PRIVACY POLICY

CODE OF PRACTICE

 

One Team Health (OTH) is responsible for the protection of personal information and the fair handling of it at all times, throughout the organization and in dealings with third parties.

 

As such, the company abides by two codes of best practice in which set the ground rules for the collection, use, and disclosure of personal information.

 

Principles of PIPEDA are:

 

  1. Accountability: Each employee or consultant of One Team Health (OTH) is responsible for personal information under their control, and the company shall designate an individual or individuals accountable for compliance with Privacy Legislation.

  2. Identifying Purposes: The purpose for which personal information is collected shall be identified before or at the time the information is collected.

  3. Consent: The prior knowledge and permission of the individual are required for the collection, use or disclosure of personal information, except for legal or security reasons.

  4. Limiting Collection: The collection of personal information shall be limited to that which is necessary for the purposes identified. Personal information shall be collected by fair and lawful means.

  5. Limiting Use, Disclosure, and Retention: Personal information will not be used, disclosed or retained for purposes other than those for which the information was collected, except with the permission of the individual, or as permitted or required by law.

  6. Accuracy: Personal information shall be as accurate, complete and current as is necessary for the identified purposes for which it is to be used.

  7. Safeguards: Safeguards appropriate to the sensitivity of the information will protect personal information.

  8. Openness: Each employee or consultant of One Team Health (OTH) will make readily available to their customers specific information about our policies and procedures relating to the management of their personal information.

  9. Individual Access: Upon request, an individual will be informed of the existence, use and disclosure or his or her personal information and shall be given access to it. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate.

  10. Handling Customer Complaints and Suggestions: Individuals can address any complaint regarding compliance with the above principles with our Privacy Officer.

 

 

COMMUNICATION, CONSENT, AND RIGHTS

One Team Health (OTH) will communicate its privacy policy to clients at the onset of the relationship, either by print or electronically. The company’s privacy statement can also be found on the website.

 

Obtaining Consent

Individuals consent to the use of personal information through the signing of the application or enrollment form. Consent may also be expressed in writing or implied verbally, electronically or through an authorized representative.

One Team Health (OTH) will infer consent on the part of individuals and their dependents with continued service from the company.

 

Withdrawing Consent

Permission to collect, use and disclose personal information may be withdrawn in writing, subject to legal and contractual restrictions, and with reasonable notice. Individuals should contact the Privacy Officer to discuss the implications of withdrawing consent.

 

Right of Access

All Individuals have the right to request to see their personal information that has been collected by One Team Health (OTH). A copy of the records may be provided in lieu of examining the originals in the following circumstances:

 

  • Access to the records would unreasonably interfere with the operations of the organization;

  • Access to the records may result in the disclosure of information to which access is not permitted or is refused under PIPEDA; or

  • May result in harm to or destruction of the record.

 

Right of Amend Personal Information

All Individuals have the right to request that any factually inaccurate information held by One Team Health files are corrected, if appropriate.

 

Right to be Forgotten

Also known as Data Erasure, Individuals have the right to request to have their records erased if the data is no longer relevant to the original purpose, or if they withdraw consent.

Note that record keeping requirements may delay the right to data erasure.

 

Right to Restrict and Oppose the Data Processing Operation

All Individuals have the right to restrict and oppose the processing of their personal information, however due to the nature of One Team Health (OTH) business, this may have implications on the service they receive.

 

ADMINISTRATIVE SAFEGUARDS

 

Administrative, physical, and technical safeguards have been put in place to protect personal information and minimize a privacy breach.

 

Training and Awareness

All employees and consultants will be made aware of the privacy legislation, the organization’s Privacy Policy and procedures through privacy awareness training, company correspondence, and on the job training. Access to sensitive and personal information depends on the position.

 

Contractual Requirements

All vendor partnerships and personnel contracted through third parties will be screened by the third party. One Team Health (OTH) will reserve the right to request the results of said screening and/or to verify history and references.

 

Confidentiality Agreement

All employees, consultants, and vendors will sign One Team Health (OTH) Confidentiality Agreement. The company reserves the right to make amendments to its Confidentiality Agreement due to legislation or executive decisions, and request new signatures from its employees, consultants, and vendors.

