Privacy Notice

1. Your personal information is precious
2. What we are doing to protect your personal information
2.1 We operate on the basis of four important principles
2.2 We only collect the personal information that is necessary
2.3 We collect your personal information for specific purposes
2.4 We may share your personal information with other individuals or organizations
2.5 We obtain your consent, except in certain cases prescribed by law
2.6 We do everything we can to protect your personal information
2.7 We retain your personal information for a limited time
2.8 We respect your privacy rights
3. How to contact us regarding your privacy
4. Updates to this notice

1. Your personal information is precious

We, at iA Financial Group and its affiliates, do everything we can to protect the personal information you entrust to us. That is why we are committed to reassessing our practices continually, keeping them up to date and in line with high standards regarding your privacy and management of your personal information.



2. What we are doing to protect your personal information

First and foremost, what constitutes personal information? It is the information that concerns you and can be used to identify you, directly or indirectly.



2.1 We operate on the basis of four important principles

The following principles govern how we ensure your privacy:

Ensure secure management. We implement good management and safeguard practices to secure your personal information and oversee its use.
Respect your rights. You have rights relating to the personal information we hold about you. You may exercise them at any time.
Be transparent. We provide you with all relevant information about our privacy practices.
Act responsibly. Our employees, suppliers and agents must comply with our privacy practices. Our Chief Privacy Officer ensures that they do and that our practices are always up to date.



2.2 We only collect the personal information that is necessary

From whom do we collect your personal information?

We collect your personal information from you. We may also collect it from others, depending on the circumstances. For example:

Public bodies
Personal references
Advisor selection, contracting and compliance monitoring service companies (e.g. Apexa Corp.)
Tax authorities (Canada Revenue Agency, Revenu Québec)
Professional liability insurance providers
Credit bureaus and reporting agencies
Financial institutions, independent brokers, managing general agents or car dealers with whom you have or have had a contractual relationship

How do we collect your personal information?

We may collect your personal information in a number of ways, including:

By phone
In person
Via our paper and online forms
Via cookies, when you visit our websites

What personal information do we collect?

We only collect the personal information necessary to fulfil the purposes outlined in this notice.

Here are some examples of personal information we may collect.

Categories	Examples
Identification information	Name, date of birth, gender at birth, current or previous postal address, email address, phone number, language preference, government identifiers (passport number, driver’s licence number, etc.), social insurance number
Financial information	Bank account, credit history and score, remuneration, debts, financial situation (bankruptcy, etc.)
Insurance information	Information on professional liability insurance
Information relating to your profession	Employment status, current employer, former employers, training (education, diplomas, etc.), licences, previous work experience, business affiliations with financial institutions or general agents, business ties, conflicts of interest, criminal record or disciplinary sanctions, if applicable

We may also create or infer information from the personal information we collect. We manage and protect it in accordance with the same practices that apply to the rest of your personal information.



2.3 We collect your personal information for specific purposes

We collect, use, disclose and retain your personal information solely for the purposes outlined in this notice. We will inform you of the intended purposes at or prior to the time we collect your personal information.

The following purposes may be essential to your independent contractor business relationship with us. These may apply to you, depending on your contractual relationship with us:

