Privacy Policy — IA Financial Group Data Protection

IA Financial Group Privacy Commitment

IA Financial Group collects, uses, and protects personal information in strict compliance with the Personal Information Protection and Electronic Documents Act and applicable provincial privacy legislation across Canada.

IA Financial Group has maintained the trust of Canadian clients since 1892, and protecting personal information remains fundamental to that trust. This privacy policy describes how IA Financial Group and its subsidiaries, operating as Industrielle Alliance in Québec, collect personal information from clients, how that information is used in the course of providing insurance and financial services, the limited circumstances under which information may be shared with third parties, and the rights clients have regarding their data. The policy applies to information collected through the IA Financial Group website, client portals including My Client Space and the Industrielle Alliance client space, mobile applications, telephone interactions, and in-person meetings with advisors and representatives.

The privacy framework governing IA Financial Group operations is established by the Office of the Privacy Commissioner of Canada, which enforces PIPEDA, along with substantially similar provincial legislation in Québec, Alberta, and British Columbia. As a federally regulated financial institution, IA Financial Group is also subject to privacy and data security requirements imposed by the Office of the Superintendent of Financial Institutions (OSFI). These overlapping regulatory frameworks create a comprehensive set of obligations that IA Financial Group meets through documented policies, regular staff training, independent audits, and a designated privacy officer responsible for compliance oversight.

Information Collection Practices

IA Financial Group collects personal information at multiple points in the client relationship. During the application process for an insurance policy or investment account, clients provide identity information including full legal name, date of birth, contact details, social insurance number where required by tax legislation, and financial information necessary for underwriting or investment suitability assessment. Health information is collected when applying for life, critical illness, or disability insurance, with explicit consent obtained for each disclosure. Ongoing information collection occurs through claims submissions, premium payment processing, policy change requests, and investment transactions. The specific information collected varies by product type: a simple auto insurance policy requires less personal data than a comprehensive wealth management relationship that includes retirement income planning and estate considerations.

Website and portal interaction data is also collected through standard web technologies. When clients access IA Financial Group login portals or browse the public website, the platform records information including the browser type, operating system, referring page, pages visited, and session duration. This technical data helps IA Financial Group optimize the digital experience, detect and prevent fraudulent activity, and analyze service usage patterns. Cookies, small text files stored on the client's device, support session management, language preference persistence, and security functions such as detecting unusual login patterns. Clients can configure their browser to reject cookies, though doing so may impair portal functionality that depends on session persistence.

How Client Information Is Used

The personal information collected by IA Financial Group serves specific, disclosed purposes directly related to the provision of insurance and financial services. Policy underwriting and risk assessment uses health, financial, and demographic information to determine coverage eligibility, premium rates, and policy terms. Claims adjudication relies on incident reports, medical documentation, repair estimates, and related evidence to evaluate whether a claim falls within policy coverage and, if so, to determine the appropriate settlement amount. Investment account management uses financial information, risk tolerance assessments, and investment objectives to recommend suitable products and monitor portfolio performance against client goals.

Beyond individual client service, IA Financial Group uses aggregated and anonymized data for actuarial analysis, product development, and regulatory reporting. Claims experience data informs future premium rate calculations. Portfolio performance data supports investment product design. Demographic trends across the client base guide decisions about which insurance products to offer in which regions. This aggregated analysis never identifies individual clients and is conducted under strict data governance protocols that prevent re-identification. IA Financial Group also uses client contact information to send policy renewal notices, regulatory disclosure documents, annual statements, and, with the client's consent, information about products and services that may be relevant based on the client's existing coverage and expressed interests.

Third-Party Data Sharing Limits

IA Financial Group shares client personal information with third parties only when necessary for specific business purposes and under contractual agreements that require the third party to maintain confidentiality and security standards equivalent to those IA Financial Group applies to the data directly. Reinsurance partners receive information necessary for risk transfer agreements, a standard practice in the insurance industry that allows primary insurers to distribute risk. Healthcare providers and independent medical examiners receive information needed to assess claims or underwriting applications, always with the client's explicit consent for each disclosure. Regulatory bodies including provincial insurance regulators and the Office of the Superintendent of Financial Institutions may receive information as part of compliance examinations, financial audits, and market conduct reviews.