 

Access to Site – During Business Hours

The building, elevators, and One Team Health (OTH) offices are open to the public during business hours. All employees are provided with access cards upon commencement of their employment in order to access to the office.

 

Access to Site – Outside Business Hours

The building where One Team Health (OTH) is located is locked before and after business hours. There are floating security guards making random checks on the building before and after business hours. During these times, a secure access card is the only way into the building, and through the secure doors of the office.

 

Access Cards

Employees, consultants, and vendors will be given access cards according to their need, which is based on their position within the company. All access cards will be deactivated and/or returned upon completion of assignments or employment.

Lost/Stolen access cards must be reported to the building management so that the card can be deactivated immediately.

 

Cabinets

All sensitive and personal information outside of the file room will be stored in locked cabinets when employees are not working on a case.

 

IT Room

The IT room is secured with a digital lock when not occupied, and there is video surveillance in the IT room.

 

Shredders

Locked cabinets are provided throughout the office for disposing of sensitive materials that need to be shredded. A private company comes to the office to pick up the cabinets and shreds the materials offsite.

 

Original Document Storge

All original documents are kept in a secure location for the required retention period and then disposed of by shredding. All claims documents are stored in the claims storage location which is only accessible by staff permitted to do so. Claims has a log where they log the time and date the material is archived, and its retention period.

 

Recycling/Trash

Sensitive and personal information shall never be disposed of in the trash or recycling bins.

 

 

Clean Desk Policy

Employees are to secure all personal information in locked cabinets/drawers before leaving the office for the day and are encouraged to similarly secure such information when they are away from their desks. This includes locking their computer when they are not at their desk and disposing of any sensitive information in the locked shredding bins or in a locked cabinet. No confidential information should be left anywhere in the office, and therefore the clean desk policy extends to any area where confidential information may inadvertently be left, such as on printers or in meeting rooms.

 

All sensitive and personal information outside of the file room will be stored in locked cabinets when employees are not working on a case.

 

Breaches

A Privacy Breach is any instance of providing patient health information (PHI) or protected information to any individual, group, or institution without prior consent by the person to whom it refers.

A breach can be made by any avenue of data transmission, phone, fax, email, or otherwise.

 

Intent to disclose information is not considered where a breach is concerned, any unauthorized disclosure whether intentional or accidental is a Breach of Privacy.

 

Any potential breaches must be reported to the Compliance Office immediately so that a determination can be made as to whether:

 

  • The incident constitutes a privacy breach;

  • The breach should be reported to the Data Protection Officer or a local regulator;

  • The client(s) should be informed.

 

The Senior Management shall be notified of the situation and keep them informed throughout the review process.

 

If a breach occurs:

  • A process review must be undertaken to ensure that no other breaches of a similar nature have occurred;

  • If a process review identifies any gaps that may compromise personal and/or sensitive data, the Privacy Officer will work with the specific department to ensure that gaps are closed.

  • A register of all breaches or possible breaches will be kept by the Privacy Officer, regardless of whether the breach was reportable.

 

Breach Notification Process

Any potential breach must immediately be reported to the Compliance Team and the manager of the department the breach occurred. The departmental manager will discuss the breach with the Compliance Team who will immediately inform Senior Management about the breach (keeping the breach notification requirements/timeline in mind).

It is important to note that under the GDPR, breach notifications must be done within 72 hours of first having become aware of the breach. Data processors are also required to notify their customers, the controllers, without undue delay after first becoming aware of a data breach.

 

PRIVACY POLICY CONTENT

This Privacy Policy was last modified in February 2021, and should be read together with the Terms and Conditions of Use.

PLEASE READ THIS PRIVACY POLICY (THE “POLICY”) CAREFULLY BEFORE USING THE O  NE TEAM HEALTH WEBSITES.  BY ACCESSING AND USING THE ONE TEAM HEALTH, INC. A SUBSIDIARY OF ARGUS GROUP HOLDINGS (“ONE TEAM HEALTH’) WEBSITES, YOU INDICATE YOUR ACCEPTANCE OF THIS POLICY.

