Latchman Insurance Brokers Limited and Your Privacy
Latchman considers your personal privacy to be an important part of our service to you. We understand the need to safeguard information about you that you have entrusted to us. As part of our commitment to you we have adopted principles designed to protect your privacy and prevent misuse of your personal information and help you understand our commitment to your personal privacy.
References to "Latchman", "we" or "our" are Latchman Insurance Brokers Limited and its affiliates, depending upon the context. Where we use the term "personal information" we are referring to any information that identifies you as an individual and includes information with respect to your name, address, age, gender, income, marital status, finances, employment, trading history and web site use information, together with your personal references and identification numbers (such as a social insurance number).
Our privacy policy applies to personal clients, including individuals carrying on business alone or in partnership with other individuals. The following sections will answer most of the important questions that you may have about how we gather, protect and use personal information, and how we will hold ourselves accessible and accountable to you.
Latchman's Principles on Privacy
We have incorporated certain principles for the protection of personal information in our privacy policy.
Collecting and Using Personal Information
We will explain how we intend to use your personal information prior to or when we are collecting it and we will limit the personal information we collect to what we need for those purposes. We will use it only for those purposes we have explained to you and we will obtain your consent if we wish to use your personal information for any other purpose.
Disclosing Personal Information to Others
We may provide your personal information to other persons not affiliated with Latchman, such as regulators, service providers or credit reporting agencies, but only where we have your consent or where we are required or permitted to do so by law.
Retaining and Protecting Personal Information
We will retain your personal information only for the time it is required for the purposes we explain or as otherwise required by law. We will protect the personal information we obtain about you with appropriate safeguards and security measures.
Access and Accuracy
We will provide you with reasonable access to your personal information on record with Forstrong and information about Forstrong's use and disclosure of that information. We will make every reasonable effort to keep your personal information accurate and up-to-date.
Accountability and Openness to Your Privacy Concerns
We will explain the application of our privacy policy to your personal information.
Why Does Latchman Collect Personal Information?
We collect, retain, and use personal information about you only when we reasonably believe that it will help administer our business or provide products, services and other opportunities to you as our client. We collect and retain personal information about you only for specific business purposes - and we will tell you why we are collecting and retaining it on your request. The information we ask for depends on the products or services you request and in most cases are required by law or the policies of the regulatory bodies which we are subject.
Your social insurance number is required for products that earn investment income, in order to comply with the Canada Customs and Revenue Agency's income reporting requirements. If you provide your social insurance number, we also use it to keep your personal information separate from that of other clients with a similar name. Health information may be required for some insurance products to ensure you are eligible for coverage. Health information that may have been provided in connection with any insurance product is never shared.
With your consent, we may share your personal information, where not prohibited by law, to affiliated companies of Latchman for the purposes of referring investment, life insurance, disability insurance, annuities and other specific insurance products and services to you. Latchman may use your personal information to provide you with information about Latchman's products and services and other matters. This consent is optional and you can decide to withdraw it at any time. Please refer to our section regarding your options below.
How Does Latchman Collect Personal Information?
We obtain most of our information about you directly from you. With your consent, we may obtain personal information about you from third parties.
When Does Latchman Release Personal Information?
Latchman does not sell client lists or personal information to others.
We do not reveal personal information about you to parties outside our affiliated companies for their independent use unless you request or authorize it or the information is provided in order to complete a transaction initiated by you or the disclosure otherwise is lawfully permitted or required. We may disclose information to the authorities to serve a clear public interest and fulfill our public duty - such as to protect against fraud, money laundering or other criminal activity. We may, from time to time, be requested to disclose information to securities regulatory and securities oversight organisations to which we are subject for the purposes of an audit or investigation relating to specific accounts or our business generally. In certain circumstances, Latchman may disclose your personally identifiable information if it believes, in good faith, that disclosure is otherwise necessary or advisable to protect its interests.
Sometimes it is necessary to provide personal information about you to a party outside our affiliated companies, such as to a vendor or service company that we hire to do our data processing or prepare your account statements or to provide support or services for one or more of our products. These vendors and service companies agree to safeguard confidential information about you and your products and services with us and must abide by applicable law.
Does Latchman Provide Options?
It is always your choice whether or not to provide personal information or to consent to our obtaining personal information about you from third parties. In many cases you are free to refuse or withdraw your consent at any time. If you choose not to provide requested personal information or consents, we may not be able to provide certain products and services to you or you may be ineligible for or be unable to use certain products and services we provide.
