We collect and keep information about you, which is needed to provide the products and services you request. This information is collected either directly or through our Independent Advisor Representatives. We may also provide the basic information to a third party medical service company so they may contact you to arrange any underwriting requirements. These requirements are sent directly to private labs and the insurance companies who will underwrite your application. We do not receive or maintain any copies of this medical information. We may also maintain a database and record the following information. This information is used to assist in the underwriting process and maintain information that is required by various federal regulations which includes PIPEDA in Canada, ALPIPA in Alberta, BCPIPA in British Columbia where Customplan follows their rules and regulations.
Type of information we maintain
- Marital status
- Date of birth
- Citizenship status
- Health information (only during the underwriting process)
- Net worth
- Social insurance number
- Name, home address, and phone number
We need the individuals or companies written consent to maintain this information and also when any new use of the personal information is to be used. We securely remove and dispose of any Personal Information that does not have a specific purpose or no longer fulfills its intended purpose.
If your Independent Advisor Representatives requests information concerning the status of your insurance policies or information on coverage amounts, beneficiary designations or any values this information will be provided unless another Independent Advisor Representatives is appointed and has obtained a signed release from you.
You as an individual or a company have right to make a written request to access any personal information we have on file. This information must be provided within 30 days of receipt of the request.
You may withdraw your consent in writing at any time but this will not allow us to provide service on your policies as it would result in us removing your data and we would not be able to answer your inquiries.
The Insurance or Investment Company you have applied to will have similar privacy policies with the exception that they will keep copies of your application and all information obtained to underwrite your application This information may include medical and financial data that is used to make an underwriting decision, or to process claims in the case of Insurance applications. Investment companies will keep copies of any financial data you have supplied.
The Independent Advisor Representatives who is submitting this application on your behalf will also be required to maintain files which will include copies of your applications and any presentations they have used to assist in the transaction. The Independent Advisor Representatives are also required to provide you with an Advisors Disclosure or Engagement document, complete a needs analysis and send a reason why letter or email.
Your right to access your information
You have a right to access the personal information that we, the Insurance company , the Investment company and the Associate Advisor have about you in your file. If any of them have information that is not correct, you can have it corrected.
Those engaging in Internet commerce dealing with financial transactions and personal information need to know that the communications are protected. There are many facets to how we at Customplan Financial Advisors Inc protect such information. We use a separate site https://customplan.virtgate.ca to store any information on the business we process.
To prevent interception and manipulation of the data stream between browser and server, this site employs Secure Sockets Layer (SSL) encryption technology. Under SSL, each screen sent by a server is first encrypted and then decrypted on the user’s PC before viewing, and vice versa. There are a number of parts of setting up an SSL connection also called “handshaking” where encryption certificates are exchanged. The certificate provides secure, authenticated communication in on-line applications.
This site uses GeoTrust certificates which are the most advanced and secure SSL Certificates on the market. GeoTrust certificates support 1024-bit key lengths and 128-bit SSL connections for 128-bit SSL web browsers. SSL also enables a web site to activate the browser’s “LOCK” icon in the bottom right hand corner indicating data will be protected from interception or tampering.
Other Internet Security
To prevent manipulation on the browser side prior to transmission, to maintain state once logged in, this site stores information about the user and their session in temporary cookies. To prevent the user or someone else with physical access to the user’s computer manually editing the cookie file and forging credentials by altering the contents of the cookie, this site employs dynamic session keys to ensure session integrity. At each page load, the key is validated to verify that the session information has not been altered. Similar precautions are taken within HTML forms to prevent “hijacking” of legitimate changes and access.
This data center with the servers also employs 24 / 7 managed firewall services and managed intrusion detection. Using the most advanced firewall procedures, all unnecessary ports at every connection to the Internet are closed. If there are suspicious traffic patterns, an alarm notifies the 24 / 7 attendants and they are investigated and the firewall adjusted right on the spot.
The least safe place to store information is an office. It takes a thief with very advanced expertise to hack a properly secured server, but any thief with a crowbar can open a locked door and walk out with a server stored in a standard office environment. Therefore we employ physical security impossible to match in any office. The servers are housed at a major international data center, and the stability and security of this Tier 1 facility is virtually impregnable. The center formerly was a cheque clearing and e-commerce hub for a major bank before a merger, and once held a billion dollars in bearer bonds.
The data center is in a building in an industrial area that looks like any other building. However, there is no name on the building. There are carefully placed decorative boulders around the entrance to block truck bombs. Even then, that is just the first set of walls. The design of the building is like an arena with concentric rings around the periphery of the data hub where a unique, multiple air-filtering system is located.
The walls of the building are certified to be NATO quality small bore missile proof. In the reception area you are greeted by 24 / 7 guards behind bulletproof glass who can push one button and multiple police cruisers arrive within a minute from 2 police stations nearby.
After providing identification, once inside, any visitor is escorted and needs to pass through with multiple “mantraps”, which are corridors where the first door needs to be locked before the next door is opened.
The servers themselves are in locked secure cages with video surveillance.
Operational Risks are Mitigated
It does not matter how secure the communications are if the servers are frequently down or slow. Therefore the data centre has taken multiple precautions which we will outline here. As a result, our servers have many years of an almost unprecedented uptime track record.
Further, they are rocket fast as they are not overloaded. There are at least 5 servers in operation in the locked cage, and any one of these could handle the entire load on their own. If a site needs to be swapped between servers, this can be done in minutes.
Each server has quadruple redundant connected to diversely routed dual 100 Megabit per second Ethernet connections directly to the Internet backbone (67 times faster than a T1, in both upload and download directions).
There are no routers with a single point of failure (a common problem), but rather twin redundant $150,000 CISCO switches handle the Ethernet traffic inside the data centre.
There are separate redundant links to 2 different city hydro sub-stations right to each server which has two plugs and dual power supplies, one to each power channel. There are multiple layers of back-up power generation (three diesel generators that scramble in less than a minute, and only one is required, back-up batteries and two UPS systems consisting of five modules that enable the centre to be self-sufficient for over seven days without refueling. During the great eastern blackout of August 15, 2003, there were no outages.
The multiple redundant air-filtering system located around the periphery of the data hub supported by direct digital building monitoring system encompassing over 2,000 individual points such as water, temperature, cooling and heating, and sophisticated fire suppression system.
Each server utilizes hot-swappable storage, which means a drive can fail, be pulled out of its socket, a new drive inserted, all while the server is running and with no loss of data or service. Even with a failed drive, the server will run indefinitely. This is backed by a 24 / 7 four-hour parts and service contract and 24×7 monitoring of network connection and server availability. This feature has been tested with success. If a drive is replaced, the old drive is retained and wiped of data before returning to the manufacturer.
In addition to all of these precautions, full backups of all data are performed nightly at a secondary location, which in turn are then backed up and stored on storage media such as tapes, CD ROM or DVDs.