 

This Policy is provided by One Team Health Inc., a subsidiary of Argus Group Holdings Limited, which controls and operates the One Team Health Websites. Argus Holdings and its wholly owned subsidiaries and affiliates operates under the name “One Team Health”.

This Policy details the treatment of your Personal Information by One Team Health whilst visiting the One Team Health Websites (the term " One Team Health Websites" refers to all web sites relating to One Team Health, as well as to the content on them). By accessing the One Team Health Websites, you consent to the processing of your Personal Information as described in this Policy. 

Please note that certain details of this Policy may depend on whether you deal with us through a professional advisor, directly as an individual, or whether One Team Health provides group services to your employer or plan sponsor.

REGULATION AND PRIVACY

The protection of your privacy and the confidentiality of your personal information are of paramount concern to One Team Health. As certain parts of the One Team Health Websites are located in different jurisdictions, information submitted through the One Team Health Websites may be stored inside or outside of Canada, Bermuda, or Switzerland.

Information stored in Bermuda is subject to Bermuda law, and relevant One Team Health Websites are regulated by the Electronic Transactions Act 1999 and the Standard for Electronic Transactions (the “Standard”) issued thereunder, and One Team Health fully complies with the data protection principles stated in the Standard.

Information stored in Canada is subject to the Digital Charter Implementation Act, 2020.

Information stored in Switzerland is subject to the Federal Act on Data Protection of June 1992 (DPA) and the Ordinance to the Federal Act on Data Protection of June 1993.

Information stored outside of Canada, Bermuda, or Switzerland is subject to the laws of the jurisdiction in which the information is stored.

Additionally, any processing of personal data within members of the One Team Health is done in accordance with the principles and various Articles established in the EU General Data Protection Regulation 2016 (GDPR) and in compliance with the rules on cross border transfers of personal data covered by the GDPR.

 

THE DATA PROTECTION OFFICER

The One Team Health coordinate with a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy and other relating queries or issues relating to the Personal Information held by the One Team Health.

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact the DPO using the details set out below.

 

COLLECTION OF INFORMATION

You can visit the One Team Health Websites without providing any personal information about yourself.

 

One Team Health does not collect information about individual users (“Personal Information”), except where this is specifically stated and provided with the user’s knowledge. The information that One Team Health collects via the One Team Health Websites consists of voluntarily submitted Personal Information that is required to provide information or goods and services requested through the website. 

 

One Team Health may also collect public and non-public Personal Information about you from any of the following sources:

  • You or your representative on written applications or forms (for example, name, address, social insurance number, birth date, assets and income);

  • You or your employer or plan sponsor if One Team Health provides them with certain services (for example, pensions, group life or group health);

  • Transactional activity in your account (for example, trading history and balances);

  • Other interactions with One Team Health (for example, discussions with our customer service staff);

  • Information from other third-party data services (for example, to verify your identity and to better understand your product and service needs);

  • You or your representative regarding your preferences (for example, your choice of electronic statement delivery, or the screen layout you specify if you use on certain One Team Health Web sites); or

  • Other sources with your consent or with the consent of your representative (for example, from other institutions if you transfer into One Team Health).

Personal Data does not include data where the identity has been removed (anonymous data).

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your Personal Data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect aggregated data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this privacy notice.

 

One Team Health also collects non-specific visitor information. When you visit One Team Health Websites, One Team Health may collect usage information to help understand how the website is navigated and used, such as computer browser type, Internet protocol address (IP address), pages visited, and average time spent on the One Team Health Websites.  This data does not include any Personal Information about you and is used only to measure and improve the effectiveness of the website or to perhaps alert you to software compatibility issues.

One Team Health may use third-party service providers to help us analyze certain online activities and may permit these service providers to use cookies and other technologies, such as web beacons or pixel tags, to perform these services for One Team Health. One Team Health does not control these third-party service providers and are not responsible for their privacy statements. When you leave One Team Health website, One Team Health encourages you to read the privacy notice of every website you visit. One Team Health does not share Personal Information about our customers with these third-party service providers, and these service providers do not collect such information on behalf One Team Health.

