Bridges International Insurance Services Privacy Policy

Bridges International Insurance Services places great importance on the protection of personal information. This policy clearly explains how personal information is collected, used, disclosed, retained, and protected in the course of our activities.

This policy applies to interactions with Bridges International Insurance Services, specifically when you visit our website, request a quote, fill out a form, communicate with our team, purchase an insurance product, transmit documents, or use our online services.

The chosen structure covers the main themes usually present in a privacy policy for the insurance sector, including collection, use, disclosure, security, retention, the rights of the individuals concerned, and the use of cookies.

Bridges International Insurance Services has designated a person responsible for the protection of personal information. This person ensures the application of this policy, the processing of requests for access, rectification, or complaints, and the maintenance of practices consistent with applicable laws.

Provisional contact information for the responsible person:

• Tomio Morohashi
• Bridges International Insurance Services
• 850 - 151 Bloor Street West, Toronto ON M5S 1S4
• bonjour@biis.ca
• 1-888-298-6526

Bridges International Insurance Services only collects the personal information necessary for the offering, administration, and improvement of its products and services, as well as for compliance with its legal and regulatory obligations.

Information may be collected:

• directly from you, in person, by phone, email, chat, or through paper or electronic forms;
• through authorized representatives, partners, insurers, or providers involved in providing the services;
• from a person related to you when necessary for analyzing an application or administering a file, subject to required consents.

Depending on the nature of the product or service requested, the following categories of information may be collected:

• identification information (name, address, date of birth, phone, email);
• information related to the insurance file (type of coverage, policy number, beneficiaries, travel dates, destination, claims history);
• financial information (payment or transaction information);
• authentication and navigation information (identifier, IP address, secure access data);
• health information when required for a product, claim, or eligibility assessment;
• information on communications with our organization (written exchanges, calls, preferences, service follow-ups).

When required, Bridges International Insurance Services obtains your consent before the collection, use, or disclosure of your personal information. This consent may be obtained verbally, electronically, or in writing, depending on the context. By providing us with information about another person, you confirm that you are authorized to do so and, where required by law, have obtained the necessary consent.

Personal information may be used specifically to:

• verify your identity;
• analyze your needs and eligibility for certain products or services;
• prepare a quote or insurance proposal;
• assess risk, establish certain conditions or exclusions, and allow for pricing;
• issue, administer, modify, or renew a policy;
• process payments, service requests, claims, or complaints;
• communicate with you regarding your file;
• improve the quality of our services, our internal processes, and the user experience;
• prevent, detect, or investigate fraud, security incidents, or unauthorized uses;
• comply with our contractual, legal, regulatory, and governance obligations.

The disclosure of personal information is limited to what is necessary for the purposes described in this policy. Depending on the circumstances, your information may be disclosed to:

• our employees, officers, agents, and authorized representatives;
• insurers, wholesalers, plan administrators, claims adjusters, or providers involved in the issuance or administration of a product;
• service providers (hosts, technological providers, call centers, payment processors, consultants, operational partners);
• professionals or providers involved in the study of a file (healthcare facility, assistance provider);
• government authorities, regulatory bodies, courts, or other entities when required or authorized by law.

When personal information is entrusted to a service provider, reasonable contractual and organizational measures may be implemented to govern the use, confidentiality, security, retention, and destruction of such information.

Reasonable administrative, physical, and technological security measures are applied to protect personal information from loss, theft, unauthorized access, illegal disclosure, modification, or destruction. These measures may include:

• limiting access based on job functions;
• internal policies and staff training;
• authentication and access management mechanisms;
• encryption, when appropriate;
• monitoring of certain systems and incident management;
• physical security measures for premises and files.

Electronic communications always carry a certain level of risk. Although reasonable protective measures are in place, the absolute security of information transmitted by email or over the Internet cannot be guaranteed. When appropriate, we may recommend the use of secure or password-protected means for transmitting sensitive information.

Personal information is retained only for as long as necessary for the purposes for which it was collected, subject to applicable legal, regulatory, contractual, and operational obligations. At the end of the applicable retention period, personal information is securely destroyed or anonymized, as permitted or required.

Personal information may be stored or processed in Quebec, elsewhere in Canada, or in other jurisdictions when technological or cloud service providers are used. In such cases, the information may be subject to the laws of the jurisdiction where it is located and could be accessible to competent authorities in accordance with those laws. Reasonable measures are taken to govern these transfers when they occur.

Subject to applicable laws, you may request:

• access to your personal information;
• rectification of incomplete, inaccurate, or ambiguous information;
• withdrawal of your consent, where such withdrawal is possible;
• deletion of certain information when its retention is no longer justified or when permitted by law;
• information on how your personal information is processed;
• filing a complaint regarding the management of your personal information.

To exercise any of these rights, a written request can be sent to the person responsible for personal information protection. Reasonable proof of identity may be required before acting on the request.

Anyone who believes that their personal information has not been processed in accordance with this policy or applicable laws may submit a complaint to the person responsible for the protection of personal information. In the event of a privacy incident presenting a serious risk of harm, measures required by law will be taken, including notification to the individuals concerned and, if applicable, to the competent authorities.

Where you consent or where permitted by law, news, promotions, reminders, invitations, or information about our products and services may be sent to you. You can withdraw your consent to receive commercial electronic messages at any time by following the unsubscribe mechanism provided in our communications or by contacting us.

Cookies and similar technologies may be used on our website to ensure its proper functioning, remember certain preferences, improve performance, measure site usage, and, where permitted, offer more relevant content or advertising.

• strictly necessary cookies;
• functionality cookies;
• performance or analysis cookies;
• advertising or marketing cookies, when relevant.

You can manage certain cookie preferences from your browser or, if applicable, from the consent banner displayed on our site.

This policy may be modified to reflect changes in our practices, services, technology, or the applicable legal framework. The version in effect is the one posted on our official platforms as of the update date indicated at the top of the document.

This text constitutes a draft privacy policy written originally for Bridges International Insurance Services. Validation by a legal advisor or compliance officer remains recommended before any online posting.