Our commitment

Last updated: April 1, 2024

GreenShield respects your privacy and is committed to protecting it through our compliance with this Privacy Policy.

This Privacy Policy describes:

  • how GreenShield (“we”, “us” or “our”) collects, uses, discloses, protects, and otherwise processes the Personal Information of our customers (collectively, “you” or “your”);
  • the types of Personal Information we may collect from you; and
  • our practices for collecting, using, disclosing, and protecting Personal Information.

In this Privacy Policy, personal information and personal health information are collectively referred to as “Personal Information”.

Unless otherwise required by applicable law, we only collect, use, disclose, and otherwise process your Personal Information, and the Personal Information of your spouse and other dependants, in accordance with this Privacy Policy. We take steps to ensure that the Personal Information that we collect is adequate, relevant, not excessive, and used for the purposes for which it was collected.

Scope of this Privacy Policy

GreenShield” when used in this Privacy Policy means, collectively, Green Shield Canada, the Green Shield Association, Green Shield Holdings Inc., and all of their respective affiliates and subsidiaries. Green Shield Holdings Inc. is the primary company that houses health services and benefits administration businesses, including, but not limited to, The Health Depot, Green Shield Health Inc., and Green Shield Administration Inc. Green Shield Holdings Inc. is a wholly-owned subsidiary of the not-for-profit Green Shield Association.

GreenShield’s insurance, health products, and services (collectively, the “Services”) are accessed through an online platform that is accessible to all users on the GreenShield+ website https://www.greenshieldplus.ca and mobile application (http://app.greenshieldplus.ca) (collectively referred to as the “Platform”).

This Privacy Policy applies to the Services, the Platform, and the use of the Platform. This Privacy Policy also applies to GreenShield, as well as the websites and mobile applications of each entity that comprises GreenShield, to the extent that any such entity collects, uses or discloses Personal Information in connection with the operation of the Platform or the Services.

Please note that each entity within GreenShield may have its own website(s), application(s), and services that are unrelated to the Services or the Platform, and any use, collection, disclosure or other processing of Personal Information in connection with such website(s), application(s), and services is governed by such entity’s separate privacy policy (i.e., this Privacy Policy will not apply).

Consent

By providing your consent to GreenShield’s collection, use, disclosure, and other processing of your Personal Information in connection with your use of the Services and the Platform, you agree: (i) that you have reviewed this Privacy Policy; and (ii) to the terms and conditions of this Privacy Policy and to the Terms & Conditions governing use of the Services and the Platform.

Privacy Principles

The methods that we use for collecting, using, disclosing, protecting retaining, and otherwise processing Personal Information are consistent and compliant with all applicable federal, provincial, and territorial privacy laws. When applicable, this includes, without limitation, (i) Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”); (ii) the provincial private sector privacy laws in place in Alberta, British Columbia, and Quebec; and (iii) the Personal Health Information Protection Act, 2004 (Ontario).

GreenShield follows the ten privacy principles outlined in PIPEDA and the privacy principles set out in Canadian provincial privacy laws.

Accountability

We are responsible for the Personal Information under our control. We have established this Privacy Policy and internal procedures to keep your information safe and we have specific personnel who make sure that we stay compliant with this Privacy Policy.

Learn more about accountability...


All employees of GreenShield and other persons or organizations who act for or on our behalf are responsible for the protection of your Personal Information. Our Privacy Officer is responsible for overseeing our privacy program, which includes the policies, procedures, and staff training we have established to ensure that our employees adhere to theapplicable obligations set out in this Privacy Policy. See section 10 of this Privacy Policy for the contact information of our Privacy Officer.

Identifying purposes

We clearly identify the purposes for which we are collecting Personal Information before or at the time of collection (or after the time of collection if the Personal Information will be used for a different purpose). When we authorize other parties to collect Personal Information on our behalf, they do the same.

Learn more about identifying purposes...

