The protection of personal information is vital consideration in doing business at Guardian Life Insurance Limited (hereinafter referred to as “GLIL”). This policy sets out how we collect and manage personal information in a manner that protects the personal privacy of our clients, contractors and employees.

"Personal information" refers to any factual or subjective information concerning an identifiable individual. Personal information may be collected concerning a variety of individuals with whom our company does business, including from group and individual life insured, beneficiaries, employees, contractors, agents, employers of agents and others through different methods according to the Policy chosen by them. Personal information can be collected in a variety of forms, including written (such as correspondence and memoranda) as well as electronic communications and records, video or audio recordings, photographs and Apps. Examples of personal information include but not limited to information concerning an individual's name, age, sex, health, financial conditions, income source, national and other identification numbers, banking and income information, employment records, credit records, medical information etc. However, personal information does not include the name, title or business address, telephone number or e-mail address of employees of an organization. GLIL follows 10 privacy principles:

1. Accountability
2. Consent
3. Limiting Collection
4. Limiting Use, Disclosure and Retention
5. Accuracy
6. Identifying Purposes
7. Safeguards
8. Openness
9. Individual Access
10. Challenging Compliance

GLIL is responsible for personal information under its control and has designated an individual or individuals who are accountable for compliance with this policy. . GLIL, its employees and contractors are responsible for all personal information in their possession or control, including information that has been obtained from or transferred to a third party for processing. Chief Executive Officer (CEO) of GLIL shall be accountable for adherence to this policy and applicable privacy statutes, regulations and guidelines. Where appropriate, the responsibilities of the CEO may be delegated to an individual or individuals within a particular business area familiar with the nature of the personal information collected within the area and any special needs the area may have concerning the protection of personal information

GLIL will identify the purposes for which personal information is being collected before or at the time that the information is collected. GLIL collects personal information in a number of ways. For example, information may be collected on an application or claim form, during a personal interview, web site input, Apps or through other means. Prior to or at the time of collection, GLIL will identify the purpose of collection. This may be communicated in writing or orally, depending upon the manner in which the information is collected. Persons collecting personal information are expected to be able to explain to individuals the purposes for which the information is being collected. GLIL will not collect, use, or disclose information beyond that required to fulfill the purposes specified at the time of collection. Unless the new purpose is required by law, before using personal information for a purpose not previously identified, the company will identify the new purpose and obtain the consent of the individual toits use.

GLIL must obtain the knowledge and consent of the individual to the collection, use and disclosure of personal information, except where inappropriate. Usually, GLIL will obtain consent for the use or disclosure of personal information at the time of collection. Sometimes, consent will be obtained after the information has been collected but prior to use (for example, when the company wishes to use information for a purpose not previously identified). If consent is not obtained GLIL will not use the information unless it is legally obliged to do so. GLIL may seek consent in a variety of ways, depending on the circumstances and the type of information collected. The company will generally seek express consent when the personal information is likely to be considered sensitive (such as medical or income records). Sometimes consent may be obtained from an authorized representative, such as a legal guardian or person holding a power of attorney. Implied consent may be inferred in circumstances where the information is less sensitive and consent to collection, use or disclosure can be reasonably inferred. In certain limited circumstances, personal information can be collected, used, or disclosed without the knowledge and consent of the individual. For example, legal, medical, or any security reasons may make it impossible or impractical to seek consent. When information is being collected for the investigation of a potential breach of contract, the prevention or detection of fraud or for law enforcement purposes, seeking the consent of the individual might defeat the purpose of collecting the information. Similarly, seeking consent may be impossible or inappropriate when the individual is a minor, seriously ill, or otherwise incapacitated. An individual may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. GLIL will inform the individual of the implications of such withdrawal, which may include termination of a policy, termination of benefits or inability to process a claim.

The collection of personal information will be limited to that which is reasonably necessary for the purposes identified by GLIL. Information shall be collected only by fair and lawful means. The company will not collect personal information indiscriminately. Both the amount and the type of information collected shall be limited to that which is reasonably necessary to fulfil the purposes identified. Information will be collected in a manner that complies with the company's obligations to identify the purpose of collection and to obtain the consent of the individual to collection, use and disclosure of personal information.