 

USE OF INFORMATION

The information you provide through the One Team Health Websites may be used:

  • used lawfully, fairly and in a transparent way;

  • collected only for specified and legitimate purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;

  • adequate, relevant and limited to what is necessary in relation to the purposes we have told you about;

  • accurate and kept up to date;

  • not kept in a form which permits your identification for longer than necessary and kept only as long as necessary for the purposes we have told you about;

  • kept secure.

 

We set out in the table below the purposes for which we might use your Personal Data:

Purpose

Categories of Data

Legal Grounds

Disclosures

QUOTATION / INCEPTION

 

Setting you up as a client, including fraud, credit and anti-money laundering and sanctions checks

QUOTATION / INCEPTION

 

Evaluating the risks to be covered and matching to appropriate policy/premium

QUOTATION / INCEPTION
and
POLICY ADMINISTRATION

 

Collection or refunding of premium

POLICY ADMINISTRATION

 

General client care, including communication with you regarding administration and requested changes to the insurance policy. Sending you updates regarding your insurance policy. Notifying you about changes to our terms or privacy notice

CLAIMS PROCESSING

 

Managing insurance claims including fraud, credit and anti-money laundering and sanctions checks

CLAIMS PROCESSING

 

Defending or prosecuting legal claims

CLAIMS PROCESSING

 

Investigating and prosecuting fraud

RENEWALS

Contacting you in order to renew the insurance policy

THROUGHOUT THE INSURANCE LIFECYCLE

Transferring books of business, company sales and re-organizations. To administer and protect our business

THROUGHOUT THE INSURANCE LIFECYCLE

General risk modelling and underwriting

THROUGHOUT THE INSURANCE LIFECYCLE

Complying with our legal or regulatory obligations

MARKETING


To make suggestions and recommendations to you about products or services or events that may be of interest to you and to provide industry insight

Personal Data:

  • Individual details

  • Identification details

  • Financial information

Special Categories of Personal Data:

  • Credit and antifraud data

Personal Data:

  • Individual details

  • Identification details

  • Policy information

Special Categories of Personal Data:

  • Risk details

  • Previous claims

  • Credit and antifraud checks

Personal Data:

  • Individual details

  • Financial information

Personal Data:

  • Individual details

  • Policy information

Special Categories of Personal Data:

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Identification details

  • Financial information

  • Policy information

Special Categories of Personal Data:

  • Credit and antifraud data

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Identification details

  • Financial information

  • Policy information

Special Categories of Personal Data:

  • Credit and antifraud data

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Identification details

  • Financial information

  • Policy information

Special Categories of Personal Data:

  • Health data

  • Other sensitive data

  • Credit and antifraud data

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Policy information

Special Categories of Personal Data:

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Identification details

  • Financial information

  • Policy information

  • Marketing and communications data

Special Categories of Personal Data:

  • Credit and antifraud data

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Identification details

  • Financial information

  • Policy information

Special Categories of Personal Data:

  • Credit and antifraud data

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Identification details

  • Financial information

  • Policy information

  • Marketing and communications data

Special Categories of Personal Data:

  • Credit and antifraud data

  • Risk details

  • Previous claims

  • Current claims

Personal Data:

  • Individual details

  • Policy information

Personal Data:

  • Performance of our contract with you

  • Compliance with a legal obligation

  • For our legitimate business interests (to ensure that the client is within our acceptable risk profile)

  • To assist with the prevention of crime and fraud

Special Categories of Personal Data:

  • In the substantial public interest

  • Consent

Personal Data:

  • Performance of our contract with you

  • For our legitimate business interests (to determine the likely risk profile and appropriate insurer and insurance product)

Special Categories of Personal Data:

  • Consent

Personal Data:

  • Performance of our contract with you

  • For our legitimate business interests (to recover debts due to us)

Personal Data:

  • Performance of our contract with you

  • For our legitimate business interests (to correspond with clients, beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies)

  • Compliance with a legal obligation

  • Consent

Special Categories of Personal Data:

  • Consent

Personal Data:

  • Performance of our contract with you

  • For our legitimate business interests (to assist our clients in assessing and making claims)

Special Categories of Personal Data:

  • Consent

  • For legal claims

Personal Data:

  • Performance of our contract with you

  • For our legitimate business interests (to assist in assessing and making claims)