We ask for your Personal Information for the purposes related to the operation of the Platform and the Services, as well as to manage our business, including:

  • to provide and administer the Services offered through the Platform;
  • to confirm your identity and the accuracy of your information;
  • to create and administer your account when you register for any of our Services, including through our websites, apps, and service providers;
  • to administer benefits plans, including, without limitation, (i) determining eligibility for claims and services for plan members and their spouse and dependants; (ii) transferring Personal Information with other benefit carriers for the coordination and continuation of benefits; (iii) providing benefits coverage; (iv) communicating with service providers regarding the services provided to you by them; (v) communicating with plan sponsor(s) and employer(s), as applicable, with respect to any claims not covered by your benefits plan; and (vi) processing insurance claims and providing payments to you and/or service providers for eligible claims;
  • to bill you and collect payment;
  • to protect you and us from errors, misrepresentations, fraud, contravention of laws, and/or criminal activity;
  • to audit, investigate and take the necessary steps to prevent or suppress suspected or proven improper or fraudulent claims;
  • to perform medical underwriting;
  • to analyze data to help us make decisions and improve the products and services we offer;
  • to better understand, analyze, and respond to your needs and preferences;
  • to retain appropriate records and meet legal and regulatory requirements;
  • to develop, enhance, and/or provide products and services;
  • to keep track of your preferences and instructions and analyze that information;
  • to combine your Personal Information with other Personal Information collected by us to provide aggregate statistical information about customers’ service usage preferences;
  • to fix bugs on our websites and mobile applications;
  • to contact you: (i) via email, SMS, WhatsApp, Facebook Messenger, push notification to your mobile or electronic device or other forms of electronic messages sent to you at the addresses and accounts listed on your user account; (ii) via communications posted on or notifications through the Platform regarding other products or services which may be of interest to you; and (iii) for our customer appreciation programs (collectively, “Electronic Communication”);
  • to enter you into a contest, speed-up the process of registering a subsequent purchase, or to respond by Electronic Communication to your inquiries;
  • to conduct research on users’ demographics, interests, and behaviour based upon information provided during use of the Platform;
  • to use your de-identified Personal Information in studies, reports, and other programs that we offer;
  • to attend to and manage your requests, inquiries, and complaints;
  • to promote and market the Platform and our other products and services to you;
  • to provide you with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have purchased or inquired about;
  • to combine your Personal Information with our data and/or external data for health management purposes or for programs that we offer; and
  • to facilitate the sharing of information among the entities within GreenShield in support of the above activities, and to improve the overall health management of you, your spouse, and your dependants’.

When we de-identify your Personal Information, we exclude the components (such as your name, email address or linkable tracking ID) that makes the information personally identifiable to you.

Where permitted by applicable law or with your prior consent, we use your name and email address to send our newsletter and other marketing emails to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, we may still communicate with you about matters directly related to our products, services or the administration of your benefits plan, such as notifications regarding revisions to our Terms & Conditions or this Privacy Policy or other formal communications relating to the Services. Please refer to section 10 of this Privacy Policy to learn about the various ways you can get in touch with us.

Consent

Except under the exceptions permitted by law, we need your consent to collect, use, or disclose your Personal Information. These exceptions include, without limitation, instances where legal, medical, or security reasons make it impossible or impractical to seek your consent. If you do not want to provide us with your consent, you do not have to. However, this may limit your ability to use certain functions or to request certain services or information.

You can withdraw your consent any time, subject to legal, regulatory, or contractual requirements. If you wish to withdraw your consent, you can do so by contacting our Privacy Officer (please see section 10 of this Privacy Policy for the contact information of our Privacy Officer).

Learn more about how we obtain your consent...

Your consent can be either express or implied. Express consent can be verbal or written.  For example, when you sign an enrollment form you are giving us written consent to use the Personal Information that you have disclosed to provide you, your spouse, and your dependants with benefits.

Consent can be implied or inferred from certain actions. For example, if you present your benefit identification card to a pharmacist/dentist in lieu of paying for a prescription/dental procedure, it can be implied as consent for the pharmacist/dentist to provide your Personal Information to GreenShield to obtain payment for the service rendered, and for GreenShield to process the related claim for payment.

