The Your HSA group of companies, includes Your HSA Group Inc., Blendable Solutions Inc., and Blendable Inc. (collectively, YourHSA). As used below, the terms “we”, “us” and “our” refer to YourHSA.
At YourHSA, we are dedicated to protecting your privacy and safeguarding your personal and business information.
YourHSA follows comprehensive privacy policies and security practices in compliance with laws and to support our commitment of trust through integrity in everything we do. Any personal information you do provide is protected under the federal Personal Information Protection and Electronic Document Act (PIPEDA), British Columbia’s or Alberta’s Personal Information Protection Act, or the Quebec Protection of Personal Information in the Private Sector Act (QPPIS). This means that, at the point of collection, you will be informed that your personal information is being collected, the purpose for which it is being collected and that you have a right of access to the information.
We are firmly committed to safeguarding your confidentiality and protecting your personal and business information. The principles that follow apply to all of our dealings with you.
We are responsible for the personal information we collect and we have designated a Privacy Officer who is accountable for our compliance with applicable privacy legislation.
When YourHSA enters into a service agreement with a third party for the delivery of customer products and services, it uses contracts or other means to ensure that the practices of the third party with regard to privacy protection are compatible with those of YourHSA.
YourHSA may gather personal information directly from you, from insurance brokers or general agents, from health specialists, hospitals, clinics or other facilities of a medical or paramedical nature, from insurance companies, from any other organization or person that maintains files or personal information on you. When you request products or services, we will ask you to provide only the information that enables us to complete your request, to provide better service or to offer you products and services we believe you might be interested in.
Information essential for fulfilling our services includes:
Providing us with your information is always your choice. However, in dealings involving insurance and related financial services, your decision to withhold particular details may limit or prevent us from providing the products or services you have asked for. We are continuously striving to improve our service offerings to you. Therefore, we routinely collect non-personal aggregate information from surveys, public archives and Web sites to help us understand the interests of our clients and to manage our risks.
We use your personal information for the purposes communicated to you in your agreement(s) with us, for example to:
Note that sensitive information such as health or financial records will never, under any circumstances, be shared or used for a purpose other than that of the original intent.
Under certain circumstances, your personal information may be shared among YourHSA companies or other third parties.
Sharing your personal information among YourHSA companies, can allow us to help you achieve your goals. It is part of building and maintaining a positive relationship with you. We may use this information to better understand your needs and to promote products and services we believe may interest you.
This would only be done with your consent. We may communicate with you through various channels, including telephone, computer (video conference/e-mail), mobile app, or mail using the contact information you have provided. However, if you would prefer that we not share your information among our group of companies or if you do not wish to receive special offers promoting products and services, kindly let us know by following the instructions in Consent and Choices.
If you choose not to have your information shared, you will not be refused services, for that decision. We will respect your choice and may advise other YourHSA companies of your preference for the sole purpose of honoring your choices.
We may share your information with other YourHSA companies:
Access to your information is restricted to authorized employees who have a legitimate business purpose for accessing it. For example, when you call us, visit us, or email us, designated employees will access your information to verify that you are the account holder or plan member and to assist you in fulfilling your requests.
Unauthorized access to and/or disclosure of your information by an employee of YourHSA is strictly prohibited. All employees are required to maintain the confidentiality of your information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
We may use service providers to perform specialized services on our behalf such as customer service, claims adjudication, trust fund financial management, research, marketing, mail distribution or data processing. Our service providers may at times be responsible for processing or handling personal information. They are provided only the information necessary to perform the services. In addition, we require them to protect the information in a manner that is consistent with our privacy policies and security practices.
In the event our service provider is located in a foreign jurisdiction, they are bound by the laws of the jurisdiction in which they are located and may disclose personal information in accordance with those laws.
We are committed to keeping your personal information confidential. We will only share your information with other third parties as indicated under your specific agreement with us and without your knowledge or consent under the following special circumstances:
We need to retain personal information for some time to ensure that we can answer any questions you might have about the services provided, to provide you with access to your claims history after our services are completed, and for our own accountability to external regulatory bodies.
In order to provide you with this ongoing access to your claims history, we continue to retain your records for seven years from the last month you used YourHSA account or accessed services. In certain circumstances, we may be required to keep your personal information for longer than this retention period; for example if we are required by provincial or federal government bodies or if there is potential or ongoing dispute or legal action. However, upon written request, and where allowed by law, we will destroy your personal information as described below.
When we have no ongoing legitimate business need to process your personal information, we will delete your information. We destroy paper files containing personal information by shredding. We destroy electronic information by deleting it and, when the hardware is discarded, we ensure that the hard drive is physically destroyed or completely reformatted. If this is not possible (for example, because your personal information has been stored in backup archives or in a cloud based server), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
As set out above, to help our customers better and to improve our services, we collect unidentifiable usage data (i.e. cookies that do not contain personal or financial information), metadata and statistical information concerning the use of YourHSA services. This non-personal information shall be retained and used by YourHSA for its own business purposes.