Special Categories of Personal Data:

  • Consent

  • For legal claims

Personal Data:

  • Performance of our contract with you

  • For our legitimate business interests (to assist with the prevention and detection of fraud)

Special Categories of Personal Data:

  • Consent

  • For legal claims

  • In the substantial public interest

Personal Data:

  • Performance of our contract with you

  • For our legitimate business interests (to correspond with clients, beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies)

  • Consent

Special Categories of Personal Data:

  • Consent

Personal Data:

  • For our legitimate business interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and to structure our business appropriately)

  • Compliance with a legal obligation

Special Categories of Personal Data:

  • Consent

  • For legal claims

  • In the substantial public interest

Personal Data:

  • For our legitimate business interests (to build risk models that allow placing of risk with appropriate insurers)

Special Categories of Personal Data:

  • Consent

Personal Data:

  • Compliance with a legal obligation

Special Categories of Personal Data:

  • Consent

  • In the substantial public interest

Personal Data:

  • For our legitimate interests (to develop our products/services and grow our business)

  • Credit reference agencies

  • Antifraud and sanctions databases

  • Other insurance market participants such as intermediaries, insurers and reinsurers

  • Banks

  • Claims handlers

  • Solicitors

  • Loss adjustors

  • Experts

  • Third parties involved in the claim (including without limitation other insurance market participants such as intermediaries, insurers and reinsurers)

  • Claims handlers

  • Solicitors

  • Loss adjustors

  • Experts

  • Third parties involved in the claim (including without limitation other insurance market participants such as intermediaries, insurers and reinsurers)

  • Solicitors

  • Private investigators

  • Police

  • Experts

  • Third parties involved in the investigation or prosecution

  • Other insurance market participants such as intermediaries, insurers and reinsurers

  • Antifraud databases

  • Courts

  • Purchaser

  • PRA, FCA, ICO and other regulators

  • Police

  • Other insurance market participants such as intermediaries, insurers and reinsurers (under court order)

  • Insurance Fraud database

FAILING TO PROVIDE PERSONAL INFORMATION

You do not have to provide any of this information but if you don’t, you may not be able to use our site or all of the services we offer on the site, and you are unlikely to receive an optimal customer service experience.

We may also anonymize and aggregate Personal Information (so that it does not identify you) and use it for purposes including testing out IT systems, research, data analysis, improving our site and app, and developing new products and services.

 

YOUR DUTY TO INFORM ONE TEAM HEALTH OF CHANGES

It is important that the personal information that One Team holds about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with One Team Health.

SHARING OF YOUR INFORMATION

One Team Health may share Personal Information about you with various entities within One Team Health, including internal service providers which perform, for example, printing, mailing, and data processing services. For customers in the EEA, One Team Health ensure that we have adequate and appropriate safeguards in order to protect that Personal Information.

One Team Health may share overall visitor trends and other generic information collected on this website with third parties but we do not pass on any personal details or personally identifiable information without your specific consent. Except as provided herein, One Team Health will not share your Personal Information with any unaffiliated third-party without your prior consent.  One Team Health does not sell, trade or rent Personal Information to any unaffiliated third-party without your prior consent.

We may share Personal Information with the following entities:

  • Unaffiliated service providers (for example, printing and mailing companies, securities clearinghouses, marketing service providers) who provide services at the direction of One Team Health;

  • Government agencies, other regulatory bodies and law enforcement officials (for example, for reporting suspicious transactions or for tax purposes if relevant, the respective financial services regulator, the Financial Services Compensation Scheme); or  

  • Other organizations, with your consent or as directed by your representative (for example, if you use One Team Health as a financial reference in applying for credit with another institution), or as permitted or required by law (for example, for fraud prevention).

 

Our service providers are obligated to keep the Personal Information we share with them confidential and use it only to provide services specified by One Team Health - although it should be noted that, ultimately, One Team Health does not have control over these service providers.

Based on the nature of your relationship with One Team Health, we may exchange information with other third parties as described below:

  • If One Team Health provides services to your employer or plan sponsor, such as pensions, group life or group health, One Team Health may exchange any information received in connection with such services with your employer or plan sponsor or others they may authorize; or

  • If you conduct business with One Team Health through your professional advisor or personal representative, we may exchange information we collect with your professional advisor or personal representative or with others they may authorize.