For our existing groups and benefit plan participants, we will continue to use and disclose the Personal Information previously collected in accordance with this Privacy Policy, unless you inform us otherwise. We will infer that consent has been obtained for the continued use or disclosure of your Personal Information by: (i) the processing of any existing or future benefit claims that you submit for reimbursement; or (ii) you accessing our other services.

We may also collect your consent when an individual authorized on your behalf (your “Personal Representative”) registers for an account or interacts with the Services. Additionally, if you are a benefits plan member who self-enrolls or provides Personal Information to their employer, you confirm that the information is complete and accurate to the best of your knowledge and that you are authorized to provide the Personal Information of your spouse and dependants for the purposes of: (i) determining eligibility for benefits; and (ii) any other services necessary for benefits administration.

Limiting collection

We limit the collection of Personal Information to that which is needed for the purposes identified by us or as otherwise permitted by law.

Learn more about the information we collect...

Depending on the product or service we are providing to you, we may collect Personal Information about you, including:

  • first name, last name, date of birth, sex, gender, employer plan number or employment ID (if any), and salary;
  • our Social Insurance Number, for the limited purpose of complying with statutory obligations, including our tax reporting obligations;
  • address, postal/zip code, telephone number(s), and email address(es);
  • medical or health information, including your provincial health card number, health history and conditions, underlying diagnosis, laboratory testing results, diagnostic images, and other health related information;
  • banking information (including account holder name, account number, transit number, and bank number) and credit card information, including your billing address;
  • insurance claims information submitted to us, such as providers you have visited, prescription dispensing data and other information, including dependant relationship;
  • information regarding your interactions with us, such as telephone recordings, emails, letters and other communications (for example, we may use customer relationship management data to monitor your activities and engagements with us) to determine how best we can support you;
  • how you use our products and services, including through our websites and other electronic means;
  • preferences for certain products, interests, and lifestyle activities;
  • demographic information;
  • click through activity on the Platform and our other websites, including referral source, information about your length of visit, and the specific webpages viewed;
  • information about your computer or mobile device, such as your IP address, geolocation data, browser type, operating system; mobile device software version, and mobile device carrier;
  • information relating to any transactions carried out between you and us, including information relating to any purchases you make;
  • health information (e.g., your provincial or territorial personal health number, private health benefits number or account information, medication and prescription information, allergy information, medical history, physical and mental health information, personal and family medical history information, and physician details); and
  • your account and profile information, including password management and security questions and answers, as well as the services and products you choose to purchase and use.

Learn more about where we collect or receive your Personal Information from...

We may collect or receive Personal Information from:

  • completed applications and forms;
  • your interactions with us, including engaging with us over social media and through surveys, or when you communicate with us or sign up to receive promotional materials;
  • your telehealth consultations, advisors or other representative(s);
  • your plan sponsor or employer;
  • your plan sponsor or employer’s insurance advisor and/or plan administrator;
  • your Personal Representative;
  • updates to your online profile and other information that is maintained in your account;
  • your medical records, treatment, and examination notes, and other health related records maintained by counsellors;·      your physician, pharmacist, and other medical and health professionals responsible for your care;
  • medical facilities or providers;
  • professional regulatory bodies and other governmental and regulatory agencies;
  • Canadian Drug Insurance Pooling Corp (CDIPC);
  • other insurance carriers with which you had or have coverage;
  • third party service providers that provide or have provided services to you and your spouse and/or dependants, including services related to your benefits plan (e.g., payroll, enrolment, claims handling services, travel assistance benefits providers and paramedical service providers); and
  • cookies and other technologies such as device identifiers. For information about how GreenShield uses cookies, please refer to the section of this Privacy Policy titled “Cookies” below and our Security page.
Limiting use, disclosure and retention

Except as permitted by law, we only use or disclose Personal Information for the purposes for which it was collected. We retain Personal Information only for as long as necessary to serve such purposes, or as otherwise required or permitted by law. Our retention standards are consistent with these retention requirements.