Categories	Specific purposes
Establish and manage our contractual relationship with you as an independent contractor: compensation, computer equipment, absences, and termination of contract.	Process and analyze your contract applications, including reference, credit, criminal and disciplinary checks. Administer your contract with iA Financial Group. Process your compensation (commissions, royalties) and issue tax slips. Inform relevant persons (e.g. line managers, managing general agents) of your remuneration details. Provide access to IT equipment. Process and manage contract suspensions, cancellations or terminations.
Analyze your loan application with us, if applicable	Analyze the loan applications you submit to us. Perform credit checks and verify the information provided. Prepare loan documentation, disbursement and repayment.
Give you access to our tools and enable us to optimize them.	Authenticate you in order to give you access to our sales tools. Understand your use of our sales tools and Web sites so that we can improve them. Analyze your use of the tools in order to offer you training aimed at optimizing your efficiency and productivity.
Comply with the law and manage risks and complaints.	Detect, prevent and contain fraud and unauthorized or illegal activities, such as money laundering and cyber threats. Handle any complaints or concerns communicated by clients or any other organization or individual. Monitor business practices to ensure they are sound business practices and comply with regulatory obligations. Verify transactions. Provide training to you and to our employees and agents. Comply with our legal obligations and the requirements of the courts, regulatory authorities or self-regulatory organizations. Evaluate the conformity of advice offered and the suitability of products sold. Be informed of any disciplinary action that may be taken against you by a third party (e.g. regulatory authority) and be able to intervene at the appropriate time.
Ensure the continuity of our customer relationship in the event of suspension, termination or expiry of contract, periods of absence or disability, or transfer of your right of representation to us or another advisor.	Transfer some or all of your files to another advisor so you can continue to serve your clients.
Improve the recruitment and retention of advisors, their development, productivity and overall experience.	Analyze and improve the contracting process Analyze and reduce contract terminations (e.g.: understand advisor concerns). Support you in your sales process and optimize your development, productivity and compensation. Develop reports or dashboards to improve the overall advisor experience and maintain lasting contractual relationships. Measure, understand and improve your satisfaction with your advisor experience, according to your profile, reality and evolution (e.g.: surveys, Web tools or ad hoc interviews). Get to know you well, so we can develop advisor loyalty strategies and levers for growth through business opportunities (e.g.: client development, use of tools and solutions appropriate to your development, training in sales behaviours).



2.4 We may share your personal information with other individuals or organizations

To whom may we disclose your personal information?

In order to fulfil the purposes outlined in this notice, we may sometimes need to share your personal information with other individuals or organizations.

For example, we may share it with the following third parties:

Other iA Financial Group entities
Credit bureaus and reporting agencies, such as Equifax or TransUnion
Advisor selection, contracting and compliance monitoring service companies (e.g. Apexa Corp.)
Public and private insurance, fraud and claims databases
Other insurers, reinsurers and financial institutions
Independent brokers, managing general agents, providers of specialized coverage (e.g. professional liability insurance), travel agencies or car dealerships
Suppliers, for example of document printing, delivery or data storage services
Courts, regulatory authorities or self-regulatory organizations
Tax authorities (Canada Revenue Agency, Revenu Québec, etc.)

We may disclose your personal information outside of Canada

We store your personal information primarily in Canada, but we may sometimes disclose it to parties outside of Canada, for example, if we do business with a supplier based in another country. In these instances, we contractually ensure that our supplier meets our expectations in terms of managing and protecting your personal information. Before we transfer your personal information outside of Canada, we ensure that it is adequately protected.

We may also disclose your personal information to parties in another Canadian province or territory.



2.5 We obtain your consent, except in certain cases prescribed by law

When do we obtain your consent?

We obtain your consent before we collect, use or disclose your personal information. We may obtain consent directly from you.

We will request your consent again if we wish to use or disclose your personal information for a purpose to which you have not consented.

When do we not request your consent?

In some cases, the law permits us to collect, use or disclose your personal information without your consent.

Here are a few examples:

Disclosing your personal information to suppliers for a purpose outlined in this notice
Conducting statistical studies using de-identified personal information, where permitted by law
Taking appropriate action if we detect potential fraud
In Québec only: using your personal information if it is clearly for your benefit or for purposes related to those to which you have already agreed
Outside of Québec: using or disclosing your personal information if it is clearly for your benefit and we are unable to obtain your consent

We may also be required by law to disclose personal information, for example, if ordered by a court or requested by a regulatory authority or a self-regulatory organization.



2.6 We do everything we can to protect your personal information

Our employees, agents, and other stakeholders are committed to protecting your personal information. Our internal procedures clearly define everyone's roles and responsibilities in the management of personal information.

We limit access to and use of your personal information

We keep access to your personal information to a minimum. Access to your personal information is restricted to those who need it to perform their duties.

