PRIVACY POLICY

PHILOSOPHY SURROUNDING PRIVACY
We, at GreenShield Administration, value the trust that you have shown in our business and we
are committed to maintaining the accuracy, confidentiality, and security of your personal
information. To that end, we have adopted this privacy policy.
This policy explains how GreenShield Administration collects, uses, discloses and safeguards
the personal information provided to us either directly by you or by a third party.
By providing, or authorizing a third party to provide, your personal information to us, you signify
your consent to GreenShield Administration’s collection, use and disclosure of your personal
information in accordance with this privacy policy.
For purposes of this privacy policy, “personal information” shall mean any information that can
identify an individual directly or through other reasonably available means.
As part of our commitment to treat your personal information with respect, we operate in
accordance with the following ten principles (the “Principles”):

• Principle 1 – Accountability
• Principle 2 – Identifying Purposes
• Principle 3 – Consent
• Principle 4 – Limiting Collection
• Principle 5 – Limiting Use, Disclosure and Retention
• Principle 6 – Accuracy
• Principle 7 – Safeguards
• Principle 8 – Openness
• Principle 9 – Individual Access
• Principle 10 – Handling Complaints and Inquiries
  Page 1 of 10
  PRINCIPLE 1 – ACCOUNTABILITY
  We are responsible for personal information in our possession or custody, including personal
  information that we may transfer to third parties for processing. The overall responsibility for
  ensuring our compliance with data privacy laws and this privacy policy rests with the Executive
  Vice President, who is our Privacy Officer, although other individuals within GreenShield
  Administration have responsibility for the day-to-day collection and processing of personal
  information and may be delegated to act on behalf of the Privacy Officer. Please see below for
  the contact information of our Privacy Officer.
  PRINCIPLE 2 – IDENTIFYING PURPOSES
  The purposes for which personal information is collected by us will be identified to you before or
  at the time the information is collected.
  PRINCIPLE 3 – CONSENT
  Personal information will only be collected, used, or disclosed with the consent of the individual,
  except in certain circumstances permitted or required by law. The way in which we seek
  consent may vary depending upon the sensitivity of the information. We will seek express
  consent in cases where the personal information involved is considered sensitive, such as
  income or health information.
  Typically, we will seek consent for the use or disclosure of personal information at the time of
  collection. However, additional consent will be sought after the personal information has been
  collected, if it is required for a new purpose.
  In certain circumstances, obtaining consent would be inappropriate. The federal Personal
  Information Protection and Electronic Documents Act and provincial privacy laws provide for
  exceptions where it is impossible or impractical to obtain consent.
  PRINCIPLE 4 – LIMITING COLLECTION
  The personal information collected by us shall be limited to those details necessary for the
  purposes identified to you.
  Page 2 of 10
  PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION
  We will not use or disclose personal information for purposes other than those for which it was
  collected, except with the consent of the individual or as required or permitted by law. Subject
  to any applicable business, legal, or regulatory requirements, we will ensure that the personal
  information is destroyed in a secure manner, erased, or made anonymous when it is no longer
  required to fulfil the purposes we have identified to you.
  PRINCIPLE 6 – ACCURACY
  We shall make every reasonable effort to ensure your personal information is maintained in an
  accurate, complete and up-to-date form.
  PRINCIPLE 7 – SAFEGUARDS
  We shall utilize industry standard security safeguards to protect your personal information.
  PRINCIPLE 8 – OPENNESS
  If you would like a copy of our privacy policy we will provide one to you and if you have any
  questions regarding same, we happy to discuss them with you.
  PRINCIPLE 9 – INDIVIDUAL ACCESS
  Upon your request, we shall inform you of (i) the type of personal information we have
  collected, (ii) how we have used your personal information, and (iii) whether we have disclosed
  your personal information to any third parties. Individuals may verify the accuracy and
  completeness of their personal information, and may request that it be amended, if appropriate.
  There may be circumstances where we are unable to provide access to all of your personal
  information. We may deny access for legally permissible reasons, such as situations where the
  information contains references to other individuals and is not reasonably severable, or where it
  cannot be disclosed for legal, security, or commercial proprietary reasons. We will advise the
  individual of any reason for denying an access request.
  When an individual successfully demonstrates the inaccuracy or incompleteness of personal
  information held by us, we will correct or update the information as required.
