Privacy Statement

Last amended September 2023

Sonnet Insurance Company (“Sonnet”, “we” or “us”) is committed to protecting your personal information. “Personal information” generally means information about an identifiable individual.

At Sonnet, we make it a priority to ensure your personal information is kept confidential and secure, and we have strict safeguards in place to protect it.

We protect your privacy by complying with applicable privacy laws in Canada. We treat your personal information in a manner consistent with this Privacy Statement, unless we have your consent to treat it differently. This Privacy Statement applies to any information we collect or receive about you, from any source.

By using Sonnet’s website (the “site”), or by choosing to submit personal information to Sonnet, you are providing your consent to all of the terms of this Privacy Statement. If you do not agree with any terms of this Privacy Statement, please do not use this site or submit any personal information to Sonnet.

Sonnet reserves the right to modify this Privacy Statement at any time. We will reflect any such modifications to this Privacy Statement on our site and will indicate at the top of this Privacy Statement the date this Privacy Statement was last amended. We may also use other ways to communicate amendments to this Privacy Statement, such as publishing a notice on our site. Your continued access to and/or use of the site after any such changes constitutes your acceptance of, and agreement to, this Privacy Statement, as revised. Please periodically review this Privacy Statement so that you know what personal information we collect, how we use it, and with whom we may share it.

We may collect your personal information from:

  • you,
  • third parties such as data service providers, insurance industry databases, consumer credit reporting agencies, governmental authorities, investigation organizations, insurers, affiliates of Sonnet, regulatory organizations, and groups, businesses or associations you tell us you belong to,
  • from such other parties for whom you have provided your consent, and
  • such other sources as may be permitted or required by law.

What personal information we may collect:

  • your name and contact information, such as your address, telephone number, postal code, or e-mail address,
  • information regarding your claim history, property, or insurance profile,
  • information regarding the property you wish to insure or to seek a quote in respect of, including without limitation information regarding your use of such property,
  • with your consent, or when permitted by law or when necessary to provide a particular product or service, health or medical information,
  • if you choose to make a purchase, your payment information, and
  • any other personal information that you voluntarily choose to submit to us.

We may collect, use and disclose your personal information for the following purposes (the “Purposes”):

  • to help us better understand your insurance and service needs,
  • to make decisions about your eligibility for our insurance policies,
  • to allow us, in conjunction with other factors, to establish the risk and premium associated with your insurance policy,
  • to provide you with a quote for insurance or other products or services,
  • to enable us to process your applications for insurance,
  • to verify the information you provide when you buy your insurance, or at the time of a claim,
  • to enable us to process, investigate, and administer claims, and assess and settle losses in the event of a claim,
  • to allow us to protect the security of our site and operate our site in accordance with its terms and conditions,
  • to respond to your questions or inquiries,
  • to ensure proper billing, and to service your policies and accounts,
  • to analyze your activities and to assist in strategic or operational business decisions to help us serve you as a customer,
  • to protect our interests, including to detect, prevent and prosecute fraud,
  • for marketing and marketing-related activities,
  • to measure and improve the effectiveness of our site or our marketing endeavours,
  • to analyze business results, for general business intelligence purposes, to assist us with strategic and operational business decisions, to develop and maintain actuarial models, and to help us improve our business, marketing initiatives and/or our site,
  • to train employees and monitor for quality assurance,
  • to confirm your eligibility for a discount or enrolment in a program,
  • to enable a group, business or organization with which we have a commercial relationship to administer its own programs and services,
  • to third parties if we have reason to believe that using or disclosing such information is necessary to: (i) conduct investigations of possible breaches of law; (ii) identify, contact, or bring legal action against someone who may be violating an agreement they have with us; (iii) investigate security breaches or cooperate with government authorities pursuant to a legal matter; or (iv) protect our rights, safety or property.
  • such other purposes for which you have provided your consent, and
  • as otherwise permitted or required by law.

We may provide your personal information to:

  • operators of insurance industry databases,
  • credit and consumer reporting agencies,
  • independent insurance adjusters,
  • governmental authorities,
  • claims investigation service providers,
  • medical organizations,
  • other insurance carriers,
  • reinsurers,
  • regulatory organizations,
  • a group, business or organization with which we have a commercial relationship,
  • third party service providers,
  • any third party that we merge with or that acquires all or a portion of our business, including for due diligence should any such transaction be proposed,
  • affiliates of Sonnet,
  • insurance brokers and other insurance intermediaries with which you have a commercial relationship, and
  • others as otherwise permitted or required by law.

Secondary marketing

If you purchase a policy from Sonnet, you are providing Sonnet with your consent to disclose your personal information to groups, companies, organizations, brokers or other insurance intermediaries with which we or you have a commercial relationship to market other products to you. 

If you do not want or no longer want Sonnet to share this information with such parties, you can email us at group@sonnet.ca.

Automated decision making

Sonnet uses personal information to render decisions based exclusively on automated processing of such information. Personal information may be used by Sonnet to make a decision in connection with one or more of the Purposes, including without limitation to decide if we can offer you a policy and, if so, on what terms, whether to cancel your policy, and how to administer your claim.  If you reside in Québec, you have a right to submit observations to us about any such automated decision and your observations will be provided to someone who is in a position to review the decision. To do so, contact Sonnet’s Privacy Office using the contact information included at the end of this Privacy Statement. 

Cookies, automatic data collection and related technologies

When you visit our site, Sonnet and our third-party service providers may collect information that is automatically sent to us by your web browser or your internet service provider. This information may include your numerical IP address. We may also collect other general information (such as the type of browser you use, which pages you view, and the files you request). We use this information to better understand how visitors use our site, to improve our site to better meet your needs, improve user experience, and to aid us with customer support and fraud investigations.