Latchman will explain your options of refusing or withdrawing consent to the collection, use or release of your personal information, and we will record and respect your choices. If you wish to discuss your options you may do so by contacting Latchman's designated privacy officer set out below. We will be pleased to explain your options and any consequences of refusing or withdrawing your consent.
How Long Does Latchman Retain Personal Information?
We retain your personal information only as long as it is required for the reasons it was collected or as required by law. The length of time we retain information varies depending on the product or service and the nature of the information and may extend beyond the end of your relationship with us but only for so long as it is legally necessary for us to have sufficient information to respond to any issue that may arise at a later date. When your personal information is no longer needed, we have procedures to destroy, delete, erase or convert it to an anonymous form.
How Does Latchman Protect Personal Information?
Latchman stores and processes your personal information in Toronto,Ontario,Canada. Certain personal information about you is retained by the Latchman office that handles your account.
We maintain security standards and procedures to help prevent unauthorized access to confidential information about you. Our security standards and procedures are updated and tested from time to time to improve the protection of our information about you and to assure the integrity of our personal information.
We have procedures that limit employee access to personally identifiable information to those employees with a business need to know such information about you. We educate our employees about the importance of confidentiality and customer privacy through standard operating procedures, special training programs, and our internal policies. We take appropriate measures to enforce employee privacy responsibilities.
All our suppliers and agents, as part of their contracts with Latchman, are bound to maintain your confidentiality and may not use the information for any unauthorized purpose. When we provide information in response to a legal or regulatory inquiry or order, we ensure that the order is valid and we disclose only the information that is required - otherwise we will seek your consent prior to disclosing any information.
What about the Internet?
We share your concern about your privacy in the Internet world and are committed to its protection. The principles set out in this privacy policy apply equally to anything you might do at our Web site.
Latchman uses cookies (a simple HTTP text-only string of data) to improve the services provided to you and enhance your web site experience by making it easier and faster for you to access this web site and its services. When you enter this web site, a cookie may be stored on your hard drive which contains a random, unique user identification number that is used to track how you entered this web site and your traffic patterns or "clickstream" on this web site. These cookies are anonymous and do not reveal your personal identity, nor will they follow you throughout your travels on the web, nor can they capture private data. These cookies establish a user session and allow our server to correctly provide site users with the appropriate frames and content. You may refuse cookies by turning them off in your browser; however some pages on this web site may require a cookie for access.
When you send us an e-mail or when you ask us to respond to you by e-mail, we learn your exact e-mail address and any information you have included in the e-mail. We use your e-mail address to acknowledge your comments and/or reply to your questions, and we will store your communication and our reply in case we correspond further. We will not sell your e-mail address to anyone outside of Latchman. We may use your e-mail address to send you information about our products or services that we believe may be of interest to you. If you don't want us to contact you with product information by e-mail, you may tell us so at any time. Remember e-mail over the Internet is generally un-encrypted. We recommend that you do not send us sensitive or confidential information by ordinary e-mail, as un-encrypted e-mail is generally not secure.
Our Web site may contain links to other Web sites. When you click on one of those links, you are contacting another Web site for which Latchman has no responsibility and over which Latchman has no control.
Backup Data Storage
Backup data for each user device is stored – encrypted – in two HP Enterprise PCI DSS and ISO 27001 data centres that are hundreds of kilometers apart. Canadian clients are stored in Canada for data sovereignty. The precise locations of the data centres are undisclosed. HPE’s proprietary storage design inherently separates the data for each user account. Stored user data is disassembled over multiple servers, in a non-virtualized environment. Penetration of a server either locally or remotely would not yield useable data.
Backup Data Storage - Encryption
All backup data is stored by individual user account under separate randomly generated AES 128-bit cryptographic keys that are unique to each user file. AES-128 (Advanced Encryption Standard) is a Canadian and U.S. Government Cryptographic Standard for storing sensitive information. No client data in the backup data centre is ever written to disk as clear text.
The endpoint client software agent and the data centre use the encryption key supplied by the device agent to encrypt and decrypt each file that the agent backs up. Multiple or rogue agent access is inherently blocked as only the agent key that encrypted the file can decrypt it. During agent registration, the agent uses 112-bit key Triple DES encryption to transmit the data encryption key to the data centre securely. Corrupt, lost or damaged keys can only be replaced under strict management and security policy control in HPE’s ISO 27001 environment. NPC monitors and manages the certificate integrity and backup compliance of every user.