  • Other insurance market participants, such as insurers, reinsurers and other intermediaries

 

MARKETING AND OPTING OUT

One Team Health does not currently engage in direct marketing, however if this policy changes at a future date you will be given the opportunity to withhold or give your permission to receive such materials through an opt out or in message. 

You can subsequently ask One Team Health to stop sending you marketing messages at any time by unsubscribing or contacting us at any time.

 

CHANGE OF PURPOSE

One Team Health will only use your personal data for the purposes for which we collected and as set out in this Privacy Notice.

If One Team Health need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

 

DATA RETENTION

We will retain your Personal Information only for as long as it is necessary in connection with the performance of our contractual obligations to you or if it becomes necessary or required to meet legal and regulatory requirements, resolve disputes, prevent fraud and abuse or enforce our terms and conditions.

We will keep your Personal Information while your account with us is active or until such time as you ask us to stop communications with you, unless we need to keep the information for longer.

You may obtain more information as to the retention periods or the criteria used by us to determine the retention periods by contacting us at DPO@argus.bm.

 

SECURITY

One Team Health recognizes the importance of confidentiality and uses secure servers and various other technological means to ensure the security of your Personal Information and of your online session, and to protect One Team Health’s systems from unauthorized access.

Please note however that no data transmission over the internet can be guaranteed to be totally secure and we cannot guarantee or warrant the security of any information which you send to us.

You may complete a registration process when you sign up to parts of the website.  This may include creation of a username, password and/or other identification information.  Any such information should be kept confidential by you and should not be disclosed to or shared with anyone.

One Team Health restricts access to Personal Information to those who require it to develop, support, offer and deliver products and services to you.

One Team Health has put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

COOKIES

Details of your visits to our websites and information are collected through cookies and other tracking technologies, including, but not limited to, your IP address and domain name, your browser version and operating system, traffic data, location data, web logs and other communication data, and the resources that you access.

One Team Health Websites may use "cookies".

A cookie is a small file of letters and numbers that we store on your browser. Cookies contain information that is transferred to your computer's hard drive. This helps us track basic visitor information in order that we can better tailor the site to our visitors' needs. Most web browsers automatically accept cookies, but you can disable this function by changing your browser settings if you so wish.

Certain strictly necessary cookies (such as those required for the sole purpose of carrying out the transmission of a communication) do not require your consent.  Other cookies, that are helpful or convenient for your navigation of our website, may require your consent.  In such cases you consent will be requested.

Our cookies do not identify you by name as an individual or by account number.  Please note, however, that if you reject cookies, your access to certain information may be restricted or you may have to re-enter information.

 

ONGOING APPLICATION

If you are a former customer, these policies also apply to you; One Team Health will treat your information with the same care as we do information about current customers.

 

YOUR RIGHTS

All users enjoy certain rights relating to their Personal Information that One Team Health commits to upholding.  The below list contains the principal rights generic across all jurisdictions, but you may be entitled to other rights in your specific location.

The right to be informed: We need to be clear with you about what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.

The right to access: You may submit subject access requests, which oblige us to provide a copy of any personal data concerning you. We have one month to produce this information, although there are exceptions for requests that are manifestly unfounded, repetitive or excessive.

The right to rectification: If you discover that the information, we hold on you is inaccurate or incomplete, you may request that it be updated. As with the right to access, we have one month to do this, and the same exceptions apply.

The right to erasure: (also known as ‘the right to be forgotten’) You may request that we erase your data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed, or it no longer meets the lawful ground for which it was collected. This includes instances where you withdraw consent.  This is not an absolute right, we may be justified in keeping certain personal data in order to perform a contract with you, comply with legal obligations or in relation to the exercise or defense of legal claims.

The right to restrict processing: You may request that we limit the way we use your personal data. It’s an alternative to requesting the erasure of data and might be used when you contest the accuracy of the personal data or when you no longer need the information, but we require it to establish, exercise or defend a legal claim.