We destroy, erase or anonymize Personal Information when we no longer need to retain it. Please note that our use, disclosure or other processing of anonymized information is not subject to this Privacy Policy.

Learn more about how we disclose Personal Information...

Depending on the product or service we are providing to you, we may disclose your Personal Information:

  • to individuals, financial institutions, and other third parties we work with to administer the products and services we provide;
  • to authorized employees, agents, and representatives who have a justified need to have access to your Personal Information;
  • to your advisor(s) and any agency we work with that has direct or indirect supervisory authority over your advisor(s) (including their respective employees);
  • to your employer and plan sponsor, as may be reasonably necessary to properly administer your benefits plan(s);
  • to our service providers who need this information to perform various services for us. Examples of these services include analyzing data, data storage, providing marketing assistance, providing search results and links, processing credit card transactions and other payments, fulfilling your prescriptions, claims processing, and providing customer service;
  • to any entity within GreenShield, for the purposes identified in this Privacy Policy;
  • to people who are legally authorized to view your Personal Information (including your Personal Representative);·      where we are required by law to disclose your Personal Information;
  • in connection with any legal proceedings;
  • to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention, identity verification, and reducing credit risk);
  • in connection with the sale, assignment or other transfer of any entity within GreenShield, in which case we will require any third party involved in such transaction to agree to treat your Personal Information in accordance with this Privacy Policy; and·      to individuals, organizations, and investigative bodies who work to prevent, detect, or investigate suspected fraud, contractual breaches, or contravention of law.

When we disclose Personal Information (whether inside or outside of GreenShield), we take appropriate precautions, including: (i) limiting the disclosure to what is reasonably required for the purposes set out in this Privacy Policy; and (ii) requiring our service providers to handle Personal Information in a manner that is consistent with our privacy practices and this Privacy Policy.

Accuracy

We endeavour to ensure Personal Information under our control is accurate, complete, and as up to date as possible to fulfil the purposes for which it was collected.

Learn more about accuracy...

You can check your Personal Information to verify its accuracy. You can correct, amend or update the information you provide to us by logging into your user account and making the updates to your profile information. You can also contact us directly any time (please see section 10 of this Privacy Policy for more information about how you can contact us) to update your Personal Information.

Safeguards

To protect Personal Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification, we use appropriate physical, administrative, and technological safeguards that match the sensitivity of the information under our control.

Learn more about safeguards...

Our employees who have access to Personal Information are made aware of how to keep it confidential. As a condition of employment with GreenShield, all employees sign an agreement requiring them to handle confidentially, all information to which they will have access. Our employees are also required to participate in annual security and privacy awareness training programs.

Personal Information is kept in a secure environment using appropriate technical, physical, and organizational measures designed to protect your Personal Information. For more information regarding our security practices, please visit our Terms and Conditions.

Openness

We make information about our policies and procedures and how we manage Personal Information available to you. To receive copies or more information regarding any such policies and procedures, please contact our Privacy Officer (please see section 10 of this Privacy Policy for the contact information of our Privacy Officer).

Individual access

If you send us a written request (please see section 10 of this Privacy Policy for more information about how you can contact us), we will tell you what Personal Information about you we have and how we use and disclose it. You may be required to provide sufficient proof of your identity to permit us to provide you with the information you have requested.

We will give you access to your Personal Information, with certain exceptions permitted by law. You may verify the accuracy and completeness of your information and request changes, if appropriate. There may be a minimal charge for the retrieval of your Personal Information that you request. We will inform you if there is a charge.

We will assist you in identifying the appropriate means to have correction(s) made to your Personal Information and whenever possible, we will correct any Personal Information which we may have given to a third party.

Please note that we may not be able to provide you with access to your Personal Information if it:

  • is prohibitively costly to provide;
  • contains references to other individuals;
  • cannot be disclosed for legal, security or commercial proprietary reasons;
  • is subject to solicitor-client or litigation privilege; or
  • cannot be disclosed for any other reason permitted by law.

