Compliance Report Portal

The whistleblowing portal serves to recognise and avoid significant risks to the GroupHEALTH Family of Companies, including Munich Re Group companies (collectively, the “GHFoC”). For this reason, the portal receives and processes information regarding legal infringements securely and confidentially, especially those related to financial crime (e.g. corruption, money laundering), antitrust and insurance supervisory law, market abuse, data protection, or serious breaches of related internal rules. Use of the whistleblowing portal is voluntary.

The whistleblowing portal is operated by GHFoC. GHFoC uses physical, electronic, and administrative measures designed to secure the information you submit from accidental loss and from unauthorized access, use, alteration, and disclosure. Communication between your computer and the whistleblower portal is encrypted (TLS). Data entered into the whistleblower system is encrypted, password-protected, and stored in a database operated by GHFOC, which is hosted by a third-party service provider in Canada (though the data may be transferred outside of Canada, as set out below). That third party service provider’s access to the data is restricted.

Your computer's IP address is not recorded during or after use of the whistleblowing portal. In order to maintain the connection between your computer and the GHFOC system, a null cookie is stored on your computer, which contains only the session ID. The cookie is valid only until the end of your session and becomes invalid when you close your browser. Nonetheless, traces of your visit to the whistleblowing portal may be left on your computer. Therefore, if you visit the whistleblowing portal from a company computer, you should consider deleting in particular the temporary data (cache) in your browser.

For what purposes and on what legal basis do we process your data?

We collect, use and disclose your personal data in compliance with the Personal Information Protection and Electronic Documents Act, S.C. 2000, c.5 and all applicable provincial privacy laws that apply.

GHFOC (including its members, officers, employees, servants, agents, representatives and sub-contractors) will process, collect, use, disclose and retain your personal data that you submit with this form (including your name and other information about you that you submit) (the “Submitted Personal Data”) for the purposes of:

1. reviewing, investigating and dealing with any noncompliance with legal requirements and GHFOC internal regulations and policies; and
2. as otherwise required by applicable law.

The report you submit, including the Submitted Personal Data, may be transferred to GHFOC affiliates (including Munich Re) that are located outside of Canada (including, but not limited to, Germany). As such, the Submitted Personal Information may be subject to disclosure to law enforcement and governmental entities in accordance with local laws.

By submitting this form, you agree and consent to the foregoing.

Will data be passed on? 

When you share your name or other Submitted Personal Data in the whistleblowing portal, we make every reasonable effort to keep your identity as the whistleblower confidential.

Only a limited number of authorised persons from within GHFOC have access to the report you submit. Depending on the report's content, certain other authorised persons from GHFOC (including, for clarity, from Munich Re) and individually authorised persons in subsidiary companies may receive access to the report on a case-by-case basis, if it is necessary to review, investigate or deal with the report. Each person with access to the data will be required to treat it confidentially.

Investigations related to reports that are submitted are treated confidentially. Your name or any information which could identify you as the whistleblower will be kept confidential, however in certain exceptional cases we may be required to disclose your name and other Submitted Personal Data (for example, if required by law).

Depending on the results of the initial investigation, the report (including Submitted Personal Data) may be transferred to another internal department to initiate disciplinary proceedings, or disclosed to a governmental law enforcement authority.

Information of the subject(s) affected by the whistleblowing

In certain cases we are legally obliged to inform those affected that we have received information about them. No direct or indirect information about the identity of the whistleblower will be revealed in that process, except as required by applicable law.

How long will your data be stored? 

We store the Submitted Personal Data for as long as it is required for the investigation or longer if required by law. Following this period, information received is either deleted or anonymized, i.e. the Submitted Personal Data is finally and irreversibly erased.

What rights do users of the whistleblowing portal have?

You have certain rights in respect of your Submitted Personal Data under applicable privacy laws, which may include a right to access your information, a right to rectify it, or a right to withdraw your consent. Please contact GHFOC Privacy Officer at the address below to exercise any such rights.

Any inquires, concerns or complaints regarding privacy should be directed to:

Privacy Officer
GroupHEALTH Global Benefit Systems Inc.
15315 31 Avenue
Surrey, BC V3Z 6X2

Tel: Call Centre (416) 234-3511 (Hours: 7:30 am to 7:30 pm (5:00 on Fridays))
Toll Free Switchboard: 1 866 532-8999
Fax: (416) 234-2071
E-mail: privacy@grouphealth.ca