Skip to content

HSA Privacy Policy

The Your HSA group of companies, includes Your HSA Group Inc., Blendable Solutions Inc., and Blendable Inc. (collectively, YourHSA). As used below, the terms “we”, “us” and “our” refer to YourHSA.

At YourHSA, we are dedicated to protecting your privacy and safeguarding your personal and business information.

YourHSA follows comprehensive privacy policies and security practices in compliance with laws and to support our commitment of trust through integrity in everything we do. Any personal information you do provide is protected under the federal Personal Information Protection and Electronic Document Act (PIPEDA), British Columbia’s or Alberta’s Personal Information Protection Act, or the Quebec Protection of Personal Information in the Private Sector Act (QPPIS). This means that, at the point of collection, you will be informed that your personal information is being collected, the purpose for which it is being collected and that you have a right of access to the information.

Our Privacy Principles, within our Privacy Policy, describe how we collect and use client information, how it may be shared and with whom, our security practices and your choices.

Our Privacy Principles

We are firmly committed to safeguarding your confidentiality and protecting your personal and business information. The principles that follow apply to all of our dealings with you.

  • Accountability
  • Information Collected
  • Use of Information
  • Sharing of Information
  • Retention of Information
  • Destruction of Information
  • Safety of Information
  • Accuracy of Information
  • Right to Access
  • Choice and Consent

Accountability

We are responsible for the personal information we collect and we have designated a Privacy Officer who is accountable for our compliance with applicable privacy legislation.

When YourHSA enters into a service agreement with a third party for the delivery of customer products and services, it uses contracts or other means to ensure that the practices of the third party with regard to privacy protection are compatible with those of YourHSA.

Information Collected

YourHSA may gather personal information directly from you, from insurance brokers or general agents, from health specialists, hospitals, clinics or other facilities of a medical or paramedical nature, from insurance companies, from any other organization or person that maintains files or personal information on you. When you request products or services, we will ask you to provide only the information that enables us to complete your request, to provide better service or to offer you products and services we believe you might be interested in.

Information essential for fulfilling our services includes:

  • Information establishing your identity, such as your name, address, phone number, title, business phone number, email address, date of birth, social insurance number (if applicable for tax purposes), and account numbers;
  • Information related to transactions arising from your relationship with and through us, and from other software providers, third party administrators, insurers, brokers and general agents;
  • Information you provide on an application for the provision of our products and services, such as your place of employment, date of birth, medical history and dependant information;
  • Information about your health may be collected for insurance products and services;
  • Information pertaining to business clients will include your business name, address, phone number, email address, industry type, detail(s) on the owner(s), operator(s) and director(s);
  • Additional information may be requested to help us determine your eligibility for products and services that we offer.

YourHSA may use cookies to monitor and improve your website experience. These cookies do not contain personal or financial information. They gather statistical data such as the average time spent on a specific webpage. This kind of information provides us with insight on how to improve the design, content and navigation of our digital channels. Your choice not to accept these cookies will not interfere with your use of the service or channel.

YourHSA may use cookies as part of the functionality and security of a particular service. These cookies may include an encrypted persistent cookie installed on your device that contains information to help us verify you as our client and to help block unauthorized attempts to access your information through the channel. Your choice not to accept these cookies may prevent the operation of the service or certain features within the service from operating.

Providing us with your information is always your choice. However, in dealings involving insurance and related financial services, your decision to withhold particular details may limit or prevent us from providing the products or services you have asked for. We are continuously striving to improve our service offerings to you. Therefore, we routinely collect non-personal aggregate information from surveys, public archives and Web sites to help us understand the interests of our clients and to manage our risks.

Use of Information

We use your personal information for the purposes communicated to you in your agreement(s) with us, for example to:

  • Verify your identity;
  • Provide you with the products and services requested;
  • Communicate to you any benefit, feature and other information about products and services you have with us;
  • Respond to any special needs or inquiries you may have;
  • Better understand your situation and determine your eligibility for products and services we offer;
  • Manage our risks and operations;
  • Meet regulatory and legal requirements;
  • If we have your social insurance number, we may use it for tax related purposes. We may also share it with credit reporting agencies as an aid to identify you;
  • We may communicate with you through various channels including telephone, computer (video conference, e-mail), mobile app, or mail using the contact information you have provided;
  • With your consent, we may use your information to promote our products and services and that of third parties we select, which we believe you will be interested in;
  • If you deal with multiple YourHSA companies (e.g. Your HSA Inc, Your Financial Solutions Inc, Your HSA Group Inc), we may, where not prohibited by law, consolidate all information to better manage our business and the relationship we have with you;
  • If for any reason your information is required to fulfill a different purpose than that of your original intent, we ask for your consent before we proceed.