Service providers that support IA Financial Group operations, such as technology vendors, data processing firms, and professional service organizations, may access personal information as part of their contracted services. Each service provider operates under a data processing agreement that limits their use of the information to the specific purpose for which it was shared, prohibits retention of the data beyond the service period, and requires compliance with PIPEDA and applicable provincial privacy legislation. IA Financial Group does not sell, rent, or trade client personal information to marketers, data brokers, or any organization outside the limited categories described above. This prohibition on data monetization is a binding policy, not a discretionary practice, and applies uniformly across all IA Financial Group lines of business.

Cookie Policy and Digital Tracking

The IA Financial Group website and client portals use cookies and similar technologies to deliver essential functionality and improve the user experience. Session cookies maintain your authenticated state as you navigate between pages within the portal and expire when you close your browser. Persistent cookies remember your language preference and device recognition status, remaining on your device until they expire or you delete them. Performance cookies collect anonymous data about how visitors use the public website, helping IA Financial Group identify pages that need improvement and measure the effectiveness of informational resources. Security cookies support fraud detection, login pattern analysis, and protection against unauthorized access attempts.

Clients can manage cookie preferences through their browser settings. Most browsers accept cookies by default but allow you to block or delete them. Blocking all cookies will prevent the IA Financial Group login portals from functioning correctly because session cookies are essential for maintaining secure authentication. However, performance and preference cookies can be disabled without affecting core portal functionality. IA Financial Group does not use advertising or tracking cookies from third-party networks because the organization does not engage in behavioral advertising or sell client browsing data. The cookie policy aligns with guidance from the Privacy Commissioner of Canada regarding meaningful consent and transparency in digital tracking practices.

Client Privacy Rights Under PIPEDA

PIPEDA grants IA Financial Group clients specific rights regarding their personal information. The right of access allows clients to request and receive a copy of the personal information IA Financial Group holds about them, along with an explanation of how that information has been used and to whom it has been disclosed. Access requests should be submitted in writing to the IA Financial Group privacy officer and include sufficient detail to identify the records sought. IA Financial Group responds to access requests within 30 days, as required by PIPEDA, though complex requests involving extensive records may receive a notice of extension explaining the additional time needed.

The right of correction permits clients to request amendments to personal information that is inaccurate, incomplete, or out of date. IA Financial Group investigates correction requests and either makes the requested amendment or provides a written explanation if the original information is determined to be accurate. Documentation of any unresolved correction dispute is attached to the relevant file. Clients also have the right to withdraw consent for the collection, use, or disclosure of their personal information, subject to legal and contractual limitations. Withdrawing consent may affect IA Financial Group's ability to provide certain services; for example, withdrawing consent for health information collection would prevent underwriting of a life insurance application. Clients may file complaints regarding IA Financial Group's handling of their personal information with the Office of the Privacy Commissioner of Canada if they believe their rights under PIPEDA have been violated.

Data Retention, Security, and Breach Response

IA Financial Group retains client personal information for the duration of the business relationship plus a retention period required by regulatory and legal obligations. The standard retention period following the termination of the last active policy or account is seven years, aligning with Canadian tax legislation requirements and provincial insurance record-keeping regulations. Certain categories of information, such as pension records and documents relevant to ongoing or reasonably anticipated litigation, may be retained for longer periods. When the retention period expires, IA Financial Group securely destroys or anonymizes the information using methods appropriate to the data format: physical documents are shredded or incinerated, and electronic records are purged using secure deletion protocols that prevent data recovery.

Security measures protecting client information span administrative, technical, and physical controls. Administrative controls include privacy policies, staff training, confidentiality agreements, and access authorization procedures that limit data access to employees with a legitimate business need. Technical controls include 256-bit encryption for data in transit and at rest, multi-factor authentication for portal access, intrusion detection systems, continuous security monitoring, and regular vulnerability assessments conducted by independent security firms. Physical controls include secured data centers with access logging, surveillance, and environmental protections against fire, flood, and power failure. In the event of a data breach that poses a real risk of significant harm to affected individuals, IA Financial Group follows the mandatory breach notification requirements established by PIPEDA, including notifying affected clients, the Privacy Commissioner of Canada, and any other organizations that can mitigate the harm.