GLIL will not use or disclose or sell personal information for purposes other than those for which it was collected, except with the consent of the individual or in accordance with the exceptions set out above. Personal information will be retained only as long as necessary for the fulfilment of those purposes. Personal information that has been used to make a decision about an individual will be retained long enough to allow the individual access to the information after the decision has been made. Personal information that is no longer required to fulfil its purpose shall be destroyed in accordance with GLIL record retention and destruction policies and procedures.

Personal information will be as accurate, complete and up-to-date as is necessary for the purposes for which it is to be used. The extent to which personal information shall be updated will depend upon the use of the information, taking into account the interests of the individual. Information will be sufficiently accurate, complete and up-to-date to minimize the possibility that inappropriate information may be used to make a decision about the individual. GLIL will not routinely update personal information, unless such a process is necessary to fulfil the purposes for which the information was collected.

Personal information will be protected by security safeguards appropriate to the sensitivity of the information. GLIL has implemented security safeguards and appropriate training to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use or modification. Security safeguards vary depending on the nature and format of the information collected. The methods of protection include physical, organizational and technological measures designed to limit access to authorized persons, ensure the integrity of the information and protect it from unauthorized use or disclosure. Security safeguards also include steps to ensure that all third parties with whom we contract and who may be required to handle personal information have implemented comparable security measures. Companies or third parties hired to provide support services or other services are not allowed to use personal information for their own purposes and are contractually obligated to maintain strict confidentiality. The use of personal information must be limited to the performance of the specific service. Access to personal information must be restricted to selected employees and agents who have a need for such information for business purposes only.

GLIL will make readily available to individuals specific information about its policies and practices relating to the management of personal information. The information made available shall include:

• the name or title, and the address, of those accountable for the company's policies and practices and to whom complaints or inquiries can be forwarded;
• the means of gaining access to personal information held by the company;
• a description of the type of personal information held by the company and a general account of its use;
• a copy of this policy and any other brochures or information that explain or elaborate upon this policy; and
• what personal information is made available to related organizations or subsidiaries

Upon request, an individual will be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual will be able to challenge the accuracy and completeness of the information and have it amended as appropriate. Upon request, GLIL will inform an individual whether or not it holds personal information about the individual, will permit the individual to access the information and provide an account of the use made of the information, including any disclosure to third parties. GLIL may choose to make sensitive medical information available through a medical practitioner designated by the individual. In certain situations, GLIL may not be able to provide access to all of the personal information is holds about an individual. Exceptions to the access requirement will be limited and specific, and the reasons for denying access will be provided to the individual upon requests. Exceptions may include information that is prohibitively costly to provide, information that contains references to other individuals, information that cannot be disclosed for legal, security, or commercial proprietary reasons, information that has been obtained in the course of an investigation of a potential breach of contract or fraud, and information that is subject to privilege. GLIL will respond to an individual’s request within a reasonable time and at minimal or no cost to the individual. The requested information will be provided or made available in a form that is generally understandable. For example, when abbreviations or codes are used an explanation will be provided upon request. If the individual requests copies of any of the documents in the company's file, a reasonable fee may be charged for duplication. When an individual successfully demonstrates the inaccuracy or incompleteness of personal information, GLIL will amend the information as required. Depending on the nature of the information challenged, amendment may mean the correction, deletion or addition of information. When a challenge is not resolved to the satisfaction of the individual, the substance of the challenge will be recorded. The individual will also be entitled to place in the file a statement as to their position and the documents they rely on in support of that position.

An individual may address a challenge concerning compliance with this policy to the Chief Executive Officer of GLIL. GLIL will inform individuals who make inquiries or lodge complaints of the applicable complaint handling protocol. GLIL will investigate and respond to all complaints in accordance with the applicable departmental complaint handling protocol. If a complaint is found to be justified, GLIL will take appropriate measures, including if necessary, amending its policies and procedures.