To the extent that you are not satisfied with our response to your written request, please contact our Privacy Officer (as provided in section 10 of this Privacy Policy). information regarding any such policies and procedures, please contact our Privacy Officer (please see section 10 of this Privacy Policy for the contact information of our Privacy Officer).

Challenging compliance

We are committed to answering and resolving any privacy related questions, concerns, complaints, and inquiries.

Please feel free to contact GreenShield’s Privacy Officer:


By email: privacy.office@greenshield.ca


By mail:

Privacy Officer

GreenShield

5140 Yonge St., Suite 2100

Toronto, Ontario M2N 6L7

GreenShield’s Privacy Officer will acknowledge receipt of your inquiry. Within 30 days of receiving your inquiry, our Privacy Officer will write or call to tell you if your inquiry has been resolved, or, in more complex cases, advise you what further steps are being taken and when you may expect a resolution.

If you are unsatisfied with our response or if your privacy related question(s), concern(s), complaint(s), or inquiry(ies) remains unresolved, you may contact:

Office of the Privacy Commissioner of Canada

30 Victoria Street

Gatineau, Quebec K1A 1H3

Telephone: 1-819-994-5444

Toll Free: 1-800-282-1376

Fax: 1-819-994-6591

Website: www.priv.gc.ca

If you reside in Ontario, you have the right to file a complaint to the Information and Privacy Commissioner of Ontario who can be contacted at:

Information and Privacy Commissioner of Ontario

2 Bloor Street East, Suite 1400

Toronto, Ontario M4W 1A8

Telephone: 1-416-326-3333

Toll Free: 1-800-387-0073

Website: www.ipc.on.ca

If you reside outside of Ontario, you may contact your provincial or territorial privacy regulator to file a complaint. For more information about the applicable privacy regulator in your province or territory, please visit: www.priv.gc.ca/en/about-the-opc/what-we-do/provincial-and-territorial-collaboration/provincial-and-territorial-privacy-laws-and-oversight/.

Changes to this Privacy Policy

We may, from time to time, revise this Privacy Policy. Revisions to this Privacy Policy may be required: (i) to reflect changes in applicable laws or our Personal Information handling practices; or (ii) as we introduce new products and services. The most current version of this Privacy Policy governs how we process your Personal Information and is available at www.greenshield.ca/en-ca/privacy-policy. You will be able to determine when this Privacy Policy was last updated by referring to the “Last updated” date found at the beginning of this Privacy Policy. By continuing to use the Services, the Platform, or our other websites to which this Privacy Policy applies, you agree to be bound by the most current version of this Privacy Policy.

Cross-border transfers

Where permitted by applicable law, GreenShield may transfer your Personal Information to entities located outside of Canada. By accessing the Platform and utilizing the Services, you understand and consent to our transfer of your Personal Information globally. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Information. GreenShield will strive to protect your Personal Information disclosed to third parties by contractual agreements requiring that those third parties adhere to confidentiality and security procedures and protections.

Cookies

Our websites, including the Platform, may use cookies. Cookies are tiny elements of data that are sent to your browser when you visit any of our websites. Cookies are stored by your browser and allow us to recognize you when you return to any of our websites. We and our business partners, marketing partners, or service providers may place cookies on our websites for marketing purposes, to remember your preferences, and to authenticate you.

Cookies uniquely identify your device or user account associated with the website. You may set your browser to notify you when you receive a cookie or to not accept certain cookies. However, if you decide not to accept cookies, you may not be able to take advantage of all the features that may be offered on our websites.

Site usage information

Our websites, including the Platform, may gather traffic patterns, site usage information, and other aggregated data to evaluate your preferences and the effectiveness of our websites. This aggregate usage data does not identify you individually.