The right to data portability: You are permitted to obtain and reuse your personal data for your purposes across different services. This right only applies to personal data that you have provided to us by way of a contract or consent.

The right to object: You may object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. We must stop processing information unless we can demonstrate compelling legitimate grounds for the processing that overrides your interests, rights and freedoms or if the processing is for the establishment or exercise of defense of legal claims.

Rights related to automated decision-making including profiling: The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about you. There are strict rules about this kind of processing, and you are permitted to challenge and request a review of the processing if you believe the rules are not being followed.

The right to stop direct marketing messages:  You may disable direct marketing messages by pressing the unsubscribe button at the bottom of the message.  Please note that it may take a few days for your preferences to be updated in all of our systems, so you may receive messages from us while we process your request.

The right to complain to your data protection regulator: you are able to submit a complaint to the regulator for data protection of each the respective companies about any matter concerning your personal information, using the details below.  However, we take our obligations seriously, so if you have any questions or concerns, we encourage you to raise them with us first, so that we can try to resolve them.

 

 

ACCESS REQUESTS

You will not have to pay a fee to accessing the Personal Information controlled by One Team Health. However, One Team Health may refuse to comply with your request in circumstances where your request is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests as soon as reasonably practicable and, in any event, within 30 days of receipt of the request. Where we cannot comply within 30 days, we will inform you immediately.

 

CONTACT

If you have any questions concerning this Policy, wish to review your Personal Information that One Team Health may have stored or exercise any of your rights listed above, please contact the DPO at:

One Team Health, Inc a subsidiary of Argus Group Holdings

Tel: (441) 298-0888

Fax: (441) 292-6763

Email: DPO@argus.bm

www.argus.bm

Keeping your information accurate and up to date is very important to One Team Health. In some jurisdictions, you may have the right to write to us in order to request that you have reasonable access to your non-public Personal Information (this includes a record of any subsequent disclosures of medical record information). If you believe the information One Team Health may have collected about you is inaccurate, you may request that we amend, correct or delete it. One Team Health will notify you of our decision, give you our reasons and the opportunity to file a concise statement of dispute with us if you do not agree. Your statement will be made a part of our file and sent to persons or organizations that received your information in the past and in the future as may be required by applicable law.

 

Links to Other Websites

This privacy notice does not cover the links within this site linking to other websites which are not controlled by us.  We are not responsible for the collection or use of your Personal Information from these third-party websites and we therefore encourage you to read the privacy statements on the other websites you visit.

 

CHANGES TO PRIVACY POLICY

Please note that this Policy may be reviewed, and may change, from time to time.  The revised Policy will be posted to this page so that you are aware of the information we collect, how it is used and under what circumstances we disclose it.

This website uses cookies. To ensure you get the best experience on our website, this website uses cookies.


By using our website you agree to the terms of our Privacy Policy and Terms of Service.

Cookies are small text files that can be used by websites to make a user's experience more efficient.

The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies, we need your permission.

This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.

You can at any time change or withdraw your consent from the Cookie Declaration on our website.

Learn more about who we are, how you can contact us and how we process personal data in our Privacy Policy.

Your consent applies to the following domains: www.oneteamhealth.com

PURPOSE

 

One Team Health (OTH) has established standards for the protection of personal information in accordance with North American and European legislation. This policy describes how personal client information will be secured, managed, and communicated.

 

SCOPE

 

This policy is applicable to all employees (full-time staff, part-time staff, consultants, and contract staff) of One Team Health (OTH).

REGULATORY BACKGROUND

 

This policy has been established in compliance with the privacy regulations required in North America and Europe.

 

In Canada, One Team Health (OTH) is governed by the Personal Information Protection and Electronic Documents Act (“PIPEDA”) which is a federal act applicable to private sector businesses in all Canadian provinces and territories that collect personal data. It is overseen by The Office of the Privacy Commissioner of Canada (the “Commissioner”).

 

Alberta, British Columbia, and Québec each have a provincial act that is deemed substantially similar to PIPEDA in Ontario.

 

As One Team Health (OTH) supports activity in the U.S.A., it is imperative that the organization complies with the rules and regulations required by the Health Insurance Portability and Accountability Act (“HIPAA”) as this sets the standard to protect a patients’ personal or protected health information (PHI).

