consent, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, you will be informed thereof. It shall be as easy to withdraw as to give consent.
For Individuals located in Québec For Individuals located in the EU

An Individual can request that Personal Information XN holds about them no longer be disseminated. Where the dissemination of the Personal Information goes against the law or a court order, an Individual may request that any hyperlink attached to their name and allowing access to Personal Information be de-indexed.

An Individual may make the same request if the following conditions are met:

  • The release of the Personal Information causes serious harm to their right to reputation or privacy;
  • The harm clearly outweighs the public interest in knowing the Personal Information or the interest of any individual in expressing him or herself freely. In assessing whether the harm is clearly outweighed, XN will consider, in particular
    • whether the Individual is a public figure;
    • whether the Personal Information relates to a minor;
    • the Personal Information is current and accurate;
    • the sensitivity of the Personal Information;
    • the context of the release of the Personal Information;
    • the time elapsed between the release of the Personal Information and the Individual's request;
    • where the Personal Information relates to criminal or penal proceedings, whether the Individual was granted a pardon or a restriction on access to court records.
  • The requested cessation of dissemination, reindexing or de-indexing is no more than necessary to prevent further harm.

An Individual has a right to complete erasure or deletion of Personal Information if any of the following situations apply:

  • Where Personal Information is no longer necessary in relation to the purpose for which it was collected or processed.
  • Where an Individual withdraws his/her consent to the processing and there is no other lawful basis for processing the information.
  • Where an Individual objects to the processing and there is no overriding legitimate ground for continuing the processing.
  • Where an Individual objects to the processing where their Personal Information is being processed for direct marketing purposes.
  • Where an Individual’s Personal Information has been unlawfully processed.

However, the right to erasure will not apply where processing is necessary for

  • Exercising the right of freedom of expression and information;
  • Compliance with a legal obligation, the performance of a task carried out in the public interest or in the exercise of official authority;
  • Reasons of public interest in the area of public health;
  • Archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
  • Establishment, exercise or defence of legal claims.
For Individuals located in Québec For Individuals located in the EU
You may have the right to request information about the use of any automated decision system and the impact it may have on you and must be given the opportunity to submit observations to a member of the personnel of XN who is in a position to review the decision. You have the right to object, on grounds relating to his or her particular situation, at any time to processing of your personal data based on XN’s legitimate interest, including profiling based on those provisions. XN will no longer process the personal data unless XN demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
For Individuals located in Québec For Individuals located in the EU

Unless doing so raises serious practical difficulties, an Individual may request that Personal Information held about them be communicated to them in a structured, commonly used technological format.

The information must also be communicated, at the applicant’s request, to any person or body authorized by law to collect such information.

However, this right does not apply to Personal Information that was created or inferred using Personal Information about them.

An Individual may request that Personal Information held about them be communicated to them in a structured, commonly used and machine-readable format and, in certain circumstances, that this Personal Information be communicated to a third party without hindrance, if the following conditions are met:

  • Personal Information processing;
  • Processing by automatic means;
  • Processing based either on consent or on contract.
For Individuals located in Québec For Individuals located in the EU
N/A

An Individual has a right to objection:

  • at any time to processing of personal data concerning him or her which is based processing is necessary for the performance of a task carried out in the public interest or if the processing is necessary for the purposes of the legitimate interests pursued by XN, including profiling based on those provisions.
  • for direct marketing purposes.

XN will honor an Individual’s request unless XN can demonstrate compelling legitimate grounds for the processing which override an Individual’s interests, rights, and freedoms or is necessary for the establishment, exercise, or defense of XN’s legal claims.

For Individuals located in Québec For Individuals located in the EU
N/A

An Individual has a right to restrict processing (i.e. limit the processing of stored Personal Information in the future) where one of the following conditions applies:

  • accuracy of Personal Information is contested;
  • processing of Personal Information is unlawful and an Individual prefers restriction of processing instead of erasure;
  • XN no longer requires the Personal Information for intended processing purposes but such Personal Information is necessary for the establishment, exercise or defence of legal claims; or
  • An Individual objects to processing of Personal Information, pending the verification whether the legitimate grounds of XN override those of the Individual.

XN will honor an Individual’s request unless XN can demonstrate compelling legitimate grounds for the processing which override an Individual’s interests, rights, and freedoms or is necessary for the establishment, exercise, or defense of XN’s legal claims.

If you want to learn more about your rights under the GDPR, you can visit the European Commission's page on Data Protection at: European Commission - Rights for citizens.

You also have the right to lodge a complaint with the relevant data protection authority.

You also have the possibility of filing a complaint with the relevant data protection authority.

