Privacy Policy

1. Introduction

At Frontier HSA ("we," "our," or "us"), we are committed to protecting your privacy and safeguarding your personal information in accordance with Canada's Privacy Act, the Personal Information Protection and Electronic Documents Act (PIPEDA), and applicable provincial privacy legislation. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit our website (https://www.frontierhsa.ca/) or use our Health Spending Account (HSA) services.

Frontier HSA does not provide services to residents of Quebec and this Policy does not address Quebec privacy regulations.

2. Collection and Disclosure of Personal Information

In accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), “Personal Information” is defined as any information that allows an individual to be identified.

Frontier HSA only collects personal information with your express or reasonably implied knowledge and consent. We will only use your personal information for the purposes identified in this Policy.

Personal Information that is collected by Frontier HSA may include your

  • (i) name, address, email address and phone number;
  • (ii) date of birth;
  • (iii) social insurance number (SIN);
  • (iv) credit card information;
  • (v) any other financial information provided to Frontier HSA.

Frontier HSA generally collects, uses and discloses, as required, personal information from the:

  • (i) plan administrator and principles of the business
  • (ii) members of the plan; plan members family who are eligible for associated benefits;
  • (iii) health care practitioners who provide services covered by the plan.

Frontier HSA will only disclose your personal information with your express or reasonably implied consent, or as may be permitted or required under applicable laws.

Frontier HSA may collect and disclose personal information for the purposes of:

  • (i) establishing and administrating your HSA account;
  • (ii) establishing and facilitating communication;
  • (iii) to advise you of changes to any existing services;
  • (iv) to provide you with information;
  • (v) processing and validating claims;
  • (vi) processing payments and transactions;
  • (vii) meeting legal and regulatory requirements;
  • (viii) preventing fraud and abuse;
  • (ix) retaining tax related information for reporting purpose;
  • (x) To otherwise administer our relationship with you and for any other purpose for which we have your consent.

Frontier HSA will not:

  • (i) sell, rent, or trade personal information to third parties;
  • (ii) disclose personal information to third parties without consent, except where required by law;
  • (iii) retain personal information longer than necessary for the fulfillment of stated purposes or legal requirements;
  • (iv) store personal information in unsecured or publicly accessible locations;
  • (v) transmit sensitive personal information without appropriate security measures, such as encryption;
  • (vi) allow employees to access personal information unless it is necessary for their job responsibilities and they are authorized to do so; or
  • (vii) use personal information for marketing purposes without explicit consent.

3. Retention and Disposal of Personal Information

Frontier HSA will only retain personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law; when information is no longer needed, it will be securely destroyed. The retention period of personal information for clients who no longer use the services of Frontier HSA will extend to 7 years from the date the most recent tax expense was incurred in order to comply with tax regulations.

By submitting your personal information to Frontier HSA, you are giving your consent to the collection, use and disclosure of your personal information in accordance with this Policy. If you do not consent to the collection, use and disclosure of your personal information in accordance with this Policy, please do not provide any personal information to Frontier HSA. Please be aware, if you choose not to provide personal information, some services may be unavailable.

You may withdraw your consent to provide and disclose personal information, subject to legal or contractual restrictions and reasonable notice. If consent is withdrawn, some services may no longer be available. Once a contract has been established, you may not be able to withdraw consent until such time as the obligations under said contract have been fulfilled.

We do not knowingly collect personal information from individuals under 18 years of age without parental consent, as required by Canadian law.

5. Access to Personal Information

Frontier HSA will make all appropriate efforts to ensure the accuracy and completeness of your personal information when making a decision or when disclosing information to third parties.

Frontier HSA will request you review and update your Personal Information on an annual basis to ensure the accuracy and completeness of your personal information.

Frontier HSA recognizes that personal information belongs to the individual and, subject to certain restrictions established by law and proof of identification, shall make every reasonable effort to provide you with the right to:

  • (i) access your personal information upon request;
  • (ii) challenge the accuracy and completeness of personal information; and
  • (iii) request inaccurate or incomplete personal information be updated and amended as soon as possible and no later than thirty (30) days.