Note that sensitive information such as health or financial records will never, under any circumstances, be shared or used for a purpose other than that of the original intent.

Sharing of Information

Under certain circumstances, your personal information may be shared among YourHSA companies or other third parties.

YourHSA Companies

Sharing your personal information among YourHSA companies, can allow us to help you achieve your goals. It is part of building and maintaining a positive relationship with you. We may use this information to better understand your needs and to promote products and services we believe may interest you.

This would only be done with your consent. We may communicate with you through various channels, including telephone, computer (video conference/e-mail), mobile app, or mail using the contact information you have provided. However, if you would prefer that we not share your information among our group of companies or if you do not wish to receive special offers promoting products and services, kindly let us know by following the instructions in Consent and Choices.

If you choose not to have your information shared, you will not be refused services, for that decision. We will respect your choice and may advise other YourHSA companies of your preference for the sole purpose of honoring your choices.

We may share your information with other YourHSA companies:

  • With your consent;
  • For the purposes of fraud or crime prevention, suppression or detection;
  • To enable YourHSA companies to meet regulatory, legal, financial or other reporting obligations;
  • As permitted or required by law.

Our Employees

Access to your information is restricted to authorized employees who have a legitimate business purpose for accessing it. For example, when you call us, visit us, or email us, designated employees will access your information to verify that you are the account holder or plan member and to assist you in fulfilling your requests.

Unauthorized access to and/or disclosure of your information by an employee of YourHSA is strictly prohibited. All employees are required to maintain the confidentiality of your information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.

Outside Service Suppliers

We may use service providers to perform specialized services on our behalf such as customer service, claims adjudication, trust fund financial management, research, marketing, mail distribution or data processing. Our service providers may at times be responsible for processing or handling personal information. They are provided only the information necessary to perform the services. In addition, we require them to protect the information in a manner that is consistent with our privacy policies and security practices.

In the event our service provider is located in a foreign jurisdiction, they are bound by the laws of the jurisdiction in which they are located and may disclose personal information in accordance with those laws.

Other Third Parties

We are committed to keeping your personal information confidential. We will only share your information with other third parties as indicated under your specific agreement with us and without your knowledge or consent under the following special circumstances:

  • To respond to valid and authorized information requests from domestic and international authorities;
  • As permitted or required by law, to comply with laws, regulations, subpoena or court order;
  • To help prevent fraud;
  • To protect the personal safety of employees, clients or other third parties on YourHSA property.

Retention of Information

We need to retain personal information for some time to ensure that we can answer any questions you might have about the services provided, to provide you with access to your claims history after our services are completed, and for our own accountability to external regulatory bodies.

In order to provide you with this ongoing access to your claims history, we continue to retain your records for seven years from the last month you used YourHSA account or accessed services. In certain circumstances, we may be required to keep your personal information for longer than this retention period; for example if we are required by provincial or federal government bodies or if there is potential or ongoing dispute or legal action. However, upon written request, and where allowed by law, we will destroy your personal information as described below.

Destruction of Information

When we have no ongoing legitimate business need to process your personal information, we will delete your information. We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed or completely reformatted. If this is not possible (for example, because your personal information has been stored in backup archives or in a cloud based server), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

As set out above, to help our customers better and to improve our services, we collect unidentifiable usage data (i.e. cookies that do not contain personal or financial information), metadata and statistical information concerning the use of YourHSA services. This non-personal information shall be retained and used by YourHSA for its own business purposes.

Safety of Information

Ensuring your confidentiality by protecting your personal and financial information is fundamental to the way we do business. This commitment extends to our online services and any new technologies we employ.

Protecting your personal, business and financial information and safeguarding you from fraud are among our highest priorities. In addition to our stringent privacy practices, we employ a diverse range of technologies and security mechanisms to ensure the safety, confidentiality and integrity of your information and transactions.

Breach of Security Safeguards

Despite the safeguards that we have put in place, we recognize that there may be breaches of those security safeguards. These breaches may be caused by human error, malicious attacks or another reason. A breach of security safeguards is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information. If a breach occurs, we will conduct a risk assessment to determine if the breach poses a real risk of significant harm to any individual whose information was involved. Significant harm includes bodily harm, humiliation, financial loss, identity theft, negative effects on the credit record, and damage to or loss of property. The risk assessment will consider the sensitivity of the information involved, and the probability that the information will be misused.