  Please note that before we are able to provide you with any information or correct any
  inaccuracies we will ask you to verify your identity and to provide other details to help us to
  respond to your request.
  Page 3 of 10
  PRINCIPLE 10 – HANDLING COMPLAINTS AND INQUIRIES
  Individuals may direct any questions or inquiries with respect to the Principles or about our
  information handling practices by contacting:
  GreenShield Administration Inc.
  Privacy Officer
  185 The West Mall, Suite 800
  Etobicoke, ON M9C 5L5
  Phone:1 (877) 797-7448 ext. 7400
  Fax: 1 (416) 622-5312
  Email: privacy@benecaid.com
  SPECIFIC HANDLING PRACTICES
  WHY WE GATHER PERSONAL INFORMATION:
  At GreenShield Administration, we gather and use personal information to:
• administer, arrange and maintain the products and services you may request;
• authenticate, process and adjudicate (make determinations) benefit claims;
• verify your identity and investigate your personal background for insurance purposes;
• evaluate and underwrite insurance risk, and to determine your eligibility for insurance and
  non-insurance products that we offer;
• understand our customers, and prospective customers’ needs, and to offer products and
  services to meet those needs;
• conduct credit checks on prospective corporate customers (but not individuals) and meet
  legal requirements;
• communicate with you and respond to any special needs or enquiries you may have;
• provide you with offers or information about other products and services that might
  benefit you;
• provide you with marketing offers from our third-party partners;
• allow our third-party partners to contact you with marketing offers about employee
  benefits;
• help us better manage our business and your relationship with us;
• de-identify your information and use it to compile statistics;
• investigate and detect potentially fraudulent or questionable activities regarding your
  benefit plan(s);
• evaluate or complete an actual or potential sale, reorganization, consolidation, merger or
  amalgamation of our business;
• coordinate with your employer to set up, change or administer your employee benefit
  plan;
  Page 4 of 10
• work with industry partners to underwrite, adjudicate or insure our suite of products;
• use as required or permitted by law.
  Some or all of the personal information we collect may be stored or processed in jurisdictions
  outside of Canada. As a result, this information may be subject to access requests from
  governments, courts, or law enforcement in those jurisdictions according to laws in those
  jurisdictions. We only use personal information for the purposes that we have disclosed to you.
  If for any reason your information is required to fulfill a different purpose, we will obtain your
  consent before we proceed.
  TYPES OF INFORMATION WE COLLECT:
  The type of personal information we may ask for depends on and is related to the reason (or
  purpose) such personal information was provided to us. For instance, for the purposes of
  managing your Health Spending Account, we will collect information in respect of, and for the
  purposes, of processing your claim. In addition to the foregoing, the following is a description of
  the type of personal information that we may ask for:
• name;
• telephone number;
• residential address;
• email address;
• date of birth;
• employer name;
• details about your occupation;
• date, time, frequency and details in respect of claims made for medical or other benefit
  appointments;
• prescription information;
• banking and bank account information;
• information with respect to dependents covered by your employer’s benefit plan;
• pre-existing medical conditions as they relate to products being purchased;
• chat and messaging transcripts when you use our instant chat applications; and
• information related to your browsing, purchasing and online behaviour and activities (see
  our policy on How We Collect Information Through Technological Means below).
  The choice to provide us with your personal information, either directly or through a third
  party, is always yours. However, your decision to withhold particular information may limit our
  ability to provide you with the services or products you requested.
  Page 5 of 10
  HOW WE COLLECT SUCH PERSONAL INFORMATION:
  We may gather such personal information from you in person, via the Internet, via email,
  over the telephone or by corresponding with you via mail, facsimile, or from third parties
  who have your authority to disclose such personal information to us such as:
• government agencies and registries, law enforcement authorities and public records;
• any healthcare professional, medically-related facility, pharmacy, insurance company, or
  other person who has knowledge of your information;
• your employer;
• other insurance companies;
• other third-party service providers, agents, brokers and other organizations with whom
  you make arrangements;
• references you have provided; and
• persons authorized to act on your behalf under a power of attorney or other legal
  authority.
  WHILE WE TRY TO ENSURE THAT EVERY THIRD PARTY WHO DISCLOSES PERSONAL
  INFORMATION TO US HAS YOUR CONSENT TO DO SO, IF YOU BELIEVE THAT A THIRD
  PARTY HAS INAPPROPRIATELY DISCLOSED YOUR PERSONAL INFORMATION TO US,
  PLEASE CONTACT THAT THIRD PARTY. IF THEY DO NOT ADEQUATELY RESPOND TO YOUR
  INQUIRIES, PLEASE LET US KNOW IMMEDIATELY.