Our policy regarding minors

Our websites, including the Platform, are not intended for any individual under the age of15, and we do not knowingly allow individuals under the age of 15 to create their own user account. Individuals under the age of 15 may access our websites or receive our services at the discretion of health providers using their parent or legal guardian’s user account and in the presence of that parent or legal guardian. We do not intentionally collect Personal Information from anyone under the age of 15. We request individuals under the age of 15 to refrain from: (i) using our websites; and (ii) submitting any Personal Information to us.

Additional rights

Here are some additional rights that you may have according to where you are located:

Dissemination, De-Indexation or Re-Indexation

Subject to applicable law, you will have the right to require us to cease disseminating your Personal Information or to de-index any hyperlink to your Personal Information if the dissemination of the information contravenes the law or a court order.

In addition, subject to applicable law, and provided certain conditions are met, you may require us to cease disseminating your Personal Information, de-index any hyperlink to such information, or re-index any hyperlink to such information.

Deletion

Subject to applicable law, you may request deletion of your Personal Information by us. However, we may be required (by law or otherwise) to retain your Personal Information and not delete it, in which case, we will comply with your deletion request only after we are no longer required to retain your Personal Information that you have requested be deleted.

When we delete your Personal Information, it will be deleted from our active database(s), including from our archives, though we may also retain anonymized information about your use of our websites and services. Once we disclose any of your Personal Information to a third party, we may not be able to access that Personal Information any longer (as maintained by the third party), and we cannot force the deletion of such information by any third party to whom we have made such disclosures.

Data Processing Use and Objection

Subject to applicable law, you have the right to request we restrict our use or disclosure of your Personal Information for certain purposes. You also have the right to object to the processing of your Personal Information. We may not be required to agree to a requested restriction or objection.

We will agree to restrict the use or disclosure of your Personal Information, provided that the law allows it and we determine that such restriction does not impact our ability to operate our business, provide diagnostic services, and comply with the law. Subject to applicable law, even when we agree to a restriction request, we may still: (i) disclose your Personal Information in a medical emergency; and (ii) use or disclose your Personal Information for public health, safety, and other similar public benefit purposes permitted or required by law.

Automated Decision Making

Subject to applicable law, if at any time we use automated decision making to process your Personal Information, you have the right to object to such use of your Personal Information.

Data Portability

Subject to applicable law, you have the right to receive your Personal Information in a structured, commonly used technological format.

Cross-Border Transfers

Where permitted by applicable law, we may disclose and/or store the Personal Information we have collected about you outside of Quebec. You may, subject to the requirements in this Privacy Policy, withdraw your consent regarding such disclosure and/or storage of your Personal Information.

Our Voice Recognition Program

Our Interactive Voice Recognition Program (“IVR”) system is a secure method for accessing your Personal Information when you call us as well as a simpler way for you to do business with us, while we continue to protect both you and us against fraud, misrepresentations, and other errors.

Your consent

When you enroll in our IVR system, you give us your express consent to use your voiceprint password to confirm your identity.

How we use your voiceprint

We only collect Personal Information that is pertinent and consistent with this Privacy Policy.

Every time you call us after you have enrolled in our IVR system, your voiceprint is authenticated and you will either be transferred to one of our representatives or to an IVR self-service function. Your voiceprint is used to replace other methods of verification such as questions asked by our representatives.

We only use your voiceprint to confirm your identity (i.e., it will not be used to reverse engineer, reuse or recreate your voice). Your voiceprint is encrypted and kept in accordance with section 7 of this Privacy Policy, and will be accessible by:

  • authorized employees, agents, and representatives who have a justified need to access your voiceprint;
  • our service providers who need this information to perform various services for us; and
  • individuals, organizations, and investigative bodies who work to prevent, detect, or investigate suspected fraud, contractual breaches, or contravention of law

Withdrawing your consent

You may withdraw your consent for us to use your voiceprint, but doing so will prevent you from using the voiceprint password system in the future, unless you re-enroll. To withdraw your consent, you may contact our customer service department at 1-855-525-7587 or our Privacy Officer (please see section 10 of this Privacy Policy for the contact information of our Privacy Officer).