We may use a feature on your Internet browser called a “cookie” and/or other similar methods including web beacons and conversion pixels. Cookies are small files that your web browser places on your computer’s hard drive. They are used for a variety of reasons, such as tracking click streams, remembering information you have previously provided so you do not have to reenter it, and load balancing. Information tracked through these mechanisms may include, but is not limited to: (i) your IP address; (ii) the type of web browser and operating system you use; and (iii) the pages of our site you visit. By using cookies, we can deliver faster service, consistent and updated results, and a better experience on our site.

We may use common tracking technologies like browser cookies, analytical tools, or other technologies to customize our site, mobile and social media interactions as they relate to our brand as well as behavioural targeting. Through their use, we are able to enhance your experience on third-party websites and mobile apps with tailored advertising and content that may be most relevant to you.

You can change your cookie settings at any time within your browser’s privacy settings. Your browser should give you the option to reject cookies. However, setting your browser to reject cookies generally hinders the browser’s performance and will adversely affect your experience while using our site. You can also manage your preferences through the cookies management tool on our site to opt out of non-essential tracking by us and our third-party service providers.

Microsoft is one of our third party service providers that your personal information may be collected by or disclosed to, and Microsoft’s privacy statement is available here: https://privacy.microsoft.com/en-ca/privacystatement

Our policies do not apply to the privacy practices of third party sites. Please read the privacy policy of other websites you use carefully as we are not able to affect third party sites.

Our policies and practices regarding personal information

The security of your personal information is important to us. We protect your personal information by maintaining physical, organizational and technological safeguards intended to help protect against loss, theft, and unauthorized access, disclosure, copying, use and modification.

Sonnet has established a robust privacy program designed to protect the personal information in our possession. Key components include:

  • An internal enterprise-wide privacy policy and this Privacy Statement. Together, these govern our privacy practices, establish a common framework to govern the collection, use, and disclosure of personal information, and address requirements of privacy legislation.
  • A protocol that outlines the process that must be followed by all staff if a possible or actual privacy incident has occurred. It obliges staff to report privacy incidents to our Privacy Office and ensures appropriate steps are taken, such as notifying customers, regulators, law enforcement, and other third parties as appropriate.
  • Mandatory training to promote privacy awareness for all staff. It covers the protection, retention, and disposal of personal information and how to follow the privacy incident protocol.
  • Mandatory training and routine phishing exercises to promote and test cyber security awareness.
  • Policies and standards, aligned with the National Institute of Standards and Technology Cybersecurity Framework and related guidance, that are intended to ensure we are aligned with cybersecurity best practices as they evolve over time to meet emerging threats. The policies and standards encompass administrative, technical, data loss, and physical safeguards to protect our information assets and systems. Our policies and standards are built on the concept of least privilege where staff only receive the access required to perform their role in the enterprise.
  • An information management policy that sets out requirements for the identification, classification, retention, and safe and secure destruction of information, including personal information.
  • Contractual obligations for third parties that receive personal information from us (e.g. service providers that perform functions on our behalf) to comply with strict requirements to protect that personal information.

Your personal information will be made available to the authorized employees, representatives, contractors or agents of Sonnet or of our service providers who need to access the information in connection with the Purposes. Although we have taken measures to help protect personal information that we have collected from loss, theft, and unauthorized access, disclosure, copying, use and modification, no security measures can provide absolute protection. We cannot ensure thesecurityofanyinformationyouprovidetous.

Your personal information may be transferred and stored outside of your province to anywhere else in Canada as well as to outside of Canada for the Purposes. While such information is out of the province or country, it is subject to the laws of the jurisdiction

in which it is held, and may be subject to access by the governments, courts or law enforcement or regulatory agencies of such other jurisdiction, pursuant to the laws of such jurisdiction.

Accessing and correcting your personal information

You have a right to request access to your personal information and to request a correction to it if you believe it is inaccurate. If you have submitted personal information to Sonnet and would like to have access to it, or if you would like to have it removed or corrected, please contact us using the contact information provided below. We may require you to confirm your identity before permitting you to access your personal information. We will use reasonable efforts to comply with your request; however, in some cases we may not be able to allow you to access certain personal information in certain circumstances, for example if it contains personal information of other persons, or for legal reasons.

Withdrawing your consent

By applying for insurance, continuing your commercial relationship with Sonnet, or providing Sonnet with personal information, you provide your consent for the ongoing collection, use and disclosure of your personal information as described in this Privacy Statement. In most cases, you may withdraw your consent with reasonable notice to Sonnet; however, by doing so, Sonnet may no longer be able to meet your insurance needs. Your withdrawal of consent is also subject to your legal and contractual obligations.

Inquiries and complaints

The Privacy Officer or designate receives all inquiries and complaints concerning privacy, coordinates responses, ensures that responses meet privacy-related requirements, and ensures that responses are timely. All privacy complaints received are investigated. If the Privacy Officer finds that a complaint is justified, Sonnet will try to resolve it. If necessary, practices may be modified to ensure that other persons do not experience the same concerns. If a complaint cannot be resolved immediately, Sonnet will advise that the complaint is being reviewed and when to expect an answer.

Contact information

You have certain rights to access and rectify the information we hold about you. In order to exercise these rights, or if you have any questions, comments or concerns about the collection, use and/or disclosure of your personal information, please contact our Privacy Officer at:

Sonnet Insurance Company
Privacy Office
111 Westmount Road South Waterloo, Ontario N2L 2L6
privacy@sonnet.ca

In Québec, the person in charge of the protection of personal information is Sonnet’s Privacy Officer.