  For purposes of maintaining quality service, calls to our customer service lines may be
  recorded. A recorded message given prior to your call being answered will let you know if your
  call may be the subject of our random call recording quality assurance program.
  HOW WE COLLECT INFORMATION THROUGH TECHNOLOGICAL MEANS
  When you visit GreenShield Administration’s websites, we may collect information that is
  automatically to us by your web browser. This information may include your domain name,
  and your numerical IP address. We may also collect other information, such as the type of
  browser you use, which pages you view, and the files you request.
  We use this information to better understand how visitors use our websites, and to improve our
  websites to better meet your needs. The amount of information that is sent by your web
  browser depends on the browser and settings you use. Please refer to the instructions
  provided by your browser if you want to learn more about what information it sends to websites
  you visit, or how you may change or restrict this.
  GreenShield Administration may use “cookies” and other similar devices on its websites to
  enhance functionality and provide more relevant offers for products and services. These
  devices may track information which includes, but is not limited to: (i) IP address; (ii) the type of
  web browser and operating system used; (iii) the pages of the website visited. If you wish to
  disable cookies, refer to your browser help menu to learn how. If you disable cookies, you may
  be unable to access some features on GreenShield Administration’s websites.
  Page 6 of 10
  USE OF SITE BY MINORS
  Our websites are not directed to individuals under the age of 18, and we request that these
  individuals do not provide personal information through our website.
  WHEN INFORMATION MAY BE DISCLOSED TO OUTSIDE PARTIES:
  We may disclose your personal information to third parties as follows:
• to other insurance companies, other financial institutions and health organizations;
• to any health-care professional, medically-related facility, insurance company or other
  person who has knowledge of your personal Information;
• to administrators, service providers, reinsurers and prospective insurers and reinsurers of
  our insurance operations, as well as their administrators and service providers for these
  purposes;
• in response to a court order, search warrant or other demand or request, which we
  believe to be valid;
• to meet requests for information from regulators, including self-regulatory organizations of
  which we are a member or participant, to satisfy legal and regulatory requirements
  applicable to us;
• to appropriate public health authorities.
• to our employees, suppliers, agents and other organizations that perform services for you
  or for us or on our behalf;
• when we buy or sell all or part of our businesses or when considering such transactions;
• to help us collect a debt or enforce an obligation owed to us by you; and
• to our third-party insurance and non-insurance partners, who wish to provide you with
  marketing offers and emails about employee benefits that may be available to you;
• to our third-party insurance and non-insurance partners whose plans or programs you
  may have enrolled in, for the purposes of administering those plans;
• where permitted by law.
  In the event we disclose personal information to our service providers, we require our service
  providers to agree to contractual requirements that are consistent with applicable privacy laws.
  We prohibit our service providers from using personal information, except for the specific
  purpose for which we supply it to them.
  The type of information we are legally required to disclose may relate to criminal investigations
  or government tax reporting requirements. In some instances such as a legal proceeding or
  court order, we may also be required to disclose certain information to authorities. Only the
  information specifically requested is disclosed and we take precautions to satisfy ourselves that
  the authorities that are making the request have legitimate grounds to do so.
  There are some situations where we are legally permitted to disclose personal information such
  as employing reasonable and legal methods to enforce our rights or to investigate suspicion of
  illegal activities.
  Page 9 of 10
  Page 7 of 10
  HOW WE SAFEGUARD YOUR INFORMATION:
  We use industry standard technologies and maintain current security standards to ensure that
  your personal information is protected against unauthorized access, disclosure, inappropriate
  alteration or misuse.
  Electronic files which contain personal information are kept in a highly secured environment
  with restricted access. Paper-based files are stored in a secure area and access is also
  restricted.
  We manage our server environment appropriately and our firewall infrastructure is strictly
  adhered to. Our security practices are reviewed on a regular basis and we routinely employ
  current technologies to ensure that the confidentiality and privacy of your information is not
  compromised.
  Our web site uses Secure Socket Layer (SSL) and 128 bit encryption technologies to enhance
  security when you visit the secured areas of these sites. SSL is the industry standard tool for
  protecting and maintaining the security of message transmissions over the Internet. When you
  access your account(s) or send information from secured sites, encryption will scramble your
  data into an unreadable format to inhibit unauthorized access by others.