If we determine that the breach presents a real risk of significant harm, we will report the breach to the appropriate federal or provincial Privacy Commissioner and to the affected individuals as soon as feasible. The OSSTF ELHT Trustees will also be notified in the event of a breach within 24 hours of the discovery of the breach. We will also notify any other organization or government institution that may be able to reduce the risk of harm to affected individuals.

We will keep a record of every breach for 24 months after the day on which we determine that the breach has occurred. Records shall be kept about all breaches, and not just those that pose a real risk of significant harm. Records shall include information about reports to the Commissioner and notification of affected individuals in accordance with this Privacy Policy and applicable legislation.

Communications

Whether you are communicating with us using email, in person or by telephone, our privacy principles, and security mechanisms, ensure that your personal information and your confidentiality are protected at all times.

Email

Unencrypted email is not secure. We recommend that where possible, you use the secure email function (e.g. Message Centre) provided within some of our online services to communicate with us. Otherwise, you can contact us, to find out your options for secure communications with us.

At no time should you include personal or confidential information in an unencrypted email.

To help our customers recognize fraudulent email and websites pretending to represent a legitimate company, YourHSA will never ask you to provide personal, login or account information through unsolicited email. Should you receive an email requesting this type of information, do not respond.

Telephone

If you receive an unsolicited call that claims to be from YourHSA, requesting account or other personal information, do not respond. Instead, discontinue the call and independently verify the phone number. Only call back once you have ensured it is a legitimate YourHSA phone number.

Online

We use several layers of proven security technologies and processes to provide you with secure online access to your account and information. These are continuously evaluated and updated by our experts to ensure that we protect you and your information. These include:

Secure Socket Layer (SSL) Encryption

When you successfully login to our secure website using an authentic user ID and password, our web servers will establish a secure socket layer (SSL) connection with your computer. This allows you to communicate with us privately and prevents other computers from seeing anything that you are transacting, so you can conduct online business with us safely. SSL provides 128-bit encrypted security so that sensitive information sent over the Internet during online transactions remains confidential.

Authentication

To protect our users, we provide secure private websites for any business that users conduct with us. Users login to these sites using a valid username and a password. Users are required to create their own passwords, which should be kept strictly confidential so that no one else can login to their accounts.

Firewalls

We use a multi-layered infrastructure of firewalls to block unauthorized access by individuals or networks to our information servers.

Computer Anti-Virus Protection

We are continuously updating our anti-virus protection. This ensures we maintain the latest in anti-virus software to detect and prevent viruses from entering our computer network systems.

Data Integrity

The information you send to one of our secure private websites is automatically verified to ensure it is not altered during information transfers. Our systems detect if data was added or deleted after you send information. If any tampering has occurred, the connection is dropped and the invalid information transfer is not processed.

Accuracy of Information

We do the utmost to ensure the information we have about you is accurate and complete. As we make decisions based on the information we have, we encourage you to help us keep our information current. Contact us at any time if you wish to verify the accuracy or update the information we have about you.

Right to Access

In the normal course of business, you receive periodic access to information in the form of transaction activity records, including account statements and claim confirmations. This information is routinely available to you through mailings, secure online sites and telephone.

If you want to verify the accuracy of other personal information we hold about you, you may submit a written request to us to obtain access to such information. To avoid delays in obtaining your information, please provide sufficient detail to permit us to identify you and the specific information that you are requesting.

Please note that there may be instances where access may be restricted as permitted or required by law. Examples may include information that is subject to legal privilege, information containing confidential commercial information and information relating to a third party. If applicable, we will advise you of the reasons for restricting access subject to any legal or regulatory limitations.

If you have any questions about our privacy policies and how they relate to you please contact us to speak to our Privacy Officer.

Choice and Consent

You are always in control of your personal information. If you do not wish to receive promotional materials from us or you do not want your personal information shared with other YourHSA companies, simply contact us.

Legal

If you wish to exercise any other data protection rights that are available to you under your local data protection laws (such as the right to data portability or to data restriction) please contact us to speak to our Privacy Officer and we will respond to your request in accordance with applicable data protection laws.

This policy is to be read together with and form part of the YourHSA Site Terms of Use. It is also developed in the context of evolving and changing law and Internet technologies. Accordingly, these policies are subject to change and as such, any changes will be posted on this page. An individual’s continued use of this website following the posting of such changes constitutes their agreement to such changes.

OSSTF Benefits Website Disclaimer

The information contained in this website is for general information purposes only. The information is provided by OSSTF Benefits and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. All information on this website is subject to change without notice.