Last Updated: October 31, 2019
Scope of Policy
Epiq, as a third-party service provider acting on behalf of and under the direction of our clients, may collect, use and disclose personal information related to claims (the “claims data”), in order to provide our claims management services on behalf of such clients.
Collection of Information
In the course of our business, Epiq may collect claims data and other “personal information” (as defined under privacy legislation) from claimants, clients and third parties. The claims data we collect on behalf of our clients may include but is not limited to:
- Identity information, such as name, address, email address and other contact information for claimants and other related parties;
- Personal health information;
- Banking and financial account information;
- Publicly available information about you, related parties, and other related information related to your claim(s); and
- Other information that you may disclose to or share with us online, over the phone, or otherwise related to your claim(s).
We do not knowingly request or collect personal information from children – persons under 13 years of age, or another age if required by applicable law – without prior verifiable consent of his or her parent or legal guardian. If we become aware that we have unknowingly collected personal information about a child without verifiable parental or legal guardian consent, we will delete this information from our records or take reasonable available steps to de-identify the information.
How We use the Information
We generally use the claims data and other personal information we collect for the following purposes:
- To initiate, process, review, investigate, assess, validate, settle, finalize, and otherwise administer claims, according to the terms and conditions of the class action Settlement Agreements as approved by the courts
- For reporting, auditing and analytics purposes, including to provide with reports on claims and to audit claims on behalf of its clients;
- To communicate with you regarding your claim(s);
- To verify your identity;
- To locate claimants with whom we have lost contact
- For fraud detection and verification purposes, and to otherwise protect us, our clients and others from fraud, error and other harm;
- To improve our services and operations that we use to provide claims management and related services, and to provide training to relevant personnel;
- In order to comply with the law, a judicial proceeding, court order, or other legal process, such as in response to a court order or a subpoena; and
- For any other purposes identified by our clients.
We may also use de-identified information and aggregate information relating to claims for research, analytics, and related purposes.
How We Share Your Information
We will not disclose your personal information to any non-affiliated third party without your prior consent, other than as provided below.
In carrying out the activities and purposes described above on behalf of its clients, claims data may be processed by Epiq, including other affiliated Epiq entities, who perform services or provide support relating to the claims management services. Claims data and other personal information we collect may also be disclosed to third parties as set forth below:
- Adjusters, assessors, valuators and service providers engaged by Epiq to perform services or functions related to the claims management services; and
- Authorized representatives, consultants, research firms and other third party service providers acting on our behalf, including cloud storage providers, data analytics providers, research partners, background check providers, consultants, lawyers, accountants and other professional services providers.
We reserve the right to disclose your personal information as required or permitted by law, in response to legal or regulatory process and law enforcement requests by government authorities that have asserted a lawful right to access such information, to our legal counsel, or as necessary to protect the property, interests and rights of Epiq.
We will not transfer your personal information across national borders to fulfil any of the above purposes, including to the United States, without your consent. All information collected by us will only be stored and accessed in Canada.
Limiting Use, Disclosure, and Retention
Personal information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required by law.
Pursuant to privacy legislation or our mandate or upon a client’s or claimant’s direction, we will destroy, erase or anonymize documents or other records containing personal information as soon as it is reasonable to assume that the original purpose is no longer being served by retention of the information and retention is no longer necessary for a legal or business purpose. We will take due care when destroying personal information and anonymizing documents so as to prevent unauthorized access to, or reverse engineering of, the information.
How We Store and Safeguard Your Information
Epiq has implemented measures designed to secure personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. All personal information is stored on our secure servers behind firewalls.
Epiq’s security measures include:
- Education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data;
- Administrative and technical controls to restrict access to personal data on a ‘need to know’ basis;
- Technological security measures, including firewalls, multi-factor authentication, encryption and anti-virus software;
- Physical security measures, such as staff security passes to access our premises; and
- Reasonable precautions for the disposal or destruction of personal information that may consist of securely shredding physical documents and deleting electronically stored information in a manner that prevents it from being readily recovered.
While we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. If we find out there has been a breach of our security safeguards and there is a real risk of significant harm to you, you will be notified unless otherwise prohibited by law.
Accessing and Correcting Your Personal Information
The personal information Epiq collects will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. We will, on an ongoing basis, take reasonable steps to ensure the accuracy and completeness of personal information under our care and control. Individuals who provide their personal information to Epiq must do so in an accurate and complete manner. Our goal is to minimize the possibility that inaccurate information is used to make a decision about any individual whose personal information we process.
You may request access to, or the correction of the personal information collected and processed by Epiq as part of the claim services, information about the ways in which that information is being used and a description of the individuals and organizations to whom that information has been disclosed, by making a written request to our privacy officer. You may be required to verify your identity. Because we are acting for and on behalf of our clients, we will provide them with your request and will work with them as needed to respond to your request. In some situations, we or our clients may not be able to provide access to certain personal information. This may be the case where, for example, disclosure would reveal personal information about another individual, the personal information is protected by solicitor/client privilege, the information was collected for the purpose of an investigation or where disclosure of the information would reveal confidential commercial information.
We may also be prevented by law from providing access to certain personal information. When an access request is refused, we will notify you in writing, document the reasons for refusal and outline further steps available to you.
Withdrawing Your Consent
Epiq has designated a privacy officer who is responsible for our compliance with this policy. Any inquiries, complaints or questions regarding this policy should be directed in writing to our privacy officer as follows:
Epiq Class Action Services Canada Inc.
Suite 400-220 Laurier Avenue West
K1P 5Z9 Canada
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, QC K1A 1H3