  To safeguard against unauthorized access to your account(s), you are required to “login” with a
  user name and a password to certain secured areas of the GreenShield Administration web
  site. Both user id and password are encrypted when sent over the Internet. If you are unable to
  provide the correct password, you will not be able to access these sections.
  When you call our customer service centre you will be required to verify your identity by
  providing some personally identifying information as well as your group number and client id.
  In the course of daily operations, access to private, sensitive and confidential information is
  restricted to authorized employees who have a legitimate business purpose and reason for
  accessing it. For example, when you call us, our designated employees will access your
  personal information to verify who you are and to assist you in fulfilling your requests.
  As a condition of their employment, all employees of GreenShield Administration are required to
  abide by the privacy standards we have established. Employees are informed about the
  importance of privacy and they are required to agree to standard business practice policies
  that prohibit the disclosure of any individual’s information to unauthorized individuals or parties.
  Unauthorized access to and/or disclosure of personal information by an employee of
  GreenShield Administration is strictly prohibited. All employees are expected to maintain the
  confidentiality of personal information at all times and failing to do so will result in appropriate
  disciplinary measures, which may include dismissal.
  Page 8 of 10
  ACCESSING AND AMENDING YOUR INFORMATION:
  You have the right to access, verify and amend the information held in your personal files. You
  may access and verify any of your information by calling our customer contact centre at 1 (877)
  797-7448.
  To help us keep your personal information up-to-date, we encourage you to amend inaccuracies
  and make corrections as often as necessary. Despite our efforts, errors sometimes do occur.
  Should you identify any incorrect or out-of-date information in your file(s), we will make the
  proper changes. Where appropriate, we will communicate these changes to other parties who
  may have unintentionally received incorrect information from us.
  QUESTIONS, CONCERNS AND COMPLAINTS:
  If you have a question, concern or complaint about privacy, confidentiality or the personal
  information handling practices of GreenShield Administration, our employees or service
  suppliers, please contact:
  GreenShield Administration Inc.
  Privacy Officer
  185 The West Mall, Suite 800
  Etobicoke, ON M9C 5L5
  Phone:1 (877) 797-7448 ext. 7400
  Fax: 1 (416) 622-5312
  Email: privacy@benecaid.com
  Before GreenShield Administration is able to provide you with any information or correct any
  inaccuracies, we may ask you to verify your identity and to provide other details to help us to
  respond to your request. We will endeavor to respond within an appropriate timeframe.
  UPDATING THIS PRIVACY POLICY
  Any changes to our privacy policy and personal information handling practices will be
  acknowledged in this policy in a timely manner. We may add, modify or remove portions of this
  policy when we feel it is appropriate to do so. You may determine when this policy was last
  updated by referring to the modification date found at the bottom of this privacy policy. Your
  continued use of our websites after any such changes constitutes your acceptance of this
  privacy policy, as revised.
  Page 9 of 10
  WEBSITES GOVERNED BY THIS PRIVACY POLICY:
  The websites and applications that are governed by the provisions and practices stated in this
  privacy policy are: www.benecaid.com, www.accessbenecaid.com,
  www.myhoneybee.com, www.honeybeebenefits.com, the honeybee and benecaid mobile apps
  that may be in place from time-to-time, and any other websites and mobile applications operated
  by GreenShield Administration.
  The GreenShield Administration websites may contain links to other third party sites that are not
  governed by this privacy policy. Although we endeavor to link only to sites with high privacy
  standards, our privacy policy will no longer apply once you leave the Benecaid website.
  Additionally, we are not responsible for the privacy practices employed by other third party
  websites. Therefore, we suggest that you examine the privacy statements of those sites to learn
  how your information may be collected, used, shared and disclosed.
  GOVERNING LAW AND DISPUTE RESOLUTION
  This privacy policy, and all related matters are governed solely by the laws of the Ontario,
  Canada and applicable federal laws of Canada, excluding any rules of private international law
  or the conflict of laws which would lead to the application of any other laws.
  Any claim or cause of action you may have arising from, connected with, or relating to this
  privacy policy or GreenShield Administration’s handling of your personal information, or any
  related matters must be commenced within six months after the claim or cause of action arises,
  after which time the claim or cause of action is forever barred, regardless of any statute or law
  to the contrary.