Insurance

PRIVACY POLICY and

PROTECTION of PERSONAL INFORMATION

PRIVACY POLICY

Our Commitment to Privacy

At Alpha and Omega Wealth Management Inc., we recognize how important personal privacy is to you and to all our clients. To provide the highest possible level of protection to you, we maintain standards designed to protect your privacy and prevent any misuse of your personal information. We have adopted the following principles and procedures which outline how we gather, protect, and use personal information, and how we will hold ourselves accessible and accountable to you. As used herein, personal information" is any information that identifies you as an individual and includes information with respect to your name, address, age, gender, employment, finances, health and lifestyle.

Why is Personal Information Collected?

We collect personal information to identify you as a person and to assist our understanding of your current and future financial, health and lifestyle needs and determine the suitability of, and properly administer, the products and services we offer. Other information we ask for will depend on the products or services you request and, in most cases, will be required by the product or service provider selected or by law.

How Do We Collect Personal Information About You?

We will only collect information that is pertinent and consistent with the purposes of the collection. Whenever practical, we will collect the required information directly from you or your authorized representative(s), in completed applications and forms, through other means of correspondence, such as the telephone, mail and through your business dealings with us. With your consent, we may also obtain personal information about you from third parties such as your financial or legal advisors and health care professionals. It is always your choice whether to provide personal information or to consent to our obtaining personal information about you from third parties. In many cases, you are free to refuse or withdraw your consent at any time. However, if you choose not to provide requested personal information or consents, we may not be able to provide certain products or services to you.

Disclosure and Use of Personal Information

Generally, the disclosure of your personal information will be restricted to those who have a need for, and the right to, the information. Otherwise, Alpha and Omega Wealth Management Inc., will not sell, trade, or lend your personal information to any third parties unless lawfully permitted or required, or we have your consent to do so. Your consent may be expressed in writing, or it may be given verbally, electronically, or through your authorized representative(s). We will imply your consent to use personal information collected from you for the purposes explained to you or to the collection and use of personal information from third parties identified by you for purposes of obtaining and administering the products and services you request. You may withdraw your consent for us to collect, use and disclose your personal information, as long as there are no legal or contractual reasons preventing you from doing so. Depending on the circumstances, however, withdrawal of your consent may impact our ability to obtain or continue the products and services you have requested. We may use service providers to provide us with various services such as printing, mail distribution, information technology and administration. Where personal information is provided to our service providers, Alpha and Omega Wealth Management Inc. will require them to protect the information in a manner that is consistent with our privacy policies and practices.

Protection of Personal Information

We maintain security standards and procedures we consider appropriate to help prevent unauthorized access to confidential information about you. We retain your personal information only if it is required for the reasons it was collected or as required by law. When your personal information is no longer needed for the purposes explained to you or as required by law, we have procedures to destroy, delete, erase or convert it to an anonymous form.

Privacy Breach Procedure

A privacy breach occurs when there is an unauthorized access to, or collection, use or disclosure of personal information that contravenes privacy legislation. Typically breaches occur because personal information is lost, stolen, disclosed in error or as a consequence of an operational breakdown. Below is a detailed description of our procedures.

  1. Notify the Compliance Officer Anthony Tadros immediately.

  2. Gather information about the incident:

    • Date of occurrence

    • Date discovered

    • How discovered

    • Location of the incident

    • Cause of the incident

    • Any other information you can quickly assemble

3. Contain the breach immediately — don't let any more information escape.

  • Stop the unauthorized practice

  • Recover the records

  • Shut down the system that was breached

  • Revoke or change computer access codes or

  • Correct weaknesses in physical or electronic security.

4. Assess the breach.

5. Notify the police if the breach appears to involve theft or other criminal activity. Do not compromise the ability to investigate the breach. Be careful not to destroy evidence that may be valuable in determining the cause or allow you to take appropriate corrective action."

6. If customer information was involved, notify the MGA and Insurers involved and work with them to determine who needs to be apprised of the incident internally and externally. Seek instructions on how the insurer would like to proceed. The insurer should determine whether affected individuals should be notified, how they will be notified and by whom. The Privacy Commissioner states "Typically, the organization that has a direct relationship with the customer, client or employee should notify the affected individuals, including when the breach occurs at a third-party service provider that has been contracted to maintain or process the personal information." The decision as to whether to notify the affected individuals may have to be delayed in order for a full risk assessment to be conducted.

7. Evaluate the risks associated with the breach. Find out:

  • What personal information was involved?

  • Consider the sensitivity of the information. Generally, the more sensitive the information, the higher risk of harm. Consider these high-risk forms of personal information:

    • Health information

    • Government-issued ID such as SINs, driver's license, and health care numbers

    • Bank account and credit card numbers

    • If a combination of personal information was involved, as this is typically more sensitive. The combination of certain types of sensitive personal information along with name, address and DOB suggest a higher risk.

  • How this personal information can be used. Can it be used for fraud or other harmful purposes (i.e. identity theft, financial loss, loss of business or employment opportunities, humiliation, damage to reputation or relationships)?

  • Is there a reasonable risk of identity theft or fraud (usually because of the type of information lost, such as an individual's name and address together with government-issued identification numbers or date of birth)?

  • Is there a risk of physical harm (if the loss puts an individual at risk of physical harm, stalking or harassment)?

  • Is there a risk of humiliation or damage to the individual's reputation (e.g., does the personal information include mental health, medical or disciplinary records)?

  • Whether the personal information was adequately encrypted, made anonymous or otherwise not easily accessible.

  • What is the ability of the individual to avoid or mitigate possible harm?

  • The cause of the breach.

  • The extent of the breach — how many individuals have been affected?

  • Who are they?

  • What harm can result to your practice? (Loss of trust, assets, financial exposure, legal proceedings).

8. Do a thorough postmortem to prevent future breaches. What steps are needed to correct the problem? Is this a one-off issue or is it systemic?

If employee information was involved, there will likely be no need to notify the insurers but follow the same steps as above with appropriate consideration given to the special sensitivities around employee and personal information.

Contacting Us

If you have any questions or concerns about our privacy policies and practices, or you want to know more about the process for accessing and/or correcting your personal information, or withdrawing or opting-out of any express or implied consent, please contact Anthony Tadros at:

Tel: 604 579-0223 | Fax: 778 727-0777

Email: atadros@peakgroup.com

Address: 110 – 6758 188th Street | Surrey BC | V4N 6K2

Mobile

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.