Here are some of the measures in place to control access to and use of your personal information:

We train our employees, agents, and consultants to handle your personal information with care and in accordance with best management practices. Our suppliers are obligated to do likewise.
Our employees, agents, and suppliers may access and use personal information we collect only if we obtained consent for this purpose or if permitted by law.
We regularly review the access rights of employees, agents, and suppliers, according to their roles and responsibilities.

We protect our facilities and IT systems

We have security measures in place to protect our IT platforms, facilities, and systems. Your personal information is protected at all times by a multidisciplinary team, monitoring tools, and state-of-the-art technological environments.

Here are some of the security measures in place:



2.7 We retain your personal information for a limited time

We retain your personal information only as long as necessary to:

Fulfil the purposes for which we collected it
Meet our legal obligations

We have implemented a retention schedule. It guides us as to how long we should keep each type of personal information, depending on the context. We destroy personal information once the retention period has elapsed. The duration of this period depends, among other things, on our legal and regulatory obligations and on the time needed to protect our rights in the event of legal recourse.

We may anonymize certain personal information before destroying it and retain a copy. Once the information is anonymized, it can no longer be used to identify you and is therefore no longer deemed to be personal information. We use it, among other things, to improve our services, identify trends, and establish performance indicators.



2.8 We respect your privacy rights

Manage your consent preferences

You may withdraw your consent for the collection, use, and disclosure of your personal information at any time. Please be aware, however, that we will no longer be able to maintain our contractual relationship with you because the purposes of this consent is essential to our relationship with you (see the section We collect your personal information for specific purposes for more details).

Accessing, rectifying or deleting your personal information

You have several rights regarding the personal information we hold about you. You may exercise them at any time.

You may submit a written request to exercise any of your rights in relation to your personal information. You will receive our written response within 30 days. If we deny your request in whole or in part, we will provide you with several pieces of information:

Reasons for the denial
References in laws and regulations that justify this denial
Your right to challenge this denial before the privacy regulatory authority of your province or territory
Timeframe for appealing the denial

Filing a complaint

You may file a complaint if you feel that we have mishandled your personal information.

We invite you to contact us first if you wish to file a complaint. We will take the time to analyze your complaint and work with you to resolve the situation.

You can also file a complaint with the privacy regulatory authority of your province or territory.



3. How to contact us regarding your privacy

You can contact us in writing at the addresses below to:

Submit a request to access, rectify or delete your personal information
File a complaint about the handling of your personal information
Request assistance, send us a comment or ask any question related to your privacy

Make sure you provide us with all the information we need to follow up on your request.

By email: privacyofficer@ia.ca

By mail: Office of iA Financial Group Chief Privacy Officer
1080 Grande Allée West
PO Box 1907, Station Terminus
Quebec City, Quebec G1K 7M3



4. Updates to this notice

We regularly update our practices to bolster them and ensure that they reflect changing privacy laws, regulations and standards. We will notify you in the Advisor Centre of any material changes to this notice.



Technological measures	Multi-factor authentication Data encryption Digital certificates Firewalls
Physical or administrative measures	Authorization required to access our IT systems and the buildings where your personal information is stored Constant monitoring of our facilities

Know whether we hold personal information about you	You can ask us: If we hold personal information about you How your personal information was collected, used, and disclosed If another person or organization holds your personal information for us
Access your personal information	You may ask to access the personal information we hold about you. You can also obtain a copy, but you may have to pay a reasonable fee for it. In some cases, we are unable to provide you with the requested information, for example, we cannot give you information that would reveal information about another person.
Rectify your personal information	You can request that we rectify your personal information if it is incomplete or inaccurate. You can also update it if it has changed.
Delete your personal information	You can request that we delete your personal information. Our response will depend on the situation. If we have fulfilled the purposes for which the personal information was collected, we will delete it. However, we may retain it in order to meet our legal and regulatory obligations and protect our rights in the event of legal recourse. If we have not yet fulfilled the purposes for which the personal information was collected, we will delete the information that is out of date, inaccurate, incomplete or no longer required. If you request that we delete the rest of your personal information, we will no longer be able to offer you our products and services.