6. Third-Party Applications

While providing our services, Frontier HSA uses third-party applications, software, and services to enhance functionality, improve user experience, and support our operations. These third-party applications may collect, process, and store personal information for the purposes established within this Policy in accordance with their own privacy policies and terms of use. By using our services, you consent to the use of such third-party applications as described in this policy.

7. Website Privacy

A “cookie” is a small text file stored on a user’s device when they access a website. Frontier HSA uses cookies on its website to:

  • (i) recognize users
  • (ii) analyze site usage;
  • (iii) personalize content; and
  • (iv) allow users to access secure areas of the website.

When you visit our website, you will see a cookie consent banner, allowing you to:

  • (i) accept or reject non-essential cookies,
  • (ii) customize cookie settings based on your preferences
  • (iii) review and update your choices at any time.

You can manage your preferences by clicking on the "Cookie Settings" link in the footer of our website. Changes will take effect immediately.

You can choose to block or disable some cookies through your browser settings; however, disabling certain cookies may affect the functionality of some parts of our website.

Cookies on our website may collect information about your

  • (i) browser type and version;
  • (ii) device;
  • (iii) IP address; and
  • (iv) operating system.

This information is typically used to improve website functionality, optimize user experience, and gather analytics on site usage.

Frontier HSA uses Google Analytics to analyze how users interact with our website. This data is used to improve our website’s functionality and to understand user behavior. For more information on how Google Analytics handles data, please refer to Google's Privacy Policy. If you prefer to disable Google Analytics, you can opt out by installing the Google Analytics Opt-Out Browser Add-On or adjusting your browser settings to block cookies.

8. Safeguarding Information

Frontier HSA maintains appropriate safeguards to protect the protect the confidentiality of all personal information that it receives and discloses, which includes, but is not limited to (i) the encryption of sensitive data; (ii) the use of secure servers and firewalls; and (iii) access controls and authentication procedures.

Our services involve the transmission and storage of data over the internet. While we implement industry-standard security measures there remains a degree of risk associated with the storage and transmission of information online. By using our services, you understand and accept that, despite our best efforts, there is always a possibility of unauthorized access, data breaches, or other security threats inherent in the use of the internet.

All employees of Frontier HSA are trained on our privacy policy and are required to adhere to its principles and practices. We ensure that our staff understands the importance of protecting personal information and is equipped to handle it responsibly in compliance with applicable privacy laws and regulations.

9. Data Storage

Your personal information is primarily stored within Canada. In the event that it is necessary to transfer data outside of Canada, Frontier HSA will take appropriate measures to ensure that the transfer is conducted in compliance with Canadian privacy laws, including ensuring that third-party service providers adhere to privacy and security standards that align with the Personal Information Protection and Electronic Documents Act (PIPEDA). In cases where data is stored or processed outside of Canada, we will implement appropriate contractual safeguards to ensure that your data remains protected.

If a privacy breach occurs that poses a real risk of significant harm, Frontier HSA will:

  • (i) notify affected individuals via their provided contact information as soon as reasonably possible;
  • (ii) report the breach to the Office of the Privacy Commissioner of Canada (OPC); and
  • (iii) take immediate corrective actions to mitigate risks and prevent future incidents.

10. Changes to Our Policy

Our Policy will be reviewed at least annually at the Frontier HSA Annual General Meeting (AGM) in order to ensure the Policy remains current with security best practices, regulatory requirements and the mission of Frontier HSA

Our Policy may be updated periodically by the Board of Directors with the updated Policy posted to our website with the revision date. Significant changes will be communicated directly to affected individuals.

11. Privacy Officer

The Privacy Officer of Frontier HSA performs an annual privacy impact assessment and threat analysis of your organization’s personal information handling practices, including ongoing activities, new initiatives, and new technologies in order to ensure the Policy remains current with security best practices , regulatory requirements and the mission of Frontier HSA.

For questions about this Privacy Policy or to exercise your privacy rights, contact our Privacy Officer at privacy@frontierhsa.ca or 780-837-1468. Frontier HSA will make every reasonable effort to respond to a complaint within thirty (30) days of submission.