 

Non-compliance with the relevant legislation can lead to various types of penalties as well as undue risk on the organization. Penalties can include, but are not limited to: monetary fines, public disclosure, and/or prison for the employee and/or the organization as a whole. The consequences of non-compliance of this policy, and/or any potential breaches are subject to the penalties in any jurisdiction.

Repeated breaches and errors will result in consequences. Under PIPEDA, there are four penalties for non-compliance: (1) Federal Court; (2) Public Interest Disclosure; (3) Audit; (4) Compliance Agreement. There are also additional actions which are considered Reporting Offences.

 

1. Federal Court

The court may:

  • Order an organization to correct its practices to comply with PIPEDA;

  • Order an organization to publish a notice of any action taken or proposed to be taken to correct its practices; and

  • Award damages to the complainant, including damages for any humiliation that the complainant has suffered.

2.  Public Interest Disclosure

 

The Commissioner may make information public if it considers the breach to be in the public’s best interest. There are factors that help the Commissioner decide whether to make the matter public, such as whether the disclosure would:

  • Promote and encourage compliance with PIPEDA;

  • Educate the public about their privacy rights; and

  • Protect the Public from privacy risks.

 

3. Audit

 

The Commissioner has the right to audit an organization if it has reasonable grounds to believe that their personal information management practices are not in compliance with PIPEDA.

 

4.  Compliance Agreement

The Commissioner can enter into a Compliance Agreement with an organization if it believes on reasonable grounds that the organization has committed, is about to commit, or is likely to commit an act that is not compliant with the legislation.

Under such agreements, an organization agrees to take certain actions to bring itself in line with PIPEDA. If the organization fails to meet it obligations, the Commission can apply to the courts to order the organization to comply with the terms of the agreement, or begin court proceedings.

 

REPORTING OFFENCES

 

Canada

 

Under PIPEDA, it is an offence to:

  • Destroy personal information that an individual has requested;

  • Obstruct a complaint investigation or audit by the Commissioner;

  • Retaliate against an employee who has complained to Commissioner.

United States

 

Under the HIPAA Privacy Rule, falling victim to a healthcare data breach, as well as failing to give patients access to their Protected Health Information (“PHI”), could result in a fine of up to US$100,000 (with an annual maximum of US$1.5 million) and up to 10 years in prison.

 

Europe

 

Under the General Data Protection Regulation (GDPR), the main aim of the regulation is to protect all EU citizens from data breaches.

There are two levels of fines that can be levied on corporations, depending on the nature of the breach.

  • Lower Level - Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year (whichever is greater).

  • Upper Level - Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year (whichever is greater).

 

Defining Personal and Sensitive Data

 

Each jurisdiction provides their own definitions of personal and sensitive data.

 

Canada

Personal information includes any factual or subjective information, recorded or not, about the identity of an individual, such as:

 

  • Age, name, ID numbers, income, ethnic origin, or blood type;

  • Opinions, evaluations, comments, social status, or disciplinary actions; and

  • Employee files, credit records, loan records, medical records, existence of a dispute between a consumer and a merchant, intentions (for example, to acquire goods or services, or change jobs).

 

United States

HIPAA refers to persona data as Protected Health Information (PHI), which includes:

 

  • Name, address, birth date and Social Security Number;

  • An individual’s physical or mental health condition;

  • Any care provided to an individual; and

  • Information concerning the payment for the care provided to the individual that identifies the patient, or information for which there is a reasonable basis to believe could be used to identify the patient.

 

Europe

The GDPR defines both Personal Data and Sensitive Data, as follows:

 

PERSONAL DATA

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (name, surname, phone numbers etc.).

 

SENSITIVE DATA

  • Racial or ethnic origin;

  • Political opinions, religious or philosophical beliefs, or trade union membership;

  • Health, sex life, or sexual orientation;

  • Genetic data;

  • Biometric data for the purpose of uniquely identifying a natural person;

  • An individual’s physical or mental health condition;

  • Data concerning health or a natural person’s sex life and/or sexual orientation.

© 2021 by ONE TEAM HEALTH, INC.

  • OTH LinkedIn