Ensuring your confidentiality by protecting your personal and financial information is fundamental to the way we do business. This commitment extends to our online services and any new technologies we employ.
Protecting your personal, business and financial information and safeguarding you from fraud are among our highest priorities. In addition to our stringent privacy practices, we employ a diverse range of technologies and security mechanisms to ensure the safety, confidentiality and integrity of your information and transactions.
Breach of Security Safeguards
Despite the safeguards that we have put in place, we recognize that there may be breaches of those security safeguards. These breaches may be caused by human error, malicious attacks or another reason. A breach of security safeguards is defined as the loss of, unauthorized access to or unauthorized disclosure of personal information. If a breach occurs, we will conduct a risk assessment to determine if the breach poses a real risk of significant harm to any individual whose information was involved. Significant harm includes bodily harm, humiliation, financial loss, identity theft, negative effects on the credit record, and damage to or loss of property. The risk assessment will consider the sensitivity of the information involved, and the probability that the information will be misused.
If we determine that the breach presents a real risk of significant harm, we will report the breach to the appropriate federal or provincial Privacy Commissioner and to the affected individuals as soon as feasible. The OSSTF ELHT Trustees will also be notified in the event of a breach within 24 hours of the discovery of the breach. We will also notify any other organization or government institution that may be able to reduce the risk of harm to affected individuals.
Whether you are communicating with us using email, in person or by telephone, our privacy principles, and security mechanisms, ensure that your personal information and your confidentiality are protected at all times.
Unencrypted email is not secure. We recommend that where possible, you use the secure email function (e.g. Message Centre) provided within some of our online services to communicate with us. Otherwise, you can contact us, to find out your options for secure communications with us.
At no time should you include personal or confidential information in an unencrypted email.
To help our customers recognize fraudulent email and websites pretending to represent a legitimate company, YourHSA will never ask you to provide personal, login or account information through unsolicited email. Should you receive an email requesting this type of information, do not respond.
If you receive an unsolicited call that claims to be from YourHSA, requesting account or other personal information, do not respond. Instead, discontinue the call and independently verify the phone number. Only call back once you have ensured it is a legitimate YourHSA phone number.
We use several layers of proven security technologies and processes to provide you with secure online access to your account and information. These are continuously evaluated and updated by our experts to ensure that we protect you and your information. These include:
Secure Socket Layer (SSL) Encryption
When you successfully login to our secure website using an authentic user ID and password, our web servers will establish a secure socket layer (SSL) connection with your computer. This allows you to communicate with us privately and prevents other computers from seeing anything that you are transacting, so you can conduct online business with us safely. SSL provides 128-bit encrypted security so that sensitive information sent over the Internet during online transactions remains confidential.
To protect our users, we provide secure private websites for any business that users conduct with us. Users login to these sites using a valid username and a password. Users are required to create their own passwords, which should be kept strictly confidential so that no one else can login to their accounts.
We use a multi-layered infrastructure of firewalls to block unauthorized access by individuals or networks to our information servers.
Computer Anti-Virus Protection
We are continuously updating our anti-virus protection. This ensures we maintain the latest in anti-virus software to detect and prevent viruses from entering our computer network systems.
The information you send to one of our secure private websites is automatically verified to ensure it is not altered during information transfers. Our systems detect if data was added or deleted after you send information. If any tampering has occurred, the connection is dropped and the invalid information transfer is not processed.
We do the utmost to ensure the information we have about you is accurate and complete. As we make decisions based on the information we have, we encourage you to help us keep our information current. Contact us at any time if you wish to verify the accuracy or update the information we have about you.
In the normal course of business, you receive periodic access to information in the form of transaction activity records, including account statements and claim confirmations. This information is routinely available to you through mailings, secure online sites and telephone.
If you want to verify the accuracy of other personal information we hold about you, you may submit a written request to us to obtain access to such information. To avoid delays in obtaining your information, please provide sufficient detail to permit us to identify you and the specific information that you are requesting.
Please note that there may be instances where access may be restricted as permitted or required by law. Examples may include information that is subject to legal privilege, information containing confidential commercial information and information relating to a third party. If applicable, we will advise you of the reasons for restricting access subject to any legal or regulatory limitations.
If you have any questions about our privacy policies and how they relate to you please contact us to speak to our Privacy Officer.
You are always in control of your personal information. If you do not wish to receive promotional materials from us or you do not want your personal information shared with other YourHSA companies, simply contact us.
If you wish to exercise any other data protection rights that are available to you under your local data protection laws (such as the right to data portability or to data restriction) please contact us to speak to our Privacy Officer and we will respond to your request in accordance with applicable data protection laws.
The information contained in this website is for general information purposes only. The information is provided by OSSTF Benefits and while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. All information on this website is subject to change without notice.