3.11 Automated Decision-Taking

In the event of non-payment of the Insured Party’s premiums, the follow-up, notice and delisting procedure is automated.

Since this processing gives rise to an automated individual decision, you have the following rights under the terms of the applicable Data Protection Regulations:

  • The right to request the involvement of a person to verify the Processing in question and ensure the compliance of the decision applied to your situation;
  • The right to challenge a decision taken automatically by XN Financial systems, by sending your request to your usual contact at your management unit (MU) or the XN Financial Complaints Department, at the following address: privacy@xn.com

3.12 Data Security and Privacy

Certain employees, agents, brokers and producers will be provided with information about an insured in order to serve that insured’s needs and provide the insured with information regarding specific products. These persons are instructed by XN Financial to use strict standards of care in handling the personal, confidential information of XN Financial’s insureds. The importance of protecting your information has been conveyed to XN Financial’s employees, and they are required to adhere to stringent policies and procedures relating to the safeguarding of your information. Electronic, physical, and procedural safeguards have been implemented in order to efficiently protect your information. Employees, agents, brokers and producers who do not conform to XN Financial's confidentiality rules are subject to disciplinary and/or contractual sanctions that include dismissal.

XN Financial’s policy is to limit access to customer information to those who need it to serve customers’ insurance needs.

Within the scope of its business, and in compliance with the applicable Data Protection Regulations, XN Financial undertakes to take all appropriate technical and organizational measures to ensure the security, availability, integrity, authenticity and confidentiality of your Personal Data and the resilience of its information systems.

In the event of any suspicion of risk, loss of your login credentials, or any other event that may entail risks to the Sites and Personal Data, please contact XN Financial without delay and, if the case concerns a loss or disclosure of your login credentials for your account and Personalized Space, we recommend that you immediately request a new password in your Personalized Area, in the “Change Password” tab.

Access to your account is secured by the latest Internet security protocol, provided that your web browser supports 256-bit encryption. The latest versions of Internet Explorer, Google Chrome, Mozilla Firefox, Microsoft Edge or Apple Safari browsers all offer this feature. These browsers inform you when you are entering a secure environment.

Although every effort is taken to ensure no one else will see or obtain your personal data, complete confidentiality and security is not yet possible over the Internet. Internet use and communication is subject to interception, loss and alteration. You acknowledge and agree that XN Financial shall not be responsible for any damages you may suffer as a result of the transmission of confidential or sensitive information over the Internet, and that all such communications will be at your own risk. Protection of Personal Information of Children

Our Services are not intended for any minor individual (“children”). If you are a minor under the laws applicable to your place of residence, please do not provide us with any personal information without the express consent of a parent or guardian.

We do not voluntarily collect personal information from minor children. If you are a parent or guardian and you know that your children have provided us with personal information, please contact us. If we learn that we have collected personal information from minor children without verification of parental consent, we will take steps to remove that information from our servers.

4. COOKIES AND OTHER MEANS OF TRACKING

We may also collect and Process Information about your visit to this website, such as the pages you visit, the website you came from and the searches you perform. We may use such information to help improve the contents of the site and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes.

In doing this, we may install "cookies" or similar technologies that collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. Cookies are created and stored on the user's computer, phone or other devices when the user's browser loads a particular website. Every time the user goes back to the same website, the browser retrieves and sends this "cookie" file to the website. Cookies are useful because they serve key purposes like helping a website remember your preferences and settings, performing analytics to improve services, serving you relevant content or advertisements and authenticating you on the websites. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website. When you visit our websites, you may be presented with a cookie-setting banner that allows you to manage the settings and accept or deny the cookies. It is legally permitted to store cookies on your machine if they are essential to the operation of the website, but for all other types of cookies we need your permission to do so. You have the option to consent to the use of cookies while visiting the website for the first time when a cookie banner will be shown or manage these settings anytime later by clicking the Cookie Settings link in the footer of the website. These cookie settings give you the option of accepting or denying your consent to every category of cookies (with the exception of the necessary cookies which are always active). Please refer to our Cookie Settings to learn more about what types of cookies we use (the purpose they serve, their lifespan, and their provenance) and how you can manage your preferences.

5. WHEN DOES THIS POLICY NOT APPLY?

Do take note that if you access any third-party link or website from our Services, you may need to refer to the privacy policies of such third parties. XN does not endorse and is not responsible for the information or privacy practices of websites or services owned by third parties.

6. CONTACT US

If you wish to contact us regarding how we use your Personal Data or you wish to exercise your data privacy rights, please email our Privacy Officer at:

Privacy Officer: privacy@xn.com