NPC Badge Program
Forget about memorizing everything I said up top! We created the NPC Badge Program free of charge for all of our NPC clients. Its purpose is specifically to help build trust with your clients. You can find the info on our landing page here: http://www.npcdataguard.com/secured-by-npc-badge-program.php. This site will give you tools and media to help explain to your clients exactly what you have and have done for your business and client data with NPC. There’s a quick video that you can play for them that explains in brief what an NPC is, as well as some language that you can access though a badge icon in your email signature or your website. Here is a sample of how one of our other clients uses this badge program on their site: http://darcor.com/about-us/data-security/. Our marketing team can help you with this implementation as well.
How Do I Access My Personal Information
You may request access to your personal information on record with Latchman and information about Latchman's use and disclosure of that information by contacting your adviser or by contacting the office manager of the Latchman office that handles your account. We will advise you in advance if a minimal charge will be required for conducting the search, and we will respond to your request promptly but in any case within 30 days. Please note that we may not be able to provide information about you from our records if it contains references to other persons, is subject to legal privilege, contains information proprietary to Latchman, is too costly to retrieve, or cannot be disclosed for other legal reasons. Also, we do not maintain disclosure records for regular or routine actions.
How Do I Keep My Personal Information Accurate?
Latchman attempts to keep its records as accurate and complete as possible. You can help us maintain the accuracy of your information by notifying us of any changes to your personal information. If you find any errors in our information about you, let us know and we will make the corrections immediately and make sure they are conveyed to anyone we may have misinformed. For information that remains in dispute, we will note your opinion in the file.
Who Should I Contact Regarding Privacy Issues?
Latchman has designated a privacy officer, Robyn H. Latchman, to respond to your concerns or questions about privacy and confidentiality - or any concerns about the way a request for personal information was handled.
To reach our privacy officer, please refer to the following:
In Writing:
48 High Street, Unit 1
Barrie, Ont.
L4N 1W4
Barrie Telephone: 705-735-9276
Barrie Fax: 705-735-2972
Toronto Telephone: 416-498-4449
Toronto Fax: 416-498-9493
E-mail: robyn@latchmaninsurance.com
Your concerns will be considered so that further action is taken to resolve the matter, if necessary.
Backup Data Storage
Backup data for each user device is stored – encrypted – in two HP Enterprise PCI DSS and ISO 27001 data centres that are hundreds of kilometers apart. Canadian clients are stored in Canada for data sovereignty. The precise locations of the data centres are undisclosed. HPE’s proprietary storage design inherently separates the data for each user account. Stored user data is disassembled over multiple servers, in a non-virtualized environment. Penetration of a server either locally or remotely would not yield useable data.
Backup Data Storage - Encryption
All backup data is stored by individual user account under separate randomly generated AES 128-bit cryptographic keys that are unique to each user file. AES-128 (Advanced Encryption Standard) is a Canadian and U.S. Government Cryptographic Standard for storing sensitive information. No client data in the backup data centre is ever written to disk as clear text.
The endpoint client software agent and the data centre use the encryption key supplied by the device agent to encrypt and decrypt each file that the agent backs up. Multiple or rogue agent access is inherently blocked as only the agent key that encrypted the file can decrypt it. During agent registration, the agent uses 112-bit key Triple DES encryptionto transmit the data encryption key to the data centre securely. Corrupt, lost or damaged keys can only be replaced under strict management and security policy control in HPE’s ISO 27001 environment. NPC monitors and manages the certificate integrity and backup compliance of every user.
NPC Badge Program:
Forget about memorizing everything I said up top! We created the NPC Badge Program free of charge for all of our NPC clients. Its purpose is specifically to help build trust with your clients. You can find the info on our landing page here: http://www.npcdataguard.com/secured-by-npc-badge-program.php. This site will give you tools and media to help explain to your clients exactly what you have and have done for your business and client data with NPC. There’s a quick video that you can play for them that explains in brief what an NPC is, as well as some language that you can access though a badge icon in your email signature or your website. Here is a sample of how one of our other clients uses this badge program on their site: http://darcor.com/about-us/data-security/. Our marketing